3Com Treinamento

8/10/2019 3Com Treinamento

1/79

Configuring and Deploying3Com Enterprise Switches

Version 2.3

3Com University

Version 2.3 October 2006


2/79

1

Agenda

Chapter 1 - Introduction to the Enterprise Switch Family

Chapter 2 - Installation & Getting Started

Lab Exercises 1 - 2

Chapter 3 - Configuring Ports & Link Aggregation

Lab Exercise 3

Chapter 4 - Configuring Spanning Tree

Lab Exercise 4

Chapter 5 - Configuring VLANs

Lab Exercise 5

Chapter 6 - Basic Layer 3 Configuration

Lab Exercise 6


3/79

2

Agenda

Chapter 7 - Setting up OSPF

Lab Exercise 7

Chapter 8 - Setting up VRRP

Lab Exercise 8

Chapter 9 - Using ACLs & QoS

Lab Exercise 9

Chapter 10 - Multicast Configuration

Lab Exercise 10

Chapter 11 - Configuring RADIUS & 802.1X Login

Lab Exercise 11

Chapter 12System Maintenance & Troubleshooting

Lab Exercise 12


4/79

Chapter 1

Introduction to theEnterprise Switch Family


5/79

4

Introduction to the Enterprise Switch Family

>Chapter Topics

Introduction to Secure Converged Networks

Explain the Positioning of the Enterprise Switches

Introduction to the Switch 5500 Family




6/79

5

Defining Secure, Converged Networks

Secure Network Integrated security Adaptive and dynamic protection Automatic protection Customizable and centrally managed

Converged Network Resilient multi-service network Application-aware traffic classification Core-to-edge coverage Wired and wireless

Customer Benefits Business continuity Improved productivity Capital efficiency and cost reduction Corporate control and visibility

management

security

IP Services: data, voice, video,

music, gaming

IP connectivity


7/796

3Com Premium Enterprise LAN Switching Portfolio

3Com Switch 5500

Deployment Focus:

3Com Switch 7750

3Com Switch 8800

Key Features:

Modular Core Switching>Advanced Layer 2/3 Switching and Routing

> High-density Gigabit and 10 Gigabit Solutions

> Multilayer QoS for Convergence Networking

> Granular Traffic Management & Holistic Security

>Available Power over Ethernet

> Highly Resilient Modular Architecture

Modular Edge Switching

>Advanced Layer 2/3 Switching and Routing

> High-density 10/100 and Gigabit Solutions




> Highly Resilient Modular Architecture

Premium Stackable Switching

>Advanced Layer 2/3 Switching and Routing




> Disaster Protection with XRN

> Large Enterprise

> Non-Blocking Core, Distribution Layer

> High-Density Edge Access & PoE

> Small/Medium Enterprise Core

> Large Enterprise Distribution Layer


> Small Enterprise Core

> Medium Enterprise Distribution Layer


> Branch Office, Workgroup


8/797

All Part of 3Coms Secure Converged Networking Solution

Common 3Com Operating System Fully Standards Based Infrastructure

Secur i ty Pol icy Contro l

Automatic User Security Authentication ,

Automated B reach Containment

Best of B reed Core

Next Generation Terabit

Performance

Convergence

Carrier-prov en, scalable,

redundant solut ions

Security

Industry leader in

hardware-based IPS

Total Flexibi l i ty

Comprehensive m edia f lexib i l i ty ;

Wired, wireless, PoE, voice


9/798

Secure Converged Networks

> The Enterprise Switch Family has been designed to integrate withthe Tipping Point IPS products to quarantine clients to preventundesirable traffic on the network

> Enable an administrator totake actionwhen an infected machine

is found

> Possible actions are:

Log infected machine information

Display remediation web page

Redirect to a URL

Place client in remediation VLAN

Apply access-list to the port on the Switch

Block IP address and or switch port/MAC address (block all traffic)

Works in conjunction with other Quarantine Actions


10/799

TippingPoint IPS

Clients

SafeZone

5500 Access Switches

SMS

Quarantine Process1. Client Authenticates via SMS2. SMS acts as Radius proxy,

learns MAC/Switch/Port from

Switch via RADARADIUS

Core

Breach to Containment in under 5 seconds

3. EVENT: Illegal Activity4. SMS resolves IP to MAC5. MAC Address is placed into a

blacklist and policy set6. SMS forces re-authentication

of compromised device7. Device is contained within the

set policy at the access switchingress port

1

2

6

5 4

3

7

Secure Converged NetworksQuarantine Protection


11/7910

The Switch 5500 Family


12/7911

>Premium XRN stackable Layer 3 switches

>Designed for enterprise wiring closets, keyaggregation points, branch offices and datacenters

>10/100 and Gigabit models 5500 are 10/100

5500G are Gigabit

>SI have standard image

Basic Layer 3 & Stacking

>EI have enhanced image

Advanced Layer 3 & XRN Stacking

>PoE versions of the EI models

>Special FX and SFP versions

3Com Switch 5500Family

Switch 5500 Family


13/7912

>7 models in the 5500 family:

Switch 5500-SI 28-Port

Switch 5500-SI 52-Port

Switch 5500-EI 28-Port

Switch 5500-EI 52-Port Switch 5500-EI PWR 28-Port

Switch 5500-EI PWR 52-Port

Switch 5500-EI 28-Port FX

>Stacking via SFP Ports

>5500-SI may be upgraded to 5500-EI

Software Upgrade available mid-2006

>Non-PWR models are not upgradeable to PWR

>No module slot in the rear

3Com Switch 5500Family

Switch 5500 10/100 Products


14/7913

>5 models in the 5500G family: Switch 5500G-EI 24-Port

Switch 5500G-EI 48-Port

Switch 5500G-EI PWR 24-Port

Switch 5500G-EI PWR 48-Port

Switch 5500G-EI 24-Port SFP> On all the last 4 ports are Combo / Dual Personality ports

> Maximum number of active ports is 24 or 48, not 28 or 52

>Non-PWR models are upgradeable to PWR Replace low-power PSU with PoE version

> Different PSUs for 24 & 48 port units

>Stacking ports are built-in at the rear>Module slot is built-in at the rear

8-port 1000 Mbps SFP module

1-port 10 Gbps XENPAK module

2-port 10 Gbps XFP module

Switch 5500G Gigabit Products


15/7914

What is XRN?

>XRN is eXpandable Resi l ient Netwo rking

>XRN technology allows multiple Layer 3 switches to beinterconnected together to behave as a single logical switchingentity called a Fabric.

>Switch 5500-SI support simple stacking Distributed Device Management

Distributed Link Aggregation

> From Software Version 3.02.00

>Switch 5500-EI variants support XRN stacking

Distributed Device Management

Distributed Link Aggregation

Distributed Resilient Routing


16/79

15

Key benefits of XRN

>High Availability

Reduce the risk of a single point of failure

Support link aggregation across units to ensure the highestpossible network availability

>High Performance>Scaleable

Add units to the stack to increase port density

>Simple to Administer

All switches in the fabric behave as a single managemententity


17/79

16

>Distributed Device Management (DDM)

Intelligent management ensures all

switches act as a single logical device

Resilient architecture provides access

to management in the event of ANY

switch failing

Rapid stack-wide feature configuration

Hot-insert and removal of switches

Automatic and Manual stack

configuration

Stack up to 8 units > Stack-Wide Management

Single entity for SNMP, WEB and CLIManagement

Display ALL configurations in one screen

with Device View

Reduces configuration time

Improved monitoring responsiveness

r222# telnet

192.168.0.33r222# configure

terminal

r222(config)#

interface ethernet

0/0

r222(config-if)# ip

address 7.7.7.7

255.255.255.0

r222(config)#

interface pos 4/0/0

3Com Switch 5500XRN Technology Features

192.1

68.

1.

254


18/79

17

>Distributed Resilient Routing (DRR)

Single Router Entity across XRN Stack with all router interfaces shared

across all units in the fabric

Each unit provides local Layer 3 switching and holds distributed routing

tables

Loss of one unit in the XRN stack will not affect routing in the others No Master device required like other switching vendorsall

commands and data (LSDB) are synchronized across all units

1

2

ROUTER TABLE

VLAN 10.0.0.0

255.255.0.1

Router Interface information issynchronised across all switches

L3 traffic can be handled locally by the

switch and intelligently passed up or downthe XRN stack

Student VLAN

Admin VLAN



19/79

18

>Distributed Link Aggregation (DLA)

Create incredibly resilient network designs that are highly flexible

Allows ports across the fabric to be Aggregated using IEEE 802.3ad LACP

LACP will then automatically configure the links as aggregated links

Failure in any link will result in the Link Aggregation protocol re-distributing

traffic to compensate resulting in no traffic loss

Switch 5500G-EI

Switch 5500-EI SuperStack 3 Switch4400

4 Gbps LoadBalanced LAG

Multiple links fail without affectingconnectivity back to the aggregation point

Fully compatible withexisting 4400 Family



20/79

19

> XRN Stacking

Each switch uses the last two Gigabit

SFP ports to provide a 2Gbps FD link

No extra hardware required

Stack up to 8 units

Automatic or manual stackconfiguration

A return link provides rapid fail-over in

the event of a normal link or unit failing

XRN Stack units together over 70km

apart!

Normal Stacking Link:1 Gbps UP / 1 Gbps DOWN

Standby Stacking loop connection:1 Gbps UP / 1 Gbps DOWN

Switch 5500

Use ANYGigabit SFP to linkthe units together

3Com Switch 5500XRN Performance


21/79

20

>96Gbps XRN Stacking

Each switch has two bi-directional

cascade links providing 96Gbps

full duplex bandwidth

Stack up to 8 units of any variety

Automatic or manual stackconfiguration

A return link provides rapid fail-over

in the event of a normal link or unit

failing

Stacking bandwidth is not shared

with any other resource

50, 150 & 500cm cables Normal Stacking Link:24 Gbps UP / 24 Gbps DOWN

Standby Stacking loop connection:24 Gbps UP / 24 Gbps DOWN

Ultra high-speed

robust Infiniband

12X connectors

and cables

Switch 5500G

3Com Switch 5500GXRN Performance


22/79

21

>New standards based Power Redundancy

System

Built-In DC power stage for direct

connection to -48V supply

Supports 3 modes for total flexibility: AC; AC

and DC and DC only Instantaneous fail-over from either AC or

DC

System design support direct connect to

batteries for Uninterruptible power

Additional power can be injected into the DC

for high power PoE devices up to 15.4W perport

>3Com Approved and Tested DC supplier

Switch 5500 Family AvailabilityAdvanced Power Redundancy


23/79

22

New Levels of Power AvailabilityPowerware Datacom Power Solution

Powerware APS3

Powerware APS6

Configuration Tool available

>The Powerware APS

A modular DC Power Supply Unitwith optional integrated standbybattery

Can be configured with N+1

redundancy

Powers 3Com Switch 5500 / 5500Gand other 48VDC devices

Fully scalable to meet your DC powerand standby power needs

> Up to 6 hot-swappable rectifiers> Supports up to 16 separately fused DC

outputs

Built-in supervisor management> Ethernet RJ-45 and serial support

> Full SNMP management with MIB II support


24/79

23

>Layer 1

IEEE802.3ae 10Gigabit Ethernet

> XENPAK, XFP

IEEE802.3z Fiber Gigabit

IEEE802.3ab Gigabit over Copper

IEEE 802.3u (Fast Ethernet)

Auto MDI/MDI-X

Auto negotiate speed/duplex

IEEE 802.3af (Power overEthernet)

Switch 5500 Feature Overview

>Layer 2

Rapid Spanning Tree 802.1w

Multiple Spanning Tree 802.1s

Address Table Learning 802.1d

> User Definable Ageing period

4096 VLAN's

> 802.1Q Port based

> Voice VLAN

>Auto VLAN

> VLAN Q-in-Q

GVRP

Priority Queuing 802.1p

IGMP Snooping

802.3ad Link aggregation

Broadcast Storm Control

Jumbo Frames - 9Kb (not on SI)


25/79

24

>Layer 3

IPV4 Routing

ECMP with 3 paths

Static Routing

RIP V1/2

OSPF

> onEI models only

Routing Policies

VRRP

PIM DM/SM

> onEI models only

ARP / Proxy ARP

IGMP V1 & V2 Query

DHCP Relay & DHCP Server

UDP Helper

>Quality of Service

8 queues per port

Strict Priority (SP), Weighted RoundRobin (WRR), Weighted FairQueuing (WFQ)

Extensive QoS policies based on

L2, L3 or L4 packet information CoS, ToS, DiffServe Prioritization

Bandwidth Limiting

Bandwidth Guarantee

Auto QoS



26/79

25

>Management

Terminal port

Telnet ( 4 sessions)

Industry-standard CLI

WEB Browser interface

FTP, TFTP Download

NTP

SNMPv1, v2c, v3

RMON (4 groups)

Xmodem

Security (Port/Access)


>Security

Hierarchical user management andpassword protection

Packet authentication using ciphertext and MD5 for OSPF and RIPv2

ACL with L2/L3/L4 filtering 802.1X User Authentication

RADA MAC Authentication

Radius Authentication

SNMPv3

SSH V2


27/79

26

Feature 5500-SI 5500-EI 5500G-EI

StackingArchitecture

Master/Slave Stacking XRN XRN

Distributed LinkAggregation

Yes(from S/W ver 3/02.00)

Yes Yes

No of distributed LinkAggregations

8 per Fabric 8 per fabric 32 per Fabric

Distributed ResilientRouting

No Yes Yes

Distributed DeviceManagement

Yes Yes Yes

AutomaticSplit/Merge onfailure

No Yes Yes

Stack Performance 2Gbps 2Gbps 48Gbps

No of VLANSs 256 4094 4094

Permanent MAC Addr 64 256 1K

ARP table Size 2K 4K 8K

IP Interfaces 4 per stackUp to 4 secondary IPaddresses per interface

32 per stackUp to 4 secondary IPaddresses per interface

64 per stackUp to 9 secondary IP addressesper interface

No of Static Routes 64 256 256

RIP v1 / v2 1K entries4 Networked Interfaces

2K entries8 Networked Interfaces

2K entries64 Networked Interfaces

OSPF No Areas: 2Link State Database size: 6KImported routes: 2K

Areas: 8Link State Database size: 12K

Imported routes: 4K

Multicast Routing No PIM Sparse and PIM Dense PIM Sparse and PIM Dense

Time-based ACLs No Yes Yes

Standard vs. Enhanced Image


28/79

27

Target use:Enterprise wiringcloset access switch;branch office switch

Availability: Simply power theswitch via a standard -48VDC input for additional

resilience

Scalability: Patented XRNtechnology automaticallycreates a stack of switchesand allows single IPmanagement

Connectivity: Each switch

allows up to 4 active Gigabitports with any combinationof copper and/or fibreaccepted

Application-Aware:Automatically detects,prioritizes and places VoIPtraffic in a separate VLAN

Port Configurations:24 x 10/100 Ports + 4 SFP

48 x 10/100 Ports + 4 SFP

Includes Standard Image (SI) software

> Upgradeable to the Enhanced Image (EI)

XRN: Distributed Device Management

> Scalable to 384 10/100 + 16 SFP

> Mix and match any 5500-SI product in a stack

> Built-in resilient loop stacking via SFP ports

> Distributed Link AggregationAllows up to 8 groups to be spread across any

ports in the stack (8 FE / 4 GE per group)

Features Highlights:

> 64 Static Routes

> Dynamic routing (RIPv1/2)1K entries

> 2K ARP Table

> Intelligent security services including 802.1X

> RADARADIUS Authenticated Device Access

> Full QoS Prioritisation and full classification> 8 Egress Queues

> 256 Port-Based VLANs

> DC -48V inputcan be run off AC or DC

> Rapid Spanning Tree with STP Route Guard

> IGMP Snooping V1/V2

> SSHv1.5 / SNMPv3

> NTP / FTP Server and Client

Swit ch 5500-SI 28-Port

Key Points

Swit ch 5500-SI 52-Port

Switch 5500-SI Summary


29/79

28

Target use:AdvancedEnterprise wiring closetaccess switch; smallaggregation

Availability: Routing functionsare totally distributed across

all switches in the stackmassively increasingperformance and uptime

Scalability:Extendconnectivity with a mixtureof PoE and fibre switches

Connectivity: Jumbo Frames

are supported on all gigabituplinks for interoperabilitywith equipment downstream

Application-Aware:AdvancedTime-Based ACLs aresupported that can beautomatically executed on aper user or machine basis

Port Configurations:

24 x 10/100 Ports + 4 SFP

48 x 10/100 Ports + 4 SFP

24 x 10/100 PoE + 4 SFP

48 x 10/100 PoE + 4 SFP

24 100BASE FX SFP + 2

10/100/1000 + 2 SFP

Includes Enhanced Image (EI) software

> Includes ALL SI software plus:

XRN

> Distributed Device Management

Mix and match any 5500-EI product in a stack,

including PWR and FX SKUsDistributed Link Aggregation

Allows up to 32 groups to be spread across any

ports in the stack (8 FE / 4 GE per group)

Distributed Resilient Routing

All switches in the stack are actively routing and

sharing LSDB and ARP tables

256 static routes with 2K RIP entries

4K ARP Table

6K LSDB size for OSPFMulticast Routing PIM Sparse Mode / Dense Mode

> 4096 Port-Based VLANs

> Time-based Access Control Lists

> DHCP Tracker

> Traffic Redirection

> Traffic Mirroring

> Syslog

Swit ch 5500-EI 28-Port

Key Points

Swit ch 5500-EI 52-Port

Swit ch 5500-EI 28-Port PWR

Swit ch 5500-EI 52-Port PWR

Swit ch 5500-EI 28-Port FX

Switch 5500-EI Summary


30/79

29

Target use:AdvancedEnterprise wiring closetaccess switch; Buildingaggregation and serverfarm

Availability: Pluggable Power

Supply for reducing time torepair

Scalability:Instantly enablePower over Ethernet via aplug-in PoE Power Supply

Connectivity: Add up to 448Gigabit ports 16 x 10G links

per stack for ultimateperformance

Application-Aware:Advancedbespoke classificationmasks can be programmedfor any QoS or ACL rule

Port Configurations:

24 x 10/100/1000 Ports + 4 SFP

+ 1 Application Module Slot(PoE Ready)

48 x 10/100/1000 Ports + 4 SFP

+ 1 Application Module Slot

(PoE Ready)

24 x SFP Ports + 10/100/1000+ 1 Application Module Slot

Includes Enhanced Image (EI) software

> Includes ALL SI software plus:

> Hot-swappable Application Module Slot for

expansion cards :

8-Port SFP, 1-Port 10G, 2-Port 10G

> Removable PSU

XRN

> Distributed Device Management

Mix and match any 5500G-EI product in a stack

48 Gigabit Bi-directional stacking link with

redundant loop

> Distributed Link Aggregation

Allows up to 32 groups to be spread across any

ports in the stack (8 GE / 4 10GE per group)

> Distributed Resilient Routing

All switches in the stack are actively routing and

sharing LSDB and ARP tables

100 static routes with 2K RIP entries

8K ARP Table

12K LSDB size for OSPF

Multicast Routing PIM Sparse Mode / Dense Mode

Swit ch 5500G-EI 24-Port

Key Points

Swit ch 5500G-EI 48-Port

Swit ch 5500G-EI 24-Port SFP

Switch 5500G-EI Summary


31/79

30

3Com Switch 7750 Family


32/79

31

SWITCH 7750 FAMILY

> 3Com Switch 7750 Family at a glance:Flexible, High Performance Modular Switching Architecture

Ideal for Medium to Large Enterprise

> Distribution, and Edge environments

High Capacity Layer 2/3/4 Switching

> Gigabit and 10/100 Ethernet Solutions

High Resiliency for Business Continuity

> No Single Point of Failure

Robust QoS and Traffic Management

> Guaranteed Service Levels for Real-TimeEnterprise Applications

End-to-end Enterprise Security

> Secure Access Control; Traffic Encryption;Hardened Infrastructure


33/79

32

> Scalable ArchitectureFlexible Modular Design

8-, 7-, and 4-slot Chassis Models

System Capacity Scalable to 96 Gbps

> Highly ResilientRedundant Switch Fabrics (Switch 7758)

N+1 Power Redundancy

Hot-Swappable Components

> Enterprise-Class Performance

Wire-speed 10/100 and Gigabit Ethernet

System Performance up to 179 Mpps

>Available Power over Ethernet (PoE)

IEEE 802.3af Standard PoE (up to 288 ports)

SWITCH 7750 ARCHITECTURE

Fans

Switch 7758

Power Supplies

Fabrics (2)

I/O Modules

*Other Switch 7750 Models

(Switch 7757 and Switch 7754)Are Similarly Configured

**No Redundant Fabric Option

For Switch 7757 and Switch 7754


34/79

33

Switch 7750Chassis and Fabric

>Fully Redundant & Hot Swappable Fabric, I/O Modules, Power & Fans

>Choice of Chassis

6 I/O Slots + 2 Fabric


3 I/O Slots + 1 Fabric>96 Gig Switch Fabric

Dual Redundant Fabrics for 7758

>Different fan assembly for eachchassis type

>Common Power Supplies Only 2 may be used in 4 slot

chassis

>Based on Original Switch 7700Chassis

Updated to support PoE

I/O Modules

Face PlateFabric

Fan

Switch 7757

Slot 0

Slot 6

I/O Modules

Face Plate

Fabrics

Fan

Switch 7758

Slot 0

Slot 7

I/O Modules

Face PlateFabric

Switch 7704

Slot 0

Slot 3

Fan

PSU PSUPSU

PSU PSUPSU

PSU PSU


35/79

34

Switch 7750Architecture

>Star-wired backplane between SwitchFabrics and I/O Modules

Multiple Gigabit links between Fabricand each I/O slot

> Layer 2 switching is distributed across I/Omodules and Fabrics

> Layer3 Routing functions are performedby the Switch Fabric

Management channels from Fabric toeach I/O slot

> System management is distributedthroughout the chassis

>DC power rails for all slots

>System software comprises of

Operating system and applicationsrunning on the Switch Fabric

Boot code on the I/O modules

Fabric

I/O

I/O

I/O

I/O

I/O

I/O


36/79

35

Local Switching

Engine

Local Switching

Engine

Local Switching

Engine

Local Switching

Engine

Local Switching

Engine

Local Switching

Engine

16Gbps

16Gbps

16Gbps

16Gbps

16Gbps

16Gbps

Switch 77588 SlotRedundant Switching Architecture

Secondary

Switch

Fabric

Second Fabric for Sub 1

Second Failover

Primary

Switch

Fabric


37/79

36


>Launched mid-2005

>Superseded the original 7700 Family, which waslaunched in 2003

>Optional Power over Ethernet support

7758 Chassis> High Density Wiring Closet or building aggregator

> Redundant Switch Fabric option

7757 Chassis

> High Density Wiring Closet or building aggregator

7754 Chassis

> Medium Density Wiring Closet or building aggregator

>New higher capacity 96Gbps switch fabric

Built in SFP ports on fabric

>Higher port density modules (48 Port PoE and non-PoE)


38/79

37

Switch 7750 Chassis Details

>Updated Switch 7700 Chassis

Uses Switch 7700 Chassis enclosure, Fan assembly and AC PSUs

>AC PSU's only used for Data

> PoE Power Rack required to power PoE ports

>All Module slots support PoE

Dual AC Power connections

>Auto-Ranging for AC Input Voltage

Primary and Standby AC Input cords

> PoE DC power input connectors on back of Chassis

Modified Switch 7700 backplane> Same data connections for Modules

>Adds PoE power rails


39/79

38

Switch 77XX Power Supplies

>For the 7-slot and 8-slot chassis two power supplies are required

Do not try to run with only 1 power supply

N+1 redundancy with the addition of a third power supply

>For the 4-slot chassis one power supply is required

Redundancy is provided by a second power supply.

A third power supply may NOT be installed into the slot marked NULL

> It is not electrically connected and does not operate

>All chassis use the same power supplies.

>The power supplies are load-balancing Each supply always provides some of the current draw

If more current is drawn than can be supplied the voltage drops andthe system shuts down


40/79

39

External PoE Power Rack

>19 Rack Mount Power SupplyChassis

Ships with 1 x PSU installed

Includes Power managementinterface via management cable

> Management cable connects betweenrear of PoE Power Rack and rear of7754, 7757 or 7758

Power Rack ships with all mountinghardware and cables

>Additional 2500w PoE Power Supply Add 1 for N+1 Redundancy when

powered at 220v AC

2 additional required for N+1Redundancy when powered by 120vAC


41/79

40

96Gbps Switch Fabric

> Compatible with all Switch 77xx Chassis

Backplane bandwidth in any 7 or 8 slot Chassis:

> 8 x Gig channels to I/O slots 1-5

> 4 x Gig channels to I/O slot 6

Backplane bandwidth in any 4 slot Chassis:> 8 x Gig channels to I/O slots 1-3

> Fabric front panel SFP ports on single-fabric systems:

4 x Gig SFP ports operational

> Fabric SFP ports on dual-fabric systems:

7758 has 2 x SFPs active on EACH Fabric

7700R has 4 x SFPs operational on the Activefabric only

> 256Mb Compact Flash Card for additional file storage


42/79

41

Switch 7750 Advanced Feature Software

>Provides additional capabilities for more sophisticated Enterprisenetworks

>Ordered as a separate product code

>Enables four additional features

BGP4 (Border Gateway Protocol version 4) IS-IS (Intermediate System-to-Intermediate System)

SSH v1.5 authentication

SNMP v3 (Simple Network Management Protocol version 3)encryption


43/79

42

Switch 7750 Modules

>48 port 10/100/1000Base-TX - 3C16888

>48 port 10/100/1000Base-TX PoE - 3C16890

Only supported in 775X Chassis

>48 port 10/100Base-TX PoE - 3C16891

Only supported in 775X Chassis

>48 port 10/100Base-TX - 3C16889

Replaces OLD 48 port 10/100Base-TX - 3C16860

>48-Port 100Base-X (SFP) Module - 3C168915

Replaces OLD 24 port 100Base-FX - 3C16861

>20 port 10/100/1000Base-T Advanced Module -3C16863A

Replaces OLD 20 port 10/100/1000Base-T - 3C16863


44/79

43

Switch 77XX Modules

>20 port 1000Base-X (SFP) Advanced Module - 3C16862A

Replaces OLD 20 port 1000Base-X (SFP) - 3C16862

>16-Port Gigabit Mixed-Media Module (12xRJ45 + 4xSFP) -3C168916

Replaces OLD 8 port 10/100/1000Base-T - 3C16859>16-Port Gigabit Mixed-Media Module (12xSFP + 4xRJ45) -

3C168917

Replaces OLD 8 port 100Base-X (GBIC) - 3C16858

>1 port 10GBase-X (Xenpak) - 3C16875A

Replaces OLD 1 port 10GBase-X (Xenpak) - 3C16875

All the original Switch 7700 modules work in all Chassis with allFabrics

Original modules have been superseded by new modules


45/79

44

>Layer 1

IEEE802.3ae 10Gigabit Ethernet

> XENPAK




Auto MDI/MDI-X



PoE Profiles


>Layer 2

Rapid Spanning Tree 802.1w



4096 VLAN's

> 802.1Q Port> Protocol Based VLAN 802.1v

> VLAN Q-in-Q

> Guest VLAN

> Voice VLAN

>Auto VLAN

GVRP


IGMP Snooping

802.3ad Link aggregation


Jumbo Frames - 9Kb


46/79

45

>Layer 3

IPV4 Routing

ARP / Proxy ARP

RIP V1/2 & OSPF

ECMP with 4 paths

Routing Policies

VRRP

IGMP V1 & V2 Query

PIM DM/SM

MSDP

GMRP

DHCP Relay and DHCP Server

With Advanced License:

> BGP-4

> IS-IS Routing

>Quality of Service 8 queues per port

Strict Priority (SP)

Extensive QoS policies based onL2, L3 or L4 packet information

CoS, ToS, DiffServe Prioritization

Bandwidth Limiting & Shaping

Bandwidth Guarantee

Auto ACL Assignment via 802.1X



47/79

46

>Management

Terminal, Modem ports


Out of Band Management port(10/100 Ethernet)

Industry-standard CLI FTP, TFTP Download

NTP

SNMPv1, v3

RMON (4 groups)

Xmodem

Security (Port/Access)


>Security

Hierarchical user management andpassword protection

Packet authentication using ciphertext and MD5 for OSPF, RIPv2 andBGP-4

ACLs with L2/L3/L4 Filtering

802.1X User Authentication


RADA MAC Authentication

Auto-ACL

SNMPv3

SSH V2


48/79

47



49/79

48

Introducing the Switch 8800 Family

>A high-end Modular platform

First announced November 2004

Updated with Release 2, December 2005

>3 Chassis sizes

Passive backplanes Redundant, load-sharing fabrics

& power supplies

>High bandwidth

High density Gigabit and 10Gig

>High availability>Extensive layer 2, layer 3

>IPv6-ready

>Future-proofed backplane

up to 1,440 Tbps

S it h 8800


50/79

49

Switch 8800Chassis and Fabric

> Fully Redundant, allElements Hot Swappable

Fabric, I/O Modules,Power & Fans

> Choice of Chassis


8 I/O Slots + 2 Fabric 5 I/O Slots + 2 Fabric

> Dual Redundant Fabrics

360 Gbps per Fabric

Load Sharing Provides720 Gbps

L2 / L3 Switching on

Modules Cross-bar Fabric

> SW8814 and SW8807have a 4-fan assembly

> SW8810 has a 6-fanassembly

I/O

Modules

Face Plate

Fabrics

I/O

Modules

2000W Power Supplies

I/O Modules

1200W Power Supplies

Face Plate

Fabrics

Fan

Switch 8814

Switch 8807

Fans

Switch 8810

Slot 0

Slot 13

Slot 0

Slot 0

Slot 6

Slot 9


51/79

50

Power Supplies

>SW8807 has a 1200W PSU (output)

Auto ranging 100V-240V, 47-63Hz

One PSU can support a fully loaded chassis

Two PSUs provide redundancy

>SW8810 and SW8814 have a 2000W PSU (output) Auto ranging 100-140V and 200-240V, 47-63Hz

Power output depends on input voltage

> 1200W when running on 110V

> 2000W when running on 220V

>With Release 1 hardware:

In the 8810 and 8814, the 110V mode can support a fully loaded,worst case configuration, but not power redundancy

If power redundancy is required, the system must operate at 220V


52/79

51

Release 2 Power Considerations

>The 4 port 10G module has greater power consumption than anyRelease 1 module

160W per module

>A SW8814 fully populated with 4 Port 10G modules draws 2100W

Two PSUs are required regardless of input voltage Power redundancy is not possible even at 220V

>It is recommended that the chassis is loaded with modules to atotal of less than one PSUs capacity

A second PSU then provides redundancy

>If an operational system is using only 1 PSU, be careful whenadding additional modules

The system will shutdown if the capacity of the PSU is exceeded


53/79

52

PoE Power Rack

3C17509

PoE Power Supply

3C16884

2500W (x3)PoE Option Module

3C17529

Switch 8800 Power over Ethernet

> PoE Configuration Requirements:1. PoE Option Modules (ordered separately)

Must Be Installed on 48-port10/100/1000 Modules

2. PoE Entry Module (ordered separately)

Allows External Power Connection to 8800 Backplane

3. External PoE Power Rack (ordered separately)

Different Product Code to Switch 7750

Required for Supplemental Power

Up to (3) 2500W Power Supplies

48 Port 10/100/10003C17528 or 3C17532

1

2

3

PoE Entry Module

3C17510


54/79

53

Switch 8800 Architecture Overview

Fabric Fabric

IPv4Module

IPv4Module

IPv4Module

IPv4Module

IPv6Module

IPv6Module

MPLSModule

MPLSModule

30 Gbps

Auxiliary 30 Gbps

> Twin Load-sharing Fabricsprovide Redundancy & 360Gbps

Switching Capacity each

> Up to 12 I/O Modules each with

Distributed L2/L3/L4 Switching

> Each I/O Module has Twin30Gbps Connections to Fabrics=> 720 Gbps

>Auxiliary Connections inBackplane double capacity to 1.4Tbps with Enhanced Modules &

Fabrics

> Future Modules support IPv6


55/79

54

Backplane Architecture

> Each slot has 4 paths, 2 to each fabric

> Each path consists of 6 sets of traces

Initially, only two sets of traces used

CPU

Fabric 1

SW

Line card1

FAFA

Line card2

CPU

Fabric 2

SW

6*3.125G

FAFA

Line card10 Line card12

Crossbar CrossbarCrossbar Crossbar

FA FA FA FA FA


56/79

55

Architecture

>All Layer 2/ Layer 3 Switching performed by a Packet Processor(PP)

> Communication between PPs inside a module, or through thefabric to other modules is performed by a Fabric Adaptor (FA)

> Communication between FAs uses a 4-128-bytes cell mechanismwith a 9-byte header

> The fabric uses a simple Crossbar


57/79

56

Switch 8800 Dual Fabric Architecture

>Each fabric has a datachannel to every module

>Each fabric has a managementchannel to every module

>There is a managementchannel between the fabrics

>Managementand datachannels are independent

Fabric Fabric

InterfaceModule

InterfaceModule


58/79

57

>The management channel provides:

Control

Monitoring

Route calculation and distribution

>The data channel provides High speed data switching and forwarding

>The data channel is implemented as

Central cross-bar on fabric

High-speed passive backplane Independent layer 2/3 switch on each interface module

Switch 8800 Dual Fabric Architecture


59/79

58

>One switch fabric becomes master May be located in either slot in the chassis

Provides management functions

> Route calculation and distribution

> Management

> Housekeeping

>The other switch fabric becomes slave

Provides

> Hot-swap, standby redundancy for management functions

>Active load-balancing of data switching

>Allocation of master and slave can be

Automatic at switch initialisation

By user command

Load-Balancing Redundant Fabrics

Load Balancing Redundant Fabrics


60/79

59

>The master fabric

Provides all route calculations

Uses the management channel to send routing updates to

> The slave fabric, so it remains synchronized

> The interface modules, so they can update their local routing tables

Uses the data channel to provide inter-module switching

> The cross-bar on the master is in some data paths

>The slave fabric

Uses the management channel to synchronize with the master

> Ready for fast fail-over

Uses the data channel to provide inter-module switching

> The cross-bar on the slave is in other data paths

Load-Balancing Redundant Fabrics(continued)



61/79

60

>The interface modules

Receive routing updates on the master management channel

> Update their local routing tables

Use local tables for independent local forwarding decisions

Use data channels for inter-module switching

> Cross-bars on both master and slave fabrics can be used

Use Fabric Adaptors to connect to the data channel

> Convert between

Packets on the module

Variable-length cells on the crossbars

Use Packet Processors to

> Process and forward packets

Store and forward architecture

> Handle all intra-module switching

Load-Balancing Redundant Fabrics(continued)

Load-Balancing Redundant Fabrics:


62/79

61

Load-Balancing Redundant Fabrics:Switch 8800 Architecture

> In load-balancing mode, the slave fabric provides

> Hot-swap, standby redundancy for management functions

> Active load-balancing of data switching

Crossbar

CPU

Fabric 1

SW

FA

PP

Line card1

FAFA

PP PP

Line card2

Crossbar

CPU

Fabric 2

SW

FAFA

PP PP

Line card10



63/79

62

>If the current master fails, the slave becomes the master

Takes over responsibility for route calculation and distribution

Failover is rapid, as routing tables are already up to date

The new master was synchronised with the old one

Traffic on the crossbar of the failed fabric will be lost>Hot-swap is supported

Either fabric may be removed or inserted with the switch running

Load-Balancing Redundant FabricsFailover

Load-Balancing Redundant Fabrics:


64/79

63

>With no load-balancing, or after a fabric failure

Crossbar

CPU

Fabric 1

SW

FA

PP

Line card1

FAFA

PP PP

Line card2

Crossbar

CPU

Fabric 2

SW

FAFA

PP PP

Line card10

Load Balancing Redundant Fabrics:Switch 8800 Architecture

C fi ti f L d B l i


65/79

64

Configuration of Load-Balancing

>Load-balancing is enabled by the user command xbar

xbar load-balanceenables load balancing

> This is the default in Release 2 (Software Version 3.01.21)

xbar load-singledisables load balancing

> This was the default in earlier Software versions

>Every other aspect of load-balancing is automatic

Load-balancing algorithm

> By physical port, details depend on the module

> Flow-based, details depend on the module

> Controlled by software, not by user

Interval used by the master for distribution of routing updates

S it h 8800 R l 1 M d l


66/79

65

Switch 8800 Release 1 Modules

>Modules with a single Fabric Adapter (FA)

1-port 10GBASE-X (XENPAK)

> 3C17511

12-port 1000BASE-X (SFP)

> 3C17513

>Modules with dual Fabric Adapters

2-port 10GBASE-X (XFP)

> 3C17512


> 3C17514

24-port 10/100/1000BASE-T (RJ45)

> 3C17516

S it h 8800 R l 2 H d Additi


67/79

66

Switch 8800 Release 2 Hardware Additions

>New Advanced Modules Support for larger routing tables256K routes

> Requires Switch 1G Memory Upgrade

Support for MPLS (with Advanced Software)

Targeted at very large Enterprise Networks

>New High Density Modules double the port capacity

4-port 10 Gigabit Ethernet module

> 48 x 10 Gigabit ports per system

48-port 10/100/1000 Ethernet modules

> 576 x 10/100/1000 Ethernet ports per system

>Power over Ethernet

Adds PoE support to existing Switch 8800 chassis

S it h 8800 R l 2 Ad d M d l


68/79

67

Switch 8800 Release 2 Advanced Modules

>Modules with a single Fabric Adapter 1-port 10GBASE-X (XENPAK)

> 3C17525

>Modules with dual Fabric Adapters 2-port 10GBASE-X (XFP)

> 3C17527


> 3C17530

24-port 10/100/1000BASE-T (RJ45)

> 3C17531

Switch 8800 Release 2 High Density Modules


69/79

68

Switch 8800 Release 2 High Density Modules

>Modules with a single Fabric Adapter

Power over Ethernet Ready

> Positioned for Enterprise Edge

48-Port 10/100/1000

> 3C17528 48-Port 10/100/1000 (Access Module)

> 3C17532

Smaller Routing Table

Not compatible with BGP-4 or IS-IS

>Modules with dual Fabric Adapters

4-port 10GBASE-X (XFP)

> 3C17526

Switch 8800 System Capacities


70/79

69

Switch 8800 System Capacities

Switch 8814 Switch 8810 Switch 8807

Performance

Switching Capacity 428 Mpps 286 Mpps 179 Mpps

Fabric Bandwidth

Single Fabric 360 Gbps 240 Gbps 150 Gbps

Dual Fabrics 720 Gbps 480 Gbps 300 Gbps

Total Port Capacity

10-Gigabit Ethernet [XENPAK] 12 8 5

10-Gigabit Ethernet [XFP] 48 32 20

10-Gigabit Ethernet Advanced [Xenpak] 12 8 5

10-Gigabit Ethernet Advanced [XFP] 24 16 10

Gigabit Ethernet [10/100/1000] 576 384 240Gigabit Ethernet PoE [10/100/1000] 576 384 240

Gigabit Ethernet [SFP] 288 192 120

Gigabit Ethernet Advanced [10/100/1000] 288 192 120

Gigabit Ethernet Advanced [SFP] 288 192 120


71/79

Overview of Multiprotocol Label Switching (MPLS )


72/79

71

Overview of Multiprotocol Label Switching (MPLS )

>MPLS is an IETF framework for efficient labeling and forwarding oftraffic flows across Backbone Networks

>MPLS combines the speed of packet switching with the intelligenceof circuit switching

An end to end connection path is established before any traffic is

forwarded

All traffic of the same class flows along the same path

> Different paths may be selected based on various requirements

>MPLS is most often associated with the Carrier/Service Providermarket

There are scenarios in large enterprise environments where MPLScould make sense

> Enterprises with multiple distant sites needing to provide service levelguarantees

> Not beneficial for single site, or even campus environments

The Benefits of MPLS


73/79

72

The Benefits of MPLS

>MPLS provides the following beneficial applications on large-scale,multi-site Networks:

Virtual Private Networking

> Service Providers can create IP tunnels throughout their network, withoutthe need for encryption or end-user applications

Traffic Engineering (TE)>Allows for the efficient utilization of bandwidth

Put the Traffic where the Bandwidth is

> Provides control over service levels

Crucial for mission critical applications

Quality of Service (QoS)

> Low latency delivery

> Prioritization of business-critical data

> QoS guarantees with user defined policies

Overview of MBGP


74/79

73

Overview of MBGP

>MBGP stands for Multiprotocol Extensions for BGP-4

Provides support for protocols other than IPv4

> For example IPv6 and Multicast

>BGP4 does not support a Multicast network topology that differsfrom the network's Unicast topology

Multicast Reverse Path Forwarding uses the Unicast Routing Table

A Multicast from a Source to a Destination follows the same path thata Unicast would

>MBGP supports separate Unicast and Multicast topologies

Use one Routing Table to make Unicast routing decisions Use another Routing Table to make Reverse Path Forwarding

decisions

>Allows Multicast traffic to separated from Unicast traffic

> For example dedicate one link for Multicast and another for Unicast

Overview of TACACS+


75/79

74

Overview of TACACS+

>TACACS+ provides AAA remote access control similar to RADIUS

>TACACS+ separates authentication, authorization and accounting

Could be run on 3 different servers

> You could use RADIUS to Authenticate, and TACACS+ to Authorize

RADIUS always combines authentication and authorization as one>TACACS+ can be used to authorize different users to execute

individual commands on router

Not supported with RADIUS

>TACACS+ is a more secure protocol

TACACS+ encrypts the entire body of the access-request packet

RADIUS encrypts only the password in the packet

>TACACS+ uses reliable TCP connections

RADIUS uses best-effort UDP



76/79

75

>Layer 1 IEEE802.3ae 10Gigabit Ethernet

> XENPAK, XFP




Auto MDI/MDI-X




>Layer 2 Rapid Spanning Tree 802.1w



4096 VLAN's

> 802.1Q Port> Protocol Based VLAN

> Super VLAN

> VLAN Q-in-Q

GVRP


IGMP Snooping 802.3ad Link aggregation


Jumbo Frames - 9Kb


77/79



78/79

77

>Management Terminal, Modem ports

Out of Band Management port(10/100 Ethernet)


Industry-standard CLI FTP, TFTP Download

NTP

SNMPv1,v3

RMON (4 groups)

Xmodem Security (Port/Access)

Element management through3Com Network Administrator


>Security Hierarchical user management and

password protection

Packet authentication using ciphertext and MD5 for OSPF, RIPv2 andBGP-4

ACL with L2/L3/L4 Filtering

802.1X User Authentication


With Advanced License:

> TACACS+

> SSH V2

> SNMP v3 encryption


79/79

End of Chapter

3Com Treinamento

Documents

Transcript of 3Com Treinamento