Extreme 1 2020 10 29 1 Account 2

목차 1. Account설정 2. Vlan 생성과 제거 3. Static routing 4. ESRP 5. 기본적인

Account 설정 Example #1 Summit 48: 1 > create account Next possible completions: admin

Password 변경 * Summit 48: 1 # conf account testadmin <tab> Next possible completions:

VLAN SETTING(1) • 기본적으로 Default VLAN에 모든 port들이 들어있다. 먼저 이 port들을 제거 해

VLAN SETTING(2) Summit 48: 2 # config default delete port all 만약 1번과 5번

VLAN SETTING(3) VLAN을 creat 명령어를 사용해 만든다. Summit 48: 4 # creat vlan test

VLAN SETTING(4) Summit 48: 7 # sh vlan VLAN Interface[0 -fdf] with name "Default"

VLAN SETTING(5) Black. Diamond: 9 # sh vlan Name VID Protocol Addr Flags Proto

Default Gateway SETTING Summit 48: 17 # config iproute add default 100. 1 Summit

STATIC ROUTING SETTING Summit 48: 20 # config iproute add 200. 100. 0 255.

Static routing 제거 및 iproute sharing • Summit 48: 20 # config iproute delete

ESRP SETTING(1) 시스코의 HSRP, Foundrynetworks의 FSRP와 같이 L 3기능과 동시에 ESRP는 Spanning tree기능과 같이

• • • 14 2020 -10 -29 enable esrp vlan <name> Enables ESRP

ESRP ELECTION ALGORITHMS(1) • ESRP ELECTION ALGORITHMS 다섯가지의 master 선정방식중 한가지를 설정할 수 있다.

ESRP ELECTION ALGORITHMS(2) • config vlan <name> add track-ping <ipaddress> frequency <seconds> miss <number>

ESRP SETTING(2) – ESRP host mode • • ESRP에서는 host mode를 지원한다. 특정하게 정해진

기본적인 명령어들 장비에 image 또는 Bootrom을 upgrade 하는 방법 Image upgrage Summit 48: 19

기본적인 명령어들 Configuration을 secondary에 저장한 후 다음 부팅부터 secondary에 있는 Configuraton을 사용 Summit 48:

기본적인 명령어들 다른 장비와 연결된 port가 제대로 동작하는지 확인 Summit 48: 8 # Sh

기본적인 명령어들 Interface가 10 M 인지 100 M인지 또는 auto로 configuration 되어 있는지 확인

기본적인 명령어들 Port들의 사용율을 체크 할 때 사용. ( spacebar를 사용해 다른 정보들도 볼

기본적인 명령어들 장비에 관한 대략적인 정보를 볼 수 있음. Summit 48: 14 # sh

기본적인 명령어들 Software image selected: primary Software image booted: primary Primary software version: 4.

기본적인 명령어들 장비가 사용하고 있는 Boot image와 image를 확인 Summit 48: 15 # sh

기본적인 명령어들 장비의 log를 확인하는 방법 (장비 이상 유무 확인) Summit 48: 24 #

Sharing (= trunking) • • • Sharing은 cisco의 fast ether channel과 foundrynetworks의 trunk와 동

Spanning Trees • • Default switch configuration contains one STPD called “s 0” •

STP Configuration CLI Commands • • • • create/delete stpd enable/disable stpd port config

CLI Command create stpd <stpd_name> delete stpd <stpd_name> Creates an STPD. When created, an

CLI Command enable stpd <stpd_name> port <portlist> disable stpd <stpd_name> port <portlist> The default

CLI Command config stpd <stpd_name> port cost <value> <portlist> · · · For a

CLI Command config stpd <stpd_name> hellotime <value> The hellotime default setting is 2 seconds

$CLI Command - show stpd {<stpd_name>} Displays STP information for one or all STP$

$CLI Command - show stpd port show stpd {<stpd_name>} port <portlist> Displays the STP$

SLB (Server Load Balancing) Server Load Balancing Algorithms: • • Round Robin : 순차적으로

SLB (Server Load Balancing) 40 2020 -10 -29

SLB (Server Load Balancing) Server Load Balancing mode에서 transparent mode를 사용할 경우 - NT

SLB (Server Load Balancing) Create slb pool <poolname> {slb-method [ round-robin | ratio| priority|

SLB (Server Load Balancing) Public network 200. 0/24 Private network 100. 0/24 100. 2

SLB (Server Load Balancing) Configuration guide 두개의 vlan으로 나눈다. ( public network과 private network으로

SLB (Server Load Balancing) configuration create vlan svlan create vlan conf svlan add port

SLB (Server Load Balancing) PING-CHECK Ping-check is Layer 3 based pinging of the physical

SLB (Server Load Balancing) TCP-PORT-CHECK TCP-port-check is Layer 4 based TCP port open/close testing

SLB (Server Load Balancing) SERVICE-CHECK Service-check is Layer 7 based application-dependent checking defined on

SLB (Server Load Balancing) SERVICE-CHECK COMMANDS To enable service-check, use this command: enable slb

Flow-redirection (WCR) • WEB CACHE REDIRECTION (WCR) • Flow redirection은 source, destination, L 4

$Flow-redirection (WCR) • create flow-redirection <flow_policy> [tcp |udp] destination {<ipaddress/mask> | any]ip-port [<L 4$

Flow-redirection (WCR) CLIENT VLAN 10. 10. 1/24 INTERNET VLAN 10. 30. 1/24 INTERNET 10.

Flow-redirection (WCR) create vlan client config vlan client add port 1 config vlan client

Access-list • Access lists packet filtering 기능 • Access policy 장비 자체에 접속하는 것을

Access-list • • • USING IP ACCESS LISTS Extremenetwork에서 제공하는 access-list는 inbound로만 설정이 가능하다.

Access-list ACCESS LIST RULL COMMAND IP LAVEL로 설정할 경우 (CISCO STANDARD ACCESS LIST) create

Access-list create access-list <name> udp destination[<dst_ipaddress>/<dst_mask> | any] ip-port [<dst_port> | range <dst_port_min><dst_port_max> |

Access-list X 10. 1/24 10. 2. 0. 1/24 X X X 10. 3. 0.

Access-list create access-list deny 102_43 udp destination 10. 2. 0. 0/24 ip-port 23 source

OSPF 예제 구성 OSPF AREA 20. 20. 0 OSPF Default G/W 10. 10. 2

OSPF Alpine 설정 과정 * Alpine 3804: 2 # config default dele port all

OSPF * Alpine 3804: 9 # enable ipforward OSPF를 설정 하기 전에 꼭 실행

OSPF * Alpine 3804: 24 # sh ipr OR Destination Gateway Mtr Flags Use

OSPF * Alpine 3804: 22 # sh ospf area detail Area: 0. 0 (0)

OSPF Area: 20. 20. 0 (336860160) Type: Normal Router Id: 20. 20. 1 Spf

OSPF BLACKDIAMOND 설정 과정 * MSM 64: 3 # config default dele port all

OSPF * MSM 64: 10 # en ipf * MSM 64: 11 # enable

OSPF * MSM 64: 51 # sh iproute Destination Gateway Mtr Flags Use M-Use

OSPF * MSM 64: 37 # sh ospf area detail Area: 0. 0 (0)

OSPF Area: 20. 20. 0 (336860160) Type: Normal Router Id: 30. 30. 1 Spf

OSPF SUMMIT 48 설정 과정 * Summit 48: 2 # config default dele port

OSPF Summit 장비는 sh vlan 하면 detail하게 나오기 때문에 ospf에 관한 정보를 못 봄.

Slides: 75

Download presentation

Extreme 교육 자료 1 2020 -10 -29

목차 1. Account설정 2. Vlan 생성과 제거 3. Static routing 4. ESRP 5. 기본적인 명령어 6. Sharing (=trunking) 7. Spanning tree protocol 8. SLB 9. Flow-redirection(WCR) 10. Access-list 11. OSPF 2 2020 -10 -29

Account 설정 Example #1 Summit 48: 1 > create account Next possible completions: admin user ( admin은 read/write user는 read only) Summit 48: 1 > create account admin Next possible completions: <name> Summit 48: 1 > create account admin testadmin Next possible completions: encrypted <cr> <password> Summit 48: 1 > create account admin testpassword Next possible completions: <cr> Summit 48: 1 > create account admin testpassword Summit 48: 1 > delete account testadmin 3 2020 -10 -29

Password 변경 * Summit 48: 1 # conf account testadmin <tab> Next possible completions: encrypted <name> <cr> * Summit 48: 1 # conf account testadmin <enter> password: Reenter password: 4 2020 -10 -29

VLAN SETTING(1) • 기본적으로 Default VLAN에 모든 port들이 들어있다. 먼저 이 port들을 제거 해 준다. Summit 48: 1 # sh vlan VLAN Interface[0 -fdf] with name "Default" created by user Tagging: 802. 1 Q Tag 1 IP: Waiting for bootp reply. IPX: Not configured STPD: Domain "s 0" is not running spanning tree protocol Protocol: Match all unfiltered protocols. Qos Profile: QP 1 Ports: 50. (Number of active port=0) Untag: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 5 2020 -10 -29

VLAN SETTING(2) Summit 48: 2 # config default delete port all 만약 1번과 5번 port를 제거 한다면 all 부분에 1, 5라고 넣어주면 됨 1번 부터 5번 까지의 port들을 제거 한다면 1 – 5라고 넣어주면 됨 Summit 48: 3 # sh vlan VLAN Interface[0 -fdf] with name "Default" created by user Tagging: 802. 1 Q Tag 1 IP: Waiting for bootp reply. IPX: Not configured STPD: Domain "s 0" is not running spanning tree protocol Protocol: Match all unfiltered protocols. Qos Profile: QP 1 Ports: 0. (Number of active port=0) 6 2020 -10 -29

VLAN SETTING(3) VLAN을 creat 명령어를 사용해 만든다. Summit 48: 4 # creat vlan test 만든 VLAN에 port를 추가시킨다. Summit 48: 5 # config vlan test add port 1 – 4 만약 Black. Diamond라면 1: 1 – 1: 4 형식으로 추가 해야 한다. (모듈 넘버: 포트 넘버) VLAN에 IP Address를 입력한다. Summit 48: 6 # config vlan test ipadd 100/24 IP interface for VLAN locus-inside has been created. IP address = 100, Netmask = 255. 0. VLAN의 IP Address를 바꾸려면 IP Address만 변경하여 위와 동일하게 하면 됨. *주의 사항 만약 여러개의 VLAN이 있으면 VLAN간에 Traffic이 흐르도록 하기 위해 VLAN을 만들 때 마다 * Summit 48: 14 # enable ipforwarding 명령어를 실행 시킨다. 7 2020 -10 -29

VLAN SETTING(4) Summit 48: 7 # sh vlan VLAN Interface[0 -fdf] with name "Default" created by user Tagging: 802. 1 Q Tag 1 IP: Waiting for bootp reply. IPX: Not configured STPD: Domain "s 0" is not running spanning tree protocol Protocol: Match all unfiltered protocols. Qos Profile: QP 1 Ports: 0. (Number of active port=0) VLAN Interface[1 -fdc] with name “test" created by user Tagging: Untagged (Internal tag 4095) IP: 100/255. 0 IPX: Not configured STPD: Domain "s 0" is not running spanning tree protocol Protocol: Match all unfiltered protocols. Qos Profile: QP 1 Ports: 4. (Number of active port=0) Untag: 1 2 3 4 8 2020 -10 -29

VLAN SETTING(5) Black. Diamond: 9 # sh vlan Name VID Protocol Addr Flags Proto Super Ports Default 0001 0. 0 /BP -----f----- ANY 0/145 Mac. Vlan. Dis 4095 --------- - ANY 0/ 0 Mgmt 4094 --------- ANY 0/ 1 trunk 4093 100. 246/30 -----f--o-- ANY 1/ 1 backbone 2 4092 100. 41 /28 -----f--o-- ANY 1/ 1 loop-back 4091 100. 74 /32 -L---f--o-- ANY 0/ 0 neowiz 0601 100. 101. 126/27 -----f--o-- ANY 2/ 2 cckvan 0602 100. 101. 94 /29 M----f--o-- ANY 2/ 2 itventure 0603 100. 101. 250/30 M----f--o-- ANY 2/ 2 test 0604 100. 102. 1 /27 M----f--o-- ANY 2/ 2 backbone 1 4090 211. 106. 158. 169/27 -----f--o-- ANY 1/ 1 Flags : M=ESRP Master, E=ESRP Slave, G=GVRP Enabled, L=Loopback Enabled S=Super. Vlan, s=Sub. Vlan, R=Sub. VLAN IP Range Configured C=Domain-master. Vlan, c=Domain-member. Vlan f=IP Forwarding Enabled, m=IPmc Forwarding Enabled r=RIP Enabled, o=OSPF Enabled, p=PIM Enabled, d=DVMRP Enabled R=IPX RIP Enabled, P=IPX SAP Enabled N=GNS Reply Enabled, 2=IPX Type 20 Forwarding Enabled 9 2020 -10 -29

Default Gateway SETTING Summit 48: 17 # config iproute add default 100. 1 Summit 48: 18 # sh iproute Destination Gateway Mtr Flags Use VLAN Origin 100. 0/24 100 1 0 test Direct 200. 0/24 200 1 0 test 1 Direct 127. 0. 0. 1/8 127. 0. 0. 1 0 U H 0 Default Direct Default Route 100. 1 1 G M 0 test Static Total number of routes = 4. Mask distribution: 1 default routes 1 routes at length 8 2 routes at length 24 Route origin distribution: 3 routes from Direct 1 routes from Static 10 2020 -10 -29

STATIC ROUTING SETTING Summit 48: 20 # config iproute add 200. 100. 0 255. 0 200. 1 destination address next hop Summit 48: 21 # sh iproute Destination Gateway Mtr Flags Use VLAN Origin 100. 0/24 100 1 0 test Direct 200. 100. 0/24 200. 1 1 G M 0 test 1 Static 200. 0/24 200 1 0 test 1 Direct 127. 0. 0. 1/8 127. 0. 0. 1 0 U H 0 Default Direct Default Route 100. 1 1 G M 0 test Static Total number of routes = 5. Mask distribution: 1 default routes 1 routes at length 8 3 routes at length 24 Route origin distribution: 3 routes from Direct 2 routes from Static 11 2020 -10 -29

Static routing 제거 및 iproute sharing • Summit 48: 20 # config iproute delete 200. 100. 0 255. 0 200. 1 • 동일한 destination에 대해서 static routing경로가 2개 이상일 경우 이를 round-robin으로 사용할 수 있다. 경로 백업이 아니고 동시에 사용하기 위해서는 다음 과 같은 명령어를 사용한다. * Summit 48: 10 # enable iproute sharing * Summit 48: 11 # show iprou Destination Gateway Mtr Flags Use VLAN Origin 211. 116. 235. 192/26 211. 116. 235. 245 1 U 111858 global Direct 100. 0/24 100. 1 1 U 154 test 1 Direct 200. 0/24 211. 116. 235. 254 1 UG M 0 global Static 200. 0/24 100. 10 1 UG M 0 test 1 Static 127. 0. 0. 1/8 127. 0. 0. 1 0 U H 0 Default Direct Default Route 211. 116. 235. 254 1 UG M 124683 global Static 12 2020 -10 -29

ESRP SETTING(1) 시스코의 HSRP, Foundrynetworks의 FSRP와 같이 L 3기능과 동시에 ESRP는 Spanning tree기능과 같이 L 2 blocking을 제공한다. 즉 default gateway backup기능과 Link backup기능을 제공한다. MASTER쪽과 SLAVE쪽 VLAN의 IP Address는 동일 하게 setting. ESRP MASTER ESRP SLAVE 만약 어떤 장비에게 Traffic이 흐르지 않는다면 장비가 현재 MASTER에 연결되어 있는지 확인 SLAVE 쪽으론 Traffic이 흐르지 않음. 13 2020 -10 -29

• • • 14 2020 -10 -29 enable esrp vlan <name> Enables ESRP on a VLAN disable esrp vlan <name> Disables ESRP on a VLAN config vlan <vlan name> esrp priority <value> Configures the ESRP priority. The range is 0 to 255. The higher number has higher priority. The default setting is 0. config vlan <vlan name> esrp timer <hello_timer> • • Configures the time between ESRP updates. The range is 1 to 255 seconds. The default setting is 2 seconds. The timer setting must be configured identically for the VLAN across all participating switches. Hello_timer is a protocol show esrp <vlan name> <all> <cr>

ESRP ELECTION ALGORITHMS(1) • ESRP ELECTION ALGORITHMS 다섯가지의 master 선정방식중 한가지를 설정할 수 있다. 각각의 election algorithms에 대한 선정 기준에 대한 설명이다. 이 방식의 설정은 i chip에서만 가능하다. config vlan <name> esrp election-algorithm <tab> • ports_track_priority_mac — Active ports, tracking information, ESRP riority, MAC address (Default) • track_ports_priority_mac — Tracking information, active ports, ESRP riority, MAC address • priority_ports_track_mac — ESRP priority, active ports, tracking information, MAC address • priority_track_ports_mac — ESRP priority, tracking information, active ports, MAC address • priority_mac_only — ESRP priority, MAC address 15 2020 -10 -29

ESRP ELECTION ALGORITHMS(2) • config vlan <name> add track-ping <ipaddress> frequency <seconds> miss <number> 지정된 ip로 ping을 쳐서 응답이 없으면 master가 될 수 없다. • config vlan <name> add track-route <ipaddress>/<masklength> 지정된 track-route ipaddress에 대한 route가 없으면 master가 될 수 없다. • config vlan <name> add track-vlan <vlan_tracked> 지정된 vlan이 active되지 안으면 master가 될 수 없다. • config vlan <name> delete track-ping <ipaddress> frequency <seconds> miss <number> • config vlan <name> delete track-route <ipaddress>/<masklength> • config vlan <name> delete track-vlan <vlan_tracked> 16 2020 -10 -29

ESRP SETTING(2) – ESRP host mode • • ESRP에서는 host mode를 지원한다. 특정하게 정해진 port로는 ESRP slave에서 도 통신이 가능하게 하는 방법이다. Server에서 dual link가 지원되어 한 port는 active이고 다른 port가 slave로 사용 가능한 경우 매우 유용하다. config esrp port-mode [host | normal] ports 여기서 port-mode를 host로 설정해 주어야 한다. 각 server가 active / backup를 지원하는 lan card를 장착하였을 경우 사용 active A-server의 active한 쪽이 fail 된다 하더라도 standby esrp master slave가 바뀌면 안된다. 이런경우 ESRP slave쪽으로 A-server가 ESRP 통신을 할 수 있어야 한다. slave master Config esrp port-mode host ports를 해주면 A-server도 backup port를 이용하여 slave ESRP쪽을 통해서 통신이 가능하다. A 17 2020 -10 -29 B C D E

기본적인 명령어들 장비에 image 또는 Bootrom을 upgrade 하는 방법 Image upgrage Summit 48: 19 # download image 100 s 4119 b 2. Z secondary tftp서버 주소 image 명 primary 또는 secondary Summit 48: 33 # use image secondary 다음 부팅 부턴 secondary에 있는 image를 사용 Summit 48: 34 # reboot 장비 재 부팅 Bootrom upgrade Summit 48: 33 # download bootrom 100 sboot_1_9. bin Summit 48: 34 # reboot 19 2020 -10 -29

기본적인 명령어들 Configuration을 secondary에 저장한 후 다음 부팅부터 secondary에 있는 Configuraton을 사용 Summit 48: 2 # save configuration secondary Summit 48: 3 # use configuration secondary Upgrage 후 Black. Diamond에 장착되어 있는 두개의 MSM모듈을 동기화 시킨다. Black. Diamond에서 A Slot에 있는 모든 image와 configuration을 B Slot에 복사 Black. Diamond: 1 # synchronize 20 2020 -10 -29

기본적인 명령어들 다른 장비와 연결된 port가 제대로 동작하는지 확인 Summit 48: 8 # Sh port stats Port Statistics Tue Jan 16 11: 44: 57 2001 Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Rx Status Count Bcast Mcast =============================== 1 ACTIVE 2085 469123 88528 12187150 43295 44841 2 READY 0 0 0 3 READY 0 0 0 4 READY 0 0 0 5 READY 0 0 0 6 READY 0 0 0 7 READY 0 0 0 8 READY 0 0 0 9 READY 0 0 0 10 READY 0 0 0 ================================ 0 ->Clear Counters U->page up D->page down ESC->exit 21 2020 -10 -29

기본적인 명령어들 Interface가 10 M 인지 100 M인지 또는 auto로 configuration 되어 있는지 확인 Summit 48: 5 # sh ports info Information for port 1: Port state: enabled Link state: active Port diagnostic: pass Configured Duplex mode: auto Actual Duplex Mode: half Configured speed: auto Actual Speed: 10 Link up 1 time(s) Link down 1 time(s) Media type: UTP Has redundant port: no Summit Link disabled Extreme Discovery Protocol: enabled Qos Monitor: disabled Load sharing is not enabled MAC Learning: enabled VLAN information: Default(untagged) Vlan Id: 1 22 2020 -10 -29

기본적인 명령어들 Protocol: Vlan Default Priority: 0 type: Ether. Type value: ffff Qos Profile: None configured Queue to Qos Profile Mapping: Q 0: QP 1 Min. Bw 0, Max. Bw 100, Pri Low Q 1: QP 2 Min. Bw 0, Max. Bw 100, Pri Normal Q 2: QP 3 Min. Bw 0, Max. Bw 100, Pri Medium Q 3: QP 4 Min. Bw 0, Max. Bw 100, Pri High 만약 port의 상태를 바꾸고자 한다면 다음과 같은 방법을 사용하면 됨. Summit 48: 21 # configure ports 4 auto off speed 100 duplex full Summit 48: 22 # configure ports 4 auto off duplex full speed 100 위 2개의 명령어는 4번 port를 강재적으로 100 full로 잡는 방법이다. Summit 48: 23 # configure ports 4 auto on 4번 port를 auto로 잡는 방법임. 23 2020 -10 -29

기본적인 명령어들 Port들의 사용율을 체크 할 때 사용. ( spacebar를 사용해 다른 정보들도 볼 수 있음. ) Summit 48: 6 # sh port utilization Link Utilization Averages Tue Jan 16 11: 47: 08 2001 Port Link Receive Peak Rx Transmit Peak Transmit Status packet/sec pkt/sec ================================ 1 ACTIVE 2 7 0 5 2 READY 0 0 3 READY 0 0 4 READY 0 0 5 READY 0 0 6 READY 0 0 7 READY 0 0 8 READY 0 0 9 READY 0 0 10 READY 0 ================================ spacebar->toggle screen U->page up D->page down ESC->exit 24 2020 -10 -29

기본적인 명령어들 장비에 관한 대략적인 정보를 볼 수 있음. Summit 48: 14 # sh switch sys. Name: Summit 48 sys. Location: sys. Contact: support@extremenetworks. com, +1 888 257 3000 System MAC: 00: 01: 30: 6 f: cf: 00 License: Full L 3. Qos Mode: Ingress System Mode: 802. 1 Q Ether. Type is 8100. PACE disabled. Jumbo disabled. Current time: Tue Jan 16 15: 40: 00 2001 Timezone: GMT Offset: 0 minutes, DST is not in effect. Auto DST check: Enabled Boot time: Mon Jan 15 16: 24: 33 2001 Next reboot: None scheduled Timed upload: None scheduled Temperature: 25 C. All fans are operational. 장비의 온도는 0 – 40도를 유지 Power supply: Primary OK, RPS not present 하는 것 이 좋다. 25 2020 -10 -29

기본적인 명령어들 Software image selected: primary Software image booted: primary Primary software version: 4. 1. 19 b 2 Secondary software version: 4. 1. 19 b 2 Configuration selected: primary Configuration booted: primary Primary configuration: 444520 bytes saved on Mon Jan 15 16: 22: 14 2001 Secondary configuration: Empty 26 2020 -10 -29

기본적인 명령어들 장비가 사용하고 있는 Boot image와 image를 확인 Summit 48: 15 # sh ver System ID: 800013 -14 -0037 M 02655 Board ID: 700015 -11 -0037 M 00694 Left Board ID: 700016 -10 -0036 M 00614 Right Board ID: -Image : Extremeware Version 4. 1. 19 (Build 2) by Release_Master Wed 08/09/200 0 6: 09 p Boot. ROM : 1. 9 Mirroring 방법 enable mirroring to <port> Example: enable mirroring to port 3 config mirroring add/del ports vlan <vlan name> <hex octet> disable mirroring show mirroring * Summit 3: 8 # sh mir Mirror port: 3 is up 27 2020 -10 -29

기본적인 명령어들 장비의 log를 확인하는 방법 (장비 이상 유무 확인) Summit 48: 24 # sh log 01/16/2001 16: 40. 27 <INFO: SYST> Port 1 link down 01/16/2001 16: 40. 25 <INFO: SYST> serial admin: conf port 1 auto off speed 100 du fu 01/16/2001 16: 04. 27 <INFO: SYST> User admin logged out from telnet (211. 116. 235. 2 05) 01/16/2001 15: 25. 15 <INFO: USER> admin logged in through telnet (211. 116. 235. 205) 01/16/2001 14: 11. 09 <INFO: SYST> User admin logged out from telnet (211. 116. 235. 2 05) 01/16/2001 14: 09. 16 <INFO: USER> admin logged in through telnet (211. 116. 235. 205) 01/16/2001 11: 49. 56 <INFO: SYST> serial admin: sh management 01/16/2001 11: 43. 36 <INFO: USER> admin logged in through console 장비에 시간을 세팅하는 방법(log 확인시 시간 표시) Summit 48: 6 # configure time 1 / 17 / 2001 09 : 54 : 00 28 2020 -10 -29

Sharing (= trunking) • • • Sharing은 cisco의 fast ether channel과 foundrynetworks의 trunk와 동 일한 의미이다. 두개의 물리적 포트를 하나의 포트처럼 사용가능하게 하는 방법이다. 100 M 이상의 트래픽이 몰리는 구간에 두개의 port를 연결하고 그 포트 를 sharing 하면 200 M로 사용할 수 있다. * Summit 48: 1 # enable sharing 45 grouping 45 – 46 Enable sharing <시작port> grouping <시작port> - <끝port> Fast ethernet 4 port 까지 가능 ( 800 M) 29 2020 -10 -29

Spanning Trees • • Default switch configuration contains one STPD called “s 0” • By default, spanning tree is disabled on s 0 Once the STPD is created, one or more VLANs can be assigned to it Spanning Trees have VLANs as members • VLANs are assigned to STPDs • All VLANs are automatically made members of “s 0” You cannot delete a VLAN from “s 0”, however, you can add it to another STPD 30 2020 -10 -29

STP Configuration CLI Commands • • • • create/delete stpd enable/disable stpd port config stpd add vlan config stpd priority config stpd port cost config stpd port priority config stpd hellotime config stpd forwarddelay config stpd maxage unconfig stpd show stpd port enable ignore-stp vlan <name> 31 2020 -10 -29

CLI Command create stpd <stpd_name> delete stpd <stpd_name> Creates an STPD. When created, an STPD has the following default parameters: · Bridge priority — 32, 768 · Hello time — 2 seconds · Forward delay — 15 seconds enable stpd <stpd_name> disable stpd <stpd_name> The default setting is disabled 32 2020 -10 -29

CLI Command enable stpd <stpd_name> port <portlist> disable stpd <stpd_name> port <portlist> The default setting is enabled config stpd <stpd_name> add vlan <name> config stpd <stpd_name> priority <value> The range is 0 through 65, 535. The default setting is 32, 768 33 2020 -10 -29

CLI Command config stpd <stpd_name> port cost <value> <portlist> · · · For a 10 Mbps port, the default cost is 100. For a 100 Mbps port, the default cost is 19. For a 1000 Mbps port, the default cost is 4. config stpd <stpd_name> port priority <value> <portlist> The range is 0 through 255. The default setting is 128 34 2020 -10 -29

CLI Command config stpd <stpd_name> hellotime <value> The hellotime default setting is 2 seconds config stpd <stpd_name> forwarddelay <value> The range is 4 through 30. The default setting is 15 seconds config stpd <stpd_name> maxage <value> The default setting is 20 seconds. unconfig stpd <stpd_name> 35 2020 -10 -29

$CLI Command - show stpd {<stpd_name>} Displays STP information for one or all STP$

CLI Command - show stpd {<stpd_name>} Displays STP information for one or all STP domains. Stpd: s 0 Stp: ENABLED Ports: 16, 17, 22 Vlans: Default red blue Bridge Priority: 32768 Bridge. ID: 80: 00: e 0: 2 b: 03: eb: 00 Designated root: 80: 00: e 0: 2 b: 03: 18: 00 Root. Path. Cost: 4 Max. Age: 20 s Hello. Time: 2 s Cfg. Br. Max. Age: 20 s Cfg. Br. Hello. Time: 2 s Topology Change Time: 35 s Topology Change Detected: FALSE Number of Topology Changes: 0 Time Since Last Topology Change: 9 s 36 2020 -10 -29 Number of Ports: 3 } If this matches, then this is the ROOT Bridge Forward. Delay: 15 s Cfg. Br. Forward. Delay: 15 s Hold time: 1 s Topology Change: TRUE

$CLI Command - show stpd port show stpd {<stpd_name>} port <portlist> Displays the STP$

CLI Command - show stpd port show stpd {<stpd_name>} port <portlist> Displays the STP state of a port. * Summit 24: 6 # show stpd s 0 port 1 Stpd: s 0 Port: 1 Port. Id: 8001 Stp: ENABLED Path Cost: 100 Port State: FORWARDING Topology Change Ack: FALSE Port Priority: 128 Designated Root: 00: 00: 00: 00 Designated Cost: 0 Designated Bridge: 00: 00: 00: 00 Designated Port Id: 0 Press <SPACE> to continue or <Q> to quit: 37 2020 -10 -29

SLB (Server Load Balancing) Server Load Balancing Algorithms: • • Round Robin : 순차적으로 한번씩 보냄 Ratio : 서버의 성능에 따라서 비율을 준다. Priority Least Connections : 보낸지 가장 오래된 서버로 보냄 Server Load Balancing 에서 주의점 - Server vlan과 client가 들어오는 vlan이 반드시 나누어져야 한다. Extreme에서는 L 3 라우팅이 일어날 때 slb가 이루어 지므로 반드시 vlan이 분리되어야 한다. - Vip는 server vlan이나 또는 client vlan 어느 쪽에 있어도 무방하다. - Health check는 ping-check, L 4 -port check, service check중 하나를 선택한다. 39 2020 -10 -29

SLB (Server Load Balancing) 40 2020 -10 -29

SLB (Server Load Balancing) Server Load Balancing mode에서 transparent mode를 사용할 경우 - NT Server에서 loopback interface 설정 방법 NT서버에서 Loopback interface설정은 제어판 -> 새하드웨어 추가설치 -> 네 트웍어뎁터 -> microsoft -> Loopback interface로 하면 된다. Loopback interface는 하나만을 설정하고 그 이상의 추가 설치는 하지 않는다 부득이 추가할 경우에는 advanced tab을 이용하여 추가 한다. - Linux & UNIX에서의 Loopback interface 설정 Ifconfig lo: 0 <ipaddress> netmask <255. 255> up Make sure that it has the correct default route (netstat –rn) look for 0. 0 If not, add one, Route add default gw <gateway ip> Transparent Mode를 사용할 경우 반드시 Loopback interface address는 Extremenetwork장비의 Vip(virtual ip)로 설정해야 한다. 41 2020 -10 -29

SLB (Server Load Balancing) Create slb pool <poolname> {slb-method [ round-robin | ratio| priority| leastconnections]} Poolname은 유일해야 하며 기억하기 쉬운 것으로 임의 설정을 한다. SLB-method는 round-robin, ratio, priority, and lest-connections중 하나를 선택한다. Show slb pool detail Show slb node Enable slb node <ipaddress> ping-check Enable slb node <ipaddress> port <port> port-check config slb pool <poolname> add <ipaddress>: <L 4 Port> {ratio <ratio> |priority <priority>} SLB pool에다가 node를 추가시키는 명령어. Create slb vip <vipname> pool <poolname> mode [transparent | translation | port-translation] <ipaddress> {- <upper_ipaddress>} {port <L 4 Port>} Enable slb vip Disable slb vip Show slb vip detail Show slb vip 42 2020 -10 -29

SLB (Server Load Balancing) Public network 200. 0/24 Private network 100. 0/24 100. 2 Port http Client 3 인터넷 2 1 100. 3 Port http 100. 4 Port ftp 100. 5 Port ftp 43 2020 -10 -29

SLB (Server Load Balancing) Configuration guide 두개의 vlan으로 나눈다. ( public network과 private network으로 나눈다. ) Slb pool을 두개를 만든다 ( httppool, ftppool) - httppool은 node로 100. 2와 100. 3을 갖는다. - ftppool은 node로 100. 4와 100. 5를 갖는다. Vip를 두개를 만든다. ( public network, private network에 각각 하나씩 만든다. ) - public network(200. 1)에 만드는 경우는 vip는 public ip를 갖고 real server는 private network에 존재 - private network(100. 6)에 만드는 경우는 nat를 해주는 장비(firewall 등등)가 있는 경우 Transparent mode 로 설정하려면 real server에서 loopback address를 vip로 지 정해 줘야만 한다. 44 2020 -10 -29

SLB (Server Load Balancing) configuration create vlan svlan create vlan conf svlan add port 1: 1 -1: 10 conf cvlan add port 1: 11 -1: 20 conf svlan ipadd 100. 1/24 conf cvlan ipadd 200. 2/24 enable ipforwarding (vlan을 생성하면 반드시 해주어야 한다. ) create slb pool httppool lb-method round conf slb pool httppool add 100. 2 : 80 conf slb pool httppool add 100. 3 : 80 create slb pool ftppool lb-method least conf slb pool ftppool add 100. 4 : ftp conf slb pool ftppool add 100. 5 : ftp create slb vip pubvip pool httppool mode translational 200. 1 : http create slb vip privip pool ftppool mode transparent 100. 6 : ftp enable slb config vlan slb-type server (svlan을 server vlan으로 선언) config vlan cvlan slb-type client (cvlan을 client vlan으로 선언) enable slb node all tcp-port-check (health check를 L 4 -port까지 check) 45 2020 -10 -29

SLB (Server Load Balancing) PING-CHECK Ping-check is Layer 3 based pinging of the physical node. The default ping frequency is one ping generated to the node each 10 seconds. If the node does not respond to any ping within a timeout period of 30 seconds (3 ping intervals), then the node is considered down. PING-CHECK COMMANDS To enable ping-check, use this command: enable slb node <ipaddress> ping-check To disable ping-check, use this command: disable slb node <ipaddress> ping-check 46 2020 -10 -29

SLB (Server Load Balancing) TCP-PORT-CHECK TCP-port-check is Layer 4 based TCP port open/close testing of the physical node. The default frequency is 30 seconds and the default timeout is 90 seconds. Port-checking is useful when a node passes ping-checks, but a required TCP service (for example, httpd) has gone down. If the httpd daemon running on TCP port 80 crashed, that would cause a layer 4 port-check on port 80 to fail, because no TCP socket could be opened to that port. If this continues for the duration of the specified port-check timeout, the IP/port combination is considered down. TCP-PORT-CHECK COMMANDS To enable tcp-port-check, use this command: enable slb node <ipaddress>: <L 4 Port> tcp-port-check To disable tcp-port-check, use this command: disable slb node <ipaddress>: {<L 4 Port> | all} tcp-port-check 47 2020 -10 -29

SLB (Server Load Balancing) SERVICE-CHECK Service-check is Layer 7 based application-dependent checking defined on a VIP. Service-checking is performed on each node in the pool with which this VIP is associated. The default frequency is 60 seconds and the default timeout is 180 seconds. Each service check has associated parameters that you can set. These parameters are described in Table 1 7 -3. If the service-check parameters are not specified on an individual node or VIP, the global default values for these parameters are used. The global service-check defaults themselves are configurable, so if you use the same value in many cases, change the global defaults accordingly. In the case of HTTP service-checking, the URL of the Web page to be retrieved, such as “/index. html”, can be specified. A match-string that is expected to be in the retrieved Web page can be specified, such as “Welcome”. If the match-string is found in the first 1, 000 bytes of the retrieved Web page, the service-check passes on the particular node. A match-string specified as keyword any-content will match any retrieved text. However, to distinguish valid data in the retrieved text from error text, specifying an actual string to match is suggested. For FTP, Telnet, and POP 3 service-check attempts to log on and off the application on the server using the specified userid and password. 48 2020 -10 -29

SLB (Server Load Balancing) SERVICE-CHECK COMMANDS To enable service-check, use this command: enable slb vip [<vipname> | all] service-check To disable service-check, use this command: disable slb vip [<vipname> | all] service-check Service-Check Parameters Service HTTP FTP Telnet SMTP NNTP POP 3 49 2020 -10 -29 Attribute URL Userid Password Dns-domain Newsgroup Userid Password Match-string Global Default Value “/” Any-content “anonymous” Same as the switch DNS domain. If no DNS domain is configured for the switch, the value is ““. “ebusiness” “anonymous”

Flow-redirection (WCR) • WEB CACHE REDIRECTION (WCR) • Flow redirection은 source, destination, L 4 -port를 가지고 redirection할 수 있다. IP source address and mask IP destination address and mask Layer 4 port • Cache server와 연동해서 TCS(transparent cache switching) 을 지원 • PBR(policy base routing)을 지원 source ip를 가지고 Destination router를 설정하는 기술 50 2020 -10 -29

$Flow-redirection (WCR) • create flow-redirection <flow_policy> [tcp |udp] destination {<ipaddress/mask> | any]ip-port [<L 4$

Flow-redirection (WCR) • create flow-redirection <flow_policy> [tcp |udp] destination {<ipaddress/mask> | any]ip-port [<L 4 Port> | any] source[<ipaddress/mask> | any] • config flow-redirection <flow_policy> add next-hop <ipaddress> • config flow-redirection <flow_policy> delete next-hop <ipaddress> • delete flow-redirection <flow_policy> • show flow-redirection • config <flow-policy> service-check ping • config <flow -policy > service-check L 4 -port • config <flow -policy > service-check http url “/test. htm” match-string “pass” 51 2020 -10 -29

Flow-redirection (WCR) CLIENT VLAN 10. 10. 1/24 INTERNET VLAN 10. 30. 1/24 INTERNET 10. 20. 1/24 10. 20. 10/24 , 10. 20. 11/24 CACHE SERVER VLAN 52 2020 -10 -29

Flow-redirection (WCR) create vlan client config vlan client add port 1 config vlan client ipaddress 10. 10. 1/24 create vlan cache config vlan cache add port 2 config vlan cache ipaddress 10. 20. 1/24 create vlan internet config vlan internet add port 3 config vlan internet ipaddress 10. 30. 1/24 enable ipforwarding create flow-redirection wcr tcp destination any ip-port 80 source any config flow-redirection wcr add next-hop 10. 20. 10 (CACHE SERVER ADDRESS) config flow-redirection wcr add next-hop 10. 20. 11 (CACHE SERVER ADDRESS) config flow-redirection wcr service-check L 4 -port 53 2020 -10 -29

Access-list • Access lists packet filtering 기능 • Access policy 장비 자체에 접속하는 것을 filtering • Routing access policies routing 정보를 advertisement or recognition하는 것을 filtering • Route maps are used to modify or filter routes redistributed into BGP. 54 2020 -10 -29

Access-list • • • USING IP ACCESS LISTS Extremenetwork에서 제공하는 access-list는 inbound로만 설정이 가능하다. 즉 어떤 packet이 들어오면 access-list 항목과 비교하여 일치되는 것이 있으면 적 용이 된다. ASIC으로 구성되어 CPU에 전혀 부하를 주지 않는다. 동일 VLAN에서도 원하는 port에만 적용 가능하다. Default로 all permit됨 ACCESS LIST적용시 PACKET이 들어올 때와 이에 대한 응답을 줄때 적용이 되는지 안되는지 잘 확인해야 한다. Precedence값으로 ACCESS LIST 적용 순서를 바꿀 수 있다. Create ACCESS LIST하면 바로 적용이 된다. ACCESS LISTS 구성요소 • IP source address and mask • IP destination address and mask • TCP or UDP source port range • TCP or UDP destination port range • Physical source port • Precedence number (optional) 55 2020 -10 -29

Access-list ACCESS LIST RULL COMMAND IP LAVEL로 설정할 경우 (CISCO STANDARD ACCESS LIST) create access-list <name> ip destination [<dst_ipaddress>/<dst_mask> | any] source [<src_ipaddress>/<src_mask> | any] [permit<qosprofile> | deny] ports [<portlist> | any]{precedence <precedence_num>} {log} create access-list denyall ip destination any source any deny ports any TCP LAVEL로 설정할 경우 (CISCO EXTENDED ACCESS LIST) create access-list <name> tcp destination[<dst_ipaddress>/<dst_mask> | any] ip-port [<dst_port> | range <dst_port_min><dst_port_max> | any] source[<src_ipaddress>/<src_mask> | any] ip-port[<src_port> | range <src_port_min><src_port_max> | any] [permit <qosprofile> |permit-established | deny] ports [<portlist> |any] {precedence <precedence_num>} {log} create access-list tcp 1 tcp destination 10. 20. 100/32 ip any source 10. 10. 100/32 ip any permit qp 1 ports any precedence 20 create access-list tcp 2 tcp destination 10. 10. 100/32 ip any source 10. 20. 100/32 ip any permit qp 1 ports any precedence 21 56 2020 -10 -29

Access-list create access-list <name> udp destination[<dst_ipaddress>/<dst_mask> | any] ip-port [<dst_port> | range <dst_port_min><dst_port_max> | any] source[<src_ipaddress>/<src_mask> | any] ip-port[<src_port> | range <src_port_min><src_port_max> | any] [permit <qosprofile> |deny] ports [<portlist> | any] {precedence<precedence_num>} {log} ICMP에 대한 ACCESS LIST 적용 create access-list icmp destination[<dest_ipaddress>/<mask> | any] source [<src_ipaddress>/<source_mask> | any] type<icmp_type> code <icmp_code> [permit |deny] {<portlist>} {log} create access-list denyping icmp destination any source any type 8 code 0 deny ports any delete access-list <name> disable access-list <name> counter enable access-list <name> counter show access-list {<name> | ports <portlist>} Displays access-list information. show access-list-fdb show access-list-monitor 57 2020 -10 -29

Access-list X 10. 1/24 10. 2. 0. 1/24 X X X 10. 3. 0. 1/24 10. 4. 0. 1/24 Requirement: 1. Deny UDP port 23 traffic to 10. 2. 0. 0/24 2. Deny TCP port 23 traffic to 10. 2. 0. 0/24 3. Deny TCP port 23 traffic from 10. 3. 0. 0/24 4. Permit traffic of 10. 2. 0. 0/24 to QP 3 58 2020 -10 -29

Access-list create access-list deny 102_43 udp destination 10. 2. 0. 0/24 ip-port 23 source any ip-port any deny ports any precedence 10 create access-list deny 102_23 tcp destination 10. 2. 0. 0/24 ip-port 23 source any ip-port any deny ports any precedence 20 create access-list deny 103_23 tcp destination any ip-port 23 source 10. 3. 0. 0/24 ip-port any deny ports any precedence 30 create access-list perm 102 d tcp destination 10. 2. 0. 0/24 ip-port any source any ip-port any permit qosprofile qp 3 ports any precedence 40 create access-list permit 102 s tcp destination any ip-port any source 10. 2. 0. 0/24 ip-port any permit qosprofile qp 3 ports any precedence 45 59 2020 -10 -29

Access profile 설정 • 장비에 대한 보안을 위해 특정한 client만 접속을 허용하기 위해서 사용한다. create access-profile <access-profile> type ipadress conf access-profile <access-profile> mode [permit | deny | none] conf access-profile <access-profile> add [<seq_number>] [permit | deny] [vlan <name> | ipaddress <ipaddress> <mask> {exact}] enable telnet {access-profile [<access-profile> | none ]} {port <tcp-port-number>} 60 2020 -10 -29

Access profile 설정 10. 10/24 10. 1/24 10. 2. 0. 1/24 X X 10. 3. 0. 1/24 10. 4. 0. 1/24 Requirement: 1. Only PC (10. 10) can telnet to the 10. 1 i/f 61 2020 -10 -29

Access profile 설정 create access-profile perm_telnet type ipaddress (access profile 생성) conf access-profile perm_telnet add ipa 10. 1. 10/32 (access profile에 client ipaddress를 추가시킴) conf access-profile perm_telnet mode permit (access-profile의 mode를 permit or deny를 설정함) enable telnet access-profile perm_telnet (telnet service에 access-profile을 적용시킴) Note: the access-profile can apply to snmp, web and ssh 2. 62 2020 -10 -29

OSPF 예제 구성 OSPF AREA 20. 20. 0 OSPF Default G/W 10. 10. 2 30. 30. 2 10. 10. 1 20. 20. 20. 2 30. 30. 1 Static routing 정보 를 Alpine에 보내기 위해 redistiribute을 설정 해야 함. 63 2020 -10 -29 40. 40. 1 40. 40. 2

OSPF Alpine 설정 과정 * Alpine 3804: 2 # config default dele port all * Alpine 3804: 3 # creat vlan 10 * Alpine 3804: 4 # creat vlan 20 * Alpine 3804: 5 # config vlan 10 add port 1: 1 - 1: 10 * Alpine 3804: 6 # config vlan 20 add port 1: 11 - 1: 20 * Alpine 3804: 7 # config vlan 10 ipadd 10. 10. 1/24 IP interface for VLAN vlan 10 has been created. IP address = 10. 10. 1, Netmask = 255. 0. * Alpine 3804: 8 # config vlan 20 ipadd 20. 20. 1/24 IP interface for VLAN vlan 20 has been created. IP address = 20. 20. 1, Netmask = 255. 0. 64 2020 -10 -29

OSPF * Alpine 3804: 9 # enable ipforward OSPF를 설정 하기 전에 꼭 실행 * Alpine 3804: 10 # enable ospf OSPF 프로토콜을 ENABLE 시킴 * Alpine 3804: 11 # creat ospf area 20. 20. 0 OSPF AREA 생성 * Alpine 3804: 12 # config ospf add vlan 10 area 20. 20. 0 VLAN에 OSPF를 * Alpine 3804: 13 # config ospf add vlan 20 area 20. 20. 0 구동 시킴 * Alpine 3804: 21 # sh vlan Name VID Protocol Addr Flags Proto Super Ports Default 0001 0. 0 /BP -----f----- ANY 0/ 0 Mac. Vlan. Dis 4095 --------- ANY 0/ 0 Mgmt 4094 --------- ANY 0/ 1 vlan 10 4093 10. 10. 1 /24 -----f--o-- ANY 1/ 10 VLAN에 OSPF가 동작한다는 표시 vlan 20 4092 20. 20. 1 /24 -----f--o-- ANY 1/ 10 65 2020 -10 -29

OSPF * Alpine 3804: 24 # sh ipr OR Destination Gateway Mtr Flags Use M-Use VLAN Acct-1 *d 20. 20. 0/24 20. 20. 1 1 U------u- 25 0 vlan 20 0 *d 10. 10. 0/24 10. 10. 1 1 U------u- 305 0 vlan 10 0 *oa 30. 30. 0/24 20. 20. 2 10 UG-----um 8 0 vlan 20 0 *d 127. 0. 0. 1/8 127. 0. 0. 1 0 U-H----um 0 0 Default 0 *o 2 Default Route 20. 20. 2 1 UG-----um 68 0 vlan 20 0 66 2020 -10 -29

OSPF * Alpine 3804: 22 # sh ospf area detail Area: 0. 0 (0) Type: Normal Router Id: 20. 20. 1 Spf Runs: 10 Num ABR: 0 Num ASBR: 0 Num LSA: 0 LSA Chksum: 0 x 0 Interfaces: IP addr Ospf State DR IP addr BDR IP addr Inter-Area route Filter: None External route Filter: None Configured Address Ranges: 67 2020 -10 -29

OSPF Area: 20. 20. 0 (336860160) Type: Normal Router Id: 20. 20. 1 Spf Runs: 10 Num ABR: 0 Num ASBR: 1 Num LSA: 3 LSA Chksum: 0 x 1 a 13 d Interfaces: IP addr Ospf State DR IP addr BDR IP addr 20. 20. 1 /24 E BDR 20. 20. 1 10. 10. 1 /24 E DR 10. 10. 1 0. 0 Inter-Area route Filter: None External route Filter: None Configured Address Ranges: 68 2020 -10 -29

OSPF BLACKDIAMOND 설정 과정 * MSM 64: 3 # config default dele port all * MSM 64: 4 # creat vlan 20 * MSM 64: 5 # creat vlan 30 * MSM 64: 6 # config vlan 20 add port 2: 1 1 - 2: 10 * MSM 64: 7 # CO config vlan 30 add port 2: 11 - 2: 20 * MSM 64: 8 # config vlan 20 ipadd 20. 20. 2/24 IP interface for VLAN vlan 20 has been created. IP address = 20. 20. 2, Netmask = 255. 0. * MSM 64: 9 # configvlan 30 ipadd 30. 30. 1/24 IP interface for VLAN vlan 30 has been created. IP address = 30. 30. 1, Netmask = 255. 0. 69 2020 -10 -29

OSPF * MSM 64: 10 # en ipf * MSM 64: 11 # enable ospf * MSM 64: 12 # creat ospf area 20. 20. 0 * MSM 64: 13 # config ospf add vlan 20 area 20. 20. 0 * MSM 64: 14 # config ospf add vlan 30 area 20. 20. 0 * MSM 64: 15 # config iproute add default 30. 30. 2 Summit 장비로 넘어가기 위한 라우팅 * MSM 64: 16 # enable ospf export static cost 1 type ase-type-1 static 정보를 동일 OSPF AREA extreme의 redistribute or ase-type-2 로 넘김 * MSM 64: 36 # sh vlan Name VID Protocol Addr Flags Proto Super Ports Default 0001 0. 0 /BP -----f----- ANY 0/ 0 Mac. Vlan. Dis 4095 --------- ANY 0/ 0 Mgmt 4094 --------- ANY 0/ 1 vlan 20 4093 20. 20. 2 /24 -----f--o-- ANY 1/ 10 vlan 30 4092 30. 30. 1 /24 -----f--o-- ANY 1/ 10 70 2020 -10 -29

OSPF * MSM 64: 51 # sh iproute Destination Gateway Mtr Flags Use M-Use VLAN Origin *20. 20. 0/24 20. 20. 2 1 U u 17 0 vlan 20 Direct *10. 10. 0/24 20. 20. 1 10 UG um 62 0 vlan 20 OSPFIntra *30. 30. 0/24 30. 30. 1 1 U u 17 0 vlan 30 Direct *127. 0. 0. 1/8 127. 0. 0. 1 0 U H um 0 0 Default Direct *Default Route 30. 30. 2 1 UG S um 84 0 vlan 30 Static 71 2020 -10 -29

OSPF * MSM 64: 37 # sh ospf area detail Area: 0. 0 (0) Type: Normal Router Id: 30. 30. 1 Spf Runs: 7 Num ABR: 0 Num ASBR: 0 Num LSA: 0 LSA Chksum: 0 x 0 Interfaces: IP addr Ospf State DR IP addr BDR IP addr Inter-Area route Filter: None External route Filter: None Configured Address Ranges: 72 2020 -10 -29

OSPF Area: 20. 20. 0 (336860160) Type: Normal Router Id: 30. 30. 1 Spf Runs: 7 Num ABR: 0 Num ASBR: 0 Num LSA: 3 LSA Chksum: 0 x 20 c 4 d Interfaces: IP addr Ospf State DR IP addr BDR IP addr 30. 30. 1 /24 E DOWN 0. 0 20. 20. 2 /24 E DR 20. 20. 1 Inter-Area route Filter: None External route Filter: None Configured Address Ranges: 73 2020 -10 -29

OSPF SUMMIT 48 설정 과정 * Summit 48: 2 # config default dele port all * Summit 48: 3 # creat vlan 30 * Summit 48: 4 # creat vlan 40 * Summit 48: 5 # confgig vlan 30 add port 1 -10 * Summit 48: 6 # config vlan 40 add port 11 -20 * Summit 48: 7 # config vlan 30 ipadd 30. 30. 2/24 IP interface for VLAN vlan 30 has been created. IP address = 30. 30. 2, Netmask = 255. 0. * Summit 48: 8 # config vlan 40 ipadd 40. 40. 1/24 IP interface for VLAN vlan 40 has been created. IP address = 40. 40. 1, Netmask = 255. 0. * Summit 48: 9 # en ipforward * Summit 48: 10 # config iproute add default 30. 30. 1 다른 네트웍으로 넘어가기 위한 라우팅 74 2020 -10 -29

OSPF Summit 장비는 sh vlan 하면 detail하게 나오기 때문에 ospf에 관한 정보를 못 봄. * Summit 48: 22 # sh ipr Destination Gateway Mtr Flags Use VLAN Origin 30. 30. 0/24 30. 30. 2 1 U 132 vlan 30 Direct 40. 40. 0/24 40. 40. 1 1 U 198 vlan 40 Direct 127. 0. 0. 1/8 127. 0. 0. 1 0 U H 0 Default Direct Default Route 30. 30. 1 1 UG M 170 vlan 30 Static 75 2020 -10 -29