Professional Documents
Culture Documents
Avaya P333R-LB 3.12 UG
Avaya P333R-LB 3.12 UG
User’s Guide
AVAYA P333R-LB
STACKABLE LOAD BALANCING SWITCH
SOFTWARE VERSION 3.12
September 2002
Table of Contents
Table of Contents ................................................................................................ i
Chapter 1 Overview............................................................................................................. 1
P330 Family Features......................................................................................... 2
Layer 2 Features ................................................................................................. 3
Auto-Negotiation .................................................................................... 3
Congestion Control ................................................................................ 3
VLANs ...................................................................................................... 3
Multiple VLANs per Port ...................................................................... 3
Leaky VLAN ............................................................................................ 3
Port Classification ................................................................................... 4
Network TIME Acquiring Protocols .................................................... 4
MAC Security .......................................................................................... 4
Link Aggregation Group (LAG) ........................................................... 4
IP Multicast Filtering .............................................................................. 4
Radius Security ....................................................................................... 5
Port Redundancy .................................................................................... 5
Intermodule Redundancy ..................................................................... 5
Stack Redundancy .................................................................................. 5
Hot-Swappable ....................................................................................... 5
Backup Power Supply ............................................................................ 6
Fans ........................................................................................................... 6
Network Management Agent (NMA) Redundancy .......................... 6
Software Download ................................................................................ 6
Layer 3 Features ................................................................................................. 7
Forwarding .............................................................................................. 7
OSPF Equal Cost Multipath .................................................................. 7
DHCP/BOOTP Relay ............................................................................ 7
RIP ............................................................................................................. 7
OSPF ......................................................................................................... 8
Static Routes ............................................................................................ 8
Route Redistribution .............................................................................. 9
Route Preferences ................................................................................... 9
Netbios Rebroadcast ............................................................................. 10
Multinetting (Multiple Subnets per VLAN) ..................................... 10
username ..............................................................................................142
no username .........................................................................................142
show username ....................................................................................143
set ppp chap-secret .............................................................................143
show radius authentication ...............................................................143
set radius authentication ....................................................................144
tech ........................................................................................................144
Overview
The P330 family of stackable Ethernet workgroup switches includes a range of
modules with 10/100/1000 Mbps ports, Layer 3 capability and ATM Expansion
sub-module. The base product is the P333T switch which has 24x10/100 Mbps ports
and an Expansion sub-module slot. The optional expansion sub-modules provide
additional Ethernet, Fast Ethernet, and Gigabit Ethernet connectivity.
The P330R family allows you to add multilayer switching to your existing P330
stacks. The base product for the P330R family is the P333R switch, which combines
P333T capabilities with Layer 3 capabilities. In addition, the P333R-LB switch adds
load balancing capabilities to your network.
A P330 stack can contain up to 10 switches and up to 3 backup power supply units.
The stacked switches are connected using the X330STK stacking sub-modules which
plug into a slot in the back of the P330. They are connected using the X330SC or
X330LC cable (if the stack is split between 2 racks). The X330RC cable connects the
top and bottom switches in the stack and provides redundancy and hot-swapability
in the same way that modules can be swapped in a modular switching chassis.
The P330 is fully compliant with IEEE standards for VLAN Tagging, Gigabit
Ethernet, Spanning Tree and Flow Control. This full standards-compliance,
combined with auto-negotiation for 10/100/1000 Mbps and half/full duplex
facilitates the expansion of your network to match your company's growing needs.
The P330R-LB is fully compliant with IETF standards ARP, ICMP, DHCP/BOOTP,
RIP v.1, RIP v.2, OSPF, IP Forwarding, and VRRP.
Layer 2 Features
Auto-Negotiation
Every 10/100 port on the P330 supports Auto-Negotiation which automatically
detects and supports the operating mode and speed of a connected device. Auto-
negotiation is also supported on the Gigabit Ethernet ports for flow control mode
only.
This means that you can simply connect the P330 to Ethernet or Fast Ethernet
equipment at full or half duplex without configuration.
Congestion Control
Congestion control is a key element of maintaining network efficiency as it prevents
resource overload.
The Avaya P330 supports congestion control on all Ethernet ports, using the
following:
• Back Pressure in half duplex mode.
• IEEE 802.3x Flow Control in full duplex mode.
VLANs
The P330 VLANs are fully IEEE 802.1Q compliant and can handle up to 1k tagged
VLANs.
Leaky VLAN
Leaky VLAN provides the ability to send unicast traffic between two ports on
different VLANs. Leaky VLAN will function only on modules (and sub-modules)
with C/S 2.0 and higher.
Port Classification
With the P330, you can classify any port as regular or valuable. Setting a port to
valuable means that a link fault trap can be sent even when the port is disabled. This
feature is particularly useful for the software redundancy application, where you
need to be informed about a link failure on the dormant port.
MAC Security
You can define a port as secure to prevent it from learning new mac addresses. If an
unknown MAC or station tries to access a secure port, the intruder request is sent to
the management station.
IP Multicast Filtering
IP Multicast allows you to send a single copy of an IP packet to multiple
destinations, and can be used for various applications including video streaming
and video conferencing.
On LANs, IP Multicast packets are transmitted in MAC Multicast frames.
Traditional LAN switches flood these Multicast packets to all stations in the VLAN.
Multicast filtering functions may be added to the Layer 2 switches to avoid sending
Multicast packets where they are not required. Layer 2 switches capable of
Multicast filtering send the Multicast packets only to ports that connect members of
that Multicast group. In order for this feature to operate correctly, you need in your
network a router issuing IGMP queries.
Note: IP Multicast filtering will function only based on the port's VLAN ID and not
based on any VLAN bound to the port.
Radius Security
The Remote Authentication Dial-In User Service (RADIUS) is an IETF standard
(RFC 2138) client/server security protocol. Security and login information is stored
in a central location known as the RADIUS server. RADIUS clients such as the P330,
communicate with the RADIUS server to authenticate users.
All transactions between the RADIUS client and server are authenticated thorough
the use of a “shared secret” which is not sent over the network. The shared secret is
an authentication password configured on both the RADIUS client and its RADIUS
servers. The shared secret is stored as clear text in the client’s file on the RADIUS
server, and in the non-volatile memory of the P330. In addition, user passwords are
sent between the client and server are encrypted for increased security.
Port Redundancy
Redundancy can be implemented between any two ports in the same stack at the
link level. You can also assign redundancy between any two LAGs in the stack or
between a LAG and a port. One port or LAG is defined as the primary port, and the
other as the secondary port. In case the primary port link fails, the secondary port
takes over.
Intermodule Redundancy
Intermodule redundancy includes all Port Redundancy functionality, and
additionally maintains port integrity even when the primary port link fails as the
result of a failure of the module. If the module on which the active port in an
Intermodule Port Redundancy pair is located is powered down or removed from
the stack, the secondary port in the Intermodule Port Redundancy pair takes over.
Only one pair per stack can be set for Intermodule Port Redundancy.
Stack Redundancy
In the unlikely event that a P330 switch or Octaplane link should fail, stack integrity
is maintained if the redundant cable is connected to the stack. The broken link is
bypassed and data transmission continues uninterrupted. The single management
IP address for the stack is also preserved for uninterrupted management and
monitoring.
Hot-Swappable
You can remove or replace any unit within the stack without disrupting operation
or performing stack-level reconfiguration. You can therefore adapt the P330 to your
requirements on the fly and with a down-time which is second to none.
When you remove an expansion module from the stack, all configuration
definitions on expansion modules are lost.
Fans
The P330 module fans have integrated sensors which provide advance warnings of
fan failure via management.
Software Download
P330 includes a safe software download procedure in which backup code is always
present.
You should perform a reset after downloading software to the Module.
Layer 3 Features
Forwarding
The P333R-LB forwards IP packets between IP networks. When it receives an IP
packet through one of its interfaces, it forwards the packet through one of its
interfaces. P333R-LB supports multinetting, enabling it to forward packets between
IP subnets on the same VLAN as well as between different VLANs. Forwarding is
performed through standard means in Router mode.
DHCP/BOOTP Relay
The P333R-LB supports the DHCP/BOOTP Relay Agent function. This is an
application that accepts DHCP/BOOTP requests that are broadcast on one VLAN
and sends them to a DHCP/BOOTP server that connects to another VLAN or a
server that may be located across one or more routers that would otherwise not get
the broadcast request. The relay agent handles the DHCP/BOOTP replies as well,
transmitting them to the client directly or as broadcast, according to a flag in the
reply message. Note that the same DHCP/BOOTP relay agent serves both the
BOOTP and DHCP protocols.
DHCP/BOOTP Relay in P333R-LB can be enabled or disabled.
RIP
P333R-LB supports the widely used RIP routing protocol (both RIPv1 and RIPv2).
The RIPv1 protocol imposes some limitations on the network design with regard to
subnetting. When operating RIPv1, you must not configure variable length subnet
masks (VLMS). Each IP network must have a single mask, implying that all subnets
in a given IP network are of the same size. Also, when operating RIPv1, you must
not configure supernets, which are networks with a mask smaller than the natural
net mask of the address class, such as 192.1.0.0 with mask 255.255.0.0 (smaller than
the natural class C mask which is 255.255.255.0). For detailed descriptions of RIP
refer to the standards and published literature.
RIPv2 is a new version of the RIP routing protocol, not yet widely used but with
some advantages over RIPv1. RIPv2 solves some of the problems associated with
RIPv1. The most important change in RIPv2 is the addition of a subnet mask field
which allows RIPv2 to support variable length subnets. RIPv2 also includes an
authentication mechanism similar to the one used in OSPF.
OSPF
P333R-LB supports the OSPF routing protocol. P333R-LB can be configured as an
OSPF Autonomous System Boundary Router (ASBR) by configuration of route
redistribution. P333R-LB can be installed in the OSPF backbone area (area 0.0.0.0) or
in any OSPF area that is part of a multiple areas network. However, P333R-LB
cannot be configured to be an OSPF area border router itself.
The P333R-LB supports the equal-cost multipath (ECMP) feature which allows load
balancing by splitting traffic between several equivalent paths.
While OSPF can be activated with default values for each interface using a single
command, many of the OSPF parameters are configurable.
For a detailed description of OSPF, refer to the OSPF standards and published
literature.
Static Routes
Static routes can be configured to the P333R-LB. They are never timed-out, or lost
over reboot, and can only be removed by manual configuration. Deletion (by
configuration) of the IP interface deletes the static routes using this interface as well.
A static route becomes inactive if the interface over which it is defined is disabled.
When the interface is enabled, the static route becomes active again.
Static routes can only be configured for remote destinations, i.e. destinations that
are reachable via another router as a next hop. The next hop router must belong to
one of the directly attached networks for which P333R-LB has an IP interface.
“Local” static routes, such as those that have no next hop, are not allowed.
Two kinds of static routes can be configured, High Preference static routes which are
preferred to routes learned from any routing protocol and Low Preference static
routes which are used temporarily until the route is learned from a routing protocol.
By default, a static route has Low Preference.
Static routes can be advertised by routing protocols (i.e. RIP, OSPF) as described
under Route redistribution.
Static routes also support load-balancing similar to OSPF. A static route can be
configured with multiple next hops so that traffic is split between these next hops.
This can be used for example to load-balance traffic between several firewalls which
serve as the default gateway.
Route Redistribution
Route redistribution is the interaction of multiple routing protocols. OSPF and RIP
can be operated concurrently in P333R-LB. In this case, P333R-LB can be configured
to redistribute routes learned from one protocol into the domain of the other routing
protocol. Similarly, static routes may be redistributed to RIP and to OSPF. Route
redistribution should not be configured carelessly, as it involves metric changes and
might cause routing loops in the presence of other routers with incompatible
schemes for route redistribution and route preferences.
The P333R-LB scheme for metric translation in route redistribution is as follows:
• Static to RIP metric configurable (default 1)
• OSPF internal metric N to RIP metric 1
• OSPF external type 1 metric N to RIP metric 1
• OSPF external type 2 metric N to RIP metric N+1
• Static to OSPF external type 2, metric configurable (default 1)
• RIP metric N to OSPF external type 2, metric N
• Direct to OSPF external type 2, metric 1.
By default, the P333R-LB does not redistribute routes between OSPF and RIP.
Redistribution from one protocol to the other can be configured. Static routes are, by
default, redistributed to RIP and OSPF. P333R-LB allows the user to globally disable
redistribution of static routes to RIP, and separately to globally disable
redistribution of static routes to OSPF. In addition, P333R-LB lets the user configure,
on a per static route basis, whether the route is to be redistributed to RIP and OSPF,
and what metric (in the range of 1-15). The default state is to enable the route to be
redistributed at metric 1. When static routes are redistributed to OSPF, they are
always redistributed as external type 2.
Route Preferences
The routing table may contain routes from different sources. Routes to a certain
destination may be learned independently from RIP and from OSPF, and at the
same time, a static route can also be configured to the same destination. While
metrics are used to choose between routes of the same protocol, protocol
preferences are used to choose between routes of different protocols.
The preferences only apply to routes for the same destination IP address and mask.
They do not override the longest-match choice. For example, a high-preference
static default route will not be preferred over a RIP route to the subnet of the
destination.
P333R-LB protocol preferences are listed below from the most to the least preferred:
1 Local (directly attached net)
2 High-preference static (manually configured routes)
3 OSPF internal routes
4 RIP
5 OSPF external routes
6 Low-preference static (manually configured routes).
Netbios Rebroadcast
The P333R-LB can be configured to relay netbios UDP broadcast packets. This
feature is used for applications such as WINS that use broadcast but may need to
communicate with stations on other subnets or VLANs.
Configuration is performed on a per-interface basis. When a netbios broadcast
packet arrives from an interface on which netbios rebroadcast is enabled, the packet
is distributed to all other interfaces configured to rebroadcast netbios.
If the netbios packet is a net-directed broadcast (e.g., 149.49.255.255), the packet is
relayed to all other interfaces on the list, and the IP destination of the packet is
replaced by the appropriate interface broadcast address.
If the netbios broadcast packet is a limited broadcast (e.g., 255.255.255.255), it is
relayed to all VLANs on which there are netbios-enabled interfaces. In that case, the
destination IP address remains the limited broadcast address.
In case there is only one interface over a VLAN, then VLAN oriented commands for
this VLAN can be configured through the single interface without the need to issue
the "enable vlan command" command.
Note:
1. VLAN-oriented commands that were configured affect the VLAN of the interface
that was used at the time the command was issued.
2. If the interface is moved to another VLAN (using the "ip vlan command") VLAN
oriented configuration still relates to the original VLAN.
Real Server
A Real Server is a physical server that is associated with a Real IP address. One or
more Real Servers may belong to a Real Server Group.
Virtual Service
Virtual Services are abstract links to RSGs provided by a Virtual Server. For
example, load-balanced forwarding of HTTP or FTP packets is a Virtual Service.
Virtual Server
A Virtual Server represents the server to the outside world. It is associated with a
Virtual IP and provides Virtual Services. For example, a load balancer that
intercepts traffic from the WAN acts as a Virtual Server.
Traffic from the WAN is directed to the Virtual Server. The Virtual Server provides
Virtual Services when transferring packets to the Real Server Group, which is
comprised of Real Servers. The following figure illustrates the conceptual load
balancing model.
Figure 1.1 The Conceptual Load Balancing Model
Combination of Applications
You can enable the P333R-LB to use various applications concurrently. For example,
it is possible to configure the same P333R-LB to perform Server Load balancing for
an Intranet web-server, Application Redirection for web traffic that is Internet-
bound, and Firewall Load Balancing for traffic that is Internet-bound. In some cases,
the same "type" of traffic can be given two different actions by the load balancer, as
illustrated in Figure 1.2. In these situations, it is necessary to tell the load balancer
which action to choose.
Figure 1.2 Combinations of Applications
In Figure 1.2, web traffic to the Intranet server (Server Farm) can be configured to
either be directed to the web cache (Cache Server Farm), or bypass the web cache
and directly access the Intranet server. The latter configuration will free the web
cache resources to deal with Internet-bound traffic.
You can specify the preferred action by performing one of the following:
• Configure SLB to take precedence over AR.
• Configure AR can take precedence over SLB.
• Configure AR filters to redirect traffic from client/server addresses, using
wildcards.
• Configure AR filters to specify which traffic not to redirect ("no-ar" as service)
from specific client/server addresses, using wildcards.
General Features
Redundancy
Routing protocols naturally provide some level of redundancy. However, IP
stations that are manually configured with a single ‘default gateway’ IP address do
not naturally recover when their default gateway fails. These stations do not
automatically try to use other routers or Layer-3-switches connected to the same
subnet.
The P333R-LB supports two types of router redundancy protocols, VRRP and SRRP,
to solve this problem. In addition, the VRRP solves the problem of VIP interfaces in
Server Load Balancing.
For full information, see VRRP on page 261 and SRRP on page 272.
IEEE
• 802.3x Flow Control on all ports
• 802.1Q VLAN Tagging support on all ports and 802.1p compatible
• 802.1D Bridges and STA
• 803.2z Gigabit Ethernet ports
• 803.2u Ethernet/Fast Ethernet ports
IETF - Layer 2
• MIB-II - RFC 1213
• Bridge MIB for Spanning Tree - RFC 1492
• Bridge MIB for STP and CAM contents - RFC 1314
• ATM Management - RFC 1695
• RMON - RFC 1757
• SMON - RFC 2613
• Bridge MIB Groups - RFC 2674 dot1dbase and dot1dStp fully implemented.
Support for relevant MIB objects: dot1q (dot1qBase, dot1qVlanCurrent)
IETF - Layer 3
• Internet Protocol - RFC-791
• Internet Control Message Protocol - RFC-792
• Standard for the transmission of IP datagrams over Ethernet - RFC-894
• Bootstrap Protocol - RCF-951
• Routing Information Protocol - RCF-1058
• DHCP Options and BOOTP Vendor Extensions - RFC-1533
• Interoperation Between DHCP and BOOTP - RFC-1534
• Dynamic Host Configuration Protocol - RFC-1541
• Clarifications and Extensions for the Bootstrap Protocol Information - RFC-1542
• RIP Version 2 Carrying Additional Information - RFC 1723
• Requirements for IP Version 4 Routers - RFC-1812
• OSPF Version 2 Management Information Base - RFC-1850
• Virtual Router Redundancy Protocol - RFC-2338
CajunView™
When you need extra control and monitoring or wish to manage other Cajun
Campus equipment, then the CajunView network management suite is the answer.
This suite provides ease-of-use and the features necessary for optimal network
utilization.
• CajunView is available for Windows® NT®/2000 and Solaris 8.
• CajunView can operate in Stand-Alone mode with Windows® NT®/2000.
• CajunView operates under HP OpenView for Windows® NT®/2000 and
Solaris 8.
DiffServ Monitoring
Monitors zero and non-zero DiffServ usage per protocol for routed packets (per
DSMON IETF draft.)
Port Mirroring
The P330 provides port mirroring for additional network monitoring functionality.
You can filter the traffic and mirror either incoming traffic to the source port or both
incoming and outgoing traffic. This allows you to monitor the network traffic you
need.
SMON
The P330 supports Avaya’s ground-breaking SMON Switched Network
Monitoring, which the IETF has now adopted as a standard (RFC2613). SMON
provides unprecedented top-down monitoring of switched network traffic at the
following levels:
• Enterprise Monitoring
• Device Monitoring
• VLAN Monitoring
• Port-level Monitoring
This top-down approach gives you rapid troubleshooting and performance
trending to keep the network running optimally.
Note: You need to purchase one SMON License per P330 Stack
51 52 53 54 55 56 57 58 1 2 3 4 5 6 7 8 9 10 11 12
EXPANSION
SLOT
59 60 61 62 63 64 65 66 13 14 15 16 17 18 19 20 21 22 23 24
FIV
Left/Right
and Reset (both) FIV Switch Function LEDs
Switches
Description Function
Reset module Press both right and left buttons together for approximately 2
seconds. All LEDs on module light up until buttons are
released.
Reset stack Press both Right and Left buttons together for 4 seconds. All
LEDs on stack light up until buttons are released.
FIV Force Initial Version – Boot from backup initial version of the
P330 software from Bank A (see Note below).
Note: To perform “Force Initial Version,” reset the module and at the same time
press the FIV reset button (use an opened paper clip or other pointed object). Let go
of the reset buttons first and then let go of the FIV button 1 or 2 seconds later.
Note: The Port LEDs of the P333R-LB are numbered from 1-24. Expansion sub-
module ports are numbered from 51. Port LED numbers 49-50 are reserved.
Note: Any further illustrations of the P333R-LB back panel will be that of the AC
model shown in Figure 2.3.
BUPS Input
Note: The P333R-LB switch must not be operated with the back-slot open. The
stacking sub-module should be covered with the supplied blanking plate if necessary.
Positioning
P333R-LB can be mounted alone or in a stack in a standard 19-inch equipment rack
in a wiring closet or equipment room. Up to 10 units can be stacked in this way.
When deciding where to position the unit, ensure that:
• It is accessible and cables can be connected easily and according to the
configuration rule.
• Cabling is away from sources of electrical noise such as radio transmitters,
broadcast amplifiers, power lines and fluorescent lighting fixtures.
• Water or moisture cannot enter the unit case.
• There is a free flow of air around the unit, and that the vents in the back and
sides of the case are not blocked.
Rack Mounting
The P333R-LB case fits in most standard 19-inch racks. P333R-LB is 2U
(88 mm, 3.5”) high.
Place the P333R-LB in the rack as follows:
1 Snap open the ends of the front panel to reveal the fixing holes.
2 Insert the unit into the rack. Ensure that the four P333R-LB screw holes are
aligned with the rack hole positions as shown in Figure 3.1.
Figure 3.1 P333R-LB Rack Mounting
KEY
Hole in rack
Screw hole in Avaya P330
Screw position
3 Secure the unit in the rack using the screws. Use two screws on each side. Do
not overtighten the screws.
4 Snap close the hinged ends of the front panel.
5 Ensure that ventilation holes are not obstructed.
Note: The two ends of the Octaplane cable terminate with different connectors. Each
connector can only be connected to its matching port.
Note: When adding a module to an existing stack, first connect the stacking cables
and then power up the module.
1 Plug the light grey connector of the Short Octaplane cable into the port marked
“to upper unit” of the bottom P333R-LB switch.
2 Plug dark grey connector of same Short Octaplane cable to the port marked “to
lower unit” in the unit above. The connections are illustrated in Figure 3.3.
3 Repeat Steps 1 and 2 until you reach the top switch in the stack.
4 If you wish to implement stack redundancy, use the Redundant Cable to
connect the port marked “to lower unit” on the bottom switch to the port
marked “to upper unit” on top switch of the stack.
5 Power up the added modules.
Caution: Do not cross connect two P333R-LB switches with two Octaplane (light-
colored) cables. If you wish to cross-connect for redundancy, use one light-colored
Octaplane cable and one black redundancy cable. Figure 3.2 shows an incorrect
connection.
Note: You can build a stack of up to 10 P333R-LB switches. If you do not wish to
stack all the switches in a single rack, use long Octaplane cables to connect two
physical stacks as shown in Figure 3.3.
BUPS
Connector
Cable to Cable to
Lower Unit Upper Unit
Power Supply
Connector
BUPS
Connector
Cable to Cable to
Lower Unit Upper Unit
Power Supply
Connector
BUPS BUPS
Connector Connector
Cable to
Lower Unit
Cable to
Upper Unit
5 Cable to
Lower Unit
Cable to
Upper Unit
10
Power Supply Power Supply
Connector Connector
BUPS
Connector
X330SC BUPS
Connector
Cable to
Lower Unit
Cable to
Upper Unit
4 Cable to
Lower Unit
Cable to
Upper Unit
9
Power Supply Power Supply
Connector Connector
BUPS BUPS
Connector Connector
Cable to
Lower Unit
Cable to
Upper Unit
3 Cable to
Lower Unit
Cable to
Upper Unit
8
Power Supply Power Supply
Connector Connector
BUPS BUPS
Connector Connector
Cable to
Lower Unit
Cable to
Upper Unit
2 Cable to
Lower Unit
Cable to
Upper Unit
7
Power Supply Power Supply
Connector Connector
BUPS BUPS
Connector Connector
X330RC Cable to
Lower Unit
Cable to
Upper Unit
1 Cable to
Lower Unit
Cable to
Upper Unit
6
Power Supply Power Supply
Connector Connector
X330LC
Note: If an expansion sub-module is removed from the stack with the power supply
on, all configuration definitions on expansion sub-modules are lost. To remove an
expansion sub-module and save configuration definitions:
1 Turn off the power supply.
2 Remove an expansion sub-module.
3 Insert another expansion sub-module.
4 Turn on the power supply.
Note: The P333R-LB switch must not be operated with the expansion slot open. The
expansion sub-module slot should be covered with the supplied blanking plate if
necessary.
Warning: Before performing any of the following procedures, ensure that DC power
is OFF.
Caution: This product is intended for installation in restricted access areas and is
approved for use with 18 AWG copper conductors only. The installation must
comply with all applicable codes.
Warning: The proper wiring sequence is ground to ground, positive to positive and
negative to negative. Always connect the ground wire first and disconnect it last.
IP Address 149.49.35.214
VLANs VLAN 1
Port VLAN 1 1 1
Port priority 0 0 0
Cabling
P333R-LB modules include the following types of ports (according to the speed and
standard they support): 10Base-T, 100Base-TX, 100Base-FX, 1000Base-SX and
1000Base-LX.
Note: To interconnect P333R-LB switches with twisted pairs, crossed cables are
required.
• The maximum UTP cable length connected to a 10/100 Mbps port operating as
10Base-T, is 100 m (328 ft.).
• A UTP Category 5 cable must be connected to any 100Base-TX port, via an
RJ-45 connector. The maximum UTP cable length connected to a 10/100 Mbps
port operating as 100Base-TX, is 100 m (328 ft.).
• A fiberoptic cable must be connected to any 100Base-FX port, via a pair of SC
connectors. The maximum fiber cable length connected to a 100Base-FX port is
412 m (1,352 ft.) when operating in half duplex, and 2 km (6,562 ft.) when
operating in full duplex.
Appropriate cables are available from your local supplier.
Table 3.3 Gigabit Ethernet Cabling
Note: The cable and two adaptors can be found in the accessory set, and they are
clearly marked.
Note: The PPP interface configured with the set interface ppp command
must be on a different subnet from the stack inband interface.
5 Set the baud rate, ppp authentication, and ppp time out required to match your
modem. These commands are described in the “Command Line Interface”
chapter.
6 At the prompt, type:
set interface ppp enable
The CLI responds with the following:
Entering the Modem mode within 60 seconds...
Please check that the proprietary modem cable is plugged
into the console port
7 Use the DB-25 to RJ-45 connector to plug the console cable to the modem’s DB-
25 connector. Plug the other end of the cable RJ-45 connector to the
Avaya P333R-LB console’s RJ-45 port.
8 The Avaya P333R-LB enters modem mode.
9 You can now dial into the switch from a remote station, and open a Telnet
session to the PPP interface IP address.
Note: All P333R-LB switches are shipped with the same default IP address. You
must change the IP address of the master P330 switch in a stack in order to
guarantee that the stack has its own unique IP address in the network.
Use the CLI to assign the P330 stack an IP address and net mask. The network
management station can establish communications with the stack once this address
had been assigned and the stack has been inserted into the network.
To asign a P330 IP stack address:
1 Establish a serial connection by connecting a terminal to the Master P330 switch
of the stack.
2 When prompted for a Login Name, enter the default name root
3 When you are prompted for a password, enter the password root. You are
now in Supervisor Level.
4 At the prompt, type:
set interface inband <vlan> <ip_address> <netmask>
Replace <vlan>, <ip_address> and <netmask> with the VLAN,
IP address and net mask of the stack.
5 Press Enter to save the IP address and net mask.
6 At the prompt, type reset and press Enter to reset the stack. After the Reset,
log in again as described above.
7 At the prompt, type set ip route <dest> <gateway> and replace <dest>
and <gateway> with the destination and gateway IP addresses.
8 Press Enter to save the destination and gateway IP addresses.
The procedure in the following section describes initial configuration of the Router.
Note: Once you have assigned an IP address/interface to the P333R-LB, you can either
configure the P333R-LB using the CajunView P330 Manager application or continue
using the CLI.
Note: You may want to remove the default gateway defined in Step 8, once you
have completed router configuration using CajunView or CLI.
This chapter describes the Avaya P330 CLI architecture and conventions, and
provides instructions for accessing the Avaya P330 for configuration purposes.
The configuration procedure involves establishing a Telnet session or a serial
connection and then using the Avaya P330’s internal CLI. The CLI is command-line
driven and does not have any menus. To activate a configuration option, you must
type the desired command at the prompt and press Enter. You can also configure
your Avaya P330 using the P330 Manager with its graphical user interface. For
details, see the Avaya P330 Device Manager Appendix and the Avaya Multi-Service
Network Manager P330 Device Manager User’s Guide on the Documentation and
Utilities CD.
CLI Architecture
The P330 stack supports both Layer 2 switching and Layer 3 switching.
The P333R-LB CLI includes two CLI entities to support this functionality.
• The Switch CLI entity is used to manage Layer 2 switching of the entire stack.
The Switch CLI entity is identical to the CLI of a P330 Layer 2 modules.
CLI commands for managing Layer 2 switching are described in Chapter 6.
• The Router CLI entity is used to manage Layer 3 switching of a single module.
The Router CLI entity exists only in P330R Layer 3 modules and supports
different sets of commands depending on the device mode of the P333R-LB
module.
If the P333R-LB module is the Master of the stack, then the Switch CLI entity and the
Router CLI entity co-exist on the same module.
To switch between the entities, use the session command.
Configuration of the password commands and community commands in one
entity is automatically attributed to the other entity in the stack.
Initial access to the stack can be established via a serial connection or a Telnet
connection to any one of the entities.
Note: The Avaya P330 default IP address is 149.49.32.134 and the default subnet
mask is 255.255.255.0.
3 From the Microsoft Windows® taskbar of your PC click Start and then Run (or
from the DOS prompt of your PC), then start the Telnet session by typing:
telnet <P330_IP_address>
For example: telnet 192.168.35.214.
4 If the IP Address in Telnet command is the IP address of the stack, then
connection is established with the Switch CLI entity of the Master module.
If you want to connect to the Router CLI entity, use the session command.
If the IP address in the Telnet command is of the router, connection is
established to the Router CLI entity in the router module.
5 When you see the “Welcome to P330” menu and are prompted for a Login
Name, enter the default name root
6 When you are prompted for a password, enter the User Level password root
or norm in lower case letters (do NOT use uppercase letters). The User level
prompt will appear when you have established communications with the
Avaya P330.
Note: When you use the session command the security level stays the same.
Security Levels
There are four security access levels – User, Privileged, Configure and Supervisor.
• The User level is a general access level used to show system parameter values.
• The Privileged level is used by site personnel to access stack configuration
options.
• The Configure level is used by site personnel for Layer 3 configuration.
• The Supervisor level is used to define user names, passwords, and access levels
of up to 10 local users.
A login name and password are always required to access the CLI and the
commands. The login names and passwords, and security levels are established
using the username command.
Switching between the entities, does not effect the security level since security levels
are established specifically for each user. For example, if the operator with a
privileged security level in the Switch entity switches to the Router entity the
privileged security level is retained.
Conventions Used
The following conventions are used in this chapter to convey instructions and
information:
• Mandatory keywords are in boldface.
• Variables that you supply are in pointed brackets <>.
• Optional keywords are in square brackets [].
• Alternative but mandatory keywords are grouped in braces {} and separated by
a vertical bar |.
• If you enter an alphanumeric string of two words or more, for example in the
set system location on Page 96, enclose the string in inverted commas.
• Information displayed on screen is displayed in text font.
Keyboard Functions
Getting Help
On-line help may be obtained at any time by typing a question mark (?), or the
word help on the command line or by pressing the F1 key. To obtain help for a
specific command, type the command followed by a space and a question mark.
Example: Router> show?
Command Syntax
Commands are not case-sensitive. That is, uppercase and lowercase characters may
be interchanged freely.
Command Abbreviations
All commands and parameters in the CLI can be truncated to an abbreviation of any
length, as long as the abbreviation is not ambiguous. For example, version can
be abbreviated ver.
For ambiguous commands, type the beginning letters on the command line and
then use the Tab key to toggle through all the possible commands beginning with
these letters.
Universal Commands
Universal commands are commands that can be issued anywhere in the hierarchical
tree.
Retstatus command
Use the retstatus command to show whether the last CLI command you
performed was successful. It displays the return status of the previous command.
The syntax for this command is: retstatus
Output Example:
P330 # set port negotiation 2/4 disable
Link negotiation protocol disabled on port 2/4.
Router(enable)# retstatus
Succeeded
Tree command
The tree command displays the commands that are available at your current
location in the CLI hierarchy.
The syntax for this command is: tree
Output Example:
Router(super)# tree
terminal
width
length
Router(super)#
CLI – Layer 2
This chapter provides all the Layer 2 CLI commands, parameters and their default
values.
The CLI is command-line driven and does not have any menus. To activate a
configuration option, you must type the desired command at the prompt and press
Enter.
session
Use the session command to open a session with a specific entity in a switch of
the stack. For example, you can open a session with the Routing entity of a
P332G-ML switch in the stack, or with an the X330 ATM sub-module entity plugged
into a specific switch.
Note: Layer 2 commands are only available if you open a switch session with the
Master switch.
Note: When you use the session command the security level stays the same.
terminal
Use the terminal width and terminal length commands to set the width
and length of the terminal display in characters.
clear screen
The clear screen command clears the current terminal display.
ping
Use the ping command to send ICMP echo request packets to another node on the
network.
Note: You can use this command via the Master switch only.
Output Example:
To ping the IP number 149.49.48.1 four times:
P330-N> ping 149.49.48.1 4
show time
Use the show time command to display the current stack time.
Output Example:
P330-N> show time
10:32:34 27 JAN 2000 GMT
show timezone
Use the show timezone command to display the current stack timezone.
Output Example:
P330-N> show timezone
Timezone set to 'GMT', offset from UTC is 0 hours
Output Example:
P330-N> show time parameters
Current time: L:02:49:11 02 JAN 1999 isl
Timezone set to ’isl’, offset from UTC is 2 hours
Time-Server: 0.0.0.0
Time acquired from Time-Server: 0.0.0.0
Time protocol set to: TIME protocol
show ip route
Use the show ip route command to display IP routing table entries.
Output Example:
P330-N> show ip route
Destination Gateway
----------- -----------
149.49.1.1 172.20.22.201
190.20.0.0 172.20.22.202
172.20.0.0 172.20.22.96
Output Example:
P330-N> show image version 1
Mod Module-Type Bank Version
------ ----------- ---- --------
1 24x10/100Base-T with optional expansion slot A 3.3.14
1 24x10/100Base-T with optional expansion slot B 3.5.19
Output Example:
P330-1(super)# sh download status 1
Mod Bank Download State Activity Status Download Size
----- ------ --------------- ---------------- ---------------
1. Bank B idle Download idle 0
Note: This command is only supported by the P332G-ML and P332GT-ML switches.
show snmp
Use the show snmp command to display SNMP information.
Output Example:
P330-N> show snmp
Authentication trap disabled
Community-Access Community-String
---------------- ----------------
read-only public
read-write public
trap public
Trap-Rec-Address Traps Enabled
---------------- ----------------
1.1.1.1 config
fault
etc...
Output Example:
P330-N> show snmp retries
the SNMP Retries Number is 3
Output Example:
P330-N> show snmp timeout
the SNMP Timeout is 2000
show timeout
Use the show timeout command to display the amount of time the CLI can
remain idle before timing out in minutes. If the result is 0, there is no timeout limit.
The default is 15 minutes.
Output Example:
P330-N> show timeout
CLI timeout is 10 minutes
show logout
Use the show logout command to display the amount of time the CLI can
remain idle before timing out in minutes. If the result is 0, there is no timeout limit.
The default is 15 minutes.
Output Example:
P330-N> show logout
CLI timeout is 10 minutes
show interface
Use the show interface command to display information on network
interfaces.
Output Example:
To display the interface:
P330-N> show interface
Interface Name VLAN IP address Netmask
-------------- ---- --------------- ---------------
inband 1 10.0.0.1 255.255.255.0
ppp disable 1 0.0.0.0 0.0.0.0
show device-mode
Use the show device-mode command to show the P332G-ML/P332GT-ML/
P333R/P333R-LB operating mode you are currently in. Possible modes are Router,
or Switch.
show port
Use the show port command to display port status.
Output Example:
To display the status for port 4 on switch 3:
P330-N> show port 3/4
Port Name Status Vlan Level Neg Dup. Spd. Type
------ ------- --------- ---- ------ ------- ---- ---- -------------
3/4 John connected 1 4 enable half 10M 100/1000Base-Tx
Field Description
Output Example:
P330-N> show port trap 1/1
Port 1/1 up/down trap is disabled
Output Example:
show port channel 1
Port Channel Status Channel Name
------ --------------- --------------------------------
1/1 off
1/2 off
1/3 on server1
1/4 on server1
------ --------------- --------------------------------
1/5 off
etc...
Output Example:
P330-1(super)# show port classification
Port Port Classification
------ ---------------------
1/1 regular
1/2 regular
1/3 regular
1/4 regular
1/5 regular
1/6 regular
1/7 regular
etc...
Output Example:
P330-N> show port redundancy
Redundancy Name Primary Port Secondary Port Status
----------------- -------------- ---------------- --------
uplink 1/7 2/12 enable
Output Example:
P330-N> show intermodule port redundancy
Primary-Port : 1/1
Primary-Port status : Disable
Secondary-Port : 1/2
Secondary-Port status : Disable
Output Example:
P330-N> show port mirror
port mirroring
Mirroring both Rx and Tx packets from port 1/2 to port 1/4 is
enabled
Output Example:
P330-N> show port vlan-binding-mode
port 1/1 is statically bound
port 1/2 is statically bound
port 1/3 is statically bound
port 1/4 is statically bound
port 1/5 is statically bound
port 1/6 is statically bound
port 1/7 is statically bound
port 1/8 is statically bound
port 1/9 is statically bound
port 1/10 is statically bound
Example:
P330-N> show port security 1
Port 1/1 port security disabled.
Port 1/2 port security disabled.
Port 1/3 port security disabled.
Port 1/4 port security disabled.
Port 1/5 port security disabled.
etc.
Note: Port security for the P330-ML switches will always have the value unknown.
This command is used to display the security status for the other P330 switches in
the stack.
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
Output Example:
P330-N> show port blocking
+-------------------+
| Port | Blk /Fwd |
+-------------------+
| 1 | Blocking |
| 2 | Blocking |
| 3 | Blocking |
| 4 | Blocking |
| 5 | Blocking |
| 6 | Blocking |
| 7 | Blocking |
| 8 | Blocking |
| 9 | Blocking |
| 10 | Blocking |
| 11 | Blocking |
| 12 | Forwarding |
| 13 | Blocking |
| 14 | Blocking |
| 15 | Blocking |
| 16 | Blocking |
| 17 | Blocking |
| 18 | Blocking |
| 19 | Blocking |
| 20 | Blocking |
| 21 | Blocking |
| 22 | Blocking |
| 23 | Blocking |
| 24 | Forwarding |
+-------------------+
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
Output Example:
P330-N> show port self-loop-discovery 1/5
Self-Loop-Discovery is enabled on port 1/5.
Output Example:
P330-N> show internal buffering 1
Module Internal Buffer
------ ---------------
1 med
Note: Internal buffering for the P330-ML switches will always have the value Not
supported. This command is used to display the internal buffering status for the
other P330 switches in the stack.
Note: This command is not supported by the P333R and P333R-LB switches.
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
Output Example:
show boot bank
Boot bank set to bank-a
show module
Use the show module command to display switch status and information. For
each switch with an expansion sub-module installed, both switch and expansion
sub-module type and information are shown.
Output Example:
P330-N> show port flowcontrol 3/2
Mod Type C/S S/N Statuses
--- ------------------ ---- -------- ----------------------------
1 P333T 1.0 4144162 PS:OK Fans:OK Mode:Layer2
X330GT2 2.0
P330STK 2.0 Conn-Up:Fail Conn-Down:Ok
BUPS BUPS:Not Prsnt Fans:None Type:None
Field Description
Output Example:
P330-N> show port flowcontrol 3/2
Port Send-Flowcontrol Receive-Flowcontrol
Admin Oper Admin Oper
------ ----- ---- ----- ----
3/2 off off off off
Output Fields
Field Description
show cam
Use the show cam commands to display the CAM table entries for a specific port.
Note: MACs associated with LAGs appear under the LAG ID, not under the LAG
port.
Output Example:
P330-N> show cam 1/1
Dest MAC/Route Dest Destination Ports
------------------- -----------------
00-40-0d-59-03-78 1/1
00-d0-79-0a-0a-da 1/1
00-40-0d-43-1e-e9 1/1
etc...
Output Example:
P330-N> show cam mac 00-40-0d-88-06-c8
Dest MAC/Route Dest Destination Ports
------------------- -----------------
00-40-0d-88-06-c8 1/1
Total Matching CAM Entries Displayed = 1
Output Example:
P330-N> show cascading fault-monitoring 1
Module 1 cascading-down fault monitoring enabled.
Module 1 cascading-up fault monitoring enabled.
Output Example:
P330-N> show port auto-negotiation-flowcontrol-advertisement
Port 1/1 advertises no flow control capabilities.
Port 1/2 advertises no flow control capabilities.
Port 1/3 advertises no flow control capabilities.
etc.
show trunk
Use the show trunk command to display VLAN tagging information of the
ports, port binding mode, and the port VLAN ID.
Output Example:
P330-N> show trunk
Port Mode Binding mode Native vlan
------ ----- ----------------------------- -----------
1/1 dot1q bound to configured vlans 1
1/2 dot1q bound to all vlans 1
1/3 off statically bound 1
1/4 off statically bound 1
1/5 off statically bound 1
Output Example:
P330-N> show trunk 1/5
Port Mode Binding mode Native vlan Vlans allowed on trunk
------ ----- -------------- ----------- ----------------------
1/5 off statically bound 1 1
Output Fields:
Field Description
Native VLAN Number of the Port VLAN ID (the VLAN to which received
untagged traffic will be assigned).
show vlan
Use the show vlan command to display the VLANs configured in the stack/
switch.
Output Example:
P330-N> show vlan
VLAN ID Vlan-name
------- --------------------------------
1 v1
5 V5
10 V10
15 V15
20 V20
25 V25
show leaky-vlan
Use the show leaky-vlan command to display the leaky VLAN status.
Output Example:
P330-N> show leaky-vlan
Leaky VLAN mode Disable
show spantree
Use the show spantree command to display spanning-tree information.
Output Example:
P330-N> show spantree
Spanning tree enabled
Designated Root: 00-40-0d-88-06-c8
Designated Root Priority: 32768
Designated Root Cost: 20
Designated Root Port: 1/1
Root Max Age: 20 Hello Time: 2
Output Fields:
Field Description
Designated Port through which the root bridge can be reached (shown only
Root Port on nonroot bridges)
Root Max Age Amount of time a BPDU packet should be considered valid
show autopartition
Use the show autopartition command to display the automatic partition.
Note: Autopartition for the P330-ML switches will always have the value
disabled. This command is used to display the autopartition status for the other
P330 switches in the stack.
Example:
P330-N> show autopartition 1
Mod Mode
--- -----------
1 Enable
show log
Use the show log command to display an encrypted device’s reset log. This
command is for Avaya technical support use.
Output Example:
P330-1(super)# show log 1
MODULE 1, MESSAGE 01:
00000000 0 05002966 0205 0 0 0 0 0 0 0 0 0 0
MODULE 1, MESSAGE 02:
show module-identity
Use the show module identity command to display the switch identity
required for acquiring a license.
Output Example:
show module-identity [module]
show license
Use the show license command to display a switch license.
Output Example:
P330-N> show license 1
P330-N> Module 1 License:
Mod Application License Key State Feature Flag
--- ------------------- ----------------------------- ---------- ------------
1 smon 0000 0000 0000 0000 0000 0000 licensed 1
show system
Use the show system command to display the up time, system name, location,
and contact person.
Output Example:
P330-N> show system
Uptime d,h:m:s
------------------------
0,2:40:55
RMON Tools
The following are a series of RMON commands, however we recommend using the
P330 Device Manager.
Output Example:
P330-1(super)# show rmon statistics
Statistics for switch is active, owned by Monitor
Received 171665151 octets, 1474442 packets,
1030346 broadcast and 369540 multicast packets,
0 undersize and 0 oversize packets,
1 fragments and 0 jabbers,
11 CRC alignment errors and 0 collisions,
# of dropped packet events (due to a lack of resources): 0
# of packets received of length (in octets):
64:862274, 65-127:973110, 128-255:173921,
256-511:72880, 512-1023:4374, 1024-1518:29744,
Output Example:
P330-N> show rmon alarm 1026
alarm
alarm 1026 is active, owned by amir
Monitors ifEntry.1.1026 every 60 seconds
Taking delta samples, last value was 1712
Rising threshold is 10000, assigned to event # 1054
Falling threshold is 10, assigned to event # 1054
On startup enable rising or_falling alarms
Output Example:
P330-N> show rmon event 1054
event
Example:
P330-N> show ppp session
Output Example:
P330-N> show ppp authentication
PPP Authentication Parameters:
------------------------------
Incoming: CHAP
Output Example:
P330-N> show ppp incoming timeout
PPP incoming timeout is 10 minutes
Output Example:
P330-N> show ppp baud-rate
PPP baud rate is 38400
Output Example:
P330-N> show ppp configuration
PPP baud rate is 38400
PPP incoming timeout is 0 minutes
PPP Authentication Parameters:
------------------------------
Incoming: None
Output Example:
P330-N> show tftp upload status 1
Module : 1
Source file : stack-config
Destination file : c:\conf.cfg
Host : 149.49.36.200
Running state : Executing
Failure display : (null)
Last warning : No-warning
Output Example:
P330-1(super)# show tftp download software status
Module #1
===========
Module : 1
Source file : d:\p340sw\gt-ml\3.5.18\p340.web
Destination file : EW_Archive
Host : 149.49.70.61
Running state : Writing ...
Failure display : (null)
Last warning : No-warning
show intelligent-multicast
Use the show intelligent-multicast command to display the intelligent
multicast configuration.
Output Example:
P330-N> show intelligent-multicast
Intelligent-multicast configuration:
------------------------------------
intelligent-multicast state --------------------- Disabled
Intelligent-multicast client-port-pruning time --- 600[Sec]
Intelligent-multicast router-port-pruning time ---1800[Sec]
intelligent-multicast group-filtering-delay time - 10[Sec]
Intelligent-multicast HW configuration:
# Module Sub-Module Cascade
------- ---------- --------
1 No IPMc Support Not Installed No IPMc Support
Output Example:
P330-N> show intelligent-multicast hardware support
Intelligent-multicast HW configuration:
# Module Sub-Module Cascade
------- ---------- --------
1 Support IPMc Not Installed Support IPMc
Note: Layer 2 commands are only available if you open a switch session with the
Master switch.
Output Example:
P330-N> show security mode
Security mode enabled.
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
Output Example:
P330-N> show secure mac port 1
Port Secure-Src-Addrs
------ -----------------
1/17 00-50-04-07-6a-fa
01-02-03-04-05-06
show arp-tx-interval
Use the show arp-tx-interval command to display the keep-alive frames
transmission interval.
Output Example:
P330-N> show arp-tx-interval
ARP tx interval is set to 5 seconds.
show arp-aging-interval
Use the show arp-aging-interval command to display the ARP table aging
interval for gateways’ entries.
Output Example:
P330-N> show arp-aging-interval
ARP table aging interval for gateways was set to 10 minutes.
show self-loop-discovery
Use the show self-loop-discovery command to display a switch’s IBM token ring
cable discovery status.
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
Output Example:
P330-N> show self-loop-discovery 1
Self-Loop-Discovery is disabled on module 1.
Output Example:
P330-N> show allowed managers status
Managers are disabled.
Output Example:
P330-N> show allowed managers status
1 ) 149.49.32.134
2 ) Not Used
3 ) Not Used
4 ) Not Used
5 ) Not Used
6 ) Not Used
7 ) Not Used
8 ) Not Used
9 ) Not Used
10) Not Used
11) Not Used
12) Not Used
13) Not Used
14) Not Used
15) Not Used
16) Not Used
17) Not Used
18) Not Used
19) Not Used
20) Not Used
dir
Use the dir command to show the file types that have been downloaded to the
switch.
Output Example:
P330-N> dir
M# file ver num file type file location file description
-- ---- -------- ---------- ------------- ----------------
1 Booter_Image 3.5.17 SW BootImage Nv-Ram Booter Image
1 module-config N/A Running Conf Ram Module Configuration
1 stack-config N/A Running Conf Ram Stack Configuration
1 EW_Archive N/A SW Web Image Nv-Ram Web Download
2 Booter_Image 3.2.5 SW BootImage Nv-Ram Booter Image
2 module-config N/A Running Conf Ram Module Configuration
2 EW_Archive N/A SW Web Image Nv-Ram Web Download
Output Fields:
Field Description
file There are several files loaded into the switch’s memory:
• module-config – file which contains the configuration
settings made to this switch
• stack-config – file which contains the configuration settings
made at the stack level (for example IP address of the stack)
• EW_Archive – file which contains the Device Manager
(Embedded Web) software
ver num S/W Version number – relevant only for the Device
Management S/W
file location Type of internal memory into which the file is loaded
Note: If the N/A is displayed for the EW_Archive file, this means that the Device
Manager S/W is not loaded correctly. Download the Device Manager S/W again.
no hostname
Use the no hostname command to return the CLI prompt to its default.
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
no rmon history
Use the no rmon history command to delete an existing RMON history entry.
no rmon alarm
Use the no rmon alarm command to delete an existing RMON alarm entry.
no rmon event
Use the no rmon event command to delete an existing RMON event entry.
hostname
Use the hostname command to change the Command Line Interface (CLI)
prompt. The current switch number always appears at the end of the prompt.
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
clear timezone
Returns the timezone to its default, Coordinated Universal Time (UTC)
clear ip route
Use the clear ip route command to delete IP routing table entries.
Output Example:
To delete the route table entries using the clear ip route command:
P330-N# clear ip route 134.12.3.0 192.1.1.1
Route deleted.
all Keyword that specifies every entry in the SNMP trap receiver table
Output Example:
P330-N# clear snmp trap 192.122.173.82
SNMP trap receiver deleted.
clear vlan
Use the clear vlan command to delete an existing VLAN and return ports from
this VLAN to the default VLAN #1. When you clear a VLAN, all ports assigned to
that VLAN are assigned to the default VLAN #1.
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Output Example:
To delete an existing VLAN (VLAN 5) from a management domain:
P330-N# clear vlan 5 name V5
This command will assign all ports on vlan 5 to their default
in the entire management domain
- do you want to continue (Y/N)? y
All ports on vlan-id 5 assigned to default vlan.
VLAN 5 was deleted successfully.
Output Example:
P330-N# clear dynamic vlans
This command will delete all the vlans that were dynamically
learned by the device - do you want to continue (Y/N)?
Output Example:
P330-1(super)# clear port static-vlan 1/10 5
VLAN 5 is unbound from port 1/10
clear cam
Use the clear cam command to delete all entries from the CAM table.
Output Example:
P330-N# clear cam
CAM table entry cleared.
clear log
Use the clear log command to delete the Log file of a switch.
Output Example:
P330-N# clear port mirror 1/2/1/4
this command will delete the port mirror entry
- do you want to continue (Y/N)? y
Mirroring packets from port 1/2 to port 1/4 is cleared
Output Example:
P330-N> clear secure mac 1-2-3-4-5 port 1/17
01-02-03-04-05 cleared from secure address list for port 1/17
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
• set port spantree cost Sets the port spantree cost. Page 117
• set port security Enables MAC security on a range of Page 118
ports.
• set cascading Sets switch cascading fault-monitoring Page 118
mode.
• set inband vlan Sets the management VLAN ID. Page 118
• set vlan Creates VLANs. Page 119
• set port flowcontrol Sets the flow control mode of a port. Page 119
• set port auto- Sets the flowcontrol advertising Page 121
negotiation- capabilities of a Gigabit port.
flowcontrol-
advertisement
• set trunk Sets the tagging mode of a port. Page 121
• set leaky-vlan Enables/disables leaky-VLAN mode. Page 122
• set spantree Enables/disables Spanning Tree Page 122
Protocol (STP).
• set spantree priority Sets the STP Bridge priority level. Page 122
• set autopartition Enables or disables autopartitioning for Page 123
switches in a stack.
• set license Enters a license number for the stack. Page 123
• set ppp authentication Defines the PPP authentication method. Page 124
incoming
• set ppp incoming Sets the time after which the system Page 124
timeout automatically disconnects an idle PPP
incoming session.
• set ppp baud-rate Sets the baud rate used in PPP sessions. Page 124
• set web Sets the location (URL/directory) of the Page 125
aux-files-url P330 Device Manager Help files.
• set intelligent-multicast Enables or disables the IP multicast Page 125
filtering application.
• set intelligent-multicast Sets the aging time for client ports. Page 125
client-port-pruning
time
• set intelligent-multicast Sets the aging time for router ports. Page 126
router-port-pruning
time
• set intelligent-multicast Sets the time delay before a filter is Page 126
group-filtering-delay applied to a specific group.
time
• set secure mac Adds a unicast MAC address into the Page 126
CAM table of a secured port.
• set security mode Enables or disables the stack’s MAC Page 127
security.
• set arp-aging-interval Sets the ARP aging interval. Page 127
• set arp-tx-interval Sets the keep-alive interval. Page 127
• set self-loop-discovery Sets the IBM token ring discovery mode. Page 128
Admin_Status
• set welcome message Sets a welcome message to appear after Page 128
a reboot.
• set allowed managers Enables/disables the Allowed Managers Page 129
enabled/disabled feature.
• set allowed managers Used to add or remove an IP address Page 129
IP from the allowed managers table.
• set psu type Sets the main power supply type (AC/ Page 129
DC) of the module.
set logout
The set logout command is used to set the number of minutes until the system
automatically disconnects an idle session.
Output Example:
To set the number of minutes until the system disconnects an idle session
automatically:
P330-N# set logout 20
Sessions will be automatically logged out after 20 minutes of
idle time.
Output Example:
To disable the automatic disconnection of idle sessions:
P330-N# set logout 0
Sessions will not be automatically logged out.
set timezone
Use the set timezone command to assign a timezone name and set the time
difference of your P330 relative to the Coordinated Universal Time (UTC/GMT).
The minutes parameter can only be set to 30.
Output Example:
set timezone GMT -3:30
Timezone set to 'GMT', offset from UTC is -3:30 hours
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Output Example:
P330-N# set time protocol sntp-protocol
The protocol has been set to SNTP protocol
Output Example:
P330-N# set time protocol time-protocol
set ip route
Use the set ip route command to add IP addresses to the IP routing table. You
can configure from one to ten (10) default gateways for a P330 stack.
Output Example:
This example shows how to add a default route to the IP routing table:
P330-N# set ip route 0.0.0.0 192.168.1.1
destination = 0.0.0.0 gateway = 192.168.1.1
Output Example:
P330-1(super)# set snmp community read-only read
SNMP read-only community string set
Output Example:
To enable SNMP ConfigChange traps to a specific manager:
P330-N# set snmp trap 192.168.173.42 enable config
SNMP config change traps enabled.
Output Example:
To enable all traps to a specific manager:
P330-N# set snmp trap 192.168.173.42 enable all
All SNMP traps enabled.
Output Example:
To disable SNMP config traps to a specific manager:
P330-N# set snmp trap 192.168.173.42 disable config
SNMP config traps disabled.
Output Example:
To add an entry in the SNMP trap receiver table with default:
P330-N# set snmp trap 192.168.173.42
SNMP trap receiver added.
Output Example:
P330-N# set snmp trap enable auth
Authentication trap enabled
string Location name. The location name is cleared if this field is left
blank. A string of 2 words or more must be type in quotation
marks – e.g. “Operations Floor”.
string System name. The system name is cleared if this field is left
blank. A string of 2 words or more must be type in quotation
marks – e.g. “Backbone Stack”.
string Contact person. The contact person field is cleared if this field is
blank. A string of 2 words or more must be type in quotation
marks – e.g. “Yigdal Naouri”.
set device-mode
Use the set device-mode command to change the Basic Mode of Operation of
the P332-ML/P332GT-ML/P333R/P333R-LB switches between Router and Layer 2
modes.
set interface
Use the set interface command to configure the management interface on the
Master agent of the stack.
Output Example:
P330-N# set interface inband 1 192.168.42.252 255.255.255.0
Interface inband IP address set.
You must reset the device in order for the change to take effect.
ip_addr IP address used by the P330 to connect via its PPP interface
net-mask Subnet mask used by the P330 to connect via its PPP interface
Output Example:
P330-N> set interface ppp 149.49.34.125 255.255.255.0
Interface ppp has its ip address set
You can also use the set interface ppp command to enter modem mode, enter
terminal mode, disconnect the PPP session or to reset the connected modem.
The syntax for this command is:
set interface ppp {enable|enable-always|disable|off|reset}
enable-always Enable automatic reentry into modem mode after modem cable
disconnection or reconnection.
Output Example:
P330-N> set interface ppp reset
PPP has reset the connected modem.
Output Example:
P330-N# set interface ppp enable
Entering the Modem mode within 60 seconds...
Please check that the proprietary modem cable is plugged into
the console port
Output Example:
P330-N# set interface ppp disable
Entering the Terminal mode immediately
Output Example:
To set the priority level for port 2 on module 1 to 7:
P330-N# set port level 1/2 7
Port 1/2 port level set to 7
Note: Copper ports in the P332GT-ML can work at 1000Mbps (Full Duplex) only if
autonegotiation is enabled on both cable ends and you are using a 4 pair (8 wires)
Ethernet cable. If autonegotiation is disabled, these ports can only work at 100Mbps
(Full Duplex), and autonegotiation should be disabled on both cable ends.
Output Example:
To disable autonegotiation on port 1, module 4:
P330-N# set port negotiation 4/1 disable
Link negotiation protocol disabled on port 4/1.
Output Example:
To enable port 3 on module 2:
P330-N# set port enable 2/3
Port 2/3 enabled.
Output Example:
P330-N# set port disable 5/10
Port 5/10 disabled.
Note: This command does not apply to P332G-ML and P332GT-ML ports. An error
message is generated if you attempt to perform the set port speed command
for P332G-ML and P332GT-ML ports.
Output Example:
To configure port 2 on module 2 port speed to 10 Mbps:
P330-N# set port speed 2/2 10MB
Port 2/2 speed set to 10 Mbps.
Note: P332G-ML and P332GT-ML switch ports work in Full duplex mode only. An
error message is generated if you attempt to change P332G-ML and P332GT-ML
ports to half-duplex.
Example:
To set port 1 on module 2 to full duplex:
P330-N# set port duplex 2/1 full
Port 2/1 set to full-duplex.
Output Example:
P330-N# set port name 1/2 arthur
Port 1/2 name set.
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Output Example:
P330-N# set port trap 1/2 enable
Port 1/2 up/down trap enabled.
Output Example:
To set VLAN 850 to include ports 4 through 7 on module 3.
P330-N# set port vlan 850 3/4-7
VLAN 850 modified.
VLAN Mod/Ports
---- -----------------------
850 3/4-7
value static - the port supports only the VLAN as configured per port
bind-to-configured - the port supports the VLANs configured
on the device
bind-to-all - the port support the whole range of VLANs on the
device
Output Example:
P330-N# set port vlan-binding-mode 1/5-9 static
Set Port vlan binding method:1/5
Set Port vlan binding method:1/6
.
.
Example:
P330-N# set port static-vlan 1/4-6 9
Output Example:
P330-N# set port self-loop-discovery Admin_Status enable 1/2
Self-Loop-Discovery enabled on port 1/2.
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Output Example:
P330-1(super)# set port channel 1/1-3 on test
Port 1/1 channel mode set to on
Port 1/2 was added to channel
Port 1/3 was added to channel
Output Example:
P330-1(super)# set port classification 2/19 valuable
Port 2/19 classification has been changed.
Output Example:
P330-N# set port redundancy 1/7 2/12 on red1
uplink: Port 2/12 is redundant to port 1/7.
Port redundancy is active - entry is effective immediately
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Note: You must disable Spanning Tree before you can enable redundancy.
Output Example:
P330-N# set port redundancy enable
All redundancy schemes are now enabled
min Sets the internal receive buffer to its minimum size (this is the
Default).
Example:
P330-N> set internal buffering 1 max
Done.
Note: This command is not supported by the P333R and P333R-LB switches.
Note: If this command is to be implemented on a switch other than the stack master,
a session should be opened to the relevant switch.
Output Example:
P330-1(super)# set boot bank bank-a
Boot bank set to bank-a
Output Example:
P330-N> set intermodule port redundancy 1/7 2/12 on backbone
backbone: port 2/12 is intermodule redundant to port 1/7
Note: You must disable Spanning Tree before you can enable redundancy.
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
disable Keyword to change the status of the port mirroring entry to “not active”
Output Example:
P330-N# set port mirror source-port 1/9 mirror-port 1/10
sampling always direction both
Mirroring both Rx and Tx packets from port 1/9 to port 1/10 is
enabled
Output Example:
Enable the spanning tree mode for port 2 on module 3.
P330-N# set port spantree enable 3/2
value Number representing the cost. The cost level is set from 1
to 65535. A lower cost (lower value) specifies precedence
of a port to forward traffic.
Note: This command is not supported in P332G-ML and P332GT-ML switches. This
command is used to set port security for ports in other P330 switches in the stack.
Output Example:
P330-N> set port security enable 1/2
Port 1/2 secured.
set cascading
Use the set cascading command to enable or disable fault-trap sending for
unconnected cascading links. The default setting is disable.
Output Example:
P330-N# set cascading down fault-monitoring enable 1
Module 1 cascading-down fault monitoring enabled.
Output Example:
P330-N# set inband vlan 1
Management VLAN number set to 1
set vlan
Use the set vlan command to create VLANs.
Output Example:
P330-N# set vlan 3 name v3
VLAN ID 3 is named v3.
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Field Description
all Controls the sending and receipt of flow-control frames for any
type of ports:
• ON indicates that the local port will both act upon and send
IEEE802.3x flow control frames.
• OFF indicates that the local port will both discard and not send
flow control frames (of any type).
• PROPRIETARY indicates that the local port will both act upon
and send Avaya proprietary flow control frames.
Output Example:
P330-1(super)# set port flowcontrol all 2/20 on
Port 2/20 flow control administration status set to on
Output Example:
P330-N# set port auto-negotiation-flowcontrol-advertisement
1/5 asym-tx-only
P330-N# Port 1/5 pause capabilities was set
set trunk
Use the set trunk command to configure the tagging mode of a post.
set trunk [module/port] [value]
value off/dot1q
Output Example:
P330-1(super)# set trunk 2/20 dot1q
Dot1Q VLAN tagging set on port 2/20.
set leaky-vlan
Use the set leaky-vlan command to define the P330 stack’s leaky VLAN mode. In
this mode, VLAN test is done only on broadcast/multicast/unknown frames, and
not on unicast frames.
Output Example:
P330-N# set leaky-vlan enable
Leaky VLAN mode enabled
set spantree
Use the set spantree command to enable/disable the spanning-tree protocol
for the stack.
Note: When you disable STP, blocking ports are disabled in order to prevent loops
in the network. As a result, you should wait 30 seconds before disabling STP if you
reset the switch, enabled STP, or inserted a new station.
Output Example:
P330-N# set spantree enable
bridge spanning tree enabled.
Example:
To set the priority to 45000:
P330-N# set spantree priority 45000
Priority enabled
set autopartition
Use the set autopartition command to enable or disable auto-partitioning on
specific switches of the stack.
Note: This command can not be executed on the P332G-ML and P332GT-ML
switches. This command is used to set the autopartition status for the other P330
switches in the stack.
Output Example:
P330-N# set autopartition enable 3
Auto-partition is enabled in module 3.
set license
The set license command enables you to activate the SMON/routing
capability of the Avaya P330 stack. An Avaya P330 stack can include several Avaya
P330 switches. One SMON/routing license is required per Avaya P330 stack.
For a full description of the SMON/routing License and the installation procedure
please refer to the Installation Guide provided with the SMON/routing License.
Example:
P330-N> set license 1 021 1ad bad ca5 8d2 ccd smon
none No authentication
Example:
P330-N(super)# set ppp authentication incoming chap
Output Example:
P330-N> set ppp incoming timeout 15
PPP incoming session will automatically disconnect after 15
minutes of idle time
Example:
P330-N# set ppp baud-rate 38400
Note: Ensure that the Web server is always accessible otherwise Web access to the
device may take a few minutes.
Example:
P330-N# set web aux-files-url //192.168.47.25/emweb-aux-files
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
set intelligent-multicast
Use the set intelligent-multicast command to enable or disable the IP-
multicast filtering application.
Example:
P330-N> set intelligent-multicast enable
Done!
Example:
P330-N> set intelligent-multicast client-port-pruning-time 20
Done!
Example:
P330-N> set intelligent-multicast router-port-pruning time 20
Done!
Example:
P330-N> set intelligent-multicast group-filtering-delay time
20
Done!
Note: This command is not supported by the P332G-ML and P332GT-ML switches.
Output Example:
P330-N> set security mode enable
Security mode enabled.
set arp-aging-interval
Use this command to set the ARP table aging interval for gateways’ entries in the
agent ARP table. The MAC value for the default gateway of ML agent in the ARP
table, is deleted at the end of every aging interval. The default value is 10 minutes.
Example:
P330-N# set arp-aging-interval 20
ARP aging interval was set to 20 minutes.
set arp-tx-interval
Use the set arp-tx-interval command to set the keep-alive frames sending interval.
Setting the interval to 0 disables the transmission of the keep-alive frames.
Output Example:
P330-N# set arp-tx-interval 15
ARP tx interval was set to 15 seconds.
Note: You must disable Spanning Tree before you can enable self-loop-discovery.
Note: This command is not supported by the P332G-ML and P332GT-ML switches.
Example:
P330-N# set self-loop-discovery Admin_Status enable 1
Self-Loop-Discovery is disabled on module 1.
Output Example:
P330-N# set welcome message avaya
The new welcome string is “avaya”
Note: If you wish to define a string which includes spaces, you must enclose the
entire string in quotation marks, e.g. "new york".
Output Example:
P330-N> set allowed managers enabled
Managers are enabled
Output Example:
P330-N> P330-1(super)# set allowed managers ip add
149.49.32.134
Ip was added to the table
Note: This command is not applicable to P332G-ML and P332GT-ML switches. This
command is used to set the power supply types for other P330 switches in the stack.
Output Example:
P330-N> set psu type DC 3
Power supply type was changed to DC on module 3
sync time
Use the sync time command to synchronize the time used by all switches in a
stack.
Output Example:
P330-N# sync time
Time has been distributed.
get time
Use the get time command to retrieve the time from the network.
Output Example:
P330-N# get time
Time is already being acquired from network!
reset
Use the reset command to restart the system or an individual switch. If no switch
number is defined or the switch number of the Master is defined, the command
resets the entire system. If the switch number is defined, the command resets the
specified switch only.
Note: You should perform a reset after downloading software to the switch.
Output Example:
To reset the Master agent and force the entire system to reset:
P330-N# reset
This command will force a switch-over to the master module and
disconnect your telnet session.
Do you want to continue (y/n) [n]? y
Connection closed by foreign host.
Output Example:
To reset switch 4:
P330-N# reset 4
This command will reset module 4 and may disconnect your
telnet session.
Do you want to continue (y/n) [n]? y
Resetting module 4...
reset stack
Use the reset stack command to perform a hardware reset in the entire stack.
reset mgp
Use the reset mgp command to perform a software reset in the G700 Media
Gateway Processor.
reset wan
Use the reset wan command to perform a software reset in the X330 WAN Access
Router Module.
bank-a Optional - boot the WAN module from bank-a after reset.
Example:
To reset a WAN module residing on switch 2:
P330-N# reset wan 2
This command will force a switch-over to the wan device
and disconnect your telnet session
*** Reset *** - do you want to continue (Y/N)? y
nvram initialize
Use the nvram initialize command to reset the P330 parameters to the factory
defaults. If no options are specified for this command, only the Layer 2 parameters
will be reset.
switch Resets all the switching level parameters (Layer 2 only) throughout
the stack
Output Example:
P330-N# nvram initialize
This command will force a factory default and switch-over to
the master module and disconnect your telnet session.
Do you want to continue (y/n) [n]? y
Connection closed by foreign host.
host%
rmon history
Use the rmon history command to create an RMON history entry.
history_index This is the history index number of this entry (it is advisable to
use the same interface number as your history index number).
Output Example:
P330-N# rmon history 1026 1026 3/2 30 buckets 20 owner amir
history 1026 was created successfully
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
rmon alarm
Use the rmon alarm command to create a new RMON alarm entry.
alarm number This is the alarm index number of this entry (it is advisable to
use the same interface number as your alarm index number.)
variable This is the MIB variable which will be sampled by the alarm
entry.
sample type This can be set to either delta (the difference between 2
samples) or an absolute value.
rising threshold This sets the upper threshold for the alarm entry.
rising event The RMON event entry that will be notified if the upper
threshold is passed.
falling This sets the lower threshold for the alarm entry.
threshold
falling event The RMON event entry that will be notified if the lower
threshold is passed.
startup alarm The instances in which the alarm will be activated. The
possible parameters are: Rising, Falling, risingOrfalling.
Output Example:
P330-N# rmon alarm 1026 1.3.6.1.2.1.16.1.1.1.5.1026 60 delta
rising-threshold 10000 1054 falling-threshold 10 1054
risingOrFalling amir
rmon event
Use the rmon event command to create an RMON event entry.
Output Example:
P330-N# rmon event 1054 logAndTrap description "event for
monitoring amir's computer" owner amir
event 1054 was created successfully
Note: Create the file into which you wish to upload the stack-level parameters prior
to executing this command.
Output Example:
P330-N# copy stack-config tftp c:\conf.cfg 192.168.49.10
Beginning upload operation ...
Output Example:
P330-N# copy module-config tftp c:\config\switch1.cfg
192.168.49.10 5
Beginning upload operation ...
This operation may take a few minutes...
Please refrain from any other operation during this time.
********************************************************************
* If you are currently running the P330 Device Manager application,*
* it is recommended to exit from it before performing configuration*
* download operations. *
********************************************************************
Note: You should perform the nvram initialize command prior to the
copy tftp operation.
Example:
P330-N# copy tftp stack-config c:\config\switch1.cfg
192.168.49.10
Note: You should perform the nvram initialize command prior to the
copy tftp operation.
Example:
P330-N# copy tftp module-config c:\config\switch1.cfg
192.168.49.10 5
Example:
P330-N# copy tftp EW_archive c:\p330\p330web201
192.168.49.10 5
<mod_num>
image-file Common name for the files that contain the Software
Image and Embedded Web archive (full path)
Example:
P330-N# copy tftp SW_image c:\p330\p330web101 EW_archive
c:\p330\p330web201 192.168.49.10 5
Radius Commands
The following radius commands are accessible from Privileged mode.
Example:
P330-N(super)# set radius authentication secret sodot
Example:
P330-N(super)# set radius authentication server 192.168.38.12
primary
username
Use the username command to add a local user account. You can only do this
from within the Supervisor Level.
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
no username
Use the no username command to remove a local user account.
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
show username
Use the show username command to display the username.
Output Example:
P330-N> show username
User account password access-type
-------------- ------------------------------ -----------
root **** admin
Output Example:
P330-N(super)# set ppp chap secret sodot
PPP shared secret for CHAP authentication is set
Example:
P330-N(super)# show radius authentication
RADIUS authentication parameters:
---------------------------------
Mode: Enabled
Primary-server: 192.168.42.252
Secondary-server: 192.168.48.134
Retry-number: 4
Retry-time: 5
UDP-port: 1645
Shared-secret: sodot
tech
Use the tech command to enter tech mode. This command is reserved for service
personnel use only.
The commands in each group are sub-divided into the following command mode
sub-groups.
The commands in every group are summarized in a Table at the beginning of each
Section.
System Commands
Table 6.1 System Commands
Command Page
hostname 148
reset 152
ping 153
traceroute 153
session 153
hostname Command
Use the hostname command to change the system prompt used for the router.
This command does not change the system prompt of the stack. To change the
system prompt of the stack, use the host name command in the switch CLI tree.
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Example:
set system contact "Gabby ext.545"
Example:
Router-N> set system name "Banking System"
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Example:
Router-N> set system location "Floor 5,Room 12"
Example:
copy tftp startup-config c:\P333R-LB\router1.cfg
192.168.49.10
Example:
Router-N> copy running-config tftp c:\P333R-LB\router1.cfg
192.168.49.10
Example:
Router-N> copy running-config startup-config
Example:
Router-N> copy startup-config tftp c:\P333R-LB\router1.cfg
192.168.49.10
Example:
Router-N> log 20
reset Command
The reset command resets the P333R-LB module. This command resets only the
specific module. If the module is the master of the stack the entire stack is reset.
If you want to keep changes you made to the current running configuration use the
copy running-config startup-config command first.
ping Command
Use the ping command to check host reachability and network connectivity.
Example:
Router-N(super)# ping 149.49.50.13 5 8
Output Example:
Router-1(super)# ping 192.168.49.1
ping 192.168.49.1 3
ping 192.168.49.1 3 50
ping 192.168.49.1 3 50 2
ping 192.168.49.1 3 50 2 192.168.49.4
traceroute Command
Use the traceroute command as a trace route utility.
host IP address.
Example:
Router-N> traceroute 192.168.50.13
session Command
See session on page 48.
Configure Mode
Example:
Router-N(configure)# event clear
status Default
Possible states:
WARNING-ON | WARNING-OFF |
WARNING-UP | WARNING-UP-OFF |
SVR-WARNING-ON | SVR-WARNING-OFF |
SVR-WARNING-UP | SVR-WARNING-UP-OFF |
Note: default status is: SVR-WARNING-UP
Example:
Router-N(configure)# - event set SVR-WARNING-ON WARNING-OFF
Router-N(configure)# - event set WARNING-UP
Router-N(configure)# - event set default
IP Commands
Table 6.2 IP Commands
Command Page
interface 167
ip default-gateway 167
ip route 168
ip routing 169
ip max-route-entries 169
arp 169
ip max-arp-entries 170
ip icmp-errors 171
ip netmask-format 172
ip address 173
ip admin-state 174
ip netbios-rebroadcast 174
ip directed-broadcast 174
ip proxy-arp 175
ip broadcast-address 176
User Mode
Output Example:
Showing 2 rows
Network Mask Interface Next-Hop Cost TTL Source
-------------- -------------- ---------- -------------- ---- --- -------
0.0.0.0 0.0.0.0 mgmt 192.168.54.1 1 n/a Stat-Lo
192.168.54.0 255.255.255.0 mgmt 192.168.54.14 1 n/a Local
Example:
Router-1(super)# sh ip route best-match 199.93.0.0
Searching for: 199.93.0.0
Showing 1 rows
Network Mask Interface Next-Hop Cost TTL Source
--------------- --------------- ------------ --------------- ----- --- -----
199.93.0.0 255.255.0.0 e-135new 135.64.76.1 1 n/a STAT-HI
Example:
Router-1 (super)# sh ip route static
Showing 34 rows
Network Mask Interface Next-Hop Cost Pref Active
------------- ------------ --------------- --------------- ---- ---- ------
10.0.8.0 255.255.255.0 e-36 149.49.36.11 1 high Yes
135.0.0.0 255.0.0.0 e-135new 135.64.76.1 1 high Yes
135.64.0.0 255.255.0.0 e-135 135.87.164.1 1 high No
149.49.0.0 255.255.0.0 zevel 10.10.254.253 1 low Yes
149.49.2.0 255.255.255.0 n/a v-Route-FW 1 1 high Yes
Example:
Router-1 (super)# sh ip route summary
IP Route Summary:
Current number of routes: 69
Output Example:
Showing 3 rows
Address MAC Address Interface Type TTL
--------------- ----------------- ------------ ------- --------
192.168.54.1 00:40:0d:8c:12:01 mgmt Dynamic 14360
192.168.2.33 00:40:0d:5c:14:01 loco Static Not Aged
192.168.1.111 00:40:0d:5d:72:01 ppp Static Not Aged
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Example:
Router-1 (super)# sh ip reverse-arp 00:10:a4:98:97:e0
Showing 1 rows
Output Example:
Showing 2 Interfaces
mgmt is administratively up
On vlan Default
Internet address is 10.49.54.14 , subnet mask is 255.255.255.0
Broadcast address is 10.49.54.255
Directed broadcast forwarding is disabled
Proxy ARP is disabled
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Output Example:
protocol R IP | OSPF.
Example:
show ip protocols - Display all running protocols details
show ip protocols RIP - Display RIP details
Output Example:
Output Example:
Router-N> show ip unicast cache
Showing 6 Sessions.
Source IP Destination IP Next Hop IP NH MAC Vlan
=============== ============= ================ ============= =====
192.168.1.1 29.2.1.1 28.2.0.2 00.00.28.02.00.02 5
192.168.2.1 29.2.2.1 28.2.0.2 00.00.28.02.00.02 5
192.168.2.2 29.2.2.2 28.2.0.2 00.00.28.02.00.02 5
192.168.2.3 29.2.2.3 28.2.0.2 00.00.28.02.00.02 5
192.168.2.4 29.2.2.4 28.2.0.2 00.00.28.02.00.02 5
192.168.2.5 29.2.2.5 28.2.0.2 00.00.28.02.00.02 5
Example:
Router-N> show ip unicast cache networks
Output Example:
Router-N> show ip unicast cache networks detailed 192.168.6.0
24
Showing 3 rows
Output Example:
show ip unicast cache host
Showing 6 hosts
Output Example:
Router-N> show ip unicast cache nextHop
Showing 2 rows
Next Hop
========
192.168.4.1
192.168.5.1
Output Example:
Router-N>show ip unicast cache summary
Cache Summary
===============
Sessions : 11056
Hosts : 2621
Networks : 5
Next-Hops : 4
Configure Mode
interface Command
Use the interface command to create and/or enter the Interface Configuration
Mode. Use the no form of this command to delete a specific IP interface.
Example:
Router-N(configure)# interface marketing
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
ip default-gateway Command
Use the ip default-gateway command to define a default gateway (router).
The no form of this command removes the default gateway.
Example:
To define the router at address 192.168.37.1 as the default gateway.
Router-N(configure)# ip default-gateway 192.168.37.1
ip route Command
Use the ip route command to establish a static route. The no form of this
command removes a static route.
Example:
To define the router 10.10.10.10 as the next hop for the network 192.168.33.0 with
mask 255.255.255.0:
Router-N(configure)# ip route 192.168.33.0 255.255.255.0
10.10.10.10
ip-addr IP address
Example:
clear ip route * clears all the routing table
clear ip route 192.168.49.1 255.255.255.0 clears a range of entries
ip routing Command
Use the ip routing command to enable IP routing. The no form of this
command disables the IP routing process in the device. By default, IP routing is
enabled.
ip max-route-entries Command
This command exists for compatibility with P550. There is no limitation on the size
of the routing table in the P333R-LB, except for the amount of available memory.
arp Command
Use the arp command to add a permanent entry to the Address Resolution
Protocol (ARP) cache. The no form of this command removes an entry, either a
static entry or a dynamically learned entry.
Example:
To add a permanent entry for station 192.168.7.8 to the ARP cache:
Router(configure)# arp 192.168.7.8 00:40:0d:8c:2a:01
To remove an entry to the ARP cache for the station 192.168.13.76:
Router(configure)# no arp 192.168.13.76
Example:
To set the arp timeout to one hour:
Router-N(configure)# arp timeout 3600
To restore the default arp timeout:
Router-N(configure)# no arp timeout
Example:
Router-N(configure)# clear arp cache
ip max-arp-entries Command
Use the ip max-arp-entries command to specify the maximum number of
ARP cache entries allowed in the ARP cache. The no form of this command restores
to the default value of 4096. This command takes effect only after start-up.
The syntax for this command is:
[no] ip max-arp-entries <value>
value The space available for the IP address table. When you decrease the
number of entries, it may cause the table to be relearned more
frequently. If you do not enter a value, then the current ARP Cache size
is shown.
Example:
To set the maximum number of ARP cache entries to 8000:
Router-N(configure)# ip max-arp-entries 8000
To restore the maximum number of ARP cache entries to its default:
Router-N(configure)# no ip max-arp-entries
ip icmp-errors Command
Use the ip icmp-errors command to set ICMP error messages ON. The no
form of this command to set ICMP error messages OFF.
Output Example:
Router-N(configure)# ip unicast route-cache update-timeout 600
Done!
ip netmask-format Command
Use the ip netmask-format command to specify the format of netmasks in the
show command output. The no form of this command restores to the default,
which is a dotted decimal format.
bitcount Addresses are followed by a slash and the total number of bits
in the netmask. For example 17
Example:
To display netmasks in bitcount format:
Router-N(configure)# ip netmask-format bitcount
Interface Mode
ip address Command
Use the ip address command to assign an IP address and mask to an interface.
Example:
To assign the IP address 192.168.22.33 with mask 255.255.255.0 to the interface
“marketing”:
Router-N(config-if:marketing)# ip address 192.168.22.33
255.255.255.0
Example:
To specify vlan developmental as the vlan used by interface “products”:
Router-N(config-if:marketing)# ip vlan name development
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
ip admin-state Command
Use the ip admin-state command to set the administrative state of an IP
interface. The default state is up.
ip netbios-rebroadcast Command
Use the ip netbios-rebroadcast command to set NETBIOS rebroadcasts
mode on an interface. The no form of this command disables NETBIOS
rebroadcasts on an interface.
Example:
To enable rebroadcasting of netbios packets received by and sent from the interface
“marketing”:
Router-N(config-if:marketing)# ip netbios-rebroadcast both
ip directed-broadcast Command
Use the ip directed-broadcast command to enable net-directed broadcast
forwarding. The no form of this command disables net-directed broadcasts on an
interface.
ip proxy-arp Command
Use the ip proxy-arp command to enable proxy ARP on an interface. The no
form of this command disables proxy ARP on an interface.
Example:
To disable proxy ARP on interface marketing:
Router-N(config-if:marketing)# no ip proxy-arp
ip routing-mode Command
Use the ip routing-mode command to set the IP routing mode of the interface.
In RT-MGMT mode, the interface functions as a routing interface. In
RT_PRIMARY_MGMT mode, the interface function as both a routing interface and
the primary management interface. The IP address used in CajunView is the
primary management interface IP address. Only one interface can be in
RT_PRIMARY_MGMT mode. If no interface is configured to
RT_PRIMARY_MGMT, the IP address used in CajunView is selected randomly.
Example:
Router-N>ip routing-mode RT_PRIMARY_MGMT
ip redirect Command
Use the ip redirect command to enable the sending of redirect messages on
the interface. The no form of this command disables the redirect messages. By
default, sending of redirect messages on the interface is enabled.
Example:
Router-N>ip redirect
ip broadcast-address Command
Use the ip broadcast-address command to update the interface broadcast
address. The Broadcast address must be filled in with 0s or 1s.
Example:
ip broadcast-address 192.168.255.255
RIP Commands
Table 6.3 RIP Commands
Command Page
network 178
redistribute 178
default-metric 179
Configure Mode
Router-RIP Mode
redistribute Command
Use the redistribute command to redistribute routing information from other
protocols into RIP. The no form of this command disables redistribution by RIP.
The default is disabled.
Example:
Router-N(configure router:rip)# redistribute ospf
network Command
Use the network command to specify a list of networks on which the RIP is
running. The no form of this command removes an entry.
Example:
To specify that RIP will be used on all interfaces connected to the network
192.168.37.0:
Router-N(configure router:rip)# network 192.168.37.0
Note: The Invalid Route Timer value must be larger than the Update Timer value. It
is recommended that it be at least three times greater.
In any configuration all adjacent routers must have the same values for each of the
timer parameters. It is possible to have different values for the timers on two
adjacent routers, provided the Invalid Timer value is at least three times greater on
one of the routers than the Update Timer value on the other router.
Example:
Router-N(configure router:rip)# timers basic 30 180
Interface Mode
Example:
To specify that RIP version 2 should be running on the basis of the interface
“marketing”:
Router-N(config-if:marketing)# ip rip rip version 2
default-metric Command
Use the default-metric command to set the interface RIP route metric. The no
form of this command restores the default. The default metric is 1.
number The interface RIP route metric value. The range is 0 to 15.
Example:
To set the default RIP metric value. The range is 0 to 15:
Router(config-if:marketing)# default-metric 10
Example:
To set the RIP Send and Receive mode on the interface “marketing” to be listen-only:
Router-N(config-if:marketing)# ip rip send-receive listen-only
talk-only Set RIP to send but not receive default route updates
on the interface.
Example:
Router-N(config-if:marketing)# no ip rip split-horizon
Example:
To specify simple authentication to be used in RIP Version 2 packets on the interface
“marketing”.
Router(config-if:marketing)# ip rip authentication mode simple
Example:
To set the authentication string used on the interface “marketing” to be “hush-
hush”.
Router-N(config-if:marketing)# ip rip authentication key hush-
hush
OSPF Commands
Table 6.4 OSPF Commands
Command Page
area 186
redistribute 187
User Mode
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Configure Mode
Router-OSPF Mode
area Command
Use the area command to configure the area ID of the router. The no form of
this command deletes the area ID of the router (sets it to 0) and removes the stub
definition. The default area is 0.0.0.0.
Note: You cannot define a stub area when OSPF is redistributing other protocols or
when the Area ID is 0.0.0.0.
area id IP address
stub Stub
Example:
Router-N(configure router:ospf)# area 192.168.49.1
Router-N(configure router:ospf)# area 192.168.49.1 stub
Example:
Router-N(configure router:ospf)# network 192.168.0.0
Router-N(configure router:ospf)# network 192.168.0.0
0.0.255.255 area 0.0.0.0
router id IP address
Example:
Router-N(configure router:ospf)# ip ospf router-id
192.168.49.1
redistribute Command
Use the redistribute command to redistribute routing information from other
protocols into OSPF. The no form of this command disables redistribution by
OSPF.
Example:
Router-N(configure router:ospf)# redistribute rip
Example:
Router-N(configure router:ospf)# timers spf 5
Interface Mode
cost integer
Example:
ip ospf cost 10
seconds integer
Example:
ip ospf hello-interval 5
seconds integer
Example:
ip ospf dead-interval 15
priority integer
Example:
priority 17
Example:
ip ospf authentication-key my_pass
BOOTP-DHCP Commands
Overview
The P333R-LB supports the DHCP/BOOTP Relay Agent function. This is an
application that accepts DHCP/BOOTP requests that are broadcast on one VLAN
and sends them to a DHCP/BOOTP server that connects to another VLAN or a
server that may be located across one or more routers that would otherwise not get
the broadcast request. The relay agent handles the DHCP/BOOTP replies as well,
transmitting them to the client directly or as broadcast, according to a flag in the
reply message. Note that the same DHCP/BOOTP relay agent serves both the
BOOTP and DHCP protocols.
When there is more than one IP interface on a VLAN, the P333R-LB chooses one of
the IP addresses on this VLAN when relaying the DHCP/BOOTP request. The
DHCP/BOOTP server then uses this address to decide from which subnet the
address should be allocated.
When the DHCP/BOOTP server is configured to allocate addresses only from a
single subnet among the different subnets defined on the VLAN, you may need to
configure the P333R-LB with the relay address on that subnet so that the DHCP/
BOOTP server can accept the request.
DHCP/BOOTP Relay in P333R-LB is configurable per VLAN and allows for two
DHCP/BOOTP servers to be specified. In this case, it duplicates each request, and
sends it to both servers. This provides redundancy and prevents the failure of a
single server from blocking hosts from loading.
DHCP/BOOTP Relay in P333R-LB can be enabled or disabled.
The following table displays the BOOTP-DHCP Commands:
Command Page
Configure Mode
Example:
To enable relaying of BOOTP and DHCP requests:
Router-N(configure)# ip bootp-dhcp relay
To disable relaying of bootp and dhcp requests:
Router-N(configure)# no ip bootp-dhcp relay
Interface Mode
Example:
To add station 192.168.37.46 as a bootp/dhcp server to handle bootp/dhcp requests
arriving at the interface “marketing”:
Router-N(config-if:marketing)# ip bootp-dhcp server
192.168.37.46
Example:
To select the network 192.168.169.0 as the network from which an address shall be
allocated for bootp/dhcp requests:
Router-N(config-if:marketing)# ip bootp-dhcp network
192.168.169.0
VLAN Commands
Table 6.6 VLAN Commands
Command Page
User Mode
Configure Mode
Example:
Router-N(configure)# set vlan 2 name vlan2
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Note: If you wish to define a name which includes spaces, you must enclose the
entire name in quotation marks, e.g. "new york".
Tech Command
Use the tech command to enter tech mode. This command is reserved for service
personnel use only.
Fragmentation Commands
Table 6.7 Fragmentation Commands
Command Page
Example:
Router-1(super)# fragment chain 30
Example:
Router-1(super)# fragment size 150
Example:
Router-1(super)# fragment timeout 30
Example:
Router-1(super)# show fragment
Max number of concurrently reassembled packets is 100
Max number of fragments per packet is 64
Fragment timeout is 10 sec
Number of packets waiting to be reassembled is 0
Number of successfully reassembled packets is 11954
Number of packets which failed to be reassembled is 0
Number of packets which overflowed the database is 0
Benefits
FWLB allows multiple firewalls to operate in parallel, giving you the ability to:
• Scale firewall performance.
• Eliminate the firewall as the single point of failure.
How It Works
The P333R-LB:
• Balances traffic across two or more firewalls (up to1024) in your network,
allowing your firewalls to work in parallel.
• Maintains state information about the traffic flowing through it and ensures
that all traffic between specific IP source and destination pairs flows through
the same firewall.
• Performs health checks on all paths through the firewalls. If a path is
malfunctioning, P333R-LB diverts traffic away from that path, maintaining
connectivity across the firewalls.
Often, a pair of P333R-LBs are needed to support FWLB. One device is deployed on
the LAN side (internal) of the firewalls and another on the WAN side (external).
Another P333R-LB is required to balance a Demilitarized Zone (DMZ) on the DMZ
side of the network, if it exists, to allow remote access. Additional P333R-LBs can be
added to provide redundancy, eliminating any P333R-LB or path as the single point
of failure.
P333R-LB supports both bridging and two types of routing firewalls: transparent
and non-transparent.
Implementation
For Transparent Routing FWLB, the load balancer receives a packet, makes a load
balancing decision, and forwards the packet to a firewall. The firewall does not
perform Network Address Translation (NAT) on the packets; the source and
destination IP addresses are not changed.
Two P333R-LBs are required for Transparent Routing FWLB, one on each side of the
firewalls. One device intercepts traffic between the protected zone and the firewall,
and the second device intercepts traffic between the unprotected zone and the
firewall.
Transparent Routing firewalls act as "next hop" devices from the perspective of the
P333R-LB. After one of the firewalls in a group is selected, normal routing to that
firewall takes place.
The P333R-LB performs an “intelligent routing” decision, based on the Load
Balancing criteria, and replaces the MAC address in the packets by the MAC
address of the selected firewall.
P333R-LB enables you to route packets destined to a Demilitarized Zone (DMZ). A
DMZ is a portion of the client’s network, apart from the client’s LAN, where remote
access is allowed. After creating a DMZ, a third load balancer is installed, which
routes packets to the DMZ.
The following sections present configuration examples of a simple and DMZ
configuration.
10.1.1.1 10.2.1.1
LAN Internet
P333R-LB 1 10.1.1.2 10.2.1.2 P333R-LB 2 Access Router
Server
Firewall 2
RSG fw-group
Note:
1. When configuring routing firewalls as Real Servers, you must give an ID to each
Real Server. This ID must match the ID given to the same firewall on the second
load balancer.
2. The P333R-LB performs load balancing on traffic that arrives to its routing
interfaces. Therefore, IP routes in the network must be configured to pass through
the P333R-LB.
P333R-LB 1-1(config-v-fw-srvc:external)# id 1
Done!
P333R-LB 1-1(config-v-fw-srvc:external)# hc-ip 10.1.1.3
10.2.1.3
Done!
P333R-LB 1-1(config-v-fw-srvc:external)# ip route 0.0.0.0
0.0.0.0
Done!
P333R-LB 1-1(config-v-fw-srvc:external)# rsg fw-group
Done!
P333R-LB 1-1(config-v-fw-srvc:external)# exit
Done!
P333R-LB 2-1(config-rsrvr:10.2.1.2)# id 2
Done!
P333R-LB 2-1(config-rsrvr:10.2.1.2)# exit
P333R-LB 2-1(configure)# rsg fw-group
Done!
P333R-LB 2-1(config-rsg:fw-group)# type-id routing-fw 1
Done!
P333R-LB 2-1(config-rsg:fw-group)# real-routing-fw 10.2.1.1
Done!
P333R-LB 2-1(config-rsg:fw-group)# real-routing-fw 10.2.1.2
Done!
P333R-LB 2-1(config-rsg:fw-group)# exit
P333R-LB 2-1(configure)# virtual-fw-service internal
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# id 1
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# hc-ip 10.2.1.3
10.1.1.3
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# ip route 10.4.1.0
255.255.255.0
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# rsg fw-group
Done!
P333R-LB 2-1(config-v-fw-srvc:internal)# exit
----------------
P333R-LB 2
----------------
Firewall 1
10.1.1.1
Firewall 2
RSG
10.3.1.3
fw- group
P333R-LB 3 193.170.2.3
DMZ
Note:
1. When configuring routing firewalls as Real Servers, you must give an ID to each
Real Server. This ID must match the ID given to the same firewall on the second
load balancer.
2. The P333R-LB performs load balancing on traffic that arrives to its routing
interfaces. Therefore, IP routes in the network must be configured to pass through
the P333R-LB.
-------------------
P333R-LB 2
-------------------
virtual-fw-service "dmz"
id 2
hc-ip 10.2.1.3 10.3.1.3
ip route 193.170.2.0 255.255.255.0
rsg "fw-group"
-------------------
P333R-LB 3
-------------------
!
virtual-fw-service "external"
id 2
hc-ip 10.3.1.3 10.2.1.3
ip route 0.0.0.0 0.0.0.0
rsg "fw-group"
Hash
Hash is the default metric for FWLB, and the default metric parameter for
Transparent FWLB Hash is: Source IP, Destination IP.
Using the Hash metric, sessions are distributed through firewalls using a
predefined mathematical hash function. This hash function is created by a hash
value, performed on a specific parameter. The source and destination IP addresses
are used as the hash function input.
P333R-LB creates a list of all the currently available firewalls. The result of the hash
function is used to select a firewall from the list. Specific source and destination IP
addresses always produce the same hash function, providing natural persistency.
If a firewall is added or removed to the group, the persistency will be broken. This
occurs, since the order of the firewalls in the list changes, but the hash still points to
the same list entries. The following figure illustrates how a loss of persistency occurs
when a firewall becomes non-operational.
The same
Hash Function 4 Hash Function 3
pointing to Firewall 4 1 pointing to Firewall 1 4
2 1
3 3
When Firewall 2 is removed from the group, the list of available firewalls is
readjusted, causing a lack of persistency. However, if Firewall 2 becomes
operational again, the list of available firewalls is restored to its original order, and
persistency is recovered, making Hash a predictable metric.
MinMiss Hash
The metric parameter for MinMiss Hash is: Source IP, Destination IP.
MinMiss Hash distributes sessions to firewalls in the same way as the Hash metric.
However, MinMiss Hash sustains persistency even when a server is removed from
the firewall group. When a firewall fails or is removed, the positions of the other
firewalls in the list do not change. Instead, the remaining firewalls are redistributed
to the list entries freed by the failing firewall. The following figure illustrates how
persistency is maintained even though a firewall becomes non-operational.
Figure 7.4 MinMiss Hash Metric - Persistency Sustained
1 1
2 1
3 Firewall 2 3
4 4
1 1 Persistency
2 3
KeptKept
3 3
Server
When Firewall 2 is removed from the group, the list of available firewalls is not
readjusted. Only the list entries that are now empty are replaced with other
available firewalls. Therefore, persistency is sustained for all available firewalls. If
Firewall 2 becomes operational again, the list of available firewalls is recalculated so
that the smallest number of firewalls is affected. However, the list of firewalls is not
Weighted Firewalls
You can assign weights to firewalls to enable faster firewalls to receive a larger
share of sessions. This minimizes overloading and maximizes functionality.
If you assign a weight to a firewall, the sessions are distributed to the firewalls in the
same metric chosen (Hash or MinMiss Hash). However, weighted firewalls are
assigned a larger share of sessions. For example, if you assign a weight of 10 to one
firewall (the default value), and assign a weight of 20 to a second firewall, the
second firewall receives 2 sessions for each session directed to the first firewall.
Health Check
The P333R-LB constantly health checks the firewall paths to ensure that each
firewall is accessible and operational. A firewall that fails the health check is
automatically removed from the load balancer’s internal list of currently available
firewalls.
The P333R-LB uses the ICMP Echo health-check method. Each load balancer
periodically pings the Real Server and checks if an answer was received.
For FWLB, the health check must is performed beyond the firewalls as well in order
to check the entire data path. In order to insure that the health check packets
traverse the same firewall in both directions, the Health Check IP addresses (the
packet’s source and destination IP addresses) are the interfaces of the load balancer
on each side of the firewall. For each load balancing interface, the local and remote
addresses should be configured. The load balancers on both sides of the firewalls
must be configured symmetrically. For information on configuration, see the
configuration example.
Persistency
Firewalls perform a Stateful Inspection on every session passing through them and
drop a session if not all of its traffic passes through the same firewall. Therefore,
when load-balancing between different firewalls, it is imperative that all traffic
belonging to a given session traverses the same firewall.
The P333R-LB achieves this goal by implementing a sophisticated persistency
mechanism, based on packet characteristics inspection. A symmetric hash function
in each module is calculated based on the source and destination IP addresses. The
P333R-LB assures that packets with the same characteristics traverse the same
firewall in both directions throughout the session.
In the case where there are two P333R-LBs (one on each side of the firewalls),
persistency is ensured only if each P333R-LB is configured so that they are
compatable with each other. If they are not, and there is a change in the network
that affects internal device decisions (for example, adding or removing a Real
Server), persistency, or even the network connection, could be lost.
Implementation
Non-Transparent Routing firewalls are firewalls that support dynamic NAT
(Network Address Translation).
For non-Transparent FWLB, the load balancer receives an outgoing packet, makes a
load balancing decision, and forwards the packet to a firewall. The firewall keeps a
bank of IP addresses and replaces the source IP of the incoming packet (from the
LAN) with a unique, yet arbitrary IP address from this bank. The firewall then
forwards the packet to an edge router which routes it to the correct destination on
the WAN.
For incoming packets, the unique NAT address is used as a destination IP to access
the same firewall. The firewall performs reverse NAT by replacing the NAT
destination address with the actual destination address (the client IP address), and
then forwards the packet to the load balancer which routes the packet to its
destination. No Load Balancing is performed on incoming packets.
For non-Transparent Routing FWLB, only one Load Balancing device is required.
The device is positioned on the LAN (internal) side of the firewalls. Since the
firewalls perform NAT, a Load Balancing device is not needed between the WAN
and the firewalls.
As well, non-Transparent Routing FWLB can be configured using static NAT. In
this scenario, the firewalls are configured to perform NAT for some hosts, and not
for other hosts. Alternatively, the firewalls may be configured to assign a specific
NAT address to a specific host. In this case, two load balancers are required, one on
each side of the firewalls.
193.170.1.3
LAN Internet
Access Router
P333R-LB 10.1.1.2
Server
NAT 2=193.170.1.2
Firewall 2
RSG fw-group
Note: The P333R-LB performs load balancing on traffic that arrives to its routing
interfaces. Therefore, IP routes in the network must be configured to pass through
the P333R-LB.
hostname "P333R-LB"
!
interface "2"
ip vlan name "Default"
ip address 10.1.1.3 255.255.255.0
!
interface "1"
ip vlan name "Default"
ip address 10.4.1.3 255.255.255.0
!
real-routing-fw 10.1.1.1
id 1
!
real-routing-fw 10.1.1.2
id 2
!
rsg "fw-group"
type-id routing-fw 1
real-routing-fw 10.1.1.1
real-routing-fw 10.1.1.2
!
virtual-fw-service "external"
id 1
hc-ip 10.1.1.3 193.170.1.3
ip route 0.0.0.0 0.0.0.0
rsg "fw-group"
10.1.1.1 10.2.1.1
LAN Internet
P333R-LB 1 10.1.1.2 10.2.1.2 P333R-LB 2 Access Router
Server
Firewall 2
RSG fw-group
Note: The P333R-LB performs load balancing on traffic that arrives to its routing
interfaces. Therefore, IP routes in the network must be configured to pass through
the P333R-LB.
Health Check
In order for the P333R-LB to perform a health check, an IP address beyond the
firewall should be configured as a health check address. The health check session
returns through the same firewall according to the NAT address it was given. For
information on configuration, see the configuration example.
Persistency
As in the case of Transparent Routing Firewalls, Non-Transparent Routing
Firewalls perform Statefull Inspection on all packets going through them, checking
that all the packets of a given session traverse the same firewall in both directions.
In transparent FWLB, persistency is ensured by the Load Balancing device. In non-
transparent FWLB, the firewalls ensure persistency through NAT, and there is no
need for the Load Balancing device to intervene.
Implementation
Bridging firewalls are firewalls that do not perform forwarding at the IP layer, but
rather appear as transparent bridges. Bridging firewalls are transparent to devices
inside and outside the secured network.
For bridging FWLB, the P333R-LBs have to be positioned on both sides of the
firewalls. The Bridging Firewall does not have an IP address or a MAC address to
which traffic is directed, therefore a Bridging Firewall has to physically appear on
the traffic path. Each P333R-LB load balances between IP interfaces of the peer
P333R-LB behind the firewall. In order for this to work, the P333R-LB has to have a
different VLAN and subnet for each firewall, and the physical ports connected to
the firewalls have to be on different VLANs as well. In addition, for each VLAN,
both load balancers must be in the same subnet. The Real Servers are IP interfaces of
the load balancer on the other side of the firewalls, not of the firewalls themselves.
Configuration Example
The following figure illustrates Bridging FWLB.
Figure 7.7 Bridging FWLB Configuration Example
LAN Internet
P333R-LB 1 10.2.1.1 10.2.1.2 P333R-LB 2
Access Router
Server
Firewall 2
VLAN 2
RSG
fw- group
Note:
The P333R-LB performs load balancing on traffic that arrives to its routing
interfaces. Therefore, IP routes in the network must be configured to pass through
the P333R-LB.
!
real-bridging-fw 10.1.1.2
!
real-bridging-fw 10.2.1.2
!
rsg "fw-group"
type-id bridging-fw 1
real-bridging-fw 10.1.1.2
real-bridging-fw 10.2.1.2
!
virtual-fw-service "bridging-external"
id 1 bridging-fw
ip route 0.0.0.0 0.0.0.0
rsg "fw-group"
----------------
P333R-LB 2
----------------
!
ip default-gateway 193.170.1.2 1 low
!
real-bridging-fw 10.1.1.1
!
real-bridging-fw 10.2.1.1
!
rsg "fw-group"
type-id bridging-fw 1
real-bridging-fw 10.1.1.1
real-bridging-fw 10.2.1.1
!
virtual-fw-service "bridging-internal"
id 1 bridging-fw
ip route 10.4.1.0 255.255.255.0
rsg "fw-group"
Health Check
As with Transparent Routing FWLB, the interfaces on both sides of the firewall are
periodically pinged and checked if an answer was received. Since each firewall is
configured on a different VLAN, the ping will always remain on the same firewall.
Persistency
Each P333R-LB interface and the firewall connected to it reside in a separate VLAN.
This ensures persistency since all the traffic through a particular firewall is
contained in the firewall’s VLAN.
Benefits
SLB improves your network performance by:
• Minimizing server response time.
• Maximizing server availability.
• Increasing reliability - If any server fails, the remaining servers continue to
provide services seamlessly.
• Increasing scalability - Server configuration (removal/addition) can be
performed without disrupting the network.
How it Works
The P333R-LB balances the traffic among several servers which all have access to
identical applications and data. This involves intercepting all traffic between clients
and load-balanced servers and dynamically distributing the load according to
configured schemes called metrics. For more information on metrics, refer to "Load
Balancing Metrics" on page 237.
To intercept traffic to the servers, the P333R-LB presents itself to the clients as a
Virtual Server with a Virtual IP address (VIP). Client traffic travels to the P333R-LB
acting as a Virtual Server. The P333R-LB redirects this traffic using Network
Address Translation (NAT) to the available Real (balanced) Servers. Traffic from the
Real Servers back to the clients may return via the P333R-LB, depending on the load
balancing redirection method.
To maintain awareness of any changes in the Real Servers' availability, the
P333R-LB implements a Health Check mechanism to monitor the status of the Real
Servers. For more information, see "Health Check" on page 239.
P333R-LB enables the following methods of NAT, described in the following
sections:
• Half NAT - P333R-LB translates the VIP to the IP address of the Real Servers.
• Full NAT - P333R-LB translates client’s IP addresses to Proxy IP addresses, as
well as the VIP to the IP address of the Real Servers.
Note: In complex routing topologies where alternative paths between the Real
Servers and clients might exist, the returning packets could reach the client via a
path external to the P333R-LB. These packets would be labelled with the real IP of
the Real Server, and not the VIP that the client recognizes, causing the session to fail.
In a situation where this is possible, use Full NAT to prevent this from occurring.
For more information, refer to "Full NAT Load Balancing" on page 228.
Note: The following example uses sample IP addresses for illustration only.
Real Server 1
10.1.1.1
Server
RSG
server-group
Note: The Real Servers must be configured with the P333R-LB as their default
gateway (for example in Figure 8.1, 10.1.1.10).
In order to configure the load balancer according to Figure 8.1, perform the
following commands:
P330-1(configure)# session router
servers, each with a different IP address, provide the same service. For a sample
configuration, see Figure 8.2 on page 230, with the addition for Equivalent
Application for Multiple VIPs.
• Direct Client-Real Server session access - Full NAT enables direct sessions to
load-balanced applications between the Clients and Real Servers to traverse the
P333R-LB in addition to sessions to the VIP. The sessions to the VIP undergo
Full NAT, while direct Client-Real Server sessions are routed by the P333R-LB
without NAT. Such an application is not possible when implementing Half
NAT.
• Mapping different Virtual Services to the same port on the Real Servers -
Each service has its own PIP, enabling different flows to the same port.
You prepare banks of IP address ranges and associate each Virtual Service with a
bank.
Note: You can create 64 banks of PIP addresses, with a total of 32,768 PIP addresses.
If you haven’t configured a bank for a Virtual Service, P333R-LB uses Half NAT
load balancing for that Virtual Service.
With Full NAT, responses made by the Real Server are forced to pass through the
P333R-LB, where the Real Server IP is replaced with the Virtual Server IP, and the
PIP with the client’s original IP before forwarding them to the clients.
Note: Configure the PIP addresses on a dedicated subnet. If you configure a local
interface on the PIP subnet, it is advertised throughout the network by the Routing
Protocols as belonging to that router, like all other subnets. If no Local Interface is
configured on the PIP subnet, Static Routes should be configured to reach that PIP
subnet.
Note: The P333R-LB does not answer to ARP requests, or to pings on the PIP
address.
Note: You can not configure Full NAT for Active FTP Virtual Services.
Note: The number of PIP addresses affects the number of Full NAT load balance
sessions the P333R-LB supports. One PIP address is used for all client-server
sessions on each virtual service.
Note: The following example uses sample IP addresses for illustration only.
Figure 8.2 illustrates a sample configuration where two clients are connected to a
P333R-LB which balances the traffic between three Real Servers. In addition to the
traffic path through the P333R-LB, a direct path exists between the Clients and the
Real Servers through another router. The P333R-LB is configured with a VIP of
193.170.4.20 and with a PIP bank on subnet 10.3.3.x.
In order to configure the load balancer according to Figure 8.2, perform the
following commands:
P333R-LB-1(super)#interface router
Done!
P333R-LB-1(super-if:router)#ip address 193.170.3.1
255.255.255.0
Done!
P333R-LB-1(super-if:router)#exit
P333R-LB-1(super)#interface client
Done!
P333R-LB-1(super-if:client)#ip address 193.170.4.1
255.255.255.0
Done!
P333R-LB-1(super-if:client)#exit
P333R-LB-1(super)#ip default-gateway 193.170.3.2
Done!
P333R-LB-1(super)#real-slb-server 10.1.1.1
Done!
P333R-LB-1(super-r-slb-srvr:10.1.1.1)#exit
P333R-LB-1(super)#real-slb-server 10.1.1.2
Done!
P333R-LB-1(super-r-slb-srvr:10.1.1.2)#exit
P333R-LB-1(super)#real-slb-server 10.1.1.3
Done!
P333R-LB-1(super-r-slb-srvr:10.1.1.3)#exit
P333R-LB-1(super)#rsg server-group
Done!
P333R-LB-1(super-rsg:server-group)#type-id slb 1
Done!
P333R-LB-1(super-rsg:server-group)#real-slb-server 10.1.1.1
Done!
P333R-LB-1(super-rsg:server-group)#real-slb-server 10.1.1.2
Done!
P333R-LB-1(super-rsg:server-group)#real-slb-server 10.1.1.3
Done!
P333R-LB-1(super-rsg:server-group)#exit
P333R-LB-1(super)#pip-bank 1
Done!
P333R-LB-1(super-pip-bank:1)#pip-addresses 10.3.3.2 10.3.4.2
Done!
P333R-LB-1(super-pip-bank:1)#exit
P333R-LB-1(super)#virtual-server slb
Done!
P333R-LB-1(super-v-srvr:slb)#id 1
Done!
P333R-LB-1(super-v-srvr:slb)#vip 193.170.4.20
Done!
P333R-LB-1(super-v-srvr:slb)#virtual-slb-service http
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#id 1
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#application tcp 80
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#pip-bank 1
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#rsg server-group
Done!
P333R-LB-1(super-v-slb-srvc:slb:http)#exit
P333R-LB-1(super-v-srvr:slb)#exit
P333R-LB-1(super)#
To insure that the packets destined to the PIP address reach the P333R-LB on the
return path from the Real Server to the client, you must configure a Static Route in
the router by entering: ip route 10.3.3.0 255.255.255.0 193.170.3.1 1
low
Note: The above configuration example stresses that even when there is a direct
path from the router to the clients, with Full NAT the traffic is forced to traverse the
P333R-LB for PIP-client IP translation. With Half NAT, in such a scenario, load-
balanced sessions would have failed. This is because traffic from the Real Servers
would have been routed directly to the clients, before reaching the P333R-LB. The
clients expect a reply from the VIP, but instead would receive the reply from the real
IP, and drop the packets.
Note: This configuration enables you to install the P333R-LB in the network without
changing the clients configuration, when the clients used to access different servers.
Note: You can not implement DSR for Services using Full NAT, since the P333R-LB
must replace the PIP with the original client IP for the returning packets.
Note: The following example uses sample IP addresses for illustration only.
Real Server 1
10.1.1.1
Server
RSG
P333R server-group
Note:
1. The VIP should be configured in the Real Servers as a “loopback” IP address.
2. Another router (like the P333R) may be configured as the default gateway of the
Real Servers. This conserves resources and bandwidth on the P333R-LB that is
tasked with balancing client requests.
interface "2"
ip vlan name "Default"
ip address 10.1.1.10 255.255.255.0
!
interface "1"
ip vlan name "Default"
ip address 193.170.1.1 255.255.255.0
!
ip default-gateway 193.170.1.2 1 low
!
real-slb-server 10.1.1.1
direct-server-return
!
real-slb-server 10.1.1.2
direct-server-return
!
real-slb-server 10.1.1.3
direct-server-return
!
rsg "server-group"
type-id slb 1
real-slb-server 10.1.1.1
real-slb-server 10.1.1.2
real-slb-server 10.1.1.3
!
virtual-server "web-farm"
id 1
vip 193.170.1.3
!
virtual-slb-service "www-service"
id 1
application tcp 80
rsg "server-group"
DNS Configuration
Note: The following example uses sample IP addresses for illustration only.
Figure 8.4 illustrates a DNS configuration, where DNS traffic to primary and
secondary DNS servers is balanced.
Figure 8.4 DNS Configuration
DNS
Servers Primary
Server
Server
DNS - TCP P
TC
S-
DN Server
DP
Server
P333R-LB U
S-
DN
DNS - UDP
Clients UD
P
Server
Secondary
Server
In Figure 8.4, DNS queries from clients arrive over UDP, while the DNS servers
exchange DNS information via TCP. DNS includes a mechanism by which
secondary and primary servers exchange information. The P333R-LB is required to
balance UDP queries by clients across both primary and secondary servers, while
forwarding TCP traffic only to the primary server. This is done by assigning two
services to the Virtual Server that represents the DNS server to the world. The UDP
service is mapped to a group of servers which include the primary and secondary
Real DNS Servers. The TCP service is configured to include only the Real DNS
server which has the primary role.
Round Robin
Round Robin is the default metric for SLB.
Using the Round Robin metric, new sessions are issued to each server in turn based
on the Real Server weight. The first Real Server in the group receives the first ‘n’
sessions, where ‘n’ is the Real Server weight. The second Real Server receives the
next ‘n’ sessions, and so on. When all the servers receive at least one session, the
issuing process starts over with the first Real Server.
Hash
Using the Hash metric, sessions are distributed to Real Servers using a predefined
mathematical hash function. This hash function is created by a hash value,
performed on a specific parameter. The source and destination IP addresses are
used as the hash function input.
P333R-LB creates a list of all the currently available servers. The result of the hash
function is used to select a server from the list. Specific addresses always produce
the same hash function, providing natural persistency.
If a server is added or removed to the group, the persistency will be broken. This
occurs, since the order of the servers in the list changes, but the hash still points to
the same list entries. The following figure illustrates how a loss of persistency occurs
when a server becomes non-operational.
1
Persistency
3
The same
Hash Function 4 3
Hash Function
pointing to Server 4 4
1 pointing to Server 1
2 1
3 3
When Server 2 is removed from the group, the list of available servers is readjusted,
causing a lack of persistency. However, if Server 2 becomes operational again, the
list of available servers is restored to its original order, and persistency is recovered.
MinMiss Hash
MinMiss Hash distributes sessions to Real Servers in the same way as the Hash
metric. However, MinMiss Hash sustains persistency even when a server is
removed from the server group. When a server fails or is removed, the positions of
the other Real Servers in the list do not change. Instead, the remaining servers are
redistributed to the list entries freed by the failing server. The following figure
illustrates how persistency is maintained even though a server becomes non-
operational.
Figure 8.6 MinMiss Hash Metric - Persistency Sustained
1 1
2 1
3 3
Server 2
4 4
1 1 Persistency
2 3
Kept
3
Server
3 The same
Hash Function 4 Hash Function still 4
pointing to Server 4 pointing to Server 4 1
1
2 4
3 3
When Server 2 is removed from the group, the list of available servers is not
readjusted. Only the list entries that are now empty are replaced with other
available servers. Therefore, persistency is sustained for all available servers. If
Server 2 becomes operational again, the list of available servers is recalculated so
that the smallest number of servers is affected. However, the list of servers is not
restored to its original configuration. As a result, persistency is only partially
recovered.
Health Check
The P333R-LB constantly health-checks the Real Servers to ensure that each Real
Server (in this case, each server) is accessible and operational. A server that fails the
health check is automatically removed from the load balancer’s internal list of
currently available servers.
P333R-LB supports the following health-check methods:
• ICMP Echo - Each server is periodically pinged and checked if an answer was
received.
• TCP Port Checking - A TCP connection is periodically opened to every server,
checking for successful completion of the connection.
• HTTP Server Checking - Useful for web applications, this method enables
verifying HTTP server functioning by comparing the response from the server
with a complete sample of the web page. The P333R-LB sends a request to the
HTTP server to simulate an outside request. The P333R-LB compares the
server’s response with the sample to ascertain the level that the HTTP server is
functioning. P333R-LB supports the following HTTP retrieving methods:
— Head - Retrieve only the HTTP headers without document body content.
This is the default method.
— Get - Retrieve all data from the HTTP server.
P333R-LB supports the following responses:
— Any response - P333R-LB assumes the server is functional when P333R-LB
receives any response.
— Any OK response - P333R-LB assumes the server is functional when the
server’s response is one of the HTTP OK responses (codes 201-204).
— Exact OK response - P333R-LB assumes the server is functional only when
P333R-LB receives the exact response expected (code 200). This is the
default method.
You can configure the following parameters:
— The port to access - if you do not configure a port, the default is in the
following order: the Virtual Service Real port, Virtual port, or port 80.
— HTTP Request type - GET or HEAD (default HEAD)
Note: If you selected HTTP 1.1, you can specify a Domain Name to be used in the
Health Check query. If you don’t specify a Domain Name, the Real Server’s IP
address and the Real port is used.
Note: In the HTTP Expected String Health Check script “\r\n” denotes “enter”.
Done!
P333R-LB-1(super-http:1)# expected-string offset 54
Done!
• Script Server Checking - Supported over TCP, this method verifies the
functioning of the server by running a script on the server. Script Health Check
enables you to build your own script to run on the Real Server, and return a
pre-defined response.
You configure a complete and explicit request header as well as the expected
response string with offset. The string’s limiting factors are:
— Maximum length of request header: 255 characters.
— Maximum length of response string: 255 characters.
— Maximum offset from end of TCP header: 1000 bytes.
P333R-LB compares the server’s reply with the expected reply you configured.
You need to verify that the configured request results in the configured expected
response. P333R-LB searches for the expected string only in the first packet sent
by the server as a response to the script query.
A successful Script Health Check is defined as one with a valid expected string,
as well as a sucessful completion of the TCP connection.
Note: In the Script Health Check query and expected-string “\r\n” denotes “enter”.
Note: By default, the SLB health check mechanism employs a TCP-connect method
for TCP-based applications that use the lowest defined TCP port. When the Virtual
Service is FTP however, you must manually configure a new TCP-connect health
check via port 21 and configure it in the relevant Virtual Service.
The need for this arises because FTP functions on TCP ports 20 (FTP-data) and 21
(FTP-ctrl), and the P333R-LB uses TCP port 20 to check the server’s availability. The
problem is that usually FTP servers do not allow a TCP connection via port 20
without having an established connection via port 21. This causes the health check
to fail and the service becomes unavailable.
For the commands to configure the different Health Checks, refer to "Health Check
Commands" on page 304.
Client Persistency
Persistency is a way to ensure that all traffic related to a given session and all
sessions of a given characteristic are served by the same server.
Client persistency is the persistency between many sessions for one client. Client
persistency ensures that all traffic from the client is directed to the same Real Server.
Client persistency is achieved either by using naturally persistent load balancing
schemes (such as Hash or MinMiss Hash), or by forcing persistent load balancing
decisions on non-persistent load balancing schemes (such as Round Robin).
Decision forcing is performed by storing the history of the latest decisions in a cache
for a limited time, and sending the packets to the appropriate server based on
previous load balancing decisions.
Regardless of the client persistency nature of the selected load balancing metric, the
P333R-LB offers a unique client persistency feature that is available in all load
balancing metrics. Client persistency is based on a "persistency cache". Load
balancing decisions are recorded in a persistency cache for a specified time
configured by the user. When a new session that matches an entry in the persistency
cache is processed by the P333R-LB, it is directed to the same server pointed by the
cache (provided, of course, that the server is considered healthy).
The key to the persistency cache is based on the client IP, in combination with a
wildcard. This allows persistency to be configured per an exact IP address, or per a
group of addresses. For instance, in cases where clients hide behind a NAT device
which selects NAT addresses from an address block of 255 addresses, enabling the
persistency cache with a wildcard of 0.0.0.255 will map all clients to a single entry
and a single Real Server.
Port Re-mapping
The P333R-LB may be configured to re-map the destination port number when
performing load balancing. For example, you might want to run the HTTP process
on real servers using a different port number in order to enable more than one
concurrent HTTP service.
Note:
1. In the P333R-LB, a Real Server can belong to multiple server groups as long as the
groups are not running the same Virtual Service. If the groups are running the same
service (e.g., HTTP), port re-mapping should be used.
2. Port Re-mapping should not be used in conjunction with Triangulation.
Application Redirection
This chapter provides information on Application Redirection (AR), and includes a
configuration example.
With the growing importance of the Internet as the organization's source of
information, normal operation of the LAN can be negatively impacted by
congestion on the network router to the Internet.
Since much of the information retrieved from the Web is either repeatedly requested
by a user or requested by multiple users, many organizations implement a local
caching mechanism to prevent unnecessary WAN traffic.
The problem with local caches is that they must be on the traffic path between the
client and the WAN router. As a result, all traffic, even non-cacheable traffic, passes
through them.
The P333R-LB’s AR redirects packets from their original destination to an
alternative server, based on AR configuration. Since redirecting Web requests to
local caches is the most common implementation of AR, it is also known as Cache
Redirection.
The AR feature can also be used for policy-based (source-based) routing. For full
details, see Policy-Based Routing (Source-Based Routing) on page 259.
Benefits
By redirecting client requests to a local cache or application server, you can increase
the speed at which clients access the information and free up valuable network
bandwidth.
AR for cache redirection provides the following benefits:
• Faster client access to information.
• Increased network bandwidth.
• Policy based routing.
• Only suitable traffic is directed to the local cache.
• Multiple caches can be connected and load-balanced.
• The redirection process is transparent to the client.
• Redundant caches can be configured.
How It Works
For AR to occur, the P333R-LB is positioned on the traffic route (instead of the local
cache) and redirects packets from their original destination (WAN access router) to
alternative cache servers. The redirection process involves the following steps:
1 Checks whether the packet characteristics complies with one of the defined
filter rules. The user has to configure rules in order to define which clients/
destinations are to be redirected to the cache applications.
2 Routes the packet to the cache server instead of the original destination (the
Web server).
3 The cache checks if it has the relevant information. If it does, it replies to the
client. If the cache does not have the information, it retrieves the information
from the real Web server, and then replies to the client.
The P333R-LB supports transparent caches. A transparent cache is a cache which is
capable of accepting packets not destined to its IP. The cache usually uses NAT in its
IP stack, so the higher layers can process packets not destined to the cache IP.
The following steps illustrate a classic example of what occurs during AR:
1 The user issues an HTTP request with its IP address as the source address and
the Web server's IP address as the destination address.
2 The P333R-LB routes the packet to the Web cache(s) (load balancing if needed),
but the packet still has the Web server's IP address as the destination IP address.
3 If the cache has the required page, the cache returns the page to the client with
the destination IP address of the client and the source IP address of the Web
server. If the cache does not have the required page, the Cache returns the
packet to the P333R-LB, and it is routed to the Web server.
4 On the way back from the Web server, P333R-LB routes the packet to the cache.
The cache updates itself with the new page, and returns the packet to the client.
In the Cache Redirection packet flow, there are two events that are in-
distinguishable on the IP level:
• When the packet arrives from the Client, the packet should be redirected to the
cache.
• When the packet arrives from the cache with the same addresses, the packet
should be routed to the WAN.
To address this issue, the P333R-LB uses different VLAN areas for the clients and
the cache. If a packet arrives to the P333R-LB from the client's VLAN, it is redirected
to the cache, and if it arrives from the server’s VLAN, it is routed to the WAN.
Configuration Examples
Application Redirection
The following figure illustrates an AR configuration.
Figure 9.1 Cache Redirection Configuration Example
Client Area
193.170.2.3
LAN 10.2.2.5
WAN
EdgeRouter
Server
10.1.1.3
VLAN 2
Server Area
Server Server
10.1.1.1 10.1.1.2
Local Web Cache Servers
Note:
1. The Cache Servers must not be on the local subnet of one of the P333R-LB’s local
subnets.
2. The clients must not reside on the cache’s subnet or VLAN.
In order to configure the load balancer according to Figure 9.1, perform the
following commands:
P333R-LB-1(configure)# interface 2
Done!
P333R-LB-1(config-if:2)# ip address 10.2.2.3 255.255.255.0
Done!
P333R-LB-1(config-if:2)# exit
P333R-LB-1(configure)# interface 3
Done!
P333R-LB-1(config-if:3)# ip address 10.1.1.3 255.255.255.0
Done!
P333R-LB-1(config-if:3)# ip vlan 2
Done!
P333R-LB-1(config-if:3)# exit
P333R-LB-1(configure)# ip default-gateway 10.2.2.5
Done!
P333R-LB-1(configure)# set vlan-area 2 servers
Done!
P333R-LB-1(configure)# real-ar-server 10.1.1.1
Done!
P333R-LB-1(config-rsrvr:10.1.1.1)# exit
P333R-LB-1(configure)# real-ar-server 10.1.1.2
Done!
P333R-LB-1(config-rsrvr:10.1.1.2)# exit
P333R-LB-1(configure)# rsg cache-group
Done!
P333R-LB-1(config-rsg:cache-group)# type-id ar 1
Done!
P333R-LB-1(config-rsg:cache-group)# real-ar-server 10.1.1.1
Done!
P333R-LB-1(config-rsg:cache-group)# exit
P333R-LB-1(configure)# virtual-ar-service web-cache
Done!
P333R-LB-1(config-v-ar-srvc:web-cache)# id 1
Done!
P333R-LB-1(config-v-ar-srvc:web-cache)# application tcp 80
Done!
P333R-LB-1(config-v-ar-srvc:web-cache)# rsg cache-group
Done!
P333R-LB-1(config-v-ar-srvc:web-cache)# exit
P333R-LB-1(configure)# ar-filter 1 any any 1
Done!
real-ar-server 10.1.1.1
real-ar-server 10.1.1.2
!
virtual-ar-service "web-cache"
id 1
application tcp 80
rsg "cache-group"
!
ar-filter 1 any any 1
!
set vlan-area 2 servers
193.170.2.3
LAN 10.2.2.5
WAN
10.4.1.3 EdgeRouter
Server
10.1.1.3
VLAN 2
Server Area
Server Server
10.1.1.1 10.1.1.2
Local Web Cache Servers
type-id slb 1
real-slb-server 10.1.1.1
real-slb-server 10.1.1.2
!
rsg "transparent-proxy-group"
type-id ar 1
real-ar-server 10.1.1.1
real-ar-server 10.1.1.2
!
virtual-server "none-transparent-proxy-server"
id 1
vip 10.4.1.1
!
virtual-slb-service "tcp-8080"
id 1
application tcp 8080
rsg "none-transparent-proxy-group"
!
virtual-ar-service "transparent-proxy-server"
id 1
application tcp 80
rsg "transparent-proxy-group"
!
ar-filter 10 any 10.1.1.0 0.0.0.255 no-ar
ar-filter 20 any any "transparent-proxy-server"
!
set vlan-area 2 servers
In the example above, the same two Cache Servers are configured as Real Servers
for Server Load Balancing and for Application Redirection. Also, two Virtual
Services are configured: one is a SLB service for the non-transparent proxy cache
implementation and the second is an AR service for the transparent cache
implementation.
Traffic destined to the proxy cache, will be sent by the client to the VIP as the Dest.
IP address, and dealt by the SLB Virtual Service (i.e. the P333R-LB will NAT the
packets and send them to the Real Server based on the configured metrics). If the
packets have to be sent further to the Internet, the P333R-LB will receive the packets
with the Source IP address of the cache (since it is a non-spoofing cache) and route
them to the Edge Router. On the way back, the packet will be routed to the Real
Server (since its IP address is now the Dest. IP address) and the cache will send the
packet back to the client.
Traffic not destined to the proxy cache, will be sent with the Web Servers IP address
(193.170.2.3) as the Dest. IP address and will be dealt by the AR Virtual Service as
usual, based on the second rule of the "ar-filter" statement.
The reason for the first "ar-filter" statement (ar-filter 10 any 10.1.1.0 0.0.0.255 no-ar)
is as follows: both in the SLB and in the AR cases it might happen that the packet
has to be forwarded to the Web Server (if the required data is not in the cache). On
their way back we do not want packets coming from the Web Server to the cache in
response to the non-transparent proxy cache SLB function to be load-balanced
according to the AR service metric. To prevent this from happening, the first "ar-
filter" statement ensures that any packets destined to any of the Real Servers
(caches) will not be subject to Application Redirection but rather will be routed to
the correct Real Server.
Round Robin
Using the Round Robin metric, new sessions are issued to each server in turn based
on the Real Server weight. The first Real Server in the group receives the first ‘n’
sessions, where ‘n’ is the Real Server weight. The second Real Server receives the
next ‘n’ sessions, and so on. When all the servers receive at least one session, the
issuing process starts over with the first Real Server.
Hash
Using the Hash metric, sessions are distributed to cache servers using a predefined
mathematical hash function. This hash function is created by a hash value,
performed on a specific parameter. The source and destination IP addresses are
used as the hash function input.
P333R-LB creates a list of all the currently available cache servers. The result of the
hash function is used to select a cache server from the list. Specific addresses always
produce the same hash function, providing natural persistency.
If a cache server is added or removed to the group, the persistency will be broken.
This occurs, since the order of the cache servers in the list changes, but the hash still
points to the same list entries. The following figure illustrates how a loss of
persistency occurs when a cache server becomes non-operational.
1
Persistency
3
The same
Hash Function 4 3
Hash Function
pointing to Server 4 4
1 pointing to Server 1
2 1
3 3
When Cache Server 2 is removed from the group, the list of available cache servers
is readjusted, causing a lack of persistency. However, if Cache Server 2 becomes
operational again, the list of available cache servers is restored to its original order,
and persistency is recovered.
MinMiss Hash
The default metric parameter for MinMiss Hash in AR is the destination IP address.
MinMiss distributes sessions to cache servers in the same way as the Hash metric.
However, MinMiss Hash sustains persistency even when a cache server is removed
from the cache server group. When a cache server fails or is removed, the positions
of the other cache servers in the list do not change. Instead, the remaining cache
servers are redistributed to the list entries freed by the failing cache server. The
following figure illustrates how persistency is maintained even though a cache
server becomes non-operational.
Figure 9.4 MinMiss Hash Metric - Persistency Sustained
1 1
2 1
3 3
Server 2
4 4
1 1 Persistency
2 3
Kept
3
Server
3 The same
Hash Function 4 Hash Function still 4
pointing to Server 4 pointing to Server 4 1
1
2 4
3 3
When Cache Server 2 is removed from the group, the list of available cache servers
is not readjusted. Only the list entries that are now empty are replaced with other
available cache servers. Therefore, persistency is sustained for all available cache
servers. If Cache Server 2 becomes operational again, the list of available cache
servers is recalculated so that the smallest number of cache servers is affected.
However, the list of cache servers is not restored to its original configuration. As a
result, persistency is only partially recovered.
Health Check
The P333R-LB constantly health-checks the Real Servers to ensure that each Real
Server (in this case, each server) is accessible and operational. A server that fails the
health check is automatically removed from the load balancer’s internal list of
currently available servers.
P333R-LB supports the following health-check methods:
• ICMP Echo - Each server is periodically pinged and checked if an answer was
received.
• TCP Port Checking - A TCP connection is periodically opened to every server,
checking for successful completion of the connection.
• HTTP Server Checking - Useful for web applications, this method enables
verifying HTTP server functioning by comparing the response from the server
with a complete sample of the web page. The P333R-LB sends a request to the
HTTP server to simulate an outside request. The P333R-LB compares the
server’s response with the sample to ascertain the level that the HTTP server is
functioning. P333R-LB supports the following HTTP retrieving methods:
— Head - Retrieve only the HTTP headers without document body content.
This is the default method.
— Get - Retrieve all data from the HTTP server.
P333R-LB supports the following responses:
— Any response - P333R-LB assumes the server is functional when P333R-LB
receives any response.
— Any OK response - P333R-LB assumes the server is functional when the
server’s response is one of the HTTP OK responses (codes 201-204).
— Exact OK response - P333R-LB assumes the server is functional only when
P333R-LB receives the exact response expected (code 200). This is the
default method.
Note: If you selected HTTP 1.1, you can specify a Domain Name to be used in the
Health Check query. If you don’t specify a Domain Name, the Real Server’s IP
address and the Real port is used.
Note: In the HTTP Expected String Health Check script “\r\n” denotes “enter”.
You need to verify that the configured request results in the configured expected
response. P333R-LB searches for the expected string only in the first packet sent
by the server as a response to the script query.
A successful Script Health Check is defined as one with a valid expected string,
as well as a sucessful completion of the TCP connection.
Note: In the Script Health Check query and expected-string “\r\n” denotes “enter”.
Note: The default health check method for Application Redirection is Ping.
For the commands to configure the different Health Checks, refer to Health Check
Commands on page 304.
Client Persistency
Persistency is a way to ensure that all traffic related to a given session and all
sessions of a given characteristic are served by the same server.
Client persistency is the persistency between many sessions for one client. Client
persistency ensures that all traffic from the client is directed to the same Real Server.
Client persistency is achieved either by using naturally persistent load balancing
schemes (such as Hash or MinMiss Hash) or by forcing persistent load balancing
decisions on non-persistent load balancing schemes (such as Round Robin).
Decision forcing is performed by storing the history of the latest decisions in a cache
for a limited time, and sending the packets to the appropriate server based on
previous load balancing decisions.
Regardless of the client persistency nature of the selected load balancing metric, the
P333R-LB offers a unique client persistency feature that is available in all load
balancing metrics. Client persistency is based on a "persistency cache". Load
balancing decisions are recorded in a persistency cache for a specified time
configured by the user. When a new session that matches an entry in the persistency
cache is processed by the P333R-LB, it is directed to the same server pointed by the
cache (provided, of course, that the server is considered healthy).
The key to the persistency cache is based on the client IP, in combination with a
wildcard. This allows persistency to be configured per an exact IP address, or per a
group of addresses. For instance, in cases where clients hide behind a NAT device
which selects NAT addresses from an address block of 255 addresses, enabling the
persistency cache with a wildcard of 0.0.0.255 will map all clients to a single entry
and a single Real Server.
Redundancy
This chapter discusses the redundancy schemes of VRRP, SRRP, and additional
redundancy schemes (Real Server Group Backup and Real Server Backup).
VRRP
VRRP is an IETF protocol designed to support redundancy of routers on the LAN,
as well as load balancing of traffic. VRRP is transparent to host stations, making it
an ideal choice when redundancy, load balancing and ease of configuration are all
required.
The concept underlying VRRP is that a router can backup other routers, in addition
to performing its primary routing functions. Redundancy is achieved by
introducing the concept of a virtual router. A virtual router is a routing entity
associated with multiple physical routers. The routing functions of the virtual router
are performed by one of the physical routers with which it is associated. This router
is known as the master router.
For each virtual router, VRRP selects a master router. If the selected master router
fails, another router is selected as master router.
In VRRP, two or more physical routers can be associated with a virtual router, thus
achieving the extreme reliability inherent in the P333R-LB SAFER architecture.
In a VRRP environment, host stations interact with the virtual router. They are not
aware that this router is a virtual router, and they are not affected when a new
router takes over the role of master router. This makes VRRP fully interoperable
with every host station.
VRRP can be activated on an interface using a single command, while allowing for
the necessary fine-tuning of the many VRRP parameters. For a detailed description
of VRRP, refer to VRRP standards and published literature.
Introducing a Load Balancer into the network creates a single point of failure. As a
result, users will most likely want a backup implementation between two
P333R-LBs.
For FWLB, the my-ip parameter of the hc-ip command can also be an associated
IP address of a virtual router. In addition, the override addr owner parameter
of the ip vrrp command should be used.
For AR, at least two virtual routers should be configured: one for the client vlan area
and the other for the server vlan area. The servers should be configured with the
VRRP IP as their default gateway. In addition, the clients should be configured with
the VRRP IP as their default gateway. The same physical router should be the
master of all the virtual routers, using the priority command if necessary.
For SLB, a modification to VRRP is necessary. In this case, you need to backup the
VIP (in addition to a routing interface of the router). An interface on the VIP’s
subnet still has to be configured. The VIP will be configured as the Associated IP of
the VRRP.
Note: When two P333R-LBs are connected in a VRRP pair with Full NAT configured
on both, you need to configure different PIP address ranges for each P333R-LB.
VRRP Commands
The following table displays the VRRP Commands:
Command Page
ip vrrp 265
User Mode
Output Example:
Router-1> show ip vrrp
VRRP is globally enabled
VLAN VRID IP Address Pri Timer State Since
------ ------ --------------- ---- ------- --------- -----------
1 1 192.168.66.23 255 1 MASTER 00:00:00
1 2 192.168.66.24 100 1 BACKUP 00:00:00
Output Example:
Router-1> show ip vrrp detail
VRRP is globally enabled
Virtual Router on VLAN: 1
Router-id: 1
State: MASTER
Priority: 255
Advertisement Interval: 1
Configure Mode
Note: You cannot activate both VRRP and SRRP protocols at the same time.
Interface Mode
ip vrrp Command
Use the ip vrrp command to create a virtual router on the interface. Use the no
form of this command to delete a virtual router.
Example:
Router-N(config-if:marketing)# ip vrrp 1
Example:
To associate address 10.0.1.2 with virtual router 1:
Router(config-if:marketing)# ip vrrp 1 address 10.0.1.2
Example:
To set the virtual router advertisement timer value for virtual router 3 to 2:
Router-N(config-if:marketing)# ip vrrp 3 timer 2
Example:
To set the priority value for virtual router 1 to 10:
Router-N(config-if:marketing)# ip vrrp 1 priority 10
Example:
Router-N(config-if:marketing)# ip vrrp 1 preempt
Example:
ip vrrp 1 primary 192.168.66.23
Example:
Router-N(config-if:marketing)# ip vrrp 1 override addr owner
Configuration Example
The following figure illustrates a VRRP configuration according to SLB.
Figure 10.1 SLB - VRRP Configuration Example
Real Server 1
193.170.1.1 10.1.1.10 10.1.1.1
Server
193.170.1.4 P333R-LB1
Real Server 2
WAN P333R-LB2 10.1.1.2
VIP=193.170.1.3 Server
Edge Router
Real Server 3
193.170.1.2 10.1.1.11 10.1.1.3
Server
RSG
server-group
--------------
P333R-LB2
--------------
hostname "BACKUP"
!
router vrrp
!
interface "1"
ip vlan name "Default"
ip address 193.170.1.2 255.255.255.0
!
interface "2"
ip vlan name "Default"
SRRP
P333R-LB SRRP redundancy capabilities provide automatic backup Layer 3
switching for IP stations. P333R-LB units can be configured to back each other up so
that if one fails the other will take over its forwarding functions. The backup P333R-
LB is not idle. As long as both P333R-LB units are functional, traffic is shared
between them. The P333R-LB modules can be in the same P330 stack or in different,
connected, P330 stacks. The P333R-LB can back up another P333R-LB unit or any
other router.
A P333R-LB unit configured to back up another unit monitors the other’s status by
polling it at configured intervals, and automatically detects when the other router
fails and when it becomes functional again. When detecting a failure, the backup
P333R-LB sends a gratuitous ARP message that causes all stations to send their IP
traffic to the backup P333R-LB MAC address instead of the failed unit MAC
address. As long as it is an active backup resulting from the failure of the main unit,
the backup P333R-LB answers ARP requests for the main unit, providing its own
MAC address.
SRRP Commands
The following table displays the SRRP Commands:
Command Page
poll-interval 274
timeout 274
User Mode
Output Example:
Router-1(super)# sh ip srrp
Admin status Oper State Poll interval Timeout
------------ ---------- ------------- -------
DISABLE INACTIVE 1 12
Showing 2 rows
Configure Mode
Note: You cannot activate both VRRP and SRRP protocols at the same time.
Router-SRRP Mode
poll-interval Command
Use the poll-interval command to configure the polling interval in seconds
used by SRRP. Use the no form of this command to return to the default polling
interval of 1 second.
Example:
Router-N(configure router:srrp)# poll-interval 4
timeout Command
Use the timeout command to configure the timeout (in seconds) after which
SRRP declares the main router dead if it does not reply to polling.
Use the no form of this command to return to default timeout interval of 12
seconds.
Example:
Router-N(configure router:srrp)# timeout 6
Interface Mode
Example:
Router-N(config-if:marketing)# ip srrp backup 192.168.50.11
Backup RSG
Server
Server
Server
Real Server 1
10.1.1.1
Server
10.5.1.2
Real Server 2
WAN 10.1.1.2
Server
RSG
server-group
hostname "P333R-LB"
!
interface "2"
ip vlan name "Default"
ip address 10.1.1.10 255.255.255.0
!
interface "3"
ip vlan name "Default"
ip address 10.5.1.2 255.255.255.0
!
interface "1"
ip vlan name "Default"
ip address 193.170.1.1 255.255.255.0
!
ip default-gateway 193.170.1.2 1 low
!
real-slb-server 10.1.1.1
!
real-slb-server 10.1.1.2
!
real-slb-server 10.1.1.3
!
real-slb-server 10.5.1.3
!
real-slb-server 10.5.1.4
!
real-slb-server 10.5.1.5
!
rsg "backup-group"
type-id slb 1
real-slb-server 10.5.1.3
real-slb-server 10.5.1.4
real-slb-server 10.5.1.5
!
rsg "server-group"
type-id slb 2
real-slb-server 10.1.1.1
real-slb-server 10.1.1.2
real-slb-server 10.1.1.3
!
rsg "server-group"
backup 1
!
virtual-server "web-farm"
id 1
vip 193.170.1.3
!
virtual-slb-service "www-service"
id 1
application tcp 80
rsg "server-group"
When the primary Real Server has recovered, it will resume operation and begin to
receive new sessions. Ongoing sessions will continue going to the backup Real
Server until they are completed. In addition, to keep persistency, new sessions
might open to the backup Real Server.
10.5.1.2
Real Server 2
WAN 10.1.1.2
Server
RSG
server-group
!
rsg "server-group"
type-id slb 1
real-slb-server 10.1.1.1
real-slb-server 10.1.1.2
real-slb-server 10.1.1.3
!
virtual-server "web-farm"
id 1
vip 193.170.1.3
!
virtual-slb-service "www-service"
id 1
application tcp 80
rsg "server-group"
Policy
This chapter discusses policy. Policy commands are used when working with policy
lists and policy rules.
Scope
The P333R-LB can enforce policy rules on traffic addressed to its interfaces.
This feature allows the user to block any configuration (e.g. SNMP, TELNET, and
HTTP) of the router/load balancer.
Policy Commands
Overview
The following table displays the Policy commands:
Command Page
ip access-group 288
ip access-list 289
ip access-list-name 290
ip-access-list-owner 290
ip access-list-cookie 291
ip access-list-copy 291
ip access-list-scope 293
ip simulate 294
validate-group 294
User Mode
Example:
Router-N> show access-group
access-group 100
Output Example:
Router-N> show ip access-lists
Router-1(super)# sh ip access-lists
The current policy source is local
List 100 is not validated - the List was changed since the last
validation
List 100 status is unknown(0)
List 100 scope is forward
ip access-list 100 25 fwd5 ip
any
any range 20 21
default action for list 100 is permit
Example:
Router-N>show ip access-list-dscp 101 63
Output Example:
Router-N> show dscp
Router-1(super)# sh dscp
set qos trust trust-dscp
DSCP table validity status: Valid
DSCP Action Precedence ApplicStatus ApplicType Name
---- ------------ ---------- ------------ ------------ ----------
0 fwd0 mandatory applicable static DSCP #0.0
1 fwd0 mandatory applicable static DSCP #0.1
2 fwd0 mandatory applicable static DSCP #0.2
3 fwd0 mandatory applicable static DSCP #0.3
4 fwd0 mandatory applicable static DSCP #0.4
5 fwd0 mandatory applicable static DSCP #0.5
6 fwd0 mandatory applicable static DSCP #0.6
7 fwd0 mandatory applicable static DSCP #0.7
8 fwd1 mandatory applicable static DSCP #0.8
9 fwd1 mandatory applicable static DSCP #0.9
10 fwd1 mandatory applicable static DSCP #0.10
11 fwd1 mandatory applicable static DSCP #0.11
12 fwd1 mandatory applicable static DSCP #0.12
13 fwd1 mandatory applicable static DSCP #0.13
14 fwd1 mandatory applicable static DSCP #0.14
15 fwd1 mandatory applicable static DSCP #0.15
16 fwd2 mandatory applicable static DSCP #0.16
17 fwd2 mandatory applicable static DSCP #0.17
18 fwd2 mandatory applicable static DSCP #0.18
Configure Mode
ip access-group Command
Use the ip access-group command to activate a specific policy list. To
deactivate the policy list, use the no version of this command.
Example:
Router-N>ip access-group 101
ip access-list Command
Use the ip access-list command to create a specific policy rule. This
command defines a policy rule. The access list contains several of these rules. Each
rule pertains to the source IP address, the destination IP address, the protocol, the
protocol ports (if relevant), and to the ACK bit (if relevant).
<source-ip> ip network
<operator> eq | lt | gt | range
<destination-ip> ip network
Example:
Router-N>ip access-list 101 23 deny ip any
1.2.0.0 0.0.255.255
To delete a specific rule, use the no form of this command.
ip access-default-action Command
Use the ip access-default-action command to set the default action for a
specific policy list.
Example:
Router-N>ip access-default-action 101 default-action-deny
ip access-list-name Command
Use the ip access-list-name command to set a name for a policy list.
Example:
Router-N>ip access-list-name 101 morning
ip access-list-owner Command
Use the ip access-list-owner command to set the owner for a specific policy
list.
Example:
Router-N>ip access-list-owner 101 admin
ip access-list-cookie Command
Use the ip access-list-cookie command to set the list cookie for a specific
policy list.
Example:
Router-N>ip access-list-owner 101 12345
ip access-list-copy Command
Use the ip access-list-copy command to copy a configured source policy
list to a destination policy list.
Example:
Router-N>ip access-list-copy 100 101
Example:
Router-N>ip access-list-dscp operation 101 9-16 fwd3
Example:
Router-N>ip access-list-dscp trust 101 trust-dscp
Example:
Router-N>ip access-list-dscp precedence 101 16 mandatory
Example:
Router-N>ip access-list-dscp name 101 16 “special”
ip access-list-scope Command
Use the ip access-list-scope command to set the scope of a policy list.
Example:
Router-N>ip access-list-scope 101 forward
ip simulate Command
Use the ip simulate command to check the policy for a simulated packet. The
command contains the addressed list number, and the packet parameters.
Example:
Router-N>ip simulate 100 192.67.85.12 193.76.54.25
validate-group Command
Use the validate-group command to verify that all the rules in a priority list
are valid.
If there is a configuration problem with a specific rule, or with a number of rules,
detailed error messages will be given.
Example:
Router-N(configure)# validate-group 101
Note: Before configuring the IP access list, you must change the policy source mode
to local.
Example:
Router-N(configure)# set qos policy-source local
Note:
1. All commands must be performed in either configure or super mode, unless
otherwise specified. To enter configure mode, for example, type configure.
2. You can use all show commands in user mode.
3. To exit a context mode, type exit.
ar-filter 299
lb-control 301
hc 304
pip 312
real-ar-server 313
real-slb-server 318
real-bridging-fw 324
real-routing-fw 330
rsg 336
set 341
show 342
virtual-server 374
AR-Filter Commands
This section illustrates the ar-filter commands.
ar-filter Command
Use the ar-filter command to create an Application Redirection (AR) filter.
Examples:
Router-N(configure)# ar-filter 1 10.1.1.1 0.0.0.128 any Vsrvc1
Router-N(configure)# ar-filter 2 host 10.1.1.1 10.2.2.2
0.0.0.128 3 uni-directional
ar-filter-admin-status Command
Use the ar-filter-admin-status command to enable or disable the
administrative status of an AR filter.
Example:
Router-N(configure)# ar-filter-admin-status 1 disable
LB Control Commands
This section illustrates the lb control commands.
lb control ar Command
Use the lb control ar command to enable Application Redirection (AR).
Example:
Router-N(configure)# lb control ar
no lb control ar Command
Use the no lb control ar command to disable AR.
Example:
Router-N(configure)# no lb control ar
Example:
Router-N(configure)# lb control fwlb
Example:
Router-N(configure)# lb control precedence ar-prior-to-slb
Example:
Router-N(configure)# lb control slb
Example:
Router-N(configure)# no lb control slb
hc ping Command
Use the hc ping command to configure a Ping Health Check.
Example:
Router-N(super)# hc ping 12
hc tcp-connect Command
Use the hc tcp-connect command to configure a TCP Health Check.
Example:
Router-N(super)# hc tcp-connect 16 80
hc http Command
Use the hc http command to create/enter the HTTP Health Check context.
Example:
Router-N(super)# hc http 7
Example:
Router-N(super-hc-http:7)# port 65
1.0 Sets the version number for the Health Check to 1.0
(default).
1.1 Sets the version number for the Health Check to 1.1.
Example:
Example:
Router-N(super-hc-http:7)# method get
url The URL for the Health Check to retrieve from the
server - a string up to 255 characters.
Example:
Router-N(super-hc-http:7)# url /index.html
Example:
Router-N(super-hc-http:7)# success-response any-ok
Example:
Router-N(super-hc-http:7)# domain www.avaya.com
Note: To define a name that includes spaces, enclose the entire name in quotation
marks (e.g. "new york").
Example:
Router-N(super-hc-http:7)# expected-string <HTML><HEAD>
Example:
Router-N(super-hc-http:7)# expected-string-offset 5
hc script Command
Use the hc script command to create/enter the Script Health Check context.
Example:
Router-N(super)# hc script 3
same result by not entering the port command with no port number, or with port
number 0.
port number The port number used to run a script, an integer from
0 - 65535.
Example:
Router-N(super-hc-script:5)# port 34
Example:
Router-N(super-hc-script:5)# query "GET /index.html HTTP/
1.1\r\nHOST:149.49.1.1\r\n"
Note: To define a name that includes spaces, enclose the entire name in quotation
marks (e.g. "new york").
Example:
Router-N(super-hc-script:5)# expected-string <HTML><HEAD>
Example:
Router-N(super-hc-script:5)# expected-string-offset 7
pip-bank Command
Use the pip-bank command to configure a PIP.
Example:
Router-N(super)# pip-bank 12
pip-addresses Command
Use the pip-addresses command to configure the range of PIP addresses.
Example:
Router-N(super-pip-bank:1)# pip-addresses 10.1.1.1 10.1.2.2
Real-AR-Server Commands
To configure a real server to be used by the Application Redirection (AR)
application:
1 Use the real-ar-server command to enter a real AR server context.
2 Use any of the remaining real-ar-server commands as required.
real-ar-server Command
You can also configure this command in user mode.
Use the real-ar-server command to create and/or enter a real AR server
context.
Example:
Router-N(configure)# real-ar-server 10.1.1.2
no real-ar-server Command
Use the no real-ar-server command to delete a real server from using AR.
Example:
Router-N(configure)# no real-ar-server 10.1.1.1
Example:
Router-N(configure)# admin-status enable
Example:
Router-N(configure)# backup 10.1.1.2
Example:
Router-N(configure)# no backup 10.1.1.2
Example:
Router-N(configure)# hc failure-retries 10
Example:
Router-N(configure)# hc interval 10
Example:
Router-N(configure)# hc success-retries 10
Example:
Router-N(configure)# hc timeout 10
Example:
Router-N(configure)# weight 5
Real-SLB-Server Commands
To configure a real server to be used by the Server Load Balancing (SLB)
application:
1 Use the real-slb-server command to enter a real SLB server context.
2 Use any of the remaining real-slb-server commands as required.
real-slb-server Command
You can also configure this command in user mode.
Use the real-slb-server command to create and/or enter a real SLB server
context.
Example:
Router-N(configure)# real-slb-server 10.1.1.2
no real-slb-server Command
Use the no real-slb-server command to delete a real server from using SLB.
Example:
Router-N(configure)# no real-slb-server 10.1.1.1
Example:
Router-N(configure)# admin-status enable
Example:
Router-N(configure)# backup 10.1.1.2
Example:
Router-N(configure)# no backup 10.1.1.2
Example:
Router-N(configure)# hc failure-retries 10
Example:
Router-N(configure)# hc interval 10
Example:
Router-N(configure)# hc success-retries 10
Example:
Router-N(configure)# hc timeout 10
Example:
Router-N(configure)# weight 5
Real-Bridging-FW Commands
To configure a real firewall to be used by the Bridging Firewall Load Balancing
(FWLB) application:
1 Use the real-bridging-fw command to enter a real bridging firewall
context.
2 Use any of the remaining real-bridging-fw commands as required.
real-bridging-fw Command
You can also configure this command in user mode.
Use the real-bridging-fw command to create and/or enter a real bridging
firewall context.
Example:
Router-N(configure)# real-bridging-fw 10.1.1.2
no real-bridging-firewall Command
Use the no real-bridging-fw command to delete a real firewall from using
Bridging FWLB.
Example:
Router-N(configure)# no real-bridging-fw 10.1.1.1
Example:
Router-N(configure)# admin-status enable
Example:
Router-N(configure)# backup 10.1.1.2
Example:
Router-N(configure)# no backup 10.1.1.2
Example:
Router-N(configure)# hc failure-retries 10
Example:
Router-N(configure)# hc interval 10
Example:
Router-N(configure)# hc success-retries 10
Example:
Router-N(configure)# hc timeout 10
Example:
Router-N(configure)# weight 5
Real-Routing-FW Commands
To configure a real firewall to be used by the Routing Firewall Load Balancing
(FWLB) application:
1 Use the real-routing-fw command to enter a real routing firewall context.
2 If you are creating a new real routing firewall, you must use the
real-routing-fw id command to give it an identification number (see page
331).
3 Use any of the remaining real-routing-fw commands as required.
real-routing-fw Command
You can also configure this command in user mode.
Use the real-routing-fw command to create and/or enter a real routing
firewall context.
Example:
Router-N(configure)# real-routing-fw 10.1.1.2
no real-routing-firewall Command
Use the no real-routing-fw command to delete a real firewall from using
Routing FWLB.
Example:
Router-N(configure)# no real-routing-fw 10.1.1.1
real-routing-fw id Command
Use the id command to set an identification number for a real routing firewall.
Example:
Router-N(configure)# id 2
Example:
Router-N(configure)# admin-status enable
Example:
Router-N(configure)# backup 10.1.1.2
Example:
Router-N(configure)# no backup 10.1.1.2
Example:
Router-N(configure)# hc failure-retries 10
Example:
Router-N(configure)# hc interval 10
Example:
Router-N(configure)# hc success-retries 10
Example:
Router-N(configure)# hc timeout 10
Example:
Router-N(configure)# weight 5
RSG Commands
To configure a real server group:
1 Use the rsg command to enter a real server group context.
2 Use any of the remaining rsg commands as required.
rsg Command
Use the rsg command to create/enter a real server group context.
Example:
Router-N(configure)# rsg rsg 1
no rsg Command
Use the no rsg command to delete a real server group.
Example:
Router-N(configure)# no rsg rsg1
Example:
Router-N(configure)# admin-status enable
Example:
Router-N(configure)# backup 2
Example:
Router-N(configure)# no backup 2
Example:
Router-N(configure)# real-ar-server 10.1.1.2
Example:
Router-N(configure)# no real-ar-server 10.1.1.1
Example:
Router-N(configure)# real-slb-server 10.1.1.2
Example:
Router-N(configure)# no real-slb-server 10.1.1.1
Example:
Router-N(configure)# real-bridging-fw 10.1.1.2
Example:
Router-N(configure)# no real-bridging-fw 10.1.1.1
Example:
Router-N(configure)# real-routing-fw 10.1.1.2 5
Example:
Router-N(configure)# no real-routing-fw 10.1.1.1 5
Set Commands
This section illustrates the set commands.
Example:
Router-N(configure)# set vlan-area 1 servers
Show Commands
This section illustrates the show commands.
Example:
Router-N(configure)# show ar-filter 1
Example:
Router-N(configure)# show ar-filter details 1
show hc Command
Use the show hc command to display the Health Check configuration.
Example:
Router-N(configure)# show hc tcp-connect 1
Example:
Router-N(super)# show hc details http 2
Example:
Router-N(super)# show hc last response slb avaya7 10.1.1.3
Example:
Router-N(configure)# show lb real-ar-server cache 10.1.1.1
Example:
Router-N(configure)# show lb real-ar-server cache details
10.1.1.1
Example:
Router-N(configure)# show lb real-slb-server cache 10.1.1.1
Example:
Router-N(configure)# show lb real-slb-server cache details
10.1.1.1
Example:
Router-N(configure)# show lb real-bridging-firewall cache
10.1.1.1
Example:
Router-N(configure)# show lb real-bridging-fw cache details
10.1.1.1
Example:
Router-N(configure)# show lb real-routing-fw cache 10.1.1.1
Example:
Router-N(configure)# show lb real-routing-fw cache details
10.1.1.1
Example:
Router-N(configure)# show lb virtual-server cache vServer1
Example:
Router-N(configure)# show lb virtual-server cache details
vServer1
Example:
RLB_3-1(develop)# show persistency-table fw-service routing-fw
fw-group
Showing 10 entries:
Source IP Destination IP Real IP
--------------- --------------- ---------------
193.170.2.1 10.2.1.10 10.1.1.2
193.170.2.2 10.2.1.10 10.1.1.1
193.170.2.3 10.2.1.10 10.1.1.2
193.170.2.4 10.2.1.10 10.1.1.1
193.170.2.5 10.2.1.10 10.1.1.2
193.170.2.6 10.2.1.10 10.1.1.1
193.170.2.7 10.2.1.10 10.1.1.2
193.170.2.8 10.2.1.10 10.1.1.1
193.170.2.9 10.2.1.10 10.1.1.2
193.170.2.10 10.2.1.10 10.1.1.1
Example:
Router-N(super)# show pip-bank 1
Example:
Router-N(configure)# show real-ar-server 10.1.1.2
Example:
Router-N(configure)# show real-ar-server details 10.1.1.2
Example:
Router-N(configure)# show real-slb-server 10.1.1.2
Example:
Router-N(configure)# show real-slb-server details 10.1.1.2
Example:
Router-N(configure)# show real-bridging-fw 10.1.1.2
Example:
Router-N(configure)# show real-bridging-fw details 10.1.1.2
Example:
Router-N(configure)# show real-routing-fw 10.1.1.2
Example:
Router-N(configure)# show real-routing-fw details 10.1.1.2
Example:
Router-N(configure)# show rsg rsg1
Example:
Router-N(configure)# show rsg details rsg1
Example:
Router-N(configure)# show virtual-ar-service ArSrvc1
Example:
Router-N(configure)# show virtual-ar-service details ArSrvc1
Example:
Router-N(configure)# show virtual-fw-service Vsrvc1
Example:
Router-N(configure)# show virtual-fw-service details Vsrvc1
Example:
Router-N(configure)# show virtual-server
Example:
Router-N(configure)# show virtual-server details
Example:
Router-N(configure)# show virtual-slb-service SrvrName
Example:
Router-N(configure)# show virtual-slb-service details SrvrName
ServiceName
Example:
Router-N(configure)# show vlan-area-mapping 1
Example:
Router-N(configure)# virtual-fw service Vsrvc1
Example:
Router-N(configure)# admin-status enable
Example:
Router-N(configure)# application udp 12 15
Example:
Router-N(configure)# failure-action
Example:
Router-N(configure)# hash-key src
virtual-ar-service hc Command
Use the hc command to set a health check method for the virtual AR service.
Example:
Router-N(configure)# hc ping
virtual-ar-service no hc Command
Use the no hc command to set the health check method for the virtual AR service
to the default (auto).
virtual-ar-service id Command
Use the id command to set the identification number for the virtual AR service.
Example:
Router-N(configure)# id 21
For more information on server metrics, see Load Balancing Metrics on page 237.
Example:
Router-N(configure)# metric round-robin
Example:
Router-N(configure)# persistency time 3000
Example:
Router-N(configure)# persistency wildcard 0.0.15.255
Examples:
Router-N(configure)# rsg rsg1
Router-N(configure)# rsg 21
Examples:
Router-N(configure)# no rsg rsg1
Router-N(configure)# no rsg 21
Example:
RLB_3-1(config-v-ar-srvc:aaa:aaa)# simulate-hash 193.170.1.1
Example:
Router-N(configure)# virtual-fw service Vsrvc1
no virtual-fw-service Command
Use the no virtual-fw-service command to delete a virtual firewall service.
Example:
Router-N(configure)# no virtual-fw-service Vsrvc1
Example:
Router-N(configure)# admin-status enable
Example:
Router-N(configure)# hash-key src
virtual-fw-service hc Command
Use the hc command to set a health check method for the virtual fw service.
Example:
Router-N(configure)# hc ping 1
virtual-fw-service no hc Command
Use the no hc command to set the health check method for the virtual firewall
service to the default (auto).
my-ip My IP address.
Example:
Router-N(configure)# hc-ip 10.10.1.2 10.20.2.3
virtual-fw-service id Command
Use the id command to set the identification number and type for the virtual
firewall service.
Examples:
Router-N(configure)# id 1
Router-N(configure)# id 2 bridging-fw
Example:
Router-N(configure)# ip route 10.1.1.2 255.255.255.0
Example:
Router-N(configure)# no ip route 10.1.1.2 255.255.255.0
For more information on server metrics, see Load Balancing Metrics on page 237.
Example:
Router-N(configure)# metric hash
Example:
Router-N(configure)# partner-mgmnt-ip 10.1.1.2
Example:
Router-N(configure)# persistency time 3000
Example:
Router-N(configure)# persistency wildcard 0.0.15.255
Examples:
Router-N(configure)# rsg rsg1
Router-N(configure)# rsg 21
Examples:
Router-N(configure)# no rsg rsg1
Router-N(configure)# no rsg 21
Example:
RLB_3-1(config-v-fw-srvc:aaa)# simulate-hash 193.170.1.1
10.1.1.1
Virtual-Server Commands
To configure a virtual server:
1 Use the virtual-server command to create/enter a virtual server context.
2 For a new virtual server, use the id command to set the identification number
for the virtual server (see virtual-server id Command on page 375).
3 Use any of the remaining virtual-server commands as required.
virtual-server Command
Use the virtual-server command to create/enter a virtual server context.
Example:
Router-N(configure)# virtual-server srvr1
no virtual-server Command
Use the no virtual-server command to delete a virtual server.
Example:
Router-N(configure)# no virtual-server srvr1
Example:
Router-N(configure)# admin-status enable
virtual-server id Command
Use the id command to set the identification number for the virtual server.
Example:
Router-N(configure)# id 10
Example:
Router-N(configure)# vip 192.46.10.44
Example:
Router-N(configure)# no vip 192.46.10.44
Example:
Router-N(configure)# virtual-slb service Srvc1
Example:
Router-N(configure)# no virtual-slb service Srvc1
Example:
Router-N(configure)# admin-status enable
protocol The protocol of the virtual SLB service: UDP, TCP, IP,
or protocol number from 0 to 255.
Example:
Router-N(configure)# application udp 12 15
Example:
Router-N(configure)# hash-key src
Example:
Router-N(configure)# hc ping
Example:
Router-N(configure)# id 21
For more information on server metrics, see Load Balancing Metrics on page 237.
Example:
Router-N(configure)# metric round-robin
Example:
Router-N(configure)# persistency time 3000
Example:
Router-N(configure)# persistency wildcard 0.0.15.255
pip start address The first PIP address of the range (for creating a PIP bank).
pip end address The last PIP address of the range (for creating a PIP bank).
Example:
Router-N(super-v-slb-srvc:slb:http)# pip-bank 12 10.1.1.1
10.1.2.1
Example:
Router-N(super-v-slb-srvc:slb:http)# no pip-bank 12
Example:
Router-N(configure)# real-port 12
Examples:
Router-N(configure)# rsg rsg1
Router-N(configure)# rsg 21
Example:
Router-N(configure)# no rsg rsg1
Router-N(configure)# no rsg 21
Example:
RLB_3-1(config-v-slb-srvc:aaa:aaa)# simulate-hash 193.170.1.1
System Requirements
Minimum hardware and Operating System requirements are:
• One of the following operating systems:
— Windows® 95
— Windows 98 SP1
— Windows 98 OSR (Second Edition)
— Windows ME
— Windows NT® Workstation or Server
— Windows 2000 Professional or Server
• Pentium® II 400 Mhz-based computer with 256 Mb of RAM
(512 Mb recommended)
• Minimum screen resolution of 1024 x 768 pixels
• Sun Microsystems Java™ plug-in version 1.2.2 (supplied)
Note for users of Netscape Navigator: The Java plug-in requires certain services from
Windows 95 which are not present if Internet Explorer is not installed. In order to
add these services to the operating system, please install Internet Explorer version 3
or higher. You can then use either browser to manage the switch.
Note: You should assign an IP address to the switch before beginning this procedure.
Note: The Web management passwords are the same as those of the CLI. If you
have created additional CLI user names or changed the default passwords then you
can use those passwords for Web management as well.
— If you have the Java plug-in installed, the Web-based manager should open
in a new window (see Figure A.2).
Figure A.2 Web-based Manager
— If you do not have the Java plug-in installed, follow the instructions on the
Welcome page that offers a variety of options to install the plug-in (see
Figure A.1).
Note: Ensure that Java or JavaScript is enabled on your Web browser. Please refer to
your browser on-line help or documentation for further information.
If the plug-in is not installed automatically, then you have three options for
installing it manually:
Note: This option is only available if the network manager has placed the files on
the local Web server.
Installing the On-Line Help and Java Plug-In on your Web Site
Copying the help files and Java plug-in to a local Web server allows users to access
the on-line help for the Embedded Manager and enables automatic installation of
the Java plug-in the first time the users tries to manage the device.
1 Copy the emweb-aux-files directory from the “Avaya P330 Documentation
and Utilities” CD to your local Web server. Please refer to your Web server
documentation for full instructions.
2 Define the URL in the P330 using the following CLI command:
set web aux-files-url //IP address/directory name
where //IP address/directory name is the location of the directory
from the previous step.
Refer to set web aux-files-url on page 125 for further details of the command.
Software Download
You can perform software download using the CLI or Avaya UpdateMaster.
Specifications
P333R-LB Switch
Physical
Power Requirements – AC
Power Requirements – DC
Environmental
Safety – AC
• UL for US approved according to UL195O Std.
• C-UL(UL for Canada) approved according to C22.2 No.950 Std.
• CE for Europe approved according to EN 60950 Std.
• Laser components are Laser Class I approved:
— EN-60825/IEC-825 for Europe
— FDA CFR 1040 for USA
• Overcurrent Protection: A readily accessible Listed safety-approved protective
device with a 16A rating must be incorporated in series with building
installation AC power wiring for the equipment under protection.
Safety – DC
• Restricted Area Access: This device should only be installed in a restricted
access area.
• Installation Codes: This device must be installed in accordance with the US
National Electrical Code, Articles 110-26 and 110-27, and the Canadian
Electrical Code, Section 12.
• Overcurrent Protection: A readily accessible Listed branch-circuit overcurrent
protective device with a 15A rating must be incorporated in the building wiring.
EMC Emissions
Emissions
Approved according to:
• US - FCC Part 15 sub part J, class A
• Europe - EN55022 class A
EN 61000-3-2
EN 61000-3-3
Immunity
Approved according to:
• EN 55024
Interfaces
• 24 x 10/100BASE-T RJ-45 port connectors.
• RS-232 for terminal setup via RJ-45 connector on front panel.
Standards Compliance
The P333R-LB complies with:
IEEE
• IEEE 802.3x Flow Control
• IEEE 802.1Q VLAN Tagging and 802.1p compatible
• IEEE 802.1D Spanning Tree protocol
• IEEE 803.3z Gigabit Ethernet ports
• IETF MIB-II, Bridge MIB, RMON, SMON
IETF
• MIB-II - RFC 1213
• Bridge MIB for Spanning Tree - RFC 1493
• RMON - RFC 1757
• SMON - RFC 2613
Basic MTBF
• 187,563 hrs minimum
Stacking Sub-module
Table B.1 Stacking Sub-module
Number of
Name
Ports
X330STK 2
Expansion Sub-modules
Number of
Name Interface
Ports
X330S2 2 1000Base-SX
X330L2 2 1000Base-LX
X330S1 1 1000Base-SX
X330L1 1 1000Base-LX
Laser Safety
The X330S1/S2 multi-mode transceivers and the X330L1/X330L2 single mode
transceivers are Class 1 laser products.
They comply with IEC 825-1 and Food and Drug Administration (FDA) 21 CFR
1040.10 and 1040.11.
The transceivers must be operated under recommended operating conditions.
Laser Classification
CLASS 1
LASER PRODUCT
Note: Class 1 lasers are inherently safe under reasonably foreseeable conditions of
operation.
Caution: The use of optical instruments with this product will increase eye hazard.
Usage Restriction
The optical ports of the module must be terminated with an optical connector or a
dust plug when not in use.
Laser Data
Number of
Name Interface
Ports
X330F2 2 100Base-FX
Number of
Name Interface
Ports
X330T16 16 10/100Base-T
Note: In order to use this module the Avaya P330 switch must have Embedded S/W
Version 2.2 or higher. You can download this from:
http://www.avaya.com/
The X330G2 can be used either as a Gigabit Ethernet link or as a high Bandwidth
backplane for connecting switches. The introduction of the GBIC interface to the
Avaya P330 family presents an added value over the existing Gigabit Ethernet
expansion modules. You can insert any of the Avaya-authorized GBIC transceivers
into the X330G2 Expansion sub-module socket. This provides you with a highly
modular and customized Gigabit Ethernet interface. The GBIC transceivers are hot-
swappable.
Safety Information
The multimode and single-mode GBIC transceivers are Class 1 Laser products.
They comply with EN 60825-1 and Food and Drug Administration (FDA) 21 CFR
1040.10 and 1040.11.
The GBIC transceivers must be operated under recommended operating conditions.
Laser Classification
CLASS 1
LASER PRODUCT
Note: Class 1 lasers are inherently safe under reasonably foreseeable conditions of
operation.
Caution: The use of optical instruments with this product will increase eye hazard.
Usage Restriction
When a GBIC transceiver is inserted in the X330G2 Expansion sub-module but is not
in use, then the Tx and Rx ports should be protected with an optical connector or a
dust plug.
Caution: All Avaya approved GBICs are 5V. Do not insert a 3.3V GBIC.
Avaya supplies the following two GBIC transceivers for the Avaya P330 X330G2
Expansion Sub-modules. You can order these directly from your local Avaya
representative using the PEC or COM Codes:
In addition, Avaya has tested and approved a number of GBIC transceivers from
other manufacturers for use with the Avaya X330G2 Expansion sub-module. An up-
to-date list can be found in Avaya’s World-Wide Web site at the following address:
http://www.avaya.com/
Click on the “Supported Devices” icon.
Specifications
Agency Approval
The transceivers comply with:
• EMC Emission: US – FCC Part 15, Subpart B, Class A;
Europe – EN55022 class A
• Immunity: EN50082-1
• Safety: UL for US UL 1950 Std., C-UL (UL for Canada) C22.2 No.950 Std., Food
and Drug Administration (FDA) 21 CFR 1040.10 and 1040.11, and CE for
Europe EN60950 Std. Complies with EN 60825-1.
MTBF
The Mean Time Between Failures (MTBF) for the X330G2 Expansion Sub-module is
594,639 hours.
Note: The X330GT2 module is only supported by Avaya P330 embedded software
versions 2.4 and higher.
Note: The Avaya P330 switch must not be operated with the expansion slot open;
the expansion sub-module should be covered with the supplied blanking plate if
necessary.
Note: X330GT2 sub-modules are hot swapable and can be inserted or removed in an
operating base unit.
Cabling
A Category 5 copper cable with RJ-45 termination should be used. You should use
all eight wires in the cable.
The maximum copper cable length connected to a 1000Base-T port is 100 m
(328 ft.)
Physical
Power Requirements
Environmental
Safety
• UL for US approved according to UL195O Std.
• C-UL(UL for Canada) approved according to C22.2 No.950 Std.
• CE for Europe approved according to EN 60950 Std.
• Overcurrent Protection: A readily accessible Listed safety-approved protective
device with a 16A rating must be incorporated in series with building
installation AC power wiring for the equipment under protection.
EMC Emissions
Emissions
Approved according to:
• Europe - EN55022 class B, 1994
• Europe - EN 6150-3-2 (Harmonics Current Emissions)
• Europe - EN 6150-3-3 (Flicker)
Immunity
Approved according to:
• EN 50082-1
• IEC 150-4-5
BUPS MTBF
• 200,000 hrs minimum
Terminal Modem
Avaya P330 RJ-45 Pin Name
DB-9 Pins DB-25 Pins
2 TXD 3 3
(P330 input)
3 RXD 2 2
(P330 output)
4 CD 4 8
5 GND 5 7
6 DTR 1 20
7 RTS 8 4
8 CTS 7 5
Note: Pin 1 of the Modem DB-25 connector is internally connected to Pin 7 GND.
How to Contact Us
To contact Avaya’s technical support, please call:
Email: csctechnical@avaya.com
Email: sgcoe@avaya.com
All trademarks, registered trademarks, service names, product and/or brand names are the sole property of
their respective owners.
Copyright © 2002 Avaya Inc. All rights reserved.