1
2
3
Console cables - The console cables are not interchangeable between Brocade and Cisco. Each vendor provides their console cable with each manageable unit it sells. Passwords - Neither Cisco or Brocade have a default password for their systems. If a password is lost, Brocade switches allow the passwords to be reset if there is physical access to the unit and a console port connection. Telnet Server - On a Brocade switch/router, the Telnet server is enabled by default. Like the system password, there is no default value. On Cisco devices the Telnet server must be enabled through a VTY line. HTTP server - The HTTP server on a Brocade switch/router is enabled by default. However, it can only be accessed in read-only mode until a read-write password is configured. The default state of the HTTP server on Cisco devices is platform dependent. SSH - Secure Shell (SSH v2) access is available, but disabled by default on both Brocade and Cisco switches and routers. SNMP - On Brocade switches and routers, SNMP v1/v2c read-only access is enabled by default with a community string of public. Read-write access is only permitted when an RW community string is manually configured. Brocade supports SNMP versions 1, 2c and 3. The status of SNMP access on Cisco devices is platform specific. When SNMP read-only access is enabled by default, the RO community string is cisco. 4
Enable Password - Both Brocade and Cisco use the enable command to access privileged mode and neither have a default password. Telnet Password - On Brocade devices Telnet is enabled by default with no password. The password is configured with the enable telnet password <password> command. On Cisco devices Telnet is disabled by default and requires the configuration of VTY lines and an enable password. Password Encryption - On Brocade layer 3 switches, all passwords are encrypted in the running-config and startup-config files by default. Encryption can be disabled with the no service password-encryption command. On Cisco devices, all passwords are unencrypted by default. 5
Levels of CLI Access - Brocade layer 3 switches provide 3 levels of CLI access: Super-user This user has unlimited access to all levels of the CLI. This level is generally reserved for system administration. The super user is also the only user that can assign a password access level to another user Port-config This user has the ability to configure interface parameters only. The user can also use the show commands Read-only A user with this password level is able to use only the show commands. No configuration is allowed with this access type Cisco switches allow four primary modes of access, with each mode allowing multiple l levels of capabilities. Access Security - Brocade layer 3 switches have the ability to specify specific IP addresses for stations allowed to access Telnet, HTTP and SNMP services. Additionally, administrators have the ability to use Access Control Lists (ACLs) to limit accessibility to these services. Cisco Layer 3 switches have separate areas in the running-config for VTY, auxiliary and console lines, as well as HTTP. Additionally, administrators have the ability to use Access Control Lists (ACLs) to limit accessibility to these services. ACLs for Access Security - Both Brocade and Cisco have the ability to use ACLs to control access to IP-related services. Brocade uses the access-group command to apply an ACL for Telnet/SSH and HTTP access. Cisco uses the access-class command to apply an ACL for VTY, SSH and HTTP access. Authentication, Authorization, and Accounting (AAA) - Both Brocade and Cisco support the use of AAA. Each supports the use of local logins, local username/passwords, TACACS/TACACS+, and RADIUS for AAA. 6
7
Navigation - Both Brocade and Cisco use a very similar command structure for management and configuration. Each switch/router starts in user mode, where a limited set of commands are available. These primarily consist of show commands and testing tools, for example ping and traceroute. The next level is privileged, or enable mode. At this level administrators are allowed to view more system settings than user mode and can also manipulate the switch or routers boot parameters or reset the unit. Configuration mode is where administrators are allowed to define the functionality of the device. Here is where IP addresses are assigned, protocols are configured and security policies are applied. Help - Both Brocade and Cisco offer a very similar context sensitive help menu: Typing a? at the prompt will provide a list of available commands Typing a character, or string of characters, followed by a? will provide a list of commands matching those characters For example: BRCD(config)# q? qos qos-tos Quality of service commands IPv4 ToS based QoS settings quit Exit to User levell 8
show, clear, and debug Commands - These commands operate in a very similar manner between Brocade and Cisco. The show command (with necessary arguments) displays output related to device configuration and operation. Brocade allows show commands to be executed in configuration mode. Cisco does not allow this functionality; show commands can only be executed in User and Privileged modes. The clear command allows you clear statistical information relating to interfaces, protocols and security. The debug command shows advanced level output related to how the switch/router is processing and handling traffic. File System - Brocade devices do not contain a FAT file system for managing files. The flash on Brocade switch/router is divided in primarily into 4 locations: Primary image location This is the default image location for booting the switch Brocade to Cisco Comparisons Secondary image location This is an alternate image location and can be explicitly used for booting if necessary Boot image location This area of flash is where the bootstrap code is located Startup-config Similar to Cisco, this is where the operational configuration of the switch/router is saved so configurations can be restored after a reboot Cisco layer 3 switches use IOS File System (IFS), a DOS-type file system for managing files. TFTP Backup - The commands for transferring files to/from an external TFTP server are very similar between Brocade and Cisco. The differences are based on the fact that there is not FAT file system on Brocade switches and routers. Copying an image file from an TFTP server to the flash: BRCD# copy tftp flash 192.22.33.4 test.img secondary CSCO# copy tftp flash 192.22.33.4 test.img test.img Copying an image from flash to a TCTP server BRCD# copy flash tftp 192.22.33.4 test.img secondary CSCO# copy flash tftp test.img 192.22.33.4 test.img 9
Configuration Files - Both Brocade and Cisco use the startup-config and running-config operation. The startup-config is the file referenced when the system boots. The runningconfig contains the current operational parameters of the switch/router. In order to maintain the current configuration across reboots, the contents of the running-config must be copied to the startup-config file. Saving Configuration Files - On a brocade switch/router, the write memory command copies the contents of the running-config to the startup-config file in flash. On a Brocade device this command can be executed at any level, including configuration mode. Cisco offers two ways of saving the current configuration: write memory This command works identically as the Brocade equivalent. However, on a Cisco switch/router using IOS 12.2 or earlier, this command can only be run from privileged (or enable) mode copy running-config startup-config This command is equivalent to the write memory command and contains the same restrictions in it s usage Delayed Reload - Both Brocade and Cisco support the ability delay a switch reload. Brocade accomplishes this with the reload after <dd:hh:mm> command. On a Cisco switch you can delay a reload with the reload at <hh:mm> [month day] command. 10
Default Port Type - Ports on layer 3 switches can be defined as one of two types; switch ports or router ports. A switch port is an interface that is part of an OSI layer 2 switched/broadcast domain where traffic is forwarded to/from other switch ports within the same broadcast domain. A router port is an interface that is a separate broadcast domain and traffic can only be routed, or forwarded at layer 3. The default port type on a Brocade device is dependant on which product family it is a member of. The default behavior for interfaces on all FastIron and ServerIron devices is a switch port. On NetIron devices, the default behavior is a router port. In all cases the port type can be changed to fit the need of the device in any network topology. Link Aggregation (Trunking) - Both Brocade and Cisco support static trunks (EtherChannel for Cisco) and dynamic trunks (802.3ad standard for both). Cisco also supports PAgP, a proprietary trunking standard developed by Cisco. 11
Router Ports - On both Brocade and Cisco, a default port type of switch can be modified to behave as a router interface. Brocade uses the route-only command to accomplish this. The route-only command be enabled globally, affecting all interfaces, or on individual interfaces. On a Cisco layer 3 switch, the no switchport command is used on each interface you want to change to a routed. IP Addressing - When configuring IP addresses on Cisco and Brocade switches and routers the subnet mask can be entered using IP s dotted-decimal notation. For example: BRCD(config-if-e100-1)# ip address 192.168.30.1 255.255.255.0 Additionally, on Brocade devices IP subnet masks can be assigned with CIDR notation. Cisco does not support this method of subnet mask specification. For example: BRCD(config-if-e100-1)# ip address 192.168.30.1/24 Multinet Support - Brocade supports multinetting (assigning multiple IP addresses to the same interface) and it is enabled by default. Cisco supports multinetting but it is not enabled by default. On Cisco devices, sub- interfaces must be configured to support multiple IP addresses on a single interface. 12
Footnote 1: The above example is for NetIron family of switches. In the future, all product will use this configuration method. Examples provided in this course are for ALL product families unless specifically called out with a footnote. Note: The Brocade example above uses the concept of port members and one primary port. The primary port and its configuration are used to apply identical setting to all member ports. Any changes to ports in the lag are performed on the primary port and all member ports will inherit them. In the Cisco example, ports are assigned to a channel-group, then configurations are performed on the port-channel interface. 13
Footnote 1: The above example is for the FastIron and ServerIron families. In the future, all families will follow the configuration method described for the NetIron family described in the previous slide. Examples provided in this course are for ALL product families unless specifically called out with a footnote. Note: In the Brocade example above, ports are grouped together using the trunk command. After the trunk is deployed, all changes to interface members of the trunk must be performed on the interface with the lowest port number. This is similar to the primary port concept explained on the previous slide. In the Cisco example, ports are assigned to a channel-group, then configurations are performed on the port-channel interface. 14
Footnote 1: The above example is for NetIron family of switches. In the future, all product will use this configuration method. Examples provided in this course are for ALL product families unless specifically called out with a footnote. Note: The Brocade example above uses the concept of port members and one primary port. The primary port and its configuration are used to apply identical setting to all member ports. Any changes to ports in the lag are performed on the primary port and all member ports will inherit them. In the Cisco example, ports are assigned to a channel-group, then configurations are performed on the port-channel interface. 15
Footnote 1: The above example is for FastIron and ServerIron families. In the future, all families will follow the configuration method for the NetIron family described in the previous slide. Examples provided in this course are for ALL product families unless specifically called out with a footnote. Note - In the Brocade example above, ports are grouped together using the linkaggregate command. From this point, all changes to interface members of the trunk must be performed on the interface with the lowest port number. This is similar to the primary port concept explained on the previous slide. In the Cisco example, ports are assigned to a channel-group, then configurations are performed on the port-channel interface. 16
Footnote 1: On a Cisco layer 2 switch it is possible to configure multiple IP interfaces. For example an IP address can configured on each VLAN. However, it is only possible to configure one default gateway IP address. The result of this is that each configured IP address can only be reached from it s respective VLAN, and only one VLAN is capable of being accessed from a remote network. Default VLAN - On both Brocade and Cisco layer 3 switches, all ports are in VLAN1 by default. VLAN Database - Cisco uses a LAN database (vlan.dat) for management of all configured VLANs. Brocade does not keep a separate database for VLAN configurations. Management IP Address - On Brocade layer 2 switches, the management IP address is configured globally and is accessible from any configured VLAN, by default. On Cisco layer 2 switches, IP addresses can be configured on any configured VLAN and are only accessible from the assigned VLAN. Additionally, Cisco layer 2 switches can have IP addresses assigned on all configured VLANs, but can only have one globally assigned default gateway for routed management connectivity. 17
Port/VLAN Assignments - On Brocade switches, interfaces are assigned to VLANs as either tagged or untagged ports. On Cisco switches, VLANs are assigned to interfaces as trunk or access ports. Examples for both switches are shown on the following slides. Tagged Ports - On a Brocade switch, VLANs must be explicitly assigned to 802.1Q tagged ports. On a Cisco switch, all VLANs are assigned to 802.1Q tagged ports (trunk) by default. Dual Mode (Native VLAN) - Both Brocade and Cisco support the ability to assign a VLAN for forwarding of untagged frames on an 802.1Q tagged interface. Brocade calls this type of interface a Dual Mode port, while Cisco calls it the Native VLAN. 18
In both examples above, interfaces 1/13 and 1/14 are configured as untagged members of VLAN 202. Cisco uses the term access to define this type of VLAN membership. Note in the Brocade example the interface is assigned under the VLAN configuration. While in the Cisco example the VLAN is assigned under the interface configuration. 19
In both examples above, interfaces 1/13 and 1/14 are configured as 802.1Q tagged members of VLAN 20. Cisco uses the term trunk to define an interface that has 802.1Q enabled. Note in the Brocade example the interface is assigned under the VLAN configuration. While in the Cisco example the VLAN is assigned under the interface configuration. 20
In the examples above, VLANs 10 and 20 are created on each switch. Also on each switch, the 1/13 interface is configured as an 802.1Q tagged interface. In the final step, interface 1/13 will accept frames without an 802.1Q tag and place the traffic in VLAN 10. Additionally, all VLAN 10 traffic which egresses interface 1/13 will have any 802.1Q tags removed. Note on the Brocade switch the interface must be explicitly tagged in each VLAN and the dual-mode command is applied to the interface to permit the handling of untagged frames. 21
VLAN Routing - On Brocade switches, a routing interface (VE) must be created to allow layer 3 routing from a VLAN. The VE is created under the VLAN. Layer 3 addressing is then configured under a VE interface. On Cisco switches, a VLAN interface is created when the VLAN is configured. Layer 3 addressing is assigned at the VLAN interface. Examples for both switches are shown on the following slides. 22
In the example above, VLANs 20 and 30 are created and each is assigned an IP address. On the Brocade switch, the IP address is assigned to the VE interface which was created under the VLAN configuration. On the Cisco switch the VLAN interface was created when the VLAN itself was created. 23
Default Spanning Tree Protocol (STP) State - The default state for Brocade varies depending one which image type is running. If the switch is running layer 2 switch code, Spanning Tree is enabled by default. If the switch is running layer 3 code, Spanning Tree is disabled by default. On all Cisco switches, Spanning Tree is enabled by default. Default STP Version - Both Brocade and Cisco run 802.1D Spanning Tree by default. Default STP Application - Both Brocade and Cisco run an instance of Spanning Tree for each VLAN created on the switch. Fast Edge Convergence - Both Brocade and Cisco have functionality to allow fast convergence at edge ports for Spanning Tree. On Brocade switches the feature is called Fast Port Mode and is enabled by default. Cisco s feature is called Portfast and is disabled by default. 802.1w (RSTP) - Both Brocade and Cisco support the 802.1w Rapid Spanning Tree Protocol. On Brocade switches this feature is configured explicitly and separately from 802.1D STP. On Cisco switches this feature uses the existing 802.1D STP configuration and is enabled globally on the switch. (Example on following slide) 24
25
Footnote 1: The comparisons provided are between the referred, most commonly configured, router redundancy protocols; VRRPE (Brocade) and HSRP (Cisco). Standards-based Protocols - Both Brocade and Cisco layer 3 switches support the Virtual Router Redundancy Protocol (VRRP) as defined in RFC 2338. Proprietary Protocols - In addition to VRRP, Brocade also supports and extended version of VRRP, called VRRPE. VRRPE functions in a similar way to VRRP, but overcomes many of the limitations of the standards-based protocol. Cisco also provides alternatives to the standard-based protocol; Hot Standby Router Protocol (HSRP) and Gateway Load Balancing Protocol (GLBP). Preferred Redundancy Protocol - Both Brocade and Cisco recommend using a proprietary protocol in order to overcome the limitations of VRRP (RFC 2338). Configuration - On Brocade layer 3 switches, VRRPE must be enabled globally using the router vrrp-extended command. Once enabled, all VRRPE virtual interface parameters are configured under the IP interface. On Cisco switches, HSRP is enabled and configured under the IP interface. Track Port - Both Brocade and Cisco, using VRRPE and HSRP respectively, support the configuration of a track port. A track port allows the layer 3 switch to change how it participates in router redundancy based on the link state of another interface on the switch. Track Priority - Both Brocade and Cisco, using VRRPE and HSRP respectively, support the ability to adjust the priority of a virtual interface based on the status of the track port. Track Priority Usage - Both Brocade and Cisco, using VRRPE and HSRP respectively, will subtract the track priority value from the current priority value if the track port is down. 26
In the examples above, router redundancy is configured for the 172.16.30.0/24 network. The virtual IP address, typically the default gateway for hosts on the subnet, is 172.16.30.254. Each router has the priority set to 110 and have interface 2/1 configured as the track port. If the track port were to go down, the priority of the virtual IP address will decrement by 11, to now equal 99. The default priority for both protocols is 100. In this scenario, it could be assumed that each router would be the master until a track port failure. After decrementing the priority to 99, another router configured with the default values could take over a master. 27
Administrative distances, used to select which route source takes precedence, are identical on Brocade and Cisco layer 3 switches. The only exception is that Cisco also applies administrative distances to proprietary protocols. 28
Footnote 1: Protocols defined above are IPv4 routing protocols. The following IPv6 protocols are also supported on Brocade layer 3 switches: Routing Protocols - Both Brocade and Cisco support the following standards-based routing protocols: RIP (v1 and v2), OSPF v2, IS-IS and BGP v4. Cisco also supports a proprietary IP routing protocol called EIGRP. Enabling RIP - On both Brocade and Cisco layer 3 switches, routing protocols are enabled in global configuration mode with the router rip command. RIP Configuration - On both Brocade and Cisco layer 3 switches, RIP is enabled with the router rip command. By default both Brocade and Cisco use version 1 of the protocol. On Brocade devices, RIP messages are sent on interfaces where the RIP protocol is explicitly enabled. Additionally, a Brocade layer 3 switch will advertise all connected IP networks by default. On a Cisco layer 3 switch, a network statement must be configured to allow advertisement. Additionally, a Cisco device will, by default, send RIP updates on any IP interface matching a network statement. 29
Static routes can configured identically on Brocade and Cisco layer 3 switches. The only variation to this is the optional ability to use CIDR notation for the subnet mask on Brocade switches. In the example above, a static route is being configured with an administrative distance higher than EBGP, but lower than all other route sources. This static route will only be put into the routing table if there is no identical route learned from an EBGP peer. 30
On a Brocade layer 3 switch, all connected IP networks are advertised by default. RIP update messages are only exchanged on interfaces where the ip rip <version> command is configured. On a Cisco switch, IP networks are only advertised when a network <IP network> statement is added under the router rip configuration. In order to prevent the exchanging of RIP routes on an interface, the passive-interface <interface> command must be added under the router rip configuration. In both examples above, RIP messages are only exchanged on the 192.168.50.1 interface. The network advertisements will include the 172.16.31.0 network in updates (if up) but will not exchange RIP messages on the 172.16.31.1 interface. 31
OSPF Process ID - On Cisco layer 3 switches it is required to provide a process ID when enabling the protocol. This is not required on Brocade layer 3 switches. OSPF Interfaces - On a Brocade layer 3 switch, OSPF must be enabled globally and then enabled at each interface that is to exchange OSPF LSAs. On Cisco layer 3 switches a network statement is added under the router ospf <process ID> to allow the exchange of OSPF LSAs. Supported Area Types - Both Brocade and Cisco layer 3 switches support Stub, Totally Stubby and NSSA area types. Cisco layer 3 switches also support the Totally NSSA area type Passive Interfaces - Both Brocade and Cisco support the configuration of OSPF passive interfaces. Passive interfaces are OSPF enabled interfaces, however they do not exchange OSPF messages with neighbors on the interface Virtual Links - Both Brocade and Cisco support the ability to create virtual links. 32
In both examples above, OSPF is enabled on the 192.168.50.1 interface. This interface will attempt to establish a OSPF neighbor adjacency with another OSPF router. Using route redistribution, the 172.16.31.0 network will be advertised to any OSPF neighbors using an OSPF Type 5 external LSA. 33
Local AS - On Brocade layer 3 switches, the local AS number is defined with the localas <AS#> command under router bgp. On a Cisco layer 3 switch the local AS number is defined in the router bgp <AS#> statement. Defining BGP Neighbors - Both Brocade and Cisco define neighbors using the same command: neighbor <IP address> remote-as <AS#>. Advertising Prefixes - Both Brocade and Cisco use the same command to advertise network prefixes into BGP: network <network prefix> <subnet mask>. Note that on a Brocade layer 3 switch you can also use CIDR notation to define the subnet mask. For example: network 172.16.45.0/24 Weight Attribute - Both Brocade and Cisco support the weight attribute, which overrides all other BGP attributes for path selection. 34
In each example above: BGP is enabled on each router in AS# 10. Each has an EBGP neighbor (172.16.20.2) and an ibgp neighbor (192.168.20.2) configured. BGP messages to the ibgp peer will be sent using the router s Loopback1 interface. BGP prefixes advertised to the ibgp neighbor will have the next-hop attribute changed to this router s Loopback1 address. The 10.209.30.0/24 network will be originated and advertised to BGP peers. 35
Standard and Extended ACLs - On both Brocade and Cisco layer 3 switches, ACLs can be configured as standard or extended ACLs. A standard ACL permits or denies packets based on source IP address. An extended ACL permits or denies packets based on source and destination IP address and also based on IP protocol information. Numbered and Named ACLs - On Brocade layer 3 switches standard numbered ACLs have an idea of 1 99. Extended numbered ACLs are numbered 100 199. IDs for standard or extended ACLs can be a character string, these types of ACLs are called named ACLs (sometimes referred to as NACLs). On Cisco layer 3 switches standard numbered ACLs have an idea of 1 99 and 1300 1999. Extended numbered ACLs are numbered 100 199 and 2000 2699. IDs for standard or extended ACLs can be a character string, these types of ACLs are called named ACLs (sometimes referred to as NACLs). Mask Application - On Brocade layer 3 switches, the wildcard mask can be applied in dotted- decimal notation or in CIDR notation. In the case of CIDR notation, the bits represent the zeroes in the mask. On Cisco layer 3 switches, the wildcard mask can only be applied in dotted-decimal notation. ACL Application - On both Brocade and Cisco, ACLs can only be applied once per interface in each direction (in or out). Note: Numbered ed ACLs in the ranges of 1-99 and 101-199 can effectively ect e be copied directly from a Cisco layer 3 switch to a Brocade switch. Copying from Brocade to Cisco is not allowed due to the ability of the Brocade device to use CIDR notation. 36