Zte ZXR10 T160G/T64G

ZXR10 T160G/T64G 10-Gigabit Routing Switch
User Manual
Version 2.6
ZTE CORPORATION ZTE Plaza, Keji Road South, Hi-Tech Industrial Park, Nanshan District, Shenzhen, P. R. China 518057 Tel: (86) 755 26771900 800-9830-9830 Fax: (86) 755 26772236 URL: http://support.zte.com.cn E-mail: doc@zte.com.cn
LEGAL INFORMATION Copyright 2005 ZTE CORPORATION. The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners. This document is provided as is, and all express, implied, or statutory warranties, representations or conditions are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose, title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the information contained herein. ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject matter of this document. Except as expressly provided in any written license between ZTE CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter herein. The contents of this document and all policies of ZTE CORPORATION, including without limitation policies related to support or training are subject to change without notice.
Revision History Date 20050511 20070105 Revision No. R1.1 R1.2 Serial No. sjzl20052424 sjzl20052424 Description
ZTE CORPORATION Values Your Comments & Suggestions!

Your opinion is of great value and will help us improve the quality of our product documentation and offer better services to our customers. Please fax to: (86) 755-26772236; or mail to Publications R&D Department, ZTE CORPORATION, ZTE Plaza, A Wing, Keji Road South, Hi-Tech Industrial Park, Shenzhen, P. R. China 518057. Thank you for your cooperation!
Document Name Product Version ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual V2.6 Document Revision Number R1.2
Equipment Installation Date Presentation: (Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization, Appearance) Good Your evaluation of this documentation Accessibility: (Contents, Index, Headings, Numbering, Glossary) Good Fair Average Poor Bad N/A Fair Average Poor Bad N/A
Intelligibility: (Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content) Good Fair Average Poor Bad N/A Please check the suggestions which you feel can improve this documentation: Your suggestions for improvement of this documentation Improve the overview/introduction Improve the Contents Improve the organization Include more figures Add more examples Add more detail Other suggestions Make it more concise/brief Add more step-by-step procedures/tutorials Add more troubleshooting information Make it less technical Add more/better quick reference aids Improve the index
__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ # Please feel free to write any comments on an attached sheet.
If you wish to be contacted regarding your comments, please complete the following: Name Postcode Telephone Company Address E-mail
This page is intentionally blank.
Contents
About this User Manual...............................................................................i
Purpose of this User Manual......................................................................................i Introduction to this Manual....................................................................................... i Typographical Conventions......................................................................................iii Mouse Operation Conventions................................................................................. iv Safety Signs.......................................................................................................... iv How to Get in Touch ............................................................................................... v
Customer Support...................................................................................................................v Documentation Support...........................................................................................................v
Chapter 1........................................................................................ 1
Safety Instructions.....................................................................................1
Chapter 2........................................................................................ 3
Introduction to the System........................................................................3
Product Overview ...................................................................................................3 Functional Introduction............................................................................................4 Technical Features and Parameters ..........................................................................6
Chapter 3........................................................................................ 9
Structure and Principle ..............................................................................9
Working Principle....................................................................................................9 Hardware Structure .............................................................................................. 10 Unit/Component Introduction ................................................................................ 14
Control Switching Board ........................................................................................................14 Line interface card.................................................................................................................16 Power Supply Module ............................................................................................................25 Fan Plug-in Box.....................................................................................................................27
Chapter 4...................................................................................... 29
Usage and Operation............................................................................... 29
Configuration Mode............................................................................................... 29
Serial Interface Connection Configuration ...............................................................................30 Telnet Connection Configuration.............................................................................................32
SSH Connection Configuration ...............................................................................................35 SNMP Connection Configuration .............................................................................................40
Command Mode ................................................................................................... 41 Command Line Application .................................................................................... 43

Online Help ...........................................................................................................................43 Command Abbreviation .........................................................................................................45 Command History .................................................................................................................45
Chapter 5...................................................................................... 47
System Management .............................................................................. 47
File System Management ...................................................................................... 47
Introduction to File System ....................................................................................................47 File System Operation ...........................................................................................................48
Data Backup and Restoration................................................................................. 51 Importing/Exporting Configuration ......................................................................... 52

Version Upgrade in the case of System Anomaly.....................................................................53 Version Upgrade when the System is Normal .........................................................................55
Setting System Parameters ................................................................................... 56 Viewing System Information.................................................................................. 57
Chapter 6...................................................................................... 59
Port Configuration................................................................................... 59
Basic Port Configuration ........................................................................................ 59
Principle of Port Naming.........................................................................................................60 Configuring Basic Port Parameters..........................................................................................60 Show Port Information...........................................................................................................62 Line Diagnosis Analysis Test...................................................................................................64
Port Mirroring Configuration................................................................................... 65

Port Mirroring Overview .........................................................................................................65 Port Mirroring Configuration ...................................................................................................65 Example of Configuring Port...................................................................................................66
Chapter 7...................................................................................... 69
VLAN Configuration................................................................................. 69
VLAN Overview .................................................................................................... 69
VLAN Types ..........................................................................................................................70 VLAN Tab..............................................................................................................................70 VLAN Link Type.....................................................................................................................70 Default VLAN.........................................................................................................................71
VLAN Configuration............................................................................................... 71 Example of VLAN Configuration.............................................................................. 74 PVLAN Configuration ............................................................................................. 75
QinQ Configuration ............................................................................................... 76 SuperVLAN Configuration ...................................................................................... 78 VLAN Maintenance and Diagnosis........................................................................... 80
Chapter 8...................................................................................... 83
MAC Table Operation............................................................................... 83
MAC Address Table Overview................................................................................. 83
The Composition and Meaning of MAC Address Table..............................................................83 MAC Address Categories........................................................................................................84 MAC Address Table Creation and Deletion...............................................................................84 Setting MAC Address Aging Time ...........................................................................................86 Burning MAC Address ............................................................................................................86 Binding MAC Address to Port..................................................................................................87 Enable Port MAC Address Learning.........................................................................................87 Limit Number of Port MAC Address.........................................................................................87 Port MAC Address Learning Protection ....................................................................................88 MAC Address Filtering............................................................................................................88 View MAC Address Table........................................................................................................89
Examples of MAC Address Table Configuration ........................................................ 90
Chapter 9...................................................................................... 93
STP Configuration.................................................................................... 93
STP Overview....................................................................................................... 93
SSTP Mode ...........................................................................................................................93 RSTP Mode ...........................................................................................................................94 MSTP Mode...........................................................................................................................94
Configuring STP.................................................................................................... 96
Enable/Disable STP ...............................................................................................................96 Configuring STP Mode............................................................................................................96 Configuring STP Protocol Parameters......................................................................................96 Creating Instances ................................................................................................................97 Update MST Configuration Name and Configuration Version ....................................................98 Configuring Switch Priority and Port Priority ............................................................................98 Configuring Whether a Port in STP Protocol Participates in Spanning Tree Calculation ...............99
Instances of Configuring STP ................................................................................. 99

Instance 1.............................................................................................................................99 Instance 2...........................................................................................................................101
STP Maintenance and Diagnosis........................................................................... 101
Chapter 10.................................................................................. 103

Link Aggregation Configuration............................................................ 103
Overview of Link Aggregation .............................................................................. 103
Configuring Link Aggregation ............................................................................... 104 Instances of Configuring Link Aggregation ............................................................ 105 Link Aggregation Maintenance and Diagnosis ........................................................ 106
Chapter 11.................................................................................. 109

IGMP Snooping Configuration .............................................................. 109
Overview of IGMP Snooping ................................................................................ 109
Join a Multicast Group..........................................................................................................110 Leave a Multicast Group.......................................................................................................110 Fast Leave ..........................................................................................................................110
Configuring IGMP Snooping ................................................................................. 110

Basic Configuration..............................................................................................................110 Configure Proxy Querier.......................................................................................................111 Limit Multicast Group...........................................................................................................112 Static Configuration .............................................................................................................112 Modify Default Time.............................................................................................................112
Instances of IGMP Snooping Configuration............................................................ 113 IGMP Snooping Maintenance and Diagnosis .......................................................... 113
Chapter 12.................................................................................. 115

Network Protocol Configuration ........................................................... 115
IP Address ......................................................................................................... 115
Introduction to IP Address ...................................................................................................115 Basic Configuration of IP Address .........................................................................................116 Instances of IP Address Configuration ..................................................................................117
ARP Configuration............................................................................................... 117

Overview of ARP..................................................................................................................117 Basic Configuration of ARP ...................................................................................................117 Instances of configuring ARP................................................................................................118
Chapter 13.................................................................................. 119

Static Route Configuration.................................................................... 119
Basic Configuration of Static Route....................................................................... 119 Instance of Static Route Configuration .................................................................. 120
Configuring Static Route ......................................................................................................120 Summarizing Static Routes..................................................................................................121 Default Route Configuration .................................................................................................121
Maintenance and Diagnosis of Static Route ........................................................... 123
Chapter 14.................................................................................. 125

RIP Configuration.................................................................................. 125
Overview of RIP.................................................................................................. 125
RIP Fundamentals ...............................................................................................................125 Metric and Administrative Distance.......................................................................................125 Timer..................................................................................................................................126 Route Update......................................................................................................................126
Configuring RIP .................................................................................................. 126

Basic Configuration..............................................................................................................127 Enhanced Configuration.......................................................................................................127 Version:..............................................................................................................................128
Instances of configuring RIP ................................................................................ 128 RIP Maintenance and Diagnosis ........................................................................... 129
Chapter 15.................................................................................. 131

OSPF Configuration ............................................................................... 131
OSPF overview ................................................................................................... 131
OSPF Fundamental..............................................................................................................131 OSPF Algorithm...................................................................................................................132 OSPF Network Types ...........................................................................................................132 Hello Packet and Timer ........................................................................................................133 OSPF Neighbor....................................................................................................................133 Adjacency and Designated Router........................................................................................133 Router Priority and DR Election ............................................................................................134 OSPF Area ..........................................................................................................................134 LSA Types and Diffusion ......................................................................................................135 Stub Area and Totally Stubby Area.......................................................................................135 Not-So-Stubby Area ............................................................................................................136 OSPF Authentication............................................................................................................136
Configuring OSPF................................................................................................ 136

Basic Configuration..............................................................................................................136 Configure Basic Attributes of Interface..................................................................................137 Configure Neighbor Router...................................................................................................138 Set OSPF Area ....................................................................................................................138 Configure Inter-area Route Convergence..............................................................................138 Generate Default Route .......................................................................................................139 Configure Virtual Link ..........................................................................................................139 Redistribute Other Routing Protocols ....................................................................................139 Configure Route Convergence of Route Redistribution ...........................................................140 Configure OSPF Authentication.............................................................................................140 Configure Routes Supporting Opaque LSA ............................................................................140 Modify OSPF Administrative Distance....................................................................................141
Instances of Configuring OSPF ............................................................................. 141

Basic OSPF Configuration.....................................................................................................141 Configure Multiple-area OSPF...............................................................................................142
Configure OSPF Virtual Link .................................................................................................144 Configure OSPF Authentication.............................................................................................145
OSPF Maintenance and Diagnosis......................................................................... 146
Chapter 16.................................................................................. 149

IS-IS Configuration ............................................................................... 149
IS-IS Overview................................................................................................... 149
IS-IS Fundamental..............................................................................................................149 IS-IS Area...........................................................................................................................150 IS-IS Network Types ...........................................................................................................151 DIS and Router Priority........................................................................................................151
Configuring IS-IS................................................................................................ 151

Configuring Basic IS-IS........................................................................................................151 Set IS-IS Global Parameters ................................................................................................152 Set IS-IS Interface Parameters ............................................................................................153 Configuring IS-IS Authentication ..........................................................................................155
Instances of Configuring IS-IS ............................................................................. 156

Single-Area IS-IS Configuration ...........................................................................................156 Multiple-Area IS-IS Configuration.........................................................................................157
IS-IS Maintenance and Diagnosis......................................................................... 160
Chapter 17.................................................................................. 163

BGP Configuration ................................................................................. 163
BGP Overview .................................................................................................... 163 Configuring BGP ................................................................................................. 164
Basic BGP Configuration ......................................................................................................164 Advertising BGP Routes .......................................................................................................165 Advertising BGP Aggregation ...............................................................................................167 Configuring EBGP Multihop...................................................................................................168 Filtering Routes via the Route Map .......................................................................................169 Filtering Routes via NLRI......................................................................................................170 Filtering Routes via AS_PATH...............................................................................................170 LOCAL_PREF Attribute .........................................................................................................171 MED Attribute .....................................................................................................................173 Community String Attribute .................................................................................................175 BGP Synchronization ...........................................................................................................175 BGP Route Reflector ............................................................................................................177 BGP Confederation ..............................................................................................................178 BGP Route Dampening ........................................................................................................180
Example of Configuring BGP ................................................................................ 180 BGP Maintenance and Diagnosis .......................................................................... 182
Chapter 18.................................................................................. 185
Multicasting Route Configuration ......................................................... 185

Multicast Overview.............................................................................................. 185
Multicast Address ................................................................................................................186 IGMP ..................................................................................................................................186 Multicast Tree......................................................................................................................186 PIM-SM...............................................................................................................................187 MSDP .................................................................................................................................188
Configuring Public Multicast ................................................................................. 189 Configuring IGMP................................................................................................ 189

Configuring IGMP Versions...................................................................................................190 Configuring IGMP Groups on Interfaces ................................................................................190 Configuring IGMP Timers .....................................................................................................191
Configuring PIM-SM ............................................................................................ 192

PIM-SM Basic Configurations................................................................................................192 Enhanced PIM-SM Configurations.........................................................................................193
Configuring MSDP............................................................................................... 195

Basic MSDP Configuration....................................................................................................195 Enhanced MSDP Configurations............................................................................................196
Example of Configuring Multicasting ..................................................................... 197 Multicasting Maintenance and Diagnosis ............................................................... 199
Common Show Commands .................................................................................................199 IGMP ..................................................................................................................................200 PIM-SM...............................................................................................................................201 MSDP .................................................................................................................................203
Chapter 19.................................................................................. 205

ACL Configuration ................................................................................. 205
ACL Overview..................................................................................................... 205 Configuring ACLs ................................................................................................ 206
Configure a Time Range ......................................................................................................206 Defining ACLs......................................................................................................................206 Applying ACLs to Physical Ports............................................................................................211
Examples of Configuring ACL ............................................................................... 211 ACL Maintenance and Diagnosis........................................................................... 213
Chapter 20.................................................................................. 215

QoS Configuration ................................................................................. 215
QoS Overview .................................................................................................... 215
Traffic Classification .............................................................................................................216 Traffic Monitoring and Control ..............................................................................................216 Traffic Shaping ....................................................................................................................216 Queue Scheduling and Default 802.1p Priority ......................................................................217
Redirection and Policy Routing .............................................................................................217 Priority Tagging...................................................................................................................218 Traffic Mapping....................................................................................................................218 Traffic Statistics...................................................................................................................218
Configuring QoS ................................................................................................. 218

Traffic Monitoring and Control ..............................................................................................218 Traffic Shaping ....................................................................................................................219 Queue Scheduling and Default 802.1p Priority ......................................................................220 Redirection and Policy Routing .............................................................................................220 Priority Tagging...................................................................................................................221 Traffic Mapping....................................................................................................................221 Traffic Statistics...................................................................................................................222
Example of Configuring QoS ................................................................................ 222

Example of a Typical QoS Configuration................................................................................222 Example of Configuring Policy Routing..................................................................................224
QoS Maintenance and Diagnosis .......................................................................... 225
Chapter 21.................................................................................. 227

DHCP Configuration............................................................................... 227
DHCP Overview .................................................................................................. 227 Configuring DHCP ............................................................................................... 228 Examples of Configuring DHCP ............................................................................ 230
Example of Configuring a DHCP Server.................................................................................230 Example of Configuring DHCP Relay.....................................................................................230
DHCP Maintenance and Diagnosis ........................................................................ 231
Chapter 22.................................................................................. 233

VRRP Configuration............................................................................... 233
VRRP Overview .................................................................................................. 233 Configuring VRRP ............................................................................................... 234 Examples of Configuring VRRP............................................................................. 235
Basic VRRP Configuration.....................................................................................................235 Symmetric VRRP Configuration ............................................................................................236
VRRP Maintenance and Diagnosis......................................................................... 237
Chapter 23.................................................................................. 239

Load Balance Configuration.................................................................. 239
Load Balance Overview ....................................................................................... 239 Configuring Load Balance .................................................................................... 240 Examples of Configuring Load Balance.................................................................. 240
Static Route ........................................................................................................................241 OSPF ..................................................................................................................................242
Load Balance Maintenance and Diagnosis ............................................................. 243
Chapter 24.................................................................................. 245

Network Management Configuration ................................................... 245
NTP ................................................................................................................... 245
NTP Overview .....................................................................................................................245 Configuring NTP ..................................................................................................................245 Examples of Configuring NTP ...............................................................................................246
RADIUS Authentication ....................................................................................... 247

RADIUS Overview ...............................................................................................................247 Configuring RADIUS ............................................................................................................247 Example of Configuring RADIUS...........................................................................................247 SNMP Overview...................................................................................................................248 Configuring SNMP................................................................................................................248 Example of Configuring SNMP..............................................................................................250
Remote Monitoring ............................................................................................. 250

Remote Monitoring Overview ...............................................................................................250 Configuring RMON...............................................................................................................250 Examples of Configuring RMON............................................................................................251
System Log........................................................................................................ 253

SysLog Overview.................................................................................................................253 Configuring SysLog..............................................................................................................253 Example of Configuring SysLog............................................................................................254
Acronyms and Abbreviations..................................................... 255 Figures........................................................................................ 259 Tables ......................................................................................... 261
About this User Manual
Purpose of this User Manual

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual is applicable to ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch (ZXR10 T160G/T64G for short, and in the general part, it is also called switch). The accessory manuals of ZXR10 T160G/T64G include: ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Installation Manual ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Command Manual (Functional Architecture Volume) ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Command Manual (Protocol Suites Volume) ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Command Manual (System Management Volume) ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch Information Manual
Introduction to this Manual

This manual introduces various functional T160G/T64G 10-Gigabit Routing Switch. configurations of ZXR10 This manual consists of 24 chapters and one appendix. Chapter 1 consists of Safety Instructions: introduces the safety instructions and safety signs. Chapter 2 consists of Introduction to the System of ZXR10 T160G/T64G system. Chapter 3 consists of Structure T160G/T64G structure and principle. and Principle: introduces ZXR10
Chapter 4 consists of Usage and Operation: in this chapter, you will learn about the configuration mode, command mode, and command line usage of ZXR10 T160G/T64G.
Confidential and Proprietary Information of ZTE CORPORATION
ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual
Chapter 5 consists of System Management: introduces the ZXR10 T160G/T64G system management. Chapter 6 consists of Port Configuration: introduces the configuration of port parameter and port mirror. Chapter 7 consists of VLAN Configuration: introduces basic configuration and extended configuration of VLAN. Chapter 8 consists of MAC Table Operation: introduces MAC table and MAC-address-related configuration. Chapter 9 consists of STP Configuration: introduces the configuration of STP. Chapter 10 consists of Link Aggregation Configuration: introduces LACP and static trunk configuration. Chapter 11 consists of IGMP Snooping Configuration: introduces the configuration of IGMP Snooping. Chapter 12 consists of Network Protocol Configuration: introduces IP address and ARP configuration. Chapter 13 consists of Static Route Configuration: introduces the configuration of static route. Chapter 14 consists of RIP Configuration: introduces the configuration of RIP. Chapter 15 consists of OSPF Configuration: introduces the configuration of OSPF. Chapter 16 consists of IS-IS Configuration: introduces the configuration of IS-IS protocol. Chapter 17 consists of BGP Configuration: introduces the configuration of BGP. Chapter 18 consists of Multicast Route Configuration: introduces the configuration of multicast routing protocol. Chapter 19 consists of ACL Configuration: introduces the configuration of ACL. Chapter 20 consists of QoS Configuration: introduces the configuration of QoS. Chapter 21 consists of DHCP Configuration: introduces the configuration of DHCP. Chapter 22 consists of VRRP Configuration: introduces the configuration of VRRP. Chapter 23 consists of Load Balance Configuration: introduces the configuration of load sharing function.
ii
Chapter 24 consists of Network Management Configuration: introduces frequently used functions in the network management including NTP, RADIUS authentication, SNMP, RMON and system log configuration. Appendix A consists of Acronyms and Abbreviations.
Typographical Conventions
ZTE documents employ with the following typographical conventions.
TABLE 1 TYPOGRAPHICAL CONVENTIONS
Typeface
Meaning References to other guides and documents. Links on screens. Menus, menu options, function names, input fields, radio button names, check boxes, drop-down lists, dialog box names, window names. Keys on the keyboard and buttons on screens and company name. Text that you type, program code, files and directory names, and function names. Optional parameters Mandatory parameters Select one of the parameters that are delimited by it Note: Provides additional information about a certain topic. Checkpoint: Indicates that a particular step needs to be checked before proceeding further. Tip: Indicates a suggestion or hint to make things easier or more productive for the reader.
Italics
Quotes Bold
CAPS Constant width [] {} |
iii
Mouse Operation Conventions

TABLE 2 MOUSE OPERATION CONVENTIONS
Typeface Click Double-click Right-click Drag
Meaning Refers to clicking the primary mouse button (usually the left mouse button) once. Refers to quickly clicking the primary mouse button (usually the left mouse button) twice. Refers to clicking the secondary mouse button (usually the right mouse button) once. Refers to pressing and holding a mouse button and moving the mouse.
Safety Signs
TABLE 3 S AFETY SIGNS
Safety Signs
Meaning Danger: Indicates an imminently hazardous situation, which if not avoided, will result in death or serious injury. This signal word should be limited to only extreme situations. Warning: Indicates a potentially hazardous situation, which if not avoided, could result in death or serious injury. Caution: Indicates a potentially hazardous situation, which if not avoided, could result in minor or moderate injury. It may also be used to alert against unsafe practices.
Erosion: Beware of erosion.
Electric shock: There is a risk of electric shock. Electrostatic: The device may be sensitive to static electricity.
Microwave: Beware of strong electromagnetic field. Laser: Beware of strong laser beam.
No flammables: No flammables can be stored.
iv
Safety Signs
Meaning
No touching: Do not touch.
No smoking: Smoking is forbidden.
How to Get in Touch

The following sections provide information on how to obtain support for the documentation and the software.
Customer Support
If you have problems, questions, comments, or suggestions regarding your product, contact us by e-mail at support@zte.com.cn. You can also call our customer support center at (86) 755 26771900 and (86) 800-9830-9830.
Documentation Support
ZTE welcomes your comments and suggestions on the quality and usefulness of this document. For further questions, comments, or suggestions on the documentation, you can contact us by e-mail at doc@zte.com.cn; or you can fax your comments and suggestions to (86) 755 26772236. You can also explore our website at http://support.zte.com.cn, which contains various interesting subjects like documentation, knowledge base, forum and service request.
This page is intentionally blank
vi
Chapter
Safety Instructions
In this chapter, you will learn about safety instructions and signs. Only qualified professionals can perform installation, operation and maintenance owing to the high temperature and high voltage in the equipment. Please observe the local safety codes and relevant operation procedures in equipment installation, operation and maintenance; otherwise personal injury or equipment damage could be caused. The safety precautions introduced in this Manual are only supplementary to the local safety codes. ZTE shall not bear any liabilities incurred by violation of the universal safety operation requirements or violation of the safety standards for designing, manufacturing and using the equipment.
Chapter
Introduction to the System

This chapter introduces ZXR10 T160G/T64G, at the same time, it describes the diversified functions of software and hardware provided by ZXR10 T160G/T64G in detail. Product Overview Function introduction Technical Features and Parameters
Product Overview
ZXR10 T160G/T64G is an Ethernet routing switch developed by ZTE Corporation which can be applicable to the backbone layer or convergence layer of MAN and can also server as backbone/convergence layer switch in corporate network and campus network. ZXR10 T160G/T64G provides the interfaces including fast Ethernet, gigabit Ethernet and 10-gigabit and supports L2/L3 wire-speed forwarding of all ports. Therefore, it can satisfy the increasing requirements for bandwidth. ZXR10 T160G/T64G also supports multiple unicast and multicasting protocols. The service categories carried by data network increase rapidly with the development of network, which requires higher QoS and better security for network equipment. ZXR10 T160G/T64G provides abundant policies and resources regarding QoS and ACL, assuring QoS and system security. As the important switching node of backbone/convergence layer, ZXR10 T160G/T64G provides the hot-backup function of power module and control
& switching module, therefore, it is applicable to large-capacity network with high reliability. It has the following characteristics: Carrier-class reliability Full-wire-speed forwarding and filtering capability Supports abundant network protocols Open architecture, supporting high upgrading performance
Functional Introduction
ZXR10 T160G/T64G adopts the structure of standard 19-inch plug-in box. ZXR10 T160G has 10 plug-in slots, two of which are slots for control and switching board, and the other eight ones are slots for line interface card. ZXR10 T64G has 6 plug-in slots, one of which is slot for control and switching board, four of which are for line interface card, and the left one can serve as the slot for control and switching board or line interface card. Control and switching board is the core of the system implementing the functions including switching, protocol processing, system configuration management and network management interface; it can perform 1+1 redundancy configuration. Line interface card performs the operations of message processing including forwarding, discarding, and reporting to implement wire-speed forwarding of service flow. ZXR10 T160G/T64G supports line interface cards of multiple categories and port density. One port 10-gigabit Ethernet optical interface board Two-port 10-gigabit Ethernet optical interface board Twelve-port gigabit Ethernet optical interface board Twenty-four-port gigabit Ethernet optical interface board Twelve-port gigabit Ethernet electrical interface board Twenty-four-port gigabit Ethernet electrical interface board 44+4 fast Ethernet electrical interface board ZXR10 T160G/T64G implements full-wire-speed Layer2/3 switching function and supports multiple protocols.
Chapter 2
ZXR10 T160G/T64G provides the following functions which are given below: Physical interface Supports the configuration of port rate, duplex mode, and self-adaptive Supports port mirroring Supports broadcast storm suppression Supports line diagnosis analysis test VLAN Supports the VLAN based on port Supports IEEE 802.1Q, the maximum of VLAN is 4094 Supports PVLAN Supports VLAN double layer tab Supports SuperVLAN Layer 2 protocol Supports STP, RSTP and MSTP Supports static Trunk and LACP Supports IGMP Snooping Routing Protocol Supports the unicast protocols including static routing, RIP v1/v2, OSPF, IS-IS, and BGP Supports multicasting protocols including IGMP v1/v2, PIM-SM, and MSDP ACL Supports standard ACL, extended ACL, Layer 2 ACL and mixed ACL Supports ACL time segment restriction QoS Supports 802.1p priority Supports SP and WRR queue dispatching mode Supports traffic monitoring and management Supports flow-based redirection Supports flow mirroring and traffic statistic
Access authentication Supports Radius Client Supports DHCP Relay and DHCP Server Reliability Supports VRRP Supports routing load sharing Network Management Supports CLI configuration mode Supports configuring via Console, Telnet, and SSH Supports SNMP and RMON Supports ZXNM01 universal network management system
Technical Features and Parameters

Technical features and parameters of ZXR10 T160G/T64G are listed in Table 4.
TABLE 4 ZXR10
T160G/T64G TECHNICAL FEATURES AND P AR AMETERS
Item Dimensions
Description ZXR10 T160G: 577mm (H) 442mm (W) 450mm (D) ZXR10 T64G: 443.7mm(H) 442mm(W) 450mm(D) ZXR10 T160G: 49kg ZXR10 T64G: 46kg DC: 100V~240V, 50Hz ~60Hz AC: -57V~-40V ZXR10 T160G the total power consumption fully configured is 1200W ZXR10 T64G total power consumption of full configuration is 720W
Weight
Power Supply Power Consumption
MTBF>200000 Hours Reliability MTTR< 30 minutes All boards support hot swap, control switching board, and power redundancy backup
Chapter 2
Item Lightening Protection Ambient Temperature Ambient Humidity Memory Capacity Backplane Bandwidth Switching Capacity Packet Forwarding Rate Routing table entries MAC address table depth
Description
4KV Working ambient temperature: -5C~+45C Storing ambient temperature: -40C~+70C
Relative humidity 20%~90%, non-condensing ZXR10 T160G: 512M ZXR10 T64G: 256M ZXR10 T160G: 1.44Tbps ZXR10 T64G: 810Gbps ZXR10 T160G: 1152Gbps ZXR10 T64G: 576Gbps ZXR10 T160G: 576M ZXR10 T64G: 360M
500K
64K
Chapter
Structure and Principle

This chapter describes ZXR10 T160G/T64G including: Overall Structure and Working Principles Control switching board Line interface card Power supply module Fan plug-in box
Working Principle
ZXR10 T160G/T64G is a large-capacity rack mountable Ethernet switch, which implements wire-speed Layer2/3 switching via two-level hardware switching. Level 1 switching is between ports of line interface cards; level 2 switching between line interface cards is implemented via control switching board. ZXR10 T160G/T64G hardware design complies with the principle of system modulization, which, according to function system, includes the following four modules: Control module: is composed of main processor and some external functional chips, which implements processing to applications of the system. It provides various operational interfaces including serial interface and Ethernet interface to perform data operation and maintenance.
Switching module: It provides multiplex high-speed bi-directional serial interface to implement wire-speed data switch between line interface cards. Packet processing and interface module: Interface module is the external interface of ZXR10 T160G/T64G, providing one or multiple physical ports. Different line interface cards can implement access of different rates and types. Power supply module: It adopts 220V AC power supply or 48V DC power supply, providing power for other parts of the system. Abridged General View of ZXR10 T160G/T64G system principle is shown in Figure 1.
FIGURE 1 ZXR10 T160G/T64G SKETCH M AP OF SYSTEM PRINCIPLE
Line Interface Card 1
High-speed XAUI Interface High-speed XAUI Interface
Hardware Structure
ZXR10 T160G/T64G system is composed of chassis, power supply plug-in box, board, fan plug-in box and backplane. The system adopts international standard 19-inch plug-in box, which can lay-out solely or fix in standard chassis.
....
....
Switching Network
Power Supply
Control Module
10
Chapter 3
ZXR10 T160G and ZXR10 T64G adopt same hardware structure with control/switching board and various line interface cards shared, only the number of line interface cards supported are different. In ZXR10 T160G, 8 line interface cards can be plugged in; while in ZXR10 T64G, when master/slave control is not needed, 5 line interface cards can be plugged in, and when master/slave control is needed, 4 line interface cards can be plugged in. The location of ZXR10 T160G components is shown in Figure 2, and the corresponding front panel is as shown in Figure 3.
FIGURE 2 ABRIDGED GENERAL VIEW OF ZXR10 T160G COMPONENTS POSITION
19" Line Interface Card Line Interface Card Line Interface Card Line Interface Card Fan Controlled Switching Card Controlled Switching Card Line Interface Card Line Interface Card Line Interface Card Line Interface Card AC/DC Module AC/DC Module AC/DC Module
11
FIGURE 3 ZXR10 T160G FRONT P ANEL
The position of ZXR10 T64G components is shown in Figure 4, and the corresponding front panel is as shown in Figure 5.
12
Chapter 3
FIGURE 4 ABRIDGED GENERAL VIEW OF ZXR10 T64G COMPONENTS POSITION
19" Line Interface Card Line Interface Card Fan Controlled Switching Card Controlled Switching Card/Line Interface Card Line Interface Card Line Interface Card AC/DC Module AC/DC Module AC/DC Module
FIGURE 5 ZXR10 T64G FRONT P ANEL
13
Unit/Component Introduction
Control Switching Board
Control switching board (MCS) is the core of ZXR10 T160G/T64G, implementing the functions of control module and switching module. The control switching board provides the function of master/slave switchover; it can also perform 1+1 redundancy configuration. The front panel of ZXR10 T160G MCS is shown in Figure 6; the front panel of ZXR10 T64G MCS is shown in Figure 7.
FIGURE 6 THE FRONT PANEL OF ZXR10 T160G MCS
FIGURE 7 THE FRONT PANEL OF ZXR10 T64G MCS
Interface
Console Interface Console interface is used to connect background management terminal, on which it performs operation and maintenance to ZXR10 T160G/T64G via tools such as Super Terminal. Console interface is a RJ45 socket, connected to COM port of background management terminal via serial cable. One end of serial cable connecting ZXR10 T160G/T64G is RJ45 connector, the other end connecting background management terminal is DB9 female connector. 10/100Base-TX Ethernet interface 10/100Base-TX Ethernet interface (MGT) on the control switching board is the management interface connecting background, which can be used as the switch outband NM interface.
14
Chapter 3
The characteristics of 10/100Base-TX Ethernet interface are shown in Table 5.
TABLE 5 FEATURES OF FAST ETHERNET MAN AGEMENT INTERFACE
Port Type 10/100Base-TX
Characteristics In compliance with IEEE 802.3/802.3u standard, RJ45 connector Using UTP5, the maximum transmission distance is 100m
LEDs
The functions of the twenty-eight LEDs in the front panel of control switching board are described in Table 6.
TABLE 6 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN THE CONTROL SWITCHING

BOARD
LEDs
Description Off, the interface board of corresponding line is faulty or off RUN position Blinking, the interface board of corresponding line is working normally Off, the interface board of corresponding line alarm cleared or ALM is off position On, corresponding line interface card alarms RUN Off, corresponding power module is faulty or off position On, the corresponding power module is working normally Off, corresponding power module alarm cleared or is off ALM position On, the corresponding power module alarms RUN Off, the control switching board is faulty Blinking, the control switching board is working normally Off, the control switching board alarm cleared On, the control switching board alarms On, the board is in standby status Off, the board is in active status
1~8
PWR1~3
MST ALM
RES
RUN
15
ALM ACT LINK
On, active/standby status anomaly Off, active/standby status is normal Blinking, data transmission and reception in the interface On, the interface link created Off, the interface is disconnected from others
Buttons
The functions of the two buttons in the front panel of control switching board are described in Table 7.
TABLE 7 FUNCTIONAL DESCRIPTION OF BUTTONS IN THE CONTROL SWITCHING BOARD
Buttons RST
Function Board reset button, for resetting the whole board Board switchover button, switch the control switching board as
EXCH
standby, If press the button in the standby board, the system will not perform any operation
Line interface card

ZXR10 T160G/T64G line interface card includes: Fast Ethernet interface board, gigabit Ethernet interface board and 10gigabit Ethernet interface board. The optical interface of line interface card adopts pluggable optical module, supporting various transmission media and transmission distance.
44+4 Fast Ethernet Electrical Interface Board

44+4 fast Ethernet electrical interface board provides 44 fast Ethernet electrical interfaces and 4 gigabit Ethernet electrical interfaces, totally 48 Ethernet electrical interfaces, in which, fast Ethernet electrical interface supports 10/100M self-adaptive, gigabit Ethernet electrical interface supports 10/100/1000M self-adaptive. Powerful NP (Network Processor) can be added to the board based on actual demands to process packet from L2 to L7, to meet the complex application in practical networking. The front panel is shown in Figure 8.
16
Chapter 3
FIGURE 8 FRONT PANEL OF 44+4 FAST ETHERNET ELECTRICAL INTERFACE BOARD
The characteristics of 44 +4 fast Ethernet electrical interface board are shown in Table 8.
TABLE 8 CHARACTERISTICS OF 44+4 FAST ETHERNET ELECTRICAL INTERFACE BO ARD
Port Type
Characteristics In compliance with IEEE 802.3/802.3u standard RJ45 connector
10/100Base-TX
Using UTP5, the maximum transmission distance is 100m MDI/MDIX In compliance with IEEE 802.3/802.3z standard, RJ45 connector
1000Base-T
Using UTP5, the maximum transmission distance is 100m MDI/MDIX
The functions of forty-eight ports corresponding to the 48 LEDs in the front panel of 44+4 fast Ethernet interface board are described in Table 9:
TABLE 9 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 44+4 FAST ETHERNET

INTERFACE BOARD
Port Type
Characteristics On, the port link is created
LINK/ACT
Off, the port is disconnected from others Blinking, data transmission and reception in the port
Twelve-port Gigabit Ethernet Optical Interface Board

Twelve-port gigabit Ethernet optical interface board provides 12 gigabit Ethernet optical interfaces, 4 of which support Optoelectronic self-adaptive. Powerful NP (Network Processor) can be added to the board based on actual demands to process packet from L2 to L7, to meet the complex application in practical networking. The front panel is shown in Figure 9.
17
FIGURE 9 FRONT PANEL VIEW OF TWELVE-PORT GIGABIT ETHERNET OPTICAL INTERFACE
The optical module used by gigabit Ethernet optical interface is pluggable SFP optical module. Every port supports four kinds of common distances used by gigabit Ethernet, as shown in Table 10.
TABLE 10 CHAR ACTERISTICS OF TWELVE-PORT GIGABIT ETHERNET OPTICAL INTERFACE

BOARD
Port Type
Characteristics LC connector, multi-mode optical fiber, with the wavelength of
SX(SFP-M500)
850nm, maximum transmission distance is 500m Transmission power range: -9.5dBm~-4dBm, receiving
sensitivity<-18dBm LC connector, single-mode optical fiber, with the wavelength of LX(SFP-S10K) 1310nm, maximum transmission distance is 10km Transmission power range: -9.5dBm~-3dBm, receiving
sensitivity<-20dBm LC connector, singlemode optical fiber, with the wavelength of LH(SFP-S40K) 1310nm, maximum transmission distance is 40km Transmission power range: -4dBm~0dBm, receiving
sensitivity<-22dBm LC connector, singlemode optical fiber, with the wavelength of LH(SFP-S80K) 1550nm, maximum transmission distance is 80km Transmission power range: 0dBm~5dBm, receiving
sensitivity<-22dBm 1000Base-T RJ45 connector, using UTP5
There are 32 LEDs in front panel of 12-port gigabit Ethernet optical interface board, with each has two LEDs. The functions are described in Table 11.
TABLE 11 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 12-PORT GIGABIT ETHERNET OPTICAL INTERFACE BOARD
Port Type
Characteristics
18
Chapter 3
LINK
On, the port link is created Off, the port is disconnected from others Off, no data transmission or reception in the port Blinking, data transmission and reception in the port
ACT
Twenty-four-port Gigabit Ethernet Optical Interface Board

Twenty-four-port gigabit Ethernet optical interface board provides 24 gigabit Ethernet optical interfaces, 4 of which support Optoelectronic self-adaptive. The front panel is shown in Figure 10.
FIGURE 10 FRONT PANEL VIEW OF TWENTY-FOUR-PORT GIGABIT ETHERNET OPTICAL

INTERFACE BOARD
Optical module used by gigabit Ethernet optical interface is pluggable SFP optical module. Every port supports four kinds of common distances used by gigabit Ethernet, as shown in Table 12.
TABLE 12 CHAR ACTERISTICS OF TWENTY-FOUR-PORT GIGABIT ETHERNET OPTICAL

INTERFACE BOARD
Port Type
Characteristics LC connector, multiple-mode optical fiber, with the wavelength of
SX(SFP-M500)
sensitivity<-20dBm LC connector, single-mode optical fiber, with the wavelength of LH(SFP-S40K) 1310nm, maximum transmission distance is 40km Transmission power range: -4dBm~0dBm, receiving
sensitivity<-22dBm
19
LC connector, single-mode optical fiber, with the wavelength of LH(SFP-S80K) 1550nm, maximum transmission distance is 80km Transmission power range: 0dBm~5dBm, receiving
sensitivity<-22dBm 1000Base-T RJ45 connector, using UTP5
There are 56 LEDs in the front panel of 24-port gigabit Ethernet optical interface board, with each has two LEDs. The functions are described in Table 13.
TABLE 13 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 24-PORT GIGABIT ETHERNET OPTICAL INTERFACE BOARD
Port Type LINK
Characteristics On, the port link is created Off, the port is disconnected from others Off, no data transmission or reception in the port Blinking, data transmission and reception in the port
ACT
Twelve-port Gigabit Ethernet Electrical Interface Board

Twelve-port gigabit Ethernet electrical interface board provides 12 gigabit Ethernet electrical interfaces, 4 of which support Optoelectronic self-adaptive. Powerful NP (Network Processor) can be added to the board based on actual demands to process packet from L2 to L7, to meet the complex application in practical networking. The front panel is shown in Figure 11.
FIGURE 11 FRONT PANEL VIEW OF TWELVE-PORT GIGABIT ETHERNET ELECTRICAL

INTERFACE BOARD
The optical interface part of the four ports supporting optoelectronic self-adaptive adopts pluggable SFP optical module, supporting four kinds of common distances used by gigabit Ethernet. The characteristics are shown in Table 14.
20
Chapter 3
TABLE 14 CHARACTERISTICS OF TWELVE-PORT GIGABIT ETHERNET ELECTRICAL INTERFACE

BOARD
Port Type 1000Base-T
Characteristics RJ45 connector, using UTP5 LC connector, multiple-mode optical fiber, with the wavelength of
SX(SFP-M500)
sensitivity<-22dBm LC connector, single-mode optical fiber, with the wavelength of LH(SFP-S80K) 1550nm, maximum transmission distance is 80km Transmission power range: 0dBm~5dBm, receiving
sensitivity<-22dBm
There are 32 LEDs in the front panel of 12-port gigabit Ethernet electrical interface board, with each has two LEDs. The functions are described in Table 15.
TABLE 15 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 12-PORT GIGABIT ETHERNET ELECTRICAL INTERFACE BO ARD
Port Type LINK
ACT
21
Twenty-four-port Gigabit Ethernet Electrical Interface Board

Twelve-port gigabit Ethernet electrical interface board provides 24 gigabit Ethernet electrical interfaces, 4 of which support Optoelectronic self-adaptive. The front panel is shown in Figure 12.
FIGURE 12 FRONT PANEL VIEW OF TWENTY-FOUR-PORT GIGABIT ETHERNET ELECTRICAL

INTERFACE BOARD
Optical
interface
part
of
the
four
ports
supporting
optoelectronic
self-adaptive adopts pluggable SFP optical module, supporting four kinds of common distances used by gigabit Ethernet. The characteristics are shown in Table 16.
TABLE 16 CHARACTERISTICS OF TWENTY-FOUR-PORT GIGABIT ETHERNET ELECTRICAL

INTERFACE BOARD
Port Type 1000Base-T
Characteristics RJ45 connector, using UTP5 LC connector, multiple-mode optical fiber, with the wavelength of
SX(SFP-M500)
sensitivity<-22dBm LH(SFP-S80K) LC connector, single-mode optical fiber, with the wavelength of
22
Chapter 3
1550nm, maximum transmission distance is 80km Transmission power range: 0dBm~5dBm, receiving
sensitivity<-22dBm
There are 56 LEDs in the front panel of 24-port gigabit Ethernet electrical interface board, with each has two LEDs. The functions are described in Table 17.
TABLE 17 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 24-PORT GIGABIT ETHERNET ELECTRICAL INTERFACE BO ARD
Port Type LINK
ACT
One port 10-gigabit Ethernet Optical Interface Board

One port 10-gigabit Ethernet optical interface board provides one-XENPAK-interface 10-gigabit Ethernet interface. Powerful NP (Network Processor) can be added to the board based on actual demands to process packet from L2 to L7, to meet the complex application in practical networking. The front panel is shown in Figure 13.
FIGURE 13 FRONT PANEL VIEW OF ONE-PORT 10-GIGABIT ETHERNET OPTICAL INTERFACE

BOARD
One-port 10-gigabit Ethernet optical interface board adopts hot-swappable XENPAK optical module, supporting multiple transmission distance requirements; the characteristics are shown in Table 18.
23
TABLE 18 CHAR ACTERISTICS OF ONE-PORT 10-GIGABIT ETHERNET OPTICAL INTERFACE

BOARD
Port Type LR(XENPAK-S10 K) LH(XENPAK-S40 K)
Characteristics SC connector, single-mode optical fiber, with the wavelength of 1310nm, maximum transmission distance is 10km SC connector, single-mode optical fiber, with the wavelength of 1550nm, maximum transmission distance is 40km
There are two LEDs in the front panel of one-port 10-gigabit Ethernet optical interface board, the functions of which are shown in Table 19.
TABLE 19 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN ONE-PORT 10-GIGABIT ETHERNET OPTICAL INTERFACE BOARD
Port Type LINK
ACT
Two-port 10-gigabit Ethernet Optical Interface Board

Two-port 10-gigabit Ethernet optical interface board provides two-XENPAK-interface 10-gigabit Ethernet interface. The front panel is shown in Figure 14.
FIGURE 14 FRONT PANEL VIEW OF TWO-PORT 10-GIGABIT ETHERNET OPTICAL INTERFACE

BOARD
Two-port 10-gigabit Ethernet optical interface board adopts hot-swappable XENPAK optical module, supporting multiple transmission distance requirements; the characteristics are shown in Table 20.
24
Chapter 3
TABLE 20 CHAR ACTERISTICS OF TWO-PORT 10-GIGABIT ETHERNET OPTICAL INTERFACE

BOARD
Port Type LR(XENPAK-S10 K) LH(XENPAK-S40 K)
Characteristics SC connector, single-mode optical fiber, with the wavelength of 1310nm, maximum transmission distance is 10km SC connector, single-mode optical fiber, with the wavelength of 1550nm, maximum transmission distance is 40km
There are 4 LEDs in the front panel of 2-port 10-gigabit Ethernet optical interface board, with each has two LEDs. The functions are described in Table 21.
TABLE 21 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN TWO-PORT 10-GIGABIT ETHERNET OPTICAL INTERFACE BOARD
Port Type LINK
Characteristics On, the interface link created Off, the interface is disconnected from others Off, no data transmission or reception in the interface Blinking, data transmission and reception in the interface
ACT
Power Supply Module

Considering the practical requirements of core switch, ZXR10 T160G/T64G employs hot-backup design in power supply part, at the same time, it provides 48V DC power supply and 220V AC power supply. DC power supply adopts 1+1 backup mode, the power is supplied by two group of 48V DC simultaneously; while AC power supply adopts 2+1 backup mode, thus, the reliability of power supply system is enhanced. The power supply system adopts modularization design, in which power supply types and number of modules can be selected in accordance with requirements. The front panel view of power supply module is as shown in Figure 15.
25
FIGURE 15 FRONT PANEL VIEW OF POWER SUPPLY MODULE
The rear panel view of DC power supply board is shown in Figure 16.
FIGURE 16 REAR PANEL VIEW OF DC POWER SUPPLY BOARD
DC power supply adopts 1+1 backup mode. Each system is configured with two DC modules, the technical parameters of which are as follows: Rated voltage: -48V Allowed voltage range: -57V~-40V Input electrical current: 25A Maximum power consumption: 1200 W The rear panel view of AC power supply board is shown in Figure 17.
FIGURE 17 REAR PANEL VIEW OF AC POWER SUPPLY BOARD
26
Chapter 3
AC power supply adopts 2+1 backup mode. Each system is configured with 1~3 AC modules, the technical parameters of which are as follows: Input voltage: Single phase 220VAC10% Input electrical current: 4A Frequency: 505% Maximum power consumption: 900 W Line voltage waveform distortion rate<5%
Fan Plug-in Box

ZXR10 T160G/T64G adopts left side indraft heat dissipation mode, at the left side (front view) of the chassis, multiple fans are drafting air from the internal; the left side of the chassis lies air inlet due to of which flue is formed from right to left. The cool airflow the fan sucked in exchanges with the hot airflow of the single board and power board. Major heating chips adopts aluminium radiator. Air-filter is set at the inlet, which can be disassembled from back of the chassis, facilitating maintenance and cleaning. The front panel view of fan plug-in box is shown in Figure 18.
27
FIGURE 18 FRONT P ANEL VIEW OF FAN PLUG-IN BOX
Fan Plug-in Box of ZXR10 T160G
Fan Plug-in Box of ZXR10 T64G
There are 6 LEDs in the front panel of fan plug-in box, each indicating the fan operating status. On for normal working status while Off for faulty.
28
Chapter
Usage and Operation

In this chapter, you will learn about the configuration mode of ZXR10 T160G/T64G in common use. It covers: Configuration mode Command mode Command line application
Configuration Mode
ZXR10 T160G/T64G provides multiple configuration modes, as shown in Figure 19, the user can select appropriate configuration mode according to the connected network. Serial interface connection configuration Telnet connection configuration SSH (Secure Shell) connection configuration FTP/TFTP connection configuration SNMP connection configuration
29
FIGURE 19 ZXR10 T160G/T64G CONFIGURATION MODE
FTP/TFTP Server Telnet Host
SNMP Network Management
Serial Interface Hyperterminal ZXR10
Serial Interface Connection Configuration

Serial interface connection configuration is the principle configuration mode of ZXR10 series switch. Serial configuration line is delivered with ZXR10 T160G/T64G, one end is DB9 serial interface (Connected to computer serial interface), the other is RJ45 interface (Connected to Console interface in MP board of ZXR10 T160G/T64G) The serial connection configuration adopts VT100 terminal mode, using the HyperTerminal tool provided by Windows OS. The operation procedure is as follows: 1. Connect the computer serial port to ZXR10 T160G/T64G Console port using serial configuration line. 2. Open the HyperTerminal, as shown in Figure 20. Input the connection name, such as ZXR10, and select an icon.
30
Chapter 4
Usage and Operation
FIGURE 20 HYPERTERMINAL CONFIGURATION 1
3. Click Ok, the window as shown in Figure 21 appears. Select using COM port such as COM1 when connecting.
4. Click Ok, the COM port attribute setup window appears, as shown in Figure 22.
31
The settings of the COM port of the HyperTerminal are: 115200 for data rate, 8 for data bit, None for parity check, 1 for stop bit, and None for flow control. 5. Click Ok to complete setting, the ZXR10 T160G/T64G configuration window appears, and start command operation.
Telnet Connection Configuration

Configure ZXR10 T160G/T64G via Telnet locally or remotely. Telnet configuration is the principal mode configuring ZXR10 T160G/T64G remotely. Username and password must be set in the switch to prevent illegal users from accessing the switch via Telnet.Only the users with valid username and password could login to the switch. Use the following commands to configure username and password.
32
Chapter 4
Usage and Operation
Command format
Command mode
Command function:
username <username> password <password>
Global
Configure
username
and
password of Telnet login
Connection through Management P ort

Configure the switch through management Ethernet port (10/100Base-TX) in the MP board. 1. Configure IP address of management port via Console port. 2. Configure username and password of Telnet login via Console port. 3. Use straight-through Ethernet cable to connect host network interface and switch management Ethernet interface. 4. Set the IP address of the host, which should be in the same network segment with the switch management Ethernet port. 5. Run Telnet command in the host, input the IP address of the switch management Ethernet port, as shown in Figure 23.
FIGURE 23 RUNNING TELNET
6. Click Ok, the window as shown in Figure 24 appears.
33
FIGURE 24 TELNET LOGIN SCHEMATIC DIAGRAM
7. Input valid username and password as prompted to access the switch configuration mode.
Note: ZXR10 T160G/T64G allows up to four Telnet users logging in simultaneously. If ** appears after inputting username and password, it indicates that the number of users reach the limit, please retry later or relogin after logging out other users. When performing Telnet configuration via management port connecting to the switch, the IP address of management port cannot be modified or deleted, otherwise, Telnet will be disconnected.
Connection through VLAN Port

Two modes exist for Telnet connection through VLAN port. Connects to switch via host by Telnet i. Configure IP address of VLAN and VLAN interface via Console port.
ii. Configure username and password of Telnet login via Console port. iii. Connect the host network interface to the Ethernet port of switch. iv. Set the IP address of host, enabling the host to ping the IP address of VLAN interface in the switch successfully.
34
Chapter 4
Usage and Operation
v. Run Telnet command in the host, input the IP address of VLAN interface, login to the switch. For the detailed procedures, please refer to Connection through Management Port Connect to switch via other devices (such as switch and router) by Telnet i. Configure IP address of VLAN and VLAN interface via Console port.
ii. Configure username and password of Telnet login via Console port. iii. Take a router connected to a switch as an example, from which, the IP address of VLAN interface can be pinged successfully. iv. Run Telnet command in the router, input the IP address of VLAN interface, login to the switch. For the detailed procedures, please refer to Connection through Management Port
Note: When performing Telnet configuration via VLAN interface connecting to the switch, the IP address of VLAN and VLAN interface cannot be modified or deleted, otherwise, Telnet will be disconnected.
SSH Connection Configuration

Traditional Telnet and FTP connection are somewhat insecure, for the clear text transfer password and data used in the network is apt to be captured by attackers. There are some weaknesses with Telnet and FTP security certificate, so it is apt to be attacked by the means of Man-in-the-middle, which imitates the server to receive the data transmitted by the client terminal and then imitates the client terminal to transmit data to the real server. SSH (Secure Shell) can solve the problem. SSH establishes a secure channel for remote login and other network services in the insecure network. It encrypts and compresses the transmitted data to prevent anybody captured the data from getting useful information. Two incompatible versions of SSH protocol are available: SSH v1.x and SSH v2.x. ZXR10 T160G/T64G supports SSH v2.0, provides secure remote login function. SSH falls into two parts including server and client terminal. ZXR10 T160G/T64G serves as the server of SSH; the host logs in to the switch by running SSH client terminal.
35
Use the following commands to enable SSH server function in the ZXR10 T160G/T64G. The SSH server function is disabled by default.
Command format
Command mode
Command function:
ssh server enable
Global
Enable SSH server function
Connect the host network interface to the Ethernet port of the switch, enable the host to ping the IP address of VLAN interface in the switch by configuring. Run SSH client terminal software (Frequently used software is putty) in the host. Set the IP address and port No of SSH server, as shown in Figure 25.
FIGURE 25 SETTING THE IP ADDRESS AND PORT NO OF SSH SERVER
Set SSH version, as shown in Figure 26.
36
Chapter 4
Usage and Operation
FIGURE 26 SETTING SSH VERSION
Click Open to login to the switch, input valid username and password as prompted.
FTP/TFTP Connection Configuration

ZXR10 T160G/T64G can serve as the client terminal of FTP/TFTP. We can back up and restore the files in the ZXR10 T160G/T64G by FTP/TFTP, in addition, we can import and export configuration.
Switch Serving as FTP Client Terminal

Enable FTP server software in the background host and switch communicates as client terminal. The configuration of background FTP server is illustrated taking WFTPD as an example, shown as follows: 1. Run WFTPD software in the background host, the window as shown in Figure 27 appears.
37
FIGURE 27 WFTPD WINDOW
2. Click Security, select User/Rights, perform the following operations in the popup dialog box: Click New User to create a new user, such as target, with password enabled Select user name target in the drop-down list of User Name Input the directory saving version files or configuration files in the Home Directory box, such as D: \IMG After configuration, the dialog box is shown in Figure 28.
FIGURE 28 USER/RIGHTS SECURITY DIALOG BOX
38
Chapter 4
Usage and Operation
3. Click Done to complete setting. After enabling FTP server, execute copy command in the switch to backup/restore file and import/export configuration.
Switch Serving as TFTP Client Terminal

Enable TFTP server software in the background host and switch communicates as client terminal. The configuration of background TFTP server is illustrated taking TFTPD as an example, shown as follows: 1. Run TFTPD software in the background host, the window as shown in Figure 29 appears.
FIGURE 29 TFTPD WINDOW
2. Click TFTPD>Configure, a dialog box appears, click Browse, select the file saving version files or configuration files, such as D:\IMG. After configuration, the dialog box is shown in Figure 30.
39
FIGURE 30 CONFIGURATION DIALOG BOX
3. Click Ok to complete setting. After enabling TFTP server, execute copy command in the switch to backup/restore file and import/export configuration.
SNMP Connection Configuration

Simple Network Management Protocol (SNMP) is the most popular NM protocol, through which, one NM server can manage all devices in the network. SNMP adopts management based on server and client terminal. The background NM server serves as the SNMP server, and the foreground network equipment ZXR10 T160G/T64G serves as SNMP client terminal. The foreground and background share the same MIB management database, performing communication via SNMP protocol. The background NM server needs installing NM software supporting SNMP protocol; It performs management configuration over ZXR10 T160G/T64G via NM software. For the SNMP configuration in ZXR10 T160G/T64G, please refer to SNMP
40
Chapter 4
Usage and Operation
Command Mode
ZXR10 T160G/T64G assigns commands to different modes according to function and authority to facilitate switch configuration and management. One command can only be executed under specific mode. Input question mark (?) under any command mode to query the applicable commands under the mode. Major command modes of ZXR10 T160G/T64G are listed in Table 22.
TABLE 22 COMMAND MODE
Mode User Mode
Prompt ZXR10>
Accessing Command Access directly after login
Functions View simple
information Configuring
Privileged Mode Global configuration mode Port configuration mode VLAN database configuration mode VLAN configuration mode VLAN interface configuration mode MSTP configuration
ZXR10#
Enable (User mode)
system parameters
ZXR10(config)#
Configure (Privileged mode) interface
terminal
Configuring global service parameters
ZXR10(config-if)#
{<interface-name>|byna me <by-name>} (Global configuration mode)
Configuring port parameters
ZXR10(vlan-db)#
vlan
database
Creating batch
or
(Privileged mode)
deleting VLAN in
vlan ZXR10(config-vlan)# {<vlan-id>|<vlan-name> } (Global configuration mode) interface ZXR10(config-if)# <vlan-id>|<vlan-if>} (Global mode) ZXR10 (config-mstp)# spanning-tree configuration mst (Global configuration {vlan
Configuring VLAN parameters
Configuring interface Configuring MSTP
IP
address of VLAN
41
Mode mode Basic ACL configuration mode
Prompt
Accessing Command configuration mode) acl basic {number name (Global
Functions parameters
ZXR10 (config-basic-acl)#
<acl-number>| <acl-name>}
configuration mode) acl extend
Defining
basic
ACL regulations
Extended ACL configuration mode ZXR10(config-ext-acl)#
{number name (Global
configuration mode) acl link
Defining extended regulations ACL
Layer2 ACL configuration mode ZXR10(config-link-acl)#
{number name (Global Defining layer2 ACL regulations
configuration mode) acl hybrid
Mixed ACL configuration mode VRF configuration mode Router RIP configuration mode Router RIP address configuration mode Router OSPF configuration mode Router IS-IS configuration mode Router BGP configuration mode ZXR10(config-router)# ZXR10(config-router)# ZXR10(config-router)# ZXR10(config-router-af)# ZXR10(config-router)# ZXR10(config-vrf)# ZXR10(config-hybd-acl)#
{number name (Global Defining mixed ACL regulations
configuration mode)
ip vrf <vrf-name> (Global configuration mode)
Configuring VRF protocol parameters Configuring RIP protocol parameters Configuring RIP VRF protocol parameters Configuring OSPF protocol parameters
router
rip
(Global
configuration mode)
address-family ipv4 vrf <vrf-name>(Router configuration mode) router ospf <process-id> [vrf <vrf-name>] (Global configuration mode) router isis [vrf (Global RIP
Configuring IS-IS protocol parameters Configuring BGP protocol parameters
<vrf-name>]
configuration mode) router bgp <as-number> (Global mode) configuration
42
Chapter 4
Usage and Operation
Mode
Prompt
Accessing Command address-family vpnv4
Functions
Router BGIP address configuration mode ZXR10(config-router-af)#
(Router BGP configuration mode) address-family ipv4 vrf <vrf-name>(Router configuration mode) BGP
Configuring BGP VPN and VRF protocol parameters
Router PIM-SM configuration mode route-map Route-map configuration mode ZXR10(config-route-map) # <map-tag> ZXR10(config-router)# router pimsm (Global configuration mode)
Configuring PIM-SM protocol parameters
[permit|deny] [<sequence-number>] (Global mode) configuration
Configuring route-map matched items and operations Test the usage of CPU and Memory
Diagnosis test mode
ZXR10(diag)#
diagnose mode)
(Privileged
The ways to quit various command modes: In privileged mode, use disable command to return to user mode. In user mode and privileged mode, use exit command to quit the switch; in other mode, use exit command to return to the previous mode. In the modes other than user mode and privileged mode, use end command or press Ctrl+z to return to the privileged mode.
Command Line Application

Online Help
In any command mode, the available commands list will be displayed if inputting a question mark (?) following the system prompt. The list of command key words and parameters can also be obtained via online help. 1. Input question mark (?) in any command mode prompt, all commands and brief command descriptions of the mode will be displayed. For example:
43
ZXR10>? Exec commands: enable exit login logout ping quit show telnet trace who ZXR10> Turn on privileged commands Exit from the EXEC Login as a particular user Exit from the EXEC Send echo messages Quit from the EXEC Show running system information Open a telnet connection Trace route to destination List users who is logining on
2. Input a question mark (?) following character or character string, the list of commands or key words with the character or character string as the prefix will be displayed. Note that there is no space between character (Character string) and the question mark (?). For example:
ZXR10#co? configure copy ZXR10#co
3. Press Tab after the character, if the command or key word with the character string as the prefix is unique, make it aligned and add a space after it. Note that there is no space between character string and Tab. For example:
ZXR10#con<Tab> ZXR10#configure and cursor) (There is a space between configure
4. Input a question mark (?) after commands, key words and parameters, you can list the key words or parameters to be input next and provide brief description. Note that space should be input before the question mark (?). For example:
ZXR10#configure ? terminal Enter configuration mode
ZXR10#configure
5. If inputting incorrect command, key words or parameters, the subscriber interface will provide error isolation with ^ after carriage return. ^ will appear below the first character of the input incorrect command, key work or parameter. For example:
ZXR10#von ter
44
Chapter 4
Usage and Operation
^ % Invalid input detected at '^' marker. ZXR10#
In the instances below, make use of the online help to set system clock.
ZXR10#cl? clear clock
ZXR10#clock ? set Set the time and date
ZXR10#clock set ? hh:mm:ss Current Time
ZXR10#clock set 13:32:00 % Incomplete command. ZXR10#
At the end of the above example, it is concluded that the system prompts that command is incomplete. This command indicates inputting of other key words or parameters are required.
Note: All commands in the command line operation are case-insensitive
Command Abbreviation
ZXR10 T160G/T64G allows abbreviating commands and key word to character or character string identifying the command or key word uniquely, for example, abbreviate show command to sh or sho
Command History
The user interface provides a record of commands up to 10 you have entered. This feature is particularly useful to recall long or complex commands. Reinvoke commands from the record buffer, execute one of the following operations.
Command Press Ctrl+P or <> Press Ctrl+N or <> Function Recalls commands in the history buffer in a forward sequence Recalls commands in the history buffer in a backward
45
sequence
In the privileged mode, use show history command to list the most recent commands.
46
Chapter
System Management
This chapter introduces ZXR10 T160G/T64G system management. It illustrates file system and operation of switches, presents the procedure for updating software version. This chapter covers the following topics: File system management Data backup and restoration Importing/exporting configuration Software version upgrade Setting system parameters Viewing system information
File System Management

Introduction to File System
In ZXR10 T160G/T64G, the major storage device that we usually see is the FLASH in MP board, which is for storing ZXR10 T160G/T64G version files and configuration files. Operation over FLASH is needed when upgrading software version and saving configuration. FLASH contains three default directories including IMG, CFG and DATA. 1. IMG: The directory is for storing software version files. The software version file of ZXR10 T160G/T64G has the extension name of .zar, which is dedicated compression file. Version upgrade is to change the software version file in the directory.
47
Note: The default name of ZXR10 T160G/T64G software version file is zxr10.zar. If it uses other names, Boot Path must be modified in Boot status. Otherwise, the version cannot be loaded when starting the system. It is recommended using default file name.
2. CFG: The directory is for saving configuration files, whose name is startrun.dat. The information is saved in the Memory when using command to modify the switch configuration. To prevent the configuration information loss at the time of restarting the switch, use write command to write the information in the Memory into FLASH, and save the information in the startrun.dat file. When needing to clear the old configuration in the switch to reconfigure data, use delete command to delete startrun.dat file, then restart the switch. 3. DATA: The directory is for saving log.dat file which records alarm information.
Note: If IMG, CFG or DATA is unavailable in FLASH, create them manually using mkdir command.
File System Operation

ZXR10 T160G/T64G provides many commands for file operation, whose formats are similar to that of DOS operating system. The frequently used file operation commands are as follows: 1. Copy files between FLASH devices and FTP/TFTP servers.
Command format
Command Mode
Command function:
copy
<source-device>
<source-file>
<destination-device> <destination-file>
Privileged
Copying files.
2. View the current directory path
Command format
Command
Command function:
Mode
48
Chapter 5
System Management
pwd
Privileged
View the current directory path
3. View the file and subdirectory information in the specified devices or directories.
Command format
Command
Command function:
Mode View the file and subdirectory dir [<directory>] Privileged information in the specified devices or directories.
4. Delete the file in the specified directory of the current device

Command format
Command Mode
Command function:
delete <filename>
Privileged
Delete the file in the specified directory of the current device
5. Access the specified file device or the file directory of the current device
Command format
Command
Command function:
Mode Access the specified file device or cd <directory> Privileged the file directory of the current device
6. Back to the upper-level directory

Command format
Command
Command function:
Mode cd .. Privileged Back to the upper-level directory
7. Create new subdirectory in the current directory

Command format
Command
Command function:
Mode mkdir <directory> Privileged Create new subdirectory in the current directory
8. Delete the specified file directories
Command format
Command Mode
Command function:
49
rmdir <directory>
Privileged
Delete
the
specified
file
directories
9. Modify the name of specified file or directory

Command format
Command Mode
Command function:
rename <new-filename>
<old-filename> Privileged
Modify the name of file or directory
The application of file operation command will be illustrated by instances as follows: 1. View the current file information in FLASH
ZXR10#dir Directory of flash:/ attribute 1 2 3 drwx drwx drwx size 512 512 512 date MAY-17-2004 MAY-17-2004 MAY-17-2004 time name
14:22:10 IMG 14:38:22 CFG 14:38:22 DATA
65007616 bytes total (48863232 bytes free) ZXR10#cd img ZXR10#dir (Access version directory IMG) (Show the current directory information)
Directory of flash:/img attribute 1 2 3 ZXR10.ZAR 65007616 bytes total (48863232 bytes free) ZXR10# drwx drwx -rwx size 512 512 15922273 date MAY-17-2004 MAY-17-2004 MAY-17-2004 time name
14:22:10 . 14:22:10 .. 14:29:18
2. Create directory ABC in FLASH, then delete it.

ZXR10#mkdir ABC (Add a subdirectory ABC in the current directory) ZXR10#dir (View the current directory information,
finding that subdirectory ABC has been added successfully) Directory of flash:/ attribute 1 2 3 4 drwx drwx drwx drwx size 512 512 512 512 date MAY-17-2004 MAY-17-2004 MAY-17-2004 MAY-17-2004 time name
14:22:10 IMG 14:38:22 CFG 14:38:22 DATA 15:40:24 ABC
50
Chapter 5
System Management
65007616 bytes total (48861184 bytes free) ZXR10#rmdir ABC (Delete subdirectory ABC) ZXR10#dir (View the current directory information,
finding that subdirectory ABC has been deleted successfully) Directory of flash:/ attribute 1 2 3 drwx drwx drwx size 512 512 512 date MAY-17-2004 MAY-17-2004 MAY-17-2004 time name
14:22:10 IMG 14:38:22 CFG 14:38:22 DATA
65007616 bytes total (48863232 bytes free) ZXR10#
Data Backup and Restoration

Using FTP/TFTP, we can back up the software version files, configuration files, and log files in ZXR10 T160G/T64G to background server or restore the backup files from background server. As for the configuration of background FTP/TFTP server, please refer to section FTP/TFTP Connection Configuration The backup and restoration of files can be implemented via command copy. 1. Configuration file backup After saving the configuration information to startrun.dat using command write, back it up to the background FTP/TFTP server to prevent restoration failure owing to file corruption. Execute the following command to back up the configuration files in FLASH to background TFTP server:
ZXR10#copy flash: /cfg/startrun.dat tftp: //168.1.1.1/startrun.dat
2. Configuration files restoration Execute the following command to restore backup configuration files from background TFTP server:
ZXR10#copy tftp: //168.1.1.1/startrun.dat flash: /cfg/startrun.dat
3. Version file backup Back the running version files up to background server before upgrading software version. If failed to load new version, you can restore the old
51
version from the background server. Software version file backup is similar to configuration file backup. Execute the following command to back up the software version file in FLASH to directory IMG in root directory of background TFTP server:
ZXR10#copy flash: /img/zxr10.zar tftp: //168.1.1.1/img/zxr10.zar
4. Version Restoration The purpose of version restoration is to retransmit the backup software version file in background server via FTP/TFTP to FLASH in foreground switch. It is important to perform restoration operation when version upgrade failed. The procedures of version restoration and version upgrade are almost the same, please refer to section Software Version Upgrade.
Importing/Exporting Configuration
ZXR10 T160G/T64G supports the function of importing/exporting configuration files. Copy configuration file startrun.dat to background host via FTP/TFTP, in the background host, edit the file startrun.dat using text editing tool, and then copy the modified configuration file via FTP/TFTP to the directory CFG in FLASH device of foreground switch. The file will take effect after restart.
Note: When editing startrun.dat using text editing tool, note that the format should comply with the requirements of command.
Software Version Upgrade

Upgrade the software version only when the old version does not support some functions or the device cannot run normally owing to some specific causes. Improper operation may cause upgrade failure, which leads to boot failure. Therefore, the maintenance personnel must be familiar with the principles and operations of ZXR10 T160G/T64G and learn the upgrade procedures carefully before software version upgrade.
52
Chapter 5
System Management
Version Upgrade in the case of System Anomaly

The upgrade procedures when the ZXR10 T160G/T64G cannot be started normally are presented as follows: 1. Connect the configuration port (Console port of MP board) of ZXR10 T160G/T64G to the serial interface of background host by configuration line delivered with the product; connect administrative Ethernet interface of the switch (10/100M Ethernet interface) to network interface of background host by straight-through Ethernet line. Make sure that both are properly connected. 2. The IP address of background host for upgrade and that of the switch administrative Ethernet port should be set to the same network segment. 3. Start the background FTP server according to the methods in FTP/TFTP Connection Configuration 4. Start ZXR10 T160G/T64G, in HyperTerminal, press any key as prompted to enter Boot status The following content will appear:
ZXR10 System Boot Version: 1.0 Creation date: Dec 31 2002, 14:01:52 (Omitted) Press any key to stop for change parameters... 2 [ZXR10 Boot]:
Input c in Boot status, enter parameter modification status after carriage return. Change the boot mode to boot from background FTP; change the FTP server address to the corresponding background host address; change the client terminal address and gateway address to switch administrative Ethernet interface address, set corresponding subnet mask and FTP username and password. The [ZXR10 Boot] prompt appears after completing parameter modification.
[ZXR10 Boot]:c '.' = clear field; '-' = go to previous field; ^D = quit
Boot Location [0:Net,1:Flash] : 0
(0 means booting from
background FTP; 1 means booting from FLASH) Client IP [0:bootp]: 168.4.168.168 administrative Ethernet port address Netmask: 255.255.0.0 Corresponds to
53
Server IP [0:bootp]: 168.4.168.89 background FTP server address) Gateway IP: 168.4.168.168
(Corresponds to
(Corresponds to
administrative Ethernet port address) FTP User: target target) FTP Password: password) FTP Password Confirm: Boot Path: zxr10.zar Enable Password: Enable Password Confirm: [ZXR10 Boot]: (Use default) (Use default) (Use default) (Corresponds to target user (Corresponds to FTP username
5. Input @, the system boots the version from background FTP server automatically after carriage return.
[ZXR10 Boot]:@ Loading... get file zxr10.zar[15922273] successfully!
file size 15922273. (Omitted)
****************************************************** Welcome to ZXR10 10G Routing switch of ZTE Corporation
****************************************************** ZXR10>
6. If booted normally, use command show version to check whether the new version is running in the Memory, if it is the old version that is running, it indicates that booting from background server failed, you have to repeat the operations from step 1. 7. Delete the old version file zxr10.zar in the directory IMG in FLASH using command delete, Old version file can be renamed for backup due to of space in FLASH is sufficient. 8. Copy the new version file in background FTP server to IMG directory in FLASH. The version file name is zxr10.zar.
ZXR10#copy ftp: mng //168.4.168.89/zxr10.zar@target:target flash: /img/zxr10.zar Starting copying file .......................................................
54
Chapter 5
System Management
.......... ....................................................... .......... ...................................... file copying successful. ZXR10#
Note: If copying version files from the management Ethernet of MP board, in the command copy, ftp: must be followed with mng.
9. Check whether new version file is available in FLASH. If the new version file is unavailable, it indicates the copy failure, please execute step 8 to recopy the version. 10. Restart ZXR10 T160G/T64G, follow the methods in step 4, and make boot from FLASH enabled, at this time, Boot path will change into /flash/img/zxr10.zar automatically.
Note: The boot mode can be changed to boot from FLASH by using command nvram imgfile-location local in global configuration mode.
11. Input @ in [ZXR10 Boot]:, the system will boot new version from FLASH after carriage return. 12. After booting normally, check the running version to confirm that the upgrade is successful.
Version Upgrade when the System is Normal

There are a variety of ways to upgrade software version if the switch is running normally before upgrade, for example, take the switch as FTP or TFTP client terminal to copy versions; remote upgrade can be performed making use of FTP. The procedures of taking the switch as the FTP client terminal to upgrade locally are described below. 1. Connect the configuration port (Console port of MP board) of ZXR10 T160G/T64G to the serial interface of background host by configuration line delivered with the product; connect management Ethernet interface
55
of the switch (10/100M Ethernet interface) to network interface of background host by straight-through Ethernet line. Make sure that both are properly connected. 2. The IP address of background host for upgrade and that of the switch management Ethernet port should be set to the same network segment to ensure that the background host could ping the management Ethernet address successfully. 3. Start the background FTP server according to the methods in FTP/TFTP Connection Configuration 4. View the information of the running version. 5. Delete the old version file in the directory IMG in FLASH using command delete You can remain the old version file having it renamed, if the space in FLASH is not sufficient. 6. Copy the new version file in background FTP server to IMG directory in FLASH. The version file name is zxr10.zar. 7. Check whether new version file is available in directory IMG in FLASH. If the new version file is unavailable, it indicates the copy failure, please execute step 5 to recopy the version. 8. After booting the switch normally, check the running version to confirm that the upgrade is successful.
Setting System Parameters

The system parameters of ZXR10 T160G/T64G contains host name, password of privileged mode etc. 1. Set the name of system host The default host name of the system is ZXR10, which can be modified in global configuration mode using command hostname.
Command format
Command Mode
Command function:
hostname <network-name>
Global
Modify host name of the switch
Relogin to the switch after modifying the host name, new host name will be used in the prompt. 2. Set the greeting words for system startup
56
Chapter 5
System Management
Greeting words can be set using command banner. It starts and ends with custom-defined character, for example:
ZXR10(config)#banner incoming # Enter TEXT message. End with the character '#'.
*********************************** Welcome to ZXR10 Switch World *********************************** # ZXR10(config)#
3. Set the password of privileged mode In privileged mode, you can set operational parameters, and access configuration mode. The password of accessing privileged mode must be set to prevent unauthorized user from modifying the configuration.
Command format
Command Mode
Command function:
enable
secret
{0
<password>|5
<password>|<password>}
Global
Set the password of privileged mode
4. Set Telnet user and password

Command format
Command Mode
Command function:
username <password>
<username>
password
Global
Set Telnet user and password
5. Setting system clock

Command format
Command Mode
Command function:
clock
set
<current-time>
<month>
<day> <year>
Privileged
Setting system clock
Viewing System Information

In ZXR10 T160G/T64G, we usually use show command to view information. What described below is about viewing version information and configuration information. 1. Show version information of system software and hardware
57
Command format
Command Mode
Command function:
show version
User/ Privileged
View version information of system software and hardware
Execute command show version to display the information similar to the follows.
ZXR10#show version ZXR10 Router Operating System Software, ZTE Corporation ZXR10 ROS Version V4.6 ZXR10 T160G Software, Version V2.6.01, RELEASE SOFTWARE Copyright (c) 2000-2003 by ZTE Corporation Compiled Dec 2 2004, 14:52:13
System image files from net <ftp://168.1.70.155/zxr10.zar> System uptime is 0 days, 0 hours, 19 minutes ZXR10#
2. Show the running configuration information

Command format
Command Mode
Command function:
show running-config
Privileged
View the running configuration information
58
Chapter
Port Configuration
This chapter introduces the configuration of ZXR10 T160G/T64G port parameters and port mirroring function. It covers: Basic port configuration Introduces basic port parameter configuration, port traffic statistics, and port line diagnosis analysis test Port mirroring Introduces the concept, basic configuration and configuration instances of port mirroring
Basic Port Configuration

ZXR10 T160G/T64G provides fast Ethernet port, gigabit Ethernet port and 10-giagabit Ethernet port. Fast Ethernet electrical interface supports full-duplex/half-duplex, 10/100M and MDI/MDIX self-adaptive function. The default working mode is auto-negotiation. It negotiates working mode and rate with the opposite end devices. Gigabit Ethernet electrical interface supports full-duplex/half-duplex, 10/100/1000M and MDI/MDIX self-adaptive function. The default working mode is auto-negotiation. It negotiates working mode and rate with the opposite end devices. Gigabit Ethernet electrical interface works in gigabit full-duplex mode. The duplex mode and rate of the port cannot be configured, instead, auto-negotiation can. 10-Gigabit Ethernet optical interface works in 10-gigabit full-duplex mode. The auto-negotiation, duplex mode and rate of the port cannot be configured. The system adopts the mode of adding ports automatically: the user plug in interface board to the corresponding slot, when the interface board starts
59
normally, we can see that the port of the interface board has been added to the system port list automatically.
Principle of Port Naming

ZXR10 T160G/T64G names the ports as follows: Port type_Slot No/Port No Port type covers: FEI GEI XGEI Slot No. ZXR10 T160G provides 10 plug-in slots, numbering from top to down, where No 5 and No 6 are MP plug-in slots, the rest are interface board module plug-in slots. ZXR10 T64G provides 6 plug-in slots, numbering from top to down, where No 3 slot is MP board plug-in slot, No 1, 2 ,5, and 6 are interface board module plug-in slots; No 4 slot can serve as MP board plug-in slot or interface board module plug-in slot. Port No. The interface board ports are numbered from 1. For example: fei_2/8 Means the 8th port in the No 2 slot fast Ethernet interface board. gei_6/1 Means the first port in the No 6 slot gigabit Ethernet interface board. xgei_7/2 Means the second port in the No 7 slot 10-gigabit Ethernet interface board. Fast Ethernet Interface Gigabit Ethernet Interface 10-Gigabit Ethernet Interface
Configuring Basic Port Parameters

The configuration of port parameters is performed in port configuration mode, which covers: 1. Accessing port configuration mode
Command format interface <by-name>} {<port-name>|byname
Command Mode
Command function: Accessing mode port configuration
Global
2. Close/open Ethernet port

Command format shutdown no shutdown
Command Mode
Command function: Close Ethernet port Open Ethernet port
Port Port
60
Chapter 6
Port Configuration
Note: Command shutdown makes the physical link status of the port change into down and the link LED of the port go dark. All ports are open by default.
3. Enable/close Ethernet port auto-negotiation

Command format negotiation auto no negotiation auto
Command Mode
Command function: Enable port auto-negotiation Close port auto-negotiation
Port Port
Note: 10-gigabit Ethernet optical interface does not support auto-negotiation. It is fixed to work in 10-gigabit full-duplex mode.
4. Set Ethernet port duplex mode

Command format duplex {half|full}
Command Mode
Command function: Set port duplex mode
Port
5. Set Ethernet port rate

Command format speed {10|100|1000}
Command Mode
Command function: Set port rate
Port
Note: Only the Ethernet electrical interface can be configured with duplex mode and rate, remember to disable port self-negotiation function.
6. Set Ethernet port flow control The Ethernet port uses flow control to restrain the packets sent to the port in a period of time. When the receiving buffer is full, the port sends a pause packet notifying the remote port to suspend packet transmission for a period of time. The Ethernet port can also receive pause packet from other devices, and execute operations according to the regulation of the packet.
Command format flowcontrol {enable|disable}
Command Mode
Command function: Enable/disable port flow control
Port
7. Allow jumbo-frame to pass the Ethernet port or prohibit it

Command Mode
Command format
Command function:
61
jumbo-frame {enable|disable}
Port
Allow jumbo-frame to pass the Ethernet port or prohibit it
Note: By default, the maximum allowed length of the frame passing Ethernet port is 1560 bytes, and jumbo frame is prohibited from passing. When jumbo frame is allowed, the maximum allowed length is 9216 bytes.
8. Port byname The purpose of setting port byname is to distinguish the ports for easier memorization. You can replace the port name with byname when performing operation over the port.
Command format Command Mode Command function:
byname <by-name>
Port
Set Ethernet port byname
9. Set Ethernet port broadcast storm suppression You can limit the volume of broadcast flow that is allowed to pass through the Ethernet port. The system will discard the broadcast flow exceeding the set value to lower the rate of broadcast flow to a reasonable range, so as to suppress broadcast storm and avoid network congestion, ensuring normal operation of network service. Broadcast storm suppression ratio takes the line speed percentage of maximum flow as the parameter; the lower the percentage is, the smaller the allowed broadcast flow is. 100% means that the broadcast storm passing through the port will not be suppressed
Command Mode
Command format
Command function:
broadcast-limit <percent-value>
Port
Set port broadcast suppression ratio
storm
Show Port Information

ZXR10 T160G/T64G provides the following commands to view port information. 1. View status information of Ethernet port
show interface [<port-name>]
All modes except user mode
show status Ethernet port
information
of
Example: View status and statistic information of port gei_2/1.

ZXR10#show interface gei_2/1 gei_4/1 is down, line protocol is down
Description is none
62
Chapter 6
Port Configuration
Keepalive set:10 sec The port is electric Duplex half
vlan mode is access, pvid 2
BW 1000000 Kbits
Last clearing of "show interface" counters never 120 seconds input rate 0 Bps, 0 Bps, 0 Bps, output 0%, output 0 pps 0 pps 0 Bps 0%
120 seconds output rate Interface peak rate : input
Interface utilization: input
/* Statistic of input/output transmit message, including statistic of error message */ Input: Packets 41572 Unicasts : 0 Broadcasts: 10 Undersize: 0 CRC-ERROR : 0 Dropped Jabber : 0 : 0 Fragments : 0 Oversize : 0 Multicasts: 328 : 338 Bytes:
MacRxErr : 0 Output: Packets 125470 Unicasts : 0 Broadcasts: 0 Collision: 0 LateCollision: 0 Multicasts: 1017 : 1017 Bytes:
Total: 64B 128-255B : 20 : 360 512-1023B : 0 65-127B : 975
256-511B : 0 1024-1518B: 0 ZXR10#
Use the following commands to clear port statistical information

clear counter [<port-name>]
Privileged
Clear statistical information of specified ports
2. Show configuration information of Ethernet port
63
Command format
Command Mode
Command function:
show running-config interface <port-name>
Show configuration information of Ethernet port
Example: Show configuration information of port fei_2/4.

ZXR10(config)#show running-config interface fei_2/4 Building configuration... interface fei_2/4 negotiation auto broadcast-limit 10 switchport access vlan 1 switchport qinq normal ZXR10(config)#
Line Diagnosis Analysis Test

ZXR10 T160G/T64G supports cable line diagnosis analysis test function, which could detect the anomaly of line or line connection and locate the exact position of cable fault, facilitating network management and locating fault. Both fast Ethernet electrical interface and gigabit Ethernet electrical interface are connected to other devices by network wire. There are four pairs of twisted pair cables in the network wire, in which, fast Ethernet electrical interface uses 1-2 and 3-6 twisted pair cables, gigabit Ethernet electrical interface uses all the four pairs of twisted pair cables including 1-2, 3-6, 4-5 and 7-8. Line detection can detect the status of every twisted pair cable, which are listed below: 1. Open: Open circuit 2. Short: Short circuit 3. Mismatch: Circuit impedance mismatched 4. Good: The circuit is in good condition 5. Broken: the circuit is open or short 6. Unknown: The result is unknown or undetected 7. Fail: Detection failed If the circuit is faulty, the test result will output the location of circuit fault; if the circuit is in good condition, the approximate length of the normal circuit will be presented. Configuring line diagnosis analysis test is not required; run command show in privileged or global mode directly.
show vct interface <port-name>
All
modes
Run
specified
line
diagnosis
64
Chapter 6
Port Configuration
except user mode
analysis test
Example: Detect line of port gei_3/1

ZXR10(config)#show vct interface gei_3/1 CableStatus Pair Status Length Fault 1-2 Open 4m 3-6 Open 4m 4-5 Good <50m 7-8 Good <50m
ZXR10(config)#
Note:The related ports will be restarted when using line diagnosis analysis test, the link will disconnect and then become normal. It is usually for testing faulty ports, please be cautious if the port is connected with users.
Port Mirroring Configuration

Port Mirroring Overview
The port mirroring function copies the data of one or more ports (mirrored ports) in the switch to a designated port (monitoring port). It can retrieve the data of mirrored port in the monitoring port via mirroring. Through which it can perform network flow analysis, and error diagnosis. Using port mirroring function in the ZXR10 T160G/T64G should comply with the following rules: Supports up to 8 groups of port mirroring, each can support up to 8 mirrored ports. In one interface board, maximally one group of port mirroring can be configured. Supports cross-interface-board port mirroring, i.e. the mirrored port and the monitoring port can be in different interface boards, here, the switch can be configured with one port mirroring at most. Monitor the data transmitted or received by the mirrored port only.
Port Mirroring Configuration

Port mirroring configuration covers: Create a session
Command format
Command
Command function:
65
Mode
monitor session <session-number>
Global
Create a session
Set mirrored port

monitor session <session-number> source [direction {both|tx|rx}]
Port
Set mirrored port and data flow direction
Set monitoring port

monitor session <session-number> destination
Port
Set monitoring port
Show configuration and status of port mirroring

show monitor session {all|<session-number>}
Show port mirroring configuration of all groups or specified group
Example of Configuring Port

As shown in Figure 31, port gei_3/3 is connected with a computer, monitoring the data received by gei_1/1 and the data received and transmitted by gei_1/2.
FIGURE 31
EXAMPLE OF PORT MIRRORING

gei_3/3 gei_1/2
Switch gei_1/1
Switch configuration:
ZXR10(config)#interface gei_1/1 ZXR10(config-if)#monitor session 1 source direction rx ZXR10(config)#interface gei_1/2 ZXR10(config-if)#monitor session 1 source ZXR10(config)#interface gei_3/3 ZXR10(config-if)#monitor session 1 destination
66
Chapter 6
Port Configuration
Show configuration of port mirroring

ZXR10(config)#show monitor session 1 Session 1 ----------------------------------------------Source Ports: Port: gei_1/1 Port: gei_1/2 Destination Port: Port: gei_3/3 ----------------------------------------------ZXR10(config)# Monitor Direction: rx Monitor Direction: both
67
68
Chapter
VLAN Configuration
This chapter introduces basic operation of VLAN configuration in ZXR10 T160G/T64G, and VLAN extended configuration including PVLAN, QinQ and SuperVLAN. It covers: VLAN overview VLAN Configuration Example of VLAN configuration PVLAN Configuration QinQ configuration SuperVLAN configuration VLAN maintenance and diagnosis
VLAN Overview
Virtual Local Area Network (VLAN) is a technology dividing physical network into multiple logical (virtual) LAN. Every VLAN has a VLAN identifier (VID). Taking advantage of VLAN technology, network administrators can divide the users in the same physical LAN into different broadcast domain (one broadcast domain is one VLAN), ensuring that the users with the same demands belong to same broad domain and users with different demands belong to different broadcast domain. Every VLAN is like an independent LAN logically, having the same attribute with physical LAN. All broadcast and unicast traffic in the same VLAN are restricted to the VLAN instead of being forwarded to other VLAN. The communication between devices belonging to different VLAN must be forwarded by the layer3 routers The features of VLAN are as follows: Reduce broadcast traffic in the network Enhance network security Simplify network management and control
69
VLAN Types
The type of VLAN is determined by the method dividing a received frame to a specific VLAN. ZXR10 T160G/T64G presently supports port-based VLAN, which is the most simple and effective method. It assigns ports of switching equipment to different VLAN; consequently, the traffic received from the port belongs to the VLAN connected to the port. For example, if port 1, port 2 and port 3 belong to the same VLAN, and other ports belong to other VLANs, the frame received by port 1 can be transmitted over port 2 and port 3 exclusively. If a user in VLAN move to a new place, it does not belong to the old VLAN unless VLAN is reconfigured.
VLAN Tab
Multiple VLAN services can be transmitted in one link if the VLAN that the frame resides in can be presented in a certain method when frame is transmitting in the network. IEEE 802.1Q implements the function by inserting a VLAN tag into Ethernet frame structure. The VLAN tag is 4-byte long, in Ethernet frame, its location is behind source MAC address, and before length/type segment. The format of VLAN tag is shown in Figure 32.
FIGURE 32 THE FORMAT OF VL AN TAG
TPID (2 Bytes)
TCI (2 Bytes)
Priority 7
CFI
VID 0 7 0
5 4
VLAN tag is most frequently applied in the case of cross-switch creating VLAN, here the connection between switches is called Trunk. Cross-multiple-switch VLAN can be created via one or more trunks after applying tag. When the port connected to the switch receives a tagged frame, it can judge which VLAN the frame belongs to according to VLAN tag. Every 802.1Q port is allocated with a default VLAN ID, which is called PVID. When the port receives untagged frame, the frame is considered to belong to port default VLAN, and forwarded in the VLAN. ZXR10 T160G/T64G supports IEEE 802.1Q standard tag.
VLAN Link Type

ZXR10 T160G/T64G port supports the following three kinds of connection modes Access link
70
Chapter 7
VLAN Configuration
Access link is used to connect the devices (e.g. workstation) that cannot identify VLAN tag to VLAN switch port. It only transmits untagged VLAN frame and is associated with only one VLAN. Trunk Link Trunk link is for connecting two devices that can identify VLAN tag and transmits multiple VLAN services. It only transmits tagged VLAN frame and can bear multiple VLANs. The most popular trunk link is one connecting two VLAN switches. Hybrid Link Hybrid link can transmit tagged and untagged frames. However, for a specific VLAN, all frames transmitted by the hybrid link must be the same type.
Default VLAN
ZXR10 T160G/T64G initially has a default VLAN with the following features: The VLAN ID of default VLAN is 1. The name of default VLAN is VLAN0001. The default VLAN contains all ports. All ports of default VLAN is untagged by default.
VLAN Configuration
The basic configuration of VLAN covers: Create Single VLAN
vlan {<vlan-id>|<vlan-name>}
Global
Create VLAN and access VLAN configuration mode
Create VLAN in batch

vlan <vlan-list> [name <vlan-name>]
VLAN database
Create VLAN in batch
Set VLAN byname VLAN byname is for distinguishing VLANs, which could be group name, department or region. By default, VLAN byname is VLAN + VLAN ID, in which VLAN ID is 4 digits, if it is less than 4 digits, zeros will be added to make it a digit length of 4, for example, the VLAN byname is VLAN0004 by default if the ID is 4.
71
name <vlan-name>
VLAN
Specify VLAN byname
Set VLAN link types of Ethernet port VLAN link types of ZXR10 T160G/T64G Ethernet port include: Access mode, Trunk mode and Hybrid mode, the default is Access mode. The port of access mode, which is untagged, can only belong to one VLAN, it usually serves as the port connecting computer. Trunk mode port, which must be tagged, can belong to multiple VLANs; it can receive and transmit message of multiple VLANs; usually it serves as trunk port of connection between switches. Hybrid mode port can belong to multiple VLANs, whether it should be tagged is determined by the user; it can receive and transmit message of multiple VLANs; it can be applied in connection between switches and can also be applied in connecting user computer. The difference between hybrid port and trunk port lies in: Hybrid port can transmit tagged or untagged frame, while trunk port untagged when transmitting default VLAN message.
switchport mode {access|trunk|hybrid}
Port
Set VLAN link types of the port
Add Ethernet port to specified VLAN Access port can only be added to one VLAN, while trunk port and hybrid port can be added to multiple VLANs.
switchport access vlan {<vlan-id>|<vlan-name>} switchport trunk vlan <vlan-list> switchport hybrid vlan <vlan-list> [tag|untag]
Port Port Port
Add Access port to specified VLAN Add Trunk port to specified VLAN Add hybrid port to specified VLAN
Set native VLAN(PVID) of Ethernet port Access port belongs to only one VLAN, so its native VLAN is the VLAN it resides in, it is not necessary to set. Trunk port and hybrid port belong to multiple VLANs, so it is necessary to set native VLAN. If the port native VLAN is set, when the port cannot receive frame without VLAN tag, forward the frame to the port belonging to the native VLAN. By default, the native VLAN of trunk port and hybrid port is VLAN 1.
switchport trunk native vlan {<vlan-id>|<vlan-name>} switchport hybrid native vlan {<vlan-id>|<vlan-name>}
Port Port
Set native VLAN of trunk port Set native VLAN of hybrid port
72
Chapter 7
VLAN Configuration
Add VLAN member ports in batch

Command format Command Mode Command function
switchport {pvid|tag|untag} <port-list>
VLAN
Add VLAN member ports in batch
Switchport PVID is valid for all types of ports including Access, Trunk and Hybrid. All the PVIDs of selected ports become VLAN ID of specified VLAN after running the configuration. Switchport tag is valid for Trunk and Hybrid ports. Switchport untag is valid for Hybrid port. Set port VLAN filtration After enabling entrance filtration, if the entrance port is not included in the VLAN member set that the port-received frame belongs to, the frame will be discarded. By default, VLAN entrance filtration is enabled.
ingress filtering {enable|disable}
Port
Set port VLAN filtration mode
Port frame type filtration Configuration port can accept all frames (including untagged and tagged frames) or only accept tagged frame. By default, it receives all frames.
acceptable frame types {all|tag}
Port
Set port-acceptable frame types
Create VLAN Layer3 interface This VLAN must be created before creating VLAN layer3 interface.
interface {vlan <vlan-id>|<vlan-if>}
Global
Create VLAN layer3 interface
Open/Close VLAN Layer3 Interface Open/Close VLAN Layer3 interface is to open/close VLAN Layer3 forwarding function, imposing no impact on the member ports of this VLAN. By default, when all Ethernet ports are in down status, the VLAN interface status is down; when one or more Ethernet ports are in up status, the VLAN interface status is up. The VLAN interface in up status can be shut forcibly.
shutdown no shutdown
VLAN interface VLAN interface
Shut VLAN layer3 interface Open VLAN layer3 interface
73
Example of VLAN Configuration

As shown in Figure 33, ports gei_3/1 and gei_3/2 of switch A and ports gei_7/1 and gei_7/2 of switch B belong to VLAN 10; ports gei_3/4 and gei_3/5 of switch A and gei_7/4 and gei_7/5 of switch B belong to VLAN 20, all are Access ports. The two switches are connected via ports gei_3/24 and gei_7/24 by trunk mode; the two ports are trunk ports.
FIGURE 33 TYPICAL NETWORKING OF VLAN
Switch A gei_3/1 gei_3/2 Vlan 10
gei_3/24 Trunk vlan 10,20
gei_7/24 gei_7/1 gei_7/2 Vlan 10
Switch B gei_7/4 gei_7/5 Vlan 20
gei_3/4 gei_3/5 Vlan 20
Switch A configuration:
ZXR10_A(config)#vlan 10 ZXR10_A(config-vlan)#switchport pvid gei_3/1-2 ZXR10_A(config)#vlan 20 ZXR10_A(config-vlan)#switchport pvid gei_3/4-5 ZXR10_A(config)#interface gei_3/24 ZXR10_A(config-if)#switchport mode trunk ZXR10_A(config-if)#switchport trunk vlan 10 ZXR10_A(config-if)#switchport trunk vlan 20
Switch B configuration:
ZXR10_B(config)#vlan 10 ZXR10_B(config-vlan)#switchport pvid gei_7/1-2 ZXR10_B(config)#vlan 20 ZXR10_B(config-vlan)#switchport pvid gei_7/4-5 ZXR10_B(config)#interface gei_7/24 ZXR10_B(config-if)#switchport mode trunk ZXR10_B(config-if)#switchport trunk vlan 10 ZXR10_B(config-if)#switchport trunk vlan 20
74
Chapter 7
VLAN Configuration
PVLAN Configuration
To isolate messages of users for better network security, the traditional solution is to assign a VLAN to each user. The limitations of this method are as follows: Presently, the maximum number of VLAN supported by IEEE 802.1Q standard is 4094, so the number of users is limited; consequently, it goes against network expansion. Each VLAN is corresponding to one IP subnet, so a large quantity of subnets divided is a waste of IP addresses. Planning and management of a large quantity of VLAN and IP subnets complicates network management. The new technology PVLAN (Private VLAN) solves all the problems. PVLAN classifies ports in VLAN into two categories: Isolate port connecting with users, and Promiscuous port uplinking router. Isolate port can communicate with promiscuous port only, the communication between them are disabled. So, ports in the same VLAN are isolated, users can only communicate with default gateway, as a result, the network security is ensured. ZXR10 T160G/T64G supports 20 PVLAN groups, each group can select any port to isolate from each other. At most 8 ports can be selected to be uplink port. Use the following commands to configure PVLAN:
vlan private-map session-id <id> [isolate <port-list>] [promis <port-list>]
Global
Configure Isolate Promiscuous port
port
and
Use the following command to show PVLAN configuration:

show vlan private-map
Show PVLAN configuration
Two Isolate groups are configured in the following configuration example: Isolate group 1: gei_3/1, gei_3/2, fei_7/4 and fei_7/5 are isolate ports; gei_5/10 is promiscuous port. Isolate group 2: gei_3/7, gei_3/8, fei_7/10 and fei_7/11 are isolate ports; gei_5/12 is promiscuous port. The detailed configuration is as follows:
ZXR10(config)#vlan private-map session-id 1 isolate gei_3/1-2,fei_7/4-5 promis gei_5/10
75
ZXR10(config)#vlan private-map session-id 2 isolate gei_3/7-8,fei_7/10-11 promis gei_5/12 ZXR10(config)#show vlan private-map Session_id ---------1 2 ZXR10# Isolate_Ports -----------------------gei_3/7-8, -----------------------gei_5/10 gei_5/12 gei_3/1-2,fei_7/4-5, Promis_Ports
QinQ Configuration
QinQ is a vivid name for the tunnel protocol based on IEEE 802.1Q encapsulation, which is also called VLAN stack. QinQ technology is to add a VLAN tag (outer tag) other than old VLAN tag (inner tag), the outer tag can shield the inner tag. QinQ requires no support from protocol, by which L2VPN can be realized; it is particularly suitable for the small LAN with layer3 switch as the backbone. The typical networking or QinQ technology is shown in Figure 34. The port connecting user network is called customer port; the port connecting SP network is called uplink port; the edge access device of SP network is called Provider Edge (PE).
FIGURE 34 TYPICAL QINQ NETWORKING
SPVLAN 10 customer port

User Network 1 CVLAN 1~100
SPVLAN 10 uplink port Switch A PE SP Network SPVLAN 10 uplink port SPVLAN 10 customer port PE Switch B
User Network 2 CVLAN 1~100
SPVLAN: Service Provider VLAN: CVLAN: Customer VLAN
The user network is usually accessed to PE via Trunk VLAN mode; Uplink ports in Service Provider (SP) network are symmetrically connected via Trunk VLAN mode. When message reaches customer port of switch A from user network 1, no matter the message is tagged or untagged, switch A inserts outer tag (VLAN ID is 10) forcibly. In the SP network, the message transmits along VLAN 10 ports until it reaches switch B. Switch B finds that the port connecting user network 2 is customer port, so it peels off the outer tag according to
76
Chapter 7
VLAN Configuration
traditional 802.1Q, resumes the original message and transmits it to user network 2. As a result, user network 1 and 2 can perform transparent transmission via SP network; user network can define its own private network VLAN ID, which will not cause conflict with SP network VLAN ID. Use the following command to configure QinQ:
switchport <port-list> qinq {normal|uplink|customer|tpid <tpid>} switchport qinq {normal|uplink|customer|tpid <tpid>}
Global
configure QinQ specified port
function
of
Port
Configure port QinQ function
Note: When configuring QinQ, customer port of SPVLAN should be set to be untagged and uplink port should be set to be tagged.
Use the following command to view QinQ configuration information:

show qinq
Show QinQ information
configuration
As shown in Figure 34, assuming customer port of switch A is gei_3/1, uplink port is gei_3/24; if customer port of switch B is gei_7/1, uplink port is gei_7/24. Switch A configuration:
ZXR10_A(config)#vlan 10 ZXR10_A(config)#interface gei_3/1 ZXR10_A(config-if)#switchport qinq customer ZXR10_A(config-if)#switchport access vlan 10 ZXR10_A(config)#interface gei_3/24 ZXR10_A(config-if)#switchport qinq uplink ZXR10_A(config-if)#switchport mode trunk ZXR10_A(config-if)#switchport trunk vlan 10
ZXR10_B(config)#vlan 10 ZXR10_B(config)#interface gei_7/1 ZXR10_B(config-if)#switchport qinq customer
77
ZXR10_B(config-if)#switchport access vlan 10 ZXR10_B(config)#interface gei_7/24 ZXR10_B(config-if)#switchport qinq uplink ZXR10_B(config-if)#switchport mode trunk ZXR10_B(config-if)#switchport trunk vlan 10
SuperVLAN Configuration
Traditional ISP network assigns one IP subnet to each user. Three IP addresses are occupied when one subnet is assigned, which respectively serve as subnet number, broadcast address and default gateway. A large quantity of unassigned IP addresses in the user subnets cannot be assigned to other users. Obviously this method is a waste of IP address. SuperVLAN solves the problem effectively. It converges multiple VLANs (called subvlan) into a SuperVLAN; all the subvlans use the same IP subnet and default gateway. Taking advantage of SuperVLAN technology, what is needed for ISP is to assign one IP subnet for SuperVLAN and create one subvlan for each user; all subvlans can assign IP addresses in SuperVLAN subnet flexibly and use SuperVLAN default gateway. Every subvlan is an independent broadcast domain, ensuring isolation between different users; communication between subvlans is routed via SuperVLAN. SuperVLAN configuration of ZXR10 T160G/T64G covers: Create SuperVLAN
interface supervlan <supervlan-id>
Global
Create SuperVLAN and access SuperVLAN configuration mode
Add sub-VLAN One SuperVLAN can be bound with up to 8 VLANs. The sub-VLAN cannot be bound if it is configured to be Layer 3 interface.
supervlan <supervlan-id>
VLAN
Bind VLAN SuperVLAN
with
specified
Open/close inter-subvlan routing function Inter-sub-VLANs routing function is enabled by default. After using the command, the inter-subVLANs communication is disabled, but sub-VLAN remains communication with outside of SuperVLAN.
inter-subvlan-routing
SuperVLAN
Open/close
inter-sub-VLANs
78
Chapter 7
VLAN Configuration
{enable|disable}
routing function
View SuperVLAN configuration information

show supervlan [<supervlan-id>]
Show SuperVLAN configuration information
As shown in Figure 35, configure SuperVLAN in switch A, assigning subnet 10.1.1.0/24, gateway is 10.1.1.1. Configure two sub-VLANs in switch B, including VLAN 2 and VLAN 3, belonging to SuperVLAN. Switch A is connected to switch B via Trunk port.
FIGURE 35
EXAMPLE OF SUPERVLAN CONFIGURATION
Switch A
SuperVLAN 10.1.1.0/24 gei_7/10 gei_8/10 gei_5/10
Switch B gei_3/1
gei_3/10 gei_5/1 VLAN 2 SubVLAN VLAN 3
*Create superVLAN , assign subnet and specify gateway */ ZXR10_A(config)#interface supervlan 10 ZXR10_A(config-int)#ip address 10.1.1.1 255.255.255.0 /*Add SubVLAN to SuperVLAN*/ ZXR10_A(config)#vlan 2 ZXR10_A(config-vlan)#supervlan 10 ZXR10_A(config)#vlan 3 ZXR10_A(config-vlan)#supervlan 10 /*Set vlan trunk port*/ ZXR10_A(config)#interface gei_7/10 ZXR10_A(config-int)#switch mode trunk ZXR10_A(config-int)#switch trunk vlan 2-3
ZXR10_B(config)#interface gei_3/1
79
ZXR10_B(config-int)#switch access vlan 2 ZXR10_B(config)#interface gei_3/10 ZXR10_B(config-int)#switch access vlan 2 ZXR10_B(config)#interface gei_5/1 ZXR10_B(config-int)#switch access vlan 3 ZXR10_B(config)#interface gei_5/10 ZXR10_B(config-int)#switch access vlan 3 ZXR10_B(config)#interface gei_8/10 ZXR10_B(config-int)#switch mode trunk ZXR10_B(config-int)#switch trunk vlan 2-3
VLAN Maintenance and Diagnosis

ZXR10 T160G/T64G provides related show commands for easier VLAN maintenance and diagnosis.
show vlan [brief|access|trunk|hybrid|id <vlan-id> [ifindex]|name <vlan-name> [ifindex]]
View VLAN configuration
Taking advantage of the command, you can view the information of all VLANs, VLAN with specified ID, and VLAN with specified name; you can also view the information of the VLAN with port mode of Access, Trunk and Hybrid. Two examples are presented: View configuration information of all VLANs
ZXR10(config)#show vlan VLAN Name Status Said MTU IfIndex 0 0 0 0 0 0 gei_7/4 gei_7/4 gei_7/4 gei_7/3 PvidPorts gei_7/5-12 gei_7/1-3 gei_7/3-4 UntagPorts TagPorts -----------------------------------------------------------------1 VLAN0001 active 100001 1500 10 VLAN0010 active 100010 1500 100 VLAN0100 active 100100 1500 130 VLAN0130 active 100130 1500 136 VLAN0136 active 100136 1500 200 VLAN0200 active 100200 1500 ZXR10(config)#
View information of all VLANs whose port mode is Trunk

ZXR10(config)#show vlan trunk VLAN Name Status Said MTU IfIndex PvidPorts UntagPorts TagPorts ------------------------------------------------------------------
80
Chapter 7
VLAN Configuration
1 VLAN0001 active 100001 1500 10 VLAN0010 active 100010 1500 100 VLAN0100 active 100100 1500 130 VLAN0130 active 100130 1500 136 VLAN0136 active 100136 1500 200 VLAN0200 active 100200 1500 ZXR10(config)#
0 0 0 0 0 0 gei_7/3 gei_7/3 gei_7/3
81
82
Chapter
MAC Table Operation

This chapter describes the content and related knowledge of MAC address table and related configuration of MAC address table in ZXR10 T160G/T64G. It covers: MAC address table overview MAC Address table Configuration Examples of MAC address table configuration
MAC Address Table Overview

Media Access Control (MAC) address is the hardware identifier of network device, based on which, the switch forwards message. MAC address is unique, ensuring proper forwarding of message. Every switch maintains one MAC address table. In this table, MAC address and switch port have one-to-one correspondence. When the switch receives data frame, it determines filtering or forwarding it to correspondent switch port. MAC address table is the basis and prerequisite of fast forwarding for the switch.
The Composition and Meaning of MAC Address Table

The entry of MAC address table is uniquely identified by MAC address and VLAN ID; the entries with identical MAC address and VLAN ID are considered to be the same entry. Entries of MAC address table in ZXR10 T160G/T64G cover: MAC address: e.g. 00D0.8756.95CA. VLAN ID: If a port is set to belong to multiple VLANs, the same MAC address will correspond to multiple VLAN ID. Port Number: Such as gei_2/3, smartgroup1. Other related flags: indicating status and operation of MAC address
83
Related flags of MAC address entries in ZXR10 T160G/T64G include the following five categories: Static: indicating whether MAC address is static Permanent: Indicating permanent MAC address to-static: Indicating whether MAC address is burnt in src_filter: Indicating whether filtering the frame of source MAC address dst_filter: Indicating whether filtering the frame of target MAC address When the switch is performing layer2 forwarding, it searches MAC address table and VLAN table according to target MAC address of data frame with the purpose of knowing the destination port of the data frame forwarding. When the switch is performing Layer 3 fast forwarding, after it gets MAC address corresponding to next-hop IP address, it also needs to know the destination port of the packet forwarding by searching MAC address table.
MAC Address Categories

MAC address in MAC address table in ZXR10 T160G/T64G can be classified into the following three categories: Dynamic MAC address The switch learns the dynamic MAC address via data frame in the network, and the dynamic address will be deleted when aging time is approaching. When the switch port connected with the device changes, the correspondence between MAC address in the MAC address table and port will also change correspondingly. Dynamic MAC address will disappear when the switch is powered off and restarted; it has to be re-learnt. Static MAC address Static MAC address is generated via configuration, so it will not be aged. No matter how the switch port connected with the device changes, the correspondence between MAC address in the MAC address table and port will never change. Static MAC address will also disappear when the switch is powered off and restarted; it has to be reconfigured. Permanent MAC address Permanent MAC address is also generated via configuration, so it will not be aged. No matter how the switch port connected with the device changes, the correspondence between MAC address in the MAC address table and port will never change. Saved permanent MAC address will not disappear after the switch is powered off and restarted.
MAC Address Table Creation and Deletion

Initially, the MAC address table of the switch is blank. MAC address table must be created for fast forwarding. Meanwhile, the switch has to delete old
84
Chapter 8
MAC Table Operation
MAC address table entries and upgrade changed entries owing to limited MAC address table capacity and frequent replacement of network devices.
Dynamic Learning
The switch learns dynamic MAC address in MAC address table. The process that the switch learns MAC address is as follows: The switch will analyze the source MAC address and VLAN ID (Assuming MAC1+VID1) when a port receives a data frame. If the MAC address is legal and can be learnt, search MAC address table with MAC1+VID1 as key value. If the address is unavailable in the MAC address table, add it to the table; if the address is available in the MAC address, update the entries.
Note: MAC address learning is to learn source MAC address of data frame rather than destination MAC address. MAC address learning learns unicast address only, for broadcast and multicast addresses, it doesnt learn.
MAC Address Aging

The capacity of MAC address table is limited. In order to utilize MAC address table resources effectively, the switch provides MAC address aging function. If the switch doesnt receive data frame transmitted by a certain device in a period of time (the set aging time), namely, it doesnt receive the data frame whose source MAC address is this devices MAC address, the switch will think that the device has left the network or no network communication is being performed. Here, the switch will delete MAC address of the device from the MAC address table, by which, the switch MAC address table can be updated in time. MAC address aging can be applicable to dynamic MAC address only.
Adding and Deleting Manually

If the network is relatively stable, and the switch port connected with a device is always fixed, directly add MAC address entries to switch MAC address table via configuration command MAC address can be configured to be one of the three categories: dynamic, static, and permanent. Adding static or permanent MAC address can prevent MAC-cheat network attack.. The added MAC addresses can be deleted via MAC address deletion command. Use deletion command in ZXR10 T160G/T64G to forcibly delete MAC address learnt dynamically, to let it relearn.
MAC Address Table Configuration

The switch MAC address table can run normally using default setup. Appropriate configuration to MAC address table can enhance network stability.
85
The configuration of MAC address table covers:
Setting MAC Address Aging Time

The setup of MAC address aging time will affect the switch performance. If the set MAC address aging time is too short, the switch may delete many valid MAC address table entries, causing that the switch broadcast cannot find the destination MAC address message, occupying the bandwidth of the switch. If the set MAC address aging time is too long, the switch may save a lot of outdated MAC address table entries thus exhaust MAC address table resources, which may cause that new MAC address cannot be added to MAC address table. Consequently, forwarding will also be affected. Use the following command to configure MAC address aging time.
mac aging-time <time>
Global
Setting dynamic MAC address aging time
The default aging time of MAC address in ZXR10 T160G/T64G is 300s; the configurable range is 10s~630s.
Burning MAC Address

If the network is stable after a period of running, the position of device connected with switch port is fixed, namely, port corresponding to MAC address in switch MAC address table is fixed. MAC address can be burnt. Burning MAC address is to convert all dynamic MAC addresses in the MAC address table into static; the converted address will not take part in aging. At the same time, if the data frame whose source MAC address is converted MAC address appears in other ports, the switch will not relearn. The configuration command of burning MAC address is as follows:
mac to-static [interface <interface-name>|smartgroup <smartgroup-id> {disable|enable}
Global
Continue/cancel address
burning
MAC
Note: These MAC addresses will not be saved permanently after burning MAC address; it will disappear when the switch is powered off and restarted.
86
Chapter 8
MAC Table Operation
Binding MAC Address to Port

In ZXR10 T160G/T64G, add static or permanent MAC address to MAC address table via configuration to implement MAC address binding in the port. After binding MAC address, the correspondence between MAC address and port is fixed, and the address will not be learnt. The binding relationship will not be terminated until the address is deleted manually. The configuration command of binding port MAC address is as follows:
mac add {static|permanent} <mac-address> {ethernet <port-name>|smartgroup <smartgroup-id>} [vlan <vlan-id>] mac delete {<mac-address>|ethernet <port-name>|smartgroup <smartgroup-id>} [<vlan-id>]
Global
Add MAC address.
Global
Delete MAC address
Note: If specified VLAN ID is unavailable when adding MAC address, add according to PVID or the port. When deleting MAC address, if specified port and VLAN ID are unavailable, delete all MAC address items matching with MAC-address parameters.
Enable Port MAC Address Learning

By default, the MAC address learning function of switch port is enabled; the port can freely learn MAC address dynamically. If the devices connected with switch ports are all fixed, MAC address binding can be performed. Configure manually all possible MAC addresses in the port, and then disable port MAC address learning. The configuration command of port MAC address learning is as follows:
mac learning ethernet <port-name> {disable|enable}
Global
Set port mac address learning
Limit Number of Port MAC Address

The capacity of switch MAC address table is limited, when the number of users is large, reaching the maximum capacity, we can limit the number of MAC addresses that the low-priority-user-resident port can learn. By limiting number of port MAC addresses, network attacks that attempts to flood or overflow the MAC address table can be prevented.
87
The configuration command of limiting number of MAC addresses is as follows:

mac limit-num [ethernet <port-name>] <max-number>
Global
Limit number address
of
port
mac
By default, the switch imposes no restriction on number of port MAC addresses. Configured number of port MAC address restriction can be cancelled by setting the number of restricted MAC address to be zero.
Port MAC Address Learning Protection

ZXR10 T160G/T64G provides the function of port MAC address learning protection. When detecting MAC address learning anomaly, the switch will protect the MAC address learning of this port for a period of time. Once the port enters protection status, it will not learn new address; when the protection time is up, the port enters MAC learning status again. Setting port MAC address learning protection in ZXR10 T160G/T64G requires the following procedures: Set number restriction of port MAC address learning Open the enable switch of port MAC address learning protection. Set the protection time of protected port. The detailed configuration command is as follows:
mac protect [ethernet <port-name>] {disable|enable} mac protect time <time>
Global Global
Set port MAC address learning protection Set port MAC address learning protection time
By default, the switch port MAC address learning function is disabled. Please reserve sufficient margin when configuring number restriction of port MAC address in order to use port MAC address learning protection function.
MAC Address Filtering

To prevent invasion of illegal users, ZXR10 T160G/T64G supports data frame filtering according to MAC address, which covers the following three categories: Match only source MAC address of data frame, namely, if the source MAC address of data frame is the set MAC address, the filtration will be performed. Match only destination MAC address of data frame, namely, if the destination MAC address of data frame is the set MAC address, the filtration will be performed.
88
Chapter 8
MAC Table Operation
Match source or destination MAC address of data frame, namely, if the source or destination MAC address of data frame is the set MAC address, the filtration will be performed. The configuration command of MAC address filtering is as follows:
mac filter {source|both|destination} <mac-address> <vlan-id>
Global
Set filtration according to MAC address
Inputting port name is not needed when configuring MAC address filtration, for the switch will filter data frame from any port. Deleting the MAC address will cancel the configured MAC address filtration.
View MAC Address Table

View MAC address table entries via the following command, the displayed MAC addresses include dynamically learnt address and manually added address.
show mac [dynamic|static|permanent|to-sta tic | src-filter|dst-filter|<mac-address> |interface <interface-name>|vlan <vlan-id>]
All modes
Show MAC address entries
Example: Show all MAC address table entries.

ZXR10(config)#show mac Total mac address : 6 MAC_Address 0000.0000.0018 0000.0000.2222 0000.0000.0022 0000.0000.1111 0000.0000.3333 0000.0000.0021 ZXR10(config)# fei_8/14 888 gei_3/3 gei_3/3 888 888 port fei_8/6 vid 200 1 0 1 1 0 static locked src_filter dst_filter 0 1 0 0 1 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 ------------------------------------------------------------------
fei_8/12 888
------------------------------------------------------------------
89
Examples of MAC Address Table Configuration

As shown in Figure 36, switch A and switch B are connected via convergence link smartgroup1, switch B is connected with three PCs and one ZXR10 2826E, the detailed data is as follows:
Device PC1 PC2 PC3 ZXR10 2826E MAC Address 0X00D0.8765.95CA 0X00D0.8765.95CB 0X00D0.8765.95CC ---------Switch Port fei_2/1 fei_2/3 fei_2/5 fei_2/7 VLAN 1 2 3 4
PC1, PC2 and PC3 serve as servers; MAC address should be bound with port of switch B. Owing to the large number of users connected to ZXR10 2826E, port MAC address learning protection should be set in the corresponding ports of switch B. The protected number is 1000, protection time is 120s. The MAC address aging time of switch B should be set to be 180s.
FIGURE 36 EXAMPLE OF M AC ADDRESS TABLE CONFIGURATION
Switch A Smartgroup1 Switch B
ZXR10 2826E PC 1 PC 2 PC 3
/*Configure port MAC address binding*/ ZXR10_B(config)#mac add permanent 00D0.8765.95CA ethernet fei_2/1 vlan 1 ZXR10_B(config)#mac add permanent 00D0.8765.95CB ethernet fei_2/3 vlan 2 ZXR10_B(config)#mac add permanence 00D0.8765.95CC ehernet fei_2/5 vlan 3 /*Configure port MAC address learning protection*/ ZXR10_B(config)#mac limit-num ethernet fei_2/7 1000
90
Chapter 8
MAC Table Operation
ZXR10_B(config)#mac protect ethernet fei_2/7 enable ZXR10_B(config)#mac protect time 120 /*Configure MAC address aging time*/ ZXR10_B(config)#mac aging-time 180
91
92
Chapter
STP Configuration
This chapter describes the content and related knowledge of STP protocol and related configuration in ZXR10 T160G/T64G. It covers: STP Overview Configuring STP Examples of configuring STP STP maintenance and diagnosis
STP Overview
Spanning Tree Protocol (STP) is applicable to loop network. It can block some redundant paths via specific algorithm, prune loop network into loop-free tree topology, to prevent the message proliferation and endless cycling in the loop network. STP protocol is implemented via participating in exchanging BPDU (Bridge Protocol Data Unit) of all STP switches in a extended LAN. The following operations can be implemented via exchanging BPDU messages: 1. Select a root bridge in a stable SPT topology. 2. Select a specified switch in every switching network. 3. Set the redundant switch port to be Discard to avoid loop in topology network. STP module of ZXR10 T160G/T64G supports three modes including SSTP, RSTP and MSTP, which respectively comply with IEEE802.1d, IEEE802.1w and IEEE802.1s.
SSTP Mode
SSTP (Single Spanning Tree Protocol) fully complies with IEEE802.1d in functionality. Bridge running STTP mode can interconnect with RSTP and MSTP bridge.
93
RSTP Mode
RSTP (Rapid Spanning Tree Protocol) provides higher convergence speed than STP (i.e. SSTP mode), namely when the network topology is changing, the status of old redundant switch port can be transferred (From Discard to Forward) quickly in the case of point-to-point connection.
MSTP Mode
The concept of instance and VLAN mirroring are added in MSTP (Multiple Spanning Tree Protocol); SSTP mode and RSTP mode can both be considered to be instances of MSTP mode, namely, the case that only one instance 0 exists. MSTP mode also provides fast convergence and load balance in VLAN environment. In SSTP and RSTP modes, there is no concept of VLAN. There is only one status for each port that is forwarding statuses of ports in different VLANs is consistent. While in MSTP mode, there are multiple spanning tree instances, forwarding statuses of ports are different in different VLANs. Multiple independent subtree instances can be formed inside MST region to achieve load balance. Some basic concepts of MSTP are presented in detail as follows:
MST Config ID
MST Config ID refers to the forwarding plan with different VID frames, that is, all bridges in MST region forward to specific spanning tree (CIST or an MST instance) according to VID in frames. MST Config ID consists of the following parts: Configuration name: the 32-byte-long character string. Version level: 2-byte-long non-negative integer Configuration abstract: the signature generated according to MST Config Table and processed by MD5, with the length of 16 bytes. MST Config Table consists of 4096 consecutive two bytes, the first and the last two bytes are zero, and other two bytes can represent a binary number. The second two bytes indicate the MSTID value corresponding to VID 1; the third two bytes indicate MSTID value corresponding to VID 2; and the rest may be deduced by analogy, the last but one two bytes indicate the MSTID value corresponding to VID 4094. Configuration abstract is obtained by processing MST Config Table and fixed key value via HMAC-MD5 algorithm. It can learn that a VID belongs to which MST instance or CIST via resolution.
MST Region
Every MST region is composed of one or multiple connected bridges with the same MST Config ID; they enable multiple same instances. This region also contains the LAN whose designated bridge is one of these bridges in CIST instances.
94
Chapter 9
STP Configuration
Note: The MST Config ID of bridge in a MST region must be the same; but bridges with same MST Config ID are not necessarily in the same MST region. For example: If two bridges with same MST Config ID are connected via LAN belonging to another MST region, the two bridges belong to different MST region.
In MST region, there exist different spanning tree topologies: IST (Internal Spanning Tree), MST1, MST2and MSTn. Every MSTi can be called MSTI (MST Instance), bridges forward specific VID frame according to paths (MSTI spanning tree topology) corresponding to VID. The correspondence between VID and MSTI is reflected in MST Config ID, while MSTI spanning tree topology is determined by parameters of system configuration priority.
MST Instances
MST bridge must support implementation of two kinds of instances: one IST and multiple MST instances. IST is running in a region by default; all VLANs are configured to IST by default; IST is connected with all switches in the region, responsible for communication with other MST regions and SST regions outside. MST instance does not transmit BPDU message alone. Spanning tree information is contained in M-record, and transmitted as part of IST BPDU in the region.
CIST (Common and Internal Spanning Tree)

Each IST inside MST area and CST outside comprise CIST, that is, inside MST area, CIST is the same with IST; outside of MST area, it is the same with CST.
IST Region Root

Every MST region has one IST Region Root switch, which is the switch within the region with the lowest path cost to the CST root. If CIST Root is in an MST region, CIST Root is the IST Region Root of that MST region. After selecting IST Region Root, other ports directing to CIST Root in this region will be blocked.
MST BPDU
MSTI in MST region does not communicate with outside; only IST exchanges BPDU message with outside. In the region, MSTI does not transmit BPDU message alone; MST BPDU message transmitted by IST contains MSTI information. MSTI indicates that it needs to transmit MST BPDU message via a flag, and the detailed message is transmitted by IST. Every MSTI needing to transmit BPDU saves its information in the M-record structure, which will be transmitted as part of IST BPDU.
95
Configuring STP
Enable/Disable STP
Use the following command to enable or disable STP protocol.
spanning-tree {enable|disable}
Global
Enable/Disable STP
Note: After disabling STP protocol in ZXR10 T160/T64G, every port with the physical status of up should be set to be the status of forwarding.
Configuring STP Mode

Use the following command to configure STP protocol mode.
spanning-tree mode {sstp|rstp|mstp}
Global
Setting STP Mode
The default mode of ZXR10 T160G/T64G is MSTP. Whichever mode configured can be compatible and interconnected with other two modes.
Configuring STP Protocol Parameters

STP protocol parameters cover: Max-age In CST network spanning tree topology, the latest BPDU packet is transmitted to leaf node switch along CST spanning tree topology from Root switch. In the BPDU packets transmitted from Root switch, message-age value is 0; message-age value increases by 1 and max-age value remains unchanged when passing a middle node switch. When message-age value is greater than max-age value in the BPDU packet, the BPDU packet will be invalid. Hello-time Hello-time parameters are used to control the interval of transmitting BPDU packet. Forward-delay In the condition of non-rapid-state-migration, the parameter determines the delay interval (2forward-delay) from state Blocking to Forwarding. Max-hops
96
Chapter 9
STP Configuration
Max-hops value is determined by region root node of instance in MST region; the value decreases by 1 when passing one switching node. When the parameter value is decreased to 0, the BPDU packet becomes invalid. Message-age and max-age of BPDU message in MST region remain unchanged in the process of region transmission. Use the following command to configure STP protocol parameters.
spanning-tree hello-time <time> spanning-tree forward-delay <time> spanning-tree max-age <time> spanning-tree mst max-hops <1-40>
Global Global Global Global
Set STP hello time interval Set STP forward delay Set max age of BPDU packet Set max hops of BPDU packet
Note: In CST network spanning tree topology, all switch hello-time parameter values are determined by Root switch. Max-hops parameter value is valid only when serving as region root node of an instance in the MST region.
Creating Instances
In MSTP mode, users can build a MST region by creating or deleting switches connected with instances, to implement rapid convergence and load balance. Use the following command to access MSTP configuration mode.
spanning-tree mst configuration
Global
Access MSTP configuration mode
Use the following command to create instance:

instance <instance> vlans <vlan-id>
MSTP
Create MSTP instance
Note: ZXR10 T160G/T64G has and has only one instance 0 in SSTP and RSTP modes. In MSTP mode, instance 0 exists by default, so it cannot be deleted arbitrarily.
97
Update MST Configuration Name and Configuration Version

To judge whether interconnected switches are in the same MST region, we need to check whether MST configuration name and configuration version are same. Use the following command to set MST configuration name and configuration version.
name <string> revision <version>
MSTP MSTP
Set MST configuration name Set MST configuration version
Note: The following four prerequisites are indispensable for a switch belonging to the same MST region: same MST configuration name, same MST configuration version, same INS-VLAN mapping table, and interconnected switches.
Configuring Switch Priority and Port Priority

In the whole spanning tree topology region, the switchs location in the whole CST spanning tree topology (whether can be selected as the root of the whole spanning tree) or the location in the instance spanning tree topology in MST region (whether can be selected as the region root of the instance) is determined by setting bridge priority of an instance. Designate a bridge to be spanning tree root by setting bridge with low priority. Designate specific port to be contained in spanning tree by setting port priority. Generally, the smaller the set value is, the higher the port priority is, and the probability that the port is contained in the spanning tree increases. If same priority is set to all ports in the bridge, the port priority will be determined by the index number of the port. Use the following command to configure switch priority and port priority.
spanning-tree mst instance <instance> priority <priority> spanning-tree mst instance <instance> priority <priority>
Global Port
Set bridge priority of an instance Set port priority of an instance
98
Chapter 9
STP Configuration
Note: The bridge priority and port priority of ZXR10 T160G/T64G can be configured only when the instance has been created.
Configuring Whether a Port in STP Protocol Participates in Spanning Tree Calculation

In some specific environments, the participation of port in the spanning tree calculation is not required, such as the uplink port of switch or port connecting PC. Use the following command to configure whether the port participates in spanning tree calculation.
spanning-tree {enable|disable}
Port
Set whether ports participate in spanning tree calculation
Instances of Configuring STP

MSTP supports multiple MST regions, but it is recommended configuring one MST region. Usually run MST region in backbone network, serving as root of the whole CST, which can better implement network rapid convergence and load balance.
Instance 1
As shown in Figure 37, run MSTP in backbone network; MST region serves as root of CST, that is, CIST Root Bridge is inside the MST region. Switches A, B and C are configured in the same region; their initialization priority is 32768; determine CIST root and IST root according to MAC address. The respective address of the three switches is as follows: Switch A: 000d.0df0.0101 Switch B: 000d.0df0.0102 Switch C: 000d.0df0.0103 Create two MST instances, to which the VLAN in this region should be mapped. Run CST mode in switch D with the MAC address of: 000d.0df0.0104, and priority: 32768.
99
The purpose of this instance is to implement rapid convergence of the whole network and load balance of two links in switch A.
FIGURE 37 MSTP CONFIGURATION EXAMPLE NETWORKING DIAGR AM 1
A, B and C belong to the same MST area, and the identity of this area in the network topology is CIST root. Root node of Instance 2 The port is blocked in ins 2 Switch A Switch B
Switch D
The port is blocked in ins 1

Switch C root node of instance 1
/*Configure MST region*/ ZXR10_A(config)#spanning-tree mode mstp ZXR10_A(config)#spanning-tree mst configuration ZXR10_A(config-mstp)#name zte ZXR10_A(config-mstp)#revision 2 /*Map VLAN 1~10 to instance 1, VLAN 11~20 to instance 2*/ ZXR10_A(config-mstp)#instance 1 vlan 1-10 ZXR10_A(config-mstp)#instance 2 vlan 11-20
/*Configure MST region*/ ZXR10_B(config)#spanning-tree mode mstp ZXR10_B(config)#spanning-tree mst configuration ZXR10_B(config-mstp)#name zte ZXR10_B(config-mstp)#revision 2 /*Map VLAN 1~10 to instance 1, VLAN 11~20 to instance 2*/ ZXR10_B(config-mstp)#instance 1 vlan 1-10 ZXR10_B(config-mstp)#instance 2 vlan 11-20 /*Change the priority of switch B in instance 2, to make it become the Root of instance 2*/ ZXR10_B(config-mstp)#spanning-tree mst instance 2 priority 4096
Switch C configuration:
/*Configure MST region*/
100
Chapter 9
STP Configuration
ZXR10_C(config)#spanning-tree mode mstp ZXR10_C(config)#spanning-tree mst configuration ZXR10_C(config-mstp)#name zte ZXR10_C(config-mstp)#revision 2 /*Map VLAN 1~10 to instance 1, VLAN 11~20 to instance 2*/ ZXR10_C(config-mstp)#instance 1 vlan 1-10 ZXR10_C(config-mstp)#instance 2 vlan 11-20 /*Change the priority of switch C in instance 1, to make it become the Root of instance 1*/ ZXR10_C(config-mstp)#spanning-tree mst instance 1 priority 4096
Switch D reserves the default configuration.
Instance 2
As shown in Figure 38, switch B and C run in the same region, CIST root bridge C is outside of the region; one boundary port of switch B and C will be blocked
FIGURE 38 MSTP CONFIGURATION EXAMPLE NETWORKING DIAGR AM 2
Switch A CIST Root
Switch B
Switch C
The difference between instance 2 and instance 1 lies in: The boundary port blocks or forwards all VLANs for there exists only one instance that can communicate with outside in a region, there is no probability of load balance, and it cannot exert the advantages of MSTP mode. In the following figure, the link from switch A to switch C will block all VLANs, while the link from switch B to switch A will forward all VLANs.
STP Maintenance and Diagnosis

ZXR10 T160G/T64G provides command show to view STP-related information and implements fault diagnosis.
101
1. Display detailed instance-based spanning tree information

show spanning-tree instance <instance>
All modes
Display detailed instance-based spanning tree information
2. Display spanning tree information of designated port

show spanning-tree interface <port-name>
All modes
Display spanning tree information of designated port
3. Display statistical information of transmitting and receiving BPDU packets in designated port.
show spanning-tree statistics <port-name>
All modes
Display statistical information of transmitting and receiving BPDU packets in designated port.
In the following three cases, even if switch STP function is enabled, the appearance of loop cannot be avoided, please take care when configuring. Two switches are connected with multiple parallel links, one of the two switches configures link aggregations for these ports, and the other does not. One switch configures aggregations for multiple ports, but one port in the aggregation port group connects with other ports of the device by self-loop. Two switches connect two parallel links; either of the two parties cannot receive the BPDU packet transmitted by the opposite party for unknown reason.
102
Chapter
10
Link Aggregation Configuration

This chapter introduces the principles and configuration of ZXR10 T160G/T64G Ethernet port link aggregation. It covers: Overview of link aggregation Configuring link aggregation Instances of configuring link aggregation Link aggregation maintenance and diagnosis
Overview of Link Aggregation

Link Aggregation is also called Trunk; it refers to bundling multiple physical ports to be a logical port, to implement load balance of in/out flow in each member port. The switch determines from which member port to transmit message to the peer end switch according to port load sharing policy that the users configured. When the switch detects that one member port link is broken, it does not transmit messages in this port until this port link becomes normal. Link aggregation is a very important technology in adding link bandwidth, implementing link transmission flexibility and redundancy. ZXR10 T160G/T64G supports static Trunk and LACP link aggregation modes. Static Trunk adds multiple physical ports to trunk group, to form a logical port.This mode goes against observing status of link aggregation port. LACP (Link Aggregation Control Protocol) complies with IEEE 802.3ad. LACP aggregates multiple physical ports to trunk group dynamically via protocol to form a logical port. LACP generates aggregation automatically to obtain the maximum bandwidth. Configure link aggregation function in ZXR10 T160G/T64G in compliance with the following principles:
103
Thirty-two trunk groups totally can be configured, each trunk group contains up to eight member ports. Support cross-interface-board aggregation, the member ports can be located at any interface board, but the selected port must work in full-duplex mode and the working rate must be consistent. The modes of member ports could be access, trunk or hybrid, but they must be consistent. In ZXR10 T160G/T64G, the logical ports formed by link aggregation are called SmartGroup, which can be used as ordinary port.
Configuring Link Aggregation

Link aggregation configuration covers: 1. Creating trunk group
interface <smartgroup-name>
Global
Creating trunk group
2. Bundling port to trunk group, setting port aggregation mode

smartgroup <smartgroup-id> mode {passive|active|on}
Port
Bundling port to trunk group, setting port aggregation mode
When the aggregation mode is set to be On, the port runs static trunk, two ends participating in aggregation should be set to be On mode. When aggregation mode is active or passive, the port runs LACP. Active means that the port is in active negotiation mode. Passive means that the port is in passive negotiation mode. When configuring dynamic link aggregation, set the aggregation mode of one end of port to be active and the other end to be passive or set both ends as active.
Note: The configuration of VLAN link type in member port must be consistent with that of smartgroup, otherwise it cannot be added into this trunk group.
3. Setting port link aggregation load sharing mode ZXR10 T160G/T64G port link aggregation supports 6 types of load sharing modes which respectively based on source IP, destination IP, source and destination IP, source MAC, destination MAC, and source and destination. By default, MAC is based on source and destination MAC.
smartgroup load-balance <mode>
Port
Setting port link aggregation load sharing mode
104
Chapter 10
Instances of Configuring Link Aggregation

As shown in Figure 39, switch A connects switch B via smartgroup port, which are composed of four physical ports by aggregation. The port mode of SmartGroup is trunk, bearing VLAN10 and VLAN20.
FIGURE 39 EXAMPLE OF LINK AGGREGATION CONFIGURATION
Switch B
Smartgroup11 gei_3/5-8 trunk VLAN 10,20 Smartgroup10 gei_5/1-4
Switch A
/*Create trunk group*/ ZXR10_A(config)#interface smartgroup10 /*Bundle port to trunk group*/ ZXR10_A(config)#interface gei_5/1 ZXR10_A(config-if)#smartgroup 10 mode active ZXR10_A(config)#interface gei_5/2 ZXR10_A(config-if)#smartgroup 10 mode active ZXR10_A(config)#interface gei_5/3 ZXR10_A(config-if)#smartgroup 10 mode active ZXR10_A(config)#interface gei_5/4 ZXR10_A(config-if)#smartgroup 10 mode active /*Modify VLAN link types of the smartgroup port*/ ZXR10_A(config)#interface smartgroup10 ZXR10_A(config-if)#switchport mode trunk ZXR10_A(config-if)#switchport trunk vlan 10 ZXR10_A(config-if)#switchport trunk vlan 20 ZXR10_A(config-if)#switchport trunk native vlan 10
ZXR10_B(config)#interface smartgroup11 ZXR10_B(config)#interface gei_3/5 ZXR10_B(config-if)#smartgroup 11 mode passive ZXR10_B(config)#interface gei_3/6 ZXR10_B(config-if)#smartgroup 11 mode passive
105
ZXR10_B(config)#interface gei_3/7 ZXR10_B(config-if)#smartgroup 11 mode passive ZXR10_B(config)#interface gei_3/8 ZXR10_B(config-if)#smartgroup 11 mode passive ZXR10_B(config)#interface smartgroup11 ZXR10_B(config-if)#switchport mode trunk ZXR10_B(config-if)#switchport trunk vlan 10 ZXR10_B(config-if)#switchport trunk vlan 20 ZXR10_B(config-if)#switchport trunk native vlan 10
Link Aggregation Maintenance and Diagnosis

ZXR10 T160G/T64G provides related show commands for easier link aggregation maintenance and diagnosis. 1. Display the aggregation status of member port
show lacp [<smartgroup-id>] internal
View the aggregation status of trunk group member port
Instance: view aggregation status of trunk group 2 member ports.

ZXR10(config)#show lacp 2 internal Smartgroup:2 Actor Port Agg State LACPDUs Interval Priority 32768 32768 Port Key Oper Port State Machine RX Machine Mux
-----------------------------------------------------------------fei_3/17 selected 30 collecting-distributing fei_3/18 selected ZXR10(config)# 30 0x202 0x3d current collecting-distributing 0x202 0x3d current
When Agg State is selected, and Port state is 0x3d, it means that the port aggregation is successful. If aggregation failed, the Agg state indicates unselected 2. View protocol packet counter of member ports
106
Chapter 10
Command format
Command Mode
Command function
show lacp [<smartgroup-id>] counter
View protocol packet counter of trunk group member ports
Instance: view protocol packet counter of trunk group 2 member ports.

ZXR10(config)#show lacp 2 counter Smartgroup:2 Actor Port LACPDUs Tx Rx 5 6 0 0 Marker Tx Rx 0 0 0 0 LACPDUs Err 0 0 Marker Err
------------------------------------------------------------------fei_3/17 11 fei_3/18 10 ZXR10(config)#
Only when counter of protocol transmitting packets Tx and protocol receiving packets Rx of every member port is available, can the aggregation succeed. 3. View member ports of the peer end.
show lacp [<smartgroup-id>] neighbors
View member ports of the peer end.
Instance: view the member port of the peer end of trunk group 2.
ZXR10(config)#show lacp 2 neighbors Smartgroup 2 neighbors Actor Port Partner System ID Partner Port Oper Key 0x202 0x202 Port State 0x3d 0x3d Port No. Priority 0x8000 0x8000
--------------------------------------------------------------fei_3/18 8000,00d0.d0c0.0f60 513 fei_3/17 8000,00d0.d0c0.0f60 514 ZXR10(config)#
Where Partner Port No stands for port number of neighbors, when Port State is 0x3d, it means the aggregation of the two ends is successful.
107
108
Chapter
11
IGMP Snooping Configuration

This chapter introduces principle and configuration of IGMP Snooping in ZXR10 T160G/T64G. It covers: Overview of IGMP Snooping Configuring IGMP Snooping Instances of IGMP Snooping configuration IGMP Snooping maintenance and diagnosis
Overview of IGMP Snooping

IGMP Snooping is a feature of layer2 switch, it could restrict the forwarding of IP multicast traffic. As shown in Figure 40, IGMP (Internet Group Management Protocol) runs between host and multicast router. IGMP Snooping monitors IGMP communication between host and router, ensuring that the switch could learn the ports belonging to multicast member before forwarding multicast packets, and get the multicast forwarding table. Here, multicast packet will be transmitted to ports in multicast forwarding table rather than all ports; as a result, it restricts the spread of multicast packet in the switch and boosts the utilization rate by avoiding unnecessary bandwidth waste.
FIGURE 40 IGMP SNOOPING APPLICATION
Run IGMP Router
Run IGMP Snooping Switch
PC
109
Join a Multicast Group

The host joins corresponding multicast group by transmitting IGMP joining message. When the switch monitors the IGMP message transmitted by the host, the forwarding module creates a layer2 forwarding entry for the VLAN that the message-receiving port resides on. When other hosts in the same VLAN are interested in the multicast traffic and send a request of joining the group, the switch adds them to the existed forwarding entries. The switch creates only one forwarding entry for each multicast group in the same VLAN, forwards the multicast traffic of the multicast group in all ports receiving a multicast group request message.
Leave a Multicast Group

The hosts that joined multicast group must respond to IGMP query message transmitted by router periodically. As long as one host responds to IGMP query in a VLAN, the router must continue forwarding traffic of the multicast group that the host resides on to VLAN. When a host wants to a multicast group, it could ignore the IGMP query message transmitted by router periodically (called static leave), or transmit IGMPv2 leave message of specified group. When IGMP Snooping hears IGMPv2 leave message of specified group, the switch sends specified group query message to the port receiving the message, to query whether other hosts belonging to the multicast group are available in this port. If IGMP Snooping cannot receive any response message after several queries, it indicates that there are no hosts belonging to the multicast group in this port, and IGMP Snooping will delete corresponding ports in the layer2 forwarding entries; if receiving response message, it is not necessary to modify forwarding table.
Fast Leave
The fast leave function of IGMP Snooping means that: When hearing IGMPv2 leave message of specified group, the switch does not transmit query message, instead, it deletes corresponding ports in the layer2 forwarding entries directly. Please take care when enabling fast leave function in a VLAN, if one of the multiple hosts in a port leaves multicast group, other hosts of the same multicast group in the port cannot receive multicast traffic of the multicast group.
Configuring IGMP Snooping

Basic Configuration
Basic configuration of IGMP Snooping contains:
110
Chapter 11
1. Global enable IGMP Snooping

ip igmp snooping
Global
Global enable IGMP Snooping
2. Enable IGMP Snooping in VLAN

igmp snooping
VLAN
Enable IGMP Snooping in VLAN
3. Configure whether to broadcast multicast data when IGMP Snooping is enabled but there is no user.
Igmp snooping drop <ip-address> [num< num>]
vlan
Configure whether to broadcast multicast data when IGMP Snooping is enabled but there is no user.
4. Configure fast leave

igmp snooping fast-leave
VLAN
Configure group fast leave in VLAN
Configure Proxy Querier

Usually, there is at least one multicast router in multicast network, transmitting IGMP query message periodically. If there is no multicast router in the network, you can configure proxy querier for transmitting IGMP query message. 1. Configure IGMP Snooping proxy querier function
ip igmp snooping querier
Global
Configure IGMP Snooping proxy querier function
2. Configure query-interval of proxy querier

ip igmp snooping query-interval <interval>
Global
Configure query-interval of proxy querier
3. Configure maximum query-response-interval

ip igmp snooping query-response-interval <interval>
Global
Configure maximum query-response-interval
111
Limit Multicast Group

Impose some restrictions on multicast group in ZXR10 T160G/T64G. 1. ACL filter the group
igmp snooping acl <acl-number>
VLAN
ACL filter the group
2. Limit the maximum-group-number

igmp snooping max-group-num <number>
VLAN
Configure the permitted max-group-number in VLAN
Static Configuration
Static configuration will not age and can only be deleted statically. 1. Configure static users in VLAN
igmp snooping static <ip-address> interface <port-name>
VLAN
Configure static users in VLAN
When a user needs to join a multicast group, but IGMP and IGMP Snooping are not in operation, so it cannot be monitored, here static configuration can be performed. 2. Configure multicast router interface in VLAN
igmp snooping mrouter interface <port-name>
VLAN
Configure multicast interface in VLAN
router
It is applied when PIM-Snooping is not configured or connecting to multicast router that does not transmit query message.
Modify Default Time

1. Modify users aging time
igmp snooping host-time-out <time>
VLAN
Modify users aging time
2. Modify last-member-query-interval
Command format Command Command function
112
Chapter 11
Mode
igmp snooping last-member-query-interval
<interval>
VLAN
Modify last-member-query-interval
3. Modify aging time of routing port

igmp snooping mrouter-time-out <time>
VLAN
Modify aging time of routing port
Instances of IGMP Snooping Configuration

As shown in Figure 41, ports fei_1/1, fei_1/3, and fei_1/5 connect host, port fei_3/1 connects multicast router, and all the ports belong to VLAN10. Enable IGMP Snooping function in the switch.
FIGURE 41 EXAMPLE OF IGMP SNOOPING CONFIGURATION
IGMP Router
fei_3/1 Switch fei_1/1 fei_1/5 fei_1/3
Switch configuration:
ZXR10(config)#ip igmp snooping ZXR10(config)#vlan 10 ZXR10(config-vlan)#igmp snooping
IGMP Snooping Maintenance and Diagnosis

ZXR10 T160G/T64G provides show command to view information related to IGMP Snooping, helping with maintenance and diagnosis. 1. Display IGMP Snooping configuration information of specified VLAN
113
Command format
Command Mode
Command function
show ip igmp snooping vlan
<vlan-id>
Display IGMP Snooping configuration information of specified VLAN
2. Display port information related to IGMP Snooping

show ip igmp snooping port-info vlan <vlan-id>
Display port information related to IGMP Snooping
3. Display statistical information of IGMP message

show ip igmp snooping statistic [clear | interface <port-name>]
View IGMP message statistical information of all or specified ports
ZXR10 T160G/T64G also provides debug command to debug IGMP Snooping, tracing related information.
debug ip igmp-snooping
Privileged
Turn on the debugging switch of IGMP Snooping
Instance: Tracing the process of transmitting and receiving packets of IGMP Snooping.
ZXR10#debug ip igmp-snooping ZXR10# IGMP SNOOPING Rcv 224.1.1.1 Group Report Msg: From Vlan 1, Port fei_4/10 IGMP SNOOPING Rcv 224.1.1.1 Group Report Msg: From Vlan 1, Port fei_4/11 ...
114
Chapter
12
Network Protocol Configuration

This chapter introduces IP address and ARP protocol, it also describes related configuration of ZXR10 T160G/T64G. It covers: IP address ARP configuration
IP Address
Introduction to IP Address
Network layer address in the IP protocol stack refers to IP address. An IP address is composed of two parts, the network ID part and the host ID part. The network ID is used to reference a specific network. The host ID is used to identify a specific device on that network IP addresses fall into 5 classes including A, B, C, D, and E, classes A, B, and C are popular, class D address is network multicast address, and class E address is reserved. Table 23 presents the range of each class of address.
TABLE 23 RANGE OF IP ADDRESSES

Category Header characteristic bit Network bit Host bit Range
Class A Class B Class C Class D Class E
0 10 110 1110 1111
8 16 24
24 16 8
0.0.0.0~127.255.255.255 128.0.0.0~191.255.255.255 192.0.0.0~223.255.255.255 224.0.0.0~239.255.255.255 240.0.0.0~255.255.255.255
Multicast Address Reserved
115
In class A, B, and C addresses, some are reserved for private network, it is recommended using private network address when constructing internal network. These addresses are: Class A: 10.0.0.0~10.255.255.255 Class B: 172.16.0.0~172.31.255.255 Class C: 192.168.0.0~192.168.255.255 The original intension of dividing addresses like this is to facilitate routing protocol design, judging network type from the header characteristic bit of the IP address. However, this method cannot make maximal use of addresses, as a result, the shortage of addresses is becoming increasingly serious with the development of Internet. To make maximal use of IP addresses, we can divide one network into multiple subnets. By means of borrowing, borrow from the maximum of the host ID to serve as subnet ID, and the remainder of the host ID is still host ID. Here, IP address is composed of three parts: network ID, subnet ID and Host ID. Network ID and subnet ID identify a network uniquely. Use subnet mask to determine the network ID, subnet ID, and host ID parts in the IP address. The part with the subnet mask of 1 corresponds to network ID and subnet ID in IP address, the part with the subnet mask of 0 corresponds to host ID. The division of subnet boosts utilization rate of IP address significantly, which, to some extent, relieves the problem of IP address shortage. Regulations regarding IP address: 0.0.0.0 will be employed when the host without IP addresses boots; it obtains address via RARP, BOOTP, and DHCP, in routing table, the address is also used as default route. 255.255.255.255 is for broadcast destination address and it cannot be used as source address. 127.X.X.X is called loop-back address, which can be used to represent this computer even if the real IP address of the host is unknown. The address with the host ID of all zeroes represents the network itself; the address with the host ID of all 1 is used for the network broadcast address. For legal host IP address, the network part or the host part cannot be all 0 or all 1.
Basic Configuration of IP Address

The IP address configuration is performed in interface configuration mode, the procedures of which are as follows: 1. Access interface configuration mode
interface <interface-name>
Global
Access
interface
configuration
116
Chapter 12
Network Protocol Configuration
mode If the interface does not exist, create it and access interface configuration mode
2. Set interface IP address

ip address <ip-address> <net-mask> [<broadcast-address>] [secondary]
VLAN interface
Set interface IP address
Instances of IP Address Configuration

Assuming that layer3 interface VLAN1 is created in ZXR10 T160G/T64G, configure the IP address of the interface to 192.168.3.1, and mask to be 255.255.255.0. The detailed configuration is as follows:
ZXR10(config)#interface vlan 1 ZXR10(config-if)#ip address 192.168.3.1 255.255.255.0
Use show ip interface command to view interface IP address.
ARP Configuration
Overview of ARP
A network device should know the IP address of the destination device and its physical address (MAC address) when transmitting data to another network device. The function of ARP (Address Resolution Protocol) is mapping IP address to physical address to ensure successful communication. First, the source device broadcast carries the ARP request of destination device IP address, so all devices in the network will receive this ARP request. If a device finds that the IP address in the request and its own IP address match, it will transmit a response containing MAC address to source device. The source device obtains the MAC address of the current device via this response. The mapping relationship between IP address and MAC address is cached in the local ARP table with the purpose of reducing ARP packets in the network to transmit data more rapid. When the device needs transmitting data, it will search ARP table according to IP address, if MAC address of destination device is found in the ARP table, transmitting ARP request is not needed. Dynamic entries in the ARP table will be deleted automatically after a period of time, which is called ARP aging time.
Basic Configuration of ARP

The configuration of ARP covers:
117
1. Configure aging time of ARP entries in ARP buffer

arp timeout <timeout>
VLAN interface
Configure aging time of ARP entries in ARP buffer
2. Clear all dynamic ARP entries in the ARP buffer of specified interface
clear arp-cache [<interface-name>]
Privileged
Clear all dynamic ARP entries in the interface ARP buffer
Instances of configuring ARP

One configuration instance of ARP is as follows:
ZXR10(config)#interface vlan 1 ZXR10(config-if)#arp timeout 1200
Use the following command to view ARP entries of specified interface.

show arp [<interface-name>]
All modes
Display ARP entries of interface
View ARP table of layer3 interface VLAN1:

ZXR10#show arp vlan1 Address 10.1.1.1 10.1.100.100 ZXR10# 18 Age(min) Hardware Addr 000a.010c.e2c6 00b0.d08f.820a Interface vlan1 vlan1
118
Chapter
13
Static Route Configuration

This chapter describes static route and its configuration, including special summary static route or default route. Basic configuration of static route Instance of static route configuration Maintenance and diagnosis of static route
Basic Configuration of Static Route

Static Route is that the network administrator specifies routing information to routing table via configuration command, unlike dynamic route creating routing table according to routing algorithm. When configuring dynamic route, sometimes we need to transmit the routing information of the whole Internet to a router, which exceeds the load of the router, in such situation, static route can be employed to solve the problem. Application of static route, which requires relatively fewer configurations, can avoid the usage of dynamic route. But the configuration of static route will become complicated when in the environment with multiple routers and multiple paths. The configuration of static route uses ip route command.
ip route [vrf <vrf-name>] <prefix> <net-mask> {<forwarding-router's-address>| <interface-name>} [<distance-metric>] [tag <tag>]
Global
Create static route
Tag value is the identifier of route; two static routes (with different next-hop) to the same destination network cannot have the same tag value.
119
Instance of Static Route Configuration

Configuring Static Route
A simple network with three routers connected is shown in Figure 42.
FIGURE 42 CONFIGURING STATIC ROUTE
192.168.3.1/24 192.168.4.2/24 192.168.5.2/24
R1
192.168.4.1/24
R2
192.168.5.1/24
R3
192.168.6.1/24
If R1 needs to access network in R3, the static route configuration is as follows:

ZXR10_R1(config)#ip route 192.168.5.0 255.255.255.0 192.168.4.2 ZXR10_R1(config)#ip route 192.168.6.0 255.255.255.0 192.168.4.2
We can see that from the above configuration information, static route is configured in global configuration mode; only one static route can be configured once. Behind the command ip route, is remote network, subnet mask and next-hop IP address reaching remote network. In other words, if R1 wants to transmit message to network 192.168.5.0/24, it must deliver the message to R2 with the IP address of 192.168.4.2; moreover, R1 and R2 are connected directly. Another way to configure static route is as follows:
ZXR10_R1(config)#ip route 192.168.5.0 255.255.255.0 vlan2 ZXR10_R1(config)#ip route 192.168.6.0 255.255.255.0 vlan2
This configuration is similar to the method mentioned above. The only difference is that in the above method, next-hop IP address is applied while in this method, local interface is applied, that is to say, it transmits all messages towards network 192.168.5.0/24 and 192.168.6.0/24 from VLAN2 instead of routing to next-hop logical address. If multiple paths to the same destination are available, configure the router with multiple static routes with different administrative distance values, but the routing table will only show the routing information with the minimum distance value. Because when the router is notified that there are multiple competitive sources to a network, the route with the minimum administrative distance value has a higher priority. Parameter distance-metric in static route configuration command ip route can be used to change the administrative distance value of a static route. Assume that there are two different routes from R1 to 192.168.6.0/24 network segment, and the configuration is as follows:
120
Chapter 13
ZXR10_R1(config)#ip route 192.168.6.0 255.255.255.0 192.168.4.2 ZXR10_R1(config)#ip route 192.168.6.0 255.255.255.0 192.168.3.2 25 tag 10
The above two commands configure two different static routes to the same network, the first command does not configure administrative distance value, so default value 1 is applied; the second command configures the administrative distance value to be 25. The administrative distance value of the first route is smaller than that of the second one, so only the information of the first route is available in the routing table, that is to say, the router reaches the destination network 192.168.6.0/24 via next-hop 192.168.4.2. The second route will be available in the routing table only when the first route becomes invalid and disappears from the routing table.
Summarizing Static Routes

Summary static route is a special static route, which can summarize expressions of two or multiple specific routing tables into one, to reduce entries of routing table on the basis of remaining all old connections.
FIGURE 43 STATIC ROUTES SUMM ARIZ ATION
10.2.0.0/16
10.2.0.1/16 192.168.3.1/24 192.168.4.2/24 192.168.5.2/24
10.1.0.0/16 R3
10.1.0.1/16
R1
192.168.4.1/24
R2
192.168.5.1/24
As shown in Figure 43, R3 has two networks including 10.1.0.0/16 and 10.2.0.0/16. Usually, the following two static routes should be configured in R1 to reach these networks.
ZXR10_R1(config)#ip route 10.1.0.0 255.255.0.0 192.168.4.2 ZXR10_R1(config)#ip route 10.2.0.0 255.255.0.0 192.168.4.2
The IP connection can be implemented via the above configuration assuming R3 is properly configured. But we can use summary static route to optimize R1 routing table; the following command can substitute two above commands.
ZXR10_R1(config)#ip route 10.0.0.0 255.0.0.0 192.168.4.2
This command indicates that all messages with the destination of network 10.0.0.0/8 pass 192.168.4.2, that is to say, all messages of subnets (here refer to subnet 10.1.0.0/16 and 10.2.0.0/16) with the destination of 10.0.0.0/8 transmits to 192.168.4.2. We summarize all subnets of main network 10.0.0.0/8 by this means.
Default Route Configuration

Default route is a type of special static route. Default route will be applied when all other routes in the routing table failed, which provides a last destination for the routing table, thus relieve the processing load of the router.
121
If a router cannot route for a message, the message has to be discarded to an unknown destination, which is beyond our expectation. To make the router fully connected, one router must be connected to a network. The default route can be applied when the router wants to be fully connected and requires no record of individual route. We can specify an individual route to represent all other routes via default route. The function and usage of static route are illustrated in the following instance:
FIGURE 44 CONFIGURE DEFAULT ROUTE
192.168.3.1/24
192.168.4.2/24
211.211.211.2/24
Internet R3
R1
192.168.4.1/24
R2
211.211.211.1/24
As shown in Figure 44, R2 and router R3 in the Internet network are connected. R2 did not record all network addresses in the Internet, it uses default route to directly transmit unknown messages to R3. The configuration of default route in R2 is as follows:
ZXR10_R2(config)#ip route 0.0.0.0 0.0.0.0 211.211.211.2
The configuration procedure of default route is identical with that of static route, which is a little bit different is that both the network part and subnet mask part are 0.0.0.0. We can view routing table of R2:
ZXR10_R2#show ip route IPv4 Routing Table: Dest 192.168.4.0 0.0.0.0 ZXR10_R2# Mask 255.255.255.0 0.0.0.0 211.211.211.2 Gw Net direct direct static Owner 211.211.211.0 255.255.255.0
We can see from the routing table that, the default route with next-hop of 211.211.211.2 is added to the routing table as the last route. When using default route in routing protocol configuration, it differs when routing protocol varies. If default route is configured in a router running RIP protocol, RIP will notify the default route 0.0.0.0/0 to its neighbor, even neednt reallocating routes in the RIP domain. For OSPF protocol, the router running OSPF will not notify default route automatically to its neighbor. Command default-information originate must be used to enable OSPF to transmit default route to OSPF domain. If reallocating default routes in the OSPF domain, this kind of notification is usually implemented via ASBR (autonomous system border router).
122
Chapter 13
Maintenance and Diagnosis of Static Route

Use the following command to display global routing table of router and to view whether static route is configured in routing table.
show ip route [<ip-address> [<net-mask>]|<protocol>]
All modes
Display global routing table
This command is frequently applied in routing protocol diagnosis.
123
124
Chapter
14
RIP Configuration
The Routing Information Protocol (RIP) is a vector distance routing protocol with the latest version of RIPv2, which is usually applied in small-sized network. In this chapter, you will learn about: Overview of RIP Configuring RIP Instances of configuring RIP RIP maintenance and diagnosis
Overview of RIP
RIP Fundamentals
Routing Information Protocol (RIP) is the first routing protocol identifying the best path dynamically, which is implemented based on vector distance algorithm of local network. RIPv1 is defined in RFC1058 and RIPv2 is defined in RFC1723. ZXR10 T160G/T64G supports both RIPv1 and RIPv2, RIPv2 is applied by default. RIPv2 has the following advantages compared to RIPv1: Subnet mask is available in route refresh Authentication of route refresh Multicasting route refresh In the following instruction, RIP refers to RIPv2 if not specially designated.
Metric and Administrative Distance

RIP uses UDP packet (Port number 520) to exchange RIP routing information. The routing information in RIP message includes the number of routes passed, i.e. hop count, according to which, the router determines the route to the destination network. RFC stipulates that the maximum hop count should be less than 16, so RIP is only applicable to small-sized network. Hop count 16 indicates infinite distance, representing unreachable route, which is one way for RIP to identify and prevent the routing loop.
125
Only hop count is taken as the metric for RIP routing; bandwidth, delay and other variable factors are not considered. The RIP always takes paths with the least hop count as the optimized path, which may results that the selected path is not the best one. The default administrative distance value of RIP is 120. As far as AD is concerned, the lower is the value; the higher is the routing source reliability. The RIP is not quite reliable, compared to other routing protocol.
Timer
Router running RIP transmits update message of routing information at a certain interval (30s by default), which reflects all the routing information of the router. This process is called routing information notification. If a router failed to receive update information from another router in a certain time period (180s by default), it will mark the routes provided by the router to be unavailable and if it is not updated in the succeeding period of time (240s by default), the router will clear the route completely from the routing table. The RIP provides the following four types of timers: Update timer Invalid timer Hold-down timer Flush Timer
Route Update
The RIP protocol employs trigger update to speed up the spread of routing changes in the RIP routing domain. When a RIP router detects that an interface is working or has stopped working, an adjacent node is down or a new subnet or neighbor node joining in, it will transmit a trigger update. The trigger update message only contains changed route. The RIP protocol uses poison reverse to speed up protocol convergence. The poison reverse sets the metrics of the infinite network prefix to be 16 (meaning infinite), after receiving routing update of the metric, the router will discard the route instead of waiting for the aging time. The RIP uses split horizon to prevent routing loop and reduce the size of routing update. Split horizon means that in the interface that receives a routing update, these update information will not be transmitted repeatedly.
Configuring RIP
The RIP configuration covers: basic configuration, enhanced configuration and version configuration.
126
Chapter 14
RIP Configuration
Basic Configuration
1. Start RIP
router rip
Global
Start RIP routing process
2. Define interface
network <ip-address> <net-mask>
Route RIP
Select route and specify network table for RIP
Enhanced Configuration
1. Adjust the timer
timers basic <update> <invalid> <holddown> <flush>
Route RIP
Adjust RIP network timer
Many RIP characteristics can be self-defined to adapt to any network environment. Although in most cases, it is not necessary to modify the default value of the timer, sometimes, adjusting timer can improve the protocol performance. 2. Change inter-message-group delay transmitted by RIP update
output-delay <packets> <delay>
Route RIP
Change inter-message-group delay transmitted by RIP update
3. Define the adjacent router exchanging routing information with this router
neighbor <ip-address>
Route RIP
Define the adjacent router exchanging routing information with this router
4. Configure authentication In order to strengthen the security of routing process, configure RIP authentication in the router. Set interface password; the network neighborhood must use the same password in the network. RIPv1does not support authentication.
ip rip authentication key <key>
VLAN interface
Specify the password value for interface simple text authentication
127
ip rip authentication mode {text|md5}
VLAN interface
Specify the authentication type for RIP message packet
5. Enable split horizon mechanism

ip split-horizon
VLAN interface
Make split-horizon mechanism valid
6. Enable poison reverse mechanism

ip poison-reverse
VLAN interface
Make poison reverse mechanism valid
7. Redistribute route from a route domain to RIP route domain

redistribute <protocol> [metric <metric-value>] [route-map <map-tag>]
Route RIP
Redistribute route from a route domain to RIP route domain
8. Set the default metric, which is adopted when redistributing routes generated by other protocols to be RIP routes
default-metric <metric-value>
Route RIP
Set the default metric, which is adopted when redistributing routes generated by other protocols to be RIP routes
Version:
ZXR10 T160G/T64G supports both RIPv1 and RIPv2; RIPv2 is applied by default. The following commands can be applied to designate RIP versions received or transmitted by router.
version {1|2} ip rip receive version {1|2} [1|2] ip rip send version {1|2 {broadcast|multicast}}
Route RIP VLAN interface VLAN interface
Specify RIP version for router global use Specify the RIP version received in the interface Specify the RIP version transmitted in the interface
Instances of configuring RIP

As shown in Figure 45, run RIP in R1 and R2.
128 Confidential and Proprietary Information of ZTE CORPORATION
Chapter 14
RIP Configuration
FIGURE 45 BASIC RIP CONFIGURATION

10.1.0.1/16 192.168.1.2/24
R1
192.168.1.1/24
R2
10.2.0.1/16
R1 configuration:
ZXR10_R1(config)#router rip ZXR10_R1(config-router)#network 10.1.0.0 0.0.255.255 ZXR10_R1(config-router)#network 192.168.1.0 0.0.0.255
R2 configuration:
ZXR10_R2(config)#router rip ZXR10_R2(config-router)#network 10.2.0.0 0.0.255.255 ZXR10_R2(config-router)#network 192.168.1.0 0.0.0.255
RIP Maintenance and Diagnosis

ZXR10 T160G/T64G provides show command to implement maintenance and diagnosis. The frequently used commands in RIP maintenance and diagnosis are presented as follows: 1. Show protocol information
show ip rip [vrf <vrf-name>]
All modes
Show basic running RIP
information
of
2. Examine RIP interface

show ip rip interface [vrf <vrf-name>]<interface-name>
All modes
Show current configuration and status of RIP interface
3. Show RIP neighbor

show ip rip neighbors
All modes
Show information configured neighbors
of
all
4. Show routing entry database

show ip rip database[vrf <vrf-name>] [network <ip-address>
All modes
Show routing entries generated by RIP protocol
129
[mask <net-mask>]]
5. Show all RIP interface information configured by user command

show ip rip networks[vrf <vrf-name>]
All modes
Show all RIP interface information configured by user command
ZXR10 T160G/T64G also provides debug command to debug RIP protocol, tracing related information. For example:
debug ip rip debug ip rip database
Privileged Privileged
Trace RIP basic process of transmitting and receiving packet Trace the change process of RIP routing table
The debugging output example of debug ip rip command

ZXR10#debug ip rip RIP protocol debugging is on ZXR10# 11:01:28: RIP: building update entries 130.1.0.0/16 via 0.0.0.0, metric 1, tag 0 130.1.1.0/24 via 0.0.0.0, metric 1, tag 0 177.0.0.0/9 via 0.0.0.0, metric 1, tag 0 193.1.168.0/24 via 0.0.0.0, metric 1, tag 0 197.1.0.0/16 via 0.0.0.0, metric 1, tag 0 199.2.0.0/16 via 0.0.0.0, metric 1, tag 0 202.119.8.0/24 via 0.0.0.0, metric 1, tag 0 11:01:28: RIP: sending v2 periodic update to 224.0.0.9 via vlan10 (193.1.1.111) 130.1.0.0/16 via 0.0.0.0, metric 1, tag 0 130.1.1.0/24 via 0.0.0.0, metric 1, tag 0 177.0.0.0/9 via 0.0.0.0, metric 1, tag 0 193.1.1.0/24 via 0.0.0.0, metric 1, tag 0 11:01:28: RIP: sending v2 periodic update to 193.1.168.95 via vlan20 (193.1.168.111) 11:01:28: RIP: sending v2 periodic update to 193.1.168.86 via vlan20 (193.1.168.111) 11:01:28: RIP: sending v2 periodic update to 193.1.168.77 via vlan20 (193.1.168.111) 11:01:28: RIP: sending v2 periodic update to 193.1.168.68 via vlan20 (193.1.168.111)
130
Chapter
15
OSPF Configuration
OSPF is the abbreviation of Open Shortest Path First. OSPF protocol is a link status routing protocol, which satisfies the demands of large-scaled and extensible network that cannot be solved by distance vector routing protocol like RIP. In this chapter, you will learn about: OSPF overview Configuring OSPF Instances of configuring OSPF OSPF Maintenance and Diagnosis
OSPF overview
OSPF Fundamental
OSPF (Open Shortest Path First) is one of the most popular and widely-used protocols presently. OSPF is a link-state protocol, which overcomes the disadvantages of RIP and other distance-vector protocols. OSPF is an open standard, which makes devices of different vendors interconnect with each other via protocol. OSPF version 1 is defined in RFC1131. Currently used OSPF version 2 , is defined in RFC2328. ZXR10 T160G/T64G completely supports OSPF version 2. OSPF has the following characteristics: Fast convergence, ensure database synchronization via fast diffusing link state update, and calculates routing table synchronously. Loop-free, ensure that no loop generated via SPF algorithm. Aggregation, reduce size of routing table. Totally classless, supports Variable Length Subnet Mask (VLSM) and Classless Inter-Domain Routing (CIDR)
131
Reduce the required network bandwidth; for trigger update mechanism is adopted, only when the network changes, the update information will be transmitted. Supports interface packet authentication, ensuring security of routing calculation Transmit update via multicast mode, which reduces interference against irrelated network devices while broadcasting.
OSPF Algorithm
OSPF is a link-state protocol, so OSPF router generates routing table via creating link-state database, which contains information of all networks and routers. Routers use the information to create routing table; all routers must have an identical link-state database to ensure reliability. Link-state database is built according to link state advertisement (LSA), and LSA is generated by each router and spreads in the whole OSPF network. LSA has a lot of categories; integrated LSA aggregation will present the precise distribution diagram of the whole network for routers OSPF uses cost as its metric. The cost is distributed to each interface of the router; by default, the cost of an interface is calculated automatically with the reference of 100M. The path cost to a specific destination is the sum of all link costs from the router to destination. In order to generate routing table from LSA database, the router runs Dijkstra SPF algorithm to construct a cost routing tree, the router itself serves as the root of the routing tree. Dijkstra algorithm makes the router calculate the lowest-cost-path to each node in the network, and the router saves the routes of these paths to routing table. Unlike RIP, OSPF doesnt simply broadcast all routing information periodically. OSPF router uses calling message to let neighbors know that it is alive. If a router doesnt receive hello packets from neighbors in a specific period, it indicates that the neighbor may not be functional. OSPF routing-update is increasing; usually the router sends update information only when the topology is changing. When the age of LSA reaches 1800 seconds, retransmit a new version of the LSA.
OSPF Network Types

The type of the network connected to an interface is for judging the OSPF default activities in the interface. The network type will affect the formation of adjacency and the method that the router distributes timer to the interface. The following five network types are available in OSPF: Broadcast Non-broadcast Multi-access, NBMA Point-to-Point Point-to-Multipoint
132
Chapter 15
OSPF Configuration
Virtual Links
Hello Packet and Timer

OSPF router exchanges Hello packet at a certain interval, whose function is to keep alive among neighbors. Hello packet can detect OSPF neighbor, create association and adjacency among neighbors, and select designated router. In broadcast, point-to-point, point-to-multipoint network types, Hello packets are multicast packets; in NBMA network and virtual links, Hello packets unicast to neighbor router. OSPF uses three kinds of hello-packet-related timers: Calling Interval Calling interval is a property of interface, which defines the interval of sending hello packets by the router from each interface. The default calling interval is determined by the network type. In the broadcast and point-to-point network, the default calling interval is 10 seconds; while in NBMA and point-to-multipoint network, the default calling interval is 30 seconds. The adjacent routers must accept the length of calling interval so as to become neighbors. Router dead-interval The router dead-interval refers to the waiting time from the router receiving the last hello packet from neighbor to the router detecting that the neighbor is offline. The default router dead-interval is four times of calling interval, which is applicable to all network types. Poll Interval Poll interval is only applied in NBMA network.
OSPF Neighbor
OSPF neighbor is a group of routers in the same network; these routers stipulated some configuration parameters. The routers must be neighbors then they can become adjacent with neighbor. Analyze hello packets mutually when the routers form neighbor relationship, to make sure that the required parameters are stipulated. The parameters cover: Area ID, area flag, authentication information, calling interval, and router dead interval.
Adjacency and Designated Router

When two routers become adjacent, they can exchange routing information. The network type connecting routers determines whether two routers become adjacent. Point-to-point network and virtual link have only two routers, so the routers become adjacent automatically. Point-to-multipoint network can be considered to be the aggregation of point-to-point network, every pair of routers become adjacent.
133
In the broadcast and NBMA network, neighbors not necessarily become adjacent. If all the n routers in a network formed adjacency, every router has (n-1) adjacencies, and there will be n (n-1)/2 adjacencies in the network. In a big multi-access network, if every router has to trace so many adjacencies, the burden of the router will be quite heavy, at the same time, routing information in each pair of adjacent routers will waste plenty of network bandwidth. Therefore, OSPF defines a designated router (DR) and a backup designated router (BDR). DR and BDR must establish adjacency with every OSPF router, and every OSPF router only forms adjacency with DR and BDR. If DR stop working, BDR will become DR.
Router Priority and DR Election

Every router has a priority, which will affect the routers capability of becoming DR or BDR in the connected network. The router priority is indicated by octet unsigned integer, with the range of 0~255, defaults to 1. In DR election, the router with the highest priority will become the DR. When the priorities are the same, the router with the highest election IP address is the DR. The router with the priority of 0 cannot become DR or BDR.
OSPF Area
OSPF divides the network into several minor parts to reduce the information size each router saved and maintained. Every router must have the integrated information of the area it resides in. Each area shares information; routing information can be filtrated, which can reduce the size of routing information saved in the router. One area is identified with 32-bit unsigned number. Area 0 is reserved to identify backbone network, all other areas must be connected with area 0. An OSPF network must have a backbone area. Routers can be one or multiple of the following types according to its tasks in the area, as shown in Figure 46.
FIGURE 46 OSPF ROUTER TYPES
Area 1
Internal Router
Area2 Area 0 ABR

Backbone Router
Backbone Router
Backbone Router
ASBR RIP
Internal router: A router that has all of its interfaces within the same area
134
Chapter 15
OSPF Configuration
Backbone router: A router that has at least one interface in area zero. Area Border Router (ABR): A router has at least one interface in area 0 and at least one interface in other area. Autonomous System Border Routers (ASBR): The router connects an AS running OSPF to another AS running other protocols (such as RIP or IGRP).
LSA Types and Diffusion

LSA is the way of exchanging information for link state database between OSPF routers, the router uses LSA to construct a precise and complete network view, and generates routes used in the routing table. ZXR10 T160G/T64G supports 6 types of LSA. They are respectively: Type 1: Router LSA Type 2: Network LSA Type 3: Network summary LSA Type 4: ASBR summary LSA Type 5: AS external LSA Type 7: NSSA external LSA The OSPF operation is determined by all the routers in an area sharing a public link state database, hence, all LSA need to be diffused via this area, at the same time, processing must be reliable. Every router receiving LSA of specific area will diffuse it to other interfaces belonging to this area. LSA has no its own message, which are contained in the Link State Update (LSU) messages, several LSA can be contained in one LSU. When the router receives a LSU, it separates the messages from LSA and input them into its own database rather than simply transmitting the message. Meanwhile, the router constructs its own LSU and transmits the updated LSU to its adjacent neighbors. The OSPF uses Link State Acknowledgements (LSAck) to confirm that whether each LSA is received by the neighbor successfully. An LSAck has identified LSA header, which provides efficient information to identify an LSA uniquely. When a router sends an LSA to an interface, the LSA will be recorded in the retransmission queue of the interface. The router will wait for the maximum interval to receive the LSAck of the LSA. If it failed to receive LSAck in the stipulated time, the router will retransmit the LSA. The router can adopt unicast or multicast to transmit old LSU, but the retransmitted LSU is unicast.
Stub Area and Totally Stubby Area

When ASBR is not available in a non-backbone, the router has only one path to AS external network, namely, via ABR. Therefore, routers in these areas will transmit the LSA which are transmitted toward AS external unknown hosts to ABR. As a result, type 5 LSA is not required to be diffused to the area, and in this area, there is no LSA of type 4. This kind of area type is called Stub Area.
135
In a stub area, all routers must be configured to be stub routers. Hello packet contains a stub area flag bit, which must be consistent in the neighbors. The ABR in the stub area can filter type 5 LSA to prevent them from releasing in the stub area. At the same time, ABR will generate a type 3 LSA, notifying a default route reached AS external destination address. If the ABR also filters type 3 LSA, and notifies a default route reached area external destination address. This kind of area is called Totally Stubby Area.
Not-So-Stubby Area
Routers in stub area dont permit type 5 LSA, so ASBR is not a part of stub area. However, we may expect a stub area with ASBR, in which, the router receives AS external routes from the ASBR in this area, but external routing information from other areas will be blocked. So, OSPF defines Not-So-Stubby Area (NSSA). In an NSSA, ASBR generates type 7 LSA instead of type 5 LSA. The ABR cannot transmit type 7 LSA to other OSPF area. On the one hand, it blocks the external routers from reaching the NSSA area, on the other hand, convert type 7 LSA into type 5 LSA.
OSPF Authentication
Authentication can be applied in packet switching between two OSPF neighbors. The neighbors must agree on authentication type, which is contained in all packets. Authentication 0 indicates no authentication, 1 indicates simple password authentication and 2 indicates MD5 password authentication. When configuring simple password authentication, one interface allows only one password, the password of each interface can be different, but in a specific network, every interface must have identical password. Simple password is transmitted by OSPF packets via clear text.
Configuring OSPF
The OSPF configuration can be either simple or complicated. ZXR10 T160G/T64G supports many OSPF complicated options, to satisfy the requirements of various networks.
Basic Configuration
Enable OSPF
Command format
Command Mode
Command function
136
Chapter 15
OSPF Configuration
router ospf <process-id>
Global
Enable OSPF routing process
Define interface
network <ip-address> <wildcard-mask> area <area-id>
Router OSPF
Define the interface running OSPF protocol and the area ID of the interface, if the area does not exit, it will be created automatically
The network command will traverse all interfaces, if the interface belongs to the specified range of <address> and <wildcard-mask>, add it to the specified OSPF area in the command.
Configure Basic Attributes of Interface

1. Configure interface timer
ip ospf hello-interval <seconds> ip ospf retransmit-interval <seconds> ip ospf transmit-delay <seconds> ip ospf dead-interval <seconds>
VLAN interface VLAN interface VLAN interface VLAN interface
Specify the interval of interfaces transmitting Hello message Specify the interval of interfaces retransmitting LSA Specify the delay of interfaces transmitting a link state update packet Specify the neighbors dead time in the interface
Many OSPF characteristics can be self-defined to adapt to any network environment. Although in most cases, it is not necessary to modify the default value of the timer, sometimes, adjusting timer can improve the protocol performance. 2. Configure interface cost
ip ospf cost <cost>
VLAN interface
Show configured interface cost
Note: When using network devices of multiple vendors, make sure that all OSPF can work together. For example, all routers must use the same method to calculate interface cost.
3. Configure interface priority

137
ip ospf priority <priority>
VLAN interface
Configure interface priority
Configure Neighbor Router

The neighbor routers in the non-broadcast network must be set manually. It is necessary to traverse all interfaces, when the neighbor IP address and interface IP address are in the same network segment, mount the neighbor to the interface.
neighbor <ip-address> [cost <cost>] [priority <priority>] [poll-interval <seconds>]
Route OSPF
Configure neighbor router in the non-broadcast network
Set OSPF Area

OSPF uses area to implement hierarchical router. OSPF area covers stub area, totally stubby area, and not-so-stubby area. The backbone area belongs to conversion area.
area <area-id> stub [default-cost <cost>] area <area-id> stub no-summary [default-cost <cost>] area <area-id> nssa [no-redistribution] [default-information-originate [metric <metric-value>] [metric-type <type>]] [no-summary]
Route OSPF Route OSPF Route OSPF
Define an area to be stub area Define an area to be totally stubby area Define an area to not-so-stubby area
Configure Inter-area Route Convergence

One of the reasons of OSPFs prevalence is route convergence. The router convergence can occur between areas or between autonomous systems. The inter-area route convergence occurs in ABR, while inter-autonomous-systems route convergence occurs in ASBR. Configuring stub area can save route resources in the stub area, but for backbone network, it is helpless. When network address distribution in an area is consecutive, configure ABR to advertise a converged route to replace these consecutive single routes. The route convergence can save backbone resources, which can be implemented via advertising a group of network addresses to be a convergence address.
area <area-id> range <ip-address> <net-mask> [advertise|not-advertise]
Route OSPF
Configure the summary address range in the area
138
Chapter 15
OSPF Configuration
Generate Default Route

Configure an ASBR to advertise a default route to the entire OSPF area. A router becomes an ASBR after using redistribution route. By default, the ASBR does not advertise default route to the entire OSPF area automatically. Configure router to notify default route via command, then the router will become ASBR automatically.
notify default route [always] [metric <metric-value>] [metric-type <type>] [route-map <map-tag>]
Route OSPF
Configure ASBR to notify default route to OSPF area
Configure Virtual Link

All areas in the OSPF network must be connected to backbone area directly. It will restrict the area layout, especially when the network is vast. To solve this problem, connect a remote area via other area to backbone area by the means of virtual link. The area that the virtual link crossed must have complete routing information; hence, the area cannot be a stub area.
Command format
Command Mode
Command function
area <area-id> virtual-link <router-id> [hello-interval <seconds>] [retransmit-interval <seconds>] [transmit-delay <seconds>] [dead-interval <seconds>] [authentication-key <key>] [message-digest-key <keyid> md5 <cryptkey> [delay <time>]] [authentication [null|message-digest]]
Route OSPF
Define OSPF virtual link, if the specified area does not exist, it will be created automatically
Redistribute Other Routing Protocols

Different dynamic routing protocols can share routing information via route redistribution. In the OSPF, the routing information of other routing protocol is external routing information of autonomous system. The external routing information of autonomous system can be diffused to the entire OSPF network via OSPF LSA only when it is redistributed to OSPF protocol. Use redistribute command to control that route of other routing protocols redistributes into OSPF autonomous system; the router becomes an ASBR after using the command.
redistribute <protocol> [as <as-number>] [peer <peer-address>] [tag <tag-value>]
Route OSPF
Control importing matched routes of other protocols into OSPF autonomous system; the
139
[metric <metric-value>] [metric-type <type>] [route-map <map-tag>]
router becomes an ASBR after using the command
Configure Route Convergence of Route Redistribution

Every individual route is advertised as an external LSA when routes of other protocols are redistributed to OSPF. Take the external routes as a single route to advertise via convergence, which will significantly reduce the size of OSPF link state database.
summary-address <ip-address> <net-mask>
Route OSPF
Construct convergence address for OSPF; Summarize other routing protocol paths that are being redistributed to OSPF.
Configure OSPF Authentication

In order to enhance the security of routing process in the network, configure OSPF authentication in the router. Set interface password; the network neighborhood must use the same password in the network.
area <area-id> authentication [message-digest] ip ospf authentication [null|message-digest] ip ospf authentication-key <password>
Route OSPF VLAN interface VLAN interface
Enable authentication in the OSPF area Set the type of authentication for the interface Set password for the interface with the type of simple password authentication
Configure Routes Supporting Opaque LSA

In the process of link state database switching, the opaque LSA is contained in database abstract list and transmitted to the adjacent routers that do not support opaque LSA either. When a router floods opaque LSA to adjacent router, it first checks whether the adjacent router supports opaque LSA. The opaque LSA is transmitted to the adjacent routers that support this function; they are added to the link state retransmission list of the adjacent router. When the link state update report is multicast, the adjacent routers that do not support this function will receive this advertisement passively and then simply discard.
Command format
Command Mode
Command function
capability opaque
Route
Make the route support opaque
140
Chapter 15
OSPF Configuration
OSPF
LSA
Modify OSPF Administrative Distance

The administrative distance represents the reliability of information source. Usually the administrative distance is an integer in the range of 0~255, the higher is the value, the lower the reliability is. If the administrative distance is 255, it means that the routing information source is unreliable. ZXR10 T160G/T64G can define the administrative distance of three types of OSPF routes: Internal route, type 1 external route and type 2 external route. By default, the administrative distances of the three types of routes are 110.
distance ospf {[internal <distance>] [ext1 <distance>] [ext2 <distance>]}
Route OSPF
Define route-type-based OSPF route administrative distance
Instances of Configuring OSPF

Basic OSPF Configuration
As shown in Figure 47, run OSPF in routers R1 and R2, divide the network into three areas.
FIGURE 47 BASIC OSPF CONFIGURATION
Area 23
192.168.2.1/24
Area 0
192.168.1.2/24
Area 24
192.168.3.1/24
R1
192.168.1.1/24
R2
R1 configuration:
ZXR10_R1(config)#router ospf 1 ZXR10_R1(config-router)#network 192.168.2.0 0.0.0.255 area 23 ZXR10_R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R2 configuration:
ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 192.168.3.0 0.0.0.255 area 24 ZXR10_R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
141
Configure Multiple-area OSPF

When a single area network is expanded to a specific scale, design the network to be multiple OSPF areas. An instance of configuring multiple-area OSPF is shown in Figure 48.
FIGURE 48 EXAMPLE OF MULTI-ARE A OS PF CONFIGURATION

192.168.0.1/24
BGP Area 0 R3 10.0.0.3/24

10.0.0.2/24 10.0.0.1/24
10.0.1.1/30
R1
R2
10.0.2.1/30
Area 1
10.0.1.2/30
10.0.2.2/30
Area 2 R5
R4 192.168.1.1/24 RIP
The following illustrates the detailed configuration of each router. Area 1 is an NSSA area; R1 is an ABR working between NSSA area 1 and backbone area. R1 advertises a default route to this area. R1 configuration:
ZXR10_R1(config)#interface vlan1 ZXR10_R1(config-if)#ip address 10.0.1.1 255.255.255.252 ZXR10_R1(config-if)#exit ZXR10_R1(config)#interface vlan2 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.255.0 ZXR10_R1(config-if)#exit ZXR10_R1(config)#router ospf 1 ZXR10_R1(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R1(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R1(config-router)#area 0.0.0.1 nssa default-information-originate
Area 2 is a stub area; R2 is an ABR working between area 2 and backbone area. In the stub area, ABR will advertise a default route to stub area automatically. R2 configuration:
ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 10.0.2.1 255.255.255.252
142
Chapter 15
OSPF Configuration
ZXR10_R2(config-if)#exit ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.255.0 ZXR10_R2(config-if)#exit ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config-router)#network 10.0.2.0 0.0.0.3 area 0.0.0.2 ZXR10_R2(config-router)#area 0.0.0.2 stub
R3 is a router working in backbone area 0; externally it connects other autonomous system via BGP. As the exit router of the entire autonomous system, R3 advertises a default route to the entire OSPF area via manual configuration. R3 configuration:
ZXR10_R3(config)#interface vlan1 ZXR10_R3(config-if)#ip address 10.0.0.3 255.255.255.0 ZXR10_R3(config-if)#exit ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 192.168.0.1 255.255.255.0 ZXR10_R3(config-if)#exit ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R3(config-router)#notify default route always
R4 is an ASBR in NSSA area 1; it also runs RIP protocol other than OSPF; RIP protocol can be injected into OSPF via route redistribution. R4 configuration:
ZXR10_R4(config)#interface vlan1 ZXR10_R4(config-if)#ip address 192.168.1.1 255.255.255.0 ZXR10_R4(config-if)#exit ZXR10_R4(config)#interface vlan2 ZXR10_R4(config-if)#ip address 10.0.1.2 255.255.255.252 ZXR10_R4(config-if)#exit ZXR10_R4(config)#router ospf 1 ZXR10_R4(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R4(config-router)#area 0.0.0.1 nssa ZXR10_R4(config-router)#redistribute rip metric 10
R5 is a router working in stub area 2. R5 configuration:

ZXR10_R5(config)#interface vlan1 ZXR10_R5(config-if)#ip address 10.0.2.2 255.255.255.252 ZXR10_R5(config-if)#exit
143
ZXR10_R5(config)#router ospf 1 ZXR10_R5(config-router)#network 10.0.2.0 0.0.0.3 area 0.0.0.2 ZXR10_R5(config-router)#area 0.0.0.2 stub
Configure OSPF Virtual Link

Figure 49 presents an instance of configuring OSPF virtual link.
FIGURE 49 EXAMPLE OF OSPF VIRTUAL LINK CONFIGURATION
Area 0
10.0.0.1/24
R1
10.0.0.2/24
R2
10.0.1.1/30
Area 1
Virtual link
10.0.1.2/30
10.0.2.1/24 R3
Area 2
The following illustrates the detailed configuration of each router. R1 configuration:

ZXR10_R1(config)#interface vlan1 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.255.0 ZXR10_R1(config-if)#exit ZXR10_R1(config)#router ospf 1 ZXR10_R1(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
R2 configuration:
ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.255.0 ZXR10_R2(config-if)#exit ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 10.0.1.1 255.255.255.252 ZXR10_R2(config-if)#exit ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R2(config-router)#area 1 virtual-link 10.0.1.2
144
Chapter 15
OSPF Configuration
R3 configuration:
ZXR10_R3(config)#interface vlan1 ZXR10_R3(config-if)#ip address 10.0.1.2 255.255.255.252 ZXR10_R3(config-if)#exit ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 10.0.2.1 255.255.255.0 ZXR10_R3(config-if)#exit ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R3(config-router)#network 10.0.2.0 0.0.0.255 area 0.0.0.2 ZXR10_R3(config-router)#area 1 virtual-link 10.0.0.2
Configure OSPF Authentication

Figure 50 presents an instance of configuring OSPF authentication. Area 0 adopts clear text authentication mode; area 1 adopts MD5 encryption authentication mode
FIGURE 50 EXAMPLE OF OSPF AUTHENTICATION CONFIGURATION
10.0.0.1/24
Area 0
10.0.0.2/24
R1
Clear Text Authentication
R2
10.0.1.1/30
Area 1
10.0.1.2/30
MD5 Authentication
R3
The following illustrates the static configuration of each router. R1 configuration:

ZXR10_R1(config)#interface vlan1 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.255.0 ZXR10_R1(config-if)#ip ospf authentication-key ZXR10 ZXR10_R1(config-if)#exit ZXR10_R1(config)#router ospf 1 ZXR10_R1(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R1(config-router)#area 0 authentication
R2 configuration:
ZXR10_R2(config)#interface vlan1
145
ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.255.0 ZXR10_R2(config-if)#ip ospf authentication-key ZXR10 ZXR10_R2(config-if)#exit ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 10.0.1.1 255.255.255.252 ZXR10_R2(config-if)#ip ospf message-digest-key 1 md5 ZXR10 ZXR10_R2(config-if)#exit ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R2(config-router)#area 0 authentication ZXR10_R2(config-router)#area 1 authentication message-digest
R3 configuration:
ZXR10_R3(config)#interface vlan1 ZXR10_R3(config-if)#ip address 10.0.1.2 255.255.255.252 ZXR10_R3(config-if)#ip ospf message-digest-key 1 md5 ZXR10 ZXR10_R3(config-if)#exit ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 10.0.2.1 255.255.255.0 ZXR10_R3(config-if)#exit ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R3(config-router)#network 10.0.2.0 0.0.0.255 area 0.0.0.2 ZXR10_R3(config-router)#area 1 authentication message-digest
OSPF Maintenance and Diagnosis

Compared to RIP, OSPF is much more complicated, the troubleshooting of OSPF protocol will be rather difficult, for the same symptom may be caused by various reasons. The frequently used commands in OSPF maintenance and diagnosis are presented as follows: 1. Show protocol information
show ip ospf
All modes
Show the detailed information of OSPF process
2. Examine OSPF interface

146
Chapter 15
OSPF Configuration
show ip ospf interface [<interface-name>] [process <process-id>]
All modes
Show current configuration and status of OSPF interface
3. Show OSPF neighbor

show ip ospf neighbor [interface <interface-name>] [neighbor-id <neighbor>] [process <process-id>]
All modes
Show information neighbor
of
OSPF
The routing information between two routers cannot communicate because the adjacency is not formed. Check whether the neighbor relationship state between two OSPF routers is Full, which is the flag of normal running OSPF protocol. 4. Show link state database
show ip ospf database
All modes
Show all or part information of a link state database
Link state database is the source of all OSPF routes in the IP routing table. Many route problems may be caused by the incorrect information or information losing in the link state database. ZXR10 T160G/T64G provides debug command to debug OSPF protocol, tracing related information. For example:
debug ip ospf adj
Privileged
Turn on the switch of looping back OSPF adjacent events debugging information Turn on the switch of looping back OSPF receiving and transmitting packets events debugging information, monitor receiving and transmitting all OSPF packets Turn on the switch of looping back OSPF generation link state address events debugging information Turn on the switch of looping back OSPF important events debugging information
debug ip ospf packet
Privileged
debug ip ospf lsa-generation
Privileged
debug ip ospf events
Privileged
147
148
Chapter
16
IS-IS Configuration
IS-IS protocol is a routing protocol for connectionless network service (CLNS) developed by International Standardization Organization (ISO). It is a link-state protocol also based on Dijkstra shortest path first (SPF) algorithm. IS-IS is similar to OSPF in many aspects. In this chapter, you will learn about: IS-IS overview Configuring IS-IS Instances of configuring IS-IS IS-IS Maintenance and Diagnosis
IS-IS Overview
Intermediate System-to-Intermediate System (IS-IS) is a routing protocol for Connectionless Network Service developed by ISO. IS-IS is a network layer protocol in OSI protocol. By expanding IS-IS protocol, added the supporting for IP route, formed integrated IS-IS protocol. The IS-IS protocols mentioned presently refer to integrated IS-IS protocol.
IS-IS Fundamental
IS-IS protocol is widely used in network as an IGP. The working mechanism of IS-IS is similar to that of OSPF: Partition the network into areas, in which the router only manages the routing information in the area, thus save the router cost. This feature enables it to adapt to the requirements of large-scaled network. IS-IS protocol is based on CLNS instead of IP, so when the routers are communicating, IS-IS uses Protocol Data Unit (PDU) defined by ISO. The PDU types used in IS-IS include: Hello PDU Link state PDU (LSP) Sequence number PDU (SNP)
149
The Hello PDU is similar to Hello message in OSPF protocol, responsible for forming adjacency between routers, finding new neighbor and detecting whether any neighbor exits. IS-IS routers exchange routing information via link state PDU, create and maintain link state database. One LSP indicates important information related to a router, including area and connected network. Meanwhile, ensure reliability transmission by using SNP. The SNP contains the summary information of every LSP in the network. When the router receives an SNP, it will compare the SNP with the link state database. If the router loses an LSP existed in SNP, it will launch a multicast SNP, requesting the needed LSP to other routers in the network. The coordination of LSP and SNP enables the reliable routing interaction of IS-IS protocol in the large-scaled network. IS-IS protocol also uses Dijkstra SPF to calculate route. The IS-IS uses SPF obtain the optimized route using SPF algorithm according to link state database, and then adds the route IP routing table.
IS-IS Area
The concept of area is introduced in IS-IS for easier link state database management. The router in an area is only responsible for the maintenance of link state database in this area, as a result, the burden of the router is relieved, which is particularly important in large-scaled network. The areas in the IS-IS can be classified into backbone area and non-backbone area: The router in the backbone area possesses the database information of the entire network. The router in the non-backbone area possesses only the information of this area. In response to the area partition, IS-IS defines three types of routers: L1 router: Exists in non-backbone area, interacts routing information with L1 router and L1/L2 router in this area L2 router: Exists in backbone area, interacts routing information with other L2 router and L1/L2 router. L1/L2 router: Exists in non-backbone area, responsible for interacting routing information between this area and backbone area. IS-IS area partition and router types are shown in Figure 51.
150
Chapter 16
IS-IS Configuration
FIGURE 51 IS-IS ARE A DI AGRAM
L1 A L1/L2 Area20 Router L1 B D L2
L2 L1 C L1/L2 E L2 F G Area30 Area10 L1 H
IS-IS Network Types

There are only two types of network types in IS-IS: Broadcast network and Point-to-point network, which makes IS-IS configuration and implementation easier.
DIS and Router Priority

In the broadcast network, similar to OSPF protocol, IS-IS also uses designated router (DIS). The DIS is responsible for advertising network information to all routers in the broadcast network, meanwhile, only one of other routers will be advertised to DIS adjacency. Configure router priority parameter for DIS election, or configure different priorities for L1 and L2. When performing DIS election, the router with high priority will be selected as DIS; when the priorities are the same, for frame relay interface, the router with higher system ID value will be selected as DIS; for Ethernet interface, the router with higher interface MAC value will be selected as DIS.
Configuring IS-IS
IS-IS configuration mentioned here refers to the configuration based on IP route.
Configuring Basic IS-IS

1. Enable IS-IS
router isis
Global
Enable IS-IS routing process
151
2. Specify the IS-IS area and system IS In the IS-IS routing configuration mode, it is required to define an area, specify the router to belong to the area. At the same time, it is required to define a system ID to identify the router in the area, usually, which are indicated with the interface MAC address of the router. By default, the router running IS-IS protocol is identified as LEVEL-1-2, in order to optimize network, it can be modified via command.
area <area-address> system-id <system-id> [range <range-number>]
Route IS-IS Route IS-IS
Set IS-IS area address Set IS-IS system-id
3. Specify the interface to run IS-IS When configuring IS-IS, specify the interface to run IS-IS protocol in the router. After accessing interface mode, specify the interface to run IS-IS.
ip router isis
VLAN interface
Configure IS-IS protocol to run in the interface
Set IS-IS Global Parameters

If what are running in the network are all ZXR10 series switches or routers, when configuring IS-IS, using default parameters will be ok. But when connecting with equipment of other vendors, the related interface parameters and timer may have to be adjusted to make IS-IS protocol run more efficiently in the network. The parameter configuration in IS-IS involves global parameter setup and interface parameter setup. The IS-IS global parameter must be configured in IS-IS route mode, the following describes a few common used global parameter setups. 1. Set IS-IS operation types It is a basic parameter setup in the IS-IS configuration. The purpose is to define the operation type of the router according to actual networking conditions.
is-type {level-1|level-1-2|level-2-only}
Route IS-IS
Set the IS-IS-permitted level
2. Set the PSNP interval The PSNP is usually applied in point-to-point network. The parameter is used to set the transmission interval between two PSNPs, with the default value of 3.
152
Chapter 16
IS-IS Configuration
Command format
Command Mode
Command function
isis psnp-interval <interval> [level-1|level-2]
VLAN interface
Set the transmission interval of PSNP packet
3. Advertise resources insufficient Set the OL flag bit of IS-IS, which is used to advertise other routers running IS-IS when the processing capability of the router is insufficient.
set-overload-bit
Route IS-IS
Set the OL flag bit of IS-IS
4. Generate a Default Route When configuring redistribution of routes, the router needs the following commands to redistribute the default route in the routing entries to IS-IS domain.
default-information originate [always] [metric <metric-value>] [metric-type <type>] [level-1|level-1-2|level-2]
Route IS-IS
Configure the advertisement policy of default routes
5. Route convergence The IS-IS can generate a convergent route to advertise outward after converging part entries of the routing table, rather than advertise detailed route entries. The minimum metric in the converged route entries will be selected as the metric of convergent route
summary-address <ip-address> <net-mask> <metric-value> [level-1|level-1-2|level-2]
Route IS-IS
Set IS-IS summary address
Set IS-IS Interface Parameters

The IS-IS parameter setup in the interface must be performed in the interface mode running IS-IS protocol. The follows describe a few kinds of typical interface parameter setups. 1. Set interface operation types It is a basic parameter setup in the IS-IS configuration, which is used for specifying interface operation type. The value should match the IS-IS global operation type.
isis circuit-type {level-1|level-1-2|level-2-only}
VLAN interface
Configure the types of adjacency that the port can construct
153
2. Set Hello interval

isis hello-interval <interval> [level-1|level-2]
VLAN interface
Configure the interval of the ports transmitting Hello
3. Set Hello Multiplier

isis hello-multiplier <multiplier> [level-1|level-2]
VLAN interface
Configure the multiple of interface keeping time and hello interval
4. Set the LSP interval

isis lsp-interval <interval> [level-1|level-2]
VLAN interface
Set the transmission interval of LSP packet
5. Set the Retransmit interval

isis retrasmit-interval <interval> [level-1|level-2]
VLAN interface
Set the retransmission interval of LSP packet
6. Set the priority

isis priority <priority> [level-1|level-2]
VLAN interface
Configure the DIS election priority of the interface
7. Set IS-IS Interface metrics It is applied to set the metric when the interface participates IS-IS SPF calculation, different metrics can be set for L1 and L2 in the same interface. The default value is 10.
isis metric <metric-value> [level-1|level-2]
VLAN interface
Configure the interface metric
8. Set the CSNP interval It is applied to set CSNP packet interval. In the broadcast network, the default value is 10; in the point-to-point network, the default value is 3600.
isis csnp-interval <interval> [level-1|level-2]
VLAN interface
Set the transmission interval of CSNP packet
154
Chapter 16
IS-IS Configuration
Configuring IS-IS Authentication

ZXR10 T160G/T64G supports clear text authentication and MD5 encryption authentication. Use the following commands to select authentication mode.
isis authentication-type {text|md5} [level-1|level-2] authentication-type {text|md5} [level-1|level-2]
VLAN interface Route IS-IS
Set the interface authentication mode Set the LSP authentication mode message
For each authentication mode, ZXR10 T160G/T64G supports the following three types of IS-IS authentication: Interface authentication LSP authentication SNP authentication 1. Interface authentication
isis authentication <key> [level-1|level-2]
VLAN interface
Set ADJ authentication
2. LSP authentication
authentication <key> [level-1|level-2]
Route IS-IS
Set LSP authentication of IS-IS
3. SNP authentication
set-snp-authentication
Route IS-IS
Set SNP PDU authentication
Example: Configure SNP authentication, whose authentication string is welcome

ZXR10(config)#router isis ZXR10(config-router)#authentication welcome ZXR10(config-router)#set-snp-authentication
155
Instances of Configuring IS-IS

Single-Area IS-IS Configuration
Analyze the entire network before configuring IS-IS, and then determine the network topology according to the network size, whether dividing multiple areas is needed, whether multiple routing protocols are running in the network. The following illustrates the basic configuration of IS-IS protocol taking sing-area network as an example, as shown in Figure 52.
FIGURE 52 IS-IS CONFIGURATION IN SINGLE ARE A
192.168.2.1/24
192.168.2.2/24 192.168.6.1/24 R2
R1 192.168.1.1/24
Area 1
In the above figure, R1 and R2 comprise area 1, running IS-IS protocol. The detailed configuration is as follows: R1 configuration:
ZXR10_R1(config)#router isis ZXR10_R1(config-router)#area 01 ZXR10_R1(config-router)#system-id 00D0.D0C7.53E0 ZXR10_R1(config-router)#exit ZXR10_R1(config)#interface vlan4 ZXR10_R1(config-if)#ip address 192.168.2.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config)#interface vlan6 ZXR10_R1(config-if)#ip address 192.168.1.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis
R2 configuration:
ZXR10_R2(config)#router isis ZXR10_R2(config-router)#area 01 ZXR10_R2(config-router)#system-id 00D0.D0C7.5460 ZXR10_R2(config-router)#exit ZXR10_R2(config)#interface vlan4 ZXR10_R2(config-if)#ip address 192.168.2.2 255.255.255.0 ZXR10_R2(config-if)#ip router isis ZXR10_R2(config)#interface vlan3
156
Chapter 16
IS-IS Configuration
ZXR10_R2(config-if)#ip address 192.168.6.1 255.255.255.0 ZXR10_R2(config-if)#ip router isis
Multiple-Area IS-IS Configuration

When the network is vast, we should consider using multiple areas in the IS-IS. Divide the similar routers into the same area according to the zone and functionality; the partition of area is helpful in reducing memory requirement. It makes the router in this area maintain relatively smaller link state database. Figure 53 is an instance of configuring multiple-area IS-IS.
FIGURE 53 IS-IS CONFIGURATION IN MULTI ARE A
R2
192.168.10.0/24 192.168.12.0/24
R3
192.168.11.0/24
R4
192.168.16.0/24 192.168.14.1/24
192.168.15.0/24 192.168.100.1/24
Area 0
192.168.101.1/24
R1 192.168.102.1/24
R5
192.168.13.0/24 R6
Area 1
Area 2
Where, R1 belongs to area 1; R2, R3 and R4 belong to area 0; R5 and R6 belong to area 2. In R1, perform route convergence to network segment in area 1. In R6, redistribute the default route to IS-IS. The following illustrates the detailed configuration of each router in the figure. R1 configuration:
ZXR10_R1(config)#router isis ZXR10_R1(config-router)#area 01 ZXR10_R1(config-router)#system-id 00D0.D0C7.53E0 ZXR10_R1(config-router)#is-type LEVEL-1-2 ZXR10_R1(config-router)#exit ZXR10_R1(config)#interface vlan4 ZXR10_R1(config-if)#ip address 192.168.15.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config-if)#isis circuit-type LEVEL-2
157
ZXR10_R1(config-router)#exit ZXR10_R1(config)#interface vlan6 ZXR10_R1(config-if)#ip address 192.168.100.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config-if)#isis circuit-type LEVEL-1 ZXR10_R1(config-if)#exit ZXR10_R1(config)#interface vlan7 ZXR10_R1(config-if)#ip address 192.168.101.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config-if)#isis circuit-type LEVEL-1 ZXR10_R1(config-if)#exit ZXR10_R1(config)#interface vlan8 ZXR10_R1(config-if)#ip address 192.168.102.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config-if)#isis circuit-type LEVEL-1 ZXR10_R1(config-if)#exit ZXR10_R1(config)#router isis ZXR10_R1(config-router)#summary-address 192.168.100.0 255.255.252.0 10
R2 configuration:
ZXR10_R2(config)#router isis ZXR10_R2(config-router)#area 00 ZXR10_R2(config-router)#system-id 00D0.E0D7.53E0 ZXR10_R2(config-router)#is-type LEVEL-2 ZXR10_R2(config-router)#exit ZXR10_R2(config)#interface vlan4 ZXR10_R2(config-if)#ip address 192.168.10.2 255.255.255.0 ZXR10_R2(config-if)#ip router isis ZXR10_R2(config-if)#isis circuit-type LEVEL-2 ZXR10_R2(config-router)#exit ZXR10_R2(config)#interface vlan6 ZXR10_R2(config-if)#ip address 192.168.12.2 255.255.255.0 ZXR10_R2(config-if)#ip router isis ZXR10_R2(config-if)#isis circuit-type LEVEL-2 ZXR10_R2(config-if)#exit
R3 configuration:
ZXR10_R3(config)#router isis ZXR10_R3(config-router)#area 00 ZXR10_R3(config-router)#system-id 00D0.E0C7.53E0 ZXR10_R3(config-router)#is-type LEVEL-2 ZXR10_R3(config-router)#exit ZXR10_R3(config)#interface vlan4 ZXR10_R3(config-if)#ip address 192.168.15.3 255.255.255.0
158
Chapter 16
IS-IS Configuration
ZXR10_R3(config-if)#ip router isis ZXR10_R3(config-if)#isis circuit-type LEVEL-2 ZXR10_R3(config-router)#exit ZXR10_R3(config)#interface vlan6 ZXR10_R3(config-if)#ip address 192.168.10.3 255.255.255.0 ZXR10_R3(config-if)#ip router isis ZXR10_R3(config-if)#isis circuit-type LEVEL-2 ZXR10_R3(config-if)#exit ZXR10_R3(config)#interface vlan7 ZXR10_R3(config-if)#ip address 192.168.11.3 255.255.255.0 ZXR10_R3(config-if)#ip router isis ZXR10_R3(config-if)#isis circuit-type LEVEL-2 ZXR10_R3(config-if)#exit
R4 configuration:
ZXR10_R4(config)#router isis ZXR10_R4(config-router)#area 00 ZXR10_R4(config-router)#system-id 00D0.E0E7.53E0 ZXR10_R4(config-router)#is-type LEVEL-2 ZXR10_R4(config-router)#exit ZXR10_R4(config)#interface vlan4 ZXR10_R4(config-if)#ip address 192.168.12.4 255.255.255.0 ZXR10_R4(config-if)#ip router isis ZXR10_R4(config-if)#isis circuit-type LEVEL-2 ZXR10_R4(config-router)#exit ZXR10_R4(config)#interface vlan6 ZXR10_R4(config-if)#ip address 192.168.11.4 255.255.255.0 ZXR10_R4(config-if)#ip router isis ZXR10_R4(config-if)#isis circuit-type LEVEL-2 ZXR10_R4(config-if)#exit ZXR10_R4(config)#interface vlan7 ZXR10_R4(config-if)#ip address 192.168.16.4 255.255.255.0 ZXR10_R4(config-if)#ip router isis ZXR10_R4(config-if)#isis circuit-type LEVEL-2 ZXR10_R4(config-if)#exit
R5 configuration:
ZXR10_R5(config)#router isis ZXR10_R5(config-router)#area 02 ZXR10_R5(config-router)#system-id 00D0.D0CF.53E0 ZXR10_R5(config-router)#is-type LEVEL-1-2 ZXR10_R5(config-router)#exit ZXR10_R5(config)#interface vlan4 ZXR10_R5(config-if)#ip address 192.168.16.5 255.255.255.0
159
ZXR10_R5(config-if)#ip router isis ZXR10_R5(config-if)#isis circuit-type LEVEL-2 ZXR10_R5(config-router)#exit ZXR10_R5(config)#interface vlan6 ZXR10_R5(config-if)#ip address 192.168.13.5 255.255.255.0 ZXR10_R5(config-if)#ip router isis ZXR10_R5(config-if)#isis circuit-type LEVEL-1 ZXR10_R5(config-if)#exit
R6 configuration:
ZXR10_R6(config)#router isis ZXR10_R6(config-router)#area 02 ZXR10_R6(config-router)#system-id 00D0.0ECD.53E0 ZXR10_R6(config-router)#is-type LEVEL-1 ZXR10_R6(config-router)#exit ZXR10_R6(config)#interface vlan4 ZXR10_R6(config-if)#ip address 192.168.13.6 255.255.255.0 ZXR10_R6(config-if)#ip router isis ZXR10_R6(config-if)#isis circuit-type LEVEL-1 ZXR10_R6(config-router)#exit ZXR10_R6(config)#interface vlan8 ZXR10_R6(config-if)#ip address 192.168.14.1 255.255.255.0 ZXR10_R6(config-if)#exit ZXR10_R6(config)#ip route 0.0.0.0 0.0.0.0 192.168.14.10 ZXR10_R6(config)#router isis ZXR10_R6(config-router)#default-information originate ZXR10_R6(config-router)#redistribute protocol static metric 10 ZXR10_R6(config-router)#end ZXR10_R6#
IS-IS Maintenance and Diagnosis

ZXR10 T160G/T64G provides show command to help diagnose IS-IS fault. The frequently used commands in IS-IS maintenance and diagnosis are presented as follows: 1. Show adjacency, display current neighbor state
show isis adjacency [level-1|level-2]
All modes
Show the current neighbors
2. Show the current IS-IS interface information
160
Chapter 16
IS-IS Configuration
Command format
Command Mode
Command function
show isis circuits [detail]
All modes
Show the current IS-IS interface
3. Show the current IS-IS database information

show isis database [level-1|level-2] [detail]
All modes
Show the current IS-IS database
4. Show the current IS-IS topology

show isis topology [level-1|level-2]
All modes
Show the current IS-IS topology
ZXR10 T160G/T64G provides some debug commands other than show commands mentioned above, for practical application. For example:
debug isis adj-packets
Privileged
Trace and show the hello message IS-IS received and transmitted Trace and show SNP message that IS-IS received and transmitted and related processing events Trace and show IS-IS routing calculation event debugging information Trace and show IS-IS LSP packet processing event debugging information
debug isis snp-packets
Privileged
debug isis spf-events
Privileged
debug isis update-packets
Privileged
161
162
Chapter
17
BGP Configuration
Border Gateway Protocol (BGP) is an inter-domain routing protocol. BGP-4 is widely used on the Internet to communicate network information about available paths and networks. In this chapter, you will learn about: BGP Overview Configuring BGP Example of Configuring BGP BGP Maintenance and Diagnosis
BGP Overview
BGP is an inter-domain routing protocol between AS. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (AS) that reachability information traverses. This information is sufficient to construct a graph of AS connectivity from which routing loops may be pruned and some policy decisions at the AS level may be enforced. BGP-4 is defined in RFC1771. It supports the implementation of CIDR, supernet and subnet and the route aggregation and filtering. BGP-4 is widely used on the Internet. Sessions established by BGP routers in different ASs are called EBGP sessions. Sessions established by the internal BGP routers in the same AS are called IBGP sessions. The administration area that allows independent routing policies is called Autonomous System (AS). A primary feature of AS is that an AS has a unified internal route differing from other ASs, and presents the same topology to the reachable destinations through which it passes. The indicator of an AS is a 16-bit value ranging from 1~65535, in which 1~32767 are allocatable, 32768~64511 are reserved temporarily, and 64512~65534 are used for private ASs (similar to the private IP addresses).
163
BGP runs over reliable transmission protocols with TCP as its lower layer protocol on port 179. A TCP connection should be established first between the routers running BGP. All the routing table information is exchanged via message authentication. When the routing table is changed later, route update information will be sent to all the BGP neighbors, by which the routing information will be extended until the routing information is available in the entire network. The destination network related BGP update information sent by the router to its peers include the BGP metric related information, which is called path attribute. Path attribute is classified into four categories: 1. Well-known mandatory: These attributes should be included in the router description. AS-path Next-hop Origin 2. Well-known discretionary: These attributes are not necessary in the router description. Local preference Atomic aggregate 3. Optional transitive: These attributes are not required to be supported by all the BGP implementations. If supported, they will be transmitted to BGP neighbors. Those not supported by the local router should be transmitted continuously to other BGP routers. Aggregator Community 4. Optional non-transitive: This attribute indicates it should be deleted from the routers that do not support it. Multi-exit-discriminator (MED) In addition to these attributes, weight attribute (Cisco defined) is also a common attribute.
Configuring BGP
Basic BGP Configuration
d To enable the BGP protocol on a router, follow the three steps:
1. Enable BGP process
Command format router bgp <as-number> Command mode Global Command function Enables BGP routing process
164
Chapter 17
BGP Configuration
2. Configure BGP neighbor

Command format neighbor <ip-address> remote-as <number> Command mode Routing BGP Command function Configures a BGP neighbor
3. Advertise a network using BGP

Command format network <ip-address> <net-mask> Command mode Routing BGP Command function Specifies a network table for the BGP routing process
Figure 54 shows an example of BGP configuration, where R1 resides in AS 100 and R2 resides in AS 200.
FIGURE 54 BASIC BGP CONFIGURATION
182.16.0.0/16 10.1.1.1/30
182.17.0.0/16
R1 AS100
10.1.1.2/30
R2 AS200
Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 10.1.1.1 remote-as 200 ZXR10_R1(config-router)#network 182.16.0.0 255.255.0.0
Configuration of R2
ZXR10_R2(config)#router bgp 200 ZXR10_R2(config-router)#neighbor 10.1.1.2 remote-as 100 ZXR10_R3(config-router)#network 182.17.0.0 255.255.0.0
In the configurations above, R1 and R2 define the other party as a BGP neighbor each other. Since R1 and R2 reside in different ASs, an EBGP session will be established. R1 will advertise network 182.16.0.0/16. R2 will advertise network 182.17.0.0/16.
Advertising BGP Routes

In the above description, the network command is used to advertise BGP routers. Generally, BGP routers can be advertised in three ways after a BGP neighbor is established: 1. Use the network command to advertise a router In BGP, the network command can be used to advertise the networks known by the local router. Known networks include the networks that can
165
be learnt via direct connections, static routes and dynamic routes. The use of the network command in BGP is different from the use in IGP. 2. Use the redistribute command to re-distribute the routes learnt by other routing protocols to BGP.
Command format redistribute <protocol> [metric [route-map <metric-value>] <map-tag>] Command mode Command function Re-distributes the routes obtained by other routing protocols into the BGP routing table
Routing BGP
The redistribute command can be used to re-distribute the routes learnt by the IGP protocols (RIP, OSPF, IS-IS) into BGP. When using the redistribute command, make sure to prevent the routes learnt by IGP from BGP from being re-distributed into BGP. Use the filtering command to prevent the loop from occurring if necessary. 3. Distribute static routes into BGP The route source of the static routes re-distributed into BGP is shown as incomplete in the routing table. The following example advertises routes in BGP via route re-distribution. See Figure 55 for the network topology.
FIGURE 55 ADVERTISING BGP ROUTES

AS300
R4
1.1.1.1/24
AS100 R1
129.213.198.0/24
R2
175.220.0.0/24
R3 AS200
Configuration of R3
ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 175.220.0.0 0.0.0.255 area 0 ZXR10_R3(config)#router bgp 200 ZXR10_R3(config-router)#neighbor 1.1.1.1 remote-as 300 ZXR10_R3(config-router)#redistribute ospf
166
Chapter 17
BGP Configuration
Advertising BGP Aggregation

BGP can aggregate several pieces of learnt routing information into one piece of information and advertise it to the outside, greatly reducing the number of route entries in the routing table.
Command format aggregate-address <ip-address> [count <count>] <net-mask> [as-set] [summary-only] [strict] Command mode Routing BGP Command function Creates an aggregation policy in the BGP routing table
The following is an example of route aggregation. R1 and R2 advertise route 170.20.0.0/16 and 170.10.0.0/16 respectively, as shown in Figure 56. R3 aggregates the two pieces of routing information into 170.0.0.0/8 and advertises it to R4. After configuring aggregation, the R4 routing table can only learn the aggregated route 170.0.0.0/8.
FIGURE 56 ADVERTISiNG BGP AGGREG ATION
AS100
170.20.0.0/16 2.2.2.0/24
AS300
AS200
170.10.0.0/16 3.3.3.0/24
R1
R3
4.4.4.0/24
R2
R4 AS400
Configuration of R1
ZXR10_R1(config)#interface vlan1 ZXR10_R1(config-if)#ip address 2.2.2.2 255.0.0.0 ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#network 170.20.0.0 255.255.0.0 ZXR10_R1(config-router)#neighbor 2.2.2.1 remote-as 300
Configuration of R2
ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 3.3.3.3 255.0.0.0 ZXR10_R2(config)#router bgp 200 ZXR10_R2(config-router)#network 170.10.0.0 255.255.0.0 ZXR10_R2(config-router)#neighbor 3.3.3.1 remote-as 300
Configuration of R3
ZXR10_R3(config)#interface vlan1
167
ZXR10_R3(config-if)#ip address 2.2.2.1 255.0.0.0 ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 3.3.3.1 255.0.0.0 ZXR10_R3(config)#interface vlan3 ZXR10_R3(config-if)#ip address 4.4.4.1 255.0.0.0 ZXR10_R3(config)#router bgp 300 ZXR10_R3(config-router)#neighbor 2.2.2.2 remote-as 100 ZXR10_R3(config-router)#neighbor 3.3.3.3 remote-as 200 ZXR10_R3(config-router)#neighbor 4.4.4.4 remote-as 400 ZXR10_R3(config-router)#aggregate-address 170.0.0.0 255.0.0.0 summary-only
R3 has learnt routes 170.20.0.0 and 170.10.0.0, but it advertises aggregate route 170.0.0.0/8 only. Note the summary-only parameter in the aggregate advertisement commands. If the parameter is not included, R3 will advertise the specific routes in addition to the aggregate route. Configuration of R4
ZXR10_R4(config)#interface vlan1 ZXR10_R4(config-if)#ip address 4.4.4.4 255.0.0.0 ZXR10_R4(config)#router bgp 400 ZXR10_R4(config-router)#neighbor 4.4.4.1 remote-as 300
Configuring EBGP Multihop

Generally, EBGP neighbors should be established on the straight-through interfaces of two routers. To establish EBGP neighbors on the interfaces that are not directly connected, use the multihop command to configure EBGP multihop. In addition, appropriate IGP or static route configuration is required to enable the interworking of these neighbors.
Command format neighbor <ip-address> ebgp-multihop [ttl <value>] Command mode Routing BGP Command function
Configures EBGP multihop
R1 needs to establish the neighbor relation with the interface with the IP address 180.225.11.1 on R2, to which it is not connected directly, as shown in Figure 57. To do this, use the multihop command.
FIGURE 57 CONFIGURING BGP MULTIHOP
AS100
129.213.1.3/24
AS300
R1
129.213.1.2/24
R2
180.225.11.1/24
168
Chapter 17
BGP Configuration
Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 180.225.11.1 remote-as 300 ZXR10_R1(config-router)#neighbor 180.225.11.1 ebgp-multihop
Configuration of R2
ZXR10_R2(config)#router bgp 300 ZXR10_R2(config-router)#neighbor 129.213.1.2 remote-as 100
Filtering Routes via the Route Map

Route filtering and attribute setting are the basis of BGP route selection. Input or output route attributes can be controlled as required via route filtering. Route map is used to control routing information and re-distribute routes between route domains based on defined conditions. Route map usually determines route selections with the use of route attributes. A route map is usually used in two steps: 1. Define a route map
Command format route-map <map-tag> [permit|deny] [<sequence-number>] Command mode Global Command function Defines a route map
2. Configure the filtration of routes advertised by or to the neighbors

Command format neighbor <ip-address> <map-tag> {in|out} route-map Routing BGP Command mode Command function Configures the filtration of routes advertised by or to the neighbors
The following example configures filtering using a route map.

ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 182.17.20.1 remote-as 200 ZXR10_R1(config-router)#neighbor 182.17.20.1 route-map MAP1 out ZXR10_R1(config-router)#neighbor 182.17.20.1 send-med ZXR10_R1(config)#route-map MAP1 permit 10 ZXR10_R1(config-route-map)#match ip address 1 ZXR10_R1(config-route-map)#set metric 5 ZXR10_R1(config)#acl basic number 1 ZXR10_R1(config-basic-acl)#rule 1 permit 172.3.0.0 0.0.255.255
The above example defines route map MAP1, which allows network 172.3.0.0 to be advertised to autonomous system 200 and sets the MED value to 5. When filtering routes using a route map, match and set commands are both usually used. The match command defines matching
169
criteria. The set command defines actions to be executed when the match conditions are satisfied.
Filtering Routes via NLRI

To control the routing information obtained or advertised by the router, routes to or from a specific adjacent device can be filtered from updates. The filter includes an update list used to be sent to or coming from an adjacent peer. As shown in Figure 58, R1 and R2 are IBGP peers of each other; R1 and R3 are EBGP peers of each other; and R2 and R4 are EBGP peers of each other.
FIGURE 58 FILTERING ROUTES VIA NLRI
AS100 R1
182.17.1.2/30 182.17.1.1/30 182.17.20.2/30
R2
AS200
182.17.20.1/30
AS300
192.18.10.0/24
R3
R4
To prevent AS100 from being a transit AS, network 192.18.10.0/24 coming from AS300 is advertised to AS200. R1 is configured with the filtering function as follow:
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#no synchronization ZXR10_R1(config-router)#neighbor 182.17.1.2 remote-as 100 ZXR10_R1(config-router)#neighbor 182.17.20.1 remote-as 200 ZXR10_R1(config-router)#neighbor 182.17.20.1 route-map MAP1 out ZXR10_R1(config)#route-map MAP1 permit 10 ZXR10_R1(config-route-map)#match ip address 1 ZXR10_R1(config)#acl basic number 1 ZXR10_R1(config-basic-acl)#rule 1 deny 192.18.10.0 0.0.0.255 ZXR10_R1(config-basic-acl)#rule 2 permit any
In this example, the route-map command and access control list (ACL) is used to prevent R1 from spreading prefix 192.18.10.0/24 to AS200.
Filtering Routes via AS_PATH

If all the routes in one or more ASs should be filtered, the routes are filtered based on the AS path information usually. This prevents it from being complex due to prefix-based filtering.
170
Chapter 17
BGP Configuration
An ACL can be specified for the input and output update based on the AS path attribute values.
Command format ip as-path access-list <acl-number> {permit|deny} <as-regular-expression> Command mode Global Command function Defines a BGP access list
In the case as shown in Figure 58, routes can also be filtered based on AS path, which prevents R1 from advertising network 192.18.10.0/24 (coming from AS300) to AS200. Configuration
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#no synchronization ZXR10_R1(config-router)#neighbor 182.17.1.2 remote-as 100 ZXR10_R1(config-router)#neighbor 182.17.20.1 remote-as 200 ZXR10_R1(config-router)#neighbor 182.17.20.1 route-map MAP1 out ZXR10_R1(config)#route-map MAP1 permit 10 ZXR10_R1(config-route-map)#match as-path 1 ZXR10_R1(config)#ip as-path access-list 1 permit ^$
In the above configuration, the AS ACL allows R1 to advertise the networks initiated from AS100 only to AS200, thus filtering network 192.18.10.0/24.
LOCAL_PREF Attribute
The local preference attribute is used to determine the route selection between IBGP peers within an AS. When the two IBGP routers in an AS have learnt a route with the same destination from the outside, the local preference attribute will be compared. The route with the higher value is preferred. The default value of local preference is 100.
Command format bgp default <value> local-preference Command mode Command function Configures the local preference value of the router that BGP advertises to the outside
Routing BGP
In the case as shown in Figure 59, R3 and R4 has learnt route 170.10.0.0 at the same time. Since the local preference value set for R4 is greater than that for R3, the R4 egress is preferred for the route to the destination within AS256.
171
FIGURE 59 CONFIGURING THE LOCAL PREFERENCE ATTRIBUTE

170.10.0.0/24
AS100
AS300
R1
1.1.1.1/30
R2
3.3.3.2/30
AS256 R5
1.1.1.2/30 128.213.11.1/30 128.213.11.2/30 3.3.3.1/30
AS34
R3 LOC=150
IBGP
R4 LOC=200
R6
The LOCAL_PREF attribute can be configured in two methods. Use the bgp default local-preference command Configuration of R3
ZXR10_R3(config)#router bgp 256 ZXR10_R3(config-router)#neighbor 1.1.1.1 remote-as 100 ZXR10_R3(config-router)#neighbor 128.213.11.2 remote-as 256 ZXR10_R3(config-router)#bgp default local-preference 150
Configuration of R4
ZXR10_R4(config)#router bgp 256 ZXR10_R4(config-router)#neighbor 3.3.3.2 remote-as 300 ZXR10_R4(config-router)#neighbor 128.213.11.1 remote-as 256 ZXR10_R4(config-router)#bgp default local-preference 200
Use the route-map command Configuration of R4

ZXR10_R4(config)#router bgp 256 ZXR10_R4(config-router)#neighbor 3.3.3.2 remote-as 300 ZXR10_R4(config-router)#neighbor 3.3.3.2 route-map setlocalin in ZXR10_R4(config-router)#neighbor 128.213.11.1 remote-as 256 .... ZXR10_R4(config)#ip as-path access-list 7 permit ^300$ ... ZXR10_R4(config)#route-map setlocalin permit 10 ZXR10_R4(config-route-map)#match as-path 7 ZXR10_R4(config-route-map)#set local-preference 200
172
Chapter 17
BGP Configuration
ZXR10_R4(config)#route-map setlocalin permit 20 ZXR10_R4(config-route-map)#set local-preference 150
MED Attribute
The metric attribute is also called Multi Exit Discrimination (MED), which is used for the interaction among ASs for route selection. By default, the router only compares the metric values of the BGP neighbors in the same AS. To compare the values of the neighbors in different ASs, use the bgp always-compare-med command for a mandatory comparison.
Command format bgp always-compare-med Command mode Routing BGP Command function Allows the comparison of the MEDs for paths from neighbors in different ASs
The default value of medic is 0. The path with a lower metric is preferred over a path with a higher metric. The metric value is not transferred to third-party ASs. That is, when an update with a metric value is received and it should be transmitted to a third-party AS, the default metric value will be transmitted. R1 receives the update of 180.10.0.0 from R2, R3 and R4 at the same time, as shown in Figure 60. By default, only the metric values of neighbor R3 and R4 in the same AS are compared. The metric value of R3 is lower than that of R4, so R1 takes the update from R3.
FIGURE 60 CONFIGURING THE MED ATTRIBUTE
170.10.0.0/24 R1
AS100
4.4.4.2/30 3.3.3.1/30 4.4.4.1/30
AS400
2.2.2.2/30
med 50
R2
180.10.0.0/24
AS300 med 120

2.2.2.1/30 1.1.1.1/30
med 200
3.3.3.2/30
R3
1.1.1.2/30
R4
In the following example, the route-map command is used to set the MED value. Configuration of R1
173
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 2.2.2.1 remote-as 300 ZXR10_R1(config-router)#neighbor 3.3.3.2 remote-as 300 ZXR10_R1(config-router)#neighbor 4.4.4.1 remote-as 400 ....
Configuration of R3
ZXR10_R3(config)#router bgp 300 ZXR10_R3(config-router)#neighbor 2.2.2.2 remote-as 100 ZXR10_R3(config-router)#neighbor 2.2.2.2 route-map setmetricout out ZXR10_R3(config-router)#neighbor 1.1.1.2 remote-as 300 ZXR10_R3(config)#route-map setmetricout permit 10 ZXR10_R3(config-route-map)#set metric 120
Configuration of R4
ZXR10_R4(config)#router bgp 300 ZXR10_R4(config-router)#neighbor 3.3.3.1 remote-as 100 ZXR10_R4(config-router)#neighbor 3.3.3.1 route-map setmetricout out ZXR10_R4(config-router)#neighbor 1.1.1.1 remote-as 300 ZXR10_R4(config)#route-map setmetricout permit 10 ZXR10_R4(config-route-map)#set metric 200
Configuration of R2
ZXR10_R2(config)#router bgp 400 ZXR10_R2(config-router)#neighbor 4.4.4.2 remote-as 100 ZXR10_R2(config-router)#neighbor 4.4.4.2 route-map setmetricout out ZXR10_R2(config)#route-map setmetricout permit 10 ZXR10_R2(config-route-map)#set metric 50
In the following example, the bgp always-compare-med command is used to allow a mandatory comparison of R1 metric value and R2 metric value. The metric value of R2 is lower than that of R3, so R1 will select R2 instead of R3 for the update of 180.10.0.0. Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 2.2.2.1 remote-as 300 ZXR10_R1(config-router)#neighbor 3.3.3.2 remote-as 300 ZXR10_R1(config-router)#neighbor 4.4.4.1 remote-as 400 ZXR10_R1(config-router)#bgp always-compare-med
174
Chapter 17
BGP Configuration
Community String Attribute

Community string is an optional transit attribute ranging from 0~4,294,967,200. A selection can be made from a group of routes according to the community string attribute. The following are the definitions of the well-known community attributes: no-export: Do not advertise this route to an EBGP neighbor no-advertise: Do not advertise this route to any BGP neighbor no-export-subconfed: Do not advertise the routes with this attribute to peers outside the confederation. The route-map command is generally used to define the community attribute. This attribute will not be sent to neighbors by default and the following command should be used also.
Command format neighbor <ip-address> send-community Command mode Routing BGP Command function Sends the community attribute when advertising routes to the neighbors
In the following example, R1 notifies its neighbors that 192.166.1.0/24 should not be advertised to other EBGP neighbors. Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 3.3.3.3 remote-as 300 ZXR10_R1(config-router)#neighbor 3.3.3.3 send-community
route
ZXR10_R1(config-router)#neighbor 3.3.3.3 route-map setcommunity out ZXR10_R1(config)#route-map setcommunity permit 10 ZXR10_R1(config-route-map)#match ip address 1 ZXR10_R1(config-route-map)#set community no-export ZXR10_R1(config)#route-map setcommunity permit 20 ZXR10_R1(config)#acl basic number 1 ZXR10_R1(config-basic-acl)#rule 1 permit 192.166.1.0 0.0.0.255
BGP Synchronization
In AS100 as shown in Figure 61, R1 and R2 runs IBGP. R5 does not run BGP.
175
FIGURE 61 CONFIGURING BGP SYNCHRONIZATION
AS100 R5 R1
3.3.3.1/30 150.10.0.0/24
R2
2.2.2.2/30
1.1.1.1/30
170.10.0.0/24
170.10.0.0/24
AS300
2.2.2.1/30
AS400
1.1.1.2/30
170.10.0.0/24 R3
R4
R2 has learnt route 170.10.0.0 via IBGP. The next hop is 2.2.2.1. It can be known from the diagram that the next hop for R2 to reach 170.10.0.0 is R5, but R5 hasnt got route 170.10.0.0 and will discard the packet. If R2 tells R4 that it has route 170.10.0.0, it will also be discarded in R5. To allow the packet with the destination address 170.10.0.0 to reach R3 successfully through R5, the route to 170.10.0.0 should be available in R5. Therefore, routes should be redistributed so that R5 can learn this route via IGP. Before advertising the BGP routes to EBGP neighbors, it should be waited until R2 has learnt this route (via R5) via IGP, which is called route synchronization.
Command format synchronization Command mode Routing BGP Command function Enables the synchronization between BGP and IGP
The synchronization function of ZXR10 T160G/T64G is enabled by default. To transit AS, the routes learnt from other ASs should be advertised to the third-party ASs. If non-BGP router exists in AS then Route synchronization is required. In this case, R2 uses route synchronization. In the case that BGP routes have no need to be advertised to third-party ASs or all the routers within the AS run BGP, route synchronization is not required. The following configuration disables route synchronization on R2.
ZXR10_R2(config)#router bgp 100 ZXR10_R2(config-router)#network 150.10.0.0 ZXR10_R2(config-router)#neighbor 1.1.1.2 remote-as 400 ZXR10_R2(config-router)#neighbor 3.3.3.1 remote-as 100 ZXR10_R2(config-router)#no synchronization
176
Chapter 17
BGP Configuration
BGP Route Reflector

For the BGP routers within the same AS, the neighbor relation should be established between every two routers to enable an overall interconnection. In this way, the number of neighbors will increase at a rate of n (n-1) /2 (n is the number of IBGP routers) when the number of IBPGs increases. Route reflector and confederation are used to reduce the workload of maintenance and configuration. For the IBGP speaking routers within an AS, one of them is selected to be the route reflector (RR). All the other IBGP routers act as clients and establish the neighbor relation only with the RR. All the clients reflect routes via RR, thus reducing the number of neighbors to n-1.
Command format neighbor router-reflector-client <ip-address> Command mode Routing BGP Command function Set a neighbor as a route-reflector client peer
There are two route reflectors within AS100, i.e. R3 and R4, as shown in Figure 62. The clients of R4 are R5 and R6. The clients of R3 are R1 and R2.
FIGURE 62 CONFIGURING BGP ROUTE REFLECTORS
Lo: 8.8.8.8
R8
AS200
AS100 R7
Lo: 3.3.3.3
Lo: 7.7.7.7
Lo: 4.4.4.4
R3
Lo: 1.1.1.1 Lo: 2.2.2.2 Lo: 5.5.5.5
R4
Lo: 6.6.6.6
R1
R2
R5
R6
Lo: 9.9.9.9
R9
AS300
Configuration of R3
177
ZXR10_R3(config-router)#neighbor 2.2.2.2 route-reflector-client ZXR10_R3(config-router)#neighbor 1.1.1.1 remote-as 100 ZXR10_R3(config-router)#neighbor 1.1.1.1 route-reflector-client ZXR10_R3(config-router)#neighbor 7.7.7.7 remote-as 100 ZXR10_R3(config-router)#neighbor 4.4.4.4 remote-as 100
Configuration of R2
When a route is received by the RR, it will be reflected depending on the type of peer. A route from a Non-Client peer will be reflected to all the Client peers A route from a Client peer will be reflected to all the Non-Client peers and Client peers. A route from an EBGP peer will be reflected to all the Non-Client peers and Client peers. If there are multiple RRs within an AS, these RRs can be grouped into a cluster. An AS can include multiple clusters. A cluster includes more than one RR at least.
BGP Confederation
Route confederation has the similar function as the route reflector, which is to reduce the number of IBGP neighbor connections established within an AS. Route confederation allows an AS to be divided into multiple sub-ASs. The IBGP routers within the AS belong to the sub-ASs respectively. IBGP is established within the sub-ASs. EBGP is established between the sub-ASs. The sub-AS ID is called confederation ID. The sub-ASs are invisible to the outside world of the AS.
Command format bgp confederation identifier <value> bgp confederation peers <value> [<value>] Command mode Routing BGP Routing BGP Command function Set a confederation ID Sets the AS ID of a confederation peer
The following examples illustrate the applications of route confederation. There are 5 BGP routers in AS200, as shown in Figure 63. It is divided into two sub-ASs. One is defined as AS65010, which includes R3, R5 and R6, and the other is defined as AS65020, which includes R4 and R7.
178
Chapter 17
BGP Configuration
FIGURE 63 CONFIGURING BGP CONFEDERATION
R1 2.2.2.2/30 AS100 AS300
R2
Lo: 210.61.30.1
2.2.2.1/30 210.61.19.1/30
210.61.19.2/30
AS65010
Lo: 210.61.10.1
R3
Lo: 210.61.20.1
R4 AS65020
Lo: 210.61.40.1
R5
R6
R7 AS200
Configuration of R3
ZXR10_R3(config)#router bgp 65010 ZXR10_R3(config-router)#bgp confederation identifier 200 ZXR10_R3(config-router)#bgp confederation peers 65020 ZXR10_R3(config-router)#neighbor 210.61.10.1 remote-as 65010 ZXR10_R3(config-router)#neighbor 210.61.20.1 remote-as 65010 ZXR10_R3(config-router)#neighbor 210.61.19.2 remote-as 65020 ZXR10_R3(config-router)#neighbor 2.2.2.2 remote-as 100
Configuration of R5
ZXR10_R5(config)#router bgp 65010 ZXR10_R5(config-router)#bgp confederation identifier 200 ZXR10_R5(config-router)#neighbor 210.61.30.1 remote-as 65010 ZXR10_R5(config-router)#neighbor 210.61.20.1 remote-as 65010
When establishing the neighbor relation, the EBGP neighbor relation is established between R3 and the confederation peers. The IBGP neighbor relation is established with the confederation, and the EBGP neighbor relation is also established with AS100. The confederation is non-existent to AS100, so AS100 still establishes the neighbor relation with R3 as AS200. Configuration of R1
179
BGP Route Dampening

BGP provides a route dampening mechanism to minimize the instability due to route flapping. A route is assigned a penalty of 1000 per flap. When the penalty reaches a suppress-limit, the router stops advertising the route. The penalty decreases geometrically after every half-life-time. As the penalty decreases and falls below the reuse limit, the route is unsuppressed.
Command format bgp dampening [<half-life> <reuse> <suppress> <max-suppress-time>| route-map <map-tag>] Command mode Routing BGP Command function Enables BGP route damping or modifies various damping factors
Half-life-time: 1~45 min, 15 min by default Reuse-value: 1~20000, 750 by default Suppress-value: 1~20000, 2000 by default Max-suppress-time: 1~255, 4 times of half-life-time by default To enable dampening on the router:
ZXR10(config)#router bgp 100 ZXR10(config-router)#bgp dampening ZXR10(config-router)#network 203.250.15.0 255.255.255.0 ZXR10(config-router)#neighbor 192.208.10.5 remote-as 300
Example of Configuring BGP

The following is a comprehensive BGP example, which involves the practical applications of BGP functions including route aggregation and static route redistribution. As shown in Figure 64, EBGP is established between R4 and R1. IBGP is established between R1 and R2. Multihop EBGP is established between R2 and R5. Suppose 4 static routes, as shown in the upper right corner of the figure, exist in R4. In the configuration of R4, only 192.16.0.0/16 is aggregated and advertised. 170.16.10.0/24 is not allowed to be advertised through BGP to the outside world via the route map. The multihop relation is established between R2 and R5 via R3. Make sure the neighbor addresses of the two routers are interconnected before configuring BGP.
180
Chapter 17
BGP Configuration
FIGURE 64 EXAMPLE OF CONFIGURING BGP
AS1
155.16.10.0/24
Static route:
172.16.1.2/16 172.16.20.2/16 R1 172.16.1.1/16 173.16.20.2/16 192.16.20.0/24 192.16.21.0/24 192.16.22.0/24 170.16.10.0/24
R2
172.16.20.1/16
R4 AS2
R3
183.16.20.2/16
R5 AS3
Configuration of R4
ZXR10_R4(config)#route bgp 2 ZXR10_R4(config-router)#redistribute static ZXR10_R4(config-router)#neighbor 172.16.20.2 remote-as 1 ZXR10_R4(config-router)#aggregate-address 192.16.0.0 255.255.0.0 count 0 as-set summary-only ZXR10_R4(config-router)#neighbor 172.16.20.2 route-map torouter1 out ZXR10_R4(config)#acl basic number 1 ZXR10_R4(config-basic-acl)#rule 1 permit 172.16.10.0 0.0.0.255 ZXR10_R4(config)#route-map torouter1 deny 10 ZXR10_R4(config-route-map)#match ip address 1 ZXR10_R4(config)#route-map torouter1 permit 20
Configuration of R1
ZXR10_R1(config)#route bgp 1 ZXR10_R1(config-router)#no synchronization ZXR10_R1(config-router)#neighbor 172.16.1.2 remote-as 1 ZXR10_R1(config-router)#neighbor 172.16.1.2 next-hop-self ZXR10_R1(config-router)#neighbor 172.16.20.1 remote-as 2
Configuration of R2
ZXR10_R2(config)#ip route 183.16.0.0 255.255.0.0 vlan4 ZXR10_R2(config)#route bgp 1 ZXR10_R2(config-router)#neighbor 172.16.1.1 remote-as 1 ZXR10_R2(config-router)#neighbor 172.16.1.1 next-hop-self ZXR10_R2(config-router)#neighbor 183.16.20.2 remote-as 3 ZXR10_R2(config-router)#neighbor 183.16.20.2 ebgp-multihop 2 ZXR10_R2(config-router)#neighbor 183.16.20.2 route-map torouter5 in ZXR10_R2(config)#acl basic number 1 ZXR10_R2(config-basic-acl)#rule 1 permit 155.16.10.0 0.0.0.255
181
ZXR10_R2(config)#route-map torouter5 deny 10 ZXR10_R2(config-route-map)#match ip address 1 ZXR10_R2(config)#route-map torouter5 permit 20
Configuration of R5
ZXR10_R5(config)#ip route 173.16.0.0 255.255.0.0 gei_1/1 ZXR10_R5(config)#route bgp 3 ZXR10_R5(config-router)#neighbor 173.16.20.2 remote-as 1 ZXR10_R5(config-router)#neighbor 173.16.20.2 ebgp-multihop 2
BGP Maintenance and Diagnosis

When encountering BGP routing problems, relevant debugging commands can be used for troubleshooting. The most commonly used command is show, which allows you to view the current statuses of BGP neighbors and the BGP routing information the router has learnt. Show the configuration information of the BGP module
Command format show ip bgp protocol Command mode All modes Command function Shows the configuration information of the BGP module
View the BGP neighbor relation and show the current neighbor statuses
Command format show ip bgp neighbor [in|out] <ip-address> Command mode All modes Command function Shows related information of BGP neighbors
Show the entries in the BGP routing table

Command format show ip bgp route [network <ip-address> [mask <net-mask>]] show ip bgp route <ip-address> <net-mask> detail Command mode All modes All modes Command function Shows the entries in the BGP routing table Shows the entries in the BGP routing table
Show the statuses of all the BGP neighbor connections

Command format show ip bgp summary Command mode All modes Command function Shows the statuses of all the BGP neighbor connections
Besides the show command, the debug command can be used to observe the BGP neighbor relation establishment and route update process.
Command format debug ip bgp in Command mode Privileged Command function Tracks and shows the notification messages sent by BGP and lists error codes and sub-error codes
182
Chapter 17
BGP Configuration
debug ip bgp out
Privileged
Tracks and shows the notification messages sent by BGP and lists error codes and sub-error codes Tracks and shows the BGP connecting statuses and migration
debug ip bgp events
Privileged
Use the debug ip bgp events command to track the process of BGP status migration.
ZXR10#debug ip bgp events BGP events debugging is on ZXR10# 04:10:07: BGP: 192.168.1.2 reset due to Erroneous BGP Open received 04:10:07: BGP: 192.168.1.2 went from Connect to Idle 04:10:08: BGP: 192.168.1.2 went from Idle to Connect 04:10:13: BGP: 192.168.1.2 went from Connect to OpenSent 04:10:13: BGP: 192.168.1.2 went from OpenSent to OpenConfirm 04:10:13: BGP: 192.168.1.2 went from OpenConfirm to Established ZXR10#
183
184
Chapter
18
Multicasting Route Configuration

This chapter describes the basic principle and configurations of multicasting routes. This chapter includes: Multicast Overview Configuring Public Multicast Configuring IGMP Configuring PIM-SM Configuring MSDP Example of Configuring Multicasting Multicasting Maintenance and Diagnosis
Multicast Overview
Multicasting is a point-to-point or multipoint-to-multipoint communication, that is, multiple receivers receive the same information from one source at the same time. Applications on the basis of multicasting include videoconferencing, teleeducation and software distribution. Multicasting protocols include Internet Group Management Protocol (IGMP) and Multicast Route Protocols (MRP). IGMP is used to manage the participation and leaving of multicast group members. MRPs are used to exchange information and establish the multicast tree among routers. MRPs include Protocol Independent Multicast Sparse Mode (PIM-SM) and Multicast Source Discovery Protocol (MSDP). ZXR10 T160G/T64G supports the following protocols: Internet Group Management Protocol (IGMP) Protocol Independent Multicast Sparse Mode (PIM-SM) Multicast Source Discovery Protocol (MSDP)
185
Multicast Address
In a multicast network, the originator sends a packet to multiple receivers via multicasting. The originator is called multicast source. The multiple receivers of the same packet can be identified using a single ID, which is called multicast source address. In the IP address allocation scenario, addresses Class-D, i.e. 224.0.0.0~239.255.255.255, are multicast source addresses. 224.0.0.0~224.0.0.255 and 239.0.0.0~239.255.255.255 are used for research and management.
IGMP
IGMP allows the multicast router to learn about the information of multicast group members and runs between host and multicast router. A multicast router sends group member query messages to all the hosts periodically to learn about which group members exist in the connected networks. The hosts return group member report messages containing the information of the multicast groups to which they belong. When a host wants to be added in a new group, it sends a group member report message instead of waiting for a query. When the host begins to receive information as a group member, the multicast router will query the group periodically to learn about whether this member is still in the group. If members of the group still exist on an interface, the multicast router will continue to forward data from the group to the interface. When the host leaves the group, it will send a leave message to the multicast router. The multicast router will query immediately whether the group still contains active members or not. If yes, the multicast router continues to forward data; if no, it stops forwarding data. There are two versions, IGMP V1 and IGMP V2, in the practical applications. IGMP V2 has more enhanced features than IGMP V1. It uses 4 types of messages to accomplish the information interaction between the hosts and the router. Group member query V2 member report Leave report V1 member report Where, the V1 member report is used to be compatible with IGMP V1.
Multicast Tree
To enable multicast communication in the networks, the multicast source, receivers and the paths of multicast packets should be available. The most commonly used routing method is to establish tree routes, which provides the following two advantages: Packets are sent to different receivers along the tree branches in parallel.
186
Chapter 18
Packets are copied only on crotches, which minimizes the number of packets transmitted in the networks. A multicast tree is a set of a series of router incoming interfaces and outgoing interfaces. It determines a unique forwarding path between the subnet to which the multicast source belongs and all the subnets that contain the group members. There are two ways to construct a multicast tree: per-source multicast tree and shared multicast tree.
Per-Source Multicast Tree

Per-source multicast tree is also called source shortest path tree. It establishes a spanning tree to all the receivers for each source. This spanning tree takes the subnet to which the source belongs as the root node and reaches the subnets to which the receivers belong. A multicast group may include multiple multicast sources. Each source or pair (S, G) has a corresponding multicasting tree. The method to construct a per-source multicast tree is reverse path forwarding (RPF). Each router can find the shortest path to the source and the corresponding outgoing interface according to the unicast route. When a router receives a multicast packet, it verifies whether the incoming interface that the packet reaches is the outgoing interface with the shortest unicast path from the packet to the source. If yes, the route copies the packet and forwards it to other interfaces; otherwise, it discards the multicast packet. The incoming interface from which the router receives multicast packets is called parent link. The outgoing interface that sends multicast packets is called child link.
Shared Multicast Tree

Shared multicast tree establishes a multicast route tree for each multicast group, which is shared by all the group members, that is, the tree is shared by the group (*, C) instead of every pair (S, G). Every device to receive the multicast packets from the group should be added to the shared tree explicitly. A shared multicast tree uses one or a group of routers as the center of the tree. Multicast packets from all the sources in this group to the receivers are sent as unicast packets to the center, from which the packets will then be forwarded as multicast packets along the tree.
PIM-SM
PIM-SM transmits multicast packets using a shared tree. A shared tree has a central point, which is responsible for sending packets for all the sources in a multicast group. Each source sends packets to the central point along the shortest-path route and then takes the central point as the root node to distribute the packets to all the receivers in the group. The central point of a PIM-SM group is called Rendezvous Point (RP). A network can have multiple RPs, but a multicast group can only have one RP.
187
A router can learn about the positions of RPs in three ways. The first way is to configure static RP manually on each router that runs PIM-SM. The other two ways are dynamic, depending on the version of PIM-SM used in the network. PIM-SM V1 uses Auto-RP. PIM-SM V2 uses candidate-RP. PIM-SM V2 allows the manually configured routers that run PIM-SM to be used as candidate bootstrap routers (BSRs) and elects the candidate BSR with the highest priority as the formal BSR. BSR is responsible for collecting the candidate RP messages from all the multicast router, trying to find the candidate RPs existing in the multicast domain and advertising them to all the PIM routers in the PIM domain. Each PIM router selects the optimum RP for each group in the RP set according to the unified RP election rule. RP candidates are configured manually. Routers running PIM-SM attempt to find each other and maintain the neighbor relation by exchanging hello messages. On the multi-access network, a hello message also includes router priority information, which can be used to elect the designated router (DR). The multicast source or the first-hop router (DR directly connected to the source) encapsulates the packet into a Register message and sends it to the RP via a unicast route. When receiving the Register message, the RP decapsulates the packet and sends it along the shared tree downward to the receivers in this group. Each host acting as a receiver will join the multicast group via an IGMP member report message. The last-hot router (or DR on the multi-access network) sends the received Join message by level to the RP for registration. The media router checks if a route for this group is available after receiving the Join message. If yes, it adds the downstream requesting router into the shared tree as a branch. Otherwise, the Join message will proceed to the RP. If the RP or multicast router is directly connected to any receiver, it can be switched over from the shared tree to the per-source, shortest-path tree. When receiving a Register message from a new multicast source, the RP returns a Join message to the DR directly connected to the multicast source, thus establishing the tree with the shortest-path from the source to the RP. When a DR or a router with multicast members connected directly receives the first multicast packet from the multicast group, or when the received packets reach a threshold, it can be switched over from the shared tree to the per-source, shortest-path tree. Once the switchover occurs, the route will send a Prune message to the upstream neighbors, requesting to be separated from the shared tree.
MSDP
MSDP is a mechanism that allows the RPs in each PIM-SM domain to share information about active sources. Each RP knows the receivers within the local domain. When the RPs have learnt about the information about the active sources in the remote domains, they can transfer the information to the receivers in the local domain. Thus, multicast packets can be forwarded among domains.
188
Chapter 18
The MSDP speaker in a PIM-SM domain establishes the MSDP session relation with the MSDP neighbors in other domains via TCP connection. When the MSDP speaker has learnt about a new multicast source (through the PIM register mechanism) in the local domain, it will create a Source-Active message and send it to all the MSDP neighbors. Each receiving neighbor uses a neighbor RPF check to check the SA message. Only the SA message received on the correct interface is forwarded. Other SA messages will be discarded. If the MSDP neighbor receiving this SA message is the RP in the local domain, and the outgoing interface corresponding to the (*, G) entry for the multicast group G in the SA is non-null, which means there are receivers in this domain. The RP will then create a (S, G) status for the multicast source and add it to the shortest-path tree of the source. In addition, each MSDP neighbor will save the received SA messages in a cache, thus establishing a SA cache table. If the RP in a PIM-SM domain receives a message for joining a new multicast group G, the RP will search its own SA cache table to get all the active multicast sources immediately, thus generating the corresponding (S, G) Join message.
Configuring Public Multicast

Enable IP multicast routing
Command format ip multicast-routing Command mode Global Command function Enables IP multicast routing
When the IP multicast routing function is enabled, the router will forward multicast packets. Delete IP multicast routing table
Command format clear ip mroute [group-address <group-address>] [source-address <source-address>] Command mode Command function Deletes IP multicast routing table
Privileged
If the command does not contain any option, all the multicast route entries will be deleted.
Configuring IGMP
The IGMP function of ZXR10 T160G/T64G is based on the PIM interface. The IGMP function will be enabled automatically on all the PIM-enabled interfaces.
189
Configuring IGMP Versions

IGMP versions include V1 and V2. The default is V2, which can be changed as required. In view of security requirements, the routes require all the network elements in the same network to use IGMP V1 or IGMP V2. The configuration of IGMP version is based on interface. Different interfaces can be configured with different versions.
Command format ip igmp version <version> Command mode VLAN interface Command function Configures the IGMP version on an interface
Configuring IGMP Groups on Interfaces

Configure the range of groups to which IGMP is allowed to be added When IGMP is running on an interface, all the multicast groups are received by default. You can set the range of receiving groups. If the Join request from a host does not belong to the range, it will be discarded.
Command format ip igmp <acl-number> access-group Command mode VLAN interface Command function Configures the range of groups to which IGMP can be added
Example: Only group 239.10.10.10 is received on interface vlan1.

ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 239.10.10.10 0.0.0.0 ZXR10(config)#interface vlan 1 ZXR10(config-if)#ip igmp access-group 10
Configure the range of groups from which IGMP is allowed to leave immediately After receiving an IGMP Leave message, or no report message is received after (last member query interval2+1) seconds, the group members will leave.
Command format ip igmp immediate-leave [group-list <acl-number>] Command mode VLAN interface Command function Configure the range of groups from which IGMP can leave immediately
Example: Allow group 239.10.10.10 to leave immediately from interface vlan1

ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 239.10.10.10 0.0.0.0 ZXR10(config)#interface vlan 1
190
Chapter 18
ZXR10(config-if)#ip igmp immediate-leave group-list 10
Configure static group members on an IGMP interface You can bind a static group address on an interface, suppose there always be group members on this interface.
Command format ip igmp <group-address> static-group Command mode VLAN interface Command function Configure members interface static on an group IGMP
Example: Configure static group 239.10.10.10 on interface vlan1.

ZXR10(config)#interface vlan 1 ZXR10(config-if)#ip igmp static-group 239.10.10.10
Configuring IGMP Timers

After enabling IGMP on the multicast router interfaces connected to the shared network, the optimum router is elected as the querier on this network, responsible for obtaining group member information by sending query messages. After sending a query message, the querier will wait for receiving Host Membership Reports in a period of time. The duration is the value of max response time contained in the query message sent, 10 seconds by default. After receiving the query message, the host members on the network take the result of the max response time minus a random offset value as their own response time. If other Host Member Reports are received in this period, it will be cancelled, otherwise, host reports will be sent at the response time. Therefore, increasing the max response time will extend the waiting time of the group members on the network, thus lowering the occurrence of multiple host reports on the network. Parameters of the timers related to the querier can be changed according to the network conditions. Configure the IGMP query interval
Command format ip igmp query-interval <seconds> Command mode VLAN interface Command function Configures the IGMP query interval
Configure the IGMP querier timeout

Command format ip igmp <seconds> querier-timeout Command mode VLAN interface Command function Configures the IGMP querier timeout
Configure the max response time contained in the query message sent by IGMP
191
Command format ip igmp query-max-response-time <seconds>
Command mode
Command function Configures the value of max response time contained in the query message sent by IGMP
VLAN interface
Configure the IGMP specific group query interval

Command format ip igmp last-member-query-interval <seconds> Command mode VLAN interface Command function Configures the IGMP specific group query interval
Configuring PIM-SM
The details of the PIM-SM configuration are described in the following sections.
PIM-SM Basic Configurations

Enabling PIM-SM
Enable PIM-SM
Command format router pimsm Command mode Global Command function Enables IP multicast protocol PIM-SM
Add an interface that run PIM-SM

Command format ip pim sm Command mode VLAN interface Command function Enables PIM-SM interface on the
Configuring Static RPs

A static RPs can be configured for one or more specific groups, and the same static RP should be configured for the group on all the PIM-SM multicast routers in the multicast domain. RP addresses should be reachable from other routers. Generally, loopback interface addresses are used to reduce the network oscillations due to physical interface up/down. When a static RP is configured, the candidate RP will not be needed for the group.
Command format static-rp <ip-address> [group-list <acl-number>] [priority <priority>] Command mode Routing PIM-SM Command function Configures a static RP
Example: Configure static RP 10.1.1.1 for all the groups.
192
Chapter 18
ZXR10(config-router)#static-rp 10.1.1.1
Example: Configure static RP 10.1.1.1 for group 239.132.10.100.

ZXR10(config-router)#static-rp 10.1.1.1 group-list 10 ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 239.132.10.100 0.0.0.0
Configuring Candidate BSRs

If the static RP mechanism is not used, candidate BSRs should be configured on more than one multicast routers in every multicast domain. The BSR sends bootstrap (BSR) messages periodically to advertise the RP conditions. Routers running PIM-SM update the RP statuses according to the latest advertisement messages. The bootstrap messages sent by the BSR are also used to elect the formal BSR from the candidate BSRs.
Command format bsr-candidate <interface-name> [<hash-mask-length>] [<priority>] Command mode Routing PIM-SM Command function Configures a candidate BSR
The default priority of a candidate BSR is 0. The candidate BSR with the highest priority will become the formal BSR. If multiple routers have the same BSR priority, the IP addresses will be compared. The candidate BSR with the largest address will become the formal BSR.
Configuring Candidate RPs

In PIM-SM, RP is the root of a shared multicast tree. It is responsible for sending multicast packets to the downstream receiving group members along the shared tree. A multicast group can only have one formal RP.
Command format rp-candidate <interface-name> [group-list <acl-number>] [priority <priority>] Command mode Routing PIM-SM Command function Configures a candidate RP
The default priority of a candidate RP is 192. The candidate RP with a smaller priority is preferred.
Enhanced PIM-SM Configurations

Source Shortest Path Tree Switchover
Only the last-hop DR and RP can switch over to the source shortest path tree. By default, the switchover begins when the RP has received the first Register message. For the last-hop DR, the switchover threshold policy can be configured with single unicast group as the granularity of control. If the shortest path tree threshold is configured as infinite, no switchover will occur. By default, a switchover will occur if only there is flow.
193
Command format
Command mode
Command function Configures the router to which receivers are connected directly to the switchover from shortest path tree back to the shared tree (RP tree)
spt-threshold infinity [group-list <acl-number>]
Routing PIM-SM
Configuring an Interface as the PIM Domain Border

Use the following command to configure an interface as the PIM domain border.
Command format ip pim bsr-border Command mode Vlan Interface Command function Configures an interface as the PIM domain border
When the command is configured on an interface, bootstrap data messages will not be able to pass through the border in any direction. This command allows a network to be divided into areas using different BSRs. However, other PIM messages can pass through the domain border.
Setting the RP to Filtering the Received Register Messages

Source addresses in multicast data messages encapsulated in the Register messages are filtered according to the rules defined in the ACL.
Command format accept-register <acl-number> Command mode Routing PIM-SM Command function Filters the received Register messages
Limiting the Candidate RPs Advertised by a BSR Message

Use the following command to filter the addresses of the candidate RPs advertised by a BRS message.
Command format accept-rp <acl-number> Command mode Routing PIM-SM Command function Filters the candidate RP messages received on E-BSR
Setting DR Priorities
A DR should be elected from a shared (or multi-access) network. The router with the highest priority will be elected. If the routers have the same priority, the one with the largest IP address will be selected. On the shared network connected to the multicast data source, only the DR can send Register messages to the RP. On the shared network connected to the receivers, only the DR can respond to the IGMP Join/Leave messages and send PIM Join/Prune messages to the upstream routers.
194
Chapter 18
Command format ip pim dr-priority <priority>
Command mode Interface
Command function Sets a DR priority
The priority of a route is contained in a Hello message exchanged with neighbors. The default is 1.
Setting Hello Message Intervals

The interval of hello messages sent by PIM-SM neighbors can be adjusted according to the network conditions. The default is 30 seconds.
Command format ip pim query-interval <seconds> Command mode Interface Command function Configures a Hello message interval
Limiting PIM-SM Neighbors

In view of security requirements, PIM-SM will not allow some of the routers to be neighbors on an interface.
Command format ip pim <acl-number> neighbor-filter Command mode Interface Command function Does not allow some of the routers to be PIM neighbors
Example: Router 10.1.1.1 is not allowed to be a PIM neighbor on interface vlan1.

ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 deny 10.1.1.1 0.0.0.0 ZXR10(config-basic-acl)#rule 2 permit any ZXR10(config)#interface vlan 1 ZXR10(config-if)#ip pim neighbor-filter 10
Configuring MSDP
The details of the MSDP configuration are described in the following sections.
Basic MSDP Configuration

Configure an MSDP peer to enable MSDP.
Command format ip msdp peer <peer-address> connect-source <interface-name> Command mode Global Command function Configures an MSDP peer to enable MSDP
195
Enhanced MSDP Configurations

Configure the default MSDP peer
Command format ip msdp <peer-address> <acl-number>] default-peer [list Command mode Global Command function Defines the default MSDP peer
When the default MSDP peer is configured, the local router will accept the SA messages from the peers RP under the control of the list. If no list parameter is configured, all the SA messages from this peer will be accepted. When multiple default peers are configured on a route, if one of them requires a list parameter, all the peers should be configured with list parameters. Configure an originating RP This configuration is used to generate the MSDP speaker of SA messages and use the address of the specified interface as the RP address in a SA.
Command format ip msdp <interface-name> originator-id Command mode Global Command function Uses the address of the specified interface as the RP address in a SA
Configure the MSDP peer as a mesh group member A "mesh group" appears to be a group of MSDP speakers which have fully meshed connectivity.
Command format ip msdp mesh-group <peer-address> <mesh-name> Command mode Global Command function Configures the MSDP peer as a mesh group member
Configure the maximum number of SA messages allowed in the SA cache

Command format ip msdp sa-limit <peer-address> <sa-limit> Command mode Global Command function Limit the number of SA messages from the specified MSDP peer in the SA cache
Shut down the configured MSDP peer

Command format ip msdp <peer-address> shutdown Command mode Global Command function Shuts down the configured MSDP peer
Clear the TCP connection established with the MSDP peer This command shuts down the TCP connection to the MSDP peer and reset all the statistics of the MSDP peer.
Command format clear ip msdp [<peer-address>] peer Command mode Privileged Command function Clear the TCP connection(s) established with one or all of the MSDP peers
196
Chapter 18
Clear the entries in the MSDP SA cache

Command format clear ip msdp [<group-address>] sa-cache Command mode Privileged Command function Clears the entries in the MSDP SA cache
Clear the statistical counter for the MSDP peer This configuration clears the statistical counter for the MSDP peer but does not reset the MSDP sessions.
Command format clear ip msdp [<peer-address>] statistics Command mode Privileged Command function Clear the statistical counter for the MSDP peer
Example of Configuring Multicasting

The following is an example of PIM-SM configuration. Figure 65 shows the network topology.
FIGURE 65 EXAMPLE OF CONFIGURING MULTICASTING
Lo:10.1.1.3/32 10.10.30.2/24 10.10.40.2/24
R3
10.10.30.1/24 Lo:10.1.1.1/32 10.10.10.1/24 R1 10.10.20.1/24 10.10.20.2/24 10.10.40.1/24 Lo:10.1.1.2/32
R2 10.10.50.1/24
10.10.10.2/24
10.10.50.2/24
Multicast Source
Receiver
Configuration of R1
ZXR10_R1(config)#interface loopback1 ZXR10_R1(config-if)#ip address 10.1.1.1 255.255.255.255 ZXR10_R1(config)#ip multicast-routing ZXR10_R1(config)#router pimsm ZXR10_R1(config-router)#rp-candidate loopback1 priority 10 ZXR10_R1(config-router)#bsr-candidate loopback1 10 10 ZXR10_R1(config)#interface vlan1
197
ZXR10_R1(config-if)#ip address 10.10.10.1 255.255.255.0 ZXR10_R1(config-if)#ip pim sm ZXR10_R1(config)#interface vlan2 ZXR10_R1(config-if)#ip address 10.10.20.1 255.255.255.0 ZXR10_R1(config-if)#ip pim sm ZXR10_R1(config)#interface vlan3 ZXR10_R1(config-if)#ip address 10.10.30.1 255.255.255.0 ZXR10_R1(config-if)#ip pim sm ZXR10_R1(config)#router ospf 1 ZXR10_R1(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
Configuration of R2
ZXR10_R2(config)#interface loopback1 ZXR10_R2(config-if)#ip address 10.1.1.2 255.255.255.255 ZXR10_R2(config)#ip multicast-routing ZXR10_R2(config)#router pimsm ZXR10_R2(config-router)#rp-candidate loopback1 priority 20 ZXR10_R2(config-router)#bsr-candidate loopback1 10 20 ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 10.10.20.2 255.255.255.0 ZXR10_R2(config-if)#ip pim sm ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 10.10.40.1 255.255.255.0 ZXR10_R2(config-if)#ip pim sm ZXR10_R2(config)#interface vlan3 ZXR10_R2(config-if)#ip address 10.10.50.1 255.255.255.0 ZXR10_R2(config-if)#ip igmp access-group 10 ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config)#access-list 10 permit any
Configuration of R3
ZXR10_R3(config)#interface loopback1 ZXR10_R3(config-if)#ip address 10.1.1.3 255.255.255.255 ZXR10_R3(config)#ip multicast-routing ZXR10_R3(config)#router pimsm ZXR10_R3(config-router)#rp-candidate loopback1 priority 30 ZXR10_R3(config-router)#bsr-candidate loopback1 10 30 ZXR10_R3(config)#interface vlan1 ZXR10_R3(config-if)#ip address 10.10.30.2 255.255.255.0 ZXR10_R3(config-if)#ip pim sm ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 10.10.40.2 255.255.255.0 ZXR10_R3(config-if)#ip pim sm
198
Chapter 18
ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
Note the sequence of configuration. The ip multicast-routing should be configured prior to router pimsm. Next, enable ip pim sm on the interface. The configuration will not be successful if the sequence is not followed. To allow multicast data to be sent from the source to the receivers when using the ZXR10 T160G, the rpf incoming interface should be configured for all the routers on the entire path from the source to the receivers (command: ip pimsm source A.B.C.D group A.B.C.D receive-port <interface>). In a ring network, if the next-hop of the unicast route changes due to a link status change, the rpf incoming interface should be re-configured.
Multicasting Maintenance and Diagnosis

For the ease of multicast maintenance and diagnosis, ZXR10 T160G/T64G provides many show commands for every multicast protocol supported.
Common Show Commands

View the IP multicast routing table
Command format show ip mroute [group [source <group-address>] <source-address>] [summary] Command mode All modes Command function Displays IP multicast routing table
Example: Display the contents of the current IP multicast routing table

ZXR10#show ip mroute IP Multicast Routing Table Flags:D -Dense,S -Sparse,C -Connected,L -Local,P -Pruned R -RP-bit set,F -Register flag,T -SPT-bit set,J -Join SPT, M - MSDP created entry,N -No Used,U -Up Send, A - Advertised via MSDP,X -Proxy Join Timer Running, * -Assert flag Statistic: Receive packet count/Send packet count Timers:Uptime/Expires Interface state:Interface,Next-Hop or VCD,State/Mode
(*, 229.3.3.16), 00:00:01/00:03:34, RP 5.5.5.6 , 0/0, flags: SP Incoming interface: vlan5, RPF nbr 5.5.5.6 Outgoing interface list: NULL (100.1.1.100, 229.3.3.16), 00:00:01/00:03:34 , 0/0, flags: UN
199
Incoming interface: vlan4, RPF nbr 4.4.4.5 Outgoing interface list: vlan6, Forward/Sparse, 00:00:01/00:03:29
Display the multicast forwarding route entries If the command does not contain any source address option, it displays the (*, G) and (S, G) multicast forwarding entries. If it contains a source address option, it displays the (S, G) multicast forwarding entries.
Command format show ip mforwarding module {summary|group-address <group-address> [source-address <source-address>]} Command mode Command function
<module-number>
All modes
Displays the multicast forwarding route entries
Example: Display the multicast forwarding route entries.

ZXR10#show ip forwarding mroute module 7 group-address 229.3.3.16
IP Forwarding Multicast Routing Table Flags: N -No Used,U -Up Send,L -Limit upSend,A - Assert send
(*, 229.3.3.16), Flags:, HitFlag:0, Incoming interface: Null, LastSrcIp: 0.0.0.0 Outgoing vlan interface list: NULL
L2bitmap:0x0000000000000000 L3bitmap:0x0000000000000000
(100.1.1.100, 229.3.3.16), Flags:, HitFlag:0, Incoming interface: vlan4 19/3, LastSrcIp: 0.0.0.0 Outgoing vlan interface list: NULL
L2bitmap:0x4000000000000008 L3bitmap:0x0000000000000000
Display the information of multicast RPF.

Command format show ip rpf <source-address> Command mode All modes Command function Display the multicast RPF information
IGMP
Use the following command to display the IGMP related information. View the IGMP configurations on an interface Displayed information includes the current IGMP version, querier ID, query time interval and max response time.
200
Chapter 18
Command format show ip igmp [<interface-name>] interface
Command mode All modes except user mode
Command function Displays the IGMP configurations on an interface
Example: Display the IGMP configurations on interface vlan4.

ZXR10#show ip igmp interface vlan4 vlan4 Internet address is 4.4.4.4, subnet mask is 255.255.255.0 IGMP is enabled on interface Current IGMP version is 2 IGMP query interval is 125 seconds IGMP last member query interval is 1 seconds IGMP query max response time is 10 seconds IGMP querier timeout period is 251 seconds IGMP querier is 4.4.4.4, never expire Inbound IGMP access group is not set IGMP immediate leave control is not set
View the IGMP group joining condition on an interface

Command format show ip igmp [<interface-name>] groups Command mode All modes except user mode Command function Views the IGMP group joining condition on an interface
Example: Display the group member information on interface vlan1.

ZXR10#show ip igmp groups IGMP Connected Group Membership Group addr 224.1.1.1 Interface vlan4 Present 00:00:48 Expire never Last Reporter 4.4.4.4
PIM-SM
Use the following command to display the PIM-SM related information. Display the BSR information
Command format show ip pim bsr Command mode All modes Command function Displays the BSR information
Example: Display the BSR information

ZXR10#show ip pim bsr Uptime: 00:00:11, BSR Priority :0, Hash mask length:30
201
Expires:00:00:49 This system is a candidate BSR candidate BSR address: 6.6.6.6, priority: 0, hash mask length: 30 This System is Candidate_RP: candidate RP address: 6.6.6.6(vlan6),priority:192
Display the information of the RP set advertised by a BSR

Command format show ip pim rp mapping Command mode All modes Command function Displays the information of the RP set advertised by a BSR
Example: Display the information of the RP set advertised by a BSR

ZXR10#show ip pim rp mapping Group(s) 224.0.0.0/4 RP 5.5.5.6 static, Priority :192
RP 6.6.6.6 <?>, :v2, Priority :192 BSR: 6.6.6.6 <?>, via bootstrap Uptime: 00:00:14, expires: 00:02:16
Display the RP information selected by a specific multicast group

Command format show ip pim <group-address> rp hash Command mode All modes Command function Displays the RP information selected by a specific multicast group
Example: Display the RP information selected by group 224.1.1.1

ZXR10#show ip pim rp ha 224.1.1.1 rp address:5.5.5.6 static
View the information of the configured PIM-SM interface

Command format show ip pimsm interface[<interface-name>] Command mode All modes Command function Displays the information of the configured PIM-SM interface
Example: View the information of the configured PIM-SM interface

ZXR10#show ip pimsm interface Address Interface State Nbr Query DR Count Intvl 4.4.4.4 vlan4 5.5.5.5 6.6.6.6 vlan5 vlan6 Up 0 Up Up 30 0 0 4.4.4.4 30 30 5.5.5.5 6.6.6.6 1 1 1 DR Priority
202
Chapter 18
0.0.0.0
vlan100
Down 0
30
0.0.0.0
View the information of the PIM-SM interface peer

Command format show ip pimsm [<interface-name>] neighbor Command mode All modes Command function Displays the information of the PIM-SM interface peer
Example: View the information of the PIM-SM interface peer.

ZXR10#show ip pimsm neighbor Neighbor Address Interface 131.1.1.91 22.22.22.43 vlan4 vlan5 DR Prio 30000 1 Uptime Expires
00:19:34 00:01:29 03:21:25 00:01:16
MSDP
Use the following command to display the MSDP related information. Display the statistics of SA messages Display the number of SA messages from every MSDP peer in the SA cache
Command format show ip msdp count Command mode All modes Command function Displays the statistics of SA messages
Example: Display the statistics of SA messages

ZXR10#show ip msdp count SA State per Peer Counters, <Peer>: <# SA learned> 101.1.1.1: 2 102.2.2.2: 20 103.3.3.3: 10
Total entries: 32
Display detailed information of MSDP peers

Command format show ip msdp [<peer-address>] peer Command mode All modes Command function Displays detailed information of MSDP peers
Example: Display detailed information of MSDP peers

ZXR10(config)#show ip msdp peer MSDP Peer 11.1.1.1
203
Description: Connection status: State: Down, Resets: 0, Connection source: vlan4 (4.4.4.4) Uptime(Downtime): 00:00:04, Messages sent/received: 0/0 Connection and counters cleared 00:00:04 ago SA Filtering: Input (S,G) filter: none Output (S,G) filter: none Peer ttl threshold: 0 SAs learned from this peer: 0
Display the (S, G) status from every MSDP peer

Command format show ip msdp [<group-address> [<source-address>]] sa-cache All modes Command mode Command function Display the (S, G) status from every MSDP peer
Example: Display the (S, G) status from every MSDP peer

ZXR10#show ip msdp sa-cache MSDP Source-Active Cache - 4 entries (101.101.101.101, 224.1.1.1), RP 49.4.4.4, 00:21:45/ 00:05:57 (101.101.101.101, 224.1.1.2), RP 49.4.4.4, 00:21:45/ 00:05:57 (101.101.101.101, 226.1.1.1), RP 50.4.4.4, 00:09:04/ 00:04:57 (101.101.101.101, 226.1.1.2), RP 50.4.4.4, 00:09:04/ 00:04:57
Display the statuses of MSDP peers

Command format show ip msdp summary Command mode All modes Command function Display the statuses of MSDP peers
Example: Display the statuses of MSDP peers

ZXR10#show ip msdp summary MSDP Peer Status Summary Peer Address State Uptime/ Downtime 101.1.1.1 *102.2.2.2 103.3.3.3 Up Up Up 1d10h 14:24:00 12:36:17 Reset Count 9 5 5 SA Count 2 20 10
204
Chapter
19
ACL Configuration
This chapter describes access control list (ACL). ACL is applied to port or policy for filtering and control of data flow. This chapter includes: ACL Overview Configuring ACL Examples of Configuring ACL ACL Maintenance and Diagnosis
ACL Overview
To filter data, a network device should be configured with a series of matching rules to identify the objects to be filtered. After identifying the specific objects, corresponding packets will be allowed or denied according to the preset policy. ACL is used to implement these functions. Generally, ACL is used to implement data message filtering, policy routing and special flow control. An ACL may contain one or more rules defined for special types of packets. These rules tell the switch to allow or deny the access of packets that match the criteria specified in the rules. Packet matching rules defined in ACL can also used in the cases where flow should be identified, for example, defining flow classification rules in QoS. ZXR10 T160G/T64G provides four types of ACLs: Basic ACL: Only source IP addresses are matched against the ACL. Extended ACL: Source/destination IP address, IP protocol type, TCP source/destination port number, UDP source/destination port number, ICMP type, ICMP code, DiffServ Code Point (DSCP), ToS and precedence are matched against the ACL. Layer 2 ACL: Source/destination MAC address, source VLAN ID, Layer 2 Ethernet protocol type and 802.1p priority value are matched against the ACL.
205
Mixed ACL: Source/destination MAC address, source VLAN ID, source/destination IP address, TCP source/destination port number, UDP source/destination port number are matched against the ACL. Each ACL has an ACL code for identification, which is a digit. The code ranges of different types of ACLs are as follows: Basic ACL: 1~99 Extended ACL: 100~199 Layer 2 ACL: 200~299 Mixed ACL: 300~349 Each ACL supports up to 100 rules with the codes ranging from 1 to 100.
Configuring ACLs
d To configure ACL, follow the three steps in order:
Configure a time range Define an ACL Apply the ACL to physical ports
Configure a Time Range

The configuration of time range includes the following cases: Configure the time range in every day: Specify the start and end time in every day. If not configured, it indicates all the time in a day. Configure period range: Specify a day of week Configure range of dates: Specify the start and end dates If not configured, it indicates the time from the date when the configuration takes effect to the maximum system time. Use the following command to configure a time range.
Command format time-range <timerange-name> {<hh:mm:ss> to <hh:mm:ss> <days-of-the-week>|from <hh:mm:ss> <mm-dd-yyyy> [to <hh:mm:ss> <mm-dd-yyyy>]} Command mode Command function
Global
Defines a time range
Defining ACLs
To configure an ACL, enter the ACL configuration mode first, and then define the ACL rules. Note the following issues when you define ACL rules:
206
Chapter 19
ACL Configuration
If a packet meets multiple rules, the first rule will be matched. So the rule sequence is very important. Generally, rules in a small range are put in the front and rules in a large range are put in the back. Considering the network security, the system will add an implicit deny rule to the end of each ACL automatically for denying all the packets. A permit rule for allowing all the packets should be defined at the end of each ACL.
Configuring Basic ACLs

Use the following command to define a basic ACL. Enter the basic ACL configuration mode
Command format acl basic {number <acl-number>|name <acl-name>} Command mode Global Command function Enters the basic configuration mode ACL
Configure rules in an ACL

Command format rule <rule-no> {permit|deny} {<source> [<source-wildcard>]|any} [time-range <timerange-name>] Command mode Command function
Basic ACL
Defines rules
Move a rule to the back of another one

Command format move <rule-no> after <rule-no> Command mode Basic ACL Command function Moves a rule to the back of anther one.
Example: Define a basic ACL to allow the access of messages from network 192.168.1.0/24 but deny the messages from source IP address 192.168.1.100.
ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 deny 192.168.1.100 0.0.0.0 ZXR10(config-basic-acl)#rule 2 permit 192.168.1.0 0.0.0.255
Configuring Extended ACLs

Use the following command to define an extended ACL. Enter the extended ACL configuration mode
Command format acl extend {number Command mode Global Command function Enters the extended ACL configuration mode
<acl-number>|name <acl-name>}
207
Command format rule <rule-no> {permit|deny} icmp {<source> <source-wildcard>|any} {<dest> <dest-wildcard>|any} [<icmp-type> [icmp-code <icmp-code>]] [{[precedence <pre-value>] <dscp-value>] [tos <tos-value>]}|dscp [time-range <timerange-name>] rule <rule-no> {permit|deny} {<ip-number>|ip} {<source> <source-wildcard>|any} {<dest> <dest-wildcard>|any} [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>] rule <rule-no> {permit|deny} tcp {<source> <source-wildcard>|any} [<rule> <port>] {<dest> <dest-wildcard>|any} [<rule> <port>] [established] [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>] rule <rule-no> {permit|deny} udp {<source> <source-wildcard>|any} [<rule> <port>] {<dest> <dest-wildcard>|any} [<rule> <port>] [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>]
Command mode
Command function
Extended ACL
Defines ICMP-based rules
Extended ACL
Defines rules on the basis of IP or IP protocol code
Extended ACL
Defines TCP-based rules
Extended ACL
Defines UDP-based rules

Command format move <rule-no> after <rule-no> Command mode Extended ACL Command function Moves a rule to the back of another one
Example: Define an extended ACL to implement the following functions. Allows the access of UDP messages from network 210.168.1.0/24, destination IP address 210.168.2.10, source port 100 and destination port 200. Denies the BGP messages from network 192.168.2.0/24. Denies all the ICMP messages. Denies all the messages with IP protocol code 8.
ZXR10(config)#acl extend number 150 ZXR10(config-ext-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq 100 210.168.2.10 0.0.0.0 eq 200 ZXR10(config-ext-acl)#rule 2 deny tcp 192.168.2.0 0.0.0.255 Eq BGP any ZXR10(config-ext-acl)#rule 3 deny icmp any any ZXR10(config-ext-acl)#rule 4 deny 8 any any
208
Chapter 19
ACL Configuration
Configuring Layer 2 ACLs

Use the following command to define a Layer 2 ACL. Enter the Layer 2 ACL configuration mode
Command format acl link {number <acl-number>|name <acl-name>} Command mode Global Command function Enters the Layer 2 ACL configuration mode

Command format rule <rule-no> {permit|deny} <prot-number> [cos <cos-vlaue>] [ingress {[<source-vlanid>] [<source-mac> <source-mac-wildcard>|any]}] {<dest-mac> [egress <dest-mac-wildcard>|any}] [time-range <timerange-name>] Command mode Command function
Layer 2 ACL
Defines rules

Command format move <rule-no> after <rule-no> Command mode Layer 2 ACL Command function Moves a rule to the back of another one
Example: Define a Layer 2 ACL to allow the access of IP packets with source MAC address 00d0.d0c0.5741 and 802.1p code 5.
ZXR10(config)#acl link number 200 ZXR10(config-link-acl)#rule 1 permit ip cos 5 ingress 10 00d0.d0c0.5741 0000.0000.0000 ZXR10(config-link-acl)#rule 2 deny 8847
Configuring Mixed ACLs

Use the following command to define a mixed ACL. Enter the mixed ACL configuration mode
Command format acl hybrid {number Command mode Global Command function Enters the mixed configuration mode ACL
<acl-number>|name <acl-name>}

Command format rule <rule-no> {permit|deny} <prot-number> {<source> <source-wildcard>|any} {<dest> <dest-wildcard>|any} [<source-vlanid>] [ingress Command mode Command function Defines rules on the basis of source/destination IP address or MAC address
Mixed ACL
209
{<source-mac> <source-mac-wildcard>|any}] [egress {<dest-mac> <dest-mac-wildcard>|any}] [time-range <timerange-name>]

rule <rule-no> {permit|deny} tcp {<source> <source-wildcard>|any} [<rule> <port>] {<dest> <dest-wildcard>|any} [<rule> <port>] [<source-vlanid>] [ingress {<source-mac> <source-mac-wildcard>|any}] [egress {<dest-mac> <dest-mac-wildcard>|any}] [time-range <timerange-name>] rule <rule-no> {permit|deny} udp {<source> <source-wildcard>|any} [<rule><port>] {<dest> <dest-wildcard>|any } [<rule> <port>] [<vlanid>] [ingress {<source-mac> <source-mac-wildcard>|any}] [egress {<dest-mac> <dest-mac-wildcard>|any}] [time-range <timerange-name>]
Mixed ACL
Defines TCP-based rules
Mixed ACL
Defines UDP-based rules

Command format move <rule-no> after <rule-no> Command mode Mixed ACL Command function Moves a rule to the back of another one
Example: Define a mixed ACL to implement the following functions. Allows the access of UDP messages from network 210.168.1.0/24, destination IP address 210.168.2.10, destination MAC address 00d0.d0c0.5741, source port 100 and destination port 200. Denies the BGP messages from network 192.168.3.0/24. Denies the messages from MAC address 0100.2563.1425.
ZXR10(config)#acl hybrid number 300 ZXR10(config-hybd-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq 100 210.168.2.10 0.0.0.0 eq 200 Egress 00d0.d0c0.5741 0000.0000.0000 ZXR10(config-hybd-acl)#rule 2 deny tcp 192.168.3.0 0.0.0.255 Eq BGP any ZXR10(config-hybd-acl)#rule deny any any ingress 0100.2563.1425 0000.0000.0000
210
Chapter 19
ACL Configuration
Applying ACLs to Physical Ports

Defined ACLs will not take effect until they are applied to physical ports. Use the following command to apply the ACLs to the corresponding physical ports. Enter port configuration mode
Command format interface <port-name> Command mode Global Command function Allows you to enter port configuration mode
Apply the ACL to physical ports

Command format ip access-group <acl-number> in Command mode Port Command function Binds ACLs to Physical Ports
Tip: A physical port can only apply one ACL. The new configuration overwrites the old one. For example, in the gei_4/1 port configuration mode, the following two commands are configured in order: ip access-group 10 in ip access-group 100 in Only ACL 100 takes effect.
Examples of Configuring ACL

As shown in Figure 66, a company has an Ethernet switch, to which the server and users of Dept. A and B are connected. An administrative regulation is as follows: Users of Dept. A and B are not allowed to access the FTP server and VOD server during working time (9:00~10:00), but access to the mail server is allowed at any time. Internal users can access the Internet via proxy 192.168.3.100, but users of Dept. A are not allowed to access the Internet during working time. The general managers of Dept. A and B (with IP address 192.168.1.100 and 192.168.2.100, respectively) are allowed to access the Internet and all the servers at any time.
211
FIGURE 66 EXAMPLE OF CONFIGURING ACL
Internet
Dept. A 192.168.1.0/24
Switch gei_2/1 VLAN1
gei_2/2 VLAN2 gei_2/4 VLAN4
Dept. B 192.168.2.0/24
Mail FTP VOD Server Server Server
The server IP addresses are allocated as follows: Mail server: 192.168.4.50 FTP server: 192.168.4.60 VOD server: 192.168.4.70 Switch configuration
/* Configure a time range */
ZXR10(config)#time-range working-time 9:00:00 to 17:00:00
/* Define an extended ACL to limit the users of Dept. A */

ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit ip 192.168.1.100 0.0.0.0 any ZXR10(config-ext-acl)#rule 2 deny ip 192.168.1.0 0.0.0.255 192.168.4.60 0.0.0.0 time-range working-time ZXR10(config-ext-acl)#rule 3 deny tcp any eq 8888 192.168.4.70 0.0.0.0 time-range working-time ZXR10(config-ext-acl)#rule 4 deny ip any 192.168.3.100 0.0.0.0 time-range working-time ZXR10(config-ext-acl)#rule 5 permit ip any any
/* Define an extended ACL to limit the users of Dept. B */

ZXR10(config)#acl extend number 101 ZXR10(config-ext-acl)#rule 1 permit ip 192.168.2.100 0.0.0.0 any
212
Chapter 19
ACL Configuration
ZXR10(config-ext-acl)#rule 2 deny ip 192.168.2.0 0.0.0.255 192.168.4.60 0.0.0.0 time-range working-time ZXR10(config-ext-acl)#rule 3 deny tcp any eq 8888 192.168.4.70 0.0.0.0 time-range working-time ZXR10(config-ext-acl)#rule 4 permit ip any any
/* Apply ACLs to the corresponding physical ports */

ZXR10(config)#interface fei_2/1 ZXR10(config-if)#ip access-group 100 in ZXR10(config-if)#exit ZXR10(config)#interface fei_2/2 ZXR10(config-if)#ip access-group 101 in ZXR10(config-if)#exit
ACL Maintenance and Diagnosis

ZXR10 T160G/T64G provides related show commands for the ease of ACL maintenance and diagnosis. Display the contents of all the ACLs or of the ACL with the specified list number
Command format show acl [<acl-number>|name <acl-name>] Command mode All modes Command function Displays the contents of all the ACLs or of the ACL with the specified list number
View if a physical port applies an ACL

Command format show running-config interface <port-name> Command mode All modes except user mode Command function Displays the configuration information of an Ethernet port
213
214
Chapter
20
QoS Configuration
Quality of Service (QoS) refers to the capability to provide better service to the selected network communication by using various technologies. In this chapter, you will learn about: QoS Overview Configuring QoS Example of Configuring QoS QoS Maintenance and Diagnosis
QoS Overview
Traditional networks provide best-effort services in which all messages are treated equally. The network devices do their best effort to send messages to the destination following the First Come, First Served principle. However, they do not provide any guarantee of message transmission reliability or relay. As new applications continually appear, new requirements of network QoS are addressed. The best-effort services of traditional networks no long meet the requirements for the applications. For example, in VoIP services and real-time video transmission, if the message transmission relay is too large, the users will not be able to use the services normally. A feasible way to solve these problems is to provide the networks with the support for the QoS capability. QoS is designed to provide different service quality for various applications depending on the requirements, e.g. providing dedicated bandwidth, reducing message loss rate, lowering message transmission relay and relay jitter. QoS provides the following functions to achieve these goals: Traffic classification Traffic monitoring and control Traffic shaping
215
Queue scheduling and default 802.1p priority Redirection and policy routing Priority tagging Traffic mapping Traffic statistics
Traffic Classification
Traffic refers to the messages passing through the switches. Traffic classification allows the messages transmitted across the switches to be classified, and defines or describes the messages with specific characteristics. QoS traffic classification is based on ACL and the rule of ACL must be permit. The customer can classify the messages based on the filtering options of an ACL, e.g. source/destination IP address of the message, source/destination MAC address, IP protocol type, TCP source/destination port number, UDP source/destination port number, ICMP type, ICMP code, DSCP, ToS, precedence, source VLAN ID, Layer 2 Ethernet protocol type and 802.1p priority.
Traffic Monitoring and Control

Traffic monitoring and control is designed to restrict the bandwidth for a service and prevent it from exceeding the specified bandwidth and affecting other services. Traffic exceeding the bandwidth can be processed as follows: Discard or forward Change its DSCP value Change its discard priority (the message with a higher priority is preferred to be discard in the case of queue congestion). Traffic monitoring and control does not cause extra relay.
Traffic Shaping
Traffic shaping allows the control of message output rate, which allows the messages to be sent at an equal rate. Traffic shaping is usually used to match the message rate with the downstream devices to avoid congestion and prevent the messages from being discarded. The primary difference between traffic shaping and traffic monitoring and control is that the shaping caches the messages exceeding the rate limit so that the messages can be sent at an equal rate, whereas traffic monitoring and control discards the messages exceeding the rate limit. Traffic shaping increases delay, but traffic monitoring and control does not. Traffic shaping includes: Bandwidth traffic shaping on ingress interfaces Bandwidth traffic shaping on egress interfaces
216
Chapter 20
QoS Configuration
Queue Scheduling and Default 802.1p Priority

Each physical port of the ZXR10 T160G/T64G supports 8 output queues (Queue 0~7), which are called CoS queues. The switch performs input queue operations according to the CoS queues corresponding to the 802.1p of the messages. When the network is congested, many messages would compete for resources. This problem is generally solved via queue scheduling. ZXR10 T160G/T64G supports two types of queue scheduling: strict priority (SP) and weighted round robin (WRR). The 8 output queues on a port can be scheduled in different ways. SP scheduling SP scheduling allows the data of each queue to be scheduled according to the queue priority strictly. Messages in the queue with the highest priority are dequeued and sent first until all the messages in this queue are sent. Messages in the queue with the second highest priority will then be sent. Similarly, messages in the queue with the next priority will be sent after all the messages in the queue with the higher priority are sent. SP scheduling allows the messages of key services to be processed at a higher priority. However, queues with lower priorities may never be processed and will be starved to death. WRR WRR allows every queue to be scheduled. However, queues are scheduled at different time, that is, each queue has a different weight (which indicates the proportion of resource a queue gets). Messages in the queues with higher priorities have larger scheduling opportunities than those in the queues with lower priorities. An 802.1Q label contains a data priority. If the data entering a port has no 802.1Q label, the switch will allocate it a default 802.1p value.
Redirection and Policy Routing

Redirection refers to the re-determination of forwarding data messages with a specific characteristic based on the traffic classification to change the output direction of the messages and output them to the specified port, CPU or the next-hop IP address. Messages will be redirected to the next-hop IP address to implement policy routing. As for message forwarding control, policy-based routing is stronger than the traditional routing and can select the forwarding path according to the matched segments in an ACL. Policy routing enables the implementation of traffic engineering to a certain extent, allowing the traffic with different QoS or the data of different services (e.g. voice and FTP) to be transmitted via different paths. As the users have higher requirements for network performance, it is necessary to select different packet forwarding paths depending on services or user types.
217
Priority Tagging
Priority tagging re-allocates a set of service parameters for the specific traffic described in an ACL. The following operations are allowed: Change the CoS queue of data messages as well as the 802.1p value. Change the CoS queue of data messages, but the 802.1p value is not changed. Change the DSCP value of data messages. Change the discard priority of data messages.
Traffic Mapping
Traffic mapping enables the service traffic that matches ACL rules to be copied to the CPU or the specified port for message analysis and monitoring, which is generally used for network failure diagnosis.
Traffic Statistics
Traffic statistics provides statistics of packets of the specified service traffic so that you can learn about the actual network conditions and allocate network resources as required. Traffic statistics mainly provides the number of packets received on a port in the incoming direction.
Configuring QoS
The details of the QoS configuration are described in the following sections.
Traffic Monitoring and Control

Use the following commands to configure traffic monitoring and control:
Command format traffic-limit in <acl-number> rule-id rate-limit <limit-value> Command mode Command function Monitors and controls the traffic of data messages
<rule-no>
bucket-size <size> traffic-limit
Global
in <acl-number> rule-id rate-limit <limit-value> bucket-size <size> exceed forward [remark-dscp <dscp-value>]
<rule-no>
in <acl-number> rule-id rate-limit <limit-value> bucket-size <size> exceed drop traffic-limit
<rule-no>
218
Chapter 20
QoS Configuration
in <acl-number> rule-id rate-limit <limit-value> bucket-size <size> exceed remark-dscp <dscp-value> [forward|drop-precedence <drop-value>] traffic-limit
<rule-no>
in <acl-number> rule-id rate-limit <limit-value> bucket-size <size> drop-precedence <drop-value> [remark-dscp <dscp-value>] traffic-limit
<rule-no>
Global
Monitors and controls the traffic of data messages
Example: Monitor and control the traffic of packets with destination IP address 168.2.5.5 on port gei_5/1. Set the bandwidth to 10 M, burst transmission rate to no greater than 1 M and change the DSCP value to 23 for the part that exceeds the limit and set the discard priority to high (this part of packets will be discarded at a higher priority in queue congestion).
ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit any 168.2.5.5 ZXR10(config-ext-acl)#exit ZXR10(config)#traffic-limit in 100 rule-id 1 rate-limit 10000 bucketsize 1000 exceed remark-dscp 23 drop-precedence high ZXR10(config)#interface gei_5/1 ZXR10(config-if)#ip access-group 100 in
Traffic Shaping
Use the following commands to configure port traffic shaping:
Command format traffic-limit {in|out} Command mode rate-limit Port Command function Enables the shaping of traffic on a port
<limit-value> bucket-size <size>
Example: Enable traffic shaping on port gei_5/1. Set the ingress rate to 200 M and egress rate to 40 M.
ZXR10(config)#interface gei_5/1 ZXR10(config-if)#traffic-limit rate-limit 200000 bucket-size 2000 in ZXR10(config-if)#traffic-limit rate-limit 40000 bucket-size 2000 Out
219
Queue Scheduling and Default 802.1p Priority

ZXR10 T160G/T64G supports two types of queue scheduling: strict priority (SP) and weighted round robin (WRR). When both types are used, SP is more preferred than WRR. Use the following commands to configure queue scheduling and the default 802.1p priority.
Command format queue-mode {strict-priority|wrr <queue-number> <weight> [...<queue-number> <weight>]} priority <value> Command mode Port Command function Schedules the queues on a port. SP by default. Configures the 802.1p for a port default
Port
Example: Enable strict scheduling based on priority on port gei_5/1. Enable WRR scheduling on port gei_5/2. The weights of Queue 0~7 are 10, 5, 8, 10, 5, 8, 9, 10. Set the default 802.1p of port gei_5/2 to 5.
ZXR10(config)#interface gei_5/1 ZXR10(config-if)#queue-mode strict-priority ZXR10(config-if)#exit ZXR10(config)#interface gei_5/2 ZXR10(config-if)#queue-mode wrr queue-0 10 queue-1 5 queue-2 8 queue-3 10 queue-4 5 queue-5 8 queue-6 9 queue-7 10 ZXR10(config-if)#priority 5
Redirection and Policy Routing

Use the following commands to configure redirection:
Command format redirect in <acl-number> rule-id <rule-no> {cpu|interface <port-name>|next-hop <ip-address>} Command mode Command function Configures redirection policy routing or
Global
Example: Redirect the packets with the source IP address 168.2.5.5 on port gei_4/4 to port gei_6/3. Enable policy routing for the packets with the destination IP address 66.100.5.6. Set the next-hop IP address to 166.88.96.56.
ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit ip 168.2.5.5 any ZXR10(config-ext-acl)#rule 2 permit ip any 66.100.5.6
220
Chapter 20
QoS Configuration
ZXR10(config-ext-acl)#exit ZXR10(config)#redirect in 100 rule-id 1 interface gei_6/3 ZXR10(config)#redirect in 100 rule-id 2 next-hope 166.88.96.56 0.0.0.0 ZXR10(config)#interface gei_4/4 ZXR10(config-if)#ip access-group 100 in
Priority Tagging
Use the following commands to configure priority tagging.
Command format priority-mark in <acl-number> rule-id <rule-no> {[dscp <dscp-value>] [drop-precedence <drop-value>] [cos <cos-value>|local-precedence <local-value>]} Command mode Command function
Global
Enables message priority tagging
Example: Change the DSCP value of the packets with the source IP address 168.2.5.5 on port gei_5/1 to 34, and select 4 for output queues.
ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 168.2.5.5 ZXR10(config-basic-acl)#exit ZXR10(config)#priority-mark in 10 rule-id 1 dscp 34 cos 4 ZXR10(config)#interface gei_5/1 ZXR10(config-if)#ip access-group 10 in
Traffic Mapping
Use the following commands to configure traffic mapping:
Command format traffic-mirror in <acl-number> rule-id <rule-no> {cpu|interface <port-name>} Command mode Global Command function Enables the mapping of the specified traffic
Example: Map the data traffic with the source IP address 168.2.5.6 on port gei_4/8 to port gei_4/4.
ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 168.2.5.5 ZXR10(config-basic-acl)#rule 2 permit 168.2.5.6 ZXR10(config-basic-acl)#exit ZXR10(config)#traffic-mirror in 10 rule-id 2 interface ZXR10(config)#interface gei_4/8
221
ZXR10(config-if)#ip access-group 10 in ZXR10(config-if)#exit ZXR10(config)#interface gei_4/4 ZXR10(config-if)#monitor session 1 destination
Tip: If cross-card traffic mapping is configured, only one session can be configured for port mapping.
Traffic Statistics
Use the following commands to configure traffic statistics:
Command format traffic-statistics in <acl-number> rule-id <rule-no> Command mode Global Command function Collects the statistics on the specified traffic
Example: Collect the traffic statistics on the data in the network with the destination IP address 67.100.88.0/24 on port gei_4/8.
ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit ip 168.2.5.5 0.0.0.0 any ZXR10(config-ext-acl)#rule 2 permit ip any 67.100.88.0 0.0.0.255 ZXR10(config-ext-acl)#exit ZXR10(config)#traffic-statistics in 100 rule-id 2 ZXR10(config)#interface gei_4/8 ZXR10(config-if)#ip access-group 100 in
Example of Configuring QoS

Example of a Typical QoS Configuration
Network A, Network B and the internal servers are connected to an Ethernet switch, as shown in Figure 67. The internal servers include a VOD server with the IP address 192.168.4.70. To ensure the QoS of VOD, it should be configured with a higher priority. Internal users can access the Internet via proxy 192.168.3.100. However, the bandwidth of Network A and B should be limited and traffic statistics is required.
222
Chapter 20
QoS Configuration
FIGURE 67 EXAMPLE OF A TYPICAL QOS CONFIGURATION
Internet
Network A 192.168.1.0/24
Switch gei_2/1 VLAN1
gei_2/2 VLAN2 gei_2/4 VLAN4
Network B 192.168.2.0/24
VOD Server
Switch configuration
ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit tcp any eq 8888 192.168.4.70 0.0.0.0 ZXR10(config-ext-acl)#rule 2 permit ip any 192.168.3.100 0.0.0.0 ZXR10(config-ext-acl)#rule 3 permit ip any any ZXR10(config-ext-acl)#exit
/* To ensure the QoS of VOD, change the 802.1p value to 7 */

ZXR10(config)#priority-mark in 100 rule-id 1 cos 7
/* Limit the bandwidth of the access from Network A to the Internet */

ZXR10(config)#traffic-limit in 100 rule-id 2 rate-limit 50000 bucketsize 1000 exceed drop-precedence high
/*Collect the statistics on the traffic of Network A */

ZXR10(config)#traffic-statistics in 100 rule-id 3
ZXR10(config)#acl extend number 101 ZXR10(config-ext-acl)#rule 1 permit tcp 192.168.2.0 0.0.0.255 eq 8888 192.168.4.70 0.0.0.0 ZXR10(config-ext-acl)#rule 2 permit ip any 192.168.3.100 0.0.0.0 ZXR10(config-ext-acl)#rule 3 permit ip any any ZXR10(config-ext-acl)#exit
/* To ensure the QoS of VOD, change the 802.1p value to 7 */

ZXR10(config)#priority-mark in 101 rule-id 1 cos 7
/* Limit the bandwidth of the access from Network B to the Internet */

ZXR10(config)#traffic-limit in 101 rule-id 2 rate-limit 100000
223
bucketsize 10000 exceed drop-precedence low
/*Collect the statistics on the traffic of Network B */

ZXR10(config)#traffic-statistics in 101 rule-id 3
ZXR10(config)#interface fei_2/1 ZXR10(config-if)#ip access-group 100 in ZXR10(config-if)#exit ZXR10(config)#interface fei_2/2 ZXR10(config-if)#ip access-group 101 in
Example of Configuring Policy Routing

When multiple Internet service provider (ISP) egresses exist in a network, different ISP egresses can be selected for different groups of users via policy routing. Users in two subnetworks are connected to the switch as shown in Figure 68, in which two ISP egresses are available. It is required to select different egresses according to the users IP addresses. Users in subnetwork 10.10.0.0/24 use the ISP1 egress. Users in subnetwork 11.11.0.0/24 use the ISP2 egress.
FIGURE 68 EXAMPLE OF CONFIGURING POLICY ROUTING
10.10.0.0/24 gei_1/1 VLAN1 gei_1/2 VLAN2 11.11.0.0/24 Switch
ISP1 100.1.1.1
ISP2 200.1.1.1
Switch configuration
/* Define an ACL. Describe the users in networks 10.10.0.0/24 and 11.11.0.0/24 */
ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 10.10.0.0 0.0.0.255 ZXR10(config-basic-acl)#rule 2 permit 11.11.0.0 0.0.0.255 ZXR10(config-basic-acl)#exit
/* Configure QoS policy routing */

ZXR10(config)#redirect in 10 rule-id 1 next-hope 100.1.1.1 0.0.0.0 ZXR10(config)#redirect in 10 rule-id 2 next-hope 200.1.1.1 0.0.0.0
/* Apply it to the corresponding ports */

ZXR10(config)#interface gei_1/1
224
Chapter 20
QoS Configuration
ZXR10(config-if)#ip access-group 10 in ZXR10(config-if)#exit ZXR10(config)#interface gei_1/2 ZXR10(config-if)#ip access-group 10 in
QoS Maintenance and Diagnosis

ZXR10 T160G/T64G provides related show commands for easier QoS maintenance and diagnosis.
Command format show qos [number <acl-number> [rule-id <rule-no>]] Command mode Privileged Command function Displays QoS configuration information
225
226
Chapter
21
DHCP Configuration
This chapter introduces the dynamic host configuration protocol (DHCP). DHCP is a widely used protocol providing the capability of obtaining dynamic addresses for the hosts in a network. ZXR10 T160G/T64G can be configured as a DHCP server or DHCP relay according to the actual networking requirement. In this chapter, you will learn about: DHCP Overview Configuring DHCP Examples of Configuring DHCP DHCP Maintenance and Diagnosis
DHCP Overview
DHCP allows a host on a network to obtain an IP address for normal communications and related configuration information from a DHCP server. Details of DHCP are described in RFC 2131. DHCP uses UDP as the transmission protocol. The host sends messages to port 67 of the DHCP server, who will return messages to port 68 of the host. A DHCP works in the following steps: 1. 2. 3. A host sends a DHCPDiscover broadcast message requesting an IP address and other configuration parameters. A DHCP server returns a DHCPOffer unicast message containing a valid IP address. The host selects the server at which the DHCPOffer arrives first, and sends a DHCPRequest unicast message to the server, which indicates it accepts the related configurations. The selected DHCP server returns a DHCPAck unicast message for acknowledgement.
4.
Thus, the host can communicate with other network devices using the IP address and related configurations obtained from the DHCP server.
227
The IP addresses allocated by the DHCP server for the host include 3 types: Administrator allocates an IP address to a specific host An address is allocated to a host permanently at random. An address is allocated to a host at random for a period of time. The third type of address is generally used. The validity time of an address is called lease period. Before the lease period expires, the host must request continue lease from the server. The address can no longer be used unless the server accepts the request otherwise the address will be abandoned unconditionally. The routers do not send the received broadcast packets from one subnetwork to anther by default. When the DHCP server and the client host do not exist in the same subnetwork, the router acting as the default gateway of the client host must send the broadcast packets to the subnetwork where the DHCP server resides, which is called DHCP relay. ZXR10 T160G/T64 can be used either as a DHCP server or the DHCP relay for forwarding DHCP information, but the two functions cannot be enabled at a time.
Configuring DHCP
The DHCP server configurations include the following contents: Configure an IP address pool. DHCP server allocates the addresses in the pool to client hosts.
Command format ip local pool <pool-name> <low-ip-address> <high-ip-address> <net-mask> Command mode Global Command function Configures an IP address for a DHCP server
Configure other parameters related to the DHCP server

Command format ip dhcp <time> server leasetime dns Global Command mode Global Command function Sets the lease time of the IP address leased by a DHCP server to a client host Sets the DNS address returned by a DHCP server to a user Sets the binding of the IP address allocated by a DHCP server with ARP
ip dhcp server <mdns-address> [<sdns-address>]
ip dhcp server update arp
Global
Enable the DHCP attribute on the interface connected to the subnetwork where clients reside
228
Chapter 21
DHCP Configuration
Command format user-interface
Command mode VLAN interface
Command function Configures a interface flag user-side
Configure the default user gateway address on the interface connected to the subnetwork where clients reside
Command format ip dhcp <ip-address> server gateway Command mode VLAN interface Command function Configures the gateway address interface DHCP for an
Enable the built-in DHCP server process

Command format ip dhcp server enable Command mode Global Command function Enables the built-in DHCP server process
The DHCP relay configurations include the following contents: Enable the DHCP attribute on the interface connected to the subnetwork where clients reside
Command format user-interface Command mode VLAN interface Command function Configures a interface flag user-side
Configure the default user gateway address on the interface connected to the subnetwork where clients reside
Command format ip dhcp relay agent <ip-address> Command mode VLAN interface Command function Configures the DHCP proxy address for an interface
Configure the IP address for the external DHCP server on the interface connected to the subnetwork where clients resides
Command format ip dhcp relay server <ip-address> Command mode VLAN interface Command function Configures the IP address for the external DHCP server for an interface
Bind the IP address allocated by a DHCP server with ARP

Command format ip dhcp relay update arp Command mode Global Command function Sets the binding of the IP address allocated by a DHCP server with ARP
Enable the built-in DHCP relay process

Command format ip dhcp relay enable Command mode Global Command function Enables the built-in DHCP relay process
229
Examples of Configuring DHCP

Example of Configuring a DHCP Server
R1 is used as a DHCP server and acts as the default gateway additionally, as shown in Figure 69. The host obtains an IP address dynamically via DHCP.
FIGURE 69 CONFIGURING A DHCP SERVER
DNS Server
10.10.2.2/24
R1 10.10.1.1/24
PC
FTP Server
10.10.1.2/24
Configuration of R1
ZXR10(config)#ip dhcp server dns 10.10.2.2 ZXR10(config)#ip dhcp server leasetime 90 ZXR10(config)#ip local pool dhcp 10.10.1.3 10.10.1.254 255.255.255.0 ZXR10(config)#interface vlan10 ZXR10(config-if)#user-interface ZXR10(config-if)#ip address 10.10.1.1 255.255.255.0 ZXR10(config-if)#ip dhcp server gateway 10.10.1.1 255.255.255.0 ZXR10(config-if)#peer default ip pool dhcp ZXR10(config-if)#exit ZXR10(config)#ip dhcp server enable
Example of Configuring DHCP Relay

When DHCP clients and the server do not reside in one network, the router directly connected to the user ends should act as the DHCP relay.
230
Chapter 21
DHCP Configuration
As shown in Figure 70, the DHCP relay function is enabled on R1. The separate server 10.10.2.2 provides the DHCP server functions. This method is usually used in the case where there are many hosts that require the DHCP service.
FIGURE 70 CONFIGURING A DHCP RELAY
DHCP Server
10.10.2.2/24
R1 10.10.1.1/24
PC
FTP Server
10.10.1.2/24
Configuration of R1
ZXR10(config)#interface vlan10 ZXR10(config-if)#user-interface ZXR10(config-if)#ip address 10.10.1.1 255.255.255.0 ZXR10(config-if)#ip dhcp relay agent 10.10.1.1 ZXR10(config-if)#ip dhcp relay server 10.10.2.2 ZXR10(config-if)#exit ZXR10(config)#ip dhcp relay enable
DHCP Maintenance and Diagnosis

When a failure occurs in the IP address allocation for the DHCP users, relevant debugging commands can be used for troubleshooting. The commands to be used include show commands and debug commands. The show commands allow you to view the current DHCP configuration information.
231
Display the configuration information of the DHCP server process module

Command format show ip dhcp server Command mode All modes except user mode Command function Displays the configuration information of the DHCP server process module
Display the list of current online users on the DHCP server process module
Command format show ip dhcp server user Command mode All modes except user mode Command function Displays the list of current online users on the DHCP server process module
Display the configuration information of the DHCP relay process module

Command format show ip dhcp relay Command mode All modes except user mode Command function Displays the configuration information of the DHCP relay process module
Display the information of the local address pool configured

Command format show ip local pool [<pool-name>] Command mode All modes except user mode Command function Displays the information of the local address pool configured
Display the configuration information of the DHCP server/relay related to an interface

Command format Command mode Command function Displays the configuration information of the DHCP server/relay related to an interface
show ip interface
All modes
The debug commands allow you to track the packet sending/receiving and processing of the DHCP server/relay process
Command format Command mode Command function Tracks the packet sending/receiving and processing on the DHCP server/relay
debug ip dhcp
Privileged
232
Chapter
22
VRRP Configuration
This chapter introduces the Virtual Router Redundancy Protocol (VRRP). In the case where there are many egress routers, this protocol can be used to provide the redundancy of multiple egress gateways for a host. In this chapter, you will learn about: VRRP Overview Configuring VRRP Examples of Configuring VRRP VRRP Maintenance and Diagnosis
VRRP Overview
In a broadcast domain, a default gateway is generally set as the next-hop of the routing packets for the hosts. When the default gateway does not work normally, the hosts in this broadcast domain will be unable to communicate with the hosts in other networks. To prevent the single point failure due to the default gateway, you can configure multiple router interfaces in a broadcast domain and enable VRRP on these routers. VRRP puts multiple router interfaces in a broadcast domain into one group to form a virtual router, and allocates it an IP address as the interface address. The interface address of the virtual router can be either the address of one of the routers, or a third-party address. If the interface address of a router is used, the router having this IP address is used as the master router, while others are used as the backup routers. If a third-party address is used, the router with a higher priority is used as the master router. If two routers have the same priority, the one who sends a VRRP message first is the master router. On the hosts in this broadcast domain, set the IP address of the virtual router as the gateway. When the master router fails, the router with the highest priority will be selected from the backup routers to replace it, which has no impact on the hosts in this domain. The hosts in this domain can communicate with the outside world unless no routers in this VRRP GROUP work properly.
233
These routers can also be put into multiple groups and act as standby routers for each other. The host in the domain use different IP addresses as the gateways, thus achieving data load-balance.
Configuring VRRP
d To configure VRRP:
Run VRRP on an interface
Command format vrrp <group> [secondary] ip <ip-address> Command mode VLAN interface Command function Sets a VRRP virtual IP address and runs VRRP on an interface
A VRRP group can be configured with multiple virtual addresses. The hosts connected to it can use any one of them as the gateway for communications. Configure the VRRP priority on an interface
Command format vrrp <group> priority <priority> Command mode VLAN interface Command function Configures a VRRP priority, 100 by default
Configure preemption on an interface

Command format Command mode Command function Configures if preemption is allowed when the virtual router is in the standby state. Preemption is allowed by default with a delay of 0 in unit of millisecond.
vrrp <group> preempt [delay <seconds>]
VLAN interface
Configure the time interval for sending VRRP advertisements

Command format vrrp <group> advertise [msec] <interval> Command mode Command function Configures the interval for sending VRRP advertisements. 1s by default
VLAN interface
On an interface, configure how to know the interval for sending VRRP messages
Command format vrrp <group> learn Command mode VLAN interface Command function Configures the interval of
234
Chapter 22
VRRP Configuration
messages sending from the master to be learnt from a VRRP message Non-learn by default. The local configuration is used
Configure the authentication character string on an interface

Command format Command mode Command function Configures an authentication character string with a length no greater than 8 No authentication and the character string is null by default
vrrp <group> <string>
authentication
VLAN interface
Examples of Configuring VRRP

Basic VRRP Configuration
VRRP runs between R1 and R2, as shown in Figure 71. The interface address 10.0.0.1 of R1 is used as the VRRP virtual address. R1 acts as the master router.
FIGURE 71 BASIC VRRP CONFIGURATION
Master
Backup
R1
10.0.0.1/16
R2
10.0.0.2/16
PC1
PC2
PC3
PC4
Gateway: 10.0.0.1/16
Configuration of R1
ZXR10_R1(config)#interface vlan 1 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.0.0 ZXR10_R1(config-if)#vrrp 1 ip 10.0.0.1
235
Configuration of R2
ZXR10_R2(config)#interface vlan 1 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.0.0 ZXR10_R2(config-if)#vrrp 1 ip 10.0.0.1
Symmetric VRRP Configuration

Figure 72 illustrates an example in which two VRRP groups are used. PC1 and PC2 use the virtual router of Group 1 as the default gateway with the address 10.0.0.1. PC3 and PC4 use the virtual router of Group 2 as the default gateway with the address 10.0.0.2. R2 and R2 act as the standby routers for each other. The four hosts can communicate with the outside world unless both of the routers fail.
FIGURE 72 SYMMETRIC VRRP CONFIGURATION
Master
Backup
Interface:10.0.0.1/16 group-id=1,addr=10.0.0.1/16 group-id=2,addr=10.0.0.2/16
R1
R2
Interface:10.0.0.2/16 group-id=1,addr=10.0.0.1/16 group-id=2,addr=10.0.0.2/16
PC1
PC2
PC3
PC4
Gateway: 10.0.0.1/16
Gateway: 10.0.0.2/16
Configuration of R1
ZXR10_R1(config)#interface vlan 1 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.0.0 ZXR10_R1(config-if)#vrrp 1 ip 10.0.0.1 ZXR10_R1(config-if)#vrrp 2 ip 10.0.0.2
Configuration of R2
ZXR10_R2(config)#interface vlan 1 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.0.0 ZXR10_R2(config-if)#vrrp 1 ip 10.0.0.1 ZXR10_R2(config-if)#vrrp 2 ip 10.0.0.2
236
Chapter 22
VRRP Configuration
VRRP Maintenance and Diagnosis

ZXR10 T160G/T64G provides related show commands for easier VRRP maintenance and diagnosis.
Command format show vrrp [<group>|brief|interface <interface-name>] Command mode All modes except user mode Command function Displays the configuration information of all the VRRP groups
ZXR10 T160G/T64G also provides VRRP debugging commands.

Command format debug vrrp {state|packet|event|error|all} Command mode Privileged Command function Enables the display of VRRP debug information
237
238
Chapter
23
Load Balance Configuration

Load balance allows data traffic to be forwarded via multiple links among devices, maximizing the utilization of the bandwidths of these links. In this chapter, you will learn about: Load Balance Overview Configuring Load Balance Examples of Configuring Load Balance Load Balance Maintenance and Diagnosis
Load Balance Overview

Load balance allows data traffic to be forwarded via multiple activated links among devices, maximizing the bandwidths of the multiple links. Load balance does not mean the data traffic volume on each link is equal. Data traffic includes the traffic from two directions, one is incoming and the other is outgoing. The traffic of load-balance in the incoming and outgoing directions are closely related to the routes advertised and learnt by the devices. The traffic load balance in the incoming direction shares the impact of the internal routes advertised to the outside by the devices. The traffic load balance in the outgoing direction shares the impact of external routes advertised to the inside by the devices. They have a direct impact on whether multiple routing entries to the destination are installed in the forwarding tables on the devices, as well as the control of multiple routes. ZXR10 T160G/T64G supports route-based load balance. By configuring static routes, routing protocols and the number of routing entries, multiple reachable route entries to one destination can be installed in the forwarding table, thus providing a basis for load balance. ZXR10 T160G/T64G supports the per-destination load balance policy, which considers both the source and destination addresses of packets, allowing the packets with the same source-destination address pair to be routed along the same path (even if there are multiple available paths). Packets with different source-destination address pairs can be routed along different
239
paths. This policy ensures that the packets with the same source-destination address pair arrive in order. In the case where there are a lot of source-destination address pairs in the traffic, load balance will be more effective. ZXR10 T160G/T64G supports up to 8 different paths to the same destination. After configuring load balance, the traffic on the interfaces will be balanced after a period of time.
Configuring Load Balance

The load balance configuration includes the following contents: Configure the maximum number of paths in routing configuration mode
Command format maximum-paths <number> Command mode Routing Command function Configures the maximum number of paths allowed in load balance
The maximum number of paths can be configured in RIP, OSPF, IS-IS and BGP routing configuration modes. The default number of paths is 1. Up to 8 paths are supported. Configure load balance for static routes
Command format ip route [vrf <vrf-name>] <prefix> <net-mask> {<forwarding-router's-address>|<int erface-name>} [<distance-metric>] [tag <tag>] Command mode Command function
Global
Establishes a static route
Configure multiple static routes to one destination. Up to 8 routes are supported, but they should have different tags. The default value of tag is 3.
Examples of Configuring Load Balance

Seven links are connected between R1 and R2 as shown in Figure 73.
240
Chapter 23
FIGURE 73 EXAMPLE OF CONFIGURING LOAD BALANCE
10.1.1.2/24 vlan8 10.1.1.1/24 PC1 vlan7: vlan6: vlan5: vlan4: vlan3: vlan2: vlan1: R1 107.1.1.1/30 106.1.1.1/30 105.1.1.1/30 104.1.1.1/30 103.1.1.1/30 102.1.1.1/30 101.1.1.1/30 vlan7: vlan6: vlan5: vlan4: vlan3: vlan2: vlan1: vlan8
20.1.1.1/24
...
20.1.1.2/24
R2 107.1.1.2/30 106.1.1.2/30 105.1.1.2/30 104.1.1.2/30 103.1.1.2/30 102.1.1.2/30 101.1.1.2/30
PC2
The following sections describe the configurations of load balance in examples of static route and dynamic route protocol OSPF.
Static Route
Configuration of R1
ZXR10_R1(config)#interface vlan1 ZXR10_R1(config-if)#ip address 101.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan2 ZXR10_R1(config-if)#ip address 102.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan3 ZXR10_R1(config-if)#ip address 103.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan4 ZXR10_R1(config-if)#ip address 104.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan5 ZXR10_R1(config-if)#ip address 105.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan6 ZXR10_R1(config-if)#ip address 106.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan7 ZXR10_R1(config-if)#ip address 107.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan8 ZXR10_R1(config-if)#ip address 10.1.1.1 255.255.255.0
ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 107.1.1.2 1 tag 157 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 106.1.1.2 1 tag 156 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 105.1.1.2 1 tag 155 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 104.1.1.2 1 tag 154 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 103.1.1.2 1 tag 153 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 102.1.1.2 1 tag 152 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 101.1.1.2 1 tag 151
Configuration of R2
241
ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 101.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 102.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan3 ZXR10_R2(config-if)#ip address 103.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan4 ZXR10_R2(config-if)#ip address 104.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan5 ZXR10_R2(config-if)#ip address 105.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan6 ZXR10_R2(config-if)#ip address 106.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan7 ZXR10_R2(config-if)#ip address 107.1.1.3 255.255.255.252 ZXR10_R2(config)#interface vlan8 ZXR10_R2(config-if)#ip address 20.1.1.1 255.255.255.0
ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 107.1.1.1 1 tag 157 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 106.1.1.1 1 tag 156 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 105.1.1.1 1 tag 155 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 104.1.1.1 1 tag 154 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 103.1.1.1 1 tag 153 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 102.1.1.1 1 tag 152 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 101.1.1.1 1 tag 151
The 7 links between R1 and R2 achieve load balance. Users PC1 and PC2 can access each other via the 7 links.
OSPF
Configuration of R1
ZXR10_R1(config)#router ospf 100 ZXR10_R1(config-router)#network 101.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 102.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 103.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 104.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 105.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 106.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 107.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 10.1.1.0 0.0.0.255 area 0.0.0.0 ZXR10_R1(config-router)#maximum-paths 7
Configuration of R2
242
Chapter 23
ZXR10_R2(config)#router ospf 100 ZXR10_R2(config-router)#network 101.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 102.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 103.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 104.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 105.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 106.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 107.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 20.1.1.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config-router)#maximum-paths 7
The 7 links between R1 and R2 achieve load balance. Users PC1 and PC2 can access each other via the 7 links.
Load Balance Maintenance and Diagnosis

Use the following commands to display relevant configurations and running information of load balance.
Command format show ip route [<ip-address> [<net-mask>]|<protocol>] Command mode All modes Command function Display the global routing table
In the load balance of static routes, 7 paths to the destination network 20.1.1.0/24 can be seen from R1.
ZXR10_R1#show ip route 20.1.1.0 IPv4 Routing Table: Dest 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 ZXR10_R1# Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Gw 107.1.1.1 106.1.1.1 105.1.1.1 104.1.1.1 103.1.1.1 102.1.1.1 101.1.1.1 Interface vlan7 vlan6 vlan5 vlan4 vlan3 vlan2 vlan1 Owner static static static static static static static pri metr 1 0 1 0 1 0 1 0 1 0 1 0 1 0
In the load balance of dynamic routes, 7 paths to the destination network 20.1.1.0/24 can be seen from R1.
ZXR10_R1#show ip route 20.1.1.0 IPv4 Routing Table:
243
Dest 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 ZXR10_R1#
Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Gw 107.1.1.1 106.1.1.1 105.1.1.1 104.1.1.1 103.1.1.1 102.1.1.1 101.1.1.1
Interface vlan7 vlan6 vlan5 vlan4 vlan3 vlan2 vlan1
Owner ospf ospf ospf ospf ospf ospf ospf
pri metr 110 2 110 2 110 2 110 2 110 2 110 2 110 2
244
Chapter
24
Network Management Configuration

This chapter describes the functions commonly used in network management, including Network Time Protocol (NTP), RADIUS Authentication, Simple Management Network Protocol (SNMP), Remote Monitoring (RMON) and System Log (SysLog). In this chapter, you will learn about: NTP RADIUS Authentication SNMP Remote Monitoring System Log
NTP
NTP Overview
NTP is applied to different network elements for time synchronization. The transmission of NTP itself is based on UDP. Devices enabling NTP adjust their system clocks by exchanging NTP messages and keep their clock in synchronization. ZXR10 T160G/T64G can be used as an NTP client in practical applications.
Configuring NTP
The configuration of NTP includes: Define a time server
Command format ntp server <ip-address> [version Command mode Global Command function Defines a time server
245
<number>]
Enable NTP
Command format ntp enable Command mode Global Command function Enables NTP
Configure the source address used for sending a Synchronize Time request via NTP
Command format Command mode Command function Configures the source address used for sending a Synchronize Time request via NTP
ntp source <ip-address>
Global
Check the NTP running status

Command format show ntp status Command mode All modes except user mode Command function Displays the NTP running status
Examples of Configuring NTP

As shown in Figure 74, the routing switch is used as an NTP client. Suppose the NTP is version 2.
FIGURE 74 EXAMPLE OF CONFIGURING NTP
192.168.2.2/24
vlan24
ZXR10
192.168.2.1/24
NTP Server
Configuration of ZXR10
ZXR10(config)#interface vlan2 ZXR10(config-if)#ip address 192.168.2.2 255.255.255.0 ZXR10(config-if)#exit ZXR10(config)#ntp enable ZXR10(config)#ntp server 192.168.2.1 version 2
246
Chapter 24
RADIUS Authentication
RADIUS Overview
Remote Authentication Dial-In User Service (RADIUS) is a standard authorization, authentication and accounting (AAA) protocol. To the routing switch, AAA allows the users accessing the switch to be authenticated to prevent illegal users and improve the device security. ZXR10 T160G/T64G supports the RADIUS authentication function for authenticating Telnet users accessing the routing switch. ZXR10 T160G/T64G supports multiple RADIUS server groups. Each RADIUS group can be configured with 3 authentication servers. A server timeout parameter and the number of timeout retransmissions can be set for each group. The administrators can select specific RADIUS servers by configuring different RADIUS groups.
Configuring RADIUS
The configuration of RADIUS includes: Configure RADIUS servers
Command format radius server <group-number> authen {master|slave|third} <ip-address> <port> <key> Command mode Global Command function Sets a configuration group for the RADIUS server authentication
Configure Radius server parameters

Command format radius server timeout <group-number> <timeout> Command mode Global Command function Sets the timeout of the authentication request for RADIUS servers Sets the number of retries when the authentication request of a RADIUS server times out
radius server retry-time <group-number> <times>
Global
User configuration
Command format user-authentication-type {local|radius <group>} Command mode Global Command function Specifies the type of user authentication for Telnet login
Example of Configuring RADIUS

Configure a RADIUS group with the timeout set to 3 seconds and the number of retries set to 3. The network between the RADIUS servers and the routing switch is reachable.
247
See the configuration below:

ZXR10(config)#radius server 1 authentication master 192.168.4.45 1812 demoradius ZXR10(config)#radius server 1 authentication slave 192.168.4.46 1812 demoradius2 ZXR10(config)#radius server timeout 1 3 ZXR10(config)#radius server retry-time 1 3 ZXR10(config)#user-authentication-type radius 1
SNMP
SNMP Overview
SNMP is one of the most popular network management protocols. This protocol enables a network management server to manage all the devices in a network. SNMP allows the management based on server and client. The background network management server acts as the SNMP server. The foreground network equipment acts as the SNMP client. The foreground and background systems share the same MIB management database and communicate with each other via SNMP. The routing switch acts as an SNMP agent. A specified SNMP server should be configured. Contents allowed to be collected by network administrators and the collection rights should also be defined. ZXR10 T160G/T64G supports multiple versions of SNMP.
Configuring SNMP
The SNMP configuration on ZXR10 T160G/T64G includes: Set the community name in an SNMP message
Command format snmp-server community [view <community-name> <view-name>] [ro|rw] Command mode Global Command function Sets the community name in an SNMP message
The SNMPv1/v2c authentication is based on community. An SNMP community is named using a character string. Different communities can be assigned read-only or read-write privileges. Communities with the read-only privilege can only query device information. Those with the read-write privilege can configure the devices. However, the privileges of both read-only and read-write are limited by view. Operations are allowed within the scope of view only. If the view parameter is omitted, the default view in the system is used. If the ro/rw parameter is omitted, ro (read-only) is used.
248
Chapter 24
Define an SNMPv2 view

Command format snmp-server view <view-name> <subtree-id> {included|excluded} Command mode Global Command function Defines an SNMPv2 view
The included or excluded parameter of this command adds or removes <subtree-ID> from the specified view. Configurations are allowed for many times for the same <view-name>, which results in a set of cooperating commands. Set the system contact (sysContact) for the MIB objects
Command format snmp-server <mib-syscontact-text> contact Command mode Global Command function Sets the system contact for an MIB object
sysContact is a management variable in the system group in MIB II. It contains the ID and contact of the person relevant to a managed device. Set the location (sysLocation) of the system of an MIB object
Command format snmp-server <mib-syslocation-text> location Command mode Global Command function Sets the location of the system of an MIB object
sysLocation is a management variable in the system group in MIB II. It is used to indicate the locations of managed devices. Set the type of TRAP allowed to be sent
Command format snmp-server enable [<notification-type>] trap Command mode Global Command function Sets the type of trap allowed to be sent by a proxy
Trap is the information a managed device sends to the Network Management System (NMS) without request. It is used to report emergent and important events. Set a trap destination host
Command format snmp-server host [mng|vrf <ip-address> <vrf-name>] [trap|inform] [version {1|2c|3 {auth|noauth|priv}}] <community-name> [udp-port <udp-port>] [<trap-type>] Command mode Command function Configures the sending address, port, version and type of the trap or inform for the host
Global
ZXR10 T160G/T64G supports 5 types of conventional traps: snmp, bgp, ospf, rmon and stalarm. View relevant information of SNMP
Command format show snmp Command mode All modes except user mode Command function Displays the statistics on SNMP messages
249
View the configuration information of SNMP

Command format show snmp config Command mode All modes except user mode Command function Displays the configuration information of the SNMP module
Example of Configuring SNMP

The following is an example of SNMP configuration.
ZXR10(config)#snmp-server view myViewName 1.3.6.1.2.1 included ZXR10(config)#snmp-server community myCommunity view myview rw ZXR10(config)#snmp host 168.1.1.1 ver 1 community-name ospf ZXR10(config)#snmp-server location this is ZXR10 in china ZXR10(config)#snmp-server contant this is ZXR10, tel: (025)2872006
Remote Monitoring
Remote Monitoring Overview
The Remote Monitoring (RMON) system is used to monitor the services on remote-ends. With RMON, a remote probe is used to collect and process data, i.e. the routing switch system. The routing switch also includes RMON agent software communicating with the NMS via SNMP. Information is transferred from the routing switch to the NMS only when it is required.
Configuring RMON
The RMON configuration on ZXR10 T160G/T64G includes: Enable statistics on an interface (only for Ethernet)
Command format rmon collection statistics <index> [owner <string>] Command mode Port Command function Enables statistics on a port
Set alarms and MIB objects

Command format rmon alarm <index> <variable> <interval> {delta|absolute} rising-thershold <value> [<event-index>] falling-threshold <value> [<event-index>] [owner <string>] Command mode Command function
Global
Sets alarms and MIB objects
Enable history collection on an interface
250
Chapter 24
Command format rmon collection history <index> [owner <string>] [buckets [interval <bucket-number>] <seconds>]
Command mode
Command function Enables history collection on an interface
Port
Configure an event
Command format rmon event <index> [log] [trap [description <community>] <string>] [owner <string>] Command mode Global Command function Configures an event
Display the RMON configuration and related information

Command format show rmon [alarms] [events] [history] [statistics] Command mode All modes except user mode Command function Displays the configuration and information RMON related
Examples of Configuring RMON

The following are examples of SNMP configurations. Configure and enable the RMON statistics control entry
ZXR10(config)#interface fei_1/1 ZXR10(config-if)#rmon collection statistics 1 owner rmontest ZXR10(config-if)#
Suppose n computers are connected to port fei_1/1. When these computers communicate on a subnetwork, traffic statistics can be viewed via the network management software or using a show command.
ZXR10#show rmon statistics EtherStatsEntry 1 is active, and owned by rmontest Monitors ifEntry.1.1 which has Received 60739740 octets, 201157 packets, 1721 broadcast and 9185 multicast packets, 0 undersized and 0 oversized packets, 0 fragments and 0 jabbers, 0 CRC alignment errors and 32 collisions. # of dropped packet events (due to lack of resources): 511 # of packets received of length (in octets): 64: 92955, 65-127: 14204, 128-255: 1116, 256-511: 4479, 512-1023: 85856, 1024-1518:2547 ZXR10#
251
Configure and enable the RMON history control entry

ZXR10(config)#interface fei_1/1 ZXR10(config-if)#rmon collection history 1 bucket 10 interval 10 owner rmontest ZXR10(config-if)#
Use a show command to view the RMON history information

ZXR10#show rmon history Entry 1 is active, and owned by rmontest Monitors ifEntry.1.1 every 10 seconds Requested # of time intervals, ie buckets, is 10 Granted # of time intervals, ie buckets, is 10 Sample # 1 began measuring at 00:11:00 Received 38346 octets, 216 packets, 0 broadcast and 80 multicast packets, 0 undersized and 0 oversized packets, 0 fragments and 0 jabbers, 0 CRC alignment errors and 0 collisions. # of dropped packet events is 0 Network utilization is estimated at 1
Configure and enable the RMON alarm control entry

ZXR10(config)#rmon alarm 1 system.3.0 10 absolute rising-threshold 1000 1 Falling-threshold 10 0 owner rmontest ZXR10(config)#
Use a show command to view the RMON alarm information

ZXR10#show rmon alarm Alarm 1 is active, owned by rmontest Monitors system.3.0 every 10 seconds Taking absolute samples, last value was 54000 Rising threshold is 1000, assigned to event 1 Falling threshold is 10, assigned to event 0 On startup enable rising or falling alarm ZXR10#
Configure and enable event

ZXR10(config)#rmon event 1 log trap rmontrap description test owner rmontest ZXR10(config)#
Configure an alarm control entry and wait for 10s. Use a show command to view the contents of the RMON event.
ZXR10#show rmon event Event 1 is active, owned by rmontest
252
Chapter 24
Description is test Event firing causes log and trap to community rmontrap, last fired 05:40:20 Current log entries: index 1 ZXR10# time 05:40:14 description test
System Log
SysLog Overview
ZXR10 T160G/T64G allows the user to set and query logs. Log information makes it easy for maintaining the routing switch regularly. Log information allows you to view the alarm information and port status changes on the routing switch. Logs can be displayed on the configured terminals in real time, or saved on the routing switch or a background log server in files. You can enable the SysLog protocol on ZXR10 T160G/T64G to transmit the logs by communicating with the background syslog server via the protocol.
Configuring SysLog
The configuration of SysLog includes: Enable log
Command format logging on Command mode Global Command function Enables log
Set the size of log buffer

Command format logging buffer <buffer-size> Command mode Global Command function Sets the size of log buffer
Set a log cleanup mode

Command format logging [<interval>] mode <mode> Command mode Global Command function Sets a log cleanup mode
Set the level of logs to be displayed on a console interface or telnet interface

Command format logging console <level> Command mode Global Command function Sets the level of logs to be displayed on a console interface or telnet interface
Set the level of logs to be saved in the log cache
253
Command format logging level <level>
Command mode Global
Command function Sets the level of logs to be saved in the log cache
Set the parameters of the FTP log server

Command format logging ftp <level> [vrf <vrf-name>|mng] <ftp-server> <username> <password> [<filename>] Command mode Command function Sets the parameters of the FTP log server
Global
Set the parameters of the background SysLog server

Command format syslog on syslog level <level> syslog server [vrf <vrf-name>|mng] <ip-address> [fport <fport>] [lport <lport>] Command mode Global Global Command function Enables SysLog processing protocol
Sets a log level for SysLog protocol processing Sets the parameters of the background SysLog server
Global
View log information

Command format show logging alarm [start-date <type>] [end-date <date>] <level>]} {[typeid <date>] [level Command mode All modes except user mode Command function
Displays log information
The types of supported alarmed information include environment, board, port, ROS, database, OAM, security, OSPF, RIP, BGP, DRP, TCP-UDP, IP, IGMP, Telnet, ARP, ISIS, ICMP, SNMP and RMON.
Example of Configuring SysLog

The following is an example of setting SysLog. Before configuring SysLog, enable the log function using the logging on command.
ZXR10(config)#logging on ZXR10(config)#logging buffer 100 ZXR10(config)#logging mode FULLCLEAR ZXR10(config)#logging console warnings ZXR10(config)#logging level errors ZXR10(config)#logging ftp notificational 168.1.70.100 target target zxralarm.log
254
Acronyms and Abbreviations

Abbreviation ABR ACL AD ARP AS ASBR ATM BGP BOOTP BRD CHAP CIDR CLNP CLNS CoS CRC CRLDP CSN DHCP DIS DNS DR EBGP EGP ES FEC FIFO FPGA FSM Full Name Area Border Router Access Control List Administrative Distance Address Resolution Protocol Autonomous System Autonomous System Border Router Asynchronous Transfer Mode Border Gateway Protocol BOOTstrap Protocol Backup Designate Router Challenge Handshake Authentication Protocol Classless Inter-Domain Routing ConnectionLess Network Protocol ConnectionLess Network Service Class of Service Cyclic Redundancy Check Constraint based Routing Label Distribution Protocol Cryptographic Sequence Number Dynamic Host Configuration Protocol Designate IS Domain Name System Designate Router External Border Gateway Protocol External Gateway Protocol End System Forwarding Equivalence Class First In and First Out Field Programmable Gate Array Finite State Machine
255
Abbreviation FTP GBIC GRE ICMP IETF IGMP IGP IP ISO ISP LACP LAN LAPB LCP LDP LSA LSP LSR MAC MD5 MED MIB MPLS MSTP MTU NAT NBMA NCP NIC NLRI NMS NSAP NSP NTP NVT OAM
Full Name File Transfer Protocol Gigabit Interface Converter General Routing Encapsulation Internet Control Message Protocol Internet Engineering Task Force Internet Group Management Protocol Interior Gateway Protocol Internet Protocol International Organization for Standardization Internet Service Provider Link Aggregation Control Protocol Local Area Network Link Access Procedure Balanced Link Control Protocol Label Distribution Protocol Link State Advertisement Link State PDU Label Switch Router Media Access Control Message Digest 5 MULTI_EXIT_DISC Management Information Base Multi-Protocol Label Switching Multiple Spanning Tree Protocol Maximum Transmission Unit Network Address Translation Non-Broadcast Multiple Access Network Control Protocol Network Information Center Network Layer Reachable Information Network Management System Network Service Access Point Network Service Provider Network Time Protocol Network Virtual Terminal Operation And Management
256
Acronyms and Abbreviations
Abbreviation OSI OSPF PAP PAT PCM PDU POS PPP
Full Name Open Systems Interconnection Open Shortest Path First Password Authentication Protocol Port Address Translation Pulse Code Modulation Protocol Data Unit Packet over SDH Point-to-Point Protocol
257
258
Figures
Figure 1 ZXR10 T160G/T64G sketch map of system principle ...........................10 Figure 2 Abridged General View of ZXR10 T160G components position...............11 Figure 3 ZXR10 T160G Front Panel ...............................................................12 Figure 4 Abridged General View of ZXR10 T64G components position ................13 Figure 5 ZXR10 T64G Front Panel .................................................................13 Figure 6 The front panel of ZXR10 T160G MCS ...............................................14 Figure 7 The front panel of ZXR10 T64G MCS .................................................14 Figure 8 Front panel of 44+4 fast Ethernet electrical interface board .................17 Figure 9 Front panel view of twelve-port gigabit Ethernet optical interface ..........18 Figure 10 Front panel view of twenty-four-port gigabit Ethernet optical interface board................................................................................................19 Figure 11 Front panel view of twelve-port gigabit Ethernet electrical interface board ........................................................................................................20 Figure 12 Front panel view of twenty-four-port gigabit Ethernet electrical interface board................................................................................................22 Figure 13 Front panel view of one-port 10-gigabit Ethernet optical interface board ........................................................................................................23 Figure 14 Front panel view of two-port 10-gigabit Ethernet optical interface board ........................................................................................................24 Figure 15 Front panel view of power supply module ........................................26 Figure 16 Rear panel view of DC power supply board.......................................26 Figure 17 Rear panel view of AC power supply board.......................................26 Figure 18 Front Panel View of Fan Plug-in Box ................................................28 Figure 19 ZXR10 T160G/T64G Configuration Mode..........................................30 Figure 20 Hyperterminal Configuration 1 .......................................................31 Figure 21 Hyperterminal Configuration 2 .......................................................31 Figure 22 Hyperterminal Configuration 3 .......................................................32 Figure 23 Running Telnet ............................................................................33 Figure 24 Telnet login schematic diagram ......................................................34 Figure 25 Setting the IP address and port No of SSH server .............................36 Figure 26 Setting SSH version......................................................................37 Figure 27 WFTPD Window............................................................................38 Figure 28 User/Rights Security Dialog Box .....................................................38 Figure 29 TFTPD Window.............................................................................39 Figure 30 Configuration Dialog Box ...............................................................40 Figure 31 Example of Port Mirroring ..............................................................66 Figure 32 The Format of VLAN Tag ...............................................................70 Figure 33 Typical Networking of VLAN ...........................................................74 Figure 34 Typical QinQ Networking ...............................................................76 Figure 35 Example of SuperVLAN Configuration ............................................79 Figure 36 Example of MAC Address Table Configuration ...................................90 Figure 37 MSTP Configuration Example Networking Diagram 1........................ 100 Figure 38 MSTP Configuration Example Networking Diagram 2........................ 101 Figure 39 Example of Link Aggregation Configuration .................................... 105 Figure 40 IGMP Snooping Application ..........................................................109 Figure 41 Example of IGMP Snooping Configuration ......................................113 Figure 42 Configuring Static Route .............................................................120 Figure 43 Static Routes Summarization ....................................................... 121 Figure 44 Configure Default Route ..............................................................122
259
Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
Basic RIP Configuration ...............................................................129 OSPF Router Types.....................................................................134 Basic OSPF Configuration ............................................................141 Example of Multi-Area OSPF Configuration .....................................142 Example of OSPF Virtual Link Configuration....................................144 Example of OSPF Authentication Configuration ...............................145 IS-IS Area Diagram ....................................................................151 IS-IS Configuration in Single Area ................................................156 IS-IS Configuration in Multi Area ..................................................157 Basic BGP Configuration ..............................................................165 Advertising BGP Routes...............................................................166 Advertising BGP Aggregation .......................................................167 Configuring BGP Multihop ............................................................168 Filtering Routes via NLRI ............................................................. 170 Configuring the Local Preference Attribute .....................................172 Configuring the MED Attribute......................................................173 Configuring BGP Synchronization.................................................. 176 Configuring BGP Route Reflectors .................................................177 Configuring BGP Confederation ....................................................179 Example of Configuring BGP ........................................................181 Example of Configuring Multicasting..............................................197 Example of Configuring ACL.........................................................212 Example of a Typical QoS Configuration.........................................223 Example of Configuring Policy Routing........................................... 224 Configuring a DHCP Server ..........................................................230 Configuring a DHCP Relay ........................................................... 231 Basic VRRP Configuration ............................................................235 Symmetric VRRP Configuration.....................................................236 Example of Configuring Load Balance ............................................241 Example of Configuring NTP......................................................... 246
260
Tables
Table 1 Typographical Conventions ................................................................iii Table 2 Mouse Operation Conventions ............................................................iv Table 3 Safety Signs....................................................................................iv Table 4 ZXR10 T160G/T64G Technical Features and Parameters ...................... 6 Table 5 Features of Fast Ethernet Management Interface ................................ 15 Table 6 Functional description of front panel LEDs in the control switching board 15 Table 7 Functional description of buttons in the control switching board ............ 16 Table 8 Characteristics of 44+4 Fast Ethernet Electrical Interface Board............ 17 Table 9 Functional description of front panel LEDs in 44+4 fast Ethernet interface board............................................................................................... 17 Table 10 Characteristics of twelve-port gigabit Ethernet optical interface board .. 18 Table 11 Functional description of front panel LEDs in 12-port gigabit Ethernet optical interface board .................................................................................. 18 Table 12 Characteristics of twenty-four-port gigabit Ethernet optical interface board ....................................................................................................... 19 Table 13 Functional description of front panel LEDs in 24-port gigabit Ethernet optical interface board .................................................................................. 20 Table 14 Characteristics of twelve-port gigabit Ethernet electrical interface board21 Table 15 Functional description of front panel LEDs in 12-port gigabit Ethernet electrical interface board..................................................................... 21 Table 16 Characteristics of twenty-four-port gigabit Ethernet electrical interface board............................................................................................... 22 Table 17 Functional description of front panel LEDs in 24-port gigabit Ethernet electrical interface board..................................................................... 23 Table 18 Characteristics of one-port 10-gigabit Ethernet optical interface board . 24 Table 19 Functional description of front panel LEDs in one-port 10-gigabit Ethernet optical interface board ........................................................................ 24 Table 20 Characteristics of two-port 10-gigabit Ethernet optical interface board . 25 Table 21 Functional description of front panel LEDs in two-port 10-gigabit Ethernet optical interface board ........................................................................ 25 Table 22 Command Mode ........................................................................... 41 Table 23 Range of IP Addresses .................................................................115
261

Zte ZXR10 T160G/T64G

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Zte ZXR10 T160G/T64G

Încărcat de

Drepturi de autor:

Formate disponibile

ZXR10 T160G/T64G 10-Gigabit Routing Switch

ZTE CORPORATION Values Your Comments & Suggestions!

This page is intentionally blank.

SSH Connection Configuration ...............................................................................................35 SNMP Connection Configuration .............................................................................................40

Command Mode ................................................................................................... 41 Command Line Application .................................................................................... 43

Data Backup and Restoration................................................................................. 51 Importing/Exporting Configuration ......................................................................... 52

Setting System Parameters ................................................................................... 56 Viewing System Information.................................................................................. 57

Port Mirroring Configuration................................................................................... 65

Examples of MAC Address Table Configuration ........................................................ 90

Instances of Configuring STP ................................................................................. 99

STP Maintenance and Diagnosis........................................................................... 101

Chapter 10.................................................................................. 103

Chapter 11.................................................................................. 109

Configuring IGMP Snooping ................................................................................. 110

Chapter 12.................................................................................. 115

ARP Configuration............................................................................................... 117

Chapter 13.................................................................................. 119

Maintenance and Diagnosis of Static Route ........................................................... 123

Chapter 14.................................................................................. 125

Configuring RIP .................................................................................................. 126

Chapter 15.................................................................................. 131

Configuring OSPF................................................................................................ 136

Instances of Configuring OSPF ............................................................................. 141

Configure OSPF Virtual Link .................................................................................................144 Configure OSPF Authentication.............................................................................................145

OSPF Maintenance and Diagnosis......................................................................... 146

Chapter 16.................................................................................. 149

Configuring IS-IS................................................................................................ 151

Instances of Configuring IS-IS ............................................................................. 156

IS-IS Maintenance and Diagnosis......................................................................... 160

Chapter 17.................................................................................. 163

Chapter 18.................................................................................. 185

Multicasting Route Configuration ......................................................... 185

Configuring Public Multicast ................................................................................. 189 Configuring IGMP................................................................................................ 189

Configuring PIM-SM ............................................................................................ 192

Configuring MSDP............................................................................................... 195

Chapter 19.................................................................................. 205

Chapter 20.................................................................................. 215

Configuring QoS ................................................................................................. 218

Example of Configuring QoS ................................................................................ 222

QoS Maintenance and Diagnosis .......................................................................... 225

Chapter 21.................................................................................. 227

DHCP Maintenance and Diagnosis ........................................................................ 231

Chapter 22.................................................................................. 233

VRRP Maintenance and Diagnosis......................................................................... 237

Chapter 23.................................................................................. 239

Load Balance Maintenance and Diagnosis ............................................................. 243

Chapter 24.................................................................................. 245

RADIUS Authentication ....................................................................................... 247

Remote Monitoring ............................................................................................. 250

System Log........................................................................................................ 253

Acronyms and Abbreviations..................................................... 255 Figures........................................................................................ 259 Tables ......................................................................................... 261

This page is intentionally blank.

About this User Manual

Purpose of this User Manual

Introduction to this Manual

Confidential and Proprietary Information of ZTE CORPORATION

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual

Confidential and Proprietary Information of ZTE CORPORATION

About this User Manual

CAPS Constant width [] {} |

Confidential and Proprietary Information of ZTE CORPORATION

ZXR10 T160G/T64G (V2.6) 10-Gigabit Routing Switch User Manual

Mouse Operation Conventions