|
Configures a link between active and standby ServerIrons in some FWLB configurations to forward Layer 2 traffic without causing loops. See the Foundry ServerIron Firewall Load Balancing Guide.
This command creates an AppleTalk protocol VLAN within a ServerIron port-based VLAN when entered at the VLAN Level. All ports are assumed by default to be members of the VLAN when initially created. Protocol VLAN membership can be modified using the dynamic, static, or exclude commands.
EXAMPLE:
To create an AppleTalk Protocol VLAN with permanent port membership of 9 and 13 and no dynamic ports within an already defined port-based VLAN 2, enter the following commands.
ServerIron(config)# vlan 2
ServerIron(config-vlan-2)# atalk-proto
ServerIron(config-vlan-atalk-proto)# static e 9 e 13
ServerIron(config-vlan-atalk-proto)# no dynamic
NOTE: If configuring this on a switch, enter vlan 2 by port at the CONFIG Level versus vlan 2, as shown in the example above.
Syntax: atalk-proto [<name>]
The name can be up to 16 characters long and can contain blanks. The name appears in VLAN show displays.
To specify a VLAN name, use the name keyword followed by a string. The
name keyword and string are the last arguments in the command. For example, to name an AppleTalk VLAN, enter the following command:
ServerIron(config)# atalk-proto name AppleVLAN1
To name an IP VLAN, enter the following commands:
ServerIron(config)# ip-proto 192.75.5.0/24 name "Ship and Recv"
This example shows how to specify a name that contains a blank. Use double quotation marks before and after the name.
Possible values: N/A
Default value: N/A
This command creates a Decnet protocol VLAN within a ServerIron port-based VLAN, when entered at the VLAN Level. All ports are assumed by default to be members of the VLAN when initially created. Protocol VLAN membership can be modified using the dynamic, static, or exclude commands.
EXAMPLE:
To create a Decnet protocol VLAN with permanent port membership of 15 and 16 with port 17 as dynamic member port, within VLAN 5, enter the following commands.
ServerIron(config)# vlan 5
ServerIron(config-vlan-5)# decnet-proto
ServerIron(config-vlan-decnet-proto)# exclude e 1 to 14 e18
NOTE: If configuring this on a switch, enter vlan 5 by port at the CONFIG Level versus vlan 5, as shown in the example above.
Syntax: decnet-proto [<name>]
Syntax: atalk-proto [<name>]
The name can be up to 16 characters long and can contain blanks. The name appears in VLAN show displays.
To specify a VLAN name, use the name keyword followed by a string. The
name keyword and string are the last arguments in the command. The name can contain blank spaces if you use double quotation marks before and after the name.
Possible values: N/A
Default value: N/A
Moves activity to the privileged EXEC level from any level of the CLI, with the exception of the user level.
EXAMPLE:
To move to the privileged level, enter the following from any level of the CLI.
ServerIron(config-vlan-decnet-proto)# end
ServerIron#
Syntax: end
Possible values: N/A
Default value: N/A
Moves activity up one level from the current level. In this case, activity will be moved to the port-based VLAN level if configuring a protocol VLAN. If configuring a poet-based VLAN, activity would be moved to the global level.
EXAMPLE:
ServerIron(config-vlan-decnet-proto)# exit
ServerIron(config)#
Syntax: exit
Possible values: N/A
Default value: N/A
This command creates an IP protocol VLAN on a ServerIron within a port-based VLAN, when entered at the VLAN Level.
When configuring on a switch, all ports are dynamically allocated to the VLAN. You can modify port membership by using the static or exclude commands.
NOTE: If configuring on a Foundry router, ports must be added to the VLAN with the static command. Ports are not dynamically allocated to IP protocol VLANs.
EXAMPLE:
To assign ports 1, 2, 6 and 8 to an IP protocol VLAN within VLAN 7, enter the following:
ServerIron(config)# vlan 7
ServerIron(config-vlan-7)# ip-proto
ServerIron(config-vlan-ip-proto)# static e 1 to 2 e 6 e 8
NOTE: If configuring this on a switch, enter vlan 7 by port at the CONFIG Level versus vlan 7, as shown in the example above.
NOTE: An IP protocol and IP sub-net VLAN cannot both be configured to operate on a ServerIron at the same time. This restriction is also true for IPX and IPX network VLANs.
Syntax: ip-proto [<name>]
The name can be up to 16 characters long and can contain blanks. The name appears in VLAN show displays.
Possible values: N/A
Default value: N/A
This command creates an IP sub-net protocol VLAN on a ServerIron within a port-based VLAN, when entered at the VLAN Level. This allows you to define additional granularity than that of an IP protocol VLAN, by partitioning the broadcast domains by sub-net. In creating an IP sub-net VLAN, an IP address is used as identifier.
When configuring on a switch, all ports are dynamically allocated to the VLAN. You can modify port membership by using the static or exclude commands.
NOTE: When configuring on a Foundry router, ports must be added to the VLAN with the static command. Ports are not dynamically allocated to IP sub-net VLANs.
EXAMPLE:
To create an IP sub-net of IP address 192.75.3.0 with permanent port membership of 1 and 2 (module 2), within VLAN 10, enter the following commands.
ServerIron(config)# vlan 10
ServerIron(config-vlan-10)# ip-subnet 192.75.3.0 255.255.255.0
ServerIron(config-vlan-ip-subnet)# static e 1 to 2
NOTE: If configuring this on a switch, enter vlan 10 by port at the CONFIG Level versus vlan 10, as shown in the example above.
NOTE: An IP protocol and IP sub-net VLAN cannot both be configured to operate simultaneously on a Foundry switch or router. This restriction is also true for IPX and IPX Network VLANs.
Syntax: ip-subnet <ip-addr> <ip-mask> [<name>]
The name can be up to 16 characters long and can contain blanks. The name appears in VLAN show displays.
To specify a VLAN name, use the name keyword followed by a string. The
name keyword and string are the last arguments in the command. The name can contain blank spaces if you use double quotation marks before and after the name.
Possible values: N/A
Default value: N/A
This command creates an IPX network VLAN on a ServerIron within a port-based VLAN, when entered at the VLAN Level. This allows you to define additional granularity than that of the IPX protocol VLAN, by partitioning the broadcast domains by IPX network number. In creating an IPX network VLAN, an IPX network number is used as identifier. The frame type must also be specified.
When configuring on a switch, all ports are dynamically allocated to the VLAN. You can modify port membership by using the static or exclude commands.
NOTE: When configuring on a Foundry router, ports must be added to the VLAN with the static command. Ports are not dynamically allocated to IPX network VLANs.
EXAMPLE:
To create an IPX network VLAN with a network number of 500 and frame type of 802.2 with permanent port membership of 10 and 14 within port-based VLAN 15, enter the following commands.
ServerIron(config)# vlan 15
ServerIron(config-vlan-15)# ipx-network 500 ethernet_802.2
ServerIron(config-vlan-ipx-proto)# static e 10 e 14
Syntax: ipx-network <ipx-network-number> <frame-type> [<name>]
NOTE: If configuring this on a switch, enter vlan 15 by port at the CONFIG Level versus vlan 15, as shown in the example above.
NOTE: An IPX network and IPX protocol VLAN cannot both be configured to operate simultaneously on a Foundry switch or router. This restriction is also true for IP protocol and IP sub-net VLANs.
Possible values: Frame type: ethernet_ii, ethernet_802.2, ethernet_802.3, ethernet_snap
The <name> parameter can be up to 16 characters long and can contain blanks. The name appears in VLAN show displays.
Default value: N/A
This command creates an IPX protocol VLAN on a ServerIron within a port-based VLAN, when entered at the VLAN Level.
When configuring on a switch, all ports are dynamically allocated to the VLAN. You can modify port membership by using the static or exclude commands.
NOTE: If configuring on a Foundry router, ports must be added to the VLAN with the static command. Ports are not dynamically allocated to IPX protocol VLANs.
EXAMPLE:
To assign ports 1, 2, 6 and 8 to an IPX protocol VLAN within port-based VLAN 22, enter the following:
ServerIron(config)# vlan 22
ServerIron(config-vlan-22)# ipx-proto
ServerIron(config-vlan-ipx-proto)# static e 1 to 2 e 6 e 8
NOTE: If configuring this on a switch, enter vlan 22 by port at the CONFIG Level versus vlan 22, as shown in the example above.
NOTE: An IPX protocol and IPX network VLAN cannot both be configured to operate simultaneously on a Foundry switch or router. This restriction is also true for IP and IP sub-net VLANs.
Syntax: ipx-proto [<name>]
The name can be up to 16 characters long and can contain blanks. The name appears in VLAN show displays.
To specify a VLAN name, use the name keyword followed by a string. The
name keyword and string are the last arguments in the command. The name can contain blank spaces if you use double quotation marks before and after the name.
Possible values: N/A
Default value: N/A
This command creates a NetBIOS protocol VLAN on a ServerIron within a port-based VLAN, when entered at the VLAN Level.
All ports are dynamically allocated to a NetBIOS VLAN when it is created. VLAN Membership can be modified using the dynamic, static, or exclude commands.
EXAMPLE:
To create a NetBIOS Protocol VLAN with permanent port membership of 4 and 5 and ports 8 through 12 as dynamic member ports, within port-based VLAN 25, enter the following commands.
ServerIron(config)# vlan 25
ServerIron(config-vlan-25)# netbios-proto
ServerIron(config-vlan-netbios-proto)# static e 2 e 2
ServerIron(config-vlan-netbios-proto)# exclude e 2 to 2 e 2 e 2 e 2 to 2
NOTE: If configuring this on a switch, enter vlan 25 by port at the CONFIG Level versus vlan 25, as shown in the example above.
Syntax: netbios-proto [<name>]
The name can be up to 16 characters long and can contain blanks. The name appears in VLAN show displays.
To specify a VLAN name, use the name keyword followed by a string. The
name keyword and string are the last arguments in the command. The name can contain blank spaces if you use double quotation marks before and after the name.
Possible values: N/A
Default value: N/A
This command is used to disable other commands. To do so, place the word
no before the command.
This command creates an other-protocol VLAN on a ServerIron within a port-based VLAN, when entered at the VLAN Level.
All ports of the ServerIron are by default dynamically assigned to a newly created other protocol VLAN. VLAN Membership can be modified using the dynamic, static, or exclude commands.
You can use this option to define a protocol-based VLAN for protocols that do not require a singular protocol broadcast domain or are not currently supported on the ServerIron.
EXAMPLE:
On a 16 port switch ports 13 through 16 represent protocols Decnet and AppleTalk. You do not need to separate traffic by protocol into separate broadcast domains. Instead, create an other-protocol VLAN, with just those ports as members, within port-based VLAN 50.
ServerIron(config)# vlan 50
ServerIron(config-vlan-50)# other-proto
ServerIron(config-vlan-other-proto)# static e13 to 16
ServerIron(config-vlan-other-proto)# exclude e1 to 12
NOTE: If configuring this on a switch, enter vlan 50 by port at the CONFIG Level versus vlan 50, as shown in the example above.
Syntax: other-proto [<name>]
The name can be up to 16 characters long and can contain blanks. The name appears in VLAN show displays.
To specify a VLAN name, use the name keyword followed by a string. The
name keyword and string are the last arguments in the command. The name can contain blank spaces if you use double quotation marks before and after the name.
Possible values: N/A
Default value: N/A
This assigns a higher priority to a VLAN so that in times of congestion, it will receive precedence over other transmissions. Up to eight levels of priority can be assigned to a VLAN.
EXAMPLE:
ServerIron(config)# vlan 25
ServerIron(config-vlan-25)# priority high
Syntax: priority normal | high
Possible values: N/A
Default value: N/A
This command returns you from any level of the CLI to the User EXEC mode.
EXAMPLE:
ServerIron(config-vlan-6)# quit
ServerIron>
Syntax: quit
Possible values: N/A
Default value: N/A
Configures a virtual routing interface for use with IP forwarding. After you add the virtual routing interface, you can configure IP addresses on the routing interface.
EXAMPLE:
ServerIron(config)# vlan 1
ServerIron(config-vlan-1)# router-interface ve 1
The vlan 1 command changes the CLI to the configuration level for VLAN 1. The router-interface ve 1 command adds virtual routing interface 1.
Syntax: [no] router-interface ve <num>
The <num> parameter specifies the interface ID and can be from 1 – 24.
Possible values: 1 – 24
Default value: N/A
Displays the real and virtual server configuration information on a remote site ServerIron in the GSLB ServerIron’s CLI. The command also displays the session and CPU information used by the GSLB policy. You can view detailed configuration information and statistics for the site ServerIron, from the GSLB ServerIron’s management console. For more information, see the "Configuring Global Server Load Balancing" chapter in the Foundry ServerIron Installation and Configuration Guide.
Displays a variety of configuration and statistical information about the ServerIron. To see a description of the show commands, see "Show Commands" .
Spanning Tree bridge and port parameters are configurable using one command set at the global level for VLANs.
NOTE: When port-based VLANs are not operating on the system, spanning tree is set on a system level at the Global CONFIG Level.
EXAMPLE:
Suppose you want to change the hello-time value of VLAN 3 from the default value. Additionally, you want to change the path and priority costs for port 5, a member of VLAN 3. Enter the following commands:
ServerIron(config)# vlan 3
ServerIron(config-vlan-3)# span hello-time 8
ServerIron(config-vlan-3)# span ethernet 5 path-cost 15 priority 64
NOTE: You do not need to configure values for the spanning tree parameters. All parameters have default values as noted below. Additionally, all values will be globally applied to all ports on the system or port-based VLAN for which they are defined.
To configure a specific path-cost or priority value for a given Ethernet port, enter those values using the key words found in the brackets [ ] shown in the syntax summary below. If you do not want to specify any specific values for any given Ethernet port, this portion of the command is not required.
Syntax: spanning-tree [ethernet <portnum> path-cost <value> priority <value>] forward-delay <value>
hello-time <value> maximum-age <time> priority <value>
- Forward Delay: the period of time a bridge will wait (the listen and learn period) before forwarding data packets. Possible values: 4 – 30 seconds. Default is 15.
- Maximum Age: the interval a bridge will wait for receipt of a hello packet before initiating a topology change. Possible values: 6 – 40 seconds. Default is 20.
- Hello Time: the interval of time between each configuration BPDU sent by the root bridge.
Possible values: 1 – 10 seconds. Default is 2.
- Priority: a parameter used to identify the root bridge in a network. The bridge with the lowest value has the highest priority and is the root. Possible values: 0 – 255. Default is 128.
- Path Cost: a parameter used to assign a higher or lower path cost to a port. Possible values: 1 – 65535. Default is (1000/Port Speed) for Half-Duplex ports and is (1000/Port Speed)/2 for Full-Duplex ports.
- Priority: value determines when a port will be rerouted in relation to other ports. Possible values: 0 – 255. Default is 128.
This command allows you to define a static MAC addresses for a port on a ServerIron to ensure the device is not aged out. When defining the MAC address entry, you can also define the port’s priority and whether or not it is a router-type or host-type.
NOTE: If you enter the command at the global CONFIG level, the static MAC entry applies to the default port-based VLAN (VLAN 1). If you enter the command at the configuration level for a specific port-based VLAN, the entry applies to that VLAN and not to the default VLAN.
NOTE: If you want to include a trunk group when you configure a static MAC entry that has multiple ports, include only the primary port of the trunk group. If you include all the trunk group’s ports, the ServerIron uses all the ports to forward traffic for the MAC address instead of using only the active trunk port.
EXAMPLE:
To enter a static MAC address entry for port 5, that is also resident in port-based VLAN 4, enter the following:
ServerIron(config)# vlan 4
ServerIron(config-vlan-4)# static-mac-address 023.876.735 ethernet 5 high-priority router-type
The syntax for adding static MAC entries differs depending on whether you are using a stackable or chassis ServerIron.
Syntax for chassis devices:
Syntax: static-mac-address <mac-addr> ethernet <portnum> [priority <0-7>] [host-type | router-type]
Syntax for stackable devices:
Syntax: static-mac-address <mac-addr> ethernet <portnum> [to <portnum> ethernet <portnum>]
[normal-priority | high-priority] [host-type | router-type | fixed-host]
The priority can be 0 – 7 (0 is lowest and 7 is highest) for chassis devices and either normal-priority or high-priority for stackable devices.
NOTE: The
fixed-host parameter is supported only on stackable ServerIrons. Use the
fixed-host parameter for Layer 2 firewall configurations. The parameter "fixes" the address to the ServerIron port you specify and prevents other ports on the ServerIron from learning it. Use the
router-type parameter for all other types of FWLB configurations. For more information, see the Foundry ServerIron Firewall Load Balancing Guide.
To create a static MAC entry that is associated with multiple ports, enter a command such as the following:
ServerIron(config-vlan-4)# static-mac-address aaaa.bbbb.cccc ethernet 1 ethernet 3 to 5
This command creates a static MAC entry that is associated with port 1 and ports 3 – 5. The ServerIron forwards traffic addressed to aaaa.bbbb.cccc out all the ports you specified, in this case 1, 3, 4, and 5.
Syntax: static-mac-address <mac-addr> ethernet <portnum> [to <portnum> ethernet <portnum>]
[normal-priority | high-priority] [host-type | router-type | fixed-host]
NOTE: If you enter the command at the global CONFIG level, the static MAC entry applies to the default port-based VLAN (VLAN 1). If you enter the command at the configuration level for a specific port-based VLAN, the entry applies to that VLAN and not to the default VLAN.
Foundry recommends that you configure a static ARP entry to match the static MAC entry. In fact, the software automatically creates a static MAC entry when you create a static ARP entry.
NOTE: When a static MAC entry has a corresponding static ARP entry, you cannot delete the static MAC entry unless you first delete the static ARP entry.
To create a static ARP entry for a static MAC entry, enter a command such as the following:
ServerIron(config-vlan-4)# arp 1 192.53.4.2 aaaa.bbbb.cccc ethernet 1
NOTE: The arp command allows you to specify only one port number. To create a static ARP entry for a static MAC entry that is associated with multiple ports, specify the first (lowest-numbered) port associated with the static MAC entry.
Possible values: See above.
Default value: See above.
Once a port-based VLAN is created, port membership for that VLAN must be defined. To assign a port to a port-based VLAN, either the tagged or untagged command is used. When a port is tagged, it can be a member of multiple port-based VLANs.
When a port is tagged, it allows communication among the different VLANs to which it is assigned. A common use for this might be to place an email server that multiple groups may need access to on a tagged port, that in turn, is resident in all VLANs that members need access to the server.
EXAMPLE:
Suppose you want to make port 5 (module 5), a member of port-based VLAN 4, a tagged port, enter the following:
ServerIron(config)# vlan 4
ServerIron(config-vlan-4)# tagged ethernet 3/5
Syntax: tagged ethernet <portnum> [to <portnum> [ethernet <portnum>]]
Possible values: see above.
Default value: N/A
Once a port-based VLAN is created, port membership for that VLAN must be defined. To assign a port to a port-based VLAN, either the tagged or untagged command is used. When a port is ‘untagged’ it can only be a member of one VLAN.
EXAMPLE:
Suppose you want to assign all ports on a 16-port ServerIron except port 5 (module 3) as untagged to a VLAN. To assign ports 1-4 and 6-16 to VLAN 4, enter the following:
ServerIron(config)# vlan 4
ServerIron(config-vlan-4)# untagged ethernet 3/1 to 3/4 e 3/6 to 3/16
Syntax: untagged ethernet <portnum> [to <portnum> ethernet <portnum>]
Possible values: see above.
Default value: N/A
Configures a set of ports within a port-based VLAN as uplink ports for the VLAN. All broadcast and unknown-unicast traffic goes only to the uplink ports, not to the other ports in the VLAN.
For more information, see the "Configuring Virtual LANs (VLANs)" chapter in the Foundry Switch and Router Installation and Basic Configuration Guide.
EXAMPLE:
To configure a port-based VLAN containing uplink ports, enter commands such as the following:
ServerIron(config)# vlan 10 by port
ServerIron(config-vlan-10)# untag ethernet 1/1 to 1/24
ServerIron(config-vlan-10)# untag ethernet 2/1 to 2/2
ServerIron(config-vlan-10)# uplink-switch ethernet 2/1 to 2/2
Syntax: [no] uplink-switch ethernet <portnum> [to <portnum> | ethernet <portnum>]
In this example, 24 ports on a 10/100 module and two Gigabit ports on a Gigabit module are added to port-based VLAN 10. The two Gigabit ports are then configured as uplink ports.
Possible values: see above.
Default value: N/A
Saves the running-time configuration into the startup-config file.
EXAMPLE:
ServerIron(config-vlan-4)# write memory
Syntax: write memory
Possible values: N/A
Default value: N/A
Displays the running-configuration of the ServerIron on the terminal screen.
EXAMPLE:
ServerIron(config-vlan-4)# write terminal
Syntax: write terminal
Possible values: N/A
Default value: N/A
| 
