Juniper-networks EX2500 Manuel d'utilisateur

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089USA408-745-2000www.juniper.netRevision 3Juniper Networks EX2500 Ethernet SwitchConf

x  List of TablesEX2500 Ethernet Switch Configuration Guide

EX2500 Ethernet Switch Configuration Guide86  Configuring Port MirroringFigure 15: Monitoring PortsAs shown in Figure 15, port 2 is acting as a moni

Indexes  87Part 3Indexes Index on page 89

EX2500 Ethernet Switch Configuration Guide88  Indexes

Index  89IndexNumerics802.1p priority for QoS ...65802.1Q VLAN tagging ...

90  IndexEX2500 Ethernet Switch Configuration GuideFFailure Detection Pair ...80Fast Uplink Convergen

Index  91Indexprivate VLANs ...31promiscuous port ...

92  IndexEX2500 Ethernet Switch Configuration Guidetechnical termsAssured Forwarding (AF)...63Class Selector (CS)

Objectives  xiAbout This GuideThis preface provides the following guidelines for using the Juniper Networks EX2500 Ethernet Switch Configuration Guid

EX2500 Ethernet Switch Configuration Guidexii  Documentation ConventionsDocumentation ConventionsTable 1 describes the notice icons used in this manu

List of Technical Publications  xiiiAbout This GuideList of Technical PublicationsTable 3 lists the documentation supporting the EX2500 Ethernet Swit

EX2500 Ethernet Switch Configuration Guidexiv  Requesting Technical SupportSelf-Help Online Tools and ResourcesFor quick and easy problem resolution,

EX2500 Ethernet Switch Applications  1Part 1EX2500 Ethernet Switch ApplicationsThis configuration guide will help you plan, implement, and administer

EX2500 Ethernet Switch Configuration Guide2  EX2500 Ethernet Switch Applications

Configuring the Management Interface  3Chapter 1Accessing the SwitchThe EX2500 software provides a means for accessing, configuring, and viewing info

EX2500 Ethernet Switch Configuration Guide4  Dynamic Host Configuration Protocol3. Configure the management IP address, subnet mask, and default gate

Using Telnet  5Chapter 1: Accessing the SwitchDHCP is an extension of another network IP management protocol, Bootstrap Protocol (BOOTP), with an add

ii Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, ScreenOS, and Steel-Belted Radius are registered trademarks of Juniper Networks, In

EX2500 Ethernet Switch Configuration Guide6  Using the EX2500 Web Device ManagerBy default, EX2500 Web Device Manager access is enabled on the switch

Using SNMP  7Chapter 1: Accessing the SwitchThe EX2500 Web Device Manager is organized at a high level as follows: Context tabs—These tabs allow you

EX2500 Ethernet Switch Configuration Guide8  Using SNMPSNMPv3SNMPv3 is an enhanced version of the Simple Network Management Protocol, approved by the

Using SNMP  9Chapter 1: Accessing the Switch2. Configure a user access group, along with the views the group may access. Use the access table to conf

EX2500 Ethernet Switch Configuration Guide10  Securing Access to the SwitchSNMPv3 Trap Host ConfigurationTo configure a user for SNMPv3 traps, you ca

Securing Access to the Switch  11Chapter 1: Accessing the SwitchRADIUS Authentication and AuthorizationThe EX2500 switch supports the RADIUS (Remote

EX2500 Ethernet Switch Configuration Guide12  Securing Access to the Switch3. If desired, you may change the default UDP port number used to listen t

Securing Access to the Switch  13Chapter 1: Accessing the SwitchSwitch User AccountsThe user accounts listed in Table 4 can be defined in the RADIUS

EX2500 Ethernet Switch Configuration Guide14  Securing Access to the SwitchAccountingAccounting is the action of recording a user's activities o

Securing Access to the Switch  15Chapter 1: Accessing the SwitchHow TACACS+ Authentication WorksTACACS+ works in much the same way as RADIUS authenti

Table of Contents  iiiTable of ContentsAbout This Guide xiObjectives ...

EX2500 Ethernet Switch Configuration Guide16  Securing Access to the SwitchIf the remote user is successfully authenticated by the authentication ser

Securing Access to the Switch  17Chapter 1: Accessing the Switchaccounting request, cmd=shell, cmd-arg=interface ipauthorization request, cmd=shell,

EX2500 Ethernet Switch Configuration Guide18  Securing Access to the SwitchThe EX2500 implementation of SSH supports versions 1.0 and 2.0 and SSH cli

Securing Access to the Switch  19Chapter 1: Accessing the SwitchA value of 0 (zero) denotes that RSA server key autogeneration is disabled. When the

EX2500 Ethernet Switch Configuration Guide20  Securing Access to the SwitchUser Access Control The end user access control commands allow you to conf

Securing Access to the Switch  21Chapter 1: Accessing the SwitchLogging In to an End User AccountOnce an end user account is configured and enabled,

EX2500 Ethernet Switch Configuration Guide22  Securing Access to the Switch

VLAN Overview  23Chapter 2VLANsThis chapter describes network design and topology considerations for using Virtual Local Area Networks (VLANs). VLANs

EX2500 Ethernet Switch Configuration Guide24  VLANs and Port VLAN ID NumbersVLANs and Port VLAN ID NumbersVLAN NumbersThe EX2500 switch supports up t

VLAN Tagging  25Chapter 2: VLANsVLAN TaggingEX2500 software supports 802.1Q VLAN tagging, providing standards-based VLAN support for Ethernet systems

iv  Table of ContentsEX2500 Ethernet Switch Configuration GuideTACACS+ Authentication...

EX2500 Ethernet Switch Configuration Guide26  VLAN TaggingFigure 1: Default VLAN SettingsWhen a VLAN is configured, ports are added as members of th

VLAN Tagging  27Chapter 2: VLANsFigure 2: Port-Based VLAN AssignmentAs shown in Figure 3, the untagged packet is marked (tagged) as it leaves the sw

EX2500 Ethernet Switch Configuration Guide28  VLAN Topologies and Design ConsiderationsAs shown in Figure 5, the tagged packet remains unchanged as i

VLAN Topologies and Design Considerations  29Chapter 2: VLANs All ports that are involved in port mirroring must have memberships in the same VLANs.

EX2500 Ethernet Switch Configuration Guide30  VLAN Topologies and Design ConsiderationsUse the following procedure to configure the sample network sh

Private VLANs  31Chapter 2: VLANsPrivate VLANsPrivate VLANs provide Layer 2 isolation between the ports within the same broadcast domain. Private VLA

EX2500 Ethernet Switch Configuration Guide32  Private VLANsPrivate VLAN Configuration GuidelinesThe following guidelines apply when configuring priva

Spanning Tree Overview  33Chapter 3Spanning Tree ProtocolWhen multiple paths exist on a network, Spanning Tree Protocol configures the network so tha

EX2500 Ethernet Switch Configuration Guide34  Spanning Tree OverviewThe relationship between port, trunk groups, VLANs, and spanning trees is shown i

Spanning Tree Overview  35Chapter 3: Spanning Tree ProtocolPort PriorityThe port priority helps determine which bridge port becomes the root or desig

Table of ContentsTable of Contents vPVRST Configuration Guidelines ...40Configuring PVRST

EX2500 Ethernet Switch Configuration Guide36  Spanning Tree Overview Each STG must have a VLAN assigned to it before it becomes functional. You cann

Rapid Spanning Tree Protocol  37Chapter 3: Spanning Tree Protocol When you remove a port from a VLAN that belongs to an STG, that port is removed fr

EX2500 Ethernet Switch Configuration Guide38  Rapid Spanning Tree ProtocolPort Type and Link TypeSpanning tree configuration includes the following p

Per VLAN Rapid Spanning Tree  39Chapter 3: Spanning Tree ProtocolPer VLAN Rapid Spanning TreePer VLAN Rapid Spanning Tree Plus Protocol (PVRST+) enha

EX2500 Ethernet Switch Configuration Guide40  Per VLAN Rapid Spanning TreeIn Figure 8, VLAN 1 and VLAN 2 belong to different Spanning Tree Groups. Th

Multiple Spanning Tree Protocol  41Chapter 3: Spanning Tree ProtocolMultiple Spanning Tree ProtocolMultiple Spanning Tree Protocol (MSTP) extends Rap

EX2500 Ethernet Switch Configuration Guide42  Multiple Spanning Tree ProtocolFigure 9 shows how multiple spanning trees can provide redundancy withou

Fast Uplink Convergence  43Chapter 3: Spanning Tree ProtocolAdd server ports 1 and 2 to VLAN 1. Add uplink ports 19 and port 20 to VLAN 1.ex2500(conf

EX2500 Ethernet Switch Configuration Guide44  Fast Uplink ConvergenceConfiguration GuidelinesWhen you enable Fast Uplink Convergence, the EX2500 swit

Trunking Overview  45Chapter 4Ports and TrunkingTrunk groups can provide super-bandwidth, multi-link connections between switches or other trunk-capa

vi  Table of ContentsEX2500 Ethernet Switch Configuration GuideChapter 6 Remote Monitoring 67RMON Overview ...

EX2500 Ethernet Switch Configuration Guide46  Trunking OverviewEach packet’s particular MAC or IP address information results in selecting one line i

Port Trunking Configuration Example  47Chapter 4: Ports and Trunking Each trunk inherits its port configuration (speed, flow control, tagging) from

EX2500 Ethernet Switch Configuration Guide48  Configurable Trunk Hash AlgorithmExamine the resulting information. If any settings are incorrect, make

Link Aggregation Control Protocol  49Chapter 4: Ports and TrunkingYou can select a minimum of one or a maximum of two parameters to create one of the

EX2500 Ethernet Switch Configuration Guide50  Link Aggregation Control ProtocolA port’s Link Aggregation Identifier (LAG ID) determines how the port

Link Aggregation Control Protocol  51Chapter 4: Ports and TrunkingUse the following command to check whether the ports are trunked: ex2500# show lacp

EX2500 Ethernet Switch Configuration Guide52  Link Aggregation Control Protocol1. Define the admin key on port 7. Only ports with the same admin key

QoS Overview  53Chapter 5Quality of ServiceQuality of Service features allow you to allocate network resources to mission-critical applications at th

EX2500 Ethernet Switch Configuration Guide54  Using ACL FiltersFigure 11: QoS ModelThe basic QoS model works as follows:  Classify traffic:  Read

Using ACL Filters  55Chapter 5: Quality of ServiceEach ACL contains rules that define the matching criteria for data packets. The ACL checks each pac

List of Figures  viiList of FiguresFigure 1: Default VLAN Settings...26Figure 2: Por

EX2500 Ethernet Switch Configuration Guide56  Using ACL FiltersIP Extended ACLsThe switch supports up to 128 IP ACLs (standard and extended), numbere

Using ACL Filters  57Chapter 5: Quality of Service Understanding ACL PriorityEach ACL has a unique priority value, based on its number. The lower the

EX2500 Ethernet Switch Configuration Guide58  Using ACL FiltersWhen you assign an ACL to a port, the ACL acts only upon ingress traffic, not egress t

Using ACL Filters  59Chapter 5: Quality of Service1. Configure an Access Control List. ex2500(config)# access-list ip 150 standard ex2500(config-std-

EX2500 Ethernet Switch Configuration Guide60  Using ACL Filtersex2500(config-if)# exitACL Example 4—Blocking All Except Certain PacketsUse this confi

Using Storm Control Filters  61Chapter 5: Quality of ServiceUsing Storm Control FiltersThe EX2500 switch provides filters that can limit the number o

EX2500 Ethernet Switch Configuration Guide62  Using DSCP Values to Provide QoSUsing DSCP Values to Provide QoSThe switch uses the Differentiated Serv

Using DSCP Values to Provide QoS  63Chapter 5: Quality of ServicePer Hop BehaviorThe DSCP value determines the Per Hop Behavior (PHB) of each packet.

EX2500 Ethernet Switch Configuration Guide64  Using DSCP Values to Provide QoSQoS LevelsTable 16 shows the default service levels provided by the swi

Using 802.1p Priority to Provide QoS  65Chapter 5: Quality of ServiceUsing 802.1p Priority to Provide QoSThe EX2500 switch provides Quality of Servic

viii  List of FiguresEX2500 Ethernet Switch Configuration Guide

EX2500 Ethernet Switch Configuration Guide66  Queuing and SchedulingQueuing and SchedulingThe EX2500 switch has eight output Class of Service (COS) q

RMON Overview  67Chapter 6Remote MonitoringRemote Monitoring (RMON) allows network devices to exchange network monitoring data. The following topics

EX2500 Ethernet Switch Configuration Guide68  RMON Group 1—StatisticsRMON Group 1—StatisticsThe switch supports collection of Ethernet statistics as

RMON Group 2—History  69Chapter 6: Remote MonitoringRMON Group 2—HistoryThe RMON History Group allows you to sample and archive Ethernet statistics f

EX2500 Ethernet Switch Configuration Guide70  RMON Group 3—Alarms3. View RMON history for the port. ex2500(config)# show rmon historyRMON is enable

RMON Group 9—Events  71Chapter 6: Remote MonitoringRMON Group 9—EventsThe RMON Event Group allows you to define events that are triggered by alarms.

EX2500 Ethernet Switch Configuration Guide72  RMON Group 9—Events

IGMP Snooping  73Chapter 7IGMPInternet Group Management Protocol (IGMP) is used by IP Multicast routers to learn about the existence of host group me

EX2500 Ethernet Switch Configuration Guide74  FastLeaveThe switch can sense IGMP Membership Reports from attached clients and can act as a proxy to s

IGMPv3 Snooping  75Chapter 7: IGMPWith FastLeave enabled on the VLAN, a port can be removed immediately from the port list of the group entry when th

List of Tables  ixList of TablesTable 1: Notice Icons... xiiTable 2:

EX2500 Ethernet Switch Configuration Guide76  IGMP Snooping Configuration ExampleIGMP Snooping Configuration ExampleThis section provides steps to co

IGMP Querier  77Chapter 7: IGMPThe IGMP version is set for each VLAN, and cannot be configured separately for each Mrouter. 2. Verify the configurati

EX2500 Ethernet Switch Configuration Guide78  IGMP Querier

High Availability Overview  79Chapter 8High Availability Through Uplink Failure DetectionThis chapter describes how to use Uplink Failure Detection (

EX2500 Ethernet Switch Configuration Guide80  Failure Detection PairFigure 14: Uplink Failure Detection ExampleFailure Detection PairTo use UFD, you

UFD Configuration Example  81Chapter 8: High Availability Through Uplink Failure Detection Ports that are already members of a trunk group are not a

EX2500 Ethernet Switch Configuration Guide82  Monitoring UFD

Appendixes  83Part 2Appendixes “Monitoring Ports with Port Mirroring” on page 85 discusses the main tool for troubleshooting your switch—monitoring

EX2500 Ethernet Switch Configuration Guide84  Appendixes

Port Mirroring Overview  85Appendix AMonitoring Ports with Port MirroringThis appendix explains port mirroring to help you monitor ports and troubles