VLAN Fault Isolation User's Guide (9033543)ehealth-spectrum.ca.com/support/secure/products/Spectrum...VLAN Fault Isolation Page 3 Restricted Rights Notice (Applicable to licenses to

VLAN Fault IsolationUser’s Guide

SPECTRUM Enterprise ManagerNetwork Management

Titlepage

VLAN Fault Isolation Page 2

NoticeAprisma Management Technologies, Inc. (Aprisma) reserves the right to make changes inspecifications and other information contained in this document without prior notice. The readershould in all cases consult Aprisma to determine whether any such changes have been made.The hardware, firmware, or software described in this manual is subject to change without notice.IN NO EVENT SHALL APRISMA, ITS EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, ORAFFILIATES BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIALDAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUTOF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IFAPRISMA HAS BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITYOF SUCH DAMAGES.

Copyright © June 2000 by Aprisma Management Technologies, Inc. All rights reserved.Printed in the United States of America.Order Number: 9033543

Aprisma Management Technologies, Inc.121 Technology WayDurham NH 03824

SPECTRUM, the SPECTRUM IMT/VNM logo, DCM, IMT, and VNM are registered trademarks,and SpectroGRAPH , SpectroSERVER , Inductive Modeling Technology , DeviceCommunications Manager , and Virtual Network Machine are trademarks of Aprisma or itsaffiliates.C++ is a trademark of American Telephone and Telegraph, Inc.UNIX is a trademark of UNIX System Laboratories, Inc.OSF/Motif and Motif are trademarks of the Open Software Foundation, Inc.X Window System is a trademark of X Consortium, Inc.Ethernet is a trademark of Xerox Corporation.

Virus DisclaimerAprisma makes no representations or warranties to the effect that the Licensed Software is virus-free.Aprisma has tested its software with current virus checking technologies. However, because noanti-virus system is 100% reliable, we strongly caution you to write protect and then verify that theLicensed Software, prior to installing it, is virus-free with an anti-virus system in which you haveconfidence.


Restricted Rights Notice(Applicable to licenses to the United States Government only.)1. Use, duplication, or disclosure by the Government is subject to restrictions as set forth in

subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause atDFARS 252.227-7013.

Aprisma Management Technologies, Inc., 121 Technology Way, Durham, New Hampshire 03824.

2. (a) This computer software is submitted with restricted rights. It may not be used, reproduced,or disclosed by the Government except as provided in paragraph (b) of this Notice or asotherwise expressly stated in the contract.

(b) This computer software may be:

(1) Used or copied for use in or with the computer or computers for which it was acquired,including use at any Government installation to which such computer or computers maybe transferred;

(2) Used or copied for use in a backup computer if any computer for which it was acquired isinoperative;

(3) Reproduced for archival or backup purposes;

(4) Modified, adapted, or combined with other computer software, provided that the modified,combined, or adapted portions of the derivative software incorporating restrictedcomputer software are made subject to the same restricted rights;

(5) Disclosed to and reproduced for use by support service contractors in accordance withsubparagraphs (b) (1) through (4) of this clause, provided the Government makes suchdisclosure or reproduction subject to these restricted rights; and

(6) Used or copied for use in or transferred to a replacement computer.

(c) Notwithstanding the foregoing, if this computer software is published copyrighted computersoftware, it is licensed to the Government, without disclosure prohibitions, with the minimumrights set forth in paragraph (b) of this clause.

(d) Any other rights or limitations regarding the use, duplication, or disclosure of this computersoftware are to be expressly stated in, or incorporated in, the contract.

(e) This Notice shall be marked on any reproduction of this computer software, in whole or in part.

Contents Contents


ContentsPreface 6

Introduction 9

VLAN Overview ............................................................................................................9Types of VLANs ......................................................................................................10Benefits of VLANs ..................................................................................................11

SPECTRUM and VLANs ............................................................................................12Beyond the Bounds of Standards ...........................................................................13Device Discovery ....................................................................................................13Configuration ..........................................................................................................13SecureFast VLAN Management Module ................................................................13Dynamic Adaptive Modeling ...................................................................................14VLAN Fault Isolation ...............................................................................................14Alarms in VLAN Domains .......................................................................................15

VLAN Fault Isolation Views ........................................................................................15

Using VLAN Fault Isolation 19

Preparing to Use VLAN Fault Isolation ......................................................................19Set Up VLAN Domains ...........................................................................................19Create VLANs .........................................................................................................20Model VLAN Domain(s) ..........................................................................................20

AutoDiscovery .....................................................................................................20Manual Modeling .................................................................................................20

Manually Editing Topology Views ...........................................................................21Isolating VLAN Faults .................................................................................................21Using the VLAN List View ..........................................................................................22

User View ...............................................................................................................22Port View ................................................................................................................23Options ...................................................................................................................25

Specifying the SPECTRUM VLAN Modeling Configuration Interval ...................26Reading Switch Tables Immediately ...................................................................27Specifying the VLAN Configuration Tool Path ....................................................27Launching the VLAN Configuration Tool .............................................................27

Contents Contents


Using the VLAN Find Feature .................................................................................27

Theory of Operations 29

VLAN Fault Isolation Operations ................................................................................29

VLAN Terminology 31

Index 41


Preface

This preface provides an introduction to the SPECTRUM VLAN Fault Isolationdocumentation, discusses who should read this guide, describes how the guide isorganized, and provides information about viewing and printing this document.

Welcome to the SPECTRUM VLAN Fault Isolation User’s Guide. This book is a guide to using SPECTRUM VLAN Fault Isolation. It provides an overview of VLAN Fault Isolation, provides instructions on how to use VLAN Fault isolation, describes how VLAN Fault Isolation works, and includes a glossary of VLAN related terms.

Who Should Read This GuideThis guide is intended for use by network administrators and technicians responsible for day-to-day administration of a network.

This guide presumes you are familiar with the terms and principles associated with traditional network devices such as hubs, routers, and bridges, the terms and principles associated with VLAN networks, as well as with the terms and principles associated with SPECTRUM. It also presumes that you are familiar with traditional networking models and standards,(i.e., the Open Systems Interconnection (OSI) model, and the 802.1d, 802.3, and 802.5 standards).

This manual is written from a Motif windowing environment perspective. If you are using another interface (i.e. OpenLook), screens and mouse functionality will vary according to the interface being used.

Tip:Tip:ÿþýüûúýùø÷öýõûôóþýøòñýðïöòýîóòñûíìýóòìôøëëöñýûòýüûúêýìüìôöéèýüûúýçøòýìíóôçùý�öôíööòýíóòñûíóò�ýìüìôöéìýúìóò�ýôùöýOIT_LOOK <environment variable> �ýîóòñûíóò�ýöò÷óêûòéöòôý÷øêóø�ëöìýøêö�ýõð�ÿ�ýûêýð��îÿ��ý�ùöýçûééøòñýúìöñýþûêýôùöýçìùýóìýsetenv OIT_LOOK <environment variable> �ý�ùöýçûééøòñýþûêýôùöý�ìùýóìýexport OIT_LOOK=<environment variable> �

Preface


Using This ManualThis manual is divided into four sections:

Introduction - This section provides an overview of VLANs and their benefits, describes how SPECTRUM supports VLANs, and discusses VLAN Fault Isolation concepts and views.

Using VLAN Fault Isolation - This section provides task oriented information which is required to successfully use VLAN Fault Isolation.

Theory of Operations - This section provides information about how VLAN Fault isolation works and how it is integrated into existing SPECTRUM functionality.

VLAN Terminology - This section defines the VLAN terms used in this guide as well as other common VLAN terms.

Viewing and Printing this DocumentTo view and print the SPECTRUM VLAN Fault Isolation User’s Guide, you need Adobe™ Acrobat™ Reader 3.0. For your convenience, a copy of Adobe Acrobat Reader 3.0 is included on the SPECTRUM CD. The startup file for Adobe Acrobat Reader 3.0, acroread, is located in the Acrobat/bin subdirectory of your installation area.

With Adobe Acrobat Reader 3.0 on your system, you can access this guide:

From the docs directory on the CD-ROM by starting up Adobe Acrobat Reader 3.0 and selecting File ? Open from the menu. (If you are a SPECTRUM user, Adobe Acrobat Reader 3.0 is installed during the SPECTRUM installation process.)

From the SPECTRUM Help menu, since this guide is installed as an integral part of SPECTRUM. This document is also available in PDF format on Aprisma’s Virtual Networking web site at http://www.aprisma.com/support/manuals.

Preface


Related Documentation

802.1Q VLAN Manager User’s Guide

SecureFast VLAN Manager User’s Guide

Cisco VLAN Director User’s Guide

SPECTRUM Integrated VLAN Manager Management Module User’s Guide

Getting Started with SPECTRUM for Administrators

SPECTRUM Modeling with the GnSNMPDev Toolkit

SPECTRUM AutoDiscovery User’s Guide

Questions about SPECTRUM Documentation

Send your questions, comments or suggestions regarding SPECTRUM documentation to the Technical Communications Department directly via the following internet address:

[email protected]

Note:Note:

You can access all related documentation listed in this section with the exception of the Cisco VLAN Director User’s Guide at http://www.cabletron.com/support/manuals.


Introduction

This section provides an overview of VLANs and their benefits, describes howSPECTRUM supports VLANs, and discusses VLAN Fault Isolation concepts andviews.

VLAN OverviewNormally, bridges and switches do not filter LAN broadcast traffic; in general, they replicate it on all ports. Virtual LAN (VLAN) enabled switches segment the network into logically defined work groups. Broadcast traffic from servers and end-stations in a particular VLAN is replicated only on those ports connected to end-stations belonging to that VLAN. Broadcast traffic is blocked from ports with no end-points belonging to that VLAN, creating the same type of broadcast containment that routers provide.

A Virtual LAN is a logical Layer 2 broadcast domain. It is a logical segmentation of the network, whereas bridges and switches provide a physical segmentation of the network.

Figure 1 shows two VLAN domains connected by a router. Two VLANs are also shown. The Red VLAN consists of workstations B and C. The Blue VLAN contains workstations A and D as well as the SpectroSERVER.

In troduct ion


Figure 1: VLAN Domains

It may not be obvious from the Figure 1, but the router is not only required in order for traffic to pass from one domain to the other, but is also necessary to pass traffic from one VLAN to the other, even if the VLANs are in the same domain. This is because VLANs do not normally share user information, so communication between users in different VLANs is not possible, unless a router, which has been configured as a member of all VLANs, is used.

Types of VLANsMost VLAN implementations are vendor specific. Within these proprietary schemes, there are several methods used to determine VLAN membership; by port, by MAC address, by protocol, by IP multicast address, by policy, or a combination of these methods. None of the proprietary methods has been adopted as the industry standard which prevents interoperability between devices of different origin.

IEEE 802.1Q defines an industry standard implementation for specification for port-based VLANs. Currently, many manufacturers are implementing some support for this standard, so customers can migrate to and take advantage of the benefits of interoperability. However, not to disregard current customer deployment of VLANs, SPECTRUM support of

A

SFS Network

B

SW1

SW2

SW3

1

1

3

3

Domain

C

SFS Network

D

SW1

SW2

SW3

1

1

3

3

Domain

In troduct ion


VLANs includes standard IEEE 802.1Q, Cabletron pre-standard 802.1Q, Cisco ISL, and Cabletron SecureFast.

Benefits of VLANsVLANs simplify the process of adds, moves, and changes that result when caused by end users moving from one place on the network to another place on the network. These types of changes require reconfiguring a user’s workstation and often involve a trip to the wiring closet. Tools have been developed to assist administrators in configuring and deplaying VLANs across the entire switching fabric reducing the cost of handling user moves, and allowing for a more dynamic workgroup-based organizational environment by removing most of the physical contraints associated with network user moves.

VLANs allow an administrator to strategically control the amount of broadcast and multicast traffic on the switched fabric. This enables a higher level of performance and scaleability over traditional bridged and routed networks. VLAN membership is extremely dynamic and flexible further enhancing an administrators control over the network. An end-station can belong to multiple VLANs.

VLANs can be created that provide virtual private networks. For example, if the owner of a building who has completely wired the building for networking subleases parts of the building to different tenants, the traffic from one tenant should not interfere with the traffic from another tenant. To accomplish this, each tenant is placed in its own VLAN, thereby completely separating network traffic. VLANs offer a significantly less expensive solution to private networks of this type by using a single physical network which can be partitioned into logically separate segments rather than having each tenant wire and support their own network.

In troduct ionSPECTRUM and VLANs


SPECTRUM and VLANsSPECTRUM support for 802.1Q, Cisco ISL, and Cabletron SecureFast VLANs consists of the following:

• Identify, model, and display Layer 2 connectivity among switches and routers, as inferred from analysis of forwarding and spanning tree tables.

• Identify, model, and display key logical topology entities such as Domains, VLANs, VLAN trunks, and users (end-stations).

• Represent and display the relationship of the logical entities to one another, including their relationship to connected routers.

• Visualize the relationship between physical and logical topologies.• Diagnose faults within (and between) the physical and logical

topologies of VLAN networks and provide alarms and probable causes for detected faults.

Building 1

Finance

Building 2

SmartSwitch 6000 SmartSwitch 6000

Finance Finance

R & D R & D R & D

Finance Finance Finance

R & D R & D R & D

SmartSwitch A SmartSwitch B

High Speed Link



• Minimize the number of false alarms generated.

Beyond the Bounds of StandardsSPECTRUM modeling mainly relies on the content of switch forwarding tables to determine VLAN membership. SPECTRUM does not rely on any rules governing the entry method into the forwarding tables, the creation and definition of VLANs may be vendor specific.

Device DiscoveryAutoDiscovery fully resolves connectivity between switches by examining the MIBs associated with the Cisco Discovery Protocol, the Cabletron Discovery Protocol, Cabletron’s SecureFast Protocol. During this process, AutoDiscovery identifies all switches in the network and then creates a model for each one. Additionally, AutoDiscovery resolves connectivity down to the port level. Each device is related to all of its ports, and in turn, all ports are related to the entities to which they are connected. Once the environment has been fully scanned, a complete physical topology will be modeled and mapped.

ConfigurationOne of SPECTRUM Enterprise Manager’s goals is to continue to become more modular without giving up seamless integration. As a result, SPECTRUM relies on vendor supplied configuration tools to manage VLANs. Cabletron’s 802.1Q VLAN Manager is recommended to manage 802.1Q VLANs. Cisco’s VLAN Director is recommended for managing Cisco ISL VLANs. Cabletron’s SecureFast VLAN manager is recommended to manage SecureFast VLANs.

SecureFast VLAN Management ModuleIn addition to SecureFast VLAN Manager, an Integrated VLAN Management Module for SPECTRUM is available. Its purpose is to provide a mechanism for starting, stopping, and accessing the SecureFast



VLANServer and the SecureFast VLAN Client Application (VLAN Manager). VLAN Management is achieved using VLAN Manager.

Dynamic Adaptive ModelingSPECTRUM has the ability to query devices to understand the type of services they support. Since this technology is a core SPECTRUM feature, it does not rely on the presence of a specific management module. Even if a device is modeled using the default SNMP Device Model, the functionality required to understand the services supported by the device still applies.

During the modeling process, device models are created for switches and routers that support 802.1Q, Cisco ISL, or Cabletron SecureFast VLANs. DAM then creates application models for each device depending on the protocol the device is running. Other SPECTRUM inference handlers will identify, model (or associate), and display the:

• Entities that represent Domains and VLANs• Ports that belong to each VLAN.• Blocked switch ports that result from the Spanning Tree algorithm.• Routers, switches, and links that connect the VLANs and Domains

together.• End-stations that are members of each VLAN.• Trunk links that exist between switches.• Alarm condition on Domains, VLANs, links, switches, and routers.• The SpectroSERVER and the VLAN in which it resides.

VLAN Fault IsolationSPECTRUM VLAN Fault Isolation extends SPECTRUM’s fault isolation capability into VLAN environments. Without SPECTRUM VLAN Fault Isolation, SPECTRUM’s fault isolation intelligence relies strictly on physical connectivity to determine the data path from the SpectroSERVER to each managed device. When the SpectroSERVER fails to contact any device, that device’s physical neighbors are checked. If the neighbors can be contacted, SPECTRUM assumes the device to be at

In troduct ionVLAN Faul t Isolat ion Views


fault. If the neighbors cannot be contacted, SPECTRUM looks for a fault elsewhere.

In a VLAN environment, the management path cannot always be determined by physical connectivity between switches. In some cases, communication between two users on the same switch must traverse several switches and a router. In these cases, a router configuration problem or a router hardware malfunction could prevent communication between the users, even though the users may be connected to different ports on the same switch. When a router failure is detected, SPECTRUM generates a Red (lost contact) alarm on the router model, and writes Gray (suppressed) to the condition value of affected user (end-station) models. You can display status, symptom, probable cause, and recommended action information associated with the alarm by clicking the Probable Cause tab while running Alarm Manager.

SPECTRUM VLAN Fault Isolation enhances SPECTRUM modeling to represent a logical VLAN topology, and adds intelligence that uses this modeling to pinpoint VLAN domain faults such as router failures.

Alarms in VLAN DomainsIn the VLAN views, the condition of the Domain, VLANs, switches, and routers follow the standard SPECTRUM roll-up idiom. For example, Domain and VLANs will be GREEN if all switches are green (i.e., all switches and end-stations are reachable from the SpectroSERVER). If the SpectroSERVER narrows the fault down to a router, VLANs and Domains that are not reachable, will be GRAY and no alarms will be generated for any of their switches or end-stations. On the other hand, if the routers are determined to be operating normally, further analysis will pinpoint the failing device(s). Core inference handlers provide the roll-up condition for VLAN and Domain containers.

VLAN Fault Isolation ViewsVLAN Fault Isolation views provide useful troubleshooting information so that you can quickly identify and resolve VLAN related problems.



The VLAN Fault Isolation Topology View (Figure 2) provides accurate logical topology representations of VLAN domains within a network and identifies faulty domain devices. It contains standard SPECTRUM topology view components as well as Spanning Tree overlays. Spanning Tree overlays show trunk connections between switches. Spanning Tree prevents looping on the network so if redundant paths exist between switches, Spanning Tree designates one path as the primary path and the other path as the backup path. The primary path between two switches is shown with solid bolded pipes. The backup path between two switches is shown with hashes through the pipe.

Figure 2: VLAN Fault Isolation Topology View

SpectroGRAPH: Topology: 192.168.92.0

192.168.92.0 of type LAN of landscape sugar: Primary

192.168.92.1

SSR-8600

Host_NT

192.168.92.46

192.168.170.77

192.168.92

192.168.170.77

192.168.170.21

192.168.170.77

192.168.170.21

192.168.170.77

192.168.170.21

192.168.170.77

192.168.170.21

192.168.170.77

192.168.170.21

File View Tools Bookmarks Help

192.168.170.21

192.168.170.21

192.168.170.21

192.168.170.21

192.168.92.36

6H262-18



The VLAN List view (Figure 3) displays a list of all VLANs in a domain and provides access to additional views and functions as described below.

• User View - Provides information about the users with membership in the selected VLAN. Refer to User View.

• Port View - Provides information about ports with membership in the selected VLAN. Traffic can only be forwarded out ports with membership in a VLAN. Refer to Port View.

• Options - Lets you specify how frequently SPECTRUM will read the switch tables in order to determine port VLAN membership and to specify the path to your VLAN configuration tool. Refer to Options.

• ID/Find - Lets you search for a particular VLAN by VLAN ID or VLAN name. Refer to Using the VLAN Find Feature.

• Apply - Applies the selected VLAN topology overlay (some VLAN technologies offer multiple spanning trees).

• Close - Dismisses the VLAN List View and removes Spanning Tree overlays from the VLAN Topology View.



Figure 3: VLAN List

VLAN List - 192.168.92.0

ID Name

User View Port View

ID

Apply Close Options

Find

4412233

bluedefaultredgreen


Using VLAN Fault Isolation

This section provides task oriented information which is required to successfully useVLAN Fault Isolation.

Preparing to Use VLAN Fault IsolationYou must set up your VLAN domain and model the devices contained in the domain before you can use VLAN Fault Isolation.

Set Up VLAN DomainsSpecific VLAN domain set up instructions are not provided in this guide since each network has its own set of unique requirements, however, each VLAN domain should consist of a set of VLAN-aware switches bounded by a routing device such as a router. Once you have made the physical connections for the VLAN domains on your network, download the appropriate firmware to the switches, and then use local management to set the switches to run in VLAN mode.

In addition, the following suggestions are made to help you realize the full benefits of a VLAN network.

• Set every end-station’s mask to the natural mask.• Set every end-station’s default gateway to point to itself.• Enable proxy-arp on all VLAN-aware routers.

Note:Note:

All switches in a VLAN domain must of the same type. For example, mixing Cabletron 802.1Q pre-standard, Cabletron 802.1Q IETF, Cabletron SecureFast, and Cisco ISL switches in the same domain is not permitted; however, mixing multi-vendor 802.1Q IETF compliant switches in the same domain is permitted.

Using VLAN Faul t Iso lat ionPrepar ing to Use VLAN Faul t Isolat ion


Create VLANsUse your VLAN configuration tool to create VLANs for each VLAN domain on your network. If a domain consists of Cabletron 802.1Q switches, use Cabletron’s VLAN Manager. If the domain consists of Cabletron SecureFast switches, use Aprisma’s SPECTRUM VLAN Manager. If a domain consists of Cisco ISL switches, use Cisco’s Cisco Director. In all cases, a switch’s local management can be used to create VLANs, however, this can be very time intensive.

Model VLAN Domain(s)There are two methods you can use to create models for devices in a VLAN domain, using AutoDiscovery to model the devices and manually modeling the devices.

AutoDiscoveryYou can use SPECTRUM’s AutoDiscovery feature to create models for the devices in a VLAN domain.

Manual ModelingIf you prefer, you can manually create models for the devices in a VLAN domain manually by selecting Edit > New Model or Edit > New Model by IP while in edit mode.

Refer to Getting Started With SPECTRUM for Administrators for modeling instructions.

Note:Note:

Each routing device that bounds a VLAN domain must be configured to be a member of all VLANs in the domain.

Note:Note:

All switches in a VLAN domain must use the same protocol, either 802.1Q, SecureFast, or ISL. You cannot mix and match the three technologies.

Using VLAN Faul t Iso lat ionIsolat ing VLAN Faul ts


Manually Editing Topology ViewsIf the information SPECTRUM uses during the modeling process is either lacking or misleading, the logical and physical representation of the network may be inaccurate. If this occurs, it may be necessary for you to make manual adjustments to topology views. To do this:

Collect all switches, that are part of the same Domain, into the same topology view. This is done by copying and pasting the switch models from the various subviews into a Network or other topological container.

Make sure that each switch is directly connected to all of its physical neighbors. This is done by entering the DevTop view of each switch to see if its ports are connected to the correct devices. If there is a problem with a port, cut the incorrect device from the port and then paste the correct device onto the port.

Isolating VLAN FaultsSPECTRUM automatically isolates VLAN faults. When a VLAN fault is detected, an alarm is generated on the failing device. You can display status, symptom, probable cause, and recommended action infomation associated with the alarm by clicking the Probable Cause tab while running Alarm Manager. Refer to xx for infomation

Note:Note:

VLAN Fault Isolation will work as long as the switches are connected properly, even if they are not all in the same container; however, to take advantage of the Spanning Tree overlays and other views, we recommend placing all switches in a domain into the same container.

Note:Note:

To correctly establish physical connectivity between two devices, the ports of each device must reference each other. For example, id device A (port 1) is connected to device B (port 4), you would have to enter device A’s DevTop to paste B into its port 1, and then enter device B’s DevTop to paste A into its port 4.

Using VLAN Faul t Iso lat ionUsing the VLAN List View


Using the VLAN List ViewYou use the VLAN List View (Figure 3) to select a VLAN, to display the User and Port Views, and to set VLAN configuration options.

User ViewThe User View provides read-only Name, IP, Condition, Switch IP, and Switch Port information about the users in the selected VLAN. Users are endpoint devices modeled in SPECTRUM that are connected to a VLAN switch port.

To display the User View for a particular VLAN, select a VLAN from the VLAN list and then click User View. You can use the VLAN filter to quickly find a particular VLAN. Refer to Using the VLAN Find Feature. Close dismisses the User View.

Figure 4: User View

UserView - blue

IPName

Name

Close

Find

192.168.92.36192.168.92.46192.168.92.47192.168.92.55192.168.92.56

Condition

SuppressedSuppressedSuppressedSuppressedSuppressed

Switch IP

192.168.92.35192.168.92.35192.168.92.35192.168.92.34192.168.92.34

Switch Port

1111013

192.168.92.36192.168.92.46192.168.92.47192.168.92.55192.168.92.56



• Name - User’s name

• IP - User’s IP address

• Condition - Contact Lost, Major, Minor, Initial, Maintenance, Suppressed

• Contact Lost - Contact with the device has been lost.

• Major - A loss of service has occurred and immediate action is required.

• Minor - A situation has occurred but no immediate action is required. This condition is also used for alarms created only to convey information such as “Duplicate IP”.

• Initial - Contact with the device has not yet been established.

• Maintenance - Device has been taken off-line for maintenance purposes.

• Suppressed - Device cannot be reached due to a known error condition that exists on another device.

• Switch IP - Switch to which user is connected.

• Switch Port - Physical port to which the user is connected.

Port ViewThe Port View provides read-only Name, IP, Interface, Trunking, and State information about the ports in the selected VLAN. To display the Port View for a particular VLAN, select a VLAN from the VLAN list and then click Port View. You can use the VLAN filter to quickly find a particular VLAN. Refer to Using the VLAN Find Feature on Page 27. Close dismisses the User View.



Figure 5: Port View

• Name - Name of the switch port.

• IP - IP address of the switch.

• Interface - Port number.

• Trunking - ‘on’ or ‘off’. Trunking refer to a connection between 802.1Q switches that passes only traffic with a VLAN ID inserted in the frame. By default, a port designated as a 1Q trunk has all VLANs in its egress (forwarding) list and is configured to transmit all frames as tagged. A 1Q Trunk port drops all incoming frames that are not tagged.

• State - Disabled, Listening, Learning, Forwaring, Blocking.

• Disabled - Management disabled this interface. No traffic is received or forwarded while the interface is disabled.

• Listening - The switch is not adding information associated with this interface into its database. The switch is monitoring traffic while preparing to move from the learning to the forwarding state.

PortView - blue

IPName

Name

Close

Find

192.168.92.34_1192.168.92.34_10192.168.92.34_11192.168.92.34_12192.168.92.34_13192.168.92.34_14192.168.92.34_15192.168.92.34_2192.168.92.34_9192.168.92.35_1192.168.92.35_13192.168.92.35_14

Interface

11011121314152911314

Trunking

nononononononononoyesnono

State

ForwardingForwardingForwardingForwardingForwardingForwardingForwardingForwardingForwardingForwardingForwardingForwarding

192.168.92.34192.168.92.34192.168.92.34192.168.92.34192.168.92.34192.168.92.34192.168.92.34192.168.92.34192.168.92.34192.168.92.35192.168.92.35192.168.92.35



• Learning - The switch is learning addresses on this interface. The switch enters the learning state when the switch’s database is created (during start-up or after being deleted), or when the Spanning Tree Algorithm detects a network topology change.

• Forwarding - The switch is operating and this interface is frowarding traffic.

• Blocking - This interface will not forward any traffic through the switch because a loop condition has been detected by the Spanning Tree Algorithm.

OptionsYou use the Options View (Figure 6) to:

• Specify how often SPECTRUM reads switch tables to determine port VLAN membership

• Read the switch tables immediately.

• Specify the path to your VLAN configuration tool

• Launch a VLAN configuration tool.

• To close the view, select Close from the File menu.



Figure 6: Options View

Specifying the SPECTRUM VLAN ModelingConfiguration IntervalTo specify the time interval (in minutes) that SPECTRUM will read the VLAN information from the switches to determine port VLAN membership, enter a value in the SPECTRUM VLAN Modeling Configuration Interval text field. The following values are recommeded:

• 10 - 15 minutes for highly dynamic environments in which servers and/or workstations are modeled.

• 60 minutes for more static environments.

Note:Note:

A value of zero (0) means that no reading of the switch tables will take place.

SpectroGRAPH: 192.168.92.0

192.168.92.0 of type LAN of landscape sugar: Primary

File View Tools Bookmarks Help

VLAN Domain Options

SPECTRUM VLAN Modeling Configuration Interval (in minutes)

External VLAN Configuration Application

60

Reconfigure Now

Launch VLAN Config Tool



Reading Switch Tables ImmediatelyClick Reconfigure Now to immediately read the switch tables to determine current VLAN membership.

Specifying the VLAN Configuration Tool PathEnter the name of the script/executable of your VLAN configuration tool into the External VLAN Configuration Tool text field. If the script/executable is in the system PATH, SPECTRUM will find it. If the script/executable is not in the PATH, enter the full path.

Launching the VLAN Configuration ToolTo launch your VLAN configuration tool click Launch VLAN Config Tool.

Using the VLAN Find FeatureUse the find feature to search for and find a particular VLAN. You can search by VLAN Name or VLAN IP Address.

To use the find feature:

1 Select NameNameNameName or IP IP IP IP from the search criteria pop-up list.

2 Click anywhere in the text box to the right of the search criteria pop-up list, and then, depending on the criteria you selected, enter a VLAN Name or a VLAN IP address.

Note:Note:

• Configure 802.1Q pre-standard and IETF VLAN domains using Cabletron’s VLAN Manager.

• Configure SecureFast domains using Cabletron’s SecureFast VLAN Manager.

• Configure ISL domains using Cisco’s VLAN Director.

Note:Note:

A VLAN configuration tool cannot be launched until a valid path to the tool is entered into the External VLAN Configuration Tool text field.



3 Click FindFindFindFind to find the VLAN that matches your search criteria.


Theory of Operations

This section provides information about how VLAN Fault isolation works and how it isintegrated into existing SPECTRUM functionality.

VLAN Fault Isolation OperationsThe flowchart shown in Figure 7 shows the process used by SPECTRUM to isolate VLAN faults. The following description may help to understand the process.

Once the VLAN membership of users (a user being a device model in SPECTRUM), has been fully modeled, SPECTRUM has the information necessary to fault isolate the VLAN environment. When the SpectroSERVER looses contact with a device, the first question that needs to be answered is “Is the device in the same VLAN as the SpectroSERVER?”

This can easily be answered by reading the vContains relation to see if the VNM model is associated with the same VLAN model as the device. This is done by querying the vLanContains relation twice, one with the VNM model (on the right side of the association), and then again with the device (on the right side of the association. If the VNM and the device are in the same VLAN, traditional SPECTRUM fault isolation is used. Otherwise, the logical neighbors of the lost device are queried.

The logical neighbors are found by reading the vlsBoundBy relation with the VLAN model of the device on the left. All router models that bound the VLAN are considered logical neighbors of all the VLAN’s members. These neighbors are queried by sending the model the ARE_YOU_DOWN action. If any of the neighbors respond “yes”, then the device icon is turned Gray. If all logical neighbors are up, traditional SPECTRUM fault isolation is used.

Theory of Operat ions


Figure 7: VLAN Fault Isolation

Can theSS contact

all the logicalneighbors (routers) inthe path to the faulty

device?

Device isunreachable

Is the faultydevice in a differentVLAN than the SS?

Can the SS contactany physical neighbor

to the faulty device?Turn device GRAY

Turn device RED

Standard Physical Fault Isolation

Yes

Yes

No

No

No

Yes


VLAN Terminology

This section contains definitions for commonly used VLAN Fault Isolation and VLAN(802.1Q, SecureFast, ISL) terms as well as definitions for other common networkrelated terms.

1Q trunk1Q trunk1Q trunk1Q trunk

A connection between 802.1Q switches that passes only traffic with a VLAN Tag Header inserted in the frame.

1d trunk1d trunk1d trunk1d trunk

A connection from a switch that passes only untagged traffic.

802.1Q

The IEEE standard that defines port based VLANs.

access portaccess portaccess portaccess port

A port on a VLAN switch that has been designated for user (end-system) connections.

aliasaliasaliasalias

A way of identifying a user by something other than its MAC address, for example, by IP or IPX address.

Automatic Membership Registration (AMR)Automatic Membership Registration (AMR)Automatic Membership Registration (AMR)Automatic Membership Registration (AMR)

A SecureFast VLAN Manager feature that dynamically creates VLANs, joins endpoints to those VLANs, and floods packets to those VLANs according to the set of criteria rules.

Base VLANBase VLANBase VLANBase VLAN

VLAN that all endpoints in a domain have membership in until administratively moved to another VLAN.

VLAN Terminology


binderybinderybinderybindery

A database that contains a complete collection of related information.

broadcastbroadcastbroadcastbroadcast

Data sent from one endpoint to all other network endpoints (point-to-multipoint communications).

community namecommunity namecommunity namecommunity name - Defines security communities to which an SNMP agent is permitted access to a device and establishes Read/ReadWrite privileges.

Current Table (dot1qVlanCurrentTable)Current Table (dot1qVlanCurrentTable)Current Table (dot1qVlanCurrentTable)Current Table (dot1qVlanCurrentTable)A map of VLAN IDs to a port egress list and a filtering database so that non-unicast and unicast packets can be forwarded appropriately.

default gatewaydefault gatewaydefault gatewaydefault gateway - The switch port configured to service connection requests to subnets not serviced by the switches in a domain.

default VLANdefault VLANdefault VLANdefault VLAN

The VLAN assigned to be the default VLAN for a port. All endpoints connecting to a port will assume membership in the default VLAN for that port. For 802.1Q VLANs, the default VLAN has a VLAN ID of 1.

directorydirectorydirectorydirectory

A set of data about all users in a domain. Typically, the directory contains such entries as the user’s physical address, the switch and port to which the user is connected, and the network type, and the user’s name.

discoverdiscoverdiscoverdiscover

Process used to find switches and users contained in a VLAN domain.

daemondaemondaemondaemon

A software program that generally performs a single task and is executed only when it is needed.

VLAN Terminology


domaindomaindomaindomainA set of VLAN switches that are physically connected together and bounded by a router. A domain identifies the potential physical reach of a VLAN. It also provides scope for the VLAN IDs.

Domain Name Server (DNS)Domain Name Server (DNS)Domain Name Server (DNS)Domain Name Server (DNS)

A protocol used to provide mappings between host names and IP addresses.

dynamic filtering entriesdynamic filtering entriesdynamic filtering entriesdynamic filtering entriesEntries that have been learned through correspondence with other switch devices via GVRP. After an agent restart, these entries will have to be relearned.

egress list (dot1qVlanCurrentEgressPorts)egress list (dot1qVlanCurrentEgressPorts)egress list (dot1qVlanCurrentEgressPorts)egress list (dot1qVlanCurrentEgressPorts)A per port list of all eligible 802.1Q VLANs that can be forwarded out one specific port and the frame format of transmissions for that port. The egress list specifies what 802.1Q VLANs are associated with a single port for transmission purposes.

endpointendpointendpointendpoint

A device attached directly to a switch’s network user port (e.g., workstation, PC, or router).

filtering database (Filtering Identifier - FID)filtering database (Filtering Identifier - FID)filtering database (Filtering Identifier - FID)filtering database (Filtering Identifier - FID)A table inside a switch that determines which ports unicast packets are forwarded to. The FID is similar to the Source Address table of a traditional bridge.

floodingfloodingfloodingflooding

A method used by SecureFast switches so that, if the switch fails to resolve the destination address for a packet to a host or a VLAN, the packet is transmitted out all the switch’s ports except the port the packet was received on.

forwarding listforwarding listforwarding listforwarding list

VLAN Terminology


A list of ports on a particular device that are eligible to transmit frames for a selected 802.1Q VLAN. The forwarding list identifies what ports are associated with a single 802.1Q VLAN for transmission purposes.

folderfolderfolderfolder

A virtual container used to group users. There are two levels of folders. The first level groups different VLAN types (e.g., VLAN, AMR). The second level groups users of the same type (e.g., inherited, static).

Graphical User Interface (GUI)Graphical User Interface (GUI)Graphical User Interface (GUI)Graphical User Interface (GUI)

An interface that allows a user to select a menu item by using a mouse to point to a graphic icon or piece of text. This is an alternative to the more traditional command line interface, where an alphanumeric string is used to convey instructions. GUIs make computer applications easier to use for humans (i.e., user friendly).

hubhubhubhub

The center of a star topology network or cabling system in which a multi-node network topology has a central multiplexor with many nodes feeding into and through the multiplexor or hub. The other nodes do not usually directly interconnect.

Independent VLAN Learning (IVL)Independent VLAN Learning (IVL)Independent VLAN Learning (IVL)Independent VLAN Learning (IVL)The configuration and operation of the learning process and the filtering database such that, for a given set of VLANs, if a given individual MAC address is learnt in one VLAN, that learnt information is not used in forwarding decisions taken for that address relative to any other VLAN in the given set.

Internet Protocol (IP)Internet Protocol (IP)Internet Protocol (IP)Internet Protocol (IP)

One of a collection of communication protocols which has become the de facto solution for open networking.

IP addressIP addressIP addressIP address

VLAN Terminology


A 32-bit address divided into two fields: a network-identifier and a host-identifier. The network-identifier refers to a particular physical network in an Internet, and the host-identifier refers to a particular device attached to that physical network.

IP MulticastIP MulticastIP MulticastIP Multicast

A SecureFast VLAN Manager feature that automatically creates IP Multicast groups for each IP Multicast address heard by the switches in a SFS domain. This feature lets you perform many IP Multicast administrative tasks including adding or removing receivers from an IP Multicast group and setting security for switches and ports associated with IP Multicast groups.

LEC failoverLEC failoverLEC failoverLEC failover - A mechanism that lets you create multiple instances of an ELAN. Backup ELANs or “failovers” protect against communication loss if a primary ELAN fails. LEC failover is a proprietary feature of FORE Systems. Failover ELANs are created and configured using your FORE LANE Services tool.

legacy networklegacy networklegacy networklegacy network

Traditional router and bridge LANs, using Ethernet, Token Ring, or FDDI.

Logical Fault Isolation (LFI)Logical Fault Isolation (LFI)Logical Fault Isolation (LFI)Logical Fault Isolation (LFI)A process used to determine faults by examining logically connected neighbors of a device along the path from the SpectroSERVER to the faulty device. The path usually has a least one router.

MACMACMACMAC

Media access connection of the data link layer.

multicastmulticastmulticastmulticast

Data sent from one endpoint to a group of other network endpoints (point-to-multipoint communications).

VLAN Terminology


OSI modelOSI modelOSI modelOSI model

A seven layer model that defines the rules for transferring information from one endpoint to another. The seven layers are defined below.

(1) Physical Layer -(1) Physical Layer -(1) Physical Layer -(1) Physical Layer - Responsible for the transmission of bit streams across a particular physical transmission medium. It involves a connection between two endpoints allowing electrical signals to be exchanged between them.

(2) Data Link Layer -(2) Data Link Layer -(2) Data Link Layer -(2) Data Link Layer - Responsible for moving information across a particular link. Across that link, it ensures good transmission and correct delivery by checking errors, retransmitting as necessary, and attaching appropriate addresses to the data sent. The contention access methods (e.g., CSMA/CD, and Token Passing) are regarded as Layer 2 activities.

(3) Network Layer -(3) Network Layer -(3) Network Layer -(3) Network Layer - Concerned with routing data from one network to another. It is responsible for establishing, maintaining, and terminating the network connection between two users and for transferring data along that connection. Although there can be only one network connection between two given users, there can be many possible routes from which to choose when the particular connection is established.

(4) Transport Layer -(4) Transport Layer -(4) Transport Layer -(4) Transport Layer - Responsible for providing data transfer between two users at an agreed level of quality. When a connection is established, this layer is responsible for selecting a particular class of service to be used, for monitoring transmissions to ensure the appropriate service quality is maintained, and for notifying the users if it is not.

(5) Session Layer -(5) Session Layer -(5) Session Layer -(5) Session Layer - Focuses on providing services used to organize and synchronize the dialog that takes place between users and to manage the data exchange. A primary concern of the session layer is controlling when users can send and receive concurrently or alternately.

VLAN Terminology


(6) Presentation Layer -(6) Presentation Layer -(6) Presentation Layer -(6) Presentation Layer - Responsible for the presentation of information in a way that is meaningful to the network users. This may include character code transmission, data conversion, or data compression and expansion.

(7) Application Layer -(7) Application Layer -(7) Application Layer -(7) Application Layer - Provides a means for application processes to access the system interconnection facilities in order to exchange information. This includes services used to establish and terminate the connections between users and to monitor and manage the systems being interconnected, as well as the various resources they employ.

Local Area Network (LAN)Local Area Network (LAN)Local Area Network (LAN)Local Area Network (LAN)

A data communications network that can cover a limited area of up to about six miles in radius with moderate to high data speeds. The devices linked by a LAN may all be in the same building or in a group of buildings in relatively close proximity. It is user-owned and does not run over leased lines, although it might have gateways to public and/or private networks.

MAC addressMAC addressMAC addressMAC address

Physical address for a given device.

multicastmulticastmulticastmulticast

Data sent from one endpoint to multiple network endpoints (point-to-multipoint communications).

network portnetwork portnetwork portnetwork port

A port on a VLAN switch that has been designated for network connections.

packetpacketpacketpacket

A unit of data consisting of several fields. Packets may be of fixed lengths or varying lengths.

VLAN Terminology


Physical Fault Isolation (PFI)A process used to determine faults by examining the physically connected neighbors of a device.

pollpollpollpoll

Periodic collection of specific information from a network device which is being managed by VLAN Manager.

port restrictionport restrictionport restrictionport restriction

Restriction placed on a port which allows only specified MAC addresses to be connected to the port.

port tableport tableport tableport table

Each Cisco chassis maintains a vlanPortTable. whose entries specify VLAN membership for each port on the module. Additionally, each entry in the table indicates whether the port is trunking or not.

port violationport violationport violationport violation

Heard when a MAC address not specified for a restricted port is discovered on that port.

Port VLAN ID (PVID) Port VLAN ID (PVID) Port VLAN ID (PVID) Port VLAN ID (PVID)

An identification that encompasses a particular switch port’s identification and that port’s VLAN membership.

preferencepreferencepreferencepreference

A client/UI setting about what data to display and how to display to. For example, display ToolTips or display the Topology view at 50% zoom.

processdprocessdprocessdprocessd

A process launching and tracking daemon that provides the VLANServer with the ability to control various processes that are run on various servers and clients in a distributed VLANServer environment.

propertypropertypropertyproperty

VLAN Terminology


An attribute of an object which is being managed. For example, setting a multicast port’s query interval.

provisionprovisionprovisionprovision

To configure a connection manually.

redundant access portredundant access portredundant access portredundant access port

Let you configure endpoints within a VLAN domain to be connected to more than one switch access port (one active, the others in standby).

repeaterrepeaterrepeaterrepeater

In a LAN, this is a device that repeats a signal from one cable to the next, thereby, increasing the reach of a LAN signal. In FDDI, a repeater is an opto-electrical module that receives an optical signal and converts it into an electrical equivalent of the optical signal.

routerrouterrouterrouter

Unlike bridges, routers operate at the Network level (Layer 3) of the OSI model. Also unlike bridges, routers are protocol specific, acting on routing information carried by the communications protocol in the Network layer. Bridges pass Layer 2 (Data Link) packets directly on to the next segment of a LAN, whereas routers can use the information they have about the network topology to choose the best route for a packet. Because routers are Layer 3 devices, they are independent of the Physical (Layer 1) level.

seed switchseed switchseed switchseed switch

The switch identified to VLAN Manager as the starting point for the domain discovery process.

shared linkshared linkshared linkshared link

Connections between switches where each switch can hear more than one neighbor switch.

VLAN Terminology


Shared VLAN Learning (SVL)Shared VLAN Learning (SVL)Shared VLAN Learning (SVL)Shared VLAN Learning (SVL)The configuration and operation of the learning process and the filtering database such that, for a given set of VLANs, if a given individual MAC address is learnt in one VLAN, that learnt information is used in forwarding decisions taken for that address relative to any other VLAN in the given set.

Simple Network Management Protocol (SNMP)Simple Network Management Protocol (SNMP)Simple Network Management Protocol (SNMP)Simple Network Management Protocol (SNMP)

A application protocol providing network management within the Internet suite of Protocols.

static filtering entriesstatic filtering entriesstatic filtering entriesstatic filtering entriesEntries created by an administrator. Static filtering entries persist after the agent has restarted.

stack-MIB

Contains main VLAN group (vlanGrp) for all Cisco devices supporting VLANs.

VLANVLANVLANVLAN

A set of ports in a domain with the same VLAN ID, including the users attached to those ports. It represents a broadcast domain.

VLAN Fault Isolation (VFI)VLAN Fault Isolation (VFI)VLAN Fault Isolation (VFI)VLAN Fault Isolation (VFI)A process which uses PFI and LFI to determine faults in networks partitioned into 802.1Q VLANs, Cisco ISL VLANs, and SecureFast VLANs.

VLAN ID (VID)

A unique numerical identifier for a VLAN within a VLAN domain. The VID is used to identify what VLAN a packet is assigned to so that switches and routers can forward the packet out correct ports.

VLAN Table

Specifies the existence of VLANs (vlanIndex), including specific information about the interface/port (vlanIfIndex) membership.

Index Index


Index

AAdobe Acrobat Reader 7autodiscovery 13

Bbroadcast 32

Ccreating VLANs 20

Ddaemon 38device discovery 13Dynamic Adaptive Modeling 14

Eediting topology views 21endpoint 33

Fflooding 33

GGraphical User Interface 34

IInternet Packet Exchange 35Internet Protocol 34IP address 34isolating VLAN faults 21

Llaunching the configuration tool 27Legacy Network 35Local Area Network 37

MMAC 35MAC address 37modeling a VLAN domain 20multicast 35

NNetwork Port 37

Index Index


OOSI model 35

Ppacket 37printing this document 7

Qquestions about this document 8

Rreading switch tables 27related documentation 8repeater 39Restricted Rights Notice 3router 39

Sseed switch 39setting up VLAN domains 19Simple Network Management

Protocol 40smart hub 34specify modeling configuration

interval 26specifying configuration tool path 27

Ttrademarks 2

UUser Port 31using the list view 22using this document 7using VLAN find 27

Vviewing this document 7VLAN

domain alarms 15fault isolation 14overview 9SecureFast 13types 10

VLAN Fault Isolationisolating faults 21list view 22

options view 25port view 23user view 22

operation 29preparation 19views 15

Documents

VLAN Fault Isolation User's Guide (9033543)ehealth-spectrum.ca.com/support/secure/products/Spectrum...VLAN Fault Isolation Page 3 Restricted Rights Notice (Applicable to licenses to