Sun Fire B1600 Chassis and B100s, B100x, and B200x Blade Product Notes
|
|
The System Chassis's Integrated Switch
|
This chapter contains the following sections:
6.1 Switch Firmware Issues
The following known problems apply to the current release of the switch firmware for this product:
- 4899178: Blade network traffic is only allowed through the IP filter on the VLAN configured as the management VLAN.
The management VLAN is the VLAN that has been assigned an IP address to allow network access to the switch's management interfaces (by default this is VLAN2). Other VLANs can be assigned to the NETMGT port to allow blades to talk to particular hosts on the management network. The usual way to do this would be to put particular blades and particular hosts that are on the management network onto a tagged VLAN that is separate from the management VLAN. However, the switch's packet filter will not forward any traffic from the blades to the management network unless that traffic is for the management VLAN. This is a problem that will be fixed in the next release of the switch firmware. It means that traffic from the blades will not be seen by hosts on the management network that are external to the chassis (in other words, only other blades in the chassis will see the traffic) unless the blade, the switch, and the external hosts involved are all on the management VLAN. Note that the configurations for multiple tenants described in Chapter 7 of the Sun Fire B1600 Blade System Chassis Software Setup Guide will not be possible until this problem has been fixed.
- 4854587: It is possible that the System Controller will reset the switch when the switch is executing commands that require unusually intensive processing: The SC continuously polls the switch for status as part of the system healthcheck.Itis theoretically possible that, while executing commands requiring unusually intensive processing, the switch will be unable to respond to the SC's status request within the timeout period because it must first complete execution of a process-intensive command.
This should not happen during normal operation. The problem was observed when a user sent a sequence of lengthy commands (for example, commands adding many VLANs to a port) to the switch without waiting for the prompt between each command. This filled the switch's input buffer and blocked the status poll messages.
To avoid the problem, always wait for one command to complete before issuing another command on the CLI. If you are using scripts this is especially important.
- 4871779: Blades are unable to receive multicast packets when IGMP querying is enabled.
Multicasting on the switch does not work correctly if the IP address for the switch is not configured. This is only likely to be the case if the IP address is configured by DHCP and the DHCP process has failed for any reason. If necessary, you can work around the problem by specifying an IP address for the switch manually:
Console#configure
Console(config)#ip address ip address netmask
|
- 4885056: The switch does not have ingress filtering enabled by default.
By default ingress filtering is set to disabled. This allows packets from VLANs other than the VLANs explicitly enabled on each port to pass through the switch. This is a security risk. To enable ingress filtering on the switch, you must enable it on each port individually. The following example demonstrates how to enable it for NETP0. Repeat the commands for each port (from NETP1 through NETP7 and SNP0 through SNP15) and aggregate link (port-channel):
Console#configure
Console(config)#interface ether NETP0
Console(config-if)#switchport ingress-filtering
|
- 4894936: Auto-negotiation and speed/duplex mode cannot be configured on the NETMGT port
The NETMGT port's speed and duplex mode are fixed at 100Mbps and full duplex. This is not manually configurable. However, it is possible to connect to the NETMGT port using a 10BaseT full- or half-duplex connection, or a 100BaseT full- or half-duplex connection. If you do this, the switch's internal hub negotiates the speed and duplex mode automatically with the interface at the other end of the connection. If you attempt to set the speed and duplex mode for NETMGT manually, you will receive an error message to the effect that the interface ethernet NETMGT speed-duplex command failed. In future releases of the switch firmware the error message will explain that NETMGT cannot be manually configured using this command.
- 4780304: Adding a port to the forbidden VLAN list sometimes fails to remove the VLAN from that port's VLAN list
This error is only seen when the port you are trying to add to the forbidden list is the last VLAN on that port's VLAN list (apart from the native VLAN, which can never be removed). Firmware that fixes this problem is now available from http://sunsolve.sun.com (patch number: 114783-xx).
- 4876495: The port status is unstable
There is a known problem with Spanning Tree (STP and RSTP) when it is used with aggregated links. When you have an aggregated link (a single link comprised of multiple ports) between two switches and you enable spanning tree on that aggregated link, the spanning tree control packets on the trunk link are not reliably received by the switch in the chassis. The effect of this is that spanning tree does not converge, the port state of the aggregate link keeps changing, and network connectivity is likely to be disrupted. Firmware that fixes this problem is now available from http://sunsolve.sun.com (patch number: 114783-xx). Until you have the fixed firmware installed, do not enable spanning tree (either STP or RSTP) on any aggregated link.
- 4804804: no switchport allowed vlan command fails
There is a known problem with the no switchport allowed vlan command that enables you to remove all VLANs except the native VLAN from a particular port. Issuing this command on a port that has learned a VLAN by using GVRP causes the learned VLAN to be assigned to the switch's VLAN database as a static VLAN instead of being removed from the database. If you need to remove static VLANs from a port that has GVRP enabled, we recommend you use the no switchport allowed vlan remove vlanid command (where vlanid is the number identifying the static). If you do use the no switchport allowed vlan command, you must delete manually from the VLAN database any unrequired VLANs.
To do this, type the following:
Console#configure
Console(config)#vlan database
Console(config)#no vlan vlanid
|
where vlanid is the number identifying a VLAN that you want to remove from the switch's database. Firmware that fixes this problem is now available from http://sunsolve.sun.com (patch number: 114783-xx).
- Sometimes error messages from the switch refer to ports by number instead of name. The correct mapping of port names to port numbers is:
Port Names
|
Port Numbers
|
SNP0-SNP15
|
1/1-1/16
|
NETP0-NETP7
|
1/17-1/24
|
NETMGT
|
1/25
|
- The integrated switches on the Sun Fire B1600 blade system chassis are each composed of two switch chips linked together. It is only possible to mirror the traffic on one port by using another port that is on the same switch chip. And it is only possible to enable flow control between two ports on the same switch chip. The ports NETP0, NETP1, NETP4, NETP5, and SNP8 through SNP15 are on one switch chip. The ports NETP2, NETP3, NETP6, NETP7 and SNP0 through SNP7 are on the other.
- Multiple Spanning Tree Protocol: the spanning tree mst commands are not available in the current release of the switch firmware.
- The switch's DHCP client identifier is set by the System Controller. This means that, if you set it using the switch's command-line interface, web GUI, or by using the SNMP interface to the switch, the setting you specify will be overwritten by the System Controller next time the switch boots. The command to change the DHCP client identifier will be removed from the next release of the switch firmware.
- 4831855: Date set incorrectly on the switch.
If you set the date on the System Controller (SC) to anything other than the first of the month, then the datestamp on events logged by the switch afterwards will one day behind the current date on the System Controller. For example, if the date according to the System Controller is Wednesday March 26, 2003, then the datestamp on switch event logs will have the datestamp become 3/25/3. The only workaround for this is to wait until the first of the next month, and reset the date on the System Controller.
- 4804197: AN983 internal loopback test reports false failure
There is a remote possibility that an inaccurate failure report will be generated by the AN983 internal loopback test performed during a switch reset (including following execution of the reload command). If the NETMGT port is accessible from the network, then you can ignore the failure report. The failure will persist over several resets until the SSC undergoes a hard reset (in other words, until you power cycle the SSC. If you close down all web, SNMP, and telnet connections to the switch before you perform the reset, you will not see this problem.
- 4799549: Broadcast ping from a blade on the management network will not receive a response from any external hosts
If you issue a broadcast ping onto the management network from a server blade, you will not receive any responses from host devices external to the switch (in other words, you will only receive a response from the switch's NETMGT port and from other blades inside the chassis that are also on the management network). This is a known problem and it will be fixed in the next release. However, you can ping known hosts individually on the management network. And if you log into a known host on the management network and issue the broadcast ping from there, you will receive a response from all the host devices on the management network (including all the host devices inside the chassis that are on the management network). Firmware that fixes this problem is now available from http://sunsolve.sun.com (patch number: 114783-xx).
- The switch's DHCP client identifier is set by the System Controller. This means that, if you set it using the switch's command-line interface, web GUI, or by using the SNMP interface to the switch, the setting you specify will be overwritten by the System Controller next time the switch boots. The command to change the DHCP client identifier will be removed from the next release of the switch firmware.
- 4795640: Resetting with the factory default configuration causes provisioning errors
Saving a copy of the switch's factory default configuration file (or saving a modified copy of this file) generates errors if the switch is then rebooted with the saved copy specified as the startup configuration file. You will only see these errors if you press p when asked if you want to view details of the startup provisioning. The errors can be ignored.
- 4773404: No traffic statistics available for the NETMGT port
There is a known problem with the command for viewing traffic statistics. The output for the NETMGT port when you run the show interfaces counters ethernet NETMGT command (from the console# prompt) contains zeroes instead of valid data. There is currently no workaround for this problem.
- 4773404: No MAC address table available for the NETMGT port
(This issue has the same Sun number as the previous issue.) There is a problem with the command for displaying the MAC address table for the NETMGT port. The show mac-address-table interface ethernet NETMGT command (from the console# prompt) always displays an empty table. There is currently no workaround for this problem.
- 4789838: LACP sometimes fails if GVRP is enabled
There is a known problem with the operation of the link aggregation control protocol and the dynamic VLAN configuration protocol GVRP. It is not possible for the LACP protocol to operate reliably if GVRP is enabled. Therefore, if you are using GVRP do not enable LACP. Firmware that fixes this problem is now available from http://sunsolve.sun.com (patch number: 114783-xx).
- 4773408: Spanning tree mode cannot be set when spanning tree support is disabled
Setting the spanning tree mode for the switch can only be done when spanning tree is enabled. If you wish to set the initial spanning tree mode for the switch to a particular setting (for example in a configuration file) you must ensure that spanning tree is enabled before issuing the spanning-tree mode command. Type:
Console#configure
Console(config)#spanning-tree
Console(config)#spanning-tree mode rstp
|
To change the initial spanning tree mode from the default (RSTP) to STP with spanning tree disabled, type:
Console#configure
Console(config)#spanning-tree
Console(config)#spanning-tree mode rstp
Console(config)#no spanning-tree
|
- 4790634: The SSC-to-switch communication protocol might not supply the switch's DHCP client identifier in time for the switch to make a DHCP request
On a reset of the switch after the SSC unit has been moved into a different slot or into a new chassis (or after the DHCP client identifier has been changed manually from the switch's command-line interface), it is theoretically possible that the switch will make two DHCP requests. This has not been observed in testing. There is currently no workaround for this issue; however, there are no serious consequences of it either.
6.2 Issues Affecting the Web Graphical User Interface to the Switch
A graphical user interface (GUI) is available for configuring the switch. To access it, point a web browser at the host name or IP address you have used for the switch.
The following problems have been observed during testing of the web GUI. Sun bug numbers are included where these are available.
- 4743657, 4744678, 4772618: The Software Download and Upload page gives no indication of progress during the download and upload
When the Software Download and Upload window refreshes itself, the transfer operation is not fully complete. A further few minutes are required for the new firmware to be programmed into flash memory (from switch RAM). Do not attempt to perform another download until you can see the first file appear in file list when you click the Reload button on your browser.
- 4876509: Minor display problems when Internet Explorer is used to access the web GUI
There are some minor display problems associated with the use of Internet Explorer to access the web Graphical User Interface. For example, highlighting an item in a list box might cause the disappearance of the next item in the list. If you experience a problem with the display, correct it by refreshing the page.
- 4879052: The switch's web server hangs if you try to configure port mirroring incorrectly
On the page Sun Fire B1600 => Monitoring => Port Mirroring do not click the "Remove" button without first selecting a port. If you do click the "Remove" button and you have "None" selected, your GUI session will hang, and no other users will be able to log into the GUI. To regain access (for yourself and other users) to the web GUI, you must reset the switch.
- 4743657, 4744678, 4772618: The Software Download and Upload page gives no indication of progress during the download and upload
When the Software Download and Upload window refreshes itself, the transfer operation is not fully complete. A further few minutes are required for the new firmware to be programmed into flash memory (from switch RAM). Do not attempt to perform another download until you can see the first file appear in file list when you click the Reload button on your browser.
- 4829016: Address tables displayed incorrectly
This issue concerns the Switch Config=>Address Tables window. If a port has learned some MAC addresses, then querying the address table for a port or VLAN should display the type of address as `permanent/dynamic/delete on reset'. If the port is made into a secure port from the Up Links=>Static Addresses window, then any dynamically learned addresses are displayed as `EMPTY' when they should be displayed as of type `Learned-PSEC'.
- 4828965: Disabling global GVRP state prevents dynamic VLANs from leaving ports
If you disable GVRP globally on the switch by issuing the following command:
Console(config)#no bridge-ext gvrp
|
then VLANs that have been learned dynamically are not dropped even after the GVRP leave-all timer has expired (normally 10 seconds). These VLANS remain active on the ports that learned them, and you must remove them manually. The following sample command removes the dynamically learned VLAN called vlan 3 from NETP4:
Console#show vlan
VLAN Type Name Status Ports/Channel groups
---- ------- ---------------- --------- -----------------------
1 Static DefaultVlan Active SNP0 SNP1 SNP2
SNP3 SNP4 SNP5
SNP6 SNP7 SNP8
SNP9 SNP10 SNP11
SNP12 SNP13 SNP14
NETP0 NETP1 NETP2
NETP3 NETP4 NETP5
NETP6 NETP7
2 Static MgtVlan Active NETMGT
3 Dynamic Active NETP4
Console#configure
Console(config)#interface ether NETP4
Console(config-if)#switchport allowed vlan remove 3
Console(config-if)#exit
Console(config)#vlan database
Console(config-vlan)#no vlan 3
|
- Error messages are incomplete.
- The web GUI (Monitoring=>Port Statistics=>NETMGT) cannot provide traffic statistics for the NETMGT port. The data for the NETMGT port appears as zeroes instead of valid data. There is currently no workaround for this problem.
- Adding packet filtering rules from the Management Port=>Packet Filtering page must be performed with care, because blank fields on the page will default to a value of zero. Make sure that you have entered a value into every field you require, and check that the rule displayed when you click Add is the rule that you require. In particular, the Protocol Number box next to the Protocol Name box will accept a protocol name (instead of a numerical value) without displaying an error, and if you type a name instead of a numerical value the field defaults to zero.
- The pages of the web GUI include options for configuring an HTTPS server. This functionality is not enabled in the current release of the switch firmware.
- The web GUI (Switch Config=>Address Tables=>NETMGT Port ID) cannot display the MAC address table for the NETMGT port. This table is always empty. There is currently no workaround for this problem.
- The web GUI (Switch Config=>Spanning Tree=>View=>MST instance configuration
=>MST Instance Setup) the multiple spanning tree options are not configurable in the current release of the switch firmware.
6.3 The Term "Trunk" Meaning Either an Aggregated Link Or a Tagged VLAN Connection
There is confusion in the networking industry over the term "trunking" because it is used to refer both to link aggregation and to tagged VLAN connections between two switches. In the first of these senses it means a redundant high-bandwidth path between two switches. In the second it means a network connection on a LAN segment that is populated only with VLAN-aware devices.
6.3.1 Aggregated Links
You may have encountered the term "trunking" in the sense of link aggregation if you have used the Sun Trunking 1.2.1 product.
Ports can be statically grouped into an aggregate link to increase the bandwidth of a network connection or to ensure fault recovery. Alternatively, you can use the Link Aggregation Control Protocol (LACP) which automatically negotiates an aggregated link between the switch and another network device. For static aggregated links, the switches must be of the same type. For dynamic aggregated links, the switches simply have to comply with LACP. The switch in the blade system chassis supports up to six aggregated links. An aggregated link consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex.
To implement a configuration combining the ports NETP0 and NETP1 into an aggregated link called channel group 1, you would type the following commands:
Console#configure
Console(config)#interface port-channel 1
Console(config-if)#exit
Console(config)#interface ethernet NETP0
Console(config-if)#channel-group 1
Console(config-if)#exit
Console(config)#interface ethernet NETP1
Console(config-if)#channel-group 1
Console(config-if)#exit
Console(config)#exit
Console#
|
6.3.2 Switch-to-switch Tagged VLAN Trunk Connections
The Sun Fire B1600 Blade System Chassis Switch Administration Guide also uses the term "trunking" in the sense of a point-to-point tagged VLAN connection between two switches. Section 4.3.12 tells you how to configure the chassis's end of a connection like this to an external switch, and section 4.3.12.4 tells you how to use the "switchport mode" command to specify that the connection is a "trunk" (as opposed to a "hybrid") connection. If you specify "trunk" the port transmits and receives tagged frames only - in other words, it sends and receives only frames that identify their source VLAN. (However, note that it sends frames belonging to its default VLAN untagged.) If you specify "hybrid" the port will transmit and receive tagged and untagged frames.
To set the configuration mode for port SNP3, and then to set the switchport mode to trunk for VLANs 12 and 22, you would type the following commands:
Console#configure
Console(config)#interface ethernet SNP3
Console(config-if)#switchport allowed vlan add 12 tagged
Console(config-if)#switchport allowed vlan add 22
Console(config-if)#switchport native vlan 22
Console(config-if)#switchport allowed vlan remove 1
Console(config-if)#switchport ingress-filtering
Console(config-if)#switchport mode trunk
Console(config-if)#switchport acceptable-frame-types tagged
Console(config-if)#end
|
6.4 Setting up a Tagged VLAN Trunk With Cisco Switches
There is a known problem with setting a switch port to trunk mode if that port is connected to a port on a Cisco switch also in trunk mode (note that we use the word "trunk" in the sense of a point-to-point link, not in the sense of an aggregated link). This is because of a standardization issue (Cisco comply with the Cisco standard whereas the switch in the blade system chassis complies with the IEEE 802.1Q standard). It means that it will drop frames from the Cisco switch port's native VLAN.
To work around this problem, you need to configure the system chassis's switch port to hybrid (not trunk) mode, make sure that it has the same native VLAN Id as the Cisco switch, and also make sure that all the VLANs requiring connection to the Cisco switch have been added to the port. You must also stop packets for VLANs that the port is not a member of from entering the port.
Commands for a sample workaround are printed below. These assume a system chassis port (NETP0) with VLAN 1 as its native VLAN and hybrid as its link mode (this is the factory default configuration for the system chassis's network ports).
The commands for the sample workaround also assume a Cisco switch port with trunk as itslink mode, VLAN 10 as its native VLAN, and additional membership of VLANs 11 and 12.
The commands for the workaround in this scenario are:
Console#configure
Console(config)#interface ethernet NETP0
Console(config-if)#switchport allowed vlan add 10
Console(config-if)#switchport native vlan 10
Console(config-if)#switchport allowed vlan remove 1
Console(config-if)#switchport allowed vlan add 11 tagged
Console(config-if)#switchport allowed vlan add 12 tagged
Console(config-if)#switchport ingress-filtering
Console(config-if)#end
Console(config)#
|
Sun Fire B1600 Chassis and B100s, B100x, and B200x Blade Product Notes
|
817-5626-12
|
|
Copyright © 2004, Sun Microsystems, Inc. All rights reserved.