Anda di halaman 1dari 79

Configuring and Deploying

3Com Enterprise Switches


3Com University
Version 2.3 October 2006

Version 2.3

Agenda

Chapter 1 - Introduction to the Enterprise Switch Family


Chapter 2 - Installation & Getting Started
Lab Exercises 1 - 2

Chapter 3 - Configuring Ports & Link Aggregation


Lab Exercise 3

Chapter 4 - Configuring Spanning Tree


Lab Exercise 4

Chapter 5 - Configuring VLANs


Lab Exercise 5

Chapter 6 - Basic Layer 3 Configuration


Lab Exercise 6

Agenda

Chapter 7 - Setting up OSPF


Lab Exercise 7

Chapter 8 - Setting up VRRP


Lab Exercise 8

Chapter 9 - Using ACLs & QoS


Lab Exercise 9

Chapter 10 - Multicast Configuration


Lab Exercise 10

Chapter 11 - Configuring RADIUS & 802.1X Login


Lab Exercise 11

Chapter 12 System Maintenance & Troubleshooting


Lab Exercise 12
2

Chapter 1
Introduction to the
Enterprise Switch Family

Introduction to the Enterprise Switch Family

>Chapter Topics
Introduction to Secure Converged Networks
Explain the Positioning of the Enterprise Switches
Introduction to the Switch 5500 Family
Introduction to the Switch 7750 Family
Introduction to the Switch 8800 Family

Defining Secure, Converged Networks

Secure Network

IP connectivity
IP Services: data, voice, video,
music, gaming
security

Integrated security
Adaptive and dynamic protection
Automatic protection
Customizable and centrally managed

Converged Network

Resilient multi-service network


Application-aware traffic classification
Core-to-edge coverage
Wired and wireless

management

Customer Benefits

Business continuity
Improved productivity
Capital efficiency and cost reduction
Corporate control and visibility

3Com Premium Enterprise LAN Switching Portfolio


Key Features:

Deployment Focus:

Modular Core Switching


> Advanced Layer 2/3 Switching and Routing

> Large Enterprise

> High-density Gigabit and 10 Gigabit Solutions

> Non-Blocking Core, Distribution Layer

> Multilayer QoS for Convergence Networking

> High-Density Edge Access & PoE

> Granular Traffic Management & Holistic Security


> Available Power over Ethernet

3Com Switch 8800

> Highly Resilient Modular Architecture

Modular Edge Switching


> Advanced Layer 2/3 Switching and Routing

> Small/Medium Enterprise Core

> High-density 10/100 and Gigabit Solutions

> Large Enterprise Distribution Layer

> Multilayer QoS for Convergence Networking

> High-Density Edge Access & PoE

> Granular Traffic Management & Holistic Security


> Available Power over Ethernet

3Com Switch 7750

> Highly Resilient Modular Architecture

Premium Stackable Switching

3Com Switch 5500

> Advanced Layer 2/3 Switching and Routing

> Small Enterprise Core

> Multilayer QoS for Convergence Networking

> Medium Enterprise Distribution Layer

> Granular Traffic Management & Holistic Security

> High-Density Edge Access & PoE

> Available Power over Ethernet

> Branch Office, Workgroup

> Disaster Protection with XRN


6

All Part of 3Coms Secure Converged Networking Solution

Common 3Com Operating System

Fully Standards Based Infrastructure


Best of Breed Core
Next Generation Terabit
Performance

Convergence
Carrier-proven, scalable,
redundant solutions

Security
Industry leader in
hardware-based IPS

Security Policy Control


Automatic User Security Authentication,
Automated Breach Containment

Total Flexibility
Comprehensive media flexibility;
Wired, wireless, PoE, voice
7

Secure Converged Networks

> The Enterprise Switch Family has been designed to integrate with
the Tipping Point IPS products to quarantine clients to prevent
undesirable traffic on the network
> Enable an administrator to take action when an infected machine
is found

> Possible actions are:


Log infected machine information
Display remediation web page
Redirect to a URL

Place client in remediation VLAN


Apply access-list to the port on the Switch
Block IP address and or switch port/MAC address (block all traffic)
Works in conjunction with other Quarantine Actions
8

Secure Converged Networks


Quarantine Protection
Quarantine Process
1.
2.
RADIUS
SMS

3.
4.
5.

2
4

6.
7.

Safe
Zone

Client Authenticates via SMS


SMS acts as Radius proxy,
learns MAC/Switch/Port from
Switch via RADA
EVENT: Illegal Activity
SMS resolves IP to MAC
MAC Address is placed into a
blacklist and policy set
SMS forces re-authentication
of compromised device
Device is contained within the
set policy at the access switch
ingress port

3
Core
6

TippingPoint IPS

5500 Access Switches


Clients
Breach to Containment in under 5 seconds

The Switch 5500 Family

10

Switch 5500 Family

>Premium XRN stackable Layer 3 switches


>Designed for enterprise wiring closets, key
aggregation points, branch offices and data
centers
>10/100 and Gigabit models
5500 are 10/100
5500G are Gigabit

>SI have standard image


Basic Layer 3 & Stacking

>EI have enhanced image


Advanced Layer 3 & XRN Stacking

>PoE versions of the EI models

3Com Switch 5500


Family

>Special FX and SFP versions


11

Switch 5500 10/100 Products

>7 models in the 5500 family:


Switch 5500-SI 28-Port
Switch 5500-SI 52-Port
Switch 5500-EI 28-Port
Switch 5500-EI 52-Port
Switch 5500-EI PWR 28-Port
Switch 5500-EI PWR 52-Port
Switch 5500-EI 28-Port FX

3Com Switch 5500


Family

>Stacking via SFP Ports


>5500-SI may be upgraded to 5500-EI
Software Upgrade available mid-2006

>Non-PWR models are not upgradeable to PWR


>No module slot in the rear
12

Switch 5500G Gigabit Products

>5 models in the 5500G family:

Switch 5500G-EI 24-Port


Switch 5500G-EI 48-Port
Switch 5500G-EI PWR 24-Port
Switch 5500G-EI PWR 48-Port
Switch 5500G-EI 24-Port SFP
> On all the last 4 ports are Combo / Dual Personality ports
> Maximum number of active ports is 24 or 48, not 28 or 52

>Non-PWR models are upgradeable to PWR


Replace low-power PSU with PoE version
> Different PSUs for 24 & 48 port units

>Stacking ports are built-in at the rear


>Module slot is built-in at the rear

8-port 1000 Mbps SFP module


1-port 10 Gbps XENPAK module
2-port 10 Gbps XFP module
13

What is XRN?

>XRN is eXpandable Resilient Networking


>XRN technology allows multiple Layer 3 switches to be
interconnected together to behave as a single logical switching
entity called a Fabric.
>Switch 5500-SI support simple stacking
Distributed Device Management
Distributed Link Aggregation
> From Software Version 3.02.00

>Switch 5500-EI variants support XRN stacking


Distributed Device Management
Distributed Link Aggregation
Distributed Resilient Routing

14

Key benefits of XRN

>High Availability
Reduce the risk of a single point of failure
Support link aggregation across units to ensure the highest
possible network availability

>High Performance
>Scaleable
Add units to the stack to increase port density

>Simple to Administer
All switches in the fabric behave as a single management
entity

15

3Com Switch 5500


XRN Technology Features

Intelligent management ensures all


switches act as a single logical device
Resilient architecture provides access
to management in the event of ANY
switch failing
Rapid stack-wide feature configuration
Hot-insert and removal of switches
Automatic and Manual stack
configuration
Stack up to 8 units
>
r222# telnet
192.168.0.33
r222# configure
terminal
r222(config)#
interface ethernet
0/0
r222(config-if)# ip
address 7.7.7.7
255.255.255.0
r222(config)#
interface pos 4/0/0

192.168.1.254

> Distributed Device Management (DDM)

Stack-Wide Management
Single entity for SNMP, WEB and CLI
Management
Display ALL configurations in one screen
with Device View
Reduces configuration time
Improved monitoring responsiveness

16

3Com Switch 5500


XRN Technology Features

> Distributed Resilient Routing (DRR)


Single Router Entity across XRN Stack with all router interfaces shared
across all units in the fabric
Each unit provides local Layer 3 switching and holds distributed routing
tables
Loss of one unit in the XRN stack will not affect routing in the others
No Master device required like other switching vendors all
commands and data (LSDB) are synchronized across all units
Router Interface information is
synchronised across all switches
ROUTER TABLE
VLAN 1
0.0.0.0
255.255.0.1

L3 traffic can be handled locally by the


switch and intelligently passed up or down
the XRN stack

Student VLAN

Admin VLAN

17

3Com Switch 5500


XRN Technology Features

> Distributed Link Aggregation (DLA)

Create incredibly resilient network designs that are highly flexible


Allows ports across the fabric to be Aggregated using IEEE 802.3ad LACP
LACP will then automatically configure the links as aggregated links
Failure in any link will result in the Link Aggregation protocol re-distributing
traffic to compensate resulting in no traffic loss
Switch 5500G-EI

Fully compatible with


existing 4400 Family
SuperStack 3 Switch
4400

Switch 5500-EI

4 Gbps Load
Balanced LAG

Multiple links fail without affecting


connectivity back to the aggregation point
18

3Com Switch 5500


XRN Performance

> XRN Stacking

Switch 5500

Each switch uses the last two Gigabit


SFP ports to provide a 2Gbps FD link
No extra hardware required
Stack up to 8 units
Automatic or manual stack
configuration
A return link provides rapid fail-over in
the event of a normal link or unit failing
XRN Stack units together over 70km
apart!
Use ANY Gigabit SFP to link
the units together

Normal Stacking Link:


1 Gbps UP / 1 Gbps DOWN
Standby Stacking loop connection:
1 Gbps UP / 1 Gbps DOWN

19

3Com Switch 5500G


XRN Performance

> 96Gbps XRN Stacking


Each switch has two bi-directional
cascade links providing 96Gbps
full duplex bandwidth
Stack up to 8 units of any variety
Automatic or manual stack
configuration
A return link provides rapid fail-over
in the event of a normal link or unit
failing
Stacking bandwidth is not shared
with any other resource
50, 150 & 500cm cables

Switch 5500G

Normal Stacking Link:


24 Gbps UP / 24 Gbps DOWN

Ultra high-speed
robust Infiniband
12X connectors
and cables

Standby Stacking loop connection:


24 Gbps UP / 24 Gbps DOWN

20

Switch 5500 Family Availability


Advanced Power Redundancy

> New standards based Power Redundancy


System
Built-In DC power stage for direct
connection to -48V supply
Supports 3 modes for total flexibility: AC; AC
and DC and DC only
Instantaneous fail-over from either AC or
DC
System design support direct connect to
batteries for Uninterruptible power
Additional power can be injected into the DC
for high power PoE devices up to 15.4W per
port

>3Com Approved and Tested DC supplier

21

New Levels of Power Availability


Powerware Datacom Power Solution

> The Powerware APS


A modular DC Power Supply Unit
with optional integrated standby
battery

Powerware APS3

Can be configured with N+1


redundancy
Powers 3Com Switch 5500 / 5500G
and other 48VDC devices
Fully scalable to meet your DC power
and standby power needs
> Up to 6 hot-swappable rectifiers
> Supports up to 16 separately fused DC
outputs

Powerware APS6

Built-in supervisor management


> Ethernet RJ-45 and serial support
> Full SNMP management with MIB II support

Configuration Tool available

22

Switch 5500 Feature Overview

> Layer 1
IEEE802.3ae 10Gigabit Ethernet
> XENPAK, XFP

IEEE802.3z Fiber Gigabit

IEEE802.3ab Gigabit over Copper


IEEE 802.3u (Fast Ethernet)
Auto MDI/MDI-X
Auto negotiate speed/duplex
IEEE 802.3af (Power over
Ethernet)

> Layer 2
Rapid Spanning Tree 802.1w
Multiple Spanning Tree 802.1s
Address Table Learning 802.1d
> User Definable Ageing period

4096 VLAN's
>
>
>
>

802.1Q Port based


Voice VLAN
Auto VLAN
VLAN Q-in-Q

GVRP
Priority Queuing 802.1p
IGMP Snooping
802.3ad Link aggregation

Broadcast Storm Control


Jumbo Frames - 9Kb (not on SI)
23

Switch 5500 Feature Overview

> Layer 3

> Quality of Service

IPV4 Routing

8 queues per port

ECMP with 3 paths

Strict Priority (SP), Weighted Round


Robin (WRR), Weighted Fair
Queuing (WFQ)

Static Routing

RIP V1/2
OSPF
> on EI models only

Routing Policies
VRRP
PIM DM/SM

Extensive QoS policies based on


L2, L3 or L4 packet information
CoS, ToS, DiffServe Prioritization
Bandwidth Limiting
Bandwidth Guarantee
Auto QoS

> on EI models only

ARP / Proxy ARP


IGMP V1 & V2 Query

DHCP Relay & DHCP Server


UDP Helper
24

Switch 5500 Feature Overview

> Management
Terminal port
Telnet ( 4 sessions)
Industry-standard CLI
WEB Browser interface
FTP, TFTP Download

NTP
SNMPv1, v2c, v3
RMON (4 groups)
Xmodem

Security (Port/Access)

> Security
Hierarchical user management and
password protection
Packet authentication using cipher
text and MD5 for OSPF and RIPv2
ACL with L2/L3/L4 filtering
802.1X User Authentication
RADA MAC Authentication
Radius Authentication

SNMPv3
SSH V2

25

Standard vs. Enhanced Image


Feature
Stacking
Architecture
Distributed Link
Aggregation
No of distributed Link
Aggregations
Distributed Resilient
Routing
Distributed Device
Management
Automatic
Split/Merge on
failure
Stack Performance
No of VLANSs
Permanent MAC Addr
ARP table Size
IP Interfaces

5500-SI
Master/Slave Stacking

5500-EI
XRN

5500G-EI
XRN

Yes
(from S/W ver 3/02.00)
8 per Fabric

Yes

Yes

8 per fabric

32 per Fabric

No

Yes

Yes

Yes

Yes

Yes

No

Yes

Yes

OSPF

2Gbps
256
64
2K
4 per stack
Up to 4 secondary IP
addresses per interface
64
1K entries
4 Networked Interfaces
No

2Gbps
4094
256
4K
32 per stack
Up to 4 secondary IP
addresses per interface
256
2K entries
8 Networked Interfaces
Areas: 2
Link State Database size: 6K
Imported routes: 2K

48Gbps
4094
1K
8K
64 per stack
Up to 9 secondary IP addresses
per interface
256
2K entries
64 Networked Interfaces
Areas: 8
Link State Database size: 12K
Imported routes: 4K

Multicast Routing
Time-based ACLs

No
No

PIM Sparse and PIM Dense

PIM Sparse and PIM Dense

Yes

Yes

No of Static Routes
RIP v1 / v2

26

Switch 5500-SI Summary

Key Points
Switch 5500-SI 28-Port

Switch 5500-SI 52-Port

Port Configurations:
24 x 10/100 Ports + 4 SFP
48 x 10/100 Ports + 4 SFP

Includes Standard Image (SI) software


> Upgradeable to the Enhanced Image (EI)
XRN: Distributed Device Management
> Scalable to 384 10/100 + 16 SFP
> Mix and match any 5500-SI product in a stack
> Built-in resilient loop stacking via SFP ports
> Distributed Link Aggregation
Allows up to 8 groups to be spread across any
ports in the stack (8 FE / 4 GE per group)
Features Highlights:
> 64 Static Routes
> Dynamic routing (RIPv1/2) 1K entries
> 2K ARP Table
> Intelligent security services including 802.1X
> RADA RADIUS Authenticated Device Access
> Full QoS Prioritisation and full classification
> 8 Egress Queues
> 256 Port-Based VLANs
> DC -48V input can be run off AC or DC
> Rapid Spanning Tree with STP Route Guard
> IGMP Snooping V1/V2
> SSHv1.5 / SNMPv3
> NTP / FTP Server and Client

Target use: Enterprise wiring


closet access switch;
branch office switch
Availability: Simply power the
switch via a standard -48V
DC input for additional
resilience
Scalability: Patented XRN
technology automatically
creates a stack of switches
and allows single IP
management
Connectivity: Each switch
allows up to 4 active Gigabit
ports with any combination
of copper and/or fibre
accepted
Application-Aware:
Automatically detects,
prioritizes and places VoIP
traffic in a separate VLAN
27

Switch 5500-EI Summary

Key Points
Switch 5500-EI 28-Port
Switch 5500-EI 52-Port
Switch 5500-EI 28-Port PWR
Switch 5500-EI 52-Port PWR
Switch 5500-EI 28-Port FX

Port Configurations:
24 x 10/100 Ports + 4 SFP
48 x 10/100 Ports + 4 SFP
24 x 10/100 PoE + 4 SFP
48 x 10/100 PoE + 4 SFP
24 100BASE FX SFP + 2
10/100/1000 + 2 SFP

Includes Enhanced Image (EI) software


> Includes ALL SI software plus:
XRN
> Distributed Device Management
Mix and match any 5500-EI product in a stack,
including PWR and FX SKUs
Distributed Link Aggregation
Allows up to 32 groups to be spread across any
ports in the stack (8 FE / 4 GE per group)
Distributed Resilient Routing
All switches in the stack are actively routing and
sharing LSDB and ARP tables
256 static routes with 2K RIP entries
4K ARP Table
6K LSDB size for OSPF
Multicast Routing PIM Sparse Mode / Dense Mode
>
>
>
>
>
>

4096 Port-Based VLANs


Time-based Access Control Lists
DHCP Tracker
Traffic Redirection
Traffic Mirroring
Syslog

Target use: Advanced


Enterprise wiring closet
access switch; small
aggregation
Availability: Routing functions
are totally distributed across
all switches in the stack
massively increasing
performance and uptime
Scalability: Extend
connectivity with a mixture
of PoE and fibre switches
Connectivity: Jumbo Frames
are supported on all gigabit
uplinks for interoperability
with equipment downstream
Application-Aware: Advanced
Time-Based ACLs are
supported that can be
automatically executed on a
per user or machine basis
28

Switch 5500G-EI Summary

Key Points
Switch 5500G-EI 24-Port
Switch 5500G-EI 48-Port

Switch 5500G-EI 24-Port SFP

Includes Enhanced Image (EI) software


> Includes ALL SI software plus:
> Hot-swappable Application Module Slot for
expansion cards :
8-Port SFP, 1-Port 10G, 2-Port 10G
> Removable PSU
XRN
> Distributed Device Management
Mix and match any 5500G-EI product in a stack
48 Gigabit Bi-directional stacking link with
redundant loop

Port Configurations:
24 x 10/100/1000 Ports + 4 SFP
+ 1 Application Module Slot
(PoE Ready)

48 x 10/100/1000 Ports + 4 SFP


+ 1 Application Module Slot
(PoE Ready)
24 x SFP Ports + 10/100/1000
+ 1 Application Module Slot

> Distributed Link Aggregation


Allows up to 32 groups to be spread across any
ports in the stack (8 GE / 4 10GE per group)

> Distributed Resilient Routing


All switches in the stack are actively routing and
sharing LSDB and ARP tables
100 static routes with 2K RIP entries
8K ARP Table
12K LSDB size for OSPF
Multicast Routing PIM Sparse Mode / Dense Mode

Target use: Advanced


Enterprise wiring closet
access switch; Building
aggregation and server
farm
Availability: Pluggable Power
Supply for reducing time to
repair
Scalability: Instantly enable
Power over Ethernet via a
plug-in PoE Power Supply
Connectivity: Add up to 448
Gigabit ports 16 x 10G links
per stack for ultimate
performance
Application-Aware: Advanced
bespoke classification
masks can be programmed
for any QoS or ACL rule

29

3Com Switch 7750 Family

30

SWITCH 7750 FAMILY

> 3Com Switch 7750 Family at a glance:


Flexible, High Performance Modular Switching Architecture
Ideal for Medium to Large Enterprise
> Distribution, and Edge environments

High Capacity Layer 2/3/4 Switching


> Gigabit and 10/100 Ethernet Solutions

High Resiliency for Business Continuity


> No Single Point of Failure

Robust QoS and Traffic Management


> Guaranteed Service Levels for Real-Time
Enterprise Applications

End-to-end Enterprise Security


> Secure Access Control; Traffic Encryption;
Hardened Infrastructure
31

SWITCH 7750 ARCHITECTURE

> Scalable Architecture


Flexible Modular Design
8-, 7-, and 4-slot Chassis Models
System Capacity Scalable to 96 Gbps

Switch 7758

Fabrics (2)

I/O Modules

Fans

> Highly Resilient


Redundant Switch Fabrics (Switch 7758)
N+1 Power Redundancy
Hot-Swappable Components

> Enterprise-Class Performance


Wire-speed 10/100 and Gigabit Ethernet
System Performance up to 179 Mpps

Power Supplies

*Other Switch 7750 Models


(Switch 7757 and Switch 7754)
Are Similarly Configured
**No Redundant Fabric Option
For Switch 7757 and Switch 7754

> Available Power over Ethernet (PoE)


IEEE 802.3af Standard PoE (up to 288 ports)
32

Switch 7750
Chassis and Fabric
Switch 7758

> Fully Redundant & Hot Swappable


Fabric, I/O Modules, Power & Fans

> Choice of Chassis

Face Plate

Dual Redundant Fabrics for 7758

> Different fan assembly for each


chassis type
> Common Power Supplies

Slot 7

PSU

Updated to support PoE

PSU

PSU

Switch 7757
Face Plate
Fabric

Slot 0

Fan

I/O Modules
Slot 6

PSU

Only 2 may be used in 4 slot


chassis

> Based on Original Switch 7700


Chassis

Fan

I/O Modules

6 I/O Slots + 2 Fabric


6 I/O Slots + 1 Fabric
3 I/O Slots + 1 Fabric

> 96 Gig Switch Fabric

Slot 0

Fabrics

PSU

PSU

Switch 7704
Face Plate
Fabric

Slot 0

Fan

I/O Modules
Slot 3

PSU

PSU

33

Switch 7750
Architecture

> Star-wired backplane between Switch


Fabrics and I/O Modules
Multiple Gigabit links between Fabric
and each I/O slot
> Layer 2 switching is distributed across I/O
modules and Fabrics
> Layer3 Routing functions are performed
by the Switch Fabric

I/O

Management channels from Fabric to


each I/O slot
> System management is distributed
throughout the chassis

I/O

I/O
Fabric
I/O

I/O

> DC power rails for all slots


> System software comprises of

I/O

Operating system and applications


running on the Switch Fabric
Boot code on the I/O modules
34

Switch 7758
8 Slot Redundant Switching Architecture
Second Fabric for Sub 1
Second Failover
Local Switching
Engine

16Gbps

Local Switching
Engine

16Gbps

Local Switching
Engine

16Gbps

Local Switching
Engine

16Gbps

Local Switching
Engine

16Gbps

Local Switching
Engine

16Gbps

Secondary
Switch
Fabric

Primary
Switch
Fabric

35

The Switch 7750 Family

>Launched mid-2005
>Superseded the original 7700 Family, which was
launched in 2003
>Optional Power over Ethernet support
7758 Chassis
> High Density Wiring Closet or building aggregator
> Redundant Switch Fabric option

7757 Chassis
> High Density Wiring Closet or building aggregator

7754 Chassis
> Medium Density Wiring Closet or building aggregator

>New higher capacity 96Gbps switch fabric


Built in SFP ports on fabric

>Higher port density modules (48 Port PoE and non-PoE)


36

Switch 7750 Chassis Details

>Updated Switch 7700 Chassis


Uses Switch 7700 Chassis enclosure, Fan assembly and AC PSUs
> AC PSU's only used for Data
> PoE Power Rack required to power PoE ports
> All Module slots support PoE

Dual AC Power connections


> Auto-Ranging for AC Input Voltage
Primary and Standby AC Input cords
> PoE DC power input connectors on back of Chassis

Modified Switch 7700 backplane


> Same data connections for Modules
> Adds PoE power rails

37

Switch 77XX Power Supplies

>For the 7-slot and 8-slot chassis two power supplies are required
Do not try to run with only 1 power supply
N+1 redundancy with the addition of a third power supply

>For the 4-slot chassis one power supply is required


Redundancy is provided by a second power supply.

A third power supply may NOT be installed into the slot marked NULL
> It is not electrically connected and does not operate

>All chassis use the same power supplies.


>The power supplies are load-balancing
Each supply always provides some of the current draw
If more current is drawn than can be supplied the voltage drops and
the system shuts down

38

External PoE Power Rack

> 19 Rack Mount Power Supply


Chassis
Ships with 1 x PSU installed
Includes Power management
interface via management cable
> Management cable connects between
rear of PoE Power Rack and rear of
7754, 7757 or 7758

Power Rack ships with all mounting


hardware and cables

> Additional 2500w PoE Power Supply


Add 1 for N+1 Redundancy when
powered at 220v AC
2 additional required for N+1
Redundancy when powered by 120v
AC
39

96Gbps Switch Fabric

> Compatible with all Switch 77xx Chassis


Backplane bandwidth in any 7 or 8 slot Chassis:
> 8 x Gig channels to I/O slots 1-5
> 4 x Gig channels to I/O slot 6

Backplane bandwidth in any 4 slot Chassis:


> 8 x Gig channels to I/O slots 1-3

> Fabric front panel SFP ports on single-fabric systems:


4 x Gig SFP ports operational

> Fabric SFP ports on dual-fabric systems:


7758 has 2 x SFPs active on EACH Fabric
7700R has 4 x SFPs operational on the Active
fabric only

> 256Mb Compact Flash Card for additional file storage


40

Switch 7750 Advanced Feature Software

>Provides additional capabilities for more sophisticated Enterprise


networks
>Ordered as a separate product code
>Enables four additional features
BGP4 (Border Gateway Protocol version 4)
IS-IS (Intermediate System-to-Intermediate System)
SSH v1.5 authentication
SNMP v3 (Simple Network Management Protocol version 3)
encryption

41

Switch 7750 Modules

>48 port 10/100/1000Base-TX - 3C16888


>48 port 10/100/1000Base-TX PoE - 3C16890
Only supported in 775X Chassis

>48 port 10/100Base-TX PoE - 3C16891


Only supported in 775X Chassis

>48 port 10/100Base-TX - 3C16889


Replaces OLD 48 port 10/100Base-TX - 3C16860

>48-Port 100Base-X (SFP) Module - 3C168915


Replaces OLD 24 port 100Base-FX - 3C16861

>20 port 10/100/1000Base-T Advanced Module 3C16863A


Replaces OLD 20 port 10/100/1000Base-T - 3C16863
42

Switch 77XX Modules

>20 port 1000Base-X (SFP) Advanced Module - 3C16862A


Replaces OLD 20 port 1000Base-X (SFP) - 3C16862

>16-Port Gigabit Mixed-Media Module (12xRJ45 + 4xSFP) 3C168916


Replaces OLD 8 port 10/100/1000Base-T - 3C16859

>16-Port Gigabit Mixed-Media Module (12xSFP + 4xRJ45) 3C168917


Replaces OLD 8 port 100Base-X (GBIC) - 3C16858

>1 port 10GBase-X (Xenpak) - 3C16875A


Replaces OLD 1 port 10GBase-X (Xenpak) - 3C16875

All the original Switch 7700 modules work in all Chassis with all
Fabrics
Original modules have been superseded by new modules
43

Switch 7750 Feature Overview

> Layer 1
IEEE802.3ae 10Gigabit Ethernet
> XENPAK

> Layer 2
Rapid Spanning Tree 802.1w
Multiple Spanning Tree 802.1s

IEEE802.3z Fiber Gigabit

Address Table Learning 802.1d

IEEE802.3ab Gigabit over Copper

4096 VLAN's

IEEE 802.3u (Fast Ethernet)


Auto MDI/MDI-X
Auto negotiate speed/duplex
IEEE 802.3af (Power over
Ethernet)
PoE Profiles

>
>
>
>
>
>

802.1Q Port
Protocol Based VLAN 802.1v
VLAN Q-in-Q
Guest VLAN
Voice VLAN
Auto VLAN

GVRP
Priority Queuing 802.1p
IGMP Snooping
802.3ad Link aggregation

Broadcast Storm Control


Jumbo Frames - 9Kb
44

Switch 7750 Feature Overview

> Layer 3

> Quality of Service

IPV4 Routing

8 queues per port

ARP / Proxy ARP

Strict Priority (SP)

RIP V1/2 & OSPF

Extensive QoS policies based on


L2, L3 or L4 packet information

ECMP with 4 paths

CoS, ToS, DiffServe Prioritization

Routing Policies

Bandwidth Limiting & Shaping

VRRP

Bandwidth Guarantee

IGMP V1 & V2 Query

Auto ACL Assignment via 802.1X

PIM DM/SM
MSDP
GMRP
DHCP Relay and DHCP Server
With Advanced License:
> BGP-4
> IS-IS Routing
45

Switch 7750 Feature Overview

> Management
Terminal, Modem ports
Telnet ( 4 sessions)
Out of Band Management port
(10/100 Ethernet)
Industry-standard CLI

FTP, TFTP Download


NTP
SNMPv1, v3
RMON (4 groups)
Xmodem
Security (Port/Access)

> Security
Hierarchical user management and
password protection
Packet authentication using cipher
text and MD5 for OSPF, RIPv2 and
BGP-4
ACLs with L2/L3/L4 Filtering
802.1X User Authentication
Radius Authentication
RADA MAC Authentication
Auto-ACL
SNMPv3
SSH V2

46

The Switch 8800 Family

47

Introducing the Switch 8800 Family

>A high-end Modular platform


First announced November 2004
Updated with Release 2, December 2005

>3 Chassis sizes


Passive backplanes
Redundant, load-sharing fabrics
& power supplies

>High bandwidth
High density Gigabit and 10Gig

>High availability
>Extensive layer 2, layer 3
>IPv6-ready
>Future-proofed backplane
up to 1,440 Tbps
48

Switch 8800
Chassis and Fabric
Switch 8814
> Fully Redundant, all
Elements Hot Swappable
Fabric, I/O Modules,
Power & Fans
12 I/O Slots + 2 Fabric
8 I/O Slots + 2 Fabric
5 I/O Slots + 2 Fabric

> Dual Redundant Fabrics


360 Gbps per Fabric
Load Sharing Provides
720 Gbps
L2 / L3 Switching on
Modules
Cross-bar Fabric

> SW8814 and SW8807


have a 4-fan assembly
> SW8810 has a 6-fan
assembly

Face Plate
Slot 0
Slot 0

I/O
Modules
Fans

> Choice of Chassis

Switch 8810

Fabrics

I/O
Modules

Slot 9
Slot 13

2000W Power Supplies

Switch 8807
Face Plate
Fabrics

Slot 0

Fan

I/O Modules
Slot 6

1200W Power Supplies

49

Power Supplies

>SW8807 has a 1200W PSU (output)


Auto ranging 100V-240V, 47-63Hz
One PSU can support a fully loaded chassis
Two PSUs provide redundancy

>SW8810 and SW8814 have a 2000W PSU (output)


Auto ranging 100-140V and 200-240V, 47-63Hz
Power output depends on input voltage
> 1200W when running on 110V
> 2000W when running on 220V

>With Release 1 hardware:


In the 8810 and 8814, the 110V mode can support a fully loaded,
worst case configuration, but not power redundancy
If power redundancy is required, the system must operate at 220V
50

Release 2 Power Considerations

>The 4 port 10G module has greater power consumption than any
Release 1 module
160W per module

>A SW8814 fully populated with 4 Port 10G modules draws 2100W
Two PSUs are required regardless of input voltage
Power redundancy is not possible even at 220V

>It is recommended that the chassis is loaded with modules to a


total of less than one PSUs capacity
A second PSU then provides redundancy

>If an operational system is using only 1 PSU, be careful when


adding additional modules
The system will shutdown if the capacity of the PSU is exceeded

51

Switch 8800 Power over Ethernet

> PoE Configuration Requirements:


1. PoE Option Modules (ordered separately)
Must Be Installed on 48-port10/100/1000 Modules

2. PoE Entry Module (ordered separately)


Allows External Power Connection to 8800 Backplane

3. External PoE Power Rack (ordered separately)


Different Product Code to Switch 7750
Required for Supplemental Power
Up to (3) 2500W Power Supplies
PoE Entry Module
3C17510

PoE Option Module


3C17529

2500W (x3)

48 Port 10/100/1000
3C17528 or 3C17532

PoE Power Rack


3C17509

PoE Power Supply


3C16884
52

Switch 8800 Architecture Overview

IPv6
Module

> Twin Load-sharing Fabrics


provide Redundancy & 360Gbps
Switching Capacity each

IPv4
Module

IPv4
Module

> Up to 12 I/O Modules each with


Distributed L2/L3/L4 Switching

MPLS
Module

Fabric

IPv4
Module
30 Gbps
Auxiliary 30 Gbps

MPLS
Module

Fabric

IPv4
Module

> Each I/O Module has Twin


30Gbps Connections to Fabrics
=> 720 Gbps
> Auxiliary Connections in
Backplane double capacity to 1.4
Tbps with Enhanced Modules &
Fabrics
> Future Modules support IPv6

IPv6
Module
53

Backplane Architecture

Fabric 1
CPU
Crossbar

Fabric 2
SW

Crossbar

CPU

SW

Crossbar

Crossbar

6*3.125G

FA

Line card1

FA

FA

Line card2

FA

FA

Line card10

FA

FA

FA

FA

Line card12

> Each slot has 4 paths, 2 to each fabric


> Each path consists of 6 sets of traces
Initially, only two sets of traces used
54

Architecture

> All Layer 2/ Layer 3 Switching performed by a Packet Processor


(PP)
> Communication between PPs inside a module, or through the
fabric to other modules is performed by a Fabric Adaptor (FA)
> Communication between FAs uses a 4-128-bytes cell mechanism
with a 9-byte header

> The fabric uses a simple Crossbar

55

Switch 8800 Dual Fabric Architecture

>Each fabric has a data channel to every module


>Each fabric has a management channel to every module
>There is a management channel between the fabrics
>Management and data channels are independent

Fabric

Fabric

Interface
Module

Interface
Module

56

Switch 8800 Dual Fabric Architecture

>The management channel provides:


Control
Monitoring
Route calculation and distribution

>The data channel provides


High speed data switching and forwarding

>The data channel is implemented as


Central cross-bar on fabric
High-speed passive backplane

Independent layer 2/3 switch on each interface module

57

Load-Balancing Redundant Fabrics

>One switch fabric becomes master


May be located in either slot in the chassis
Provides management functions
> Route calculation and distribution
> Management
> Housekeeping

>The other switch fabric becomes slave


Provides
> Hot-swap, standby redundancy for management functions
> Active load-balancing of data switching

>Allocation of master and slave can be


Automatic at switch initialisation
By user command

58

Load-Balancing Redundant Fabrics


(continued)

>The master fabric


Provides all route calculations
Uses the management channel to send routing updates to
> The slave fabric, so it remains synchronized
> The interface modules, so they can update their local routing tables

Uses the data channel to provide inter-module switching


> The cross-bar on the master is in some data paths

>The slave fabric


Uses the management channel to synchronize with the master
> Ready for fast fail-over

Uses the data channel to provide inter-module switching


> The cross-bar on the slave is in other data paths

59

Load-Balancing Redundant Fabrics


(continued)

>The interface modules


Receive routing updates on the master management channel
> Update their local routing tables
Use local tables for independent local forwarding decisions

Use data channels for inter-module switching


> Cross-bars on both master and slave fabrics can be used

Use Fabric Adaptors to connect to the data channel


> Convert between
Packets on the module
Variable-length cells on the crossbars

Use Packet Processors to


> Process and forward packets
Store and forward architecture
> Handle all intra-module switching
60

Load-Balancing Redundant Fabrics:


Switch 8800 Architecture
Fabric 1
CPU

Fabric 2
SW

Crossbar

CPU

SW

Crossbar

FA

FA

FA

FA

FA

PP

PP

PP

PP

PP

Line card1

Line card2

Line card10

> In load-balancing mode, the slave fabric provides


> Hot-swap, standby redundancy for management functions
> Active load-balancing of data switching
61

Load-Balancing Redundant Fabrics


Failover

>If the current master fails, the slave becomes the master
Takes over responsibility for route calculation and distribution
Failover is rapid, as routing tables are already up to date
The new master was synchronised with the old one

Traffic on the crossbar of the failed fabric will be lost

>Hot-swap is supported
Either fabric may be removed or inserted with the switch running

62

Load-Balancing Redundant Fabrics:


Switch 8800 Architecture
Fabric 1
CPU

Fabric 2
SW

Crossbar

CPU

SW

Crossbar

FA

FA

FA

FA

FA

PP

PP

PP

PP

PP

Line card1

Line card2

Line card10

>With no load-balancing, or after a fabric failure


63

Configuration of Load-Balancing

>Load-balancing is enabled by the user command xbar


xbar load-balance enables load balancing
> This is the default in Release 2 (Software Version 3.01.21)

xbar load-single disables load balancing


> This was the default in earlier Software versions

>Every other aspect of load-balancing is automatic


Load-balancing algorithm
> By physical port, details depend on the module
> Flow-based, details depend on the module
> Controlled by software, not by user

Interval used by the master for distribution of routing updates

64

Switch 8800 Release 1 Modules

>Modules with a single Fabric Adapter (FA)


1-port 10GBASE-X (XENPAK)
> 3C17511

12-port 1000BASE-X (SFP)


> 3C17513

>Modules with dual Fabric Adapters


2-port 10GBASE-X (XFP)
> 3C17512

24-port 1000BASE-X (SFP)


> 3C17514

24-port 10/100/1000BASE-T (RJ45)


> 3C17516

65

Switch 8800 Release 2 Hardware Additions

>New Advanced Modules


Support for larger routing tables 256K routes
> Requires Switch 1G Memory Upgrade

Support for MPLS (with Advanced Software)


Targeted at very large Enterprise Networks

>New High Density Modules double the port capacity


4-port 10 Gigabit Ethernet module
> 48 x 10 Gigabit ports per system

48-port 10/100/1000 Ethernet modules


> 576 x 10/100/1000 Ethernet ports per system

>Power over Ethernet


Adds PoE support to existing Switch 8800 chassis

66

Switch 8800 Release 2 Advanced Modules

>Modules with a single Fabric Adapter


1-port 10GBASE-X (XENPAK)
> 3C17525

>Modules with dual Fabric Adapters


2-port 10GBASE-X (XFP)
> 3C17527

24-port 1000BASE-X (SFP)


> 3C17530

24-port 10/100/1000BASE-T (RJ45)


> 3C17531

67

Switch 8800 Release 2 High Density Modules

>Modules with a single Fabric Adapter


Power over Ethernet Ready
> Positioned for Enterprise Edge

48-Port 10/100/1000
> 3C17528

48-Port 10/100/1000 (Access Module)


> 3C17532
Smaller Routing Table
Not compatible with BGP-4 or IS-IS

>Modules with dual Fabric Adapters


4-port 10GBASE-X (XFP)
> 3C17526
68

Switch 8800 System Capacities

Switch 8814

Switch 8810

Switch 8807

428 Mpps

286 Mpps

179 Mpps

Single Fabric

360 Gbps

240 Gbps

150 Gbps

Dual Fabrics

720 Gbps

480 Gbps

300 Gbps

10-Gigabit Ethernet [XENPAK]

12

10-Gigabit Ethernet [XFP]

48

32

20

10-Gigabit Ethernet Advanced [Xenpak]

12

10-Gigabit Ethernet Advanced [XFP]

24

16

10

Gigabit Ethernet [10/100/1000]

576

384

240

Gigabit Ethernet PoE [10/100/1000]

576

384

240

Gigabit Ethernet [SFP]

288

192

120

Gigabit Ethernet Advanced [10/100/1000]

288

192

120

Gigabit Ethernet Advanced [SFP]

288

192

120

Performance
Switching Capacity
Fabric Bandwidth

Total Port Capacity

69

Switch 8800 Advanced Feature Software

>Provides additional capabilities for more sophisticated Enterprise


networks
>Ordered as a separate product code
>Enables seven additional features
MPLS (Multi Protocol Label Switching)
BGP4 (Border Gateway Protocol version 4)
MBGP (Multi-protocol Border Gateway Protocol)
IS-IS (Intermediate System-to-Intermediate System)
TACACS+

SSH v2 authentication
SNMP v3 (Simple Network Management Protocol version 3)
encryption

70

Overview of Multiprotocol Label Switching (MPLS )

>MPLS is an IETF framework for efficient labeling and forwarding of


traffic flows across Backbone Networks
>MPLS combines the speed of packet switching with the intelligence
of circuit switching
An end to end connection path is established before any traffic is
forwarded

All traffic of the same class flows along the same path
> Different paths may be selected based on various requirements

>MPLS is most often associated with the Carrier/Service Provider


market
There are scenarios in large enterprise environments where MPLS
could make sense
> Enterprises with multiple distant sites needing to provide service level
guarantees
> Not beneficial for single site, or even campus environments
71

The Benefits of MPLS

>MPLS provides the following beneficial applications on large-scale,


multi-site Networks:
Virtual Private Networking
> Service Providers can create IP tunnels throughout their network, without
the need for encryption or end-user applications

Traffic Engineering (TE)


> Allows for the efficient utilization of bandwidth
Put the Traffic where the Bandwidth is
> Provides control over service levels
Crucial for mission critical applications

Quality of Service (QoS)


> Low latency delivery
> Prioritization of business-critical data
> QoS guarantees with user defined policies
72

Overview of MBGP

>MBGP stands for Multiprotocol Extensions for BGP-4


Provides support for protocols other than IPv4
> For example IPv6 and Multicast

>BGP4 does not support a Multicast network topology that differs


from the network's Unicast topology
Multicast Reverse Path Forwarding uses the Unicast Routing Table
A Multicast from a Source to a Destination follows the same path that
a Unicast would

>MBGP supports separate Unicast and Multicast topologies


Use one Routing Table to make Unicast routing decisions
Use another Routing Table to make Reverse Path Forwarding
decisions
> Allows Multicast traffic to separated from Unicast traffic
> For example dedicate one link for Multicast and another for Unicast
73

Overview of TACACS+

>TACACS+ provides AAA remote access control similar to RADIUS


>TACACS+ separates authentication, authorization and accounting
Could be run on 3 different servers
> You could use RADIUS to Authenticate, and TACACS+ to Authorize

RADIUS always combines authentication and authorization as one

>TACACS+ can be used to authorize different users to execute


individual commands on router
Not supported with RADIUS

>TACACS+ is a more secure protocol


TACACS+ encrypts the entire body of the access-request packet
RADIUS encrypts only the password in the packet

>TACACS+ uses reliable TCP connections


RADIUS uses best-effort UDP
74

Switch 8800 Feature Overview

> Layer 1
IEEE802.3ae 10Gigabit Ethernet
> XENPAK, XFP

> Layer 2
Rapid Spanning Tree 802.1w
Multiple Spanning Tree 802.1s

IEEE802.3z Fiber Gigabit

Address Table Learning 802.1d

IEEE802.3ab Gigabit over Copper

4096 VLAN's

IEEE 802.3u (Fast Ethernet)


Auto MDI/MDI-X
Auto negotiate speed/duplex
IEEE 802.3af (Power over
Ethernet)

>
>
>
>

802.1Q Port
Protocol Based VLAN
Super VLAN
VLAN Q-in-Q

GVRP

Priority Queuing 802.1p


IGMP Snooping
802.3ad Link aggregation
Broadcast Storm Control

Jumbo Frames - 9Kb

75

Switch 8800 Feature Overview

> Layer 3

> Quality of Service

IPV4 Routing

8 queues per port, up to 128K flows

ECMP with 4 paths

Strict Priority (SP), Weighted Round


Robin (WRR), Weighted Random
Early Discard (WRED) and CAR (in
8Kbps increments)

GMRP

RIP V1/2 & OSPF


Routing Policies

Extensive QoS policies based on


L2, L3 or L4 packet information

PIM DM/SM & MSDP

CoS, ToS, DiffServe Prioritization

VRRP

Traffic shaping

ARP / Proxy ARP

Bandwidth Limiting

IGMP V1 & V2 Query

Bandwidth Guarantee

DHCP Relay & DHCP Server


With Advanced License:
> BGP-4 & MBGP

> IS-IS Routing


> MPLS
76

Switch 8800 Feature Overview

> Management
Terminal, Modem ports
Out of Band Management port
(10/100 Ethernet)
Telnet ( 4 sessions)
Industry-standard CLI

FTP, TFTP Download


NTP
SNMPv1,v3
RMON (4 groups)

> Security
Hierarchical user management and
password protection
Packet authentication using cipher
text and MD5 for OSPF, RIPv2 and
BGP-4
ACL with L2/L3/L4 Filtering
802.1X User Authentication
Radius Authentication
With Advanced License:
> TACACS+

Xmodem

> SSH V2

Security (Port/Access)

> SNMP v3 encryption

Element management through


3Com Network Administrator

77

End of Chapter