Basic Switch Setup

Basic Switch Setup

Basic Switch Setup

Basic Switch Setup

Upgrading the Switch

Copy the boot code from the TFTP server into flash memory.
To do so, enter a command such as the following at the Privileged EXEC level of the CLI.

FastIron# copy tftp flash <ipaddr> <imagefilename> bootrom

You should see output similar to the following.
FWS648POE Router# Flash Memory Write (8192 bytes per
dot)........................... (Boot Flash
Update)Erase.........Write............. TFTP to Flash Done

Copy the flash code from the TFTP server into flash memory.
To do so, use the copy command at the Privileged EXEC level of the CLI.

FastIron# copy tftp flash <ipaddr> <imagefilename> primary | secondary

You should see output similar to the following.
FWS648POE Router# Flash Memory Write (8192 bytes per dot)
........................
.......................................................................
.......................................................................
.....
TFTP to Flash Done

Once you have completed the upgrade, you must reboot the device to complete the upgrade
process. Use one of the following commands:

FastIron# reload

This command boots from the default boot source, which is the primary flash area by default.

FastIron# boot system flash primary | secondary

Copy configuration files to the Switch

The following commands are used to copy configuration files to the switch.

FastIron# copy startup-config tftp <tftp-ip-addr> <filename>

Use this command to upload a copy of the startup configuration file from the Layer 2 Switch or Layer 3
Switch to a TFTP server.
FastIron# copy running-config tftp <tftp-ip-addr> <filename>

Use this command to upload a copy of the running configuration file from the Layer 2 Switch or Layer 3

Basic Switch Setup

Switch to a TFTP server.
FastIron# copy tftp startup-config <tftp-ip-addr> <filename>

Use this command to download a copy of the startup configuration file from a TFTP server to a Layer 2
Switch or Layer 3 Switch.

Securing access to the switch

Example:
FastIron(config)# enable super-user-password <text>
FastIron(config)# enable telnet password <text>
Example:
This example sets the Telnet timeout to ten minutes.
FastIron(config)# telnet timeout 10
Example:
This example sets the console timeout to ten minutes.
FastIron(config)# console timeout 10
Example:
To suppress the connection rejection message sent by the device to a denied Telnet client, enter
the following command at the global CONFIG level of the CLI:
FastIron(config)# telnet server suppress-reject-message

Syntax: [no] telnet server suppress-reject-message

Example:
If you want to remove the password encryption, you can disable encryption by entering the
following command:
FastIron(config)# no service password-encryption
Syntax: [no] service password-encryption

Adding Login Banners

FastIron(config)# banner exec # (Press Return)
Enter TEXT message, End with the character '#'.
Warning Notification!!! This system is to be used by authorized
users only for company work. Activities conducted on this system
may be monitored and/or recorded with no expectation of privacy.
All possible abuse and criminal activity may be handed over to
the proper law enforcement officials for investigation and
prosecution. Use implies consent to all of the conditions stated
within this Warning Notification. #

Basic Switch Setup

EXAMPLE:
FastIron(config)# banner incoming $ (Press Return)
Enter TEXT message, End with the character '$'.
Remote TELNET session from above host. $

EXAMPLE:
This example enables Telnet Authentication which forces Telnet connections to use the local user
database and forces the Web management and Privileged EXEC and CONFIG levels of the CLI
to use the local user database for authentication.
FastIron(config)# enable telnet authentication
FastIron(config)# aaa authentication web-server default local
FastIron(config)# aaa authentication enable default local

EXAMPLE:
This example will setup four separate user accounts and assign them with the proper access
privileges. The device will then force all Telnet, Web, and Privilege EXEC and CONFIG access to
authenticate against the devices local user accounts.
Paul - System Administrator with all rights
Jane - System Administrator with all rights (backup to Paul)
Andy - Desktop Support with port configuration access only
Brad - Unix Administrator with read only access rights
First, create the accounts with the associated privilege levels.
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#

username
username
username
username

paul
jane
andy
brad

privilege
privilege
privilege
privilege

0
0
4
5

password
password
password
password

pauls_password
janes_password
andys_password
brads_password

The privilege parameter specifies the privilege level for the account. You can specify one of the
following:
0 - Super User level (full read-write access)
4 - Port Configuration level
5 - Read Only level
The default privilege level is 0.
Next associate the local user database authentication to Telnet and Web management and
Privileged EXEC and CONFIG levels of the CLI to use the local user database for authentication.
FastIron(config)# enable telnet authentication
FastIron(config)# aaa authentication web-server default local
FastIron(config)# aaa authentication enable default local
Web management authentication can be disabled by the following command
FastIron(config)# web-management allow-no-password
Web management authentication can be enabled by the following command

Basic Switch Setup

FastIron(config)# no web-management allow-no-password
EXAMPLE:
This example configures five separate Access Lists for use with each remote access method.
Using Brocades default implicit deny, only the hosts that are permitted to use each remote
access method are specified in the access list.
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#

access-list 10 permit host 10.1.0.25

access-list 10 permit 10.2.1.0 0.0.0.255
access-list 10 permit 10.2.3.0 0.0.0.255
access-list 10 permit 10.2.5.0.0/24
access-list 11 permit host 10.1.0.25
access-list 11 permit host 10.3.1.15
access-list 12 permit host 10.3.0.27
access-list 12 permit host 10.3.1.15
access-list 13 permit host 10.5.0.1
access-list 13 permit host 10.5.1.2
access-list 14 permit host 10.5.0.3
access-list 14 permit host 10.5.1.4
ssh access-group 10
telnet access-group 11
web access-group 12
snmp-server community public ro 13
snmp-server community private rw 14

EXAMPLE:
This example creates two Layer 3 port-based VLANs and restricts the Telnet and Web
management clients to a Port Based VLAN with the ID of 10 and restricts access from SNMP and
TFTP clients to a port- based VLAN with the ID of 40.
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#
FastIron(config)#

vlan 10 by port
untagged e1 to 2
router-interface ve 10
vlan 40 by port
untagged e4 to 5
router-interface ve 40
telnet server enable vlan 10
web-management enable vlan 10
snmp-server enable vlan 40
tftp client enable vlan 40

Creating A Stack
This example creates a stack
FastIron# config t
FastIron(config)# stack enable
FastIron(config)# exit
FastIron#
Next enter the following command

Basic Switch Setup

FastIron# stack secure-setup
FastIron# Discovering the stack topology...
Current Discovered Topology - RING
Available UPSTREAM units
Hop(s) Type Mac Address
1 FLS624 0012.f239.2d40
2 FLS624 0012.f2d5.2100
Available DOWNSTREAM units
Hop(s) Type Mac Address
1 FLS624 0012.f2d5.2100
2 FGS624 0012.f239.2d40
Do you accept the topology (RING) (y/n)?: y
To show the stack topology
FastIron# show stack
alone: standalone, D: dynamic config, S: static
ID
1 S
2 D
3 D

Type Role
Mac Address
Pri
FLS648 active 00e0.52ab.cd00
128
FLS624 standby
0012.f2d5.2100
FGS624 member
0012.f239.2d40

State
local
60
remote
0
remote

Comment
Ready
Ready
Ready

Creating a Trunk
To configure a trunk group consisting of two groups of two ports each, enter commands such as
the following.
FastIron(config)#trunk ethernet 1/1 to 1/2 ethernet 3/3 to 3/4
Trunk will be created in next trunk deploy
FastIron(config)#write memory
FastIron(config)#trunk deploy

Enabling OSFP Routing

To configure OSPF on the switch the following commands can be used. The switch must support
L3 feature (Premium software), and a Virtual Interface must exist on the VLAN(s) that will be part
of the routing domain.
FastIron(Config)# vlan 1
router-interface ve 1
FastIron(Config)# interface ve 1
ip address 10.35.16.1 255.255.252.0
FastIron(Config)# router ospf
area 0.0.0.0

Basic Switch Setup

redistribution static
FastIron(Config)# interface ve 1
ip ospf area 0.0.0.0
Adding a default route to the route table
FastIron(Config)# ip route 0.0.0.0 0.0.0.0 10.35.24.203
To enable learning of default RIP routes on a global basis, enter the following command.
FastIron(config-ospf-router)#learn-default

To show the routing table

FastIron# sho ip route
To show ospf routing information
FastIron#show ip ospf

Enabling RIP Routing

To configure RIP on the switch the following commands can be used. The switch must support
L3 feature (Premium software), and a Virtual Interface must exist on the VLAN(s) that will be part
of the routing domain.
To enable RIP globally, enter the following command.
FastIron(config)#router rip
To enable RIP on an interface, enter commands such as the following.
FastIron(config)#interface ethernet 0/1/1

Basic Switch Setup

FastIron(config-if-0/1/1)#ip rip v1-only

Enabling VRRP

To implement a simple VRRP configuration using all the default values, enter commands such as
the following.

Configuring the Owner

Enable VRRP globally
FastIron1(config)#router vrrp
Configure an interface
FastIron1(config)#inter e 1/6
FastIron1(config-if-1/6)#ip address 192.53.5.1
FastIron1(config-if-1/6)#ip vrrp vrid 1
FastIron1(config-if-1/6-vrid-1)#owner
FastIron1(config-if-1/6-vrid-1)#ip-address 192.53.5.1
FastIron1(config-if-1/6-vrid-1)#activate

Configuring a Backup
Enable VRRP globally
FastIron2(config)#router vrrp
Configure an interface
FastIron2(config)#inter e 1/5
FastIron2(config-if-1/5)#ip address 192.53.5.3
FastIron2(config-if-1/5)#ip vrrp vrid 1
FastIron2(config-if-1/5-vrid-1)#backup
FastIron2(config-if-1/5-vrid-1)#advertise backup
FastIron2(config-if-1/5-vrid-1)#ip-address 192.53.5.1
FastIron2(config-if-1/5-vrid-1)#activate

Enabling Multicast Routing

Some Multicast Terms
The following are commonly used terms in discussing multicast-capable routers. These terms are
used throughout this chapter:
Node: Refers to a router or Layer 3 Switch. Root Node: The node that initiates the tree
building process. It is also the router that sends the multicast packets down the multicast
delivery tree.
Upstream: Represents the direction from which a router receives multicast data packets.
An upstream router is a node that sends multicast packets.
Downstream: Represents the direction to which a router forwards multicast data packets.

Basic Switch Setup

A downstream router is a node that receives multicast packets from upstream
transmissions.
Group Presence: Means that a multicast group has been learned from one of the directly
connected interfaces. Members of the multicast group are present on the router.
Intermediate nodes: Routers that are in the path between source routers and leaf routers.
Leaf nodes: Routers that do not have any downstream routers.
Multicast Tree: A unique tree is built for each source group (S,G) pair. A multicast tree is
comprised of a root node and one or more nodes that are leaf or intermediate nodes.
The following configurable parameters apply to PIM-DM, PIM-SM, and DVMRP:
Maximum number of PIM groups You can change the maximum number of groups of
each type for which the software will allocate memory. By default, FastIron X Series
Layer 3 Switches support up to 1024 PIM groups. FastIron CX Series Layer 3 switches
support up to 4000 PIM groups.
Maximum number of DVMRP groups You can change the maximum number of groups
for which the software will allocate memory. By default, FastIron X Series Layer 3
Switches support up to 1024 DVMRP groups.
Internet Group Membership Protocol (IGMP) V1 and V2 parameters You can change the
query interval, group membership time, and maximum response time.
Hardware forwarding of fragmented IP multicast packets You can enable the Layer 3
Switch to forward all fragments of fragmented IP multicast packets in hardware.

Configuring IP Multicast Globally

To configure IP Multicast routing on a Brocade switch, Multicast must be enabled globally by
entering the following CLI command at the global CLI level.
FastIron(config)#ip multicast-routing

Modifying IGMP (V1 and V2) query interval period

The IGMP query interval period defines how often a router will query an interface for group
membership.
To modify the default value for the IGMP (V1 and V2) query interval, enter the following.
FastIron(config)#ip igmp query-interval 120

Globally enabling and disabling PIM

To globally enable PIM, enter the following command.
FastIron(config)#router pim

Configuring PIM Dense

Globally enable PIM, then enable PIM on interface 3, enter the following commands.
FastIron(config)#router pim
FastIron(config)#int e 3

10

Basic Switch Setup

FastIron(config-if-e1000-3)#ip address 207.95.5.1/24
FastIron(config-if-e1000-3)#ip pim
Syntax: [no] ippim [version 1|2 ] The version 1 | 2 parameter specifies the PIM DM version. The
default version is 2.
If you have enabled PIM version 1 but need to enable version 2 instead, enter either of the
following commands at the configuration level for the interface.
FastIron(config-if-1/1)#ip pim version 2
FastIron(config-if-1/1)#no ip pim version 1
To disable PIM DM on the interface, enter the following command.
FastIron(config-if-1/1)#no ip pim

PIM Sparse switch types

Switches that are configured with PIM Sparse interfaces also can be configured to fill one or more
of the following roles:
PMBR A PIM switch that has some interfaces within the PIM domain and other interface
outside the PIM domain. PBMRs connect the PIM domain to the Internet.
Note: You cannot configure a Brocade routing interface as a PMBR interface for PIM
Sparse in the current software release.
BSR The Bootstrap Router (BSR) distributes RP information to the other PIM Sparse
switches within the domain. Each PIM Sparse domain has one active BSR. For
redundancy, you can configure ports on multiple switches as candidate BSRs. The PIM
Sparse protocol uses an election process to select one of the candidate BSRs as the
BSR for the domain. The BSR with the highest BSR priority (a user-configurable
parameter) is elected. If the priorities result in a tie, then the candidate BSR interface
with the highest IP address is elected.
RP The RP is the meeting point for PIM Sparse sources and receivers. A PIM Sparse
domain can have multiple RPs, but each PIM Sparse multicast group address can have
only one active RP. PIM Sparse switches learn the addresses of RPs and the groups for
which they are responsible from messages that the BSR sends to each of the PIM
Sparse switches. To enhance overall network performance, Brocade Layer 3 Switches
use the RP to forward only the first packet from a group source to the group receivers.
After the first packet, the Layer 3 Switch calculates the shortest path between the
receiver and source (the Shortest Path Tree, or SPT) and uses the SPT for subsequent
packets from the source to the receiver. The Layer 3 Switch calculates a separate SPT
for each source-receiver pair.

Configuring PIM Sparse

To configure basic global PIM Sparse parameters, enter commands such as the following on
each Layer 3 Switch within the PIM Sparse domain.
FastIron(config)#router pim
Syntax: [no] router pim

11

Basic Switch Setup

Note: You do not need to globally enable IP multicast routing when configuring PIM Sparse.

Configuring PIM interface parameters

After you enable IP multicast routing and PIM Sparse at the global level, you must enable it on
the individual interfaces connected to the PIM Sparse network.
To do so, use the following CLI method.
To enable PIM Sparse mode on an interface, enter commands such as the following.
FastIron(config)#interface ethernet 2/2
FastIron(config-if-2/2)#ip address 207.95.7.1 255.255.255.0
FastIron(config-if-2/2)#ip pim-sparse
If the interface is on the border of the PIM Sparse domain, you also must enter the following
command.
FastIron(config-if-2/2)#ip pim border

Note: In addition to the global and interface parameters in the sections above, you need to
identify an interface on at least one Layer 3 Switch as a candidate PIM Sparse Bootstrap router
(BSR) and candidate PIM Sparse Rendezvous Point (RP).

Configuring BSR
To configure the Layer 3 Switch as a candidate BSR and RP, enter commands such as the
following.
FastIron(config)#router pim
FastIron(config-pim-router)#bsr-candidate ethernet 2/2 30 255
BSR address: 207.95.7.1, hash mask length: 30, priority: 255
This command configures the PIM Sparse interface on port 2/2 as a BSR candidate, with a hash
mask length of 30 and a priority of 255. The information shown in italics above is displayed by the
CLI after you enter the candidate BSR configuration command.
Syntax: [no] bsr-candidateethernet [<slotnum>/]<portnum> | loopback<num> | ve<num>
<hash-mask-length> [<priority>]

Configuring RPs
Enter a command such as the following to configure the Layer 3 Switch as a candidate RP.
FastIron(config-pim-router)#rp-candidate ethernet 2/2
Syntax: [no] rp-candidateethernet[<slotnum>/]<portnum> | loopback<num> | ve<num>
The <slotnum> parameter is required on chassis devices.
The <portnum> | loopback <num> | ve <num> parameter specifies the interface.

12

Basic Switch Setup

The Layer 3 Switch will advertise the specified interface IP address as a candidate RP:
Enter ethernet [<slotnum>/]<portnum> for a physical interface (port).
Enter ve <num> for a virtual interface.
Enter loopback <num> for a loopback interface.
By default, this command configures the Layer 3 Switch as a candidate RP for all group numbers
beginning with 224. As a result, the Layer 3 Switch is a candidate RP for all valid PIM Sparse
group numbers. You can change this by adding or deleting specific address ranges.
The following example narrows the group number range for which the Layer 3 Switch is a
candidate RP by explicitly adding a range.
FastIron(config-pim-router)#rp-candidate add 224.126.0.0 16
To specify the IP address of the RP (not use the election process) , enter commands such as the
following.
FastIron(config)#router pim
FastIron(config-pim-router)#rp-address 207.95.7.1

Displaying basic PIM Sparse configuration information

To display basic configuration information for PIM Sparse, enter the following command at any
CLI level.
FastIron#show ip pim sparse
Global PIM Sparse Mode Settings
Hello interval: 60, Neighbor timeout: 180
Bootstrap Msg interval: 130, Candidate-RP Advertisement interval: 60
Join/Prune interval: 60, SPT Threshold: 1
Interface Ethernet e3/8
TTL Threshold: 1, Enabled
Local Address: 207.95.8.1
Interface Ve 1
TTL Threshold: 1, Enabled
Local Address: 207.95.6.1

Displaying a list of multicast groups

To display a list of the IP multicast groups the Layer 3 Switch is forwarding, enter the following
command at any CLI level.
FastIron#show ip pim group
Total number of Groups: 2
Index 1 Group 239.255.162.1

Ports e3/11

13