1 / 58

OfficeServ Data Server

Enterprise IP Solutions. OfficeServ Data Server. L2 Protocol. Mar, 2006 OfficeServ Lab1 Samsung Electronics Co., Ltd. Contents. STP / RSTP Port Trunking IGMP Snooping VLAN L2 QoS Security Mirroring Authentication. STP/RSTP. Rapid Spanning Tree Protocol. Bridge Parameter

juana
Download Presentation

OfficeServ Data Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Enterprise IP Solutions OfficeServ Data Server L2 Protocol Mar, 2006 OfficeServ Lab1 Samsung Electronics Co., Ltd.

  2. Contents • STP / RSTP • Port Trunking • IGMP Snooping • VLAN • L2 QoS • Security • Mirroring • Authentication

  3. STP/RSTP

  4. Rapid Spanning Tree Protocol • Bridge Parameter • Bridge Priority : Decides the priority of Bridges • Hello Time : Sets the transmission cycle of BPDU • Max Age Time : Sets the Message Age Time • Forward Time : The time that the state of each port is changed by level • Port Parameter • Priority : Standard to select the port to be blocked when the switch loop is established • Force Version : Communication is progressed via the switch connected to the corresponding port and the BP여 that a user specifies. • Path Cost : The path cost according to the bandwidth when the connection with the opponent is established • Portfast • Link Type : The link is connected as point-to-point in RSTP

  5. Rapid Spanning Tree Protocol ① Designated Bridge Identifier • The upper 4 digits represent the bridge priority and the remaining lower digits are expressed as the system MAC address ② Root Bridge Identifier • Among the connected switched, it indicates the identifier of the switch equipment selected as the root bridge. Therefore, if there is no connection between switched, the Root Bridge Identifier displays the same information as the Designated Bridge Identifier. ③ Root Path Cost • When the root bridge is decided, it displays the calculated cost for the path to the root switch ④ Root Port • If the current equipment is not the root switch, it indicates the ID of the port corresponding to the root port. ⑤ Last Topology changed ① ② ③ ④ ⑤

  6. Rapid Spanning Tree Protocol 0x8002 If a switch connected to the corresponding port is more close to the root switch, the Designated Root shows the Bridge identifier of the connected switch. Otherwise, Designated Root shows its own Bridge identifier Port priority Port Index The role of the port that selected via the BDPU exchange between switches. Disable, Alternative, Backup, Designated, Root Discarding, Learning, Forwarding, Blocking

  7. Port Trunking

  8. Port Trunking - GPLIM The packet is transferred to a port among members included to the trunk group. Select an algorithm to select a port for transfer. • Up to 8 groups can be generated, and up to 4 ports can be included to a group as members. • In addition, a member included to a group cannot be included anther group simultaneously. • Displayed when selecting the trunk configuration as ‘LACP’. • For the Active, a LACP packet is transferred to the opposite party first, based on the system. • For the Passive, it is responded only when receiving a packet from the opposite system. • If the user system and opposite system are all set up as Active, a system that has higher priority is used as a reference.

  9. Port Trunking - GSIM LACP is distinguished with Static Trunking in that the configuration as the LACP port automatically forms bandwidth GSIM The LACP Configuration window can configure trunk groups and add or delete members The selection of the algorithm to select the port to sent out the packets. Select [Port Trunking]  [Status] menu to specify the configuration related to Port Trunking

  10. IGMP Snooping

  11. IGMP Snooping According to VLANs, the IGMP Snooping can be operated respectively

  12. IGMP Snooping Select the VLAN and the Category to configure, enter the time and click the [OK] button to store the configuration • Group Membership The time to exit from the multicast forwarding database list when new report does not exist • Last Member Query Timeout The time to wait a response report after sending a query to check if the host is the last host when multicast router receives a leave message from a host. If the report is not replied until the time is elapsed, the host is deleted from the group. • Max Response The maximum time until its response when IGMP Snooping query is received • Other Query The time until the operation as a querier starts when a query from the multicast router doest not exist

  13. IGMP Snooping Querier and Immediate Leave can be set of each VLAN, but Cross VLAN and Flood DPM can be set on a bridge basis. • Querier The operation as IGMP querier when the multicast router does not exist. • Immediate Leave Deletes a host from the group immediately when receiving the Leave Message. • Cross VLAN Forwards multicast packets to all ports regardless of VLAN. • Flood DPM If no member exists in the IGMP group, sets whether to forward multicast packets. In GSIM board, it is supported using [IGMP snooping] -> [Multicast Filter] menu.

  14. IGMP Snooping In GSIM board, it is supported Cross VLAN and Flood DPM function in GPLIM board as shown in the figure below: GSIM • Forward group Always forwards multicast packets • Filter unregistered group Drops multicast packets when any member pertaining to IGMP group doesn’t exit • Forward unregistered group Forwards multicast packets when any member pertaining to IGMP group doesn’t exit

  15. IGMP Snooping 224. 1. 1. 20 Display the information on the members registered in IGMP Group. Click the [Refresh] button to update the information displayed on the web screen into the latest information.

  16. Virtual LAN (VLAN) • Port based VLAN • MAC based VLAN • 802.1Q Tag based VLAN • Protocol based VLAN • IP-subnet based VLAN

  17. VLAN • GPLIM • 256 VLANs • Mode • MAC based VLAN • Port based VLAN • 802.1Q Tag based VLAN • GSIM • 1024 VLANs • Mode • Port based VLAN • MAC based VLAN • IP based VLAN • Protocol based VLAN

  18. VLAN - GPLIM(1) • MAC based VLAN : VLAN is configured for each MAC address • A MAC based VLAN does not basically contain port information. • The port serves as a VLAN member by receiving packets. • The ARP packet must be transmitted to the switch to enable members of a VLAN to exchange packets.

  19. VLAN - GPLIM(2) • MAC based VLAN (cont’d) • Select ‘MAC’ from VLAN Operation Mode • Select the corresponding VLAN and enter VLAN Name and VLAN ID • Enter the MAC address into [Classification] menu

  20. VLAN - GPLIM(3) • Port Based VLAN • A single port can be assigned to multiple VLANs. • Broadcast packets transmitted by the port is transmitted to all VLANs containing the port. • Ports not assigned to any VLANs serve as a single VLAN.

  21. VLAN - GPLIM(4) • Port based VLAN (cont’d) • Select ‘Port’ from VLAN Operation Mode • Select the corresponding VLAN and enter VLAN Name and VLAN ID

  22. VLAN - GPLIM(5) • 802.1Q (IVL/SVL) • 1. Member set • 2. Untagged set • 3. PVID (Port VLAN ID) (Note) If you change the VLAN operation mode, the previous VLAN setting is cleared.

  23. VLAN - GPLIM(6) In the [Port]->[VLAN]->[Port VID] menu, set the operation method when an untagged frame is received Send a frame to VLAN registered in the Port VID ‘1’ is a default VLAN that includes all ports Set drop/pass when an untagged frame is delivered. For drop, tick off the checkbox

  24. VLAN - GPLIM(7) • 802.1Q (IVL/SVL) (cont’d) • IVL (Independent VLAN Learning) • One FDB per each VLAN ID • if individual MAC address learned in one VLAN, learned information NOT used in forwarding decisions relative to all other VLANs • SVL(Shared VLAN Learning) • One single FDB • if individual MAC address learned in one VLAN, learned information used in forwarding decisions relative to all other VLANs • IVL vs SVL

  25. VLAN - GPLIM(8) • Classification • If the VLAN mode is ‘802.1Q’, VLAN ID is decided depending on the protocol of the packet received. • Classification Mode • In case of MAC based VLAN, ‘MAC’ is selected. • In case of 802.1Q based VLAN, ‘proto’ is selected.

  26. VLAN – GSIM (1) • Port based VLAN • VLAN Create • VLAN Edit • Add/Delete members • Egress-Tagged • Egress-Tagged • The packet that sends out to the outside via a port is sent out as Tagged-Packet

  27. VLAN – GSIM (2) • The trunk port is set (Static Trunk) • The member port of each group should have always the same VLAN characteristics. • The ports with the different VLAN characteristics cannot be involved in the trunk group. • In case of LACP, if the link of its member port is not connected, the trunk device (po1, po2, …) is hidden.

  28. VLAN – GSIM (3) • Port Setup • Set Port ID • Ingress-Filter • For Security • The type of packets coming from the port can be limited via the Frame-Type. • Frame Type • Configure Ingress Packet(All-Packet/Tagged-Packet)

  29. VLAN – GSIM (4) • VLAN Classification • MAC-based VLAN • Configuration in accordance with the source MAC address of the Untagged packet arriving to the port • IP-based VLAN • Configure VLAN depending on the IP subnet of the Untagged packet coming in the port • Protocol-based VLAN • Configure VLAN depending on the protocol type of the Untagged packet coming in the corresponding port selected • If the port is set as the trunk group, the same setting is to be made in all number ports of the trunk group

  30. VLAN • Cli command If you can’t connect to a GPLIM/GSIM board because of VLAN configuration, you have to configure using cli command. 1. Enter “show vlan all bridge 1” command  Display current configurations of VLAN.

  31. VLAN • Cli command 2. Enter “configure terminal” command 3. Enter “vlan database” command to configure vlan database 4. Enter “no vlan 2 bridge 1” command to clear information about VLAN 2 5. Return ‘enable mode’ 6. Enter “show vlan all bridge 1” command to display current configurations of VLAN

  32. L2 QoS • -Port based L2 QoS • -802.1p Tag based L2 QoS

  33. 802.1p tag based L2 QoS • Assumption for configuration Example • Set L2 QoS for MP, MGI, and IP Phone (ITP). • MP and MGI are not provided with 802.1p and connected to P1, P7, respectively. • If the IP Phone is connected to P3, P4, P5, and P6, the 802.1p Tag priority function is provided. • The IP Phone connected to P3, P4 is provided with 802.1p, and a tag value is set to 7.The IP Phone connected to P5, P6 is also provided with 802.1p, and a tag value is set to 1.

  34. 802.1p tag based L2 QoS Cannot support the 802.1p function MGI MP GPLIM IP Phone with 7 value of 802.1p tag field IP Phone with 1 value of 802.1p tag field

  35. 802.1p tag based L2 QoS 1. From the [Port]->[QoS] menu, select the QoS mode as ‘Weight Round Robin’ or ‘All High before Low’. 2. Since the Tag information with a high priority is 1 and 7, tick off Level1 and 7. GPLIM Process 3 packets with a high priority and then one packet with a low priority Set this value to high priority If QoS Mode is set to ‘All High before Low’, set the maximum time when a packet with a low priority is not processed If the set time is reached, packets are first processed

  36. 802.1p tag based L2 QoS 3. From the [Port]->[Config] menu, set the priority of a port to which MP and MGI are connected as High. If set as High, set to ensure that a port with a high priority can be operated even if there is no value in the Tag field. GPLIM Always, set a high priority for MP and MGI for which 802.1p is not provided

  37. Port based L2 QoS • Assumption for configuration Example • Set L2 QoS for MP, MGI and IP Phone (ITP). • MP and MGI are not provided with 802.1p, and connected to P1, P7, respectively. • The IP Phone (ITP) is connected to P3, P4, P5, and P6.802.1p is not supported

  38. Port based L2 QoS MGI MP GPLIM ITP(IP Phone) Without the 802.1p Function

  39. Port based L2 QoS 1. To use the Priority function in the [Port]->[QoS] menu, the QoS mode should be set to ‘Weighted Round Robin’ or ‘All High before Low’. Thus, set the QoS mode as shown in the figure below: GPLIM

  40. Port based L2 QoS 2. In the [Port]->[Config] menu, set the priority of the port to which MP, MGI and IP Phone are connected as High. GPLIM

  41. Security

  42. MAC Authentication • Assumption for Configuration Example • Four PCs has the following MAC addresses:PC#1 : 00-00-F0-12-34-56PC#2 : 00-00-F0-AB-CD-EFPC#3 : 00-00-F0-56-78-9APC#4 : 00-00-F0-65-43-21 • PC#1 is used to connect to P7 only.PC#2 is used to connect to P5 only.PC#3 is used to connect to P12 only.PC#4 is not available.

  43. PC#3 PC#4 PC#2 PC#1 MAC Authentication MGI MP GPLIM PC#2 and PC#3 are authorized. ○ ○ × × PC#1 is used to connect to P7 only PC#4 is not authorized

  44. MAC Authentication 1. In the [Port]->[Config] menu, tick off the “Security” of a port whose security is requested. GPLIM Disable MAC learning

  45. MAC Authentication 2. In the [Port]->[MAC]->[Static Address] menu, enter a MAC address of PC and information on the port. GPLIM port 4 port 3 port 6 MAC address of PC#1, #2, and #3

  46. Mirroring

  47. Port Mirroring • Assumption for Configuration Example • Capture the IP packet information in the Management PC connected to P10. • Capture all Tx/Rx data generated from MP. • An address of the MP network is 192.168.10.1/24. • Check and store the capture information using the Ethereal program in PC.(Refer to http://www.ethereal.com/download.html )

  48. Port Mirroring MP <-> MGI Data Traffic MGI MP Data Traffic Mirrored From P1 to P10 GPLIM MP IP : 192.168.10.1/24 MGI IP : 192.168.20.1/24 Management PC

  49. Port Mirroring 1. From the [Port]->[MISC] menu, select information on Mode, Monitoring Port, Monitored Port. > Monitoring Port: A port to which a PC terminal for viewing data to be captured is connected. > Monitored Port: A port to which a terminal sends/ receives data to be captured is connected. Ingress: Select packet information only received from the Monitored Port to the selected port Egress: Select packet information only transmitted from the Monitored Port to the selected port Both: Select packet information only transmitted/received from the Monitored Port to the selected port Port to which MP is connected Information on a port to which PC is connected

  50. Port Mirroring Select [Port] [Mirror Config] menu to perform the port mirroring. To apply the configurations specified to the system, GSIM Port to which MP is connected Information on a port to which PC is connected

More Related