Brocade FastIron Ethernet Switch Administration Guide Manual de usuario Pagina 1

53-1003075-0230 July 2014FastIron Ethernet SwitchAdministration GuideSupporting FastIron Software Release 08.0.10d

show sysmon system sfm ... 318Syslog messages...

NOTEYou can enter text following " ! " as a comment. However, the " !" is not a comment marker. It returnsthe CLI to the global co

This time, the CLI accepts the command, and no error message is displayed.device(config)#interface ethernet 11device(config-if-e1000-11)#no ip add 10.

Loading and saving configuration files with IPv6This section describes the IPv6 copy command.Using the IPv6 copy commandThe copy command for IPv6 allo

Specify the startup-config keyword to copy the startup configuration file to the specified IPv6 TFTPserver.The tftp ipv6-address parameter specifies t

The source-file-name parameter specifies the name of the file that is copied from the IPv6 TFTPserver.The overwrite keyword specifies that the device

IPv6 TFTP server file uploadYou can upload the following files from an IPv6 TFTP server:• Primary boot image.• Secondary boot image.• Running configur

Using SNMP to save and load configuration informationYou can use a third-party SNMP management application such as HP OpenView to save and load aconfi

Erasing image and configuration filesTo erase software images or configuration files, use the commands described below. These commandsare valid at the

Displaying the amount of time remaining beforea scheduled reloadTo display how much time is remaining before a scheduled system reload, enter the foll

ErrorcodeMessage Explanation and action8 File type check failed. You accidentally attempted to copy the incorrect image code into thesystem. For examp

Preface● Document conventions...11● Brocade resources

Message Explanation and actionFirmware type cannot bedetected from the firmwarecontent.Each PoE firmware file delivered by Brocade is meant to be used

The ttl num parameter specifies the maximum number of hops. You can specify a TTL from 1 - 255. Thedefault is 64.The size byte parameter specifies the

Tracing an IPv4 routeNOTEThis section describes the IPv4traceroute command. For details about IPv6traceroute , refer to theFastIron Ethernet Switch La

Hitless Operating System (OS) Upgrade - An operating system upgrade and controlled switchoverwithout any packet loss to the services and protocols tha

Hitless-supported services and protocols - FSX 800and FSX 1600 (Continued)TABLE 12 Traffic type Supported protocolsand servicesImpact• Layer 2 switc

Hitless-supported services and protocols - FSX 800and FSX 1600 (Continued)TABLE 12 Traffic type Supported protocolsand servicesImpactLayer 3 IPv6rou

Hitless-supported services and protocols - FSX 800and FSX 1600 (Continued)TABLE 12 Traffic type Supported protocolsand servicesImpactSecurity • 802.

Hitless reload or switchover requirements and limitationsThe section describes the design limitation on devices with the following configuration:• 0-p

Real-time synchronization between management modulesHitless management requires that the active and standby management modules are fully synchronizeda

NOTESince both the standby and active management modules run the same code, a command that bringsdown the active management module will most likely br

Convention Descriptionvalue In Fibre Channel products, a fixed value provided as input to a commandoption is printed in plain text, for example, --sho

Executing a hitless switchover on the FSX 800 and FSX 1600Hitless failover must be enabled before a hitless switchover can be executed.To switch over

6. The old active management module resets and reloads with the same software image running on thenewly active management module.7. The FastIron switc

Hitless OS upgrade configuration stepsThe following is a summary of the configuration steps for a hitless OS software upgrade.1. Copy the software ima

Displaying diagnostic informationUse the following commands to display diagnostic information for a hitless switchover or failover.device#show ipcVers

Total number of Switchover/Failovers = 0L3 slib baseline sync status: 0 [complete]Layer 3 hitless route purgeLayer 3 traffic is forwarded seamlessly

Setting the IPv6 hitless purge timer on the defatult VRFTo configure the purge timer, enter the ipv6 hitless-route-purge-timer command in globalconfig

IPv4 address family configurationUsage GuidelinesUnder normal circumstances, you may not need to change the value of the route purge timer. If youanti

IPv6● Supported IPv6 features... 127● Static IPv6 route co

Configuring a static IPv6 routeTo configure a static IPv6 route for a destination network with the prefix 2001:DB8::0/32, a next-hopgateway with the g

Static IPv6 route parameters (Continued)TABLE 13 Parameter Configuration details StatusThe route’s next-hopgateway, which can beone of the following

Brocade resourcesVisit the Brocade website to locate related documentation for your product and additional Brocaderesources.You can download additiona

Syntax: [no] ipv6 route vrf vrf-name dest-ipv6-prefix/prefix-length next-hop-ipv6-addressThe dest-ip-addr is the route’s destination. The dest-mask is

• Duplicate Address Detection (DAD) is not currently supported with IPv6 tunnels. Make sure tunnelendpoints do not have duplicate IP addresses.• Neigh

with an EUI-64 interface ID in the low-order 64 bits. The interface ID is automatically constructed inIEEE EUI-64 format using the interface’s MAC add

Displaying tunnel interface informationTo display status and configuration information for tunnel interface 1, enter the following command atany level

Global unicast address(es): 1001::1 [Preferred], subnet is 1001::/64 1011::1 [Preferred], subnet is 1011::/64 Joined group address(es):

If the path selected by the device becomes unavailable, the IPv6 neighbor should change state andtrigger the update of the destination in the hardware

unicast-routing enabled, hop-limit 64 No IPv6 Domain Name Set No IPv6 DNS Server Address set Prefix-based IPv6 Load-sharing is Enabled, Number of

SNMP Access● Supported SNMP access features... 137● SNMP overview...

• Restricting SNMP access to a specific VLAN• Disabling SNMP accessThis section presents additional methods for securing SNMP access to Brocade device

The ro | rw parameter specifies whether the string is read-only (ro) or read-write (rw) .NOTEIf you issue a no snmp-server community public ro command

• Brocade Supplemental Support augments your existing OEM support contract, providing directaccess to Brocade expertise. For more information, contact

is granted. The view that you want must exist before you can associate it to a community string. Hereis an example of how to use the view parameter in

User-based security modelSNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) forauthentication and privacy servic

The default engine ID guarantees the uniqueness of the engine ID for SNMP version 3. If you want tochange the default engine ID, enter the snmp-server

page 138.) When a community string is created, two groups are created, based on the community stringname. One group is for SNMP version 1 packets, whi

The name parameter defines the SNMP user name or security name used to access the managementmodule.The groupname parameter identifies the SNMP group t

Defining SNMP viewsSNMP views are named groups of MIB objects that can be associated with user accounts to allowlimited access for viewing and modific

You can exclude portions of the MIB within an inclusion scope. For example, if you want to exclude thesnAgentSys objects, which begin with 1.3.6.1.4.1

Defining the UDP port for SNMP v3 trapsThe SNMP host command enhancements allow configuration of notifications in SMIv2 format, with orwithout encrypt

Specifying an IPv6 host as an SNMP trap receiverYou can specify an IPv6 host as a trap receiver to ensure that all SNMP traps sent by the device willg

Power supply failure: Enable Fan failure: Enable Temperature warning: Enable STP new root: Enable

About This Document● Supported hardware and software... 15● What’s new

Security level Authenticationnone If the security model shows v1 or v2, then security level is blank. User names are not used toauthenticate users; co

Varbind object Identifier Description1. 3. 6. 1. 6. 3. 15. 1. 1. 6. 0 Decryption error.SNMP v3 configuration examplesThe following sections present ex

Example 2152 FastIron Ethernet Switch Administration Guide53-1003075-02

Foundry Discovery Protocol (FDP) and Cisco Discovery Protocol(CDP) Packets● Supported discovery protocol features...

NOTEIf FDP is not enabled on a Brocade device that receives an FDP update or the device is running asoftware release that does not support FDP, the up

Changing the FDP update timerBy default, a Brocade device enabled for FDP sends an FDP update every 60 seconds. You canchange the update timer to a va

-------------- ------------ ------ ---------- ----------- ------------- FastIronB Eth 2/9 178 Router FastIron Rou Eth 2/9Syntax

Detailed FDP and CDP neighbor information (Continued)TABLE 18 Parameter DefinitionInterface The interface on which this device received an FDP or CD

Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 Internal errors: 0Syntax: show fdp trafficClearing

NOTEWhen you enable interception of CDP packets, the Brocade device drops the packets. As a result,Cisco devices will no longer receive the packets.En

Summary of enhancements in FastIron release 08.0.10dTABLE 1 Feature Description Described inForce modeconfigurationconsiderations.Describes the cons

Platform: cisco RSP4, Capabilities: RouterInterface: Eth 1/1, Port ID (outgoing port): FastEthernet5/0/0Holdtime : 150 secondsVersion :Cisco Interne

Displaying CDP statisticsTo display CDP packet statistics, enter the show fdp traffic command.device# show fdp trafficCDP counters: Total packets out

Clearing CDP information162 FastIron Ethernet Switch Administration Guide53-1003075-02

LLDP and LLDP-MED● Supported LLDP features...163● LLDP term

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750Configuring the minimum time betweenport reinitializations08.0.01 08.0.01 08.0.

The database is accessible by a Network Management Station (NMS) using a management protocolsuch as the Simple Network Management Protocol (SNMP).Netw

FIGURE 3 LLDP connectivityBenefits of LLDPLLDP provides the following benefits:• Network Management:‐ Simplifies the use of and enhances the ability o

LLDP-MED overviewLLDP-MED is an extension to LLDP. This protocol enables advanced LLDP features in a Voice over IP(VoIP) network. Whereas LLDP enables

LLDP-MED classAn LLDP-MED class specifies an Endpoint type and its capabilities. An Endpoint can belong to one ofthree LLDP-MED class types:• Class 1

LLDP receive modeAn LLDP agent receives LLDP packets from adjacent LLDP-enabled devices. The LLDP packetscontain information about the transmitting de

Management Applications● Supported management application features... 17● Management por

General system information TLVs are optional in LLDP implementations and are defined by theNetwork Administrator.Brocade devices support the following

There are several ways in which a device may be identified. A chassis ID subtype, included in the TLVand shown in the following table, indicates how t

Port ID subtypes (Continued)TABLE 20 ID subtype Description5 Interface name6 Agent circuit ID7 Locally assigned8 - 255 ReservedBrocade devices use p

FIGURE 7 TTL TLV packet formatMIB supportBrocade devices support the following standard management information base (MIB) modules:• LLDP-MIB• LLDP-EXT

LLDP global configuration tasks and default behavior /value (Continued)TABLE 21 Global task Default behavior / value when LLDP is enabledSpecifying

Syntax:[no] lldp runEnabling support for tagged LLDP packetsBy default, Brocade devices do not accept tagged LLDP packets from other vendors’ devices.

Enabling and disabling receive only modeWhen LLDP is enabled on a global basis, by default, each port on the Brocade device will be capableof transmit

Syntax: [no] lldp enabletransmit ports ethernet port-list | allUse the [no] form of the command to disable the transmit only mode.Configuring LLDP pro

Use the [no] form of the command to remove the static configuration and revert to the default value of392.where value is a number between 16 and 8192.

NOTEBecause LLDP Syslog messages are rate limited, some LLDP information given by the system will notmatch the current LLDP statistics (as shown in th

For SX 800 and SX 1600 devices, the MAC address for the management port is derived as if themanagement port is the last port on the management module

To change the LLDP transmission interval, enter a command such as the following at the GlobalCONFIG level of the CLI.device(config)#lldp transmit-inte

Syntax: [no] lldp reinit-delay secondswhere seconds is a value from 1 - 10. The default is two seconds.LLDP TLVs advertised by the Brocade deviceWhen

If no management address is explicitly configured to be advertised, the Brocade device will use thefirst available IPv4 address and the first availabl

System capabilitiesThe system capabilities TLV identifies the primary functions of the device and indicates whether theseprimary functions are enabled

System nameThe system name is the system administratively assigned name, taken from the sysName MIB objectin MIB-II. The sysName MIB object correspond

Syntax: [no] lldp advertise port-vlan-id ports ethernet port-list | all802.3 capabilitiesExcept for Power-via-MDI information, the Brocade device will

The MAC/PHY configuration advertisement will appear similar to the following on the remote device,and in the CLI display output on the Brocade device

The power-via-MDI advertisement will appear similar to the following on the remote device, and in theCLI display output on the Brocade device (show ll

Enabling SNMP notifications and Syslog messagesfor LLDP-MEDtopology changesSNMP notifications and Syslog messages for LLDP-MED provide management appl

Defining a location idThe LLDP-MED Location Identification extension enables the Brocade device to set the physicallocation that an attached Class III

No port nameIPG MII 0 bits-time, IPG GMII 0 bits-timeIP MTU 1500 bytes300 second input rate: 83728 bits/sec, 130 packets/sec, 0.01% utilization300 sec

resolution bits specifies the precision of the value given for altitude. A smaller value increases the areawithin which the device is located. For met

CA elem 3 "Santa Clara" elem 6 "4980 Great America Pkwy" elem 24 95054 elem 27 5 elem 28 551 elem 29 office elem 23 "John Doe

Elements used with civic address (Continued)TABLE 23 Civic Address(CA) typeDescription Acceptable values / examples2 County, parish, gun (JP),or dis

Elements used with civic address (Continued)TABLE 23 Civic Address(CA) typeDescription Acceptable values / examples17 Trailing street suffix N (nort

Elements used with civic address (Continued)TABLE 23 Civic Address(CA) typeDescription Acceptable values / examples29 Placetype The type of place de

Configuring emergency call serviceThe Emergency Call Service (ECS) location is used specifically for Emergency Call Servicesapplications.When you conf

LLDP-MED network policy configuration syntaxThe CLI syntax for defining an LLDP-MED network policy differs for tagged, untagged, and prioritytagged tr

LLDP-MED attributes advertised by the Brocade deviceLLDP-MED attributes are only advertised on a port if LLDP-MED is enabled (which is done by enablin

enables an Endpoint to communicate a more precise required power level, thereby enabling thedevice to allocate less power to the Endpoint, while makin

For a PSE (Network Connectivity device), the power level represents the amount of power that isavailable on the port at the time. If the PSE is operat

© 2014, Brocade Communications Systems, Inc. All Rights Reserved.Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron,

The commands in the CLI are organized into the following levels:• User EXEC - Lets you display information and perform basic tasks such as pings and t

Field DescriptionLLDP transmit interval The number of seconds between regular LLDP packet transmissions.LLDP transmit holdmultiplierThe multiplier use

NOTEYou can reset LLDP statistics using the CLI command clear LLDP statistics . Refer to Resetting LLDPstatistics on page 205.The following table desc

Displaying LLDP neighborsThe show lldp neighbors command displays a list of the current LLDP neighbors per port.The following shows an example report.

NOTEThe show lldp neighbors detail output will vary depending on the data received. Also, values that arenot recognized or do not have a recognizable

NOTEThe show lldp local-info output will vary based on LLDP configuration settings.The following shows an example report.device#show lldp local-info p

CA Value : "John Doe" + MED Location ID Data Format: ECS ELIN Value : "1234567890" + MED Extended Power via MDI

Clearing cached LLDP neighbor information206 FastIron Ethernet Switch Administration Guide53-1003075-02

Hardware Component Monitoring● Supported hardware monitoring features...207● Traffi

SX Hardware Generations (Continued)TABLE 25 First Second ThirdSX-FI424C SX-FI624C SX-FI-24GPPSX-FI424P SX-FI624HFSX-FI424F SX-FI624PSX-FI424HF SX-FI

Viewing the results of the cable analysisTo display the results of the cable analysis, enter a command such as the following at the PrivilegedEXEC lev

The software provides the following scrolling options:• Press the Space bar to display the next page (one screen at a time).• Press the Return or Ente

Cable statisticsTABLE 27 This line... Displays...Port The port that was tested.Speed The port current line speed.Local pair The local link name. Ref

Supported fiber optic transceivers (Continued)TABLE 28 Label Type Brocade part number Supports DigitalOptical Monitoring?10G-XFP-ZR 10GBase-ZR XFP,

NOTEA Brocade ICX 6650 device allows all ports to support Digital Optical Monitoring (DOM).Enabling digital optical monitoringTo enable optical monito

Use the show media command to obtain information about the media devices installed in a device.device# show mediaPort 1/1/1: Type : 1G M-C (Gig-Coppe

Use the show media validation command to find out whether the connected optic modules aresupported or not on Brocade devices.device# show media valida

NOTEThe show optic function takes advantage of information stored and supplied by the manufacturer of theXFP, SFP, or SFP+ transceiver. This informati

Viewing optical transceiver thresholdsThe thresholds that determine the alarm status values for an optical transceiver are set by themanufacturer of t

Syslog● Supported Syslog features...217● About Syslog message

This chapter describes how to display Syslog messages and how to configure the Syslog facility, andlists the Syslog messages that Brocade devices can

Dynamic Log Buffer (50 entries):Dec 15 18:46:17:I:Interface ethernet 4, state upDec 15 18:45:21:I:Bridge topology change, vlan 4095, interface 4, chan

Using stack-unit, slot number, and port numberwith CLI commandsMany CLI commands require users to enter port numbers as part of the command syntax, an

Syslog service configurationThe procedures in this section describe how to perform the following Syslog configuration tasks:• Specify a Syslog server.

CLI display of Syslog buffer configuration (Continued)TABLE 31 Field Definitionoverruns The number of times the dynamic log buffer has filled up and

Syntax: clear logging [ dynamic-buffer | static-buffer ]You can specify dynamic-buffer to clear the dynamic buffer or static-buffer to clear the stati

Example of Syslog messages on a device wih the onboard clock not setThe example shows the format of messages on a device where the onboard system cloc

Disabling logging of a message levelTo change the message level, disable logging of specific message levels. You must disable themessage levels on an

NOTEYou can specify only one facility. If you configure the Brocade device to use two Syslog servers, thedevice uses the same facility on both servers

However, if ip show-portname is configured and a name has been assigned to the port, the port namereplaces the interface type as in the example below,

Syntax: [no] logging persistenceEnter no logging persistence to disable this feature after it has been enabled.Clearing the Syslog messages from the l

Syslog messages for hardware errors228 FastIron Ethernet Switch Administration Guide53-1003075-02

Network Monitoring● Supported network monitoring features... 229● Basic system ma

string is a regular expression consisting of a single character or string of characters. You can usespecial characters to construct complex regular ex

To view the software and hardware details for the system, enter the show version command. Thefollowing shows an example output.device#show version====

Viewing port statisticsPort statistics are polled by default every 10 seconds.You can view statistics for ports by entering the following show command

Port statistics shown via the show statistics command (Continued)TABLE 32 Parameter DescriptionName The name of the port, if you assigned a name.Sta

Port statistics shown via the show statistics command (Continued)TABLE 32 Parameter DescriptionCollisions The total number of packets received in wh

Port statistics shown via the show statistics command (Continued)TABLE 32 Parameter DescriptionInBitsPerSec The number of bits received per second.O

Traffic counters configuration notesConsider the following rules when configuring traffic counters for outbound traffic.• This feature is supported on

The vlan-ID parameter identifies the VLAN ID for which outbound traffic will be counted. Enter anumber from 0 - 4095 or enter all to indicate all VLAN

Outbound traffic counter statistics (Continued)TABLE 33 This line... Displays...Broadcast The number of broadcast packets transmitted.Dropped Frames

Relay Agent Information option: DisabledEgress queues:Queue counters Queued packets Dropped Packets 0 0

0 output errors, 0 collisions Relay Agent Information option: DisabledEgress queues:Queue counters Queued packets Dropped Packets 0

Searching and filtering output at the --More-- promptThe --More-- prompt displays when output extends beyond a single page. From this prompt, you canp

NOTEYou must save the change to the startup-config file and reload or reboot. The change does not takeeffect until you reload or reboot.Syntax: system

Export configuration and statistics TABLE 35 Parameter DefinitionOctets The total number of octets of data received on the network.This number inclu

Export configuration and statistics (Continued)TABLE 35 Parameter DefinitionJabbers The total number of packets received that were longer than 1518

History (RMON group 2)All active ports by default will generate two history control data entries per active Brocade Layer 2Switch port or Layer 3 Swit

sFlowNOTEFastIron devices support sFlow version 5 by default.sFlow is a standards-based protocol that allows network traffic to be sampled at a user-d

The configuration procedures for this feature are the same as for IPv4, except where the collector is alink-local address on a Layer 3 switch. For det

sFlow and hardware support• Brocade devices support sFlow packet sampling of inbound traffic only. These devices do notsample outbound packets. Howeve

sFlow and source portBy default, sFlow sends data to the collector out of UDP source port 8888, but you can specify adifferent source port. For more i

NOTEIf you change the router ID or other IP address value that sFlow uses for its agent_address, you needto disable and then re-enable sFlow to cause

the counter data to smooth performance. For example, if sFlow is enabled on two ports and the pollinginterval is 20 seconds, the Brocade device sends

Special characters for regular expressions TABLE 3 Character Operation. The period matches on any single character, including a blank space.For exam

Module rateWhile different ports on a module may be configured to have different sampling rates, the hardware forthe module will be programmed to take

• 134217728• 536870912• 2147483648For example, if the configured sampling rate is 1000, then the actual rate is 2048 and 1 in 2048 packetsare sampled

NOTEConfiguring a sampling rate on only the port that is the primary port of a trunk automatically appliesthat same sampling rate to all ports in the

You can now enable sFlow forwarding on individual ports as described in the next two sections.Syntax: [no] sflow enableEnabling sFlow forwarding on in

Egress interface ID for sampled broadcast and multicast packetsFor broadcast and multicast traffic, the egress interface ID for sampled traffic is alw

Specifying the maximum flow sample sizeWith sFlow version 5, you can specify the maximum size of the flow sample sent to the sFlow collector.If a pack

Enabling the sFlow agent to export CPU-directed dataTo enable the sFlow agent on a Brocade device to export data destined to the CPU to the sFlowcolle

Port 5/19, configured rate=512, actual rate=512, Subsampling factor=1Port 5/18, configured rate=512, actual rate=512, Subsampling factor=1Port 5/17, c

sFlow information (Continued)TABLE 36 Parameter DefinitionConfigured defaultsampling rateThe configured global sampling rate. If you changed the glo

Clearing sFlow statisticsTo clear the UDP packet and sFlow sample counters in the show sflow display, enter the followingcommand.device#clear statisti

Special characters for regular expressions (Continued)TABLE 3 Character Operation[ ] Square brackets enclose a range of single-character patterns.Fo

The num parameter specifies the list number. You can configure up to four lists. Specify a numberfrom 1 - 4.The uplink ethernet parameters and the por

Power over Ethernet● Supported PoE features...261● Power

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750PoE firmware version update 08.0.01 08.0.01 08.0.01 08.0.01 No 08.0.01 NoPoE fi

• Endspan - Power is supplied through the Ethernet ports on a power sourcing device. With theEndspan solution, power can be carried over the two data

The Midspan method is illustrated in the figure below.FIGURE 10 PoE Midspan delivery methodPoE autodiscoveryPoE autodiscovery is a detection mechanism

measuring the current consumption of the PD. Depending on the measured current, the appropriateclass is assigned to the PD. PDs that do not support cl

For safety reasons, all PoE power supplies installed in the chassis must operate at the same voltagemode, either 52 volts or 54 volts. The system will

• If a 54 volt-capable power supply is installed in a chassis that is operating with 52 volt-capable powersupplies, the newly installed power supply w

VoIPVoice over IP (VoIP) is the convergence of traditional telephony networks with data networks, utilizingthe existing data network infrastructure as

Filename refers to the name of the file, including the pathname.FCX and ICX platformsTo install PoE firmware on FCX and ICX platforms, enter a command

To remove the wrsbc alias from the configuration, enter one of the following commands.device(config)#no alias wrsbcordevice(config)#unalias wrsbcSynta

Sending PoE Firmware to Stack Unit 3.Flash Memory Write (8192 bytes per dot) ...PoE: Power disabled on port 3/1/1 because of power man

U3-MSG: PoE Info: Resetting module in slot 1...completed.<======================================resetting twice===========3. After downloading th

PoE Info: FW Download on slot 1...erase command...accepted.PoE Info: FW Download on slot 1...erasing firmware memory...PoE Info: FW Download on slot 1

NOTEInline power should not be configured between two switches as it may cause unexpected behavior.NOTEFastIron PoE and PoE+ devices can automatically

Enabling the detection of PoE power requirementsadvertisedthrough CDPMany power consuming devices, such as Cisco VoIP phones and other vendors’ device

configure either a maximum power level or a power class. You cannot configure both. You can,however, configure a maximum power level on one port and a

Power classes for PDs (Continued)TABLE 39 Class Usage Power (watts) from Power Sourcing DeviceStandard PoE PoE+1 optional 4 42 optional 7 73 optiona

NOTEDo not configure a class value of 4 on a PoE+ port on which a standard PoE PD is connected. StandardPoE PDs support a maximum of 15.4 watts. Setti

comes online and the port is configured with a high priority, if necessary (if power is already fullyallocated to power consuming devices), the FastIr

To change a PoE port power priority from high to low (the default value) and keep the current maximumconfigured power level of 3000, enter commands su

Configuration notes for creating a command alias28 FastIron Ethernet Switch Administration Guide53-1003075-02

4/15 On On 8075 9500 802.3af n/a 3 n/a 4/16 On On 4131 9500 802.3af Class 1 3 n/a 4/17

Field definitions for the show inline power command (Continued)TABLE 40 Column DefinitionPD Type The type of PD connected to the port. This value ca

Field definitions for the show inline power command (Continued)TABLE 40 Column DefinitionFault/Error If applicable, this is the fault or error that

• Total PD power available to PSE• Total PD power switched to PSEIn the absence of valid PSU power, the total PD power switched is equal to that avail

Field definitions for the show inline power pd command (Continued)TABLE 41 Column DefinitionTotal PD PowerSwitched to PSETotal PD power switched to

++++++++++++++++++ Power Supply Data:++++++++++++++++++Power Supply #1: Max Curr: 7.5 Amps

PoE Capacity: 2260 Watts Consumption: 2095 WattsGeneral PoE Data:+++++++++++++++++Slot Firmware Version--------------3 D

Field definitions for the show inline power detail command (Continued)TABLE 42 Column DefinitionH/W Status The PoE power supply hardware status code

Field definitions for the show inline power detail command (Continued)TABLE 42 Column Definition#Ports Off-Denied The number of ports on the Interfa

You can configure inline power in interface configuration mode on a port that is not a member of a LAG.However, if that port then becomes part of a LA

Basic Software Features● Supported basic software features...29● Basic

6. Configure inline power on a secondary port with the default option.Device(config)# inline power ethernet 1/1/2Configures inline power on port 1/1/2

Decoupling of PoE and datalink operations on PoE LAG portsDecouples PoE and datalink operations on PoE ports.Perform the following steps to decouple t

Decoupling of PoE and datalink operations on regular PoE portsDecouples PoE and datalink operations on regular PoE ports.While PoE and datalink operat

7. Enables interface configuration for Ethernet 1/1/4 port.Device(config-if-e1000-1/1/3)# interface ethernet 1/1/4Interface configuration mode is ente

Decoupling of PoE and datalink operations on regular PoE ports294 FastIron Ethernet Switch Administration Guide53-1003075-02

PoE Commands● inline power ... 296FastI

inline powerConfigures inline power on PoE ports.Configures inline power on Power over Ethernet (PoE) ports in interface configuration mode and linkag

WARNINGIf you want to keep decoupling in place on a PoE port when you configure the inline power ethernetcommand to change its other parameters, for e

HistoryRelease Command History08.0.01 This command was modified to run in globalconfiguration mode using the ethernet keyword. Thedecouple-datalink ke

System Monitoring● Supported system monitoring features... 299● Overview of syst

ContentsPreface...11Do

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 775010/100/1000 port speed 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10A

Sysmon starts the timer based on the specified timer setting, with the default value as three minutes.After the interval specified by the timer, the u

disable system-monitoring allDisables system monitoring at the global level for all types.Syntaxdisable system-monitoring all ModesPrivileged EXEC mod

sysmon log-backoffDefines the number of times to skip logging an event before logging again at the global level. The noform of this command resets the

ExamplesThe following example sets the threshold to 3 events over 7 consecutive polling periods:Brocade(config)# sysmon threshold 3 7System monitoring

noneThe error is logged in the internal sysmon logs. This is the default value.syslogThe error is logged to syslog.ModesGlobal configuration mode.Usag

The error is logged to syslog.ModesGlobal configuration mode.Usage GuidelinesThis command is supported only on FCX and ICX devices.ExamplesThe followi

polling-intervalSpecifies the number of polling windows. The device polls the internal registers at theinterval specified by the sysmon timer value. V

Specifies the number of polling windows. The device polls the internal registers at theinterval specified by the sysmon timer value. Valid values 1-32

sysmon xbar error-countConfigures system monitoring for cross bar errors. The no form of this command resets theparameters to default values.Syntaxsys

sysmon xbar linkConfigures the sysmon parameters for the crossbar link. The no form of this command resets theparameters to default values.Syntaxsysmo

NOTEFor information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-relatedparameters, refer to "IP Configuration" c

System monitoring for Packet ProcessorsOn FSX devices, errors typically detected in packet processors include:• Parity errors• Error Checking Code (EC

Specifies the action to take when the error count exceeds the specified threshold and logback-off values.noneNo action is taken. This is the default a

xbarClears cross bar sysmon counters for cross bar. You can specify all or a cross bar identifiedby the index.errorClears the cross bar sysmon error c

ExamplesThe following example displays the syslog entries that were made by sysmon if the action specifiedeither at the global level or type level was

Specifies the stack unit on which errors to be displayed.allDisplays errors for all stack units.link-errorDisplays the link error count on FCX and ICX

The following example shows the crossbar errors for the switch fabric module 0.Brocade# show sysmon counters xbar error 0Sysmon SFM 1 xbar 0 HG.link R

The following example displays all error counter data on an FCX device:Brocade(config)#show sysmon counters allSysmon error detected on: Stacking Unit

ECC one-time error detect = 0 ECC two-time error detect = 0==========================show sysmon configDisplays the complete sysmon configuration, inc

show sysmon system sfmDisplays the status of the switch fabric modules.Syntaxshow sysmon system sfm { all | number }ParametersallDisplays the statisti

Syslog messages● Brocade Syslog messages...319This section li

NOTETo add and modify "get" (read-only) and "set" (read-write) community strings, refer to "SecurityAccess" chapter in t

Explanation RADIUS authentication was successful for the specified mac-address onthe specified portnum ; however, the VLAN returned in the RADIUSAcces

MessageMAC Authentication failed for mac-address onportnum (RADIUS given VLAN does not match withTAGGED vlan)Explanation Multi-device port authenticat

device-number , Reg Offset PCI-config-register-offse t .Explanation The module encountered a hardware configuration read error.Message Level AlertMess

Explanation The module encountered an unrecoverable hardware configuration readfailure. The module will be disabled or powered down.Message Level Aler

MessageSystem: Temperature is over shutdown level,system is going to be reset in num secondsExplanation The chassis temperature has risen above shutdo

MessageNo of prefixes received from BGP peer ip-addrexceeds maximum prefix-limit...shutdownExplanation The Layer 3 switch has received more than the s

Explanation Password of the specified user has been changed during the specifiedsession ID or type. session-id can be console, telnet, ssh, or snmp.Me

Explanation A user has logged out of the USER EXEC mode of the CLI.The user-name is the user name.Message Level InformationalMessageACL ACL id added |

• disabled• blocking• listening• learning• forwarding• unknownMessage Level InformationalMessageCold startExplanation The device has been powered on.M

MessageDOT1X: port portnum - MAC mac address Downloadingan IP ACL, but IP ACL have no effect on a switchportExplanation The RADIUS server returned an

Specifying a single trap sourceYou can specify a single trap source to ensure that all SNMP traps sent by the Layer 3 switch use thesame source IP add

MessageDOT1X: port portnum - MAC mac address Port isalready bound with MAC filterExplanation The RADIUS server returned a MAC address filter, but a MA

Explanation The user connected to portnum has disconnected, causing the port to bemoved back into its default VLAN, vlan-id .Message Level Information

MessageERR_DISABLE: Link flaps on port ethernet 16exceeded threshold; port in err-disable stateExplanation The threshold for the number of times that

Explanation A MAC Based VLAN has been enabled on a port.Message Level InformationalMessageMAC Filter added | deleted | modified fromconsole | telnet |

MessagePort portnum , srcip-security max-ipaddr-per-intreached.Last IP= ipaddrExplanation The address limit specified by the srcip-security max-ipaddr

Explanation A user made SNMP configuration changes through the SNMP, console,SSH, or Telnet session.[ value-str ] does not appear in the message if SN

Message Level InformationalMessageSTP: VLAN vlan id BPDU-Guard on Port port idtriggered (Received BPDU), putting into err-disable stateExplanation The

Explanation A user made Syslog configuration changes to the specified Syslog serveraddress, or enabled or disabled a Syslog operation through the SNMP

MessageSystem: Static MAC entry with MAC Address mac-address is added to the unit / slot / port tounit / slot / port on vlan-idExplanation A MAC addre

MessageSystem: Static MAC entry with MAC Address mac-address is deleted from portnumber unit / slot /port on VLANs vlan-id to vlan-idExplanation A MAC

SNMP Layer 3 trapsThe following traps are generated on devices running Layer 3 software:• SNMP authentication key• Power supply failure• Fan failure•

MessageWarm startExplanation The system software (flash code) has been reloaded.Message Level InformationalMessageStack: Stack unit unit# has been del

Explanation The operational status of a power supply of the specified unit in a stackchanged from normal to failure.Message Level InformationalMessage

Messagevlan vlan-id interface portnum Bridge TC Event(DOT1wTransition)Explanation 802.1W recognized a topology change event in the bridge. The topolog

Explanation The port does not have a large enough CAM partition for the ACLsMessage Level NotificationMessageACL insufficient L4 session resource, usi

Explanation The multi-device port authentication feature was enabled on the on thespecified portnum .Message Level NotificationMessageBGP Peer ip-addr

MessageDOT1X: Port port_id Mac mac_address -user user_id- RADIUS timeout for authenticationExplanation The RADIUS session has timed out for this 802.1

Message Level NotificationMessageLocal ICMP exceeds burst-max burst packets,stopping for lockup seconds!!Explanation The number of ICMP packets exceed

Explanation The RADIUS session has timed out for the MAC address for this port.Message Level NotificationMessageMAC Authentication succeeded for mac-a

MessageLevelNotificationMessageOSPF intf authen failure, rid router-id , intfaddr ip-addr , pkt src addr src-ip-addr , errortype error-type , pkt type

• bad version• area mismatch• unknown NBMA neighbor• unknown virtual neighbor• authentication type mismatch• authentication failure• network mask mism

Note that the above CLI command enables SNMP to display virtual interface statistics. It does notenable the CLI to display the statistics.Disabling Sy

The rid ip-addr is the Brocade router ID.The intf addr ip-addr is the IP address of the Brocade interface that receivedthe packet.The pkt size num is

Message Level NotificationMessageOSPF intf retransmit, rid router-id, intf addr ip-addr, nbr rid nbr- router-id , pkt type is pkt-type, LSA type lsa-t

MessageOSPF max age LSA, rid router-id , area area-id ,LSA type lsa-type , LSA id lsa-id , LSA rid lsa-router-idExplanation An LSA has reached its max

The lsa-id is the LSA ID.The lsa-router-id is the LSA router ID.MessageLevelNotificationMessageOSPF virtual intf authen failure, rid router-id ,intf a

The src-ip-addr is the IP address of the interface from which the Brocade device received the error packet.The error-type can be one of the following:

MessageOSPF virtual intf retransmit, rid router-id , intfaddr ip-addr , nbr rid nbr-router-id , pkt type ispkt-type , LSA type lsa-type , LSA id lsa-i

MessageOSPF virtual nbr state changed, rid router-id ,nbr addr ip-addr , nbr rid nbr-router-id , stateospf-stateExplanation Indicates that the state o

The portnum is the port number.The first num is the maximum burst size (maximum number of packetsallowed).The second num is the number of seconds duri

The mac-addr is the MAC address of the device with the duplicate IPaddress.The portnum is the Brocade port that received the packet with the duplicate

The src-tcp / udp-port is the source TCP or UDP port, if applicable, of thedenied packets.The portnum indicates the port number on which the packet wa

The user remained in the Privileged EXEC mode until 5:59 PM and 22 seconds. (The user could haveused the CONFIG modes as well. Once you access the Pri

The num is the number of prefixes that matches the percentage youspecified. For example, if you specified a threshold of 100 prefixes and 75percent as

OpenSSL License● OpenSSL license... 361OpenSSL

Young should be given attribution as the author of the parts of the library used. This can be in the formof a textual message at program startup or in

NTP uses the concept of associations to describe communication between two machines running NTP.NTP associations are statistically configured. On star

FIGURE 1 NTP Hierarchy• NTP implementation conforms to RFC 5905.• NTP can be enabled in server and client mode simultaneously.• The NTP uses UDP port

• NTP can operate in authenticate or non-authenticate mode. Only symmetric key authentication issupported.• By default, NTP operates in default VLAN a

NTP associations... 42Synchronizing time...

System as an Authoritative NTP ServerThe NTP server can operate in master mode to serve time using the local clock, when it has lostsynchronization. S

The NTP client maintains the server and peer state information as association. The server and peerassociation is mobilized at the startup or whenever

NTP packets periodically (every 64 sec) to subnet broadcast IP address of the configured interface.• NTP broadcast packets are sent to the configured

clients that are not required to provide any form of time synchronization to other local clients. Use theserver and peer to individually specify the t

Synchronizing timeAfter the system peer is chosen, the system time is synchronized based on the time difference withsystem peer:• If the time differen

Enabling NTPNTP and SNTP implementations cannot operate simultaneously. By default, SNTP is enabled. Todisable SNTP and enable NTP, use the ntp comman

Defining an authentication keyTo define an authentication key for Network Time Protocol (NTP), use the authentication-keycommand. To remove the authen

The vlan-id parameter specifies the VLAN ID number.Configuring the NTP clientTo configure the device in client mode and specify the NTP servers to syn

NOTEIf the peer is a member of symmetric passive association, then configuring the peer command will fail.Brocade(config-ntp)# peer 1.2.3.4 key 1234Sy

The ve id parameter specifies the virtual port number.Configuring the broadcast clientTo configure a device to receive Network Time Protocol (NTP) bro

Copying a file from an IPv6 TFTP server... 103IPv6 copy command...

NTP status command output descriptionsTABLE 4 Field Descriptionsynchronized Indicates the system clock is synchronized to NTP server or peer.stratum

NTP associations command output descriptionsTABLE 5 Field Description* The peer has been declared the system peer and lends its variables to the sys

Use the show ntp associations detail command with the appropriate parameters to display the NTPservers and peers association information for a specifi

NTP associations detail command output descriptions (Continued)TABLE 6 Field Descriptionroot delay The delay along path to root (the final stratum 1

Brocade(config-ntp)# peer 10.100.12.83Brocade(config-ntp)# disable serveNTP strict authentication configurationSample CLI commands to configure the Br

Specifying a port addressYou can specify a port address for an uplink (data) port, stacking port, or a management port.ICX 6430 and ICX 6450Specifying

Specifying a stacking portThe port address format is is stack unit/slot/port, where:• stack unit --Specifies the stack unit ID. Range is from 1 to 8.•

FSXSpecifying a data portThe port address format is slot/port, where:• slot --Specifies the interface slot number. Range is from 1 to 8 (FSX 800) or 1

You can also specify the individual ports, separated by space.To assign a name to multiple specific ports, enter commands such as the following:Brocad

Output parameters of the show interface brief wide command (Continued)TABLE 7 Field DescriptionLink Specifies the link state.Port-State Specifies th

Displaying ECMP load-sharing information for IPv6... 135SNMP Access...

Port speed and duplex mode configuration syntaxThe following commands change the port speed of copper interface 8 on a FastIron device from thedefault

mode changing, it is recommended that you first change to auto mode on one side, before switchingto another force mode configuration.Enabling auto-neg

To configure a maximum port speed advertisement of 10 Mbps on a port that has auto-negotiationenabled, enter a command such as the following at the Gl

ethernet 0/1/15 to 0/1/20!!ip address 10.44.9.11 255.255.255.0ip default-gateway 10.44.9.1!endTo disable selective auto-negotiation of 100m-auto on po

MDI and MDIX configuration notes• This feature applies to copper ports only.• The mdi-mdix mdi and mdi-mdix mdix commands work independently of auto-n

Flow control configurationFlow control (802.3x) is a QoS mechanism created to manage the flow of data between two full-duplexEthernet devices. Specifi

To disable flow control capability on a port, enter the following commands.device(config)# interface ethernet 0/1/21device(config-if-e1000-0/1/21)# no

NOTEThe port up/down time is required only for physical ports and not for loopback/ ve/ tunnel ports.Issuing the show interface command with the appro

Symmetric flow control addresses the requirements of a lossless service class in an Internet SmallComputer System Interface (iSCSI) environment. It is

• Symmetric flow control is supported on FCX and ICX devices only. It is not supported on otherFastIron models.• Symmetric flow control is supported o

LLDP operating modes... 168LLDP packets...

To change the thresholds for all 10G ports, enter a command such as the following.device(config)# symmetric-flow-control set 2 xoff 91 xon 75In the ab

XOFF Limit : 376(91%) XON Limit : 312(75%)Syntax: show symmetric-flow-controlPHY FIFO Rx and Tx depth configurationPHY devices o

device(config-if-e1000-7/1)# ipg-gmii 120IPG 120(112) has been successfully configured for ports 7/1 to 7/12• When you enter a value for IPG, the devi

IPG configuration notes• The CLI syntax for IPG differs on FastIron Stackabledevices compared to FastIron X Series devices.This section describes the

After the link is up, it will be in 100M/full-duplex mode, as shown in the following example.device# show interface brief ethernet 11Port Link State

NOTEConnect the 100BaseFX fiber transceiver after configuring both sides of the link. Otherwise, the linkcould become unstable, fluctuating between up

Port priority (QoS) modificationYou can give preference to the inbound traffic on specific ports by changing the Quality of Service(QoS) level on thos

Syntax: [no] voice-vlan voice-vlan-numwhere voice-vlan-num is a valid VLAN ID between 1 - 4095.To remove a voice VLAN ID, use the no form of the comma

Configuring port flap dampening on an interfaceThis feature is configured at the interface level.device(config)# interface ethernet 2/1device(config-i

Port8/5 is configured for link-error-disable threshold:4, sampling_period:10, waiting_period:2Port8/9 is configured for link-error-disable

Enabling real-time display of Syslog messages...219Enabling real-time display for a Telnet or SSH session...

The line "Link Error Dampening" displays "Enabled" if port flap dampening is enabled on the port or"Disabled" if the fea

Recovering disabled portsOnce a loop is detected on a port, it is placed in Err-Disable state. The port will remain disabled untilone of the following

By default, the port will send test packets every one second, or the number of seconds specified bythe loop-detection-interval command. Refer to Confi

The above command configures the device to wait 120 seconds (2 minutes) before re-enabling theports.To revert back to the default recovery time interv

alloc in-use avail get-fail limit get-mem size initconfiguration pool 16 6 10 0 3712 6

Member of active trunk ports 2/1,2/2, primary portMember of configured trunk ports 2/1,2/2, primary portNo port nameIPG XGMII 96 bits-timeMTU 1500 byt

Syslog message due to disabled port in loop detection86 FastIron Ethernet Switch Administration Guide53-1003075-02

Operations, Administration, and Maintenance● Supported OAM features...

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750Hitless OS upgrade No No No No No 08.0.01 NoBoot code synchronization for activ

Software versions installed and running on a deviceUse the following methods to display the software versions running on the device and the versionsin

Supported powered devices...267Installing PoE firmware ...

Standby Management CPU [Slot-10]: SW: Version 07.4.00T3e3 Copyright (c) 1996-2012 Brocade Communications Systems, Inc. All rights reserved. Comp

Displaying the image versions installed in flash memoryEnter the show flash command to display the boot and flash images installed on the device. Anex

To generate a CRC32 hash value for the secondary image, enter the following command.device#verify crc32 secondarydevice#...DoneS

Software image files TABLE 11 Product Boot image Flash imageICX 6650 fxzxxxxx.bin ICXLRxxxxx.binSoftware upgradesFor instructions about upgrading th

Viewing the contents of flash filesThe copy flash console command can be used to display the contents of a configuration file, backupfile, or renamed

vlan 30 by port untagged ethe 1/1/9 to 1/1/10 no spanning-tree pvlan type community!...some lines omitted for brevity...Syntax: copy flash console fil

Software rebootYou can use boot commands to immediately initiate software boots from a software image stored inprimary or secondary flash on a Brocade

The following example shows a user-configured boot sequence preference.Brocade#show boot-preference Boot system preference(Configured): Boot sy

Replacing the startup configuration with the running configurationAfter you make configuration changes to the active system, you can save those change

• copy startup-config tftp tftp-ip-addr filename - Use this command to upload a copy of the startupconfiguration file from the Layer 2 Switch or Layer