Applies To:
Show Versions
BIG-IP versions 1.x - 4.x
- 4.1.1 PTF-06, 4.1.1 PTF-05, 4.1.1 PTF-04, 4.1.1 PTF-03, 4.1.1 PTF-02, 4.1.1 PTF-01, 4.1.1, 4.1.0
2
Configuring the Base Network
Introduction
This chapter describes the BIG-IP interfaces and the related topics of self IP addresses, VLANs, Trunks, Spanning Tree Protocol (STP) domains, and port mirrors. Collectively, these objects are referred to in this manual as the base network, as distinct from the high-level network, which is built on load-balancing pools.
The base network, or at least an initial version of it, is what you configure when you run the First-Time Boot utility as described in the BIG-IP Installation Guide. This initial base network also includes such things as the default route for the BIG-IP, fully qualified domain names, and certificate information that can only be configured using the First-Time Boot utility or its sub-utilities. This section focuses on interface settings, self IP addresses, and VLANs as you would configure them once an initial base network is in place, and also covers trunks, STP domains, and port mirrors, which can be configured only at this point. (To make changes to other base network components, such as domain names, default routes, and certificate information, refer to the BIG-IP Installation Guide, or to Chapter 6, BIG-IP Base Configuration Tools, which describes the First-Time Boot utility and its various sub-utilities.)
A BIG-IP may have anywhere from two to twenty-eight network interfaces. Each active interface must be configured with a VLAN membership and each VLAN must have a self IP address. (It may have one or more additional, floating self IP addresses as required.) You can change self IP addresses or create any number of additional ones for a VLAN in floating form.
VLAN options include tagging (which allows multiple VLANs to be configured on a single interface), creating new VLANS for additional interfaces, and associating a single VLAN with multiple interfaces. In addition, you can group separate VLANs for the purpose of sharing packets between them.
Most things commonly thought of as attaching to interfaces, principally addresses and the various things that have addresses (virtual servers, NATs, SNATs, and proxies), are now attached instead to the VLAN associated with the interface. Exceptions are trunks, STP domains, and port mirrors.
- Trunks are aggregated links. In link aggregation, interfaces can be combined into a trunk to increase bandwidth in an additive manner. The other benefit of link aggregation is link fail-over. If one link in a trunk goes down, traffic is simply redistributed over the remaining links.
- Spanning Tree Protocol (STP) domains provide for loop resolution in configurations where one or more external switches is connected in parallel with an IP Application Switch. For more information about Spanning Tree Protocol, refer to the IEEE 802.1D standard.
- Port mirroring allows you to copy traffic from any interface or set of interfaces on a BIG-IP Application Switch to a single, separate interface. Typically you would install a sniffer device on the target port for debugging and/or monitoring.
Interfaces
A BIG-IP can have as few as two network interfaces and as many as twenty-eight. Interface names are fixed according to the naming convention described following. Properties that are configurable on the interfaces include media and duplex, as shown in Table 2.1.
Interface naming convention
By convention, the Ethernet interfaces on a BIG-IP take the name <s>.<p> where s is the slot number of the NIC, and p is the port number on the NIC. As shown in Figure 2.1, for the 4U platform, slot numbering is left-to-right, and port numbering is top-to-bottom. Note that slot 1 is reserved for the onboard NIC whether or not it is present.
Figure 2.1 Vertical slot and port numbering
For the 2U platform, slot numbering is top-to-bottom and port numbering is left-to-right as shown in Figure 2.2.
Figure 2.2 Horizontal slot and port numbering
For the Application Switch, slot numbering is left-to-right and port numbering is top-to-bottom as shown in Figure 2.3. Note that slot 2 is used for the gigabit ports, and slot 3 for a dedicated administrative port.
When a bigpipe command calls for a list of interfaces, the list may consist of one or more interfaces, with multiple interfaces separated by spaces. For example:
2.1 2.2 2.4 2.6
Figure 2.3 Application Switch slot and port numbering
Displaying status for interfaces
Use the following syntax to display the current status and the settings for all installed interface cards:
b interface show
Figure 2.4 is an example of the output you see when you issue this command on an active/standby unit in active mode.
Figure 2.4 The bigpipe interface show command output
interface speed pkts pkts pkts pkts bits bits errors trunk STP
Mb/s in out drop coll in out
5.1 UP 100 HD 0 213 0 0 0 74.2K 0
4.1 UP 100 HD 20 25 0 0 28.6K 33.9K 0
Use the following syntax to display the current status and the setting for a specific interface.
b interface <if_name> show
Setting the media type
You can set the media type to the specific media type for the interface card or to auto for auto detection. If the media type is set to auto and the card does not support auto detection, the default type for that interface is used, for example 1000BaseTX.
Use the following syntax to set the media type:
b interface <if_name> media <media_type> | auto
(Default media type is auto.)
Note: If the BIG-IP is inter-operating with an external switch, the media setting should match that of the switch. To accomplish this, it is best to specify the setting explicitly, and not rely on automatic detection using auto.
Setting the duplex mode
You can set duplex mode to full or half duplex. If the media type does not allow duplex mode to be set, this is indicated by an onscreen message. If media type is set to auto, or if setting duplex mode is not supported for the interface, the duplex setting is not saved to bigip.conf.
Use the following syntax to set the duplex mode:
b interface <if_name> duplex full | half | auto
(Default mode is auto.)
Note: If the BIG-IP is inter-operating with an external switch, the media setting should match that of the switch. To accomplish this, it is best to specify the setting explicitly, and not rely on automatic detection using auto.
VLANs
A VLAN is a grouping of separate networks that causes them to behave as if they were a single local area network, whether or not there is a direct ethernet connection between them. Equally important, you can make nodes on the same network behave as if they were on separate networks by placing them on separate VLANs. This VLAN segmentation localizes broadcast traffic and also provides security.
Acting as an Layer 2 switch, the BIG-IP supports two types of VLANs: interface-group (untagged), and tagged. The difference is in the method by which traffic is passed among the interfaces that are members of the VLAN. An interface group VLAN allows untagged traffic onto a member interface based on a table of member MAC addresses. A tagged VLAN allows tagged traffic onto a member interface based on the interface having a tag ID matching that of the packets.
A BIG-IP interface can belong to only one untagged VLAN but to multiple tagged VLANS. Tagging therefore becomes a way of accepting traffic from multiple VLANs onto one BIG-IP interface.
Interface group VLANs and the default VLAN mapping
By default, the First-Time Boot utility configures each interface on the BIG-IP as an untagged member of an interface-group VLAN. The BIG-IP identifies the fastest interfaces, makes the lowest-numbered interface in that group a member of the VLAN external, and makes all remaining interfaces members of the VLAN internal. This creates the mapping shown in Figure 2.5.
As Figure 2.5 shows, VLAN flexibility is such that separate IP networks can belong to a single VLAN, while a single IP network can be split among multiple VLANs. (The latter case allows the BIG-IP to be inserted into an existing LAN without renaming the nodes.) The VLANs named external and internal are separate networks, and in the configuration shown they behave like separate networks. The networks belonging to VLAN internal are also separate networks, but have been made to behave like a single network. You accomplish this using a feature called VLAN bridging.
VLAN grouping and L2 forwarding
In the example shown in figure 2.5, VLANs external and internal represent separate networks that were originally a single network. You can make them behave like a single network again much like the networks contained in VLAN internal. You accomplish this by grouping them as shown in Figure 2.6.
Figure 2.6 VLANs and a VLAN group
Grouping allows nodes on the separate VLANs to exchange packets directly using a configurable feature called L2 forwarding. L2 forwarding is the equivalent of bridging where you want communication between VLANs.
Tagged VLANs
A tagged VLAN has a tag number associated with it. Any BIG-IP interface that is explicitly added to the VLAN may send traffic tagged with that number, and can accept traffic that is similarly tagged (meaning the traffic originated from another member interface). Although it is the interface that is added to the VLAN, in practice tagging is usually used to associate multiple VLANs with a single interface. An example is shown in Figure 2.7.
Figure 2.7 Equivalent solutions using untagged and tagged VLANs
The configuration on the left shows a BIG-IP unit with three internal interfaces, each a separate interface group (untagged) VLAN. This is a typical solution for supporting three separate customer sites. The configuration on the right shows a BIG-IP with one internal interface and an external switch. The switch places each interface on a separate VLAN. Each of these VLANS is configured on the BIG-IP with a tag, and then has the BIG-IP internal interface added to each: this way the single interface becomes a tagged member of all three VLANs and accepts traffic from all three. The configuration on the right is the functional equivalent of the configuration on the left.
VLANs may be created with or without tags specified. If a tag is not specified, one is automatically assigned. Therefore, a VLAN always has a tag; whether it functions as a tagged VLAN depends on whether it actually has tagged members.
VLAN commands
Tagged and untagged VLANs may be created, renamed and deleted using the Configuration utility or at the command line. VLAN command options are summarized in Table 2.2.
Creating, renaming, and deleting VLANs
Typically, if you use the default configuration, one VLAN is assigned to each interface. However, if you need to change your network configuration, or if the default VLANs are not adequate for a network configuration, you can create new VLANs, rename existing VLANs, or delete a VLAN.
To create a VLAN using the Configuration utility
- In the navigation pane, click Network.
The VLANs screen opens. - Click the Add button to start the Add VLAN wizard.
- In the Add VLAN screen, type the attributes for the VLAN. For more information about VLANs, click the Help button.
To rename or delete a VLAN using the Configuration utility
- In the navigation pane, click Network.
The VLANs screen opens. - In the VLANs screen, use one of the following options:
- To rename a VLAN, click the VLAN name you want to change. The VLAN properties screen opens. Type the new name in the VLAN name box.
· To delete a VLAN, click the Delete button for the VLAN you want to delete.
To create, rename, or delete a VLAN from the command line
To create a VLAN from the command line, use the following syntax:
b vlan <vlan name> interfaces add <if name> <if name>
For example, if you want to create a VLAN named myvlan that contains the interfaces 1.1 and 1.2, type the following command:
b vlan myvlan interfaces add 1.1 1.2
To rename an existing VLAN, use the following syntax:
b vlan <vlan name> rename <new vlan name>
For example, if you want to rename the VLAN myvlan to yourvlan, type the following command:
b vlan myvlan rename yourvlan
To delete a VLAN, use the following syntax:
b vlan <vlan name> delete
For example, to delete the VLAN named yourvlan, type the following command:
b vlan yourvlan delete
VLAN group
A VLAN group is a grouping of two or more VLANs belonging to the same IP network for the purpose of allowing layer 2 packet forwarding, also known as L2 forwarding, between those VLANs.
For a VLAN group to use layer 2 forwarding, you must configure the following BIG-IP features:
- The VLANs between which the packets are to be passed must be on the same IP network.
- The VLANs between which the packets are to be passed must be grouped.
- Layer 2 forwarding must be enabled for the VLAN group.
- A self IP address must be assigned to the VLAN group for routing purposes.
To create a VLAN group from the command line
You can define a VLAN group from the command line using the vlangroup command. For example:
b vlangroup network11 vlans add internal external
To assign the self IP address to the VLAN group, use the following syntax:
b self <ip address> vlan <vlangroup name>
Layer 2 forwarding must be enabled for the VLAN group using the vlan proxy_forward attribute. This attribute is enabled by default when the VLAN group is enabled. To verify that proxy forwarding is enabled, type the following command:
b vlans show
Check the output of the VLAN group for proxy_forward enable.
Tagging VLANs
You can create tagged VLANs, tag existing VLANs, and add multiple tagged VLANs to a single interface. There are three steps to creating multiple tagged VLANs on one interface.
- Create the VLANs for which you want to tag the interface.
- Mark the interface as tagged.
- Add the tagged VLANs to the tagged interface.
To create a tagged VLAN using the Configuration utility
- In the navigation pane, click Network.
The VLAN screen opens. - Click the Add button.
The Add VLAN screen opens. - On the Add VLAN screen, enter the VLAN name and specify the tagged interfaces by choosing them from the Resources list and clicking tagged >>.
- Configure the other VLAN options as desired and click the Done button. (It is not necessary to fill in a VLAN tag number. This is done automatically.)
To tag an existing VLAN using the Configuration utility
- In the navigation pane, click Network.
The VLAN screen opens. - Click the VLAN name in the list.
The properties screen for that VLAN opens. - On the screen, specify the tagged interfaces by choosing them from the Resources list and clicking tagged >>. (It is not necessary to fill in a VLAN tag number. This is done automatically.)
To create a tagged VLAN from the command line
You create a new tagged VLAN using the bigpipe vlan tag command, specifying a tag number. For example:
b vlan my_vlan tag 1209
A tagged VLAN is mapped to an interface or interfaces (or an untagged VLAN is tagged and mapped an interface or interfaces) using the tagged flag. For example:
b vlan external interfaces add tagged 4.1 5.1 5.2
The effect of the command is to place a tag on interfaces 4.1.and 5.1, which in turn makes external a tagged VLAN. (However, it remains an untagged VLAN for interfaces which are part of it but not tagged.)
An interface can have more than one tag, for example, it can be a member of more than one tagged VLAN:
b vlan external interfaces add tagged 4.1
b vlan internal interfaces add tagged 4.1
Setting up security for VLANs
You can lock down a VLAN to prevent direct connection to the BIG-IP through that VLAN. This lockdown may be overridden for specific services by enabling the corresponding global variable for that service. For example:
b global open_ssh_ports enable
To enable or disable port lockdown using the Configuration utility
- In the navigation pane, click Network.
The VLAN screen opens. - Click the VLAN name in the list.
The properties screen for that VLAN opens. - To enable port lockdown, click a check in the Port Lockdown box.
To disable port lockdown, clear the check from the Port Lockdown box.
To enable or disable port lockdown from the command line
To enable port lockdown, type:
b vlan <vlan_name> port_lockdown enable
To disable port lockdown, type:
b vlan <vlan_name> port_lockdown disable
Setting fail-safe timeouts for VLANs
For redundant BIG-IP pairs, fail-over occurs when loss of traffic is detected on a VLAN, and traffic is not restored during the fail-over timeout period for that VLAN. You can enable a fail-safe mechanism to attempt to generate traffic when half the timeout has elapsed. If the attempt is successful, the fail-over is stopped.
To set the fail-over timeout and arm the fail-safe using the Configuration utility
- In the navigation pane, click Network.
The VLAN screen opens. - Click the VLAN name in the list.
The properties screen for that VLAN opens. - Check the Arm Failsafe box and specify the timeout in seconds in the Timeout box.
To set the fail-over timeout and arm the fail-safe from the command line
Using the vlan command, you may set the timeout period and also arm or disarm the fail-safe.
To set the timeout, type:
b vlan <vlan_name> timeout <timeout_in_seconds>
To arm the fail-safe, type:
b vlan <vlan_name> failsafe arm
To disarm the fail-safe, type:
b vlan <vlan_name> failsafe disarm
Setting the MAC masquerade address
You can share the media access control (MAC) masquerade address between BIG-IP units in a redundant pair. This has the following advantages:
- Increase reliability and failover speed, especially in lossy networks
- Inter-operability with switches that are slow to respond to the network changes
- Inter-operability with switches that are configured to ignore network changes
The MAC address for a VLAN is the MAC address of the first interface to be mapped to the VLAN, typically 4.1 for external and 5.1 for internal. You can view the interfaces mapped to a VLAN using the following command:
b vlan show
You can view the MAC addresses for the interfaces on the BIG-IP using the following command:
b interface show verbose
Use the following syntax to set the MAC masquerade address that will be shared by both BIG-IP units in the redundant system.
b vlan <vlan_name> mac_masq <MAC_addr>
Warning: You must specify a default route before using the mac_masq command. You specify the default route in the /etc/hosts and /etc/netstart files.
Find the MAC address on both the active and standby units, and choose one that is similar but unique. A safe technique for choosing the shared MAC address follows.
Suppose you want to set up mac_masq on the external interfaces. Using the b interface show command on the active and standby units, you note that their MAC addresses are:
Active: 3.1 = 0:0:0:ac:4c:a2
Standby: 3.1 = 0:0:0:ad:4d:f3
In order to avoid packet collisions, you now must choose a unique MAC address. The safest way to do this is to select one of the addresses and logically OR the first byte with 0x40. This makes the MAC address a locally administered MAC address.
In this example, either 40:0:0:ac:4c:a2 or 40:0:0:ad:4d:f3 would be a suitable shared MAC address to use on both BIG-IP units in the redundant system.
The shared MAC address is used only when the BIG-IP is in active mode. When the unit is in standby mode, the original MAC address of the network card is used.
If you do not configure mac_masq, on startup, or when transitioning from standby mode to active mode, the BIG-IP sends gratuitous ARP requests to notify the default router and other machines on the local Ethernet segment that its MAC address has changed. See RFC 826 for more details on ARP.
Note: The MAC masquerade information is stored in the bigip_base.conf file.
Viewing and editing the L2 forwarding table
Layer 2 forwarding is the means by which packets are exchanged directly between nodes on separate VLANs that are members of the same VLAN group as described in VLAN grouping and L2 forwarding, on page 2-7. This is accomplished using a simple forwarding table for each VLAN with proxy forward enabled. The forwarding table has an entry for each node in the VLAN and associates the MAC address of that node with the BIG-IP interface using the following format:
<MAC address> -> <if>
For example:
00:a0:c9:9e:1e:2f -> 4.1
You can view this table, delete entries, and add static entries. The entries that appear in the table automatically are learned and periodically updated and are called dynamic entries. Entries that you add to the table manually are called static entries. Static entries are not automatically updated. Entering static entries is useful if you have network devices that do not advertise their MAC addresses.
You can view and edit the L2 forwarding table using the bigpipe vlan <vlan_name> fdb command. The <vlan_name> may be either a VLAN or a VLAN group.
To view the L2 forwarding table from the command line
Type the following command:
b vlan <vlan name> fdb show
For example:
b vlan internal show
This produces a display like this:
Forwarding table --
00:40:05:30:cc:94 -> 5.1)
To view L2 forwarding table static entries from the command line
Type the following command:
b vlan <vlan name> fdb show
For example:
b vlan internal show
To view L2 forwarding table dynamic entries from the command line
Type the following command:
b vlan <vlan name> fdb dynamic show
For example:
b vlan internal fdb dynamic show
To add an entry to the L2 forwarding table from the command line
Type the following command:
b vlan <vlan name> fdb add <MAC address> interface <ifname>
For example:
b vlan internal fdb add <MAC address> interface <ifname>
To delete an entry from the L2 forwarding table from the command line
Type the following command:
b vlan <vlan name> fdb delete <MAC address> interface <ifname>
For example:
b vlan <vlan name> fdb delete 00:a0:c9:9e:1e:2f interface 4.1
vlan <vlan name> fdb static show
vlan <vlan name> fdb dynamic show
vlan <vlan name> fdb show
Setting the L2 forwarding aging time
Entries in the L2 forwarding table have a specified life span, after which they are flushed out if the MAC address is no longer present on the network. This process is called the L2 forward aging time and you can set it using the global variable L2 Aging Time. The default value is 300 seconds.
To set the L2 forwarding aging time using the Configuration utility
- In the navigation pane, click System.
The System Properties screen opens. - Click the Advanced Properties tab.
The Advanced Properties screen opens. - In L2 Aging Time text entry box, enter the aging time in seconds.
To set the L2 forwarding aging time from the command line
Type the following command:
b global l2_agingtime <time_in_seconds>
For example:
b global l2_agingtime 200
Self IP address
A self IP address is an IP address mapping to one or more VLANs and their associated interfaces on a BIG-IP. You assign a self IP address to each interface on the unit as part of First-Time Boot configuration, and you also assign a floating (shared) alias for units in a redundant pair. You can create additional self addresses for health checking, gateway failsafe, routing, or other purposes. You can create these additional self IP addresses using the self command.
To add a self IP address to a VLAN using the Configuration utility
- In the navigation pane, click Network.
The VLANs screen opens. - In the VLANs screen, click the Self IP Addresses tab.
The Self IP Addresses screen opens. - On the Self IP Addresses screen, click the Add button.
The Add Self IP Address screen opens. - In the IP Address box, type the self IP address to be assigned.
- In the Netmask box, type an optional netmask.
- In the Broadcast box, type an optional broadcast address.
- If you want to configure the self IP address as a floating address, click a check in the Floating box.
- If you want to enable the address for SNAT auto-mapping, place a check in the SNAT Automap box.
- In the VLAN box, type the name of the VLAN to which you want to assign the self IP address.
- Click the Done button.
To add a self IP address to a VLAN from the command line
Use the following syntax:
b self <addr> vlan <vlan_name> [ netmask <ip_mask> ][ broadcast <broadcast_addr>] [unit <id>]
You can add any number of additional self IP addresses to a VLAN to create aliases. For example:
b self 11.11.11.4 vlan external
b self 11.11.11.5 vlan external
b self 11.11.11.6 vlan external
b self 11.11.11.7 vlan external
Also, any one self IP address may have floating enabled to create a floating alias that is shared by both units of a BIG-IP redundant pair:
b self 11.11.11.8 floating enable
Assigning a self IP address to a VLAN automatically maps it to the VLAN's interfaces. Since all interfaces must be mapped to one and only one untagged VLAN, assigning a self IP address to an interface not mapped to an untagged VLAN produces an error message.
Enabling or disabling SNAT automap
The translation address for SNAT auto-mapping is determined by the self IP addresses you enable on the external VLAN. For more information about SNAT auto-mapping, refer to Enabling or disabling SNAT automap.
Trunks
Link aggregation is the grouping of links (individual physical interfaces) to form a trunk. Link aggregation increases the bandwidth of the individual links in an additive manner. Thus, four fast Ethernet links, if aggregated, create a single 400 Mbps link. The other advantage of link aggregation is link fail-over. If one link in a trunk goes down, traffic is simply redistributed over the remaining links.
A trunk must have a controlling link, and acquires all the attributes of that controlling link from layer 2 and above. The trunk automatically acquires the VLAN membership of the controlling link but does not acquire its media type and speed. Outbound packets to the controlling link are load balanced across all of the known-good links in the trunk. Inbound packets from any link in the trunk are treated as if they came from the controlling link.
A maximum of eight links may be aggregated. For optimal performance, links should be aggregated in powers of two. Thus, you ideally will aggregate two, four, or eight links.
To configure a trunk using the Configuration utility
- In the navigation pane, click Network.
The Network screen opens. - Click the Trunks tab.
The Trunks screen opens. - On the Trunks screen, click the Add button.
The Add Trunk screen opens. - Select the link that is to be the controlling link from the Available Interfaces list, and click controlling >>.
The interface appears at the top of the Aggregated Interfaces list. - Select the remaining link(s) from the Available Interfaces list and click aggregated >>.
The interface(s) appears in the Aggregated Interfaces list below the controlling link. - Click Done.
To configure a trunk from the command line
Use the following syntax to configure a trunk from the command line:
b trunk <controlling_if> define <if_list>
Interfaces are specified using the s.p convention, where s is slot number and p is port number. An <if_list> is one or more such interfaces, with multiple interfaces separated by spaces.
For more information on interface naming, refer to Interface naming convention, on page 2-2.
Spanning Tree Protocol (STP)
The BIG-IP Application Switch provides Spanning Tree Protocol (STP) implementation for loop resolution in configurations where one or more external switches is connected in parallel with the BIG-IP. You can use this feature to configure two or more interfaces on the unit as an STP domain. For interfaces in the STP domain, the spanning tree algorithm identifies the most efficient path between the network segments, and establishes the switch associated with that path as the root. Links forming redundant paths are shut down, to be re-activated only if the root fails.
The STP domain should contain all ports that are connected in parallel to an external switch where there are nodes on the link capable of generating or receiving traffic. A second domain is called for if there is an additional switch or switches connected in parallel with additional BIG-IP interfaces.
Warning: Use of STP may slow performance significantly, particularly if more than one STP domain is created, and may have unforeseen effects on complex networks. It is important to test your STP configuration before placing it online. For more information about Spanning Tree Protocol, refer to IEEE 802.1D.
Creating and deleting STP domains
You can create or delete STP domains using the Configuration utility or from the command line.
To create an STP domain using the Configuration utility
- In the navigation pane, click Network.
The Network screen opens. - Click the STP tab.
The Trunks screen opens. - On the STP screen, click the Add button.
The Add STP Domain screen opens - In the Add STP Domain screen, configure the STP domain attributes. For additional information about defining an STP domain, click the Help button.
To create or delete an STP domain from the command line
To create an STP domain from the command line, use the following syntax:
b stp <stp_name> interfaces add <if _list> | all
For example, if you want to create an STP domain named mystp that contains the interfaces 1.1 and 1.2, type the following command.
b stp mystp interfaces add 1.1 1.2
If you want to create an STP domain named mystp that contains all interfaces on the BIG-IP, type:
b stp <stp_name> interfaces add all
To delete an STP domain, use the following syntax:
b stp <stp_name> delete
Setting time intervals for an STP domain
You can set the time intervals in seconds for hello, max_age, and forward_delay for the STP domain from the command line using the following syntax:
b stp <stp_name> hello <interval>
b stp <stp_name> max_age <interval>
b stp <stp_name> forward_delay <interval>
Adding or deleting interfaces in an STP domain
To add interfaces to an STP domain from the command line, use the following syntax:
b stp <stp_name> interfaces add <if _list>
To delete interfaces from an STP domain, use the following syntax.
b stp <stp_name> interfaces delete <if _list>
Disabling and re-enabling an STP domain
To disable an STP domain from the command line, use the following syntax:
b stp <stp_name> disable
To re-enable interfaces on an STP domain, use the following syntax:
b stp <stp_name> enable
Note: Disabling or deleting all interfaces on an STP domain disables the domain. You cannot re-enable the domain without adding interfaces.
Disabling and re-enabling interfaces in an STP domain
To disable specific interfaces in the STP domain from the command line, use the following syntax:
b stp <stp_name> interfaces disable <if_list>
To re-enable interfaces in an STP domain, use the following syntax:
b stp <stp_name> interfaces enable <if_list>
Port Mirroring
For the IP Application Switch, you can copy traffic from any port or set of ports to a single, separate port. This is called port mirroring. You should attach a sniffer device to the target port, called the mirror-to port, for debugging and/or monitoring.
Setting up a port mirror
Port mirroring consists of specifying a a mirror-to port and adding to it one or more ports (that is, a port list) to be mirrored. You can set up port mirroring using the Configuration utility or from the command line.
To set up port mirroring using the Configuration utility
- In the navigation pane, click Network.
The Network screen opens. - Click the Interfaces tab.
The Interfaces screen opens. - Click the Port Mirroring subtab.
The Port Mirroring screen opens. - In the Port Mirroring screen, configure the port mirror attributes. For additional information about defining a port mirror, click the Help button.
To set up port mirroring from the command line
Use this bigpipe syntax for setting up port mirroring:
b mirror <mirror_to_if> interfaces add <if_list>
Example:
b mirror 3.24 interfaces add 3.1 3.3 3.10
Deleting interfaces from a port mirror or deleting a port mirror
You can delete individual interfaces from a port mirror, or you can completely delete a port mirror.
To delete interfaces from the port mirror from the command line
Use this bigpipe syntax to delete interfaces from the port mirror:
b mirror <mirror_to_if> interfaces delete <if_list>
For example:
b mirror 3.24 interfaces delete 3.10
To delete the port mirror from the command line
Use this bigpipe syntax to delete the port mirror:
b mirror <mirror_to_if> delete
For example:
b mirror 3.24 delete