At8000 s caracteristicas gerais

  • 460 views
Uploaded on

 

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
460
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. General Features AT-8000S Marvell Confidential
  • 2. Agenda • Speed/duplex auto negotiation • Flow Control • Back pressure • MDI/MDIX • Storm Control • Port Security • Port Mirroring • Combo Ports • VCT Marvell Confidential
  • 3. Speed/ Duplex Auto Negotiation Marvell Confidential
  • 4. Auto Negotiation • The purpose of auto negotiation is to allow a device to advertise modes of operation. • User can set the speed, duplex mode and flow control advertisement • Speed-duplex capabilities to be advertised can be any combination of the following: 10h, 10f, 100h, 100f, 1000f Marvell Confidential
  • 5. CLI – Auto negotiation • Use the following interface mode command to allow auto negotiation on a given interface or to advertise link capabilities. Use the no form of this command to disable negotiation: negotiation {10h} {10f} {100h} {100f} {1000f} no negotiation console(config)# interface ethernet 1/e1 console(config-if)# negotation console(config-if)# negotation 10h Marvell Confidential
  • 6. CLI – Show advertisement • Use the following show command to view: – device interface advertisement – Connected link partner advertisement – resolution console# show interfaces advertise ethernet 1/e1 Port: 1/e1 Type: 100M-Copper Link state: Up Auto negotiation: Enabled 1000f 1000h 100f 100h 10f 10h ..... ..... .... .... ... ... Admin Local link Advertisement no no no no no yes Oper Local link Advertisement no no no no no yes Oper Remote link Advertisement no no yes yes yes yes Priority Resolution - - - - - yes Marvell Confidential
  • 7. CLI – Speed and Duplex • Use the following interface mode command to define the speed of an interface, when auto-negotiation is disabled. Use the no form of this command to return to default: speed {10|100|1000} no speed • Use the following interface mode command to define the duplex mode (full/half)of an interface, when auto- negotiation is disabled. Use the no form of this command to return to default (full duplex): duplex {half|full} no duplex console(config)# interface ethernet 1/e1 console(config-if)# no negotiation console(config-if)# speed 100 console(config-if)# duplex full Marvell Confidential
  • 8. Flow control Marvell Confidential
  • 9. Flow Control • The system supports flow control on all ports including Aggregate Links. • Default state on all ports is flow control set to OFF. • The user may enable or disable this feature on a per-port basis. Marvell Confidential
  • 10. CLI - Flow Control • Use the following interface mode command to configure the flow control of a given interface. To restore the default (flow control off), use the no form of this command. flowcontrol { auto | on | off} no flowcontrol – auto Auto negotiation – on Enable – off Disable console(config-if)# flowcontrol auto Marvell Confidential
  • 11. Back Pressure Marvell Confidential
  • 12. Back Pressure • The system supports backpressure on all ports (when in half duplex mode). • The user may enable or disable this feature on a per-port basis. • Default status on all ports is set to OFF. Marvell Confidential
  • 13. CLI - Back Pressure • Use the following interface mode command to enable the back pressure of a given interface. To disable it, use the no form of this command. back-pressure no back-pressure console(config-if)# back-pressure Marvell Confidential
  • 14. MDI/MDIX Marvell Confidential
  • 15. MDI/MDIX - Preview • Normally, Twisted Pair ports must be connected so that the Transmit pair on one end is connected to the Receive pair on the other end, and vice versa. • Hubs and switches are deliberately wired opposite to the way end stations are wired, so that when a hub or switch is connected to an end station, a "straight through" Ethernet cable can be used, and the pairs will match up properly. • When two hubs/switches are connected to each other, or two end stations are connected to each other, a "crossover" cable is used to make sure that the correct pairs are connected. • The standard wiring for end stations is known as MDI (Media Dependent Interface), and the standard wiring for hubs and switches is known as MDIX (Media Dependent Interface with Crossover) Marvell Confidential
  • 16. MDI/MDIX • The device can automatically correct errors in cable selection, and make the distinction between a "straight through" cable and a "crossover" cable irrelevant. This capability is known as Auto Cross. • Auto MDI/MDIX works only on copper ports. • Port can be set to either MDI, MDIX or automatic crossover • Auto-crossover is the default setting for all ports. • MDI/MDIX setting is separate to that of the speed/Duplex auto-negotiation Marvell Confidential
  • 17. CLI - MDI/MDIX • Use mdix command to enable cable crossover on a given interface. To disable cable crossover, use the no form of this command. mdix {on | auto} no mdix – on - Manual MDIX – Auto - Auto MDI/MDIX – No – manual MDI console(config-if)# mdix auto Marvell Confidential
  • 18. Storm Control Marvell Confidential
  • 19. Storm Control – broadcast Rate Limiting • The device can measure the rate of incoming broadcast frames on each port separately, and discard frames when the rate exceeds a user-set desired rate. • Storm control feature is enabled/disabled separately for each port. • The desired broadcast rate limit in is applied separately to each port. • Rate is set in Kbits/sec. The default is 100Kbps • User can define if storm control will be applied only to Broadcast packets or to multicast (and unknown) as well Marvell Confidential
  • 20. CLI - Storm Control • Use the following Interface Configuration Mode command to enable broadcast rate limiting on a certain interface. Use the no form of this command to return to default (rate limiting disabled). port storm-control broadcast enable no port storm-control broadcast enable console(config)# interface ethernet 1/e3 console(config-if)# port storm-control broadcast enable console(config-if)# Marvell Confidential
  • 21. CLI - Storm Control • Use the following Interface Configuration Mode command to set the maximum rate of broadcast. Use the no form of this command to return to default . port storm-control broadcast rate rate no port storm-control broadcast rate console(config)# interface ethernet 1/e5 console(config-if)# port storm-control broadcast rate 70000 • Use the following interface Configuration Mode command to count multicast (and unknown unicast) packets in the port storm- control broadcast rate command. Use the no form the command to disable counting of multicasts port storm-control include-multicast [unknown-unicast] no port storm-control include-multicast console(config-if)# port storm-control include-multicast unknown-unicast Marvell Confidential
  • 22. Show - Storm Control • Use the following EXEC Mode command to see the storm control configutation on the device . Show ports storm-control console# show ports storm-control Port State Rate [Kbits/Sec] Included -------- -------- ---------------- ------------------------------------- 1/e1 Disabled 100 Broadcast 1/e2 Disabled 100 Broadcast 1/e3 Enabled 100 Broadcast 1/e4 Disabled 100 Broadcast 1/e5 Enabled 70000 Broadcast, Multicast, Unknown unicast 1/e6 Disabled 100 Broadcast 1/e7 Disabled 100 Broadcast 1/e8 Disabled 100 Broadcast Marvell Confidential
  • 23. Port security Marvell Confidential
  • 24. Port Security • A control mechanism which monitors received and learned packets on a port. • Packets received on a locked port, whose source address was not found in MAC forwarding table (not learned previously dynamically or not entered statically), are treated in one of the following ways, which can be configured per port – Forward (Frame is forwarded, but its address is not learned) – Discard – Discard and and disable the port – send an SNMP trap (together with one of the previous options) • When a port becomes a locked port, all the current addresses that were learned dynamically by the switch on that specific port, are transformed to a “secure” status. They are kept after reset if running config was copied to Marvell Confidential startup
  • 25. Port Security – Number of MACs • A port security feature to increase security by limiting access on a specific port to a limited user-defined number of hosts • A frame with a new Source MAC arriving on port after limit is reached invokes the port lock mechanism • Addresses learned on port are still subject to aging. • A port can be defined either with classic port lock or with number of MAC port lock Marvell Confidential
  • 26. Port security - Configuration • Port security can be enabled only on ports which have been define as dot1x multiple hosts. • Define type of port security – Regular lock – Number of MAC based lock (and the value) • Define the per-port action to be carried out once intrusion detection has been discovered, as defined above. • Set the frequency of SNMP traps sent • To release a port disabled by port security: – Either use the exec mode “set interface active” command, or – Reload (reboot) device Marvell Confidential
  • 27. CLI - Port Security • Use the following interface configuration mode command to allow multiple hosts on a certain interface. The “no” form of commands disables multiple hosts (the default) dot1x multiple-hosts no dot1x multiple-hosts console(config)# interface ethernet 1/e1 console(config-if)# dot1x multiple-hosts Marvell Confidential
  • 28. CLI – Basic Port Security • Use the following interface mode command to lock learning of new addresses on an interface. Use the no form of this command to enable learning of new addresses. port security [ forward | discard | discard-shutdown ] [trap seconds] no port security console(config)# interface ethernet 1/e1 console(config-if)# port security discard-shutdown Marvell Confidential
  • 29. CLI – Lock Port Addresses console# show bridge address-table Aging time is 300 sec Vlan Mac Address Port Type -------- --------------------- ------ ---------- 1 00:00:09:00:00:00 1/e1 secure //locked port addresses 1 00:00:09:00:00:01 1/e1 secure 1 00:00:09:00:00:02 1/e1 secure 1 00:00:09:00:00:03 1/e1 secure 1 00:00:09:00:00:04 1/e1 secure 1 00:00:09:00:00:05 1/e1 secure 1 00:00:09:00:00:06 1/e1 secure 1 00:00:09:00:00:07 1/e1 secure 1 00:00:09:00:00:08 1/e1 secure 1 00:00:09:00:00:09 1/e1 secure g13 00:00:e2:86:f4:f2 1/e13 dynamic //regular learned address Marvell Confidential
  • 30. CLI – Enabling a Port Shutdown • Use the following Privileged EXEC mode command to enable a port that was shut down by port security feature: set interface active {ethernet interface | port-channel port- channel-number} //sending traffic with new addresses to locked port console# 01-Jan-2000 02:15:43 %LINK-W-Down: 1/e1 console# sh interfaces status Flow Link Back Mdix Port Type Duplex Speed Neg ctrl State Pressure Mode ........ ............ ...... ..... ........ .... ........... ........ ....... 1/e1 100M-Copper -- -- -- -- Down* -- -- 1/e2 100M-Copper Full 100 Enabled Off Up Disabled On … *: The interface was suspended by the system. console# Marvell Confidential
  • 31. CLI – Enabling a Port Shutdown (cont’) • …Enabling a port that was shut down by port security feature console# set interface active ethernet 1/e1 console# 01-Jan-2000 01:50:27 %LINK-I-Up: 1/e1 console# show interfaces status Flow Link Back Mdix Port Type Duplex Speed Neg ctrl State Pressure Mode ........ ............ ...... ..... ........ .... ........... ........ ....... 1/e1 100M-Copper Full 100 Enabled Off Up Disabled On 1/e2 100M-Copper Full 100 Enabled Off Up Disabled On 1/e3 100M-Copper Full 100 Enabled Off Up Disabled On …… Marvell Confidential
  • 32. CLI – port security mode • Use the following Interface Configuration mode command to configure the port security mode. • To return to the default configuration, use the no form of this command. port security mode {lock | max-addresses} no port security mode console(config-if)# port security mode max-addresses Marvell Confidential
  • 33. CLI – port security max • The following Interface Configuration mode command configures the maximum number of addresses that can be learned on the port while the port is in port security mode. • To return to the default configuration, use the no form of this command. port security max max no port security max console(config-if)# port security max 23 Marvell Confidential
  • 34. CLI – port security routed secure-address • Use the following interface configuration mode command to adds a MAC-layer secure address to a routed port: port security routed secure-address mac-address Console(config)# interface ethernet 1/e1 Console(config-if)# ip address dhcp Console(config-if)# port security routed secure-address 66:66:66:66:66:66 Marvell Confidential
  • 35. CLI – Show Port Security • Use the following privilege EXEC mode command to view port security settings: show ports security [ethernet interface | port-channel port- channel-number] console# show ports security Port status Learning Action Maximum Trap Frequency ------- -------- ------------- ----------------- --------- -------- --------- 1/e1 Disabled Max-addresses - 23 - - 1/e2 Disabled Lock - 1 - - Marvell Confidential
  • 36. Port Mirroring Marvell Confidential
  • 37. Port Mirroring • One session of traffic monitoring is supported system-wide (tx and rx). • User can choose if to mirror only RX traffic, only Tx frames or both. • At ingress - the frames arriving at the target port are copies of the frames passing through the source port at ingress, prior to any in- switch action. • It is possible to specify up to 8 ports to be monitored by a single target port. However, in these cases, any excess traffic will silently be discarded (and user will not know which). • Port Mirroring is only relevant to Physical ports. In LAGs, the member ports have to be specified individually as sources. • It is possible to specify up to 24 source ports to be monitored by a single target port . • The user may set the monitored traffic to be send tagged or untagged. Marvell Confidential
  • 38. Port Mirroring • Target ports: – Cannot be a member of a LAG. – Cannot be a source of a mirror session. – Cannot be a member of a VLAN (except for default VLAN) – Cannot be GVRP enabled – Cannot be configured with IP address • Port monitor is supported across the stack Marvell Confidential
  • 39. CLI - Configuring Port Mirroring • Use the following Interface mode command to define port mirroring (interface mode is that of the target port). Use the “no” form of command to remove monitor session(s): port monitor src-interface [rx | tx] no port monitor src-interface • Use the following EXEC mode command to view port monitor settings: show ports monitor Marvell Confidential
  • 40. CLI - Configuring Port Mirroring • Use the following Interface Configuration mode command to transmit tagged ingress mirrored packets. • To transmit untagged ingress mirrored packets, use the no form of this command. port monitor vlan-tagging no port monitor vlan-tagging Marvell Confidential
  • 41. Combo ports Marvell Confidential
  • 42. Combo Ports Overview • A single logical port that has two physical connections: a) RJ45 Connector b) SFP port. • Only one of the two physical connections may be used at a time. • Some port features and port controls available for user are affected by the actual physical connection used. • The system will automatically detect the media that is in use on a combo port, and will utilize this knowledge in all operations and control interfaces. Marvell Confidential
  • 43. Combo Ports • If both RJ45 and SFP are present (link up in both connections), the SFP will be active, and the RJ45 physical port will be disabled and ignored. • It is possible to switch from the RJ45 to the SFP (or vice- versa) without a system reboot or reset. • When the link changes from copper to fiber and vice-versa, or the SFP module is exchanged, the system attempts to configure the new link as the “old” one was. If this configuration fails for any reason, the ports are configured with factory default values. Marvell Confidential
  • 44. VCT Virtual Cable Test Marvell Confidential
  • 45. VCT - Functional description • Virtual Cable Test (VCT) technology provides the mechanism to detect and report potential cabling issues, such as cable open circuit, cable short circuit, Etc. • Cable analysis is available only on Copper Cables. • Cable analysis can only be done when the link is down. • Cable Length, on the other hand, can be measured only when the link is up. • The following parameters are detected: 1) Cable Type/Status 2) Cable length – per cable (50 Meter minimum; 30 meter resolution) 3) Fault–Distance, in case of fault (may deviate 1-2 meters) • Only short circuits across wires within a pair are reported. Marvell Confidential
  • 46. CLI - VCT Configuration • Use the following EXEC privilege mode command to activate VCT on a certain port: test copper-port tdr interface console(config)# interface ethernet 1/e9 console(config-if)# shutdown 01-Jan-2000 01:48:56 %LINK-W-Down: Vlan 1 console(config-if)# 01-Jan-2000 01:48:56 %LINK-W-Down: 1/e9 console(config-if)# exit console(config)# exit console# test copper-port tdr 1/e9 .. Cable on port 1/e9 is good console# Marvell Confidential
  • 47. CLI - VCT Show command • Use the following EXEC privilege mode command to show VCT results: Show copper-port tdr interface console# show copper-ports tdr 1/e9 Port Result Length [meters] Date ----------- ----------- ---------------- -------------------------- 1/e9 Open cable 01-Apr-2004 01:57:14 console# Marvell Confidential
  • 48. Marvell Confidential