n the previous posts focused on the topic of configuring Ruckus ICX Switches, we got the ICX 7150-C12P up and running and upgraded to the latest Layer 3 image.  In this post I want to start configuring it to act as a Layer 3 switch for my Ruckus laboratory environment.

If you are learning about Ruckus ICX Switches and their capabilities, I recommend reviewing the following useful documentation (along with everything else) available on the Ruckus support site:

• Command Reference Guide
• Layer 2 Switching Configuration Guide
• Layer 3 Routing Configuration Guide
• DHCP Configuration Guide

Configuring IP Addresses

The first thing I am going to need is an IP address on the ICX switch.  The ICX layer 3 switch firmware gives you the ability to define an IP Address on the following types of interfaces:

• Ethernet Ports
• Virtual Interfaces / Virtual Ethernet  (VE)
• Loopback interfaces
• GRE Tunnels

Ethernet Interfaces

You can assign an IP address directly to a specified Ethernet interface.  For example you can assign the address 10.0.0.1/24 to Ethernet interface 1/1/1 on the switch.  You can also load multiple IP addresses onto a given Ethernet interface.  This is useful in scenarios where you know exactly which Ethernet Interface the traffic will arrive on.  A good example of when to apply this configuration is if you are running a point to point link between two locations using a specific interface on either side of the link.

Example

As it turns out, this is exactly the kind of scenario I have in my home laboratory between the Ruckus ICX7150-C12P and the Internet NAT router!  Here is an example where I assign an IP address directly to uplink port 1/2/2 on the ICX7150 switch in my laboratory.

SSH@RobLab_7150_C12P_1#configure terminal
SSH@RobLab_7150_C12P_1(config)#interface ethernet 1/2/2 
SSH@RobLab_7150_C12P_1(config-if-e1000-1/2/2)#ip address 172.31.254.2/30
SSH@RobLab_7150_C12P_1(config-if-e1000-1/2/2)#exit
SSH@RobLab_7150_C12P_1(config)#write memory
Flash Memory Write (8192 bytes per dot)
. 
Write startup-config done. Copy Done. 
SSH@RobLab_7150_C12P_1(config)#

Virtual Interfaces

A virtual interface is the same as a “sub interface” on Cisco routers and is referred to as Virtual Ethernet or VE in Ruckus ICX nomenclature.  A virtual interface acts as the layer 3 interface to terminate VLAN tagged Ethernet traffic.  The advantage of this interface type over an Ethernet interface is that you can aggregate traffic entering the switch via multiple Ethernet interfaces.

Consider a scenario in which you have Layer 2 traffic tagged with VLAN 100 entering the Layer 3 switch. You want the Layer 3 switch to route that traffic to destinations on other subnets, but the traffic may enter through multiple ethernet interfaces.  The Layer 3 switch solves this scenario with a Virtual Interface that can be assigned to multiple Ethernet interfaces.

Maximum Virtual Interfaces

Be aware that your chosen switch model may have some limitations in terms of the number of Virtual Interfaces it can support. Consult the data sheet and configuration guides of your switch model and firmware releases to be certain of how many Virtual Interfaces (VEs) are supported.

Configuring a Virtual Interface

Management VLAN

The management VLAN exists to allow me to access all physical and virtual network components from a single location.  The Management VLAN will be exclusively enabled, untagged on Ethernet interface 1/1/12.  The management VLAN will be assigned to

RobLab_7150_C12P_1>enable 
User Name:<user> 
Password: 
RobLab_7150_C12P_1#conf t 
RobLab_7150_C12P_1(config)#vlan 101 name MGMT 
RobLab_7150_C12P_1(config-vlan-100)#untagged ethernet 1/1/12 
Added untagged port(s) ethe 1/1/12 to port-vlan 101. 
RobLab_7150_C12P_1(config-vlan-100)#router-interface ve 2 
RobLab_7150_C12P_1(config-vlan-100)#interface ve 2 
RobLab_7150_C12P_1(config-vif-2)#ip address 172.31.255.1/24 
RobLab_7150_C12P_1(config-vif-2)#write memory 
Flash Memory Write (8192 bytes per dot)  
. 
Write startup-config done. 
Copy Done. 
RobLab_7150_C12P_1(config-vif-2)#exit 
RobLab_7150_C12P_1(config)#exit 
RobLab_7150_C12P_1#

x86 Hosts VLAN

The x86_Hosts VLAN (VLAN 100) will be exclusively enabled, untagged on ethernet interfaces 1/1/1 to 1/1/6.  The x86 Hosts VLAN will be assigned to router-interface ve 1 with IP address 172.31.0.1/24.  This will allow me to gain direct access to the switch CLI should anything go wrong with my Management VLAN.

RobLab_7150_C12P_1>enable
User Name:<user>
Password:
RobLab_7150_C12P_1#conf t
RobLab_7150_C12P_1(config)#vlan 100 name x86_Hosts
RobLab_7150_C12P_1(config-vlan-100)#untagged ethernet 1/1/1 to 1/1/6
Added untagged port(s) ethe 1/1/1 to 1/1/6 to port-vlan 100.
RobLab_7150_C12P_1(config-vlan-100)#router-interface ve 1
RobLab_7150_C12P_1(config-vlan-100)#interface ve 1
RobLab_7150_C12P_1(config-vif-1)#ip address 172.31.0.1/24
RobLab_7150_C12P_1(config-vif-1)#write memory
Flash Memory Write (8192 bytes per dot) 
.
Write startup-config done.
Copy Done.
RobLab_7150_C12P_1(config-vif-1)#exit
RobLab_7150_C12P_1(config)#exit
RobLab_7150_C12P_1#

Additional VLANs

Additional VLANs will be enabled on the switch to provide Layer 2 services on an as needed basis in my testing.  These will include VLANs for Access Points and Client Subnets.  These VLANs will simply allow the traffic to pass through to the routers in the virtual lab.

Loopback Interfaces & GRE Interfaces

I am rather conspicuously not talking about configuring these interfaces at this point in time.  But I believe the topic will come up in a later post.  If you cannot wait, I strongly recommend reading the Ruckus ICX Layer 3 Routing Configuration Guide.

Configuring DHCP

I will require a DHCP server in the Management VLAN that provides addresses to clients as they connect.  I also want this DHCP server to work on the out of band management port, just in case my access via WLAN fails or using a cable is faster!

Let me start by saying there is a ton you can do with this DHCP server and the DHCP capabilities in the switch.  The below configuration is truly trivial.

RobLab_7150_C12P_1#conf t
RobLab_7150_C12P_1(config)#ip dhcp-server enable
RobLab_7150_C12P_1(config)#ip dhcp-server pool mgmt_1      
RobLab_7150_C12P_1(config-dhcp-mgmt_1)#network 172.31.255.0/24
RobLab_7150_C12P_1(config-dhcp-mgmt_1)#dhcp-default-router 172.31.255.1
RobLab_7150_C12P_1(config-dhcp-mgmt_1)#dns-server 172.31.255.1
RobLab_7150_C12P_1(config-dhcp-mgmt_1)#excluded-address 172.31.255.1 172.31.255.99
RobLab_7150_C12P_1(config-dhcp-mgmt_1)#lease 0 6 0
RobLab_7150_C12P_1(config-dhcp-mgmt_1)#deploy      
RobLab_7150_C12P_1(config)#ip dhcp-server server-identifier 172.31.255.1
RobLab_7150_C12P_1(config)#write memory

Note: If you ever change the DHCP pool config, remember to issue the DEPLOY command again, otherwise the DHCP address pool will simply remain in a “pending” state after your changes!

Useful Commands

Here are some useful commands to check the status of the DHCP server and the address pools.

SSH@RobLab_7150_C12P_1#show ip dhcp-server        
  address-pools   Display all address pools
  binding         Display DHCP lease-binding database
  flash           Displays the lease-binding database stored in flash memory
  summary         Displays the DHCP servers statistics 
---
SSH@RobLab_7150_C12P_1#show ip dhcp-server summary       
DHCP Server Summary:
                    Total number of active leases:  2
           Total number of deployed address-pools:  1
         Total number of undeployed address-pools:  0
                                    Server uptime:  04d:09h:32m:16s
---
SSH@RobLab_7150_C12P_1#show ip dhcp-server address-pools 
Showing all address pool(s):
                    Pool Name:  mgmt_1
 Time elapsed since last save:  00d:00h:29m:34s
Total number of active leases:  2
           Address Pool State:  active
        IP Address Exclusions:  172.31.255.1 172.31.255.99
      Pool Configured Options:
          dhcp-default-router:  172.31.255.1
                   dns-server:  10.0.0.254  8.8.8.8 
                        lease:  0 6 0
                      network:  172.31.255.0 255.255.255.0
---
SSH@RobLab_7150_C12P_1#show ip dhcp-server binding       
Bindings from all pools:
        IP Address    Client-ID/        Lease expiration Type
                      Hardware address
    172.31.255.100    c0d0.1274.2590   000d:05h:58m:15s   Automatic
    172.31.255.101    48d7.05be.758d   000d:05h:59m:24s   Automatic
SSH@RobLab_7150_C12P_1#

Routing Between Subnets

To provide Internet access for the subnets I have configured above, I must provide a default route to the internet.  Internet access in the laboratory is provided by a Mikrotik router (172.31.254.1) connected to the Ethernet Interface 1/2/2 on the ICX7150 switch.

Ruckus ICX switches have a feature called Integrated Switch Routing (ISR), which allows routing traffic between virtual interfaces in the switch without the need for an external router.  You don’t (shouldn’t) need to do anything to enable this feature.  You do, however, have to configure routes to reach external entities using either static or dynamic routing protocols.  Thus far I am sticking to static routing protocols.

Setting a Default Route

RobLab_7150_C12P_1#conf t RobLab_7150_C12P_1(config)#
SSH@RobLab_7150_C12P_1(config)#ip route 0.0.0.0/0 172.31.254.1   
SSH@RobLab_7150_C12P_1(config)#write memory
Flash Memory Write (8192 bytes per dot) 
.
Write startup-config done.
Copy Done.
SSH@RobLab_7150_C12P_1(config)#exit
SSH@RobLab_7150_C12P_1#

About Management Access

On the Ruckus ICX layer 3 switch you can use any one of the configured IP addresses on the switch for management access to the switch.  I can access the switch over ssh via 172.31.0.1, 172.31.255.1 and 172.31.254.2.  I will discuss hardening the switch configuration in a later post.

Quick Summary Config

Here is the current running config of the switch (also the config startup!) to summarize what we have done so far.

SSH@RobLab_7150_C12P_1#show run
Current configuration:
!
ver 08.0.61T213
!
stack unit 1
  module 1 icx7150-c12-poe-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-2-sfp-plus-port-20g-module
!
...
vlan 1 name DEFAULT-VLAN by port
!
vlan 100 name x86_Hosts by port
 untagged ethe 1/1/1 to 1/1/6 
 router-interface ve 1
!
vlan 101 name MGMT by port
 tagged ethe 1/1/12 
 router-interface ve 2
!
...
aaa authentication enable default local
aaa authentication login default local
aaa authentication login privilege-mode
hostname RobLab_7150_C12P_1
ip dhcp-server enable
ip dhcp-server server-identifier 172.31.255.1
!
ip dhcp-server pool mgmt_1
 dhcp-default-router 172.31.255.1 
 dns-server 172.31.255.1 
 excluded-address 172.31.255.1 172.31.255.99
 lease 0 6 0                                                      
 network 172.31.255.0 255.255.255.0
 deploy
!
ip route 0.0.0.0/0 172.31.254.1
!
username <user> password .....
!
...
interface ethernet 1/2/2
 ip address 172.31.254.2 255.255.255.252
!
interface ve 1
 ip address 172.31.0.1 255.255.255.0
!
interface ve 2
 ip address 172.31.255.1 255.255.255.0
!
...
ip ssh  key-exchange-method dh-group14-sha1 
!
!
end
SSH@RobLab_7150_C12P_1#

 

–

Brocade

About

Brocade Communications Systems, Inc. is an American technology company specializing in data and storage networking products. Originally known for its leadership in Fibre Channel storage networks, the company has expanded its focus to include a wide range of products for New IP and Third platform technologies.

Brocade was founded in August 1995, by Seth Neiman (a venture capitalist, a former executive from Sun Microsystems and a professional auto racer), Kumar Malavalli (a co-author of the Fibre Channel specification).

The company’s first product, SilkWorm, which was a Fibre Channel Switch, was released in early 1997. A second generation of switches was announced in 1999.

On January 14, 2013, Brocade named Lloyd Carney as new chief executive Officer.

Brocade FC Switch have so many models with the port variations, the details are below

List of Brocade FC switches

Work flow for zoning activity

The Platform team will inform you that they are going to provision a new server in the environment and requests you to give the free port details on the switches which are exists in the data center.

Once you share the information to Platform team, they co-ordinate with the Data center guys to lay the cables between the server and switch. (Already the storage ports or tape library are connected to the switch).

After laying the cables, Platform team will requests you to check the connectivity and they shares the server HBA WWPN to verify with the connected one.

Physical cabling between Server and storage through Switch with Single path

Physical cabling between Server and storage through Switch with Multipath

Zoning can be done in 7 simple steps, the pictorial diagram is as follows.

Steps to perform zoning

Zoning steps:-

1. Identify the WWPN of Server HBA and Storage HBA.

2. Create Alias of server and storage HBA’s.

     Alicreate

3. Create zones for server and storage by using the command

     Zonecreate

4. We need to check whether active configurations is present or not by using the command.

      Cfgactvshow

5. If an active configuration already exits we just need to add the zone to this, by using the command.

     Cfgactvadd

6. If not there we need to create new active configuration by using the command.

      Cfgcreate

7. Save it and enable it.

Please find the example for zoning,

alicreate “ser ver_hba”,”11:11:11:11:11:11:11:11″

alicreate “storage_hba”,”22:22:22:22:22:22:22:22″

zonecreate “server_hba-storage_hba”,” ser ver_hba; storage_hba “

cfgcreate “cfg_switch1″,” server_hba-storage_hba “

cfgenable ” cfg_switch1″

cfgsave

Brocade switches uses both web and CLI, the table below displays some but not all the CLI commands.

help	prints available commands
switchdisabled	disable the switch
switchenable	enable the switch
licensehelp	license commands
diaghelp	diagnostic commands
configure	change switch parameters (BB credits, etc)
diagshow	POST results since last boot
routehelp	routing commands
switchshow	display switch show (normally first command to run to obtain switch configuration)
supportshow	full detailed switch info
portshow	display port info
nsshow	namesever contents
nsallshow	NS for full fabric
fabricshow	Fabric information
version	firmware code revision
reboot	full reboot with POST
fastboot	reboot without POST

B-Series (Brocade) zoning commands are detailed in the below table

zonecreate (zone)	create a zone
zoneshow	shows defined and effective zones and configurations
zoneadd	adds a member to a zone
zoneremove	removes a member from a zone
zonedelete	delete a zone
cfgcreate (zoneset)	create a zoneset configuration
cfgadd	adds a zone to a zone configuration
cfgshow	display the zoning information
cfgenable	enable a zone set
cfgsave	saves defined config to all switches in fabric across reboots
cfgremove	removes a zone from a zone configuration
cfgdelete	deletes a zone from a zone configuration
cfgclear	clears all zoning information (must disable the effective config first)
cfgdisable	disables the effective zone set

B-series creating a zone commands

Creating zone by WWN	zonecreate “zone1”, “20:00:00:e0:69:40:07:08 ; 50:06:04:82:b8:90:c1:8d”
Create a zone configuration	cfgcreate “test_cfg”, “zone1 ; zone2”
saving the zone configuration	cfgsave (this will save across reboots)
enable the zone configuration	cfgenable “test_cfg”
saving the zone configuration	cfgsave
view zoning information	zoneshow or cfgshow

aliAdd   Add a member to a zone alias

aliCopy   Copy a zone alias

aliCreate  Create a zone alias

aliDelete  Delete a zone alias

aliRemove  Remove a member from a zone alias

aliRename  Rename a zone alias

aliShow   Print zone alias information

cfgAdd   Add a member to a configuration

cfgCopy   Copy a zone configuration

cfgCreate  Create a zone configuration

cfgDelete  Delete a zone configuration

cfgRemove  Remove a member from a configuration

cfgRename  Rename a zone configuration

cfgShow   Print zone configuration information

zoneAdd   Add a member to a zone

zoneCopy  Copy a zone

zoneCreate  Create a zone

zoneDelete  Delete a zone

zoneRemove  Remove a member from a zone

zoneRename  Rename a zone

zoneShow  Print zone information

cfgClear  Clear all zone configurations

cfgDisable  Disable a zone configuration

cfgEnable  Enable a zone configuration

cfgSave   Save zone configurations in flash

cfgSize   Print size details of zone database

cfgActvShow  Print effective zone configuration

cfgTransAbort  Abort zone configuration transaction

Below is a list of useful Brocade CLI commands that I keep at my desk for reference.  They’re divided up into categories for Zoning, Show, Port, Time/Date, License, Banner, Password, SNMP, User Config, Firmware, and Miscellaneous.

Zoning Commands

alicreate “Name”, “domain,port#”	Used to create an alias
alicreate “Name”,”portname1; portname2″	To create multiple ports under a single alias
alidelete “Name”	To delete an alias
aliadd “Name”, “domain,port#”	To add additional ports to an alias
aliremove “Name”, “domain,port#”	To remove a port from the alias
alishow “AliName”	To show the alias configuration on the switch
zonecreate “Zone Name”, “alias1; alias2″	To create zones based on alias
zonedelete “ZoneName”	To delete a zone
zoneadd “ZoneName”, “alias name”	To add additional alias into the zone
zoneremove “ZoneName”, “alias name”	To remove an alias from the zone
zoneshow “zoneName”	To show the zone configuration information
cfgcreate “Configname”, “Zone1; Zone2″	To create configurations by adding in zones
cfgdelete “ConfigName”	To delete a configuration
cfgadd “ConfigName”, “Zone3″	To add additional zones in the configuration
cfgremove “ConfigName”, “Zone3″	To remove a zone from the configuration
cfgshow “ConfigName”	To show the details of that configuration
cfgenable “ConfigName”	To enable a configuration on the switch
cfgsave	To have the effective configuration to be written into the flash memory

Show Commands

psshow	Displays the status of the power supply
fansshow	Displays the status of the fans
tempshow	Displays the status of the temperature readings
sensorshow	Displays the status of the sensor readings
nsshow	Displays information in the name server
nsshow -t	Displays information in the name server
nsshow -r	Displays the information in the name server along with the state change registration details
nscamshow	Displays detailed information of all the devices connected to all the switches in the fabric (Remote Name Servers)
nsallshow	Displays the 24 bit address of all devices that are in the fabric
licenseshow	Displays all the licenses that have been added in the switch
date	Displays the current date set on the switch
bannershow	Displays the banner that will appear when logging in using the CLI or web tools
httpcfgshow	Displays the JAVA version the switch expects at the management console
switchname	Displays the name of the switch
fabricshow	Displays information of all the switches in the fabric
userconfig –show -a	Displays the account information like role , description , password exp date , locked status
switchstatusshow	Displays the overall status of the switch
switchstatuspolicyshow	Displays policy set for the switch regarding Marginal(Yellow) or Down(Red) error status
portshow	To show the port status
portcfgshow	Displays the speed set for all ports on all slots and other detailed port information
configshow fabric.ops	Displays the parameters of the switch. Ensure all switches in a fabric have the same parameters in order to communicate
configshow fabric.ops.pidFormat	Displays the PID set for a switch Core , Native or Extended edge
switchuptime OR uptime	Displays the uptime for the switch
firmwareshow	Displays the firmware on the switch
version	Displays the current firmware version on the switch
hashow	Displays the status of local and remote CP’s. High availability , heartbeat and synchronization

Port Settings

portcfgshow	Displays the port settings
portcfg rscnsupr [slot/port] –enable	A registered state change registration is suppressed when a state change occurs on the port
portcfg rscnsupr [slot/port] –disable	A registered state change registration is sent when a state change occurs on the port
portname	To assign a name for a port
portdisable	To disable a port or slot
portenable	To enable a port or slot
portcfgpersistentdisable	To disable a port , status would not change even after rebooting the switch
portcfgpersistentenable	To enable a port , status would not change even after rebooting the switch
portshow	To show the port status
portcfgspeed ,	To set speed for a port#te – 0:auto negotiated 1,2,4 Gbit/sec , 1 : 1Gbit/sec , 2 : 2 Gbit/sec , 4 : 4Gbit/sec
switchcfgspeed	To set speed for all the ports on the switch Note – 0:auto negotiated 1,2,4 Gbit/sec , 1 : 1Gbit/sec , 2 : 2 Gbit/sec , 4 : 4Gbit/sec
portcfgshow	Displays the speed set for all ports on all slots and other detailed port information
portcfgdefault	To set the port settings to default
portcfglongdistance	To set the long distance mode . Default is L0(Normal), as per distance will display LE <=10 kms , L0.5 <=25kms , L1 <=50 kms, L2<=100kms , LD=auto , LS = Static
portcfgeport	Used to disable a port from being a E port

Time and Date Settings

date	Displays the current date set on the switch
tsclockserver 10.10.1.1	Instruction for the principal switch to synchronize time with the NTP server (specify the  ip address of the NTP server)
tsclockserver LOCL	Instruction to stop NTP server synchronization (Local time of the switch)
date mmddhhmmyy	To set the time of the switch when the NTP server synchronization is cancelled
tstimezone -5	To set the time zone for individual switches

License Commands

licenseshow	Displays all the licenses that are added in the switch
licenseadd	To add a new license to the switch
licenseremove	To remove a license from the switch
licenseidshow	Based on Switch WWN

Banner Commands

bannershow	Displays the banner that will appear when logging in using the CLI or web tools
bannerset	To set the banner which will appear when logging in using the CLI or web tools
bannerset “”	To remove the bannerset (two quotes)

Password commands

passwd	To change the password for that particular login
passwdcfg –set -lowercase 3 uppercase 1 -digits 2 -punctuation 2 -minlength 10 -history 3	To set the password rules
passwdcfg –set -minpasswordage 1	To set the minimum password age in Days
passwdcfg –set -maxpasswordage 30	To set the maximum password age in Days
passwdcfg –set -warning 23	To set a warning for the expiration Days remaining
passwdcfg –set -lockoutthreshold 5	To set the account lockout thresh hold
passwdcfg –set -lockoutduration 30	To set the account lockout duration in Minutes
passwdcfg –setdefault	To restore the password policy to Factory settings (min length – 8, history -1 , lockoutduration – 30)

SNMP Commands

snmpconfig	snmpconfig for 5.0 above fos
agtcfgset	snmp config for fos below 5.0
snmpmibcapset	for choosing the MIB’s for the snmp settings

User Configuration

userconfig –show -a / userconfig –show	Displays all the account information like role , description , password expiration date , locked status
userconfig –add john -r admin -d “John Doe”	To add a new account -r = role , -d = description
userconfig –show john	Displays all the information for the account john
userconfig –change -e no	To Disable an account , usually default a/cs like admin and user . But ensure before disabling the admin a/c there is another a/c with admin rights
userconfig –change -e yes	To Enable an account

Firmware commands

configupload	Saves the switch config as an ASCII text file to an FTP server
configdownload	To restore a switch configuration from ASCII text file Note – Need to disable the switch before downloading the config file
configure => cfgload attributes : [y] => Ensure secure config upload / download : [y]	Fabric OS v 4.4 & above provides Secure File Copy Protocol (SCP) during upload or download of configurations
firmwaredownload	To download the firmware to be installed on the switch
firmwareshow	To be run after installing the firmware on the switch
version	Displays the current firmware version on the switch
fastboot	Needs to be run after installing the firmware. This does not include the post.
reboot	Needs to be run after installing the firmware. This includes the post.

Miscellaneous commands

killtelnet	To kill a particular session which is using telnet
configure	To configure a switch
quietmode	To switch off the quiet mode
quietmode 1	To suppress messages to the console
switchname	Displays the switch name
switchname “EXAMPLE”	To assign a switch name
bannerset	To set the banner which will appear when logging in using the CLI or web tools
timeout	Displays the timeout time set for Telnet session on the switch
timeout 10	To set a specific timeout time for the Telnet session
switchuptime or uptime	Displays the uptime for the switch
switchcfgspeed	To set speed for all the ports on the switch Note – 0:auto negotiated 1,2,4 Gbit/sec , 1 : 1Gbit/sec , 2 : 2 Gbit/sec , 4 : 4Gbit/sec
fastboot	To reboot the switch without post
reboot	To reboot the switch with the post
switchstatusshow	Displays the overall status of the switch
switchstatuspolicyshow	Displays policy set for the switch regarding Marginal(Yellow) or Down(Red) error status
switchstatuspolicyset	To change the policy set for the switch regarding Marginal(Yellow) or Down(Red) error status