Documente Academic
Documente Profesional
Documente Cultură
User Manual
Version 2.6
ZTE CORPORATION ZTE Plaza, Keji Road South, Hi-Tech Industrial Park, Nanshan District, Shenzhen, P. R. China 518057 Tel: (86) 755 26771900 800-9830-9830 Fax: (86) 755 26772236 URL: http://support.zte.com.cn E-mail: doc@zte.com.cn
LEGAL INFORMATION Copyright 2005 ZTE CORPORATION. The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners. This document is provided as is, and all express, implied, or statutory warranties, representations or conditions are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose, title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the information contained herein. ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject matter of this document. Except as expressly provided in any written license between ZTE CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter herein. The contents of this document and all policies of ZTE CORPORATION, including without limitation policies related to support or training are subject to change without notice.
Revision History Date 20050511 20070105 Revision No. R1.1 R1.2 Serial No. sjzl20052424 sjzl20052424 Description
Equipment Installation Date Presentation: (Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization, Appearance) Good Your evaluation of this documentation Accessibility: (Contents, Index, Headings, Numbering, Glossary) Good Fair Average Poor Bad N/A Fair Average Poor Bad N/A
Intelligibility: (Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content) Good Fair Average Poor Bad N/A Please check the suggestions which you feel can improve this documentation: Your suggestions for improvement of this documentation Improve the overview/introduction Improve the Contents Improve the organization Include more figures Add more examples Add more detail Other suggestions Make it more concise/brief Add more step-by-step procedures/tutorials Add more troubleshooting information Make it less technical Add more/better quick reference aids Improve the index
__________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ __________________________________________________________________________ # Please feel free to write any comments on an attached sheet.
If you wish to be contacted regarding your comments, please complete the following: Name Postcode Telephone Company Address E-mail
Contents
About this User Manual...............................................................................i
Purpose of this User Manual......................................................................................i Introduction to this Manual....................................................................................... i Typographical Conventions......................................................................................iii Mouse Operation Conventions................................................................................. iv Safety Signs.......................................................................................................... iv How to Get in Touch ............................................................................................... v
Customer Support...................................................................................................................v Documentation Support...........................................................................................................v
Chapter 1........................................................................................ 1
Safety Instructions.....................................................................................1
Chapter 2........................................................................................ 3
Introduction to the System........................................................................3
Product Overview ...................................................................................................3 Functional Introduction............................................................................................4 Technical Features and Parameters ..........................................................................6
Chapter 3........................................................................................ 9
Structure and Principle ..............................................................................9
Working Principle....................................................................................................9 Hardware Structure .............................................................................................. 10 Unit/Component Introduction ................................................................................ 14
Control Switching Board ........................................................................................................14 Line interface card.................................................................................................................16 Power Supply Module ............................................................................................................25 Fan Plug-in Box.....................................................................................................................27
Chapter 4...................................................................................... 29
Usage and Operation............................................................................... 29
Configuration Mode............................................................................................... 29
Serial Interface Connection Configuration ...............................................................................30 Telnet Connection Configuration.............................................................................................32
Chapter 5...................................................................................... 47
System Management .............................................................................. 47
File System Management ...................................................................................... 47
Introduction to File System ....................................................................................................47 File System Operation ...........................................................................................................48
Chapter 6...................................................................................... 59
Port Configuration................................................................................... 59
Basic Port Configuration ........................................................................................ 59
Principle of Port Naming.........................................................................................................60 Configuring Basic Port Parameters..........................................................................................60 Show Port Information...........................................................................................................62 Line Diagnosis Analysis Test...................................................................................................64
Chapter 7...................................................................................... 69
VLAN Configuration................................................................................. 69
VLAN Overview .................................................................................................... 69
VLAN Types ..........................................................................................................................70 VLAN Tab..............................................................................................................................70 VLAN Link Type.....................................................................................................................70 Default VLAN.........................................................................................................................71
QinQ Configuration ............................................................................................... 76 SuperVLAN Configuration ...................................................................................... 78 VLAN Maintenance and Diagnosis........................................................................... 80
Chapter 8...................................................................................... 83
MAC Table Operation............................................................................... 83
MAC Address Table Overview................................................................................. 83
The Composition and Meaning of MAC Address Table..............................................................83 MAC Address Categories........................................................................................................84 MAC Address Table Creation and Deletion...............................................................................84 Setting MAC Address Aging Time ...........................................................................................86 Burning MAC Address ............................................................................................................86 Binding MAC Address to Port..................................................................................................87 Enable Port MAC Address Learning.........................................................................................87 Limit Number of Port MAC Address.........................................................................................87 Port MAC Address Learning Protection ....................................................................................88 MAC Address Filtering............................................................................................................88 View MAC Address Table........................................................................................................89
Chapter 9...................................................................................... 93
STP Configuration.................................................................................... 93
STP Overview....................................................................................................... 93
SSTP Mode ...........................................................................................................................93 RSTP Mode ...........................................................................................................................94 MSTP Mode...........................................................................................................................94
Configuring STP.................................................................................................... 96
Enable/Disable STP ...............................................................................................................96 Configuring STP Mode............................................................................................................96 Configuring STP Protocol Parameters......................................................................................96 Creating Instances ................................................................................................................97 Update MST Configuration Name and Configuration Version ....................................................98 Configuring Switch Priority and Port Priority ............................................................................98 Configuring Whether a Port in STP Protocol Participates in Spanning Tree Calculation ...............99
Configuring Link Aggregation ............................................................................... 104 Instances of Configuring Link Aggregation ............................................................ 105 Link Aggregation Maintenance and Diagnosis ........................................................ 106
Instances of IGMP Snooping Configuration............................................................ 113 IGMP Snooping Maintenance and Diagnosis .......................................................... 113
RIP Fundamentals ...............................................................................................................125 Metric and Administrative Distance.......................................................................................125 Timer..................................................................................................................................126 Route Update......................................................................................................................126
Instances of configuring RIP ................................................................................ 128 RIP Maintenance and Diagnosis ........................................................................... 129
Example of Configuring BGP ................................................................................ 180 BGP Maintenance and Diagnosis .......................................................................... 182
Example of Configuring Multicasting ..................................................................... 197 Multicasting Maintenance and Diagnosis ............................................................... 199
Common Show Commands .................................................................................................199 IGMP ..................................................................................................................................200 PIM-SM...............................................................................................................................201 MSDP .................................................................................................................................203
Examples of Configuring ACL ............................................................................... 211 ACL Maintenance and Diagnosis........................................................................... 213
Redirection and Policy Routing .............................................................................................217 Priority Tagging...................................................................................................................218 Traffic Mapping....................................................................................................................218 Traffic Statistics...................................................................................................................218
Chapter 4 consists of Usage and Operation: in this chapter, you will learn about the configuration mode, command mode, and command line usage of ZXR10 T160G/T64G.
Chapter 5 consists of System Management: introduces the ZXR10 T160G/T64G system management. Chapter 6 consists of Port Configuration: introduces the configuration of port parameter and port mirror. Chapter 7 consists of VLAN Configuration: introduces basic configuration and extended configuration of VLAN. Chapter 8 consists of MAC Table Operation: introduces MAC table and MAC-address-related configuration. Chapter 9 consists of STP Configuration: introduces the configuration of STP. Chapter 10 consists of Link Aggregation Configuration: introduces LACP and static trunk configuration. Chapter 11 consists of IGMP Snooping Configuration: introduces the configuration of IGMP Snooping. Chapter 12 consists of Network Protocol Configuration: introduces IP address and ARP configuration. Chapter 13 consists of Static Route Configuration: introduces the configuration of static route. Chapter 14 consists of RIP Configuration: introduces the configuration of RIP. Chapter 15 consists of OSPF Configuration: introduces the configuration of OSPF. Chapter 16 consists of IS-IS Configuration: introduces the configuration of IS-IS protocol. Chapter 17 consists of BGP Configuration: introduces the configuration of BGP. Chapter 18 consists of Multicast Route Configuration: introduces the configuration of multicast routing protocol. Chapter 19 consists of ACL Configuration: introduces the configuration of ACL. Chapter 20 consists of QoS Configuration: introduces the configuration of QoS. Chapter 21 consists of DHCP Configuration: introduces the configuration of DHCP. Chapter 22 consists of VRRP Configuration: introduces the configuration of VRRP. Chapter 23 consists of Load Balance Configuration: introduces the configuration of load sharing function.
ii
Chapter 24 consists of Network Management Configuration: introduces frequently used functions in the network management including NTP, RADIUS authentication, SNMP, RMON and system log configuration. Appendix A consists of Acronyms and Abbreviations.
Typographical Conventions
ZTE documents employ with the following typographical conventions.
TABLE 1 TYPOGRAPHICAL CONVENTIONS
Typeface
Meaning References to other guides and documents. Links on screens. Menus, menu options, function names, input fields, radio button names, check boxes, drop-down lists, dialog box names, window names. Keys on the keyboard and buttons on screens and company name. Text that you type, program code, files and directory names, and function names. Optional parameters Mandatory parameters Select one of the parameters that are delimited by it Note: Provides additional information about a certain topic. Checkpoint: Indicates that a particular step needs to be checked before proceeding further. Tip: Indicates a suggestion or hint to make things easier or more productive for the reader.
Italics
Quotes Bold
iii
Meaning Refers to clicking the primary mouse button (usually the left mouse button) once. Refers to quickly clicking the primary mouse button (usually the left mouse button) twice. Refers to clicking the secondary mouse button (usually the right mouse button) once. Refers to pressing and holding a mouse button and moving the mouse.
Safety Signs
TABLE 3 S AFETY SIGNS
Safety Signs
Meaning Danger: Indicates an imminently hazardous situation, which if not avoided, will result in death or serious injury. This signal word should be limited to only extreme situations. Warning: Indicates a potentially hazardous situation, which if not avoided, could result in death or serious injury. Caution: Indicates a potentially hazardous situation, which if not avoided, could result in minor or moderate injury. It may also be used to alert against unsafe practices.
Electric shock: There is a risk of electric shock. Electrostatic: The device may be sensitive to static electricity.
Microwave: Beware of strong electromagnetic field. Laser: Beware of strong laser beam.
iv
Safety Signs
Meaning
Customer Support
If you have problems, questions, comments, or suggestions regarding your product, contact us by e-mail at support@zte.com.cn. You can also call our customer support center at (86) 755 26771900 and (86) 800-9830-9830.
Documentation Support
ZTE welcomes your comments and suggestions on the quality and usefulness of this document. For further questions, comments, or suggestions on the documentation, you can contact us by e-mail at doc@zte.com.cn; or you can fax your comments and suggestions to (86) 755 26772236. You can also explore our website at http://support.zte.com.cn, which contains various interesting subjects like documentation, knowledge base, forum and service request.
vi
Chapter
Safety Instructions
In this chapter, you will learn about safety instructions and signs. Only qualified professionals can perform installation, operation and maintenance owing to the high temperature and high voltage in the equipment. Please observe the local safety codes and relevant operation procedures in equipment installation, operation and maintenance; otherwise personal injury or equipment damage could be caused. The safety precautions introduced in this Manual are only supplementary to the local safety codes. ZTE shall not bear any liabilities incurred by violation of the universal safety operation requirements or violation of the safety standards for designing, manufacturing and using the equipment.
Chapter
Product Overview
ZXR10 T160G/T64G is an Ethernet routing switch developed by ZTE Corporation which can be applicable to the backbone layer or convergence layer of MAN and can also server as backbone/convergence layer switch in corporate network and campus network. ZXR10 T160G/T64G provides the interfaces including fast Ethernet, gigabit Ethernet and 10-gigabit and supports L2/L3 wire-speed forwarding of all ports. Therefore, it can satisfy the increasing requirements for bandwidth. ZXR10 T160G/T64G also supports multiple unicast and multicasting protocols. The service categories carried by data network increase rapidly with the development of network, which requires higher QoS and better security for network equipment. ZXR10 T160G/T64G provides abundant policies and resources regarding QoS and ACL, assuring QoS and system security. As the important switching node of backbone/convergence layer, ZXR10 T160G/T64G provides the hot-backup function of power module and control
& switching module, therefore, it is applicable to large-capacity network with high reliability. It has the following characteristics: Carrier-class reliability Full-wire-speed forwarding and filtering capability Supports abundant network protocols Open architecture, supporting high upgrading performance
Functional Introduction
ZXR10 T160G/T64G adopts the structure of standard 19-inch plug-in box. ZXR10 T160G has 10 plug-in slots, two of which are slots for control and switching board, and the other eight ones are slots for line interface card. ZXR10 T64G has 6 plug-in slots, one of which is slot for control and switching board, four of which are for line interface card, and the left one can serve as the slot for control and switching board or line interface card. Control and switching board is the core of the system implementing the functions including switching, protocol processing, system configuration management and network management interface; it can perform 1+1 redundancy configuration. Line interface card performs the operations of message processing including forwarding, discarding, and reporting to implement wire-speed forwarding of service flow. ZXR10 T160G/T64G supports line interface cards of multiple categories and port density. One port 10-gigabit Ethernet optical interface board Two-port 10-gigabit Ethernet optical interface board Twelve-port gigabit Ethernet optical interface board Twenty-four-port gigabit Ethernet optical interface board Twelve-port gigabit Ethernet electrical interface board Twenty-four-port gigabit Ethernet electrical interface board 44+4 fast Ethernet electrical interface board ZXR10 T160G/T64G implements full-wire-speed Layer2/3 switching function and supports multiple protocols.
Chapter 2
ZXR10 T160G/T64G provides the following functions which are given below: Physical interface Supports the configuration of port rate, duplex mode, and self-adaptive Supports port mirroring Supports broadcast storm suppression Supports line diagnosis analysis test VLAN Supports the VLAN based on port Supports IEEE 802.1Q, the maximum of VLAN is 4094 Supports PVLAN Supports VLAN double layer tab Supports SuperVLAN Layer 2 protocol Supports STP, RSTP and MSTP Supports static Trunk and LACP Supports IGMP Snooping Routing Protocol Supports the unicast protocols including static routing, RIP v1/v2, OSPF, IS-IS, and BGP Supports multicasting protocols including IGMP v1/v2, PIM-SM, and MSDP ACL Supports standard ACL, extended ACL, Layer 2 ACL and mixed ACL Supports ACL time segment restriction QoS Supports 802.1p priority Supports SP and WRR queue dispatching mode Supports traffic monitoring and management Supports flow-based redirection Supports flow mirroring and traffic statistic
Access authentication Supports Radius Client Supports DHCP Relay and DHCP Server Reliability Supports VRRP Supports routing load sharing Network Management Supports CLI configuration mode Supports configuring via Console, Telnet, and SSH Supports SNMP and RMON Supports ZXNM01 universal network management system
TABLE 4 ZXR10
Item Dimensions
Description ZXR10 T160G: 577mm (H) 442mm (W) 450mm (D) ZXR10 T64G: 443.7mm(H) 442mm(W) 450mm(D) ZXR10 T160G: 49kg ZXR10 T64G: 46kg DC: 100V~240V, 50Hz ~60Hz AC: -57V~-40V ZXR10 T160G the total power consumption fully configured is 1200W ZXR10 T64G total power consumption of full configuration is 720W
Weight
MTBF>200000 Hours Reliability MTTR< 30 minutes All boards support hot swap, control switching board, and power redundancy backup
Chapter 2
Item Lightening Protection Ambient Temperature Ambient Humidity Memory Capacity Backplane Bandwidth Switching Capacity Packet Forwarding Rate Routing table entries MAC address table depth
Description
Relative humidity 20%~90%, non-condensing ZXR10 T160G: 512M ZXR10 T64G: 256M ZXR10 T160G: 1.44Tbps ZXR10 T64G: 810Gbps ZXR10 T160G: 1152Gbps ZXR10 T64G: 576Gbps ZXR10 T160G: 576M ZXR10 T64G: 360M
500K
64K
Chapter
Working Principle
ZXR10 T160G/T64G is a large-capacity rack mountable Ethernet switch, which implements wire-speed Layer2/3 switching via two-level hardware switching. Level 1 switching is between ports of line interface cards; level 2 switching between line interface cards is implemented via control switching board. ZXR10 T160G/T64G hardware design complies with the principle of system modulization, which, according to function system, includes the following four modules: Control module: is composed of main processor and some external functional chips, which implements processing to applications of the system. It provides various operational interfaces including serial interface and Ethernet interface to perform data operation and maintenance.
Switching module: It provides multiplex high-speed bi-directional serial interface to implement wire-speed data switch between line interface cards. Packet processing and interface module: Interface module is the external interface of ZXR10 T160G/T64G, providing one or multiple physical ports. Different line interface cards can implement access of different rates and types. Power supply module: It adopts 220V AC power supply or 48V DC power supply, providing power for other parts of the system. Abridged General View of ZXR10 T160G/T64G system principle is shown in Figure 1.
Hardware Structure
ZXR10 T160G/T64G system is composed of chassis, power supply plug-in box, board, fan plug-in box and backplane. The system adopts international standard 19-inch plug-in box, which can lay-out solely or fix in standard chassis.
....
High-speed XAUI Interface High-speed XAUI Interface
....
Switching Network
Power Supply
Control Module
10
Chapter 3
ZXR10 T160G and ZXR10 T64G adopt same hardware structure with control/switching board and various line interface cards shared, only the number of line interface cards supported are different. In ZXR10 T160G, 8 line interface cards can be plugged in; while in ZXR10 T64G, when master/slave control is not needed, 5 line interface cards can be plugged in, and when master/slave control is needed, 4 line interface cards can be plugged in. The location of ZXR10 T160G components is shown in Figure 2, and the corresponding front panel is as shown in Figure 3.
19" Line Interface Card Line Interface Card Line Interface Card Line Interface Card Fan Controlled Switching Card Controlled Switching Card Line Interface Card Line Interface Card Line Interface Card Line Interface Card AC/DC Module AC/DC Module AC/DC Module
11
The position of ZXR10 T64G components is shown in Figure 4, and the corresponding front panel is as shown in Figure 5.
12
Chapter 3
19" Line Interface Card Line Interface Card Fan Controlled Switching Card Controlled Switching Card/Line Interface Card Line Interface Card Line Interface Card AC/DC Module AC/DC Module AC/DC Module
13
Unit/Component Introduction
Control Switching Board
Control switching board (MCS) is the core of ZXR10 T160G/T64G, implementing the functions of control module and switching module. The control switching board provides the function of master/slave switchover; it can also perform 1+1 redundancy configuration. The front panel of ZXR10 T160G MCS is shown in Figure 6; the front panel of ZXR10 T64G MCS is shown in Figure 7.
Interface
Console Interface Console interface is used to connect background management terminal, on which it performs operation and maintenance to ZXR10 T160G/T64G via tools such as Super Terminal. Console interface is a RJ45 socket, connected to COM port of background management terminal via serial cable. One end of serial cable connecting ZXR10 T160G/T64G is RJ45 connector, the other end connecting background management terminal is DB9 female connector. 10/100Base-TX Ethernet interface 10/100Base-TX Ethernet interface (MGT) on the control switching board is the management interface connecting background, which can be used as the switch outband NM interface.
14
Chapter 3
Characteristics In compliance with IEEE 802.3/802.3u standard, RJ45 connector Using UTP5, the maximum transmission distance is 100m
LEDs
The functions of the twenty-eight LEDs in the front panel of control switching board are described in Table 6.
LEDs
Description Off, the interface board of corresponding line is faulty or off RUN position Blinking, the interface board of corresponding line is working normally Off, the interface board of corresponding line alarm cleared or ALM is off position On, corresponding line interface card alarms RUN Off, corresponding power module is faulty or off position On, the corresponding power module is working normally Off, corresponding power module alarm cleared or is off ALM position On, the corresponding power module alarms RUN Off, the control switching board is faulty Blinking, the control switching board is working normally Off, the control switching board alarm cleared On, the control switching board alarms On, the board is in standby status Off, the board is in active status
1~8
PWR1~3
MST ALM
RES
RUN
15
On, active/standby status anomaly Off, active/standby status is normal Blinking, data transmission and reception in the interface On, the interface link created Off, the interface is disconnected from others
Buttons
The functions of the two buttons in the front panel of control switching board are described in Table 7.
Buttons RST
Function Board reset button, for resetting the whole board Board switchover button, switch the control switching board as
EXCH
standby, If press the button in the standby board, the system will not perform any operation
16
Chapter 3
The characteristics of 44 +4 fast Ethernet electrical interface board are shown in Table 8.
Port Type
10/100Base-TX
Using UTP5, the maximum transmission distance is 100m MDI/MDIX In compliance with IEEE 802.3/802.3z standard, RJ45 connector
1000Base-T
The functions of forty-eight ports corresponding to the 48 LEDs in the front panel of 44+4 fast Ethernet interface board are described in Table 9:
Port Type
LINK/ACT
Off, the port is disconnected from others Blinking, data transmission and reception in the port
17
The optical module used by gigabit Ethernet optical interface is pluggable SFP optical module. Every port supports four kinds of common distances used by gigabit Ethernet, as shown in Table 10.
Port Type
SX(SFP-M500)
850nm, maximum transmission distance is 500m Transmission power range: -9.5dBm~-4dBm, receiving
sensitivity<-18dBm LC connector, single-mode optical fiber, with the wavelength of LX(SFP-S10K) 1310nm, maximum transmission distance is 10km Transmission power range: -9.5dBm~-3dBm, receiving
sensitivity<-20dBm LC connector, singlemode optical fiber, with the wavelength of LH(SFP-S40K) 1310nm, maximum transmission distance is 40km Transmission power range: -4dBm~0dBm, receiving
sensitivity<-22dBm LC connector, singlemode optical fiber, with the wavelength of LH(SFP-S80K) 1550nm, maximum transmission distance is 80km Transmission power range: 0dBm~5dBm, receiving
There are 32 LEDs in front panel of 12-port gigabit Ethernet optical interface board, with each has two LEDs. The functions are described in Table 11.
TABLE 11 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 12-PORT GIGABIT ETHERNET OPTICAL INTERFACE BOARD
Port Type
Characteristics
18
Chapter 3
LINK
On, the port link is created Off, the port is disconnected from others Off, no data transmission or reception in the port Blinking, data transmission and reception in the port
ACT
Optical module used by gigabit Ethernet optical interface is pluggable SFP optical module. Every port supports four kinds of common distances used by gigabit Ethernet, as shown in Table 12.
Port Type
SX(SFP-M500)
850nm, maximum transmission distance is 500m Transmission power range: -9.5dBm~-4dBm, receiving
sensitivity<-18dBm LC connector, single-mode optical fiber, with the wavelength of LX(SFP-S10K) 1310nm, maximum transmission distance is 10km Transmission power range: -9.5dBm~-3dBm, receiving
sensitivity<-20dBm LC connector, single-mode optical fiber, with the wavelength of LH(SFP-S40K) 1310nm, maximum transmission distance is 40km Transmission power range: -4dBm~0dBm, receiving
sensitivity<-22dBm
19
LC connector, single-mode optical fiber, with the wavelength of LH(SFP-S80K) 1550nm, maximum transmission distance is 80km Transmission power range: 0dBm~5dBm, receiving
There are 56 LEDs in the front panel of 24-port gigabit Ethernet optical interface board, with each has two LEDs. The functions are described in Table 13.
TABLE 13 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 24-PORT GIGABIT ETHERNET OPTICAL INTERFACE BOARD
Characteristics On, the port link is created Off, the port is disconnected from others Off, no data transmission or reception in the port Blinking, data transmission and reception in the port
ACT
The optical interface part of the four ports supporting optoelectronic self-adaptive adopts pluggable SFP optical module, supporting four kinds of common distances used by gigabit Ethernet. The characteristics are shown in Table 14.
20
Chapter 3
Characteristics RJ45 connector, using UTP5 LC connector, multiple-mode optical fiber, with the wavelength of
SX(SFP-M500)
850nm, maximum transmission distance is 500m Transmission power range: -9.5dBm~-4dBm, receiving
sensitivity<-18dBm LC connector, single-mode optical fiber, with the wavelength of LX(SFP-S10K) 1310nm, maximum transmission distance is 10km Transmission power range: -9.5dBm~-3dBm, receiving
sensitivity<-20dBm LC connector, single-mode optical fiber, with the wavelength of LH(SFP-S40K) 1310nm, maximum transmission distance is 40km Transmission power range: -4dBm~0dBm, receiving
sensitivity<-22dBm LC connector, single-mode optical fiber, with the wavelength of LH(SFP-S80K) 1550nm, maximum transmission distance is 80km Transmission power range: 0dBm~5dBm, receiving
sensitivity<-22dBm
There are 32 LEDs in the front panel of 12-port gigabit Ethernet electrical interface board, with each has two LEDs. The functions are described in Table 15.
TABLE 15 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 12-PORT GIGABIT ETHERNET ELECTRICAL INTERFACE BO ARD
Characteristics On, the port link is created Off, the port is disconnected from others Off, no data transmission or reception in the port Blinking, data transmission and reception in the port
ACT
21
Optical
interface
part
of
the
four
ports
supporting
optoelectronic
self-adaptive adopts pluggable SFP optical module, supporting four kinds of common distances used by gigabit Ethernet. The characteristics are shown in Table 16.
Characteristics RJ45 connector, using UTP5 LC connector, multiple-mode optical fiber, with the wavelength of
SX(SFP-M500)
850nm, maximum transmission distance is 500m Transmission power range: -9.5dBm~-4dBm, receiving
sensitivity<-18dBm LC connector, single-mode optical fiber, with the wavelength of LX(SFP-S10K) 1310nm, maximum transmission distance is 10km Transmission power range: -9.5dBm~-3dBm, receiving
sensitivity<-20dBm LC connector, single-mode optical fiber, with the wavelength of LH(SFP-S40K) 1310nm, maximum transmission distance is 40km Transmission power range: -4dBm~0dBm, receiving
22
Chapter 3
1550nm, maximum transmission distance is 80km Transmission power range: 0dBm~5dBm, receiving
sensitivity<-22dBm
There are 56 LEDs in the front panel of 24-port gigabit Ethernet electrical interface board, with each has two LEDs. The functions are described in Table 17.
TABLE 17 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN 24-PORT GIGABIT ETHERNET ELECTRICAL INTERFACE BO ARD
Characteristics On, the port link is created Off, the port is disconnected from others Off, no data transmission or reception in the port Blinking, data transmission and reception in the port
ACT
One-port 10-gigabit Ethernet optical interface board adopts hot-swappable XENPAK optical module, supporting multiple transmission distance requirements; the characteristics are shown in Table 18.
23
Characteristics SC connector, single-mode optical fiber, with the wavelength of 1310nm, maximum transmission distance is 10km SC connector, single-mode optical fiber, with the wavelength of 1550nm, maximum transmission distance is 40km
There are two LEDs in the front panel of one-port 10-gigabit Ethernet optical interface board, the functions of which are shown in Table 19.
TABLE 19 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN ONE-PORT 10-GIGABIT ETHERNET OPTICAL INTERFACE BOARD
Characteristics On, the port link is created Off, the port is disconnected from others Off, no data transmission or reception in the port Blinking, data transmission and reception in the port
ACT
Two-port 10-gigabit Ethernet optical interface board adopts hot-swappable XENPAK optical module, supporting multiple transmission distance requirements; the characteristics are shown in Table 20.
24
Chapter 3
Characteristics SC connector, single-mode optical fiber, with the wavelength of 1310nm, maximum transmission distance is 10km SC connector, single-mode optical fiber, with the wavelength of 1550nm, maximum transmission distance is 40km
There are 4 LEDs in the front panel of 2-port 10-gigabit Ethernet optical interface board, with each has two LEDs. The functions are described in Table 21.
TABLE 21 FUNCTIONAL DESCRIPTION OF FRONT PANEL LEDS IN TWO-PORT 10-GIGABIT ETHERNET OPTICAL INTERFACE BOARD
Characteristics On, the interface link created Off, the interface is disconnected from others Off, no data transmission or reception in the interface Blinking, data transmission and reception in the interface
ACT
25
The rear panel view of DC power supply board is shown in Figure 16.
DC power supply adopts 1+1 backup mode. Each system is configured with two DC modules, the technical parameters of which are as follows: Rated voltage: -48V Allowed voltage range: -57V~-40V Input electrical current: 25A Maximum power consumption: 1200 W The rear panel view of AC power supply board is shown in Figure 17.
26
Chapter 3
AC power supply adopts 2+1 backup mode. Each system is configured with 1~3 AC modules, the technical parameters of which are as follows: Input voltage: Single phase 220VAC10% Input electrical current: 4A Frequency: 505% Maximum power consumption: 900 W Line voltage waveform distortion rate<5%
27
There are 6 LEDs in the front panel of fan plug-in box, each indicating the fan operating status. On for normal working status while Off for faulty.
28
Chapter
Configuration Mode
ZXR10 T160G/T64G provides multiple configuration modes, as shown in Figure 19, the user can select appropriate configuration mode according to the connected network. Serial interface connection configuration Telnet connection configuration SSH (Secure Shell) connection configuration FTP/TFTP connection configuration SNMP connection configuration
29
30
Chapter 4
3. Click Ok, the window as shown in Figure 21 appears. Select using COM port such as COM1 when connecting.
4. Click Ok, the COM port attribute setup window appears, as shown in Figure 22.
31
The settings of the COM port of the HyperTerminal are: 115200 for data rate, 8 for data bit, None for parity check, 1 for stop bit, and None for flow control. 5. Click Ok to complete setting, the ZXR10 T160G/T64G configuration window appears, and start command operation.
32
Chapter 4
Command format
Command mode
Command function:
Global
Configure
username
and
33
7. Input valid username and password as prompted to access the switch configuration mode.
Note: ZXR10 T160G/T64G allows up to four Telnet users logging in simultaneously. If ** appears after inputting username and password, it indicates that the number of users reach the limit, please retry later or relogin after logging out other users. When performing Telnet configuration via management port connecting to the switch, the IP address of management port cannot be modified or deleted, otherwise, Telnet will be disconnected.
ii. Configure username and password of Telnet login via Console port. iii. Connect the host network interface to the Ethernet port of switch. iv. Set the IP address of host, enabling the host to ping the IP address of VLAN interface in the switch successfully.
34
Chapter 4
v. Run Telnet command in the host, input the IP address of VLAN interface, login to the switch. For the detailed procedures, please refer to Connection through Management Port Connect to switch via other devices (such as switch and router) by Telnet i. Configure IP address of VLAN and VLAN interface via Console port.
ii. Configure username and password of Telnet login via Console port. iii. Take a router connected to a switch as an example, from which, the IP address of VLAN interface can be pinged successfully. iv. Run Telnet command in the router, input the IP address of VLAN interface, login to the switch. For the detailed procedures, please refer to Connection through Management Port
Note: When performing Telnet configuration via VLAN interface connecting to the switch, the IP address of VLAN and VLAN interface cannot be modified or deleted, otherwise, Telnet will be disconnected.
35
Use the following commands to enable SSH server function in the ZXR10 T160G/T64G. The SSH server function is disabled by default.
Command format
Command mode
Command function:
Global
Connect the host network interface to the Ethernet port of the switch, enable the host to ping the IP address of VLAN interface in the switch by configuring. Run SSH client terminal software (Frequently used software is putty) in the host. Set the IP address and port No of SSH server, as shown in Figure 25.
36
Chapter 4
Click Open to login to the switch, input valid username and password as prompted.
37
2. Click Security, select User/Rights, perform the following operations in the popup dialog box: Click New User to create a new user, such as target, with password enabled Select user name target in the drop-down list of User Name Input the directory saving version files or configuration files in the Home Directory box, such as D: \IMG After configuration, the dialog box is shown in Figure 28.
38
Chapter 4
3. Click Done to complete setting. After enabling FTP server, execute copy command in the switch to backup/restore file and import/export configuration.
2. Click TFTPD>Configure, a dialog box appears, click Browse, select the file saving version files or configuration files, such as D:\IMG. After configuration, the dialog box is shown in Figure 30.
39
3. Click Ok to complete setting. After enabling TFTP server, execute copy command in the switch to backup/restore file and import/export configuration.
40
Chapter 4
Command Mode
ZXR10 T160G/T64G assigns commands to different modes according to function and authority to facilitate switch configuration and management. One command can only be executed under specific mode. Input question mark (?) under any command mode to query the applicable commands under the mode. Major command modes of ZXR10 T160G/T64G are listed in Table 22.
Prompt ZXR10>
information Configuring
Privileged Mode Global configuration mode Port configuration mode VLAN database configuration mode VLAN configuration mode VLAN interface configuration mode MSTP configuration
ZXR10#
system parameters
ZXR10(config)#
terminal
ZXR10(config-if)#
ZXR10(vlan-db)#
vlan
database
Creating batch
or
(Privileged mode)
deleting VLAN in
vlan ZXR10(config-vlan)# {<vlan-id>|<vlan-name> } (Global configuration mode) interface ZXR10(config-if)# <vlan-id>|<vlan-if>} (Global mode) ZXR10 (config-mstp)# spanning-tree configuration mst (Global configuration {vlan
IP
address of VLAN
41
Prompt
Functions parameters
ZXR10 (config-basic-acl)#
<acl-number>| <acl-name>}
configuration mode) acl extend
Defining
basic
ACL regulations
<acl-number>| <acl-name>}
configuration mode) acl link
<acl-number>| <acl-name>}
configuration mode) acl hybrid
Mixed ACL configuration mode VRF configuration mode Router RIP configuration mode Router RIP address configuration mode Router OSPF configuration mode Router IS-IS configuration mode Router BGP configuration mode ZXR10(config-router)# ZXR10(config-router)# ZXR10(config-router)# ZXR10(config-router-af)# ZXR10(config-router)# ZXR10(config-vrf)# ZXR10(config-hybd-acl)#
<acl-number>| <acl-name>}
configuration mode)
Configuring VRF protocol parameters Configuring RIP protocol parameters Configuring RIP VRF protocol parameters Configuring OSPF protocol parameters
router
rip
(Global
configuration mode)
address-family ipv4 vrf <vrf-name>(Router configuration mode) router ospf <process-id> [vrf <vrf-name>] (Global configuration mode) router isis [vrf (Global RIP
<vrf-name>]
42
Chapter 4
Mode
Prompt
Functions
(Router BGP configuration mode) address-family ipv4 vrf <vrf-name>(Router configuration mode) BGP
Router PIM-SM configuration mode route-map Route-map configuration mode ZXR10(config-route-map) # <map-tag> ZXR10(config-router)# router pimsm (Global configuration mode)
Configuring route-map matched items and operations Test the usage of CPU and Memory
ZXR10(diag)#
diagnose mode)
(Privileged
The ways to quit various command modes: In privileged mode, use disable command to return to user mode. In user mode and privileged mode, use exit command to quit the switch; in other mode, use exit command to return to the previous mode. In the modes other than user mode and privileged mode, use end command or press Ctrl+z to return to the privileged mode.
43
ZXR10>? Exec commands: enable exit login logout ping quit show telnet trace who ZXR10> Turn on privileged commands Exit from the EXEC Login as a particular user Exit from the EXEC Send echo messages Quit from the EXEC Show running system information Open a telnet connection Trace route to destination List users who is logining on
2. Input a question mark (?) following character or character string, the list of commands or key words with the character or character string as the prefix will be displayed. Note that there is no space between character (Character string) and the question mark (?). For example:
ZXR10#co? configure copy ZXR10#co
3. Press Tab after the character, if the command or key word with the character string as the prefix is unique, make it aligned and add a space after it. Note that there is no space between character string and Tab. For example:
ZXR10#con<Tab> ZXR10#configure and cursor) (There is a space between configure
4. Input a question mark (?) after commands, key words and parameters, you can list the key words or parameters to be input next and provide brief description. Note that space should be input before the question mark (?). For example:
ZXR10#configure ? terminal Enter configuration mode
ZXR10#configure
5. If inputting incorrect command, key words or parameters, the subscriber interface will provide error isolation with ^ after carriage return. ^ will appear below the first character of the input incorrect command, key work or parameter. For example:
ZXR10#von ter
44
Chapter 4
In the instances below, make use of the online help to set system clock.
ZXR10#cl? clear clock
At the end of the above example, it is concluded that the system prompts that command is incomplete. This command indicates inputting of other key words or parameters are required.
Command Abbreviation
ZXR10 T160G/T64G allows abbreviating commands and key word to character or character string identifying the command or key word uniquely, for example, abbreviate show command to sh or sho
Command History
The user interface provides a record of commands up to 10 you have entered. This feature is particularly useful to recall long or complex commands. Reinvoke commands from the record buffer, execute one of the following operations.
Command Press Ctrl+P or <> Press Ctrl+N or <> Function Recalls commands in the history buffer in a forward sequence Recalls commands in the history buffer in a backward
45
sequence
In the privileged mode, use show history command to list the most recent commands.
46
Chapter
System Management
This chapter introduces ZXR10 T160G/T64G system management. It illustrates file system and operation of switches, presents the procedure for updating software version. This chapter covers the following topics: File system management Data backup and restoration Importing/exporting configuration Software version upgrade Setting system parameters Viewing system information
47
Note: The default name of ZXR10 T160G/T64G software version file is zxr10.zar. If it uses other names, Boot Path must be modified in Boot status. Otherwise, the version cannot be loaded when starting the system. It is recommended using default file name.
2. CFG: The directory is for saving configuration files, whose name is startrun.dat. The information is saved in the Memory when using command to modify the switch configuration. To prevent the configuration information loss at the time of restarting the switch, use write command to write the information in the Memory into FLASH, and save the information in the startrun.dat file. When needing to clear the old configuration in the switch to reconfigure data, use delete command to delete startrun.dat file, then restart the switch. 3. DATA: The directory is for saving log.dat file which records alarm information.
Note: If IMG, CFG or DATA is unavailable in FLASH, create them manually using mkdir command.
Command function:
copy
<source-device>
<source-file>
<destination-device> <destination-file>
Privileged
Copying files.
Command format
Command
Command function:
Mode
48
Chapter 5
System Management
pwd
Privileged
3. View the file and subdirectory information in the specified devices or directories.
Command format
Command
Command function:
Mode View the file and subdirectory dir [<directory>] Privileged information in the specified devices or directories.
Command function:
delete <filename>
Privileged
5. Access the specified file device or the file directory of the current device
Command format
Command
Command function:
Mode Access the specified file device or cd <directory> Privileged the file directory of the current device
Command function:
Command function:
Mode mkdir <directory> Privileged Create new subdirectory in the current directory
Command format
Command Mode
Command function:
49
rmdir <directory>
Privileged
Delete
the
specified
file
directories
Command function:
rename <new-filename>
<old-filename> Privileged
The application of file operation command will be illustrated by instances as follows: 1. View the current file information in FLASH
ZXR10#dir Directory of flash:/ attribute 1 2 3 drwx drwx drwx size 512 512 512 date MAY-17-2004 MAY-17-2004 MAY-17-2004 time name
65007616 bytes total (48863232 bytes free) ZXR10#cd img ZXR10#dir (Access version directory IMG) (Show the current directory information)
Directory of flash:/img attribute 1 2 3 ZXR10.ZAR 65007616 bytes total (48863232 bytes free) ZXR10# drwx drwx -rwx size 512 512 15922273 date MAY-17-2004 MAY-17-2004 MAY-17-2004 time name
finding that subdirectory ABC has been added successfully) Directory of flash:/ attribute 1 2 3 4 drwx drwx drwx drwx size 512 512 512 512 date MAY-17-2004 MAY-17-2004 MAY-17-2004 MAY-17-2004 time name
50
Chapter 5
System Management
65007616 bytes total (48861184 bytes free) ZXR10#rmdir ABC (Delete subdirectory ABC) ZXR10#dir (View the current directory information,
finding that subdirectory ABC has been deleted successfully) Directory of flash:/ attribute 1 2 3 drwx drwx drwx size 512 512 512 date MAY-17-2004 MAY-17-2004 MAY-17-2004 time name
2. Configuration files restoration Execute the following command to restore backup configuration files from background TFTP server:
ZXR10#copy tftp: //168.1.1.1/startrun.dat flash: /cfg/startrun.dat
3. Version file backup Back the running version files up to background server before upgrading software version. If failed to load new version, you can restore the old
51
version from the background server. Software version file backup is similar to configuration file backup. Execute the following command to back up the software version file in FLASH to directory IMG in root directory of background TFTP server:
ZXR10#copy flash: /img/zxr10.zar tftp: //168.1.1.1/img/zxr10.zar
4. Version Restoration The purpose of version restoration is to retransmit the backup software version file in background server via FTP/TFTP to FLASH in foreground switch. It is important to perform restoration operation when version upgrade failed. The procedures of version restoration and version upgrade are almost the same, please refer to section Software Version Upgrade.
Importing/Exporting Configuration
ZXR10 T160G/T64G supports the function of importing/exporting configuration files. Copy configuration file startrun.dat to background host via FTP/TFTP, in the background host, edit the file startrun.dat using text editing tool, and then copy the modified configuration file via FTP/TFTP to the directory CFG in FLASH device of foreground switch. The file will take effect after restart.
Note: When editing startrun.dat using text editing tool, note that the format should comply with the requirements of command.
52
Chapter 5
System Management
Input c in Boot status, enter parameter modification status after carriage return. Change the boot mode to boot from background FTP; change the FTP server address to the corresponding background host address; change the client terminal address and gateway address to switch administrative Ethernet interface address, set corresponding subnet mask and FTP username and password. The [ZXR10 Boot] prompt appears after completing parameter modification.
[ZXR10 Boot]:c '.' = clear field; '-' = go to previous field; ^D = quit
background FTP; 1 means booting from FLASH) Client IP [0:bootp]: 168.4.168.168 administrative Ethernet port address Netmask: 255.255.0.0 Corresponds to
53
Server IP [0:bootp]: 168.4.168.89 background FTP server address) Gateway IP: 168.4.168.168
(Corresponds to
(Corresponds to
administrative Ethernet port address) FTP User: target target) FTP Password: password) FTP Password Confirm: Boot Path: zxr10.zar Enable Password: Enable Password Confirm: [ZXR10 Boot]: (Use default) (Use default) (Use default) (Corresponds to target user (Corresponds to FTP username
5. Input @, the system boots the version from background FTP server automatically after carriage return.
[ZXR10 Boot]:@ Loading... get file zxr10.zar[15922273] successfully!
****************************************************** ZXR10>
6. If booted normally, use command show version to check whether the new version is running in the Memory, if it is the old version that is running, it indicates that booting from background server failed, you have to repeat the operations from step 1. 7. Delete the old version file zxr10.zar in the directory IMG in FLASH using command delete, Old version file can be renamed for backup due to of space in FLASH is sufficient. 8. Copy the new version file in background FTP server to IMG directory in FLASH. The version file name is zxr10.zar.
ZXR10#copy ftp: mng //168.4.168.89/zxr10.zar@target:target flash: /img/zxr10.zar Starting copying file .......................................................
54
Chapter 5
System Management
Note: If copying version files from the management Ethernet of MP board, in the command copy, ftp: must be followed with mng.
9. Check whether new version file is available in FLASH. If the new version file is unavailable, it indicates the copy failure, please execute step 8 to recopy the version. 10. Restart ZXR10 T160G/T64G, follow the methods in step 4, and make boot from FLASH enabled, at this time, Boot path will change into /flash/img/zxr10.zar automatically.
Note: The boot mode can be changed to boot from FLASH by using command nvram imgfile-location local in global configuration mode.
11. Input @ in [ZXR10 Boot]:, the system will boot new version from FLASH after carriage return. 12. After booting normally, check the running version to confirm that the upgrade is successful.
55
of the switch (10/100M Ethernet interface) to network interface of background host by straight-through Ethernet line. Make sure that both are properly connected. 2. The IP address of background host for upgrade and that of the switch management Ethernet port should be set to the same network segment to ensure that the background host could ping the management Ethernet address successfully. 3. Start the background FTP server according to the methods in FTP/TFTP Connection Configuration 4. View the information of the running version. 5. Delete the old version file in the directory IMG in FLASH using command delete You can remain the old version file having it renamed, if the space in FLASH is not sufficient. 6. Copy the new version file in background FTP server to IMG directory in FLASH. The version file name is zxr10.zar. 7. Check whether new version file is available in directory IMG in FLASH. If the new version file is unavailable, it indicates the copy failure, please execute step 5 to recopy the version. 8. After booting the switch normally, check the running version to confirm that the upgrade is successful.
Command function:
hostname <network-name>
Global
Relogin to the switch after modifying the host name, new host name will be used in the prompt. 2. Set the greeting words for system startup
56
Chapter 5
System Management
Greeting words can be set using command banner. It starts and ends with custom-defined character, for example:
ZXR10(config)#banner incoming # Enter TEXT message. End with the character '#'.
3. Set the password of privileged mode In privileged mode, you can set operational parameters, and access configuration mode. The password of accessing privileged mode must be set to prevent unauthorized user from modifying the configuration.
Command format
Command Mode
Command function:
enable
secret
{0
<password>|5
<password>|<password>}
Global
Command function:
username <password>
<username>
password
Global
Command function:
clock
set
<current-time>
<month>
<day> <year>
Privileged
57
Command format
Command Mode
Command function:
show version
User/ Privileged
Execute command show version to display the information similar to the follows.
ZXR10#show version ZXR10 Router Operating System Software, ZTE Corporation ZXR10 ROS Version V4.6 ZXR10 T160G Software, Version V2.6.01, RELEASE SOFTWARE Copyright (c) 2000-2003 by ZTE Corporation Compiled Dec 2 2004, 14:52:13
System image files from net <ftp://168.1.70.155/zxr10.zar> System uptime is 0 days, 0 hours, 19 minutes ZXR10#
Command function:
show running-config
Privileged
58
Chapter
Port Configuration
This chapter introduces the configuration of ZXR10 T160G/T64G port parameters and port mirroring function. It covers: Basic port configuration Introduces basic port parameter configuration, port traffic statistics, and port line diagnosis analysis test Port mirroring Introduces the concept, basic configuration and configuration instances of port mirroring
59
normally, we can see that the port of the interface board has been added to the system port list automatically.
Global
Port Port
60
Chapter 6
Port Configuration
Note: Command shutdown makes the physical link status of the port change into down and the link LED of the port go dark. All ports are open by default.
Port Port
Note: 10-gigabit Ethernet optical interface does not support auto-negotiation. It is fixed to work in 10-gigabit full-duplex mode.
Port
Port
Note: Only the Ethernet electrical interface can be configured with duplex mode and rate, remember to disable port self-negotiation function.
6. Set Ethernet port flow control The Ethernet port uses flow control to restrain the packets sent to the port in a period of time. When the receiving buffer is full, the port sends a pause packet notifying the remote port to suspend packet transmission for a period of time. The Ethernet port can also receive pause packet from other devices, and execute operations according to the regulation of the packet.
Command format flowcontrol {enable|disable}
Command Mode
Port
Command format
Command function:
61
jumbo-frame {enable|disable}
Port
Note: By default, the maximum allowed length of the frame passing Ethernet port is 1560 bytes, and jumbo frame is prohibited from passing. When jumbo frame is allowed, the maximum allowed length is 9216 bytes.
8. Port byname The purpose of setting port byname is to distinguish the ports for easier memorization. You can replace the port name with byname when performing operation over the port.
Command format Command Mode Command function:
byname <by-name>
Port
9. Set Ethernet port broadcast storm suppression You can limit the volume of broadcast flow that is allowed to pass through the Ethernet port. The system will discard the broadcast flow exceeding the set value to lower the rate of broadcast flow to a reasonable range, so as to suppress broadcast storm and avoid network congestion, ensuring normal operation of network service. Broadcast storm suppression ratio takes the line speed percentage of maximum flow as the parameter; the lower the percentage is, the smaller the allowed broadcast flow is. 100% means that the broadcast storm passing through the port will not be suppressed
Command Mode
Command format
Command function:
broadcast-limit <percent-value>
Port
storm
information
of
Description is none
62
Chapter 6
Port Configuration
BW 1000000 Kbits
Last clearing of "show interface" counters never 120 seconds input rate 0 Bps, 0 Bps, 0 Bps, output 0%, output 0 pps 0 pps 0 Bps 0%
/* Statistic of input/output transmit message, including statistic of error message */ Input: Packets 41572 Unicasts : 0 Broadcasts: 10 Undersize: 0 CRC-ERROR : 0 Dropped Jabber : 0 : 0 Fragments : 0 Oversize : 0 Multicasts: 328 : 338 Bytes:
MacRxErr : 0 Output: Packets 125470 Unicasts : 0 Broadcasts: 0 Collision: 0 LateCollision: 0 Multicasts: 1017 : 1017 Bytes:
Privileged
63
Command format
Command Mode
Command function:
All
modes
Run
specified
line
diagnosis
64
Chapter 6
Port Configuration
analysis test
ZXR10(config)#
Note:The related ports will be restarted when using line diagnosis analysis test, the link will disconnect and then become normal. It is usually for testing faulty ports, please be cautious if the port is connected with users.
Command format
Command
Command function:
65
Mode
Global
Create a session
Port
Port
FIGURE 31
Switch gei_1/1
Switch configuration:
ZXR10(config)#interface gei_1/1 ZXR10(config-if)#monitor session 1 source direction rx ZXR10(config)#interface gei_1/2 ZXR10(config-if)#monitor session 1 source ZXR10(config)#interface gei_3/3 ZXR10(config-if)#monitor session 1 destination
66
Chapter 6
Port Configuration
67
68
Chapter
VLAN Configuration
This chapter introduces basic operation of VLAN configuration in ZXR10 T160G/T64G, and VLAN extended configuration including PVLAN, QinQ and SuperVLAN. It covers: VLAN overview VLAN Configuration Example of VLAN configuration PVLAN Configuration QinQ configuration SuperVLAN configuration VLAN maintenance and diagnosis
VLAN Overview
Virtual Local Area Network (VLAN) is a technology dividing physical network into multiple logical (virtual) LAN. Every VLAN has a VLAN identifier (VID). Taking advantage of VLAN technology, network administrators can divide the users in the same physical LAN into different broadcast domain (one broadcast domain is one VLAN), ensuring that the users with the same demands belong to same broad domain and users with different demands belong to different broadcast domain. Every VLAN is like an independent LAN logically, having the same attribute with physical LAN. All broadcast and unicast traffic in the same VLAN are restricted to the VLAN instead of being forwarded to other VLAN. The communication between devices belonging to different VLAN must be forwarded by the layer3 routers The features of VLAN are as follows: Reduce broadcast traffic in the network Enhance network security Simplify network management and control
69
VLAN Types
The type of VLAN is determined by the method dividing a received frame to a specific VLAN. ZXR10 T160G/T64G presently supports port-based VLAN, which is the most simple and effective method. It assigns ports of switching equipment to different VLAN; consequently, the traffic received from the port belongs to the VLAN connected to the port. For example, if port 1, port 2 and port 3 belong to the same VLAN, and other ports belong to other VLANs, the frame received by port 1 can be transmitted over port 2 and port 3 exclusively. If a user in VLAN move to a new place, it does not belong to the old VLAN unless VLAN is reconfigured.
VLAN Tab
Multiple VLAN services can be transmitted in one link if the VLAN that the frame resides in can be presented in a certain method when frame is transmitting in the network. IEEE 802.1Q implements the function by inserting a VLAN tag into Ethernet frame structure. The VLAN tag is 4-byte long, in Ethernet frame, its location is behind source MAC address, and before length/type segment. The format of VLAN tag is shown in Figure 32.
TPID (2 Bytes)
TCI (2 Bytes)
Priority 7
CFI
VID 0 7 0
5 4
VLAN tag is most frequently applied in the case of cross-switch creating VLAN, here the connection between switches is called Trunk. Cross-multiple-switch VLAN can be created via one or more trunks after applying tag. When the port connected to the switch receives a tagged frame, it can judge which VLAN the frame belongs to according to VLAN tag. Every 802.1Q port is allocated with a default VLAN ID, which is called PVID. When the port receives untagged frame, the frame is considered to belong to port default VLAN, and forwarded in the VLAN. ZXR10 T160G/T64G supports IEEE 802.1Q standard tag.
70
Chapter 7
VLAN Configuration
Access link is used to connect the devices (e.g. workstation) that cannot identify VLAN tag to VLAN switch port. It only transmits untagged VLAN frame and is associated with only one VLAN. Trunk Link Trunk link is for connecting two devices that can identify VLAN tag and transmits multiple VLAN services. It only transmits tagged VLAN frame and can bear multiple VLANs. The most popular trunk link is one connecting two VLAN switches. Hybrid Link Hybrid link can transmit tagged and untagged frames. However, for a specific VLAN, all frames transmitted by the hybrid link must be the same type.
Default VLAN
ZXR10 T160G/T64G initially has a default VLAN with the following features: The VLAN ID of default VLAN is 1. The name of default VLAN is VLAN0001. The default VLAN contains all ports. All ports of default VLAN is untagged by default.
VLAN Configuration
The basic configuration of VLAN covers: Create Single VLAN
Command format Command Mode Command function:
vlan {<vlan-id>|<vlan-name>}
Global
VLAN database
Set VLAN byname VLAN byname is for distinguishing VLANs, which could be group name, department or region. By default, VLAN byname is VLAN + VLAN ID, in which VLAN ID is 4 digits, if it is less than 4 digits, zeros will be added to make it a digit length of 4, for example, the VLAN byname is VLAN0004 by default if the ID is 4.
Command format Command Mode Command function:
71
name <vlan-name>
VLAN
Set VLAN link types of Ethernet port VLAN link types of ZXR10 T160G/T64G Ethernet port include: Access mode, Trunk mode and Hybrid mode, the default is Access mode. The port of access mode, which is untagged, can only belong to one VLAN, it usually serves as the port connecting computer. Trunk mode port, which must be tagged, can belong to multiple VLANs; it can receive and transmit message of multiple VLANs; usually it serves as trunk port of connection between switches. Hybrid mode port can belong to multiple VLANs, whether it should be tagged is determined by the user; it can receive and transmit message of multiple VLANs; it can be applied in connection between switches and can also be applied in connecting user computer. The difference between hybrid port and trunk port lies in: Hybrid port can transmit tagged or untagged frame, while trunk port untagged when transmitting default VLAN message.
Command format Command Mode Command function:
Port
Add Ethernet port to specified VLAN Access port can only be added to one VLAN, while trunk port and hybrid port can be added to multiple VLANs.
Command format Command Mode Command function:
switchport access vlan {<vlan-id>|<vlan-name>} switchport trunk vlan <vlan-list> switchport hybrid vlan <vlan-list> [tag|untag]
Add Access port to specified VLAN Add Trunk port to specified VLAN Add hybrid port to specified VLAN
Set native VLAN(PVID) of Ethernet port Access port belongs to only one VLAN, so its native VLAN is the VLAN it resides in, it is not necessary to set. Trunk port and hybrid port belong to multiple VLANs, so it is necessary to set native VLAN. If the port native VLAN is set, when the port cannot receive frame without VLAN tag, forward the frame to the port belonging to the native VLAN. By default, the native VLAN of trunk port and hybrid port is VLAN 1.
Command format Command Mode Command function:
switchport trunk native vlan {<vlan-id>|<vlan-name>} switchport hybrid native vlan {<vlan-id>|<vlan-name>}
Port Port
Set native VLAN of trunk port Set native VLAN of hybrid port
72
Chapter 7
VLAN Configuration
VLAN
Switchport PVID is valid for all types of ports including Access, Trunk and Hybrid. All the PVIDs of selected ports become VLAN ID of specified VLAN after running the configuration. Switchport tag is valid for Trunk and Hybrid ports. Switchport untag is valid for Hybrid port. Set port VLAN filtration After enabling entrance filtration, if the entrance port is not included in the VLAN member set that the port-received frame belongs to, the frame will be discarded. By default, VLAN entrance filtration is enabled.
Command format Command Mode Command function
Port
Port frame type filtration Configuration port can accept all frames (including untagged and tagged frames) or only accept tagged frame. By default, it receives all frames.
Command format Command Mode Command function
Port
Create VLAN Layer3 interface This VLAN must be created before creating VLAN layer3 interface.
Command format Command Mode Command function
Global
Open/Close VLAN Layer3 Interface Open/Close VLAN Layer3 interface is to open/close VLAN Layer3 forwarding function, imposing no impact on the member ports of this VLAN. By default, when all Ethernet ports are in down status, the VLAN interface status is down; when one or more Ethernet ports are in up status, the VLAN interface status is up. The VLAN interface in up status can be shut forcibly.
Command format Command Mode Command function
shutdown no shutdown
73
Switch A configuration:
ZXR10_A(config)#vlan 10 ZXR10_A(config-vlan)#switchport pvid gei_3/1-2 ZXR10_A(config)#vlan 20 ZXR10_A(config-vlan)#switchport pvid gei_3/4-5 ZXR10_A(config)#interface gei_3/24 ZXR10_A(config-if)#switchport mode trunk ZXR10_A(config-if)#switchport trunk vlan 10 ZXR10_A(config-if)#switchport trunk vlan 20
Switch B configuration:
ZXR10_B(config)#vlan 10 ZXR10_B(config-vlan)#switchport pvid gei_7/1-2 ZXR10_B(config)#vlan 20 ZXR10_B(config-vlan)#switchport pvid gei_7/4-5 ZXR10_B(config)#interface gei_7/24 ZXR10_B(config-if)#switchport mode trunk ZXR10_B(config-if)#switchport trunk vlan 10 ZXR10_B(config-if)#switchport trunk vlan 20
74
Chapter 7
VLAN Configuration
PVLAN Configuration
To isolate messages of users for better network security, the traditional solution is to assign a VLAN to each user. The limitations of this method are as follows: Presently, the maximum number of VLAN supported by IEEE 802.1Q standard is 4094, so the number of users is limited; consequently, it goes against network expansion. Each VLAN is corresponding to one IP subnet, so a large quantity of subnets divided is a waste of IP addresses. Planning and management of a large quantity of VLAN and IP subnets complicates network management. The new technology PVLAN (Private VLAN) solves all the problems. PVLAN classifies ports in VLAN into two categories: Isolate port connecting with users, and Promiscuous port uplinking router. Isolate port can communicate with promiscuous port only, the communication between them are disabled. So, ports in the same VLAN are isolated, users can only communicate with default gateway, as a result, the network security is ensured. ZXR10 T160G/T64G supports 20 PVLAN groups, each group can select any port to isolate from each other. At most 8 ports can be selected to be uplink port. Use the following commands to configure PVLAN:
Command format Command Mode Command function
Global
port
and
Two Isolate groups are configured in the following configuration example: Isolate group 1: gei_3/1, gei_3/2, fei_7/4 and fei_7/5 are isolate ports; gei_5/10 is promiscuous port. Isolate group 2: gei_3/7, gei_3/8, fei_7/10 and fei_7/11 are isolate ports; gei_5/12 is promiscuous port. The detailed configuration is as follows:
ZXR10(config)#vlan private-map session-id 1 isolate gei_3/1-2,fei_7/4-5 promis gei_5/10
75
ZXR10(config)#vlan private-map session-id 2 isolate gei_3/7-8,fei_7/10-11 promis gei_5/12 ZXR10(config)#show vlan private-map Session_id ---------1 2 ZXR10# Isolate_Ports -----------------------gei_3/7-8, -----------------------gei_5/10 gei_5/12 gei_3/1-2,fei_7/4-5, Promis_Ports
QinQ Configuration
QinQ is a vivid name for the tunnel protocol based on IEEE 802.1Q encapsulation, which is also called VLAN stack. QinQ technology is to add a VLAN tag (outer tag) other than old VLAN tag (inner tag), the outer tag can shield the inner tag. QinQ requires no support from protocol, by which L2VPN can be realized; it is particularly suitable for the small LAN with layer3 switch as the backbone. The typical networking or QinQ technology is shown in Figure 34. The port connecting user network is called customer port; the port connecting SP network is called uplink port; the edge access device of SP network is called Provider Edge (PE).
SPVLAN 10 uplink port Switch A PE SP Network SPVLAN 10 uplink port SPVLAN 10 customer port PE Switch B
User Network 2 CVLAN 1~100
The user network is usually accessed to PE via Trunk VLAN mode; Uplink ports in Service Provider (SP) network are symmetrically connected via Trunk VLAN mode. When message reaches customer port of switch A from user network 1, no matter the message is tagged or untagged, switch A inserts outer tag (VLAN ID is 10) forcibly. In the SP network, the message transmits along VLAN 10 ports until it reaches switch B. Switch B finds that the port connecting user network 2 is customer port, so it peels off the outer tag according to
76
Chapter 7
VLAN Configuration
traditional 802.1Q, resumes the original message and transmits it to user network 2. As a result, user network 1 and 2 can perform transparent transmission via SP network; user network can define its own private network VLAN ID, which will not cause conflict with SP network VLAN ID. Use the following command to configure QinQ:
Command format Command Mode Command function
Global
function
of
Port
Note: When configuring QinQ, customer port of SPVLAN should be set to be untagged and uplink port should be set to be tagged.
show qinq
configuration
As shown in Figure 34, assuming customer port of switch A is gei_3/1, uplink port is gei_3/24; if customer port of switch B is gei_7/1, uplink port is gei_7/24. Switch A configuration:
ZXR10_A(config)#vlan 10 ZXR10_A(config)#interface gei_3/1 ZXR10_A(config-if)#switchport qinq customer ZXR10_A(config-if)#switchport access vlan 10 ZXR10_A(config)#interface gei_3/24 ZXR10_A(config-if)#switchport qinq uplink ZXR10_A(config-if)#switchport mode trunk ZXR10_A(config-if)#switchport trunk vlan 10
Switch B configuration:
ZXR10_B(config)#vlan 10 ZXR10_B(config)#interface gei_7/1 ZXR10_B(config-if)#switchport qinq customer
77
ZXR10_B(config-if)#switchport access vlan 10 ZXR10_B(config)#interface gei_7/24 ZXR10_B(config-if)#switchport qinq uplink ZXR10_B(config-if)#switchport mode trunk ZXR10_B(config-if)#switchport trunk vlan 10
SuperVLAN Configuration
Traditional ISP network assigns one IP subnet to each user. Three IP addresses are occupied when one subnet is assigned, which respectively serve as subnet number, broadcast address and default gateway. A large quantity of unassigned IP addresses in the user subnets cannot be assigned to other users. Obviously this method is a waste of IP address. SuperVLAN solves the problem effectively. It converges multiple VLANs (called subvlan) into a SuperVLAN; all the subvlans use the same IP subnet and default gateway. Taking advantage of SuperVLAN technology, what is needed for ISP is to assign one IP subnet for SuperVLAN and create one subvlan for each user; all subvlans can assign IP addresses in SuperVLAN subnet flexibly and use SuperVLAN default gateway. Every subvlan is an independent broadcast domain, ensuring isolation between different users; communication between subvlans is routed via SuperVLAN. SuperVLAN configuration of ZXR10 T160G/T64G covers: Create SuperVLAN
Command format Command Mode Command function
Global
Add sub-VLAN One SuperVLAN can be bound with up to 8 VLANs. The sub-VLAN cannot be bound if it is configured to be Layer 3 interface.
Command format Command Mode Command function
supervlan <supervlan-id>
VLAN
with
specified
Open/close inter-subvlan routing function Inter-sub-VLANs routing function is enabled by default. After using the command, the inter-subVLANs communication is disabled, but sub-VLAN remains communication with outside of SuperVLAN.
Command format Command Mode Command function
inter-subvlan-routing
SuperVLAN
Open/close
inter-sub-VLANs
78
Chapter 7
VLAN Configuration
{enable|disable}
routing function
As shown in Figure 35, configure SuperVLAN in switch A, assigning subnet 10.1.1.0/24, gateway is 10.1.1.1. Configure two sub-VLANs in switch B, including VLAN 2 and VLAN 3, belonging to SuperVLAN. Switch A is connected to switch B via Trunk port.
FIGURE 35
Switch A
Switch B gei_3/1
Switch A configuration:
*Create superVLAN , assign subnet and specify gateway */ ZXR10_A(config)#interface supervlan 10 ZXR10_A(config-int)#ip address 10.1.1.1 255.255.255.0 /*Add SubVLAN to SuperVLAN*/ ZXR10_A(config)#vlan 2 ZXR10_A(config-vlan)#supervlan 10 ZXR10_A(config)#vlan 3 ZXR10_A(config-vlan)#supervlan 10 /*Set vlan trunk port*/ ZXR10_A(config)#interface gei_7/10 ZXR10_A(config-int)#switch mode trunk ZXR10_A(config-int)#switch trunk vlan 2-3
Switch B configuration:
ZXR10_B(config)#interface gei_3/1
79
ZXR10_B(config-int)#switch access vlan 2 ZXR10_B(config)#interface gei_3/10 ZXR10_B(config-int)#switch access vlan 2 ZXR10_B(config)#interface gei_5/1 ZXR10_B(config-int)#switch access vlan 3 ZXR10_B(config)#interface gei_5/10 ZXR10_B(config-int)#switch access vlan 3 ZXR10_B(config)#interface gei_8/10 ZXR10_B(config-int)#switch mode trunk ZXR10_B(config-int)#switch trunk vlan 2-3
Taking advantage of the command, you can view the information of all VLANs, VLAN with specified ID, and VLAN with specified name; you can also view the information of the VLAN with port mode of Access, Trunk and Hybrid. Two examples are presented: View configuration information of all VLANs
ZXR10(config)#show vlan VLAN Name Status Said MTU IfIndex 0 0 0 0 0 0 gei_7/4 gei_7/4 gei_7/4 gei_7/3 PvidPorts gei_7/5-12 gei_7/1-3 gei_7/3-4 UntagPorts TagPorts -----------------------------------------------------------------1 VLAN0001 active 100001 1500 10 VLAN0010 active 100010 1500 100 VLAN0100 active 100100 1500 130 VLAN0130 active 100130 1500 136 VLAN0136 active 100136 1500 200 VLAN0200 active 100200 1500 ZXR10(config)#
80
Chapter 7
VLAN Configuration
1 VLAN0001 active 100001 1500 10 VLAN0010 active 100010 1500 100 VLAN0100 active 100100 1500 130 VLAN0130 active 100130 1500 136 VLAN0136 active 100136 1500 200 VLAN0200 active 100200 1500 ZXR10(config)#
81
82
Chapter
83
Related flags of MAC address entries in ZXR10 T160G/T64G include the following five categories: Static: indicating whether MAC address is static Permanent: Indicating permanent MAC address to-static: Indicating whether MAC address is burnt in src_filter: Indicating whether filtering the frame of source MAC address dst_filter: Indicating whether filtering the frame of target MAC address When the switch is performing layer2 forwarding, it searches MAC address table and VLAN table according to target MAC address of data frame with the purpose of knowing the destination port of the data frame forwarding. When the switch is performing Layer 3 fast forwarding, after it gets MAC address corresponding to next-hop IP address, it also needs to know the destination port of the packet forwarding by searching MAC address table.
84
Chapter 8
MAC address table entries and upgrade changed entries owing to limited MAC address table capacity and frequent replacement of network devices.
Dynamic Learning
The switch learns dynamic MAC address in MAC address table. The process that the switch learns MAC address is as follows: The switch will analyze the source MAC address and VLAN ID (Assuming MAC1+VID1) when a port receives a data frame. If the MAC address is legal and can be learnt, search MAC address table with MAC1+VID1 as key value. If the address is unavailable in the MAC address table, add it to the table; if the address is available in the MAC address, update the entries.
Note: MAC address learning is to learn source MAC address of data frame rather than destination MAC address. MAC address learning learns unicast address only, for broadcast and multicast addresses, it doesnt learn.
85
Global
The default aging time of MAC address in ZXR10 T160G/T64G is 300s; the configurable range is 10s~630s.
Global
Continue/cancel address
burning
MAC
Note: These MAC addresses will not be saved permanently after burning MAC address; it will disappear when the switch is powered off and restarted.
86
Chapter 8
mac add {static|permanent} <mac-address> {ethernet <port-name>|smartgroup <smartgroup-id>} [vlan <vlan-id>] mac delete {<mac-address>|ethernet <port-name>|smartgroup <smartgroup-id>} [<vlan-id>]
Global
Global
Note: If specified VLAN ID is unavailable when adding MAC address, add according to PVID or the port. When deleting MAC address, if specified port and VLAN ID are unavailable, delete all MAC address items matching with MAC-address parameters.
Global
87
Global
of
port
mac
By default, the switch imposes no restriction on number of port MAC addresses. Configured number of port MAC address restriction can be cancelled by setting the number of restricted MAC address to be zero.
Global Global
Set port MAC address learning protection Set port MAC address learning protection time
By default, the switch port MAC address learning function is disabled. Please reserve sufficient margin when configuring number restriction of port MAC address in order to use port MAC address learning protection function.
88
Chapter 8
Match source or destination MAC address of data frame, namely, if the source or destination MAC address of data frame is the set MAC address, the filtration will be performed. The configuration command of MAC address filtering is as follows:
Command format Command Mode Command function
Global
Inputting port name is not needed when configuring MAC address filtration, for the switch will filter data frame from any port. Deleting the MAC address will cancel the configured MAC address filtration.
All modes
fei_8/12 888
------------------------------------------------------------------
89
PC1, PC2 and PC3 serve as servers; MAC address should be bound with port of switch B. Owing to the large number of users connected to ZXR10 2826E, port MAC address learning protection should be set in the corresponding ports of switch B. The protected number is 1000, protection time is 120s. The MAC address aging time of switch B should be set to be 180s.
ZXR10 2826E PC 1 PC 2 PC 3
Switch B configuration:
/*Configure port MAC address binding*/ ZXR10_B(config)#mac add permanent 00D0.8765.95CA ethernet fei_2/1 vlan 1 ZXR10_B(config)#mac add permanent 00D0.8765.95CB ethernet fei_2/3 vlan 2 ZXR10_B(config)#mac add permanence 00D0.8765.95CC ehernet fei_2/5 vlan 3 /*Configure port MAC address learning protection*/ ZXR10_B(config)#mac limit-num ethernet fei_2/7 1000
90
Chapter 8
ZXR10_B(config)#mac protect ethernet fei_2/7 enable ZXR10_B(config)#mac protect time 120 /*Configure MAC address aging time*/ ZXR10_B(config)#mac aging-time 180
91
92
Chapter
STP Configuration
This chapter describes the content and related knowledge of STP protocol and related configuration in ZXR10 T160G/T64G. It covers: STP Overview Configuring STP Examples of configuring STP STP maintenance and diagnosis
STP Overview
Spanning Tree Protocol (STP) is applicable to loop network. It can block some redundant paths via specific algorithm, prune loop network into loop-free tree topology, to prevent the message proliferation and endless cycling in the loop network. STP protocol is implemented via participating in exchanging BPDU (Bridge Protocol Data Unit) of all STP switches in a extended LAN. The following operations can be implemented via exchanging BPDU messages: 1. Select a root bridge in a stable SPT topology. 2. Select a specified switch in every switching network. 3. Set the redundant switch port to be Discard to avoid loop in topology network. STP module of ZXR10 T160G/T64G supports three modes including SSTP, RSTP and MSTP, which respectively comply with IEEE802.1d, IEEE802.1w and IEEE802.1s.
SSTP Mode
SSTP (Single Spanning Tree Protocol) fully complies with IEEE802.1d in functionality. Bridge running STTP mode can interconnect with RSTP and MSTP bridge.
93
RSTP Mode
RSTP (Rapid Spanning Tree Protocol) provides higher convergence speed than STP (i.e. SSTP mode), namely when the network topology is changing, the status of old redundant switch port can be transferred (From Discard to Forward) quickly in the case of point-to-point connection.
MSTP Mode
The concept of instance and VLAN mirroring are added in MSTP (Multiple Spanning Tree Protocol); SSTP mode and RSTP mode can both be considered to be instances of MSTP mode, namely, the case that only one instance 0 exists. MSTP mode also provides fast convergence and load balance in VLAN environment. In SSTP and RSTP modes, there is no concept of VLAN. There is only one status for each port that is forwarding statuses of ports in different VLANs is consistent. While in MSTP mode, there are multiple spanning tree instances, forwarding statuses of ports are different in different VLANs. Multiple independent subtree instances can be formed inside MST region to achieve load balance. Some basic concepts of MSTP are presented in detail as follows:
MST Config ID
MST Config ID refers to the forwarding plan with different VID frames, that is, all bridges in MST region forward to specific spanning tree (CIST or an MST instance) according to VID in frames. MST Config ID consists of the following parts: Configuration name: the 32-byte-long character string. Version level: 2-byte-long non-negative integer Configuration abstract: the signature generated according to MST Config Table and processed by MD5, with the length of 16 bytes. MST Config Table consists of 4096 consecutive two bytes, the first and the last two bytes are zero, and other two bytes can represent a binary number. The second two bytes indicate the MSTID value corresponding to VID 1; the third two bytes indicate MSTID value corresponding to VID 2; and the rest may be deduced by analogy, the last but one two bytes indicate the MSTID value corresponding to VID 4094. Configuration abstract is obtained by processing MST Config Table and fixed key value via HMAC-MD5 algorithm. It can learn that a VID belongs to which MST instance or CIST via resolution.
MST Region
Every MST region is composed of one or multiple connected bridges with the same MST Config ID; they enable multiple same instances. This region also contains the LAN whose designated bridge is one of these bridges in CIST instances.
94
Chapter 9
STP Configuration
Note: The MST Config ID of bridge in a MST region must be the same; but bridges with same MST Config ID are not necessarily in the same MST region. For example: If two bridges with same MST Config ID are connected via LAN belonging to another MST region, the two bridges belong to different MST region.
In MST region, there exist different spanning tree topologies: IST (Internal Spanning Tree), MST1, MST2and MSTn. Every MSTi can be called MSTI (MST Instance), bridges forward specific VID frame according to paths (MSTI spanning tree topology) corresponding to VID. The correspondence between VID and MSTI is reflected in MST Config ID, while MSTI spanning tree topology is determined by parameters of system configuration priority.
MST Instances
MST bridge must support implementation of two kinds of instances: one IST and multiple MST instances. IST is running in a region by default; all VLANs are configured to IST by default; IST is connected with all switches in the region, responsible for communication with other MST regions and SST regions outside. MST instance does not transmit BPDU message alone. Spanning tree information is contained in M-record, and transmitted as part of IST BPDU in the region.
MST BPDU
MSTI in MST region does not communicate with outside; only IST exchanges BPDU message with outside. In the region, MSTI does not transmit BPDU message alone; MST BPDU message transmitted by IST contains MSTI information. MSTI indicates that it needs to transmit MST BPDU message via a flag, and the detailed message is transmitted by IST. Every MSTI needing to transmit BPDU saves its information in the M-record structure, which will be transmitted as part of IST BPDU.
95
Configuring STP
Enable/Disable STP
Use the following command to enable or disable STP protocol.
Command format Command Mode Command function
spanning-tree {enable|disable}
Global
Enable/Disable STP
Note: After disabling STP protocol in ZXR10 T160/T64G, every port with the physical status of up should be set to be the status of forwarding.
Global
The default mode of ZXR10 T160G/T64G is MSTP. Whichever mode configured can be compatible and interconnected with other two modes.
96
Chapter 9
STP Configuration
Max-hops value is determined by region root node of instance in MST region; the value decreases by 1 when passing one switching node. When the parameter value is decreased to 0, the BPDU packet becomes invalid. Message-age and max-age of BPDU message in MST region remain unchanged in the process of region transmission. Use the following command to configure STP protocol parameters.
Command format Command Mode Command function
spanning-tree hello-time <time> spanning-tree forward-delay <time> spanning-tree max-age <time> spanning-tree mst max-hops <1-40>
Set STP hello time interval Set STP forward delay Set max age of BPDU packet Set max hops of BPDU packet
Note: In CST network spanning tree topology, all switch hello-time parameter values are determined by Root switch. Max-hops parameter value is valid only when serving as region root node of an instance in the MST region.
Creating Instances
In MSTP mode, users can build a MST region by creating or deleting switches connected with instances, to implement rapid convergence and load balance. Use the following command to access MSTP configuration mode.
Command format Command Mode Command function
Global
MSTP
Note: ZXR10 T160G/T64G has and has only one instance 0 in SSTP and RSTP modes. In MSTP mode, instance 0 exists by default, so it cannot be deleted arbitrarily.
97
MSTP MSTP
Note: The following four prerequisites are indispensable for a switch belonging to the same MST region: same MST configuration name, same MST configuration version, same INS-VLAN mapping table, and interconnected switches.
spanning-tree mst instance <instance> priority <priority> spanning-tree mst instance <instance> priority <priority>
Global Port
98
Chapter 9
STP Configuration
Note: The bridge priority and port priority of ZXR10 T160G/T64G can be configured only when the instance has been created.
spanning-tree {enable|disable}
Port
Instance 1
As shown in Figure 37, run MSTP in backbone network; MST region serves as root of CST, that is, CIST Root Bridge is inside the MST region. Switches A, B and C are configured in the same region; their initialization priority is 32768; determine CIST root and IST root according to MAC address. The respective address of the three switches is as follows: Switch A: 000d.0df0.0101 Switch B: 000d.0df0.0102 Switch C: 000d.0df0.0103 Create two MST instances, to which the VLAN in this region should be mapped. Run CST mode in switch D with the MAC address of: 000d.0df0.0104, and priority: 32768.
99
The purpose of this instance is to implement rapid convergence of the whole network and load balance of two links in switch A.
A, B and C belong to the same MST area, and the identity of this area in the network topology is CIST root. Root node of Instance 2 The port is blocked in ins 2 Switch A Switch B
Switch D
Switch A configuration:
/*Configure MST region*/ ZXR10_A(config)#spanning-tree mode mstp ZXR10_A(config)#spanning-tree mst configuration ZXR10_A(config-mstp)#name zte ZXR10_A(config-mstp)#revision 2 /*Map VLAN 1~10 to instance 1, VLAN 11~20 to instance 2*/ ZXR10_A(config-mstp)#instance 1 vlan 1-10 ZXR10_A(config-mstp)#instance 2 vlan 11-20
Switch B configuration:
/*Configure MST region*/ ZXR10_B(config)#spanning-tree mode mstp ZXR10_B(config)#spanning-tree mst configuration ZXR10_B(config-mstp)#name zte ZXR10_B(config-mstp)#revision 2 /*Map VLAN 1~10 to instance 1, VLAN 11~20 to instance 2*/ ZXR10_B(config-mstp)#instance 1 vlan 1-10 ZXR10_B(config-mstp)#instance 2 vlan 11-20 /*Change the priority of switch B in instance 2, to make it become the Root of instance 2*/ ZXR10_B(config-mstp)#spanning-tree mst instance 2 priority 4096
Switch C configuration:
/*Configure MST region*/
100
Chapter 9
STP Configuration
ZXR10_C(config)#spanning-tree mode mstp ZXR10_C(config)#spanning-tree mst configuration ZXR10_C(config-mstp)#name zte ZXR10_C(config-mstp)#revision 2 /*Map VLAN 1~10 to instance 1, VLAN 11~20 to instance 2*/ ZXR10_C(config-mstp)#instance 1 vlan 1-10 ZXR10_C(config-mstp)#instance 2 vlan 11-20 /*Change the priority of switch C in instance 1, to make it become the Root of instance 1*/ ZXR10_C(config-mstp)#spanning-tree mst instance 1 priority 4096
Instance 2
As shown in Figure 38, switch B and C run in the same region, CIST root bridge C is outside of the region; one boundary port of switch B and C will be blocked
Switch B
Switch C
The difference between instance 2 and instance 1 lies in: The boundary port blocks or forwards all VLANs for there exists only one instance that can communicate with outside in a region, there is no probability of load balance, and it cannot exert the advantages of MSTP mode. In the following figure, the link from switch A to switch C will block all VLANs, while the link from switch B to switch A will forward all VLANs.
101
All modes
All modes
3. Display statistical information of transmitting and receiving BPDU packets in designated port.
Command format Command Mode Command function
All modes
Display statistical information of transmitting and receiving BPDU packets in designated port.
In the following three cases, even if switch STP function is enabled, the appearance of loop cannot be avoided, please take care when configuring. Two switches are connected with multiple parallel links, one of the two switches configures link aggregations for these ports, and the other does not. One switch configures aggregations for multiple ports, but one port in the aggregation port group connects with other ports of the device by self-loop. Two switches connect two parallel links; either of the two parties cannot receive the BPDU packet transmitted by the opposite party for unknown reason.
102
Chapter
10
103
Thirty-two trunk groups totally can be configured, each trunk group contains up to eight member ports. Support cross-interface-board aggregation, the member ports can be located at any interface board, but the selected port must work in full-duplex mode and the working rate must be consistent. The modes of member ports could be access, trunk or hybrid, but they must be consistent. In ZXR10 T160G/T64G, the logical ports formed by link aggregation are called SmartGroup, which can be used as ordinary port.
interface <smartgroup-name>
Global
Port
When the aggregation mode is set to be On, the port runs static trunk, two ends participating in aggregation should be set to be On mode. When aggregation mode is active or passive, the port runs LACP. Active means that the port is in active negotiation mode. Passive means that the port is in passive negotiation mode. When configuring dynamic link aggregation, set the aggregation mode of one end of port to be active and the other end to be passive or set both ends as active.
Note: The configuration of VLAN link type in member port must be consistent with that of smartgroup, otherwise it cannot be added into this trunk group.
3. Setting port link aggregation load sharing mode ZXR10 T160G/T64G port link aggregation supports 6 types of load sharing modes which respectively based on source IP, destination IP, source and destination IP, source MAC, destination MAC, and source and destination. By default, MAC is based on source and destination MAC.
Command format Command Mode Command function
Port
104
Chapter 10
Switch B
Smartgroup11 gei_3/5-8 trunk VLAN 10,20 Smartgroup10 gei_5/1-4
Switch A
Switch A configuration:
/*Create trunk group*/ ZXR10_A(config)#interface smartgroup10 /*Bundle port to trunk group*/ ZXR10_A(config)#interface gei_5/1 ZXR10_A(config-if)#smartgroup 10 mode active ZXR10_A(config)#interface gei_5/2 ZXR10_A(config-if)#smartgroup 10 mode active ZXR10_A(config)#interface gei_5/3 ZXR10_A(config-if)#smartgroup 10 mode active ZXR10_A(config)#interface gei_5/4 ZXR10_A(config-if)#smartgroup 10 mode active /*Modify VLAN link types of the smartgroup port*/ ZXR10_A(config)#interface smartgroup10 ZXR10_A(config-if)#switchport mode trunk ZXR10_A(config-if)#switchport trunk vlan 10 ZXR10_A(config-if)#switchport trunk vlan 20 ZXR10_A(config-if)#switchport trunk native vlan 10
Switch B configuration:
ZXR10_B(config)#interface smartgroup11 ZXR10_B(config)#interface gei_3/5 ZXR10_B(config-if)#smartgroup 11 mode passive ZXR10_B(config)#interface gei_3/6 ZXR10_B(config-if)#smartgroup 11 mode passive
105
ZXR10_B(config)#interface gei_3/7 ZXR10_B(config-if)#smartgroup 11 mode passive ZXR10_B(config)#interface gei_3/8 ZXR10_B(config-if)#smartgroup 11 mode passive ZXR10_B(config)#interface smartgroup11 ZXR10_B(config-if)#switchport mode trunk ZXR10_B(config-if)#switchport trunk vlan 10 ZXR10_B(config-if)#switchport trunk vlan 20 ZXR10_B(config-if)#switchport trunk native vlan 10
-----------------------------------------------------------------fei_3/17 selected 30 collecting-distributing fei_3/18 selected ZXR10(config)# 30 0x202 0x3d current collecting-distributing 0x202 0x3d current
When Agg State is selected, and Port state is 0x3d, it means that the port aggregation is successful. If aggregation failed, the Agg state indicates unselected 2. View protocol packet counter of member ports
106
Chapter 10
Command format
Command Mode
Command function
Only when counter of protocol transmitting packets Tx and protocol receiving packets Rx of every member port is available, can the aggregation succeed. 3. View member ports of the peer end.
Command format Command Mode Command function
Instance: view the member port of the peer end of trunk group 2.
ZXR10(config)#show lacp 2 neighbors Smartgroup 2 neighbors Actor Port Partner System ID Partner Port Oper Key 0x202 0x202 Port State 0x3d 0x3d Port No. Priority 0x8000 0x8000
Where Partner Port No stands for port number of neighbors, when Port State is 0x3d, it means the aggregation of the two ends is successful.
107
108
Chapter
11
PC
109
Fast Leave
The fast leave function of IGMP Snooping means that: When hearing IGMPv2 leave message of specified group, the switch does not transmit query message, instead, it deletes corresponding ports in the layer2 forwarding entries directly. Please take care when enabling fast leave function in a VLAN, if one of the multiple hosts in a port leaves multicast group, other hosts of the same multicast group in the port cannot receive multicast traffic of the multicast group.
110
Chapter 11
ip igmp snooping
Global
igmp snooping
VLAN
3. Configure whether to broadcast multicast data when IGMP Snooping is enabled but there is no user.
Command format Command Mode Command function
vlan
Configure whether to broadcast multicast data when IGMP Snooping is enabled but there is no user.
VLAN
Global
Global
Global
111
VLAN
VLAN
Static Configuration
Static configuration will not age and can only be deleted statically. 1. Configure static users in VLAN
Command format Command Mode Command function
VLAN
When a user needs to join a multicast group, but IGMP and IGMP Snooping are not in operation, so it cannot be monitored, here static configuration can be performed. 2. Configure multicast router interface in VLAN
Command format Command Mode Command function
VLAN
router
It is applied when PIM-Snooping is not configured or connecting to multicast router that does not transmit query message.
VLAN
2. Modify last-member-query-interval
Command format Command Command function
112
Chapter 11
Mode
<interval>
VLAN
Modify last-member-query-interval
VLAN
IGMP Router
Switch configuration:
ZXR10(config)#ip igmp snooping ZXR10(config)#vlan 10 ZXR10(config-vlan)#igmp snooping
113
Command format
Command Mode
Command function
<vlan-id>
ZXR10 T160G/T64G also provides debug command to debug IGMP Snooping, tracing related information.
Command format Command Mode Command function
debug ip igmp-snooping
Privileged
Instance: Tracing the process of transmitting and receiving packets of IGMP Snooping.
ZXR10#debug ip igmp-snooping ZXR10# IGMP SNOOPING Rcv 224.1.1.1 Group Report Msg: From Vlan 1, Port fei_4/10 IGMP SNOOPING Rcv 224.1.1.1 Group Report Msg: From Vlan 1, Port fei_4/11 ...
114
Chapter
12
IP Address
Introduction to IP Address
Network layer address in the IP protocol stack refers to IP address. An IP address is composed of two parts, the network ID part and the host ID part. The network ID is used to reference a specific network. The host ID is used to identify a specific device on that network IP addresses fall into 5 classes including A, B, C, D, and E, classes A, B, and C are popular, class D address is network multicast address, and class E address is reserved. Table 23 presents the range of each class of address.
8 16 24
24 16 8
115
In class A, B, and C addresses, some are reserved for private network, it is recommended using private network address when constructing internal network. These addresses are: Class A: 10.0.0.0~10.255.255.255 Class B: 172.16.0.0~172.31.255.255 Class C: 192.168.0.0~192.168.255.255 The original intension of dividing addresses like this is to facilitate routing protocol design, judging network type from the header characteristic bit of the IP address. However, this method cannot make maximal use of addresses, as a result, the shortage of addresses is becoming increasingly serious with the development of Internet. To make maximal use of IP addresses, we can divide one network into multiple subnets. By means of borrowing, borrow from the maximum of the host ID to serve as subnet ID, and the remainder of the host ID is still host ID. Here, IP address is composed of three parts: network ID, subnet ID and Host ID. Network ID and subnet ID identify a network uniquely. Use subnet mask to determine the network ID, subnet ID, and host ID parts in the IP address. The part with the subnet mask of 1 corresponds to network ID and subnet ID in IP address, the part with the subnet mask of 0 corresponds to host ID. The division of subnet boosts utilization rate of IP address significantly, which, to some extent, relieves the problem of IP address shortage. Regulations regarding IP address: 0.0.0.0 will be employed when the host without IP addresses boots; it obtains address via RARP, BOOTP, and DHCP, in routing table, the address is also used as default route. 255.255.255.255 is for broadcast destination address and it cannot be used as source address. 127.X.X.X is called loop-back address, which can be used to represent this computer even if the real IP address of the host is unknown. The address with the host ID of all zeroes represents the network itself; the address with the host ID of all 1 is used for the network broadcast address. For legal host IP address, the network part or the host part cannot be all 0 or all 1.
interface <interface-name>
Global
Access
interface
configuration
116
Chapter 12
mode If the interface does not exist, create it and access interface configuration mode
VLAN interface
ARP Configuration
Overview of ARP
A network device should know the IP address of the destination device and its physical address (MAC address) when transmitting data to another network device. The function of ARP (Address Resolution Protocol) is mapping IP address to physical address to ensure successful communication. First, the source device broadcast carries the ARP request of destination device IP address, so all devices in the network will receive this ARP request. If a device finds that the IP address in the request and its own IP address match, it will transmit a response containing MAC address to source device. The source device obtains the MAC address of the current device via this response. The mapping relationship between IP address and MAC address is cached in the local ARP table with the purpose of reducing ARP packets in the network to transmit data more rapid. When the device needs transmitting data, it will search ARP table according to IP address, if MAC address of destination device is found in the ARP table, transmitting ARP request is not needed. Dynamic entries in the ARP table will be deleted automatically after a period of time, which is called ARP aging time.
117
VLAN interface
2. Clear all dynamic ARP entries in the ARP buffer of specified interface
Command format Command Mode Command function
Privileged
All modes
118
Chapter
13
ip route [vrf <vrf-name>] <prefix> <net-mask> {<forwarding-router's-address>| <interface-name>} [<distance-metric>] [tag <tag>]
Global
Tag value is the identifier of route; two static routes (with different next-hop) to the same destination network cannot have the same tag value.
119
R1
192.168.4.1/24
R2
192.168.5.1/24
R3
192.168.6.1/24
We can see that from the above configuration information, static route is configured in global configuration mode; only one static route can be configured once. Behind the command ip route, is remote network, subnet mask and next-hop IP address reaching remote network. In other words, if R1 wants to transmit message to network 192.168.5.0/24, it must deliver the message to R2 with the IP address of 192.168.4.2; moreover, R1 and R2 are connected directly. Another way to configure static route is as follows:
ZXR10_R1(config)#ip route 192.168.5.0 255.255.255.0 vlan2 ZXR10_R1(config)#ip route 192.168.6.0 255.255.255.0 vlan2
This configuration is similar to the method mentioned above. The only difference is that in the above method, next-hop IP address is applied while in this method, local interface is applied, that is to say, it transmits all messages towards network 192.168.5.0/24 and 192.168.6.0/24 from VLAN2 instead of routing to next-hop logical address. If multiple paths to the same destination are available, configure the router with multiple static routes with different administrative distance values, but the routing table will only show the routing information with the minimum distance value. Because when the router is notified that there are multiple competitive sources to a network, the route with the minimum administrative distance value has a higher priority. Parameter distance-metric in static route configuration command ip route can be used to change the administrative distance value of a static route. Assume that there are two different routes from R1 to 192.168.6.0/24 network segment, and the configuration is as follows:
120
Chapter 13
ZXR10_R1(config)#ip route 192.168.6.0 255.255.255.0 192.168.4.2 ZXR10_R1(config)#ip route 192.168.6.0 255.255.255.0 192.168.3.2 25 tag 10
The above two commands configure two different static routes to the same network, the first command does not configure administrative distance value, so default value 1 is applied; the second command configures the administrative distance value to be 25. The administrative distance value of the first route is smaller than that of the second one, so only the information of the first route is available in the routing table, that is to say, the router reaches the destination network 192.168.6.0/24 via next-hop 192.168.4.2. The second route will be available in the routing table only when the first route becomes invalid and disappears from the routing table.
10.2.0.0/16
10.2.0.1/16 192.168.3.1/24 192.168.4.2/24 192.168.5.2/24
10.1.0.0/16 R3
10.1.0.1/16
R1
192.168.4.1/24
R2
192.168.5.1/24
As shown in Figure 43, R3 has two networks including 10.1.0.0/16 and 10.2.0.0/16. Usually, the following two static routes should be configured in R1 to reach these networks.
ZXR10_R1(config)#ip route 10.1.0.0 255.255.0.0 192.168.4.2 ZXR10_R1(config)#ip route 10.2.0.0 255.255.0.0 192.168.4.2
The IP connection can be implemented via the above configuration assuming R3 is properly configured. But we can use summary static route to optimize R1 routing table; the following command can substitute two above commands.
ZXR10_R1(config)#ip route 10.0.0.0 255.0.0.0 192.168.4.2
This command indicates that all messages with the destination of network 10.0.0.0/8 pass 192.168.4.2, that is to say, all messages of subnets (here refer to subnet 10.1.0.0/16 and 10.2.0.0/16) with the destination of 10.0.0.0/8 transmits to 192.168.4.2. We summarize all subnets of main network 10.0.0.0/8 by this means.
121
If a router cannot route for a message, the message has to be discarded to an unknown destination, which is beyond our expectation. To make the router fully connected, one router must be connected to a network. The default route can be applied when the router wants to be fully connected and requires no record of individual route. We can specify an individual route to represent all other routes via default route. The function and usage of static route are illustrated in the following instance:
192.168.3.1/24
192.168.4.2/24
211.211.211.2/24
Internet R3
R1
192.168.4.1/24
R2
211.211.211.1/24
As shown in Figure 44, R2 and router R3 in the Internet network are connected. R2 did not record all network addresses in the Internet, it uses default route to directly transmit unknown messages to R3. The configuration of default route in R2 is as follows:
ZXR10_R2(config)#ip route 0.0.0.0 0.0.0.0 211.211.211.2
The configuration procedure of default route is identical with that of static route, which is a little bit different is that both the network part and subnet mask part are 0.0.0.0. We can view routing table of R2:
ZXR10_R2#show ip route IPv4 Routing Table: Dest 192.168.4.0 0.0.0.0 ZXR10_R2# Mask 255.255.255.0 0.0.0.0 211.211.211.2 Gw Net direct direct static Owner 211.211.211.0 255.255.255.0
We can see from the routing table that, the default route with next-hop of 211.211.211.2 is added to the routing table as the last route. When using default route in routing protocol configuration, it differs when routing protocol varies. If default route is configured in a router running RIP protocol, RIP will notify the default route 0.0.0.0/0 to its neighbor, even neednt reallocating routes in the RIP domain. For OSPF protocol, the router running OSPF will not notify default route automatically to its neighbor. Command default-information originate must be used to enable OSPF to transmit default route to OSPF domain. If reallocating default routes in the OSPF domain, this kind of notification is usually implemented via ASBR (autonomous system border router).
122
Chapter 13
All modes
123
124
Chapter
14
RIP Configuration
The Routing Information Protocol (RIP) is a vector distance routing protocol with the latest version of RIPv2, which is usually applied in small-sized network. In this chapter, you will learn about: Overview of RIP Configuring RIP Instances of configuring RIP RIP maintenance and diagnosis
Overview of RIP
RIP Fundamentals
Routing Information Protocol (RIP) is the first routing protocol identifying the best path dynamically, which is implemented based on vector distance algorithm of local network. RIPv1 is defined in RFC1058 and RIPv2 is defined in RFC1723. ZXR10 T160G/T64G supports both RIPv1 and RIPv2, RIPv2 is applied by default. RIPv2 has the following advantages compared to RIPv1: Subnet mask is available in route refresh Authentication of route refresh Multicasting route refresh In the following instruction, RIP refers to RIPv2 if not specially designated.
125
Only hop count is taken as the metric for RIP routing; bandwidth, delay and other variable factors are not considered. The RIP always takes paths with the least hop count as the optimized path, which may results that the selected path is not the best one. The default administrative distance value of RIP is 120. As far as AD is concerned, the lower is the value; the higher is the routing source reliability. The RIP is not quite reliable, compared to other routing protocol.
Timer
Router running RIP transmits update message of routing information at a certain interval (30s by default), which reflects all the routing information of the router. This process is called routing information notification. If a router failed to receive update information from another router in a certain time period (180s by default), it will mark the routes provided by the router to be unavailable and if it is not updated in the succeeding period of time (240s by default), the router will clear the route completely from the routing table. The RIP provides the following four types of timers: Update timer Invalid timer Hold-down timer Flush Timer
Route Update
The RIP protocol employs trigger update to speed up the spread of routing changes in the RIP routing domain. When a RIP router detects that an interface is working or has stopped working, an adjacent node is down or a new subnet or neighbor node joining in, it will transmit a trigger update. The trigger update message only contains changed route. The RIP protocol uses poison reverse to speed up protocol convergence. The poison reverse sets the metrics of the infinite network prefix to be 16 (meaning infinite), after receiving routing update of the metric, the router will discard the route instead of waiting for the aging time. The RIP uses split horizon to prevent routing loop and reduce the size of routing update. Split horizon means that in the interface that receives a routing update, these update information will not be transmitted repeatedly.
Configuring RIP
The RIP configuration covers: basic configuration, enhanced configuration and version configuration.
126
Chapter 14
RIP Configuration
Basic Configuration
1. Start RIP
Command format Command Mode Command function
router rip
Global
2. Define interface
Command format Command Mode Command function
Route RIP
Enhanced Configuration
1. Adjust the timer
Command format Command Mode Command function
Route RIP
Many RIP characteristics can be self-defined to adapt to any network environment. Although in most cases, it is not necessary to modify the default value of the timer, sometimes, adjusting timer can improve the protocol performance. 2. Change inter-message-group delay transmitted by RIP update
Command format Command Mode Command function
Route RIP
3. Define the adjacent router exchanging routing information with this router
Command format Command Mode Command function
neighbor <ip-address>
Route RIP
Define the adjacent router exchanging routing information with this router
4. Configure authentication In order to strengthen the security of routing process, configure RIP authentication in the router. Set interface password; the network neighborhood must use the same password in the network. RIPv1does not support authentication.
Command format Command Mode Command function
VLAN interface
127
VLAN interface
ip split-horizon
VLAN interface
ip poison-reverse
VLAN interface
Route RIP
8. Set the default metric, which is adopted when redistributing routes generated by other protocols to be RIP routes
Command format Command Mode Command function
default-metric <metric-value>
Route RIP
Set the default metric, which is adopted when redistributing routes generated by other protocols to be RIP routes
Version:
ZXR10 T160G/T64G supports both RIPv1 and RIPv2; RIPv2 is applied by default. The following commands can be applied to designate RIP versions received or transmitted by router.
Command format Command Mode Command function
version {1|2} ip rip receive version {1|2} [1|2] ip rip send version {1|2 {broadcast|multicast}}
Specify RIP version for router global use Specify the RIP version received in the interface Specify the RIP version transmitted in the interface
Chapter 14
RIP Configuration
R1
192.168.1.1/24
R2
10.2.0.1/16
R1 configuration:
ZXR10_R1(config)#router rip ZXR10_R1(config-router)#network 10.1.0.0 0.0.255.255 ZXR10_R1(config-router)#network 192.168.1.0 0.0.0.255
R2 configuration:
ZXR10_R2(config)#router rip ZXR10_R2(config-router)#network 10.2.0.0 0.0.255.255 ZXR10_R2(config-router)#network 192.168.1.0 0.0.0.255
All modes
information
of
All modes
All modes
of
all
All modes
129
[mask <net-mask>]]
All modes
ZXR10 T160G/T64G also provides debug command to debug RIP protocol, tracing related information. For example:
Command format Command Mode Command function
Privileged Privileged
Trace RIP basic process of transmitting and receiving packet Trace the change process of RIP routing table
130
Chapter
15
OSPF Configuration
OSPF is the abbreviation of Open Shortest Path First. OSPF protocol is a link status routing protocol, which satisfies the demands of large-scaled and extensible network that cannot be solved by distance vector routing protocol like RIP. In this chapter, you will learn about: OSPF overview Configuring OSPF Instances of configuring OSPF OSPF Maintenance and Diagnosis
OSPF overview
OSPF Fundamental
OSPF (Open Shortest Path First) is one of the most popular and widely-used protocols presently. OSPF is a link-state protocol, which overcomes the disadvantages of RIP and other distance-vector protocols. OSPF is an open standard, which makes devices of different vendors interconnect with each other via protocol. OSPF version 1 is defined in RFC1131. Currently used OSPF version 2 , is defined in RFC2328. ZXR10 T160G/T64G completely supports OSPF version 2. OSPF has the following characteristics: Fast convergence, ensure database synchronization via fast diffusing link state update, and calculates routing table synchronously. Loop-free, ensure that no loop generated via SPF algorithm. Aggregation, reduce size of routing table. Totally classless, supports Variable Length Subnet Mask (VLSM) and Classless Inter-Domain Routing (CIDR)
131
Reduce the required network bandwidth; for trigger update mechanism is adopted, only when the network changes, the update information will be transmitted. Supports interface packet authentication, ensuring security of routing calculation Transmit update via multicast mode, which reduces interference against irrelated network devices while broadcasting.
OSPF Algorithm
OSPF is a link-state protocol, so OSPF router generates routing table via creating link-state database, which contains information of all networks and routers. Routers use the information to create routing table; all routers must have an identical link-state database to ensure reliability. Link-state database is built according to link state advertisement (LSA), and LSA is generated by each router and spreads in the whole OSPF network. LSA has a lot of categories; integrated LSA aggregation will present the precise distribution diagram of the whole network for routers OSPF uses cost as its metric. The cost is distributed to each interface of the router; by default, the cost of an interface is calculated automatically with the reference of 100M. The path cost to a specific destination is the sum of all link costs from the router to destination. In order to generate routing table from LSA database, the router runs Dijkstra SPF algorithm to construct a cost routing tree, the router itself serves as the root of the routing tree. Dijkstra algorithm makes the router calculate the lowest-cost-path to each node in the network, and the router saves the routes of these paths to routing table. Unlike RIP, OSPF doesnt simply broadcast all routing information periodically. OSPF router uses calling message to let neighbors know that it is alive. If a router doesnt receive hello packets from neighbors in a specific period, it indicates that the neighbor may not be functional. OSPF routing-update is increasing; usually the router sends update information only when the topology is changing. When the age of LSA reaches 1800 seconds, retransmit a new version of the LSA.
132
Chapter 15
OSPF Configuration
Virtual Links
OSPF Neighbor
OSPF neighbor is a group of routers in the same network; these routers stipulated some configuration parameters. The routers must be neighbors then they can become adjacent with neighbor. Analyze hello packets mutually when the routers form neighbor relationship, to make sure that the required parameters are stipulated. The parameters cover: Area ID, area flag, authentication information, calling interval, and router dead interval.
133
In the broadcast and NBMA network, neighbors not necessarily become adjacent. If all the n routers in a network formed adjacency, every router has (n-1) adjacencies, and there will be n (n-1)/2 adjacencies in the network. In a big multi-access network, if every router has to trace so many adjacencies, the burden of the router will be quite heavy, at the same time, routing information in each pair of adjacent routers will waste plenty of network bandwidth. Therefore, OSPF defines a designated router (DR) and a backup designated router (BDR). DR and BDR must establish adjacency with every OSPF router, and every OSPF router only forms adjacency with DR and BDR. If DR stop working, BDR will become DR.
OSPF Area
OSPF divides the network into several minor parts to reduce the information size each router saved and maintained. Every router must have the integrated information of the area it resides in. Each area shares information; routing information can be filtrated, which can reduce the size of routing information saved in the router. One area is identified with 32-bit unsigned number. Area 0 is reserved to identify backbone network, all other areas must be connected with area 0. An OSPF network must have a backbone area. Routers can be one or multiple of the following types according to its tasks in the area, as shown in Figure 46.
Area 1
Internal Router
Backbone Router
Backbone Router
ASBR RIP
Internal router: A router that has all of its interfaces within the same area
134
Chapter 15
OSPF Configuration
Backbone router: A router that has at least one interface in area zero. Area Border Router (ABR): A router has at least one interface in area 0 and at least one interface in other area. Autonomous System Border Routers (ASBR): The router connects an AS running OSPF to another AS running other protocols (such as RIP or IGRP).
135
In a stub area, all routers must be configured to be stub routers. Hello packet contains a stub area flag bit, which must be consistent in the neighbors. The ABR in the stub area can filter type 5 LSA to prevent them from releasing in the stub area. At the same time, ABR will generate a type 3 LSA, notifying a default route reached AS external destination address. If the ABR also filters type 3 LSA, and notifies a default route reached area external destination address. This kind of area is called Totally Stubby Area.
Not-So-Stubby Area
Routers in stub area dont permit type 5 LSA, so ASBR is not a part of stub area. However, we may expect a stub area with ASBR, in which, the router receives AS external routes from the ASBR in this area, but external routing information from other areas will be blocked. So, OSPF defines Not-So-Stubby Area (NSSA). In an NSSA, ASBR generates type 7 LSA instead of type 5 LSA. The ABR cannot transmit type 7 LSA to other OSPF area. On the one hand, it blocks the external routers from reaching the NSSA area, on the other hand, convert type 7 LSA into type 5 LSA.
OSPF Authentication
Authentication can be applied in packet switching between two OSPF neighbors. The neighbors must agree on authentication type, which is contained in all packets. Authentication 0 indicates no authentication, 1 indicates simple password authentication and 2 indicates MD5 password authentication. When configuring simple password authentication, one interface allows only one password, the password of each interface can be different, but in a specific network, every interface must have identical password. Simple password is transmitted by OSPF packets via clear text.
Configuring OSPF
The OSPF configuration can be either simple or complicated. ZXR10 T160G/T64G supports many OSPF complicated options, to satisfy the requirements of various networks.
Basic Configuration
Enable OSPF
Command format
Command Mode
Command function
136
Chapter 15
OSPF Configuration
Global
Define interface
Command format Command Mode Command function
Router OSPF
Define the interface running OSPF protocol and the area ID of the interface, if the area does not exit, it will be created automatically
The network command will traverse all interfaces, if the interface belongs to the specified range of <address> and <wildcard-mask>, add it to the specified OSPF area in the command.
ip ospf hello-interval <seconds> ip ospf retransmit-interval <seconds> ip ospf transmit-delay <seconds> ip ospf dead-interval <seconds>
Specify the interval of interfaces transmitting Hello message Specify the interval of interfaces retransmitting LSA Specify the delay of interfaces transmitting a link state update packet Specify the neighbors dead time in the interface
Many OSPF characteristics can be self-defined to adapt to any network environment. Although in most cases, it is not necessary to modify the default value of the timer, sometimes, adjusting timer can improve the protocol performance. 2. Configure interface cost
Command format Command Mode Command function
VLAN interface
Note: When using network devices of multiple vendors, make sure that all OSPF can work together. For example, all routers must use the same method to calculate interface cost.
137
VLAN interface
Route OSPF
area <area-id> stub [default-cost <cost>] area <area-id> stub no-summary [default-cost <cost>] area <area-id> nssa [no-redistribution] [default-information-originate [metric <metric-value>] [metric-type <type>]] [no-summary]
Define an area to be stub area Define an area to be totally stubby area Define an area to not-so-stubby area
Route OSPF
138
Chapter 15
OSPF Configuration
notify default route [always] [metric <metric-value>] [metric-type <type>] [route-map <map-tag>]
Route OSPF
Command format
Command Mode
Command function
area <area-id> virtual-link <router-id> [hello-interval <seconds>] [retransmit-interval <seconds>] [transmit-delay <seconds>] [dead-interval <seconds>] [authentication-key <key>] [message-digest-key <keyid> md5 <cryptkey> [delay <time>]] [authentication [null|message-digest]]
Route OSPF
Define OSPF virtual link, if the specified area does not exist, it will be created automatically
Route OSPF
Control importing matched routes of other protocols into OSPF autonomous system; the
139
Route OSPF
Construct convergence address for OSPF; Summarize other routing protocol paths that are being redistributed to OSPF.
area <area-id> authentication [message-digest] ip ospf authentication [null|message-digest] ip ospf authentication-key <password>
Enable authentication in the OSPF area Set the type of authentication for the interface Set password for the interface with the type of simple password authentication
Command format
Command Mode
Command function
capability opaque
Route
140
Chapter 15
OSPF Configuration
OSPF
LSA
Route OSPF
Area 23
192.168.2.1/24
Area 0
192.168.1.2/24
Area 24
192.168.3.1/24
R1
192.168.1.1/24
R2
R1 configuration:
ZXR10_R1(config)#router ospf 1 ZXR10_R1(config-router)#network 192.168.2.0 0.0.0.255 area 23 ZXR10_R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R2 configuration:
ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 192.168.3.0 0.0.0.255 area 24 ZXR10_R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
141
10.0.1.1/30
R1
R2
10.0.2.1/30
Area 1
10.0.1.2/30
10.0.2.2/30
Area 2 R5
R4 192.168.1.1/24 RIP
The following illustrates the detailed configuration of each router. Area 1 is an NSSA area; R1 is an ABR working between NSSA area 1 and backbone area. R1 advertises a default route to this area. R1 configuration:
ZXR10_R1(config)#interface vlan1 ZXR10_R1(config-if)#ip address 10.0.1.1 255.255.255.252 ZXR10_R1(config-if)#exit ZXR10_R1(config)#interface vlan2 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.255.0 ZXR10_R1(config-if)#exit ZXR10_R1(config)#router ospf 1 ZXR10_R1(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R1(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R1(config-router)#area 0.0.0.1 nssa default-information-originate
Area 2 is a stub area; R2 is an ABR working between area 2 and backbone area. In the stub area, ABR will advertise a default route to stub area automatically. R2 configuration:
ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 10.0.2.1 255.255.255.252
142
Chapter 15
OSPF Configuration
ZXR10_R2(config-if)#exit ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.255.0 ZXR10_R2(config-if)#exit ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config-router)#network 10.0.2.0 0.0.0.3 area 0.0.0.2 ZXR10_R2(config-router)#area 0.0.0.2 stub
R3 is a router working in backbone area 0; externally it connects other autonomous system via BGP. As the exit router of the entire autonomous system, R3 advertises a default route to the entire OSPF area via manual configuration. R3 configuration:
ZXR10_R3(config)#interface vlan1 ZXR10_R3(config-if)#ip address 10.0.0.3 255.255.255.0 ZXR10_R3(config-if)#exit ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 192.168.0.1 255.255.255.0 ZXR10_R3(config-if)#exit ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R3(config-router)#notify default route always
R4 is an ASBR in NSSA area 1; it also runs RIP protocol other than OSPF; RIP protocol can be injected into OSPF via route redistribution. R4 configuration:
ZXR10_R4(config)#interface vlan1 ZXR10_R4(config-if)#ip address 192.168.1.1 255.255.255.0 ZXR10_R4(config-if)#exit ZXR10_R4(config)#interface vlan2 ZXR10_R4(config-if)#ip address 10.0.1.2 255.255.255.252 ZXR10_R4(config-if)#exit ZXR10_R4(config)#router ospf 1 ZXR10_R4(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R4(config-router)#area 0.0.0.1 nssa ZXR10_R4(config-router)#redistribute rip metric 10
143
ZXR10_R5(config)#router ospf 1 ZXR10_R5(config-router)#network 10.0.2.0 0.0.0.3 area 0.0.0.2 ZXR10_R5(config-router)#area 0.0.0.2 stub
Area 0
10.0.0.1/24
R1
10.0.0.2/24
R2
10.0.1.1/30
Area 1
Virtual link
10.0.1.2/30
10.0.2.1/24 R3
Area 2
R2 configuration:
ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.255.0 ZXR10_R2(config-if)#exit ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 10.0.1.1 255.255.255.252 ZXR10_R2(config-if)#exit ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R2(config-router)#area 1 virtual-link 10.0.1.2
144
Chapter 15
OSPF Configuration
R3 configuration:
ZXR10_R3(config)#interface vlan1 ZXR10_R3(config-if)#ip address 10.0.1.2 255.255.255.252 ZXR10_R3(config-if)#exit ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 10.0.2.1 255.255.255.0 ZXR10_R3(config-if)#exit ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R3(config-router)#network 10.0.2.0 0.0.0.255 area 0.0.0.2 ZXR10_R3(config-router)#area 1 virtual-link 10.0.0.2
10.0.0.1/24
Area 0
10.0.0.2/24
R1
R2
10.0.1.1/30
Area 1
10.0.1.2/30
MD5 Authentication
R3
R2 configuration:
ZXR10_R2(config)#interface vlan1
145
ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.255.0 ZXR10_R2(config-if)#ip ospf authentication-key ZXR10 ZXR10_R2(config-if)#exit ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 10.0.1.1 255.255.255.252 ZXR10_R2(config-if)#ip ospf message-digest-key 1 md5 ZXR10 ZXR10_R2(config-if)#exit ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R2(config-router)#area 0 authentication ZXR10_R2(config-router)#area 1 authentication message-digest
R3 configuration:
ZXR10_R3(config)#interface vlan1 ZXR10_R3(config-if)#ip address 10.0.1.2 255.255.255.252 ZXR10_R3(config-if)#ip ospf message-digest-key 1 md5 ZXR10 ZXR10_R3(config-if)#exit ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 10.0.2.1 255.255.255.0 ZXR10_R3(config-if)#exit ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 10.0.1.0 0.0.0.3 area 0.0.0.1 ZXR10_R3(config-router)#network 10.0.2.0 0.0.0.255 area 0.0.0.2 ZXR10_R3(config-router)#area 1 authentication message-digest
show ip ospf
All modes
146
Chapter 15
OSPF Configuration
All modes
All modes
of
OSPF
The routing information between two routers cannot communicate because the adjacency is not formed. Check whether the neighbor relationship state between two OSPF routers is Full, which is the flag of normal running OSPF protocol. 4. Show link state database
Command format Command Mode Command function
All modes
Link state database is the source of all OSPF routes in the IP routing table. Many route problems may be caused by the incorrect information or information losing in the link state database. ZXR10 T160G/T64G provides debug command to debug OSPF protocol, tracing related information. For example:
Command format Command Mode Command function
Privileged
Turn on the switch of looping back OSPF adjacent events debugging information Turn on the switch of looping back OSPF receiving and transmitting packets events debugging information, monitor receiving and transmitting all OSPF packets Turn on the switch of looping back OSPF generation link state address events debugging information Turn on the switch of looping back OSPF important events debugging information
Privileged
Privileged
Privileged
147
148
Chapter
16
IS-IS Configuration
IS-IS protocol is a routing protocol for connectionless network service (CLNS) developed by International Standardization Organization (ISO). It is a link-state protocol also based on Dijkstra shortest path first (SPF) algorithm. IS-IS is similar to OSPF in many aspects. In this chapter, you will learn about: IS-IS overview Configuring IS-IS Instances of configuring IS-IS IS-IS Maintenance and Diagnosis
IS-IS Overview
Intermediate System-to-Intermediate System (IS-IS) is a routing protocol for Connectionless Network Service developed by ISO. IS-IS is a network layer protocol in OSI protocol. By expanding IS-IS protocol, added the supporting for IP route, formed integrated IS-IS protocol. The IS-IS protocols mentioned presently refer to integrated IS-IS protocol.
IS-IS Fundamental
IS-IS protocol is widely used in network as an IGP. The working mechanism of IS-IS is similar to that of OSPF: Partition the network into areas, in which the router only manages the routing information in the area, thus save the router cost. This feature enables it to adapt to the requirements of large-scaled network. IS-IS protocol is based on CLNS instead of IP, so when the routers are communicating, IS-IS uses Protocol Data Unit (PDU) defined by ISO. The PDU types used in IS-IS include: Hello PDU Link state PDU (LSP) Sequence number PDU (SNP)
149
The Hello PDU is similar to Hello message in OSPF protocol, responsible for forming adjacency between routers, finding new neighbor and detecting whether any neighbor exits. IS-IS routers exchange routing information via link state PDU, create and maintain link state database. One LSP indicates important information related to a router, including area and connected network. Meanwhile, ensure reliability transmission by using SNP. The SNP contains the summary information of every LSP in the network. When the router receives an SNP, it will compare the SNP with the link state database. If the router loses an LSP existed in SNP, it will launch a multicast SNP, requesting the needed LSP to other routers in the network. The coordination of LSP and SNP enables the reliable routing interaction of IS-IS protocol in the large-scaled network. IS-IS protocol also uses Dijkstra SPF to calculate route. The IS-IS uses SPF obtain the optimized route using SPF algorithm according to link state database, and then adds the route IP routing table.
IS-IS Area
The concept of area is introduced in IS-IS for easier link state database management. The router in an area is only responsible for the maintenance of link state database in this area, as a result, the burden of the router is relieved, which is particularly important in large-scaled network. The areas in the IS-IS can be classified into backbone area and non-backbone area: The router in the backbone area possesses the database information of the entire network. The router in the non-backbone area possesses only the information of this area. In response to the area partition, IS-IS defines three types of routers: L1 router: Exists in non-backbone area, interacts routing information with L1 router and L1/L2 router in this area L2 router: Exists in backbone area, interacts routing information with other L2 router and L1/L2 router. L1/L2 router: Exists in non-backbone area, responsible for interacting routing information between this area and backbone area. IS-IS area partition and router types are shown in Figure 51.
150
Chapter 16
IS-IS Configuration
Configuring IS-IS
IS-IS configuration mentioned here refers to the configuration based on IP route.
router isis
Global
151
2. Specify the IS-IS area and system IS In the IS-IS routing configuration mode, it is required to define an area, specify the router to belong to the area. At the same time, it is required to define a system ID to identify the router in the area, usually, which are indicated with the interface MAC address of the router. By default, the router running IS-IS protocol is identified as LEVEL-1-2, in order to optimize network, it can be modified via command.
Command format Command Mode Command function
3. Specify the interface to run IS-IS When configuring IS-IS, specify the interface to run IS-IS protocol in the router. After accessing interface mode, specify the interface to run IS-IS.
Command format Command Mode Command function
ip router isis
VLAN interface
is-type {level-1|level-1-2|level-2-only}
Route IS-IS
2. Set the PSNP interval The PSNP is usually applied in point-to-point network. The parameter is used to set the transmission interval between two PSNPs, with the default value of 3.
152
Chapter 16
IS-IS Configuration
Command format
Command Mode
Command function
VLAN interface
3. Advertise resources insufficient Set the OL flag bit of IS-IS, which is used to advertise other routers running IS-IS when the processing capability of the router is insufficient.
Command format Command Mode Command function
set-overload-bit
Route IS-IS
4. Generate a Default Route When configuring redistribution of routes, the router needs the following commands to redistribute the default route in the routing entries to IS-IS domain.
Command format Command Mode Command function
Route IS-IS
5. Route convergence The IS-IS can generate a convergent route to advertise outward after converging part entries of the routing table, rather than advertise detailed route entries. The minimum metric in the converged route entries will be selected as the metric of convergent route
Command format Command Mode Command function
Route IS-IS
VLAN interface
153
VLAN interface
VLAN interface
VLAN interface
VLAN interface
VLAN interface
7. Set IS-IS Interface metrics It is applied to set the metric when the interface participates IS-IS SPF calculation, different metrics can be set for L1 and L2 in the same interface. The default value is 10.
Command format Command Mode Command function
VLAN interface
8. Set the CSNP interval It is applied to set CSNP packet interval. In the broadcast network, the default value is 10; in the point-to-point network, the default value is 3600.
Command format Command Mode Command function
VLAN interface
154
Chapter 16
IS-IS Configuration
Set the interface authentication mode Set the LSP authentication mode message
For each authentication mode, ZXR10 T160G/T64G supports the following three types of IS-IS authentication: Interface authentication LSP authentication SNP authentication 1. Interface authentication
Command format Command Mode Command function
VLAN interface
2. LSP authentication
Command format Command Mode Command function
Route IS-IS
3. SNP authentication
Command format Command Mode Command function
set-snp-authentication
Route IS-IS
155
192.168.2.1/24
192.168.2.2/24 192.168.6.1/24 R2
R1 192.168.1.1/24
Area 1
In the above figure, R1 and R2 comprise area 1, running IS-IS protocol. The detailed configuration is as follows: R1 configuration:
ZXR10_R1(config)#router isis ZXR10_R1(config-router)#area 01 ZXR10_R1(config-router)#system-id 00D0.D0C7.53E0 ZXR10_R1(config-router)#exit ZXR10_R1(config)#interface vlan4 ZXR10_R1(config-if)#ip address 192.168.2.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config)#interface vlan6 ZXR10_R1(config-if)#ip address 192.168.1.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis
R2 configuration:
ZXR10_R2(config)#router isis ZXR10_R2(config-router)#area 01 ZXR10_R2(config-router)#system-id 00D0.D0C7.5460 ZXR10_R2(config-router)#exit ZXR10_R2(config)#interface vlan4 ZXR10_R2(config-if)#ip address 192.168.2.2 255.255.255.0 ZXR10_R2(config-if)#ip router isis ZXR10_R2(config)#interface vlan3
156
Chapter 16
IS-IS Configuration
R2
192.168.10.0/24 192.168.12.0/24
R3
192.168.11.0/24
R4
192.168.16.0/24 192.168.14.1/24
192.168.15.0/24 192.168.100.1/24
Area 0
192.168.101.1/24
R1 192.168.102.1/24
R5
192.168.13.0/24 R6
Area 1
Area 2
Where, R1 belongs to area 1; R2, R3 and R4 belong to area 0; R5 and R6 belong to area 2. In R1, perform route convergence to network segment in area 1. In R6, redistribute the default route to IS-IS. The following illustrates the detailed configuration of each router in the figure. R1 configuration:
ZXR10_R1(config)#router isis ZXR10_R1(config-router)#area 01 ZXR10_R1(config-router)#system-id 00D0.D0C7.53E0 ZXR10_R1(config-router)#is-type LEVEL-1-2 ZXR10_R1(config-router)#exit ZXR10_R1(config)#interface vlan4 ZXR10_R1(config-if)#ip address 192.168.15.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config-if)#isis circuit-type LEVEL-2
157
ZXR10_R1(config-router)#exit ZXR10_R1(config)#interface vlan6 ZXR10_R1(config-if)#ip address 192.168.100.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config-if)#isis circuit-type LEVEL-1 ZXR10_R1(config-if)#exit ZXR10_R1(config)#interface vlan7 ZXR10_R1(config-if)#ip address 192.168.101.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config-if)#isis circuit-type LEVEL-1 ZXR10_R1(config-if)#exit ZXR10_R1(config)#interface vlan8 ZXR10_R1(config-if)#ip address 192.168.102.1 255.255.255.0 ZXR10_R1(config-if)#ip router isis ZXR10_R1(config-if)#isis circuit-type LEVEL-1 ZXR10_R1(config-if)#exit ZXR10_R1(config)#router isis ZXR10_R1(config-router)#summary-address 192.168.100.0 255.255.252.0 10
R2 configuration:
ZXR10_R2(config)#router isis ZXR10_R2(config-router)#area 00 ZXR10_R2(config-router)#system-id 00D0.E0D7.53E0 ZXR10_R2(config-router)#is-type LEVEL-2 ZXR10_R2(config-router)#exit ZXR10_R2(config)#interface vlan4 ZXR10_R2(config-if)#ip address 192.168.10.2 255.255.255.0 ZXR10_R2(config-if)#ip router isis ZXR10_R2(config-if)#isis circuit-type LEVEL-2 ZXR10_R2(config-router)#exit ZXR10_R2(config)#interface vlan6 ZXR10_R2(config-if)#ip address 192.168.12.2 255.255.255.0 ZXR10_R2(config-if)#ip router isis ZXR10_R2(config-if)#isis circuit-type LEVEL-2 ZXR10_R2(config-if)#exit
R3 configuration:
ZXR10_R3(config)#router isis ZXR10_R3(config-router)#area 00 ZXR10_R3(config-router)#system-id 00D0.E0C7.53E0 ZXR10_R3(config-router)#is-type LEVEL-2 ZXR10_R3(config-router)#exit ZXR10_R3(config)#interface vlan4 ZXR10_R3(config-if)#ip address 192.168.15.3 255.255.255.0
158
Chapter 16
IS-IS Configuration
ZXR10_R3(config-if)#ip router isis ZXR10_R3(config-if)#isis circuit-type LEVEL-2 ZXR10_R3(config-router)#exit ZXR10_R3(config)#interface vlan6 ZXR10_R3(config-if)#ip address 192.168.10.3 255.255.255.0 ZXR10_R3(config-if)#ip router isis ZXR10_R3(config-if)#isis circuit-type LEVEL-2 ZXR10_R3(config-if)#exit ZXR10_R3(config)#interface vlan7 ZXR10_R3(config-if)#ip address 192.168.11.3 255.255.255.0 ZXR10_R3(config-if)#ip router isis ZXR10_R3(config-if)#isis circuit-type LEVEL-2 ZXR10_R3(config-if)#exit
R4 configuration:
ZXR10_R4(config)#router isis ZXR10_R4(config-router)#area 00 ZXR10_R4(config-router)#system-id 00D0.E0E7.53E0 ZXR10_R4(config-router)#is-type LEVEL-2 ZXR10_R4(config-router)#exit ZXR10_R4(config)#interface vlan4 ZXR10_R4(config-if)#ip address 192.168.12.4 255.255.255.0 ZXR10_R4(config-if)#ip router isis ZXR10_R4(config-if)#isis circuit-type LEVEL-2 ZXR10_R4(config-router)#exit ZXR10_R4(config)#interface vlan6 ZXR10_R4(config-if)#ip address 192.168.11.4 255.255.255.0 ZXR10_R4(config-if)#ip router isis ZXR10_R4(config-if)#isis circuit-type LEVEL-2 ZXR10_R4(config-if)#exit ZXR10_R4(config)#interface vlan7 ZXR10_R4(config-if)#ip address 192.168.16.4 255.255.255.0 ZXR10_R4(config-if)#ip router isis ZXR10_R4(config-if)#isis circuit-type LEVEL-2 ZXR10_R4(config-if)#exit
R5 configuration:
ZXR10_R5(config)#router isis ZXR10_R5(config-router)#area 02 ZXR10_R5(config-router)#system-id 00D0.D0CF.53E0 ZXR10_R5(config-router)#is-type LEVEL-1-2 ZXR10_R5(config-router)#exit ZXR10_R5(config)#interface vlan4 ZXR10_R5(config-if)#ip address 192.168.16.5 255.255.255.0
159
ZXR10_R5(config-if)#ip router isis ZXR10_R5(config-if)#isis circuit-type LEVEL-2 ZXR10_R5(config-router)#exit ZXR10_R5(config)#interface vlan6 ZXR10_R5(config-if)#ip address 192.168.13.5 255.255.255.0 ZXR10_R5(config-if)#ip router isis ZXR10_R5(config-if)#isis circuit-type LEVEL-1 ZXR10_R5(config-if)#exit
R6 configuration:
ZXR10_R6(config)#router isis ZXR10_R6(config-router)#area 02 ZXR10_R6(config-router)#system-id 00D0.0ECD.53E0 ZXR10_R6(config-router)#is-type LEVEL-1 ZXR10_R6(config-router)#exit ZXR10_R6(config)#interface vlan4 ZXR10_R6(config-if)#ip address 192.168.13.6 255.255.255.0 ZXR10_R6(config-if)#ip router isis ZXR10_R6(config-if)#isis circuit-type LEVEL-1 ZXR10_R6(config-router)#exit ZXR10_R6(config)#interface vlan8 ZXR10_R6(config-if)#ip address 192.168.14.1 255.255.255.0 ZXR10_R6(config-if)#exit ZXR10_R6(config)#ip route 0.0.0.0 0.0.0.0 192.168.14.10 ZXR10_R6(config)#router isis ZXR10_R6(config-router)#default-information originate ZXR10_R6(config-router)#redistribute protocol static metric 10 ZXR10_R6(config-router)#end ZXR10_R6#
All modes
160
Chapter 16
IS-IS Configuration
Command format
Command Mode
Command function
All modes
All modes
All modes
ZXR10 T160G/T64G provides some debug commands other than show commands mentioned above, for practical application. For example:
Command format Command Mode Command function
Privileged
Trace and show the hello message IS-IS received and transmitted Trace and show SNP message that IS-IS received and transmitted and related processing events Trace and show IS-IS routing calculation event debugging information Trace and show IS-IS LSP packet processing event debugging information
Privileged
Privileged
Privileged
161
162
Chapter
17
BGP Configuration
Border Gateway Protocol (BGP) is an inter-domain routing protocol. BGP-4 is widely used on the Internet to communicate network information about available paths and networks. In this chapter, you will learn about: BGP Overview Configuring BGP Example of Configuring BGP BGP Maintenance and Diagnosis
BGP Overview
BGP is an inter-domain routing protocol between AS. The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This network reachability information includes information on the list of Autonomous Systems (AS) that reachability information traverses. This information is sufficient to construct a graph of AS connectivity from which routing loops may be pruned and some policy decisions at the AS level may be enforced. BGP-4 is defined in RFC1771. It supports the implementation of CIDR, supernet and subnet and the route aggregation and filtering. BGP-4 is widely used on the Internet. Sessions established by BGP routers in different ASs are called EBGP sessions. Sessions established by the internal BGP routers in the same AS are called IBGP sessions. The administration area that allows independent routing policies is called Autonomous System (AS). A primary feature of AS is that an AS has a unified internal route differing from other ASs, and presents the same topology to the reachable destinations through which it passes. The indicator of an AS is a 16-bit value ranging from 1~65535, in which 1~32767 are allocatable, 32768~64511 are reserved temporarily, and 64512~65534 are used for private ASs (similar to the private IP addresses).
163
BGP runs over reliable transmission protocols with TCP as its lower layer protocol on port 179. A TCP connection should be established first between the routers running BGP. All the routing table information is exchanged via message authentication. When the routing table is changed later, route update information will be sent to all the BGP neighbors, by which the routing information will be extended until the routing information is available in the entire network. The destination network related BGP update information sent by the router to its peers include the BGP metric related information, which is called path attribute. Path attribute is classified into four categories: 1. Well-known mandatory: These attributes should be included in the router description. AS-path Next-hop Origin 2. Well-known discretionary: These attributes are not necessary in the router description. Local preference Atomic aggregate 3. Optional transitive: These attributes are not required to be supported by all the BGP implementations. If supported, they will be transmitted to BGP neighbors. Those not supported by the local router should be transmitted continuously to other BGP routers. Aggregator Community 4. Optional non-transitive: This attribute indicates it should be deleted from the routers that do not support it. Multi-exit-discriminator (MED) In addition to these attributes, weight attribute (Cisco defined) is also a common attribute.
Configuring BGP
Basic BGP Configuration
d To enable the BGP protocol on a router, follow the three steps:
1. Enable BGP process
Command format router bgp <as-number> Command mode Global Command function Enables BGP routing process
164
Chapter 17
BGP Configuration
Figure 54 shows an example of BGP configuration, where R1 resides in AS 100 and R2 resides in AS 200.
182.16.0.0/16 10.1.1.1/30
182.17.0.0/16
R1 AS100
10.1.1.2/30
R2 AS200
Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 10.1.1.1 remote-as 200 ZXR10_R1(config-router)#network 182.16.0.0 255.255.0.0
Configuration of R2
ZXR10_R2(config)#router bgp 200 ZXR10_R2(config-router)#neighbor 10.1.1.2 remote-as 100 ZXR10_R3(config-router)#network 182.17.0.0 255.255.0.0
In the configurations above, R1 and R2 define the other party as a BGP neighbor each other. Since R1 and R2 reside in different ASs, an EBGP session will be established. R1 will advertise network 182.16.0.0/16. R2 will advertise network 182.17.0.0/16.
165
be learnt via direct connections, static routes and dynamic routes. The use of the network command in BGP is different from the use in IGP. 2. Use the redistribute command to re-distribute the routes learnt by other routing protocols to BGP.
Command format redistribute <protocol> [metric [route-map <metric-value>] <map-tag>] Command mode Command function Re-distributes the routes obtained by other routing protocols into the BGP routing table
Routing BGP
The redistribute command can be used to re-distribute the routes learnt by the IGP protocols (RIP, OSPF, IS-IS) into BGP. When using the redistribute command, make sure to prevent the routes learnt by IGP from BGP from being re-distributed into BGP. Use the filtering command to prevent the loop from occurring if necessary. 3. Distribute static routes into BGP The route source of the static routes re-distributed into BGP is shown as incomplete in the routing table. The following example advertises routes in BGP via route re-distribution. See Figure 55 for the network topology.
R4
1.1.1.1/24
AS100 R1
129.213.198.0/24
R2
175.220.0.0/24
R3 AS200
Configuration of R3
ZXR10_R3(config)#router ospf 1 ZXR10_R3(config-router)#network 175.220.0.0 0.0.0.255 area 0 ZXR10_R3(config)#router bgp 200 ZXR10_R3(config-router)#neighbor 1.1.1.1 remote-as 300 ZXR10_R3(config-router)#redistribute ospf
166
Chapter 17
BGP Configuration
The following is an example of route aggregation. R1 and R2 advertise route 170.20.0.0/16 and 170.10.0.0/16 respectively, as shown in Figure 56. R3 aggregates the two pieces of routing information into 170.0.0.0/8 and advertises it to R4. After configuring aggregation, the R4 routing table can only learn the aggregated route 170.0.0.0/8.
AS100
170.20.0.0/16 2.2.2.0/24
AS300
AS200
170.10.0.0/16 3.3.3.0/24
R1
R3
4.4.4.0/24
R2
R4 AS400
Configuration of R1
ZXR10_R1(config)#interface vlan1 ZXR10_R1(config-if)#ip address 2.2.2.2 255.0.0.0 ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#network 170.20.0.0 255.255.0.0 ZXR10_R1(config-router)#neighbor 2.2.2.1 remote-as 300
Configuration of R2
ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 3.3.3.3 255.0.0.0 ZXR10_R2(config)#router bgp 200 ZXR10_R2(config-router)#network 170.10.0.0 255.255.0.0 ZXR10_R2(config-router)#neighbor 3.3.3.1 remote-as 300
Configuration of R3
ZXR10_R3(config)#interface vlan1
167
ZXR10_R3(config-if)#ip address 2.2.2.1 255.0.0.0 ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 3.3.3.1 255.0.0.0 ZXR10_R3(config)#interface vlan3 ZXR10_R3(config-if)#ip address 4.4.4.1 255.0.0.0 ZXR10_R3(config)#router bgp 300 ZXR10_R3(config-router)#neighbor 2.2.2.2 remote-as 100 ZXR10_R3(config-router)#neighbor 3.3.3.3 remote-as 200 ZXR10_R3(config-router)#neighbor 4.4.4.4 remote-as 400 ZXR10_R3(config-router)#aggregate-address 170.0.0.0 255.0.0.0 summary-only
R3 has learnt routes 170.20.0.0 and 170.10.0.0, but it advertises aggregate route 170.0.0.0/8 only. Note the summary-only parameter in the aggregate advertisement commands. If the parameter is not included, R3 will advertise the specific routes in addition to the aggregate route. Configuration of R4
ZXR10_R4(config)#interface vlan1 ZXR10_R4(config-if)#ip address 4.4.4.4 255.0.0.0 ZXR10_R4(config)#router bgp 400 ZXR10_R4(config-router)#neighbor 4.4.4.1 remote-as 300
R1 needs to establish the neighbor relation with the interface with the IP address 180.225.11.1 on R2, to which it is not connected directly, as shown in Figure 57. To do this, use the multihop command.
AS100
129.213.1.3/24
AS300
R1
129.213.1.2/24
R2
180.225.11.1/24
168
Chapter 17
BGP Configuration
Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 180.225.11.1 remote-as 300 ZXR10_R1(config-router)#neighbor 180.225.11.1 ebgp-multihop
Configuration of R2
ZXR10_R2(config)#router bgp 300 ZXR10_R2(config-router)#neighbor 129.213.1.2 remote-as 100
The above example defines route map MAP1, which allows network 172.3.0.0 to be advertised to autonomous system 200 and sets the MED value to 5. When filtering routes using a route map, match and set commands are both usually used. The match command defines matching
169
criteria. The set command defines actions to be executed when the match conditions are satisfied.
AS100 R1
182.17.1.2/30 182.17.1.1/30 182.17.20.2/30
R2
AS200
182.17.20.1/30
AS300
192.18.10.0/24
R3
R4
To prevent AS100 from being a transit AS, network 192.18.10.0/24 coming from AS300 is advertised to AS200. R1 is configured with the filtering function as follow:
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#no synchronization ZXR10_R1(config-router)#neighbor 182.17.1.2 remote-as 100 ZXR10_R1(config-router)#neighbor 182.17.20.1 remote-as 200 ZXR10_R1(config-router)#neighbor 182.17.20.1 route-map MAP1 out ZXR10_R1(config)#route-map MAP1 permit 10 ZXR10_R1(config-route-map)#match ip address 1 ZXR10_R1(config)#acl basic number 1 ZXR10_R1(config-basic-acl)#rule 1 deny 192.18.10.0 0.0.0.255 ZXR10_R1(config-basic-acl)#rule 2 permit any
In this example, the route-map command and access control list (ACL) is used to prevent R1 from spreading prefix 192.18.10.0/24 to AS200.
170
Chapter 17
BGP Configuration
An ACL can be specified for the input and output update based on the AS path attribute values.
Command format ip as-path access-list <acl-number> {permit|deny} <as-regular-expression> Command mode Global Command function Defines a BGP access list
In the case as shown in Figure 58, routes can also be filtered based on AS path, which prevents R1 from advertising network 192.18.10.0/24 (coming from AS300) to AS200. Configuration
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#no synchronization ZXR10_R1(config-router)#neighbor 182.17.1.2 remote-as 100 ZXR10_R1(config-router)#neighbor 182.17.20.1 remote-as 200 ZXR10_R1(config-router)#neighbor 182.17.20.1 route-map MAP1 out ZXR10_R1(config)#route-map MAP1 permit 10 ZXR10_R1(config-route-map)#match as-path 1 ZXR10_R1(config)#ip as-path access-list 1 permit ^$
In the above configuration, the AS ACL allows R1 to advertise the networks initiated from AS100 only to AS200, thus filtering network 192.18.10.0/24.
LOCAL_PREF Attribute
The local preference attribute is used to determine the route selection between IBGP peers within an AS. When the two IBGP routers in an AS have learnt a route with the same destination from the outside, the local preference attribute will be compared. The route with the higher value is preferred. The default value of local preference is 100.
Command format bgp default <value> local-preference Command mode Command function Configures the local preference value of the router that BGP advertises to the outside
Routing BGP
In the case as shown in Figure 59, R3 and R4 has learnt route 170.10.0.0 at the same time. Since the local preference value set for R4 is greater than that for R3, the R4 egress is preferred for the route to the destination within AS256.
171
AS100
AS300
R1
1.1.1.1/30
R2
3.3.3.2/30
AS256 R5
1.1.1.2/30 128.213.11.1/30 128.213.11.2/30 3.3.3.1/30
AS34
R3 LOC=150
IBGP
R4 LOC=200
R6
The LOCAL_PREF attribute can be configured in two methods. Use the bgp default local-preference command Configuration of R3
ZXR10_R3(config)#router bgp 256 ZXR10_R3(config-router)#neighbor 1.1.1.1 remote-as 100 ZXR10_R3(config-router)#neighbor 128.213.11.2 remote-as 256 ZXR10_R3(config-router)#bgp default local-preference 150
Configuration of R4
ZXR10_R4(config)#router bgp 256 ZXR10_R4(config-router)#neighbor 3.3.3.2 remote-as 300 ZXR10_R4(config-router)#neighbor 128.213.11.1 remote-as 256 ZXR10_R4(config-router)#bgp default local-preference 200
172
Chapter 17
BGP Configuration
MED Attribute
The metric attribute is also called Multi Exit Discrimination (MED), which is used for the interaction among ASs for route selection. By default, the router only compares the metric values of the BGP neighbors in the same AS. To compare the values of the neighbors in different ASs, use the bgp always-compare-med command for a mandatory comparison.
Command format bgp always-compare-med Command mode Routing BGP Command function Allows the comparison of the MEDs for paths from neighbors in different ASs
The default value of medic is 0. The path with a lower metric is preferred over a path with a higher metric. The metric value is not transferred to third-party ASs. That is, when an update with a metric value is received and it should be transmitted to a third-party AS, the default metric value will be transmitted. R1 receives the update of 180.10.0.0 from R2, R3 and R4 at the same time, as shown in Figure 60. By default, only the metric values of neighbor R3 and R4 in the same AS are compared. The metric value of R3 is lower than that of R4, so R1 takes the update from R3.
170.10.0.0/24 R1
AS100
4.4.4.2/30 3.3.3.1/30 4.4.4.1/30
AS400
2.2.2.2/30
med 50
R2
180.10.0.0/24
med 200
3.3.3.2/30
R3
1.1.1.2/30
R4
In the following example, the route-map command is used to set the MED value. Configuration of R1
173
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 2.2.2.1 remote-as 300 ZXR10_R1(config-router)#neighbor 3.3.3.2 remote-as 300 ZXR10_R1(config-router)#neighbor 4.4.4.1 remote-as 400 ....
Configuration of R3
ZXR10_R3(config)#router bgp 300 ZXR10_R3(config-router)#neighbor 2.2.2.2 remote-as 100 ZXR10_R3(config-router)#neighbor 2.2.2.2 route-map setmetricout out ZXR10_R3(config-router)#neighbor 1.1.1.2 remote-as 300 ZXR10_R3(config)#route-map setmetricout permit 10 ZXR10_R3(config-route-map)#set metric 120
Configuration of R4
ZXR10_R4(config)#router bgp 300 ZXR10_R4(config-router)#neighbor 3.3.3.1 remote-as 100 ZXR10_R4(config-router)#neighbor 3.3.3.1 route-map setmetricout out ZXR10_R4(config-router)#neighbor 1.1.1.1 remote-as 300 ZXR10_R4(config)#route-map setmetricout permit 10 ZXR10_R4(config-route-map)#set metric 200
Configuration of R2
ZXR10_R2(config)#router bgp 400 ZXR10_R2(config-router)#neighbor 4.4.4.2 remote-as 100 ZXR10_R2(config-router)#neighbor 4.4.4.2 route-map setmetricout out ZXR10_R2(config)#route-map setmetricout permit 10 ZXR10_R2(config-route-map)#set metric 50
In the following example, the bgp always-compare-med command is used to allow a mandatory comparison of R1 metric value and R2 metric value. The metric value of R2 is lower than that of R3, so R1 will select R2 instead of R3 for the update of 180.10.0.0. Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 2.2.2.1 remote-as 300 ZXR10_R1(config-router)#neighbor 3.3.3.2 remote-as 300 ZXR10_R1(config-router)#neighbor 4.4.4.1 remote-as 400 ZXR10_R1(config-router)#bgp always-compare-med
174
Chapter 17
BGP Configuration
In the following example, R1 notifies its neighbors that 192.166.1.0/24 should not be advertised to other EBGP neighbors. Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 3.3.3.3 remote-as 300 ZXR10_R1(config-router)#neighbor 3.3.3.3 send-community
route
ZXR10_R1(config-router)#neighbor 3.3.3.3 route-map setcommunity out ZXR10_R1(config)#route-map setcommunity permit 10 ZXR10_R1(config-route-map)#match ip address 1 ZXR10_R1(config-route-map)#set community no-export ZXR10_R1(config)#route-map setcommunity permit 20 ZXR10_R1(config)#acl basic number 1 ZXR10_R1(config-basic-acl)#rule 1 permit 192.166.1.0 0.0.0.255
BGP Synchronization
In AS100 as shown in Figure 61, R1 and R2 runs IBGP. R5 does not run BGP.
175
AS100 R5 R1
3.3.3.1/30 150.10.0.0/24
R2
2.2.2.2/30
1.1.1.1/30
170.10.0.0/24
170.10.0.0/24
AS300
2.2.2.1/30
AS400
1.1.1.2/30
170.10.0.0/24 R3
R4
R2 has learnt route 170.10.0.0 via IBGP. The next hop is 2.2.2.1. It can be known from the diagram that the next hop for R2 to reach 170.10.0.0 is R5, but R5 hasnt got route 170.10.0.0 and will discard the packet. If R2 tells R4 that it has route 170.10.0.0, it will also be discarded in R5. To allow the packet with the destination address 170.10.0.0 to reach R3 successfully through R5, the route to 170.10.0.0 should be available in R5. Therefore, routes should be redistributed so that R5 can learn this route via IGP. Before advertising the BGP routes to EBGP neighbors, it should be waited until R2 has learnt this route (via R5) via IGP, which is called route synchronization.
Command format synchronization Command mode Routing BGP Command function Enables the synchronization between BGP and IGP
The synchronization function of ZXR10 T160G/T64G is enabled by default. To transit AS, the routes learnt from other ASs should be advertised to the third-party ASs. If non-BGP router exists in AS then Route synchronization is required. In this case, R2 uses route synchronization. In the case that BGP routes have no need to be advertised to third-party ASs or all the routers within the AS run BGP, route synchronization is not required. The following configuration disables route synchronization on R2.
ZXR10_R2(config)#router bgp 100 ZXR10_R2(config-router)#network 150.10.0.0 ZXR10_R2(config-router)#neighbor 1.1.1.2 remote-as 400 ZXR10_R2(config-router)#neighbor 3.3.3.1 remote-as 100 ZXR10_R2(config-router)#no synchronization
176
Chapter 17
BGP Configuration
There are two route reflectors within AS100, i.e. R3 and R4, as shown in Figure 62. The clients of R4 are R5 and R6. The clients of R3 are R1 and R2.
Lo: 8.8.8.8
R8
AS200
AS100 R7
Lo: 3.3.3.3
Lo: 7.7.7.7
Lo: 4.4.4.4
R3
Lo: 1.1.1.1 Lo: 2.2.2.2 Lo: 5.5.5.5
R4
Lo: 6.6.6.6
R1
R2
R5
R6
Lo: 9.9.9.9
R9
AS300
Configuration of R3
ZXR10_R3(config)#router bgp 100 ZXR10_R3(config-router)#neighbor 2.2.2.2 remote-as 100
177
ZXR10_R3(config-router)#neighbor 2.2.2.2 route-reflector-client ZXR10_R3(config-router)#neighbor 1.1.1.1 remote-as 100 ZXR10_R3(config-router)#neighbor 1.1.1.1 route-reflector-client ZXR10_R3(config-router)#neighbor 7.7.7.7 remote-as 100 ZXR10_R3(config-router)#neighbor 4.4.4.4 remote-as 100
Configuration of R2
ZXR10_R2(config)#router bgp 100 ZXR10_R2(config-router)#neighbor 3.3.3.3 remote-as 100
When a route is received by the RR, it will be reflected depending on the type of peer. A route from a Non-Client peer will be reflected to all the Client peers A route from a Client peer will be reflected to all the Non-Client peers and Client peers. A route from an EBGP peer will be reflected to all the Non-Client peers and Client peers. If there are multiple RRs within an AS, these RRs can be grouped into a cluster. An AS can include multiple clusters. A cluster includes more than one RR at least.
BGP Confederation
Route confederation has the similar function as the route reflector, which is to reduce the number of IBGP neighbor connections established within an AS. Route confederation allows an AS to be divided into multiple sub-ASs. The IBGP routers within the AS belong to the sub-ASs respectively. IBGP is established within the sub-ASs. EBGP is established between the sub-ASs. The sub-AS ID is called confederation ID. The sub-ASs are invisible to the outside world of the AS.
Command format bgp confederation identifier <value> bgp confederation peers <value> [<value>] Command mode Routing BGP Routing BGP Command function Set a confederation ID Sets the AS ID of a confederation peer
The following examples illustrate the applications of route confederation. There are 5 BGP routers in AS200, as shown in Figure 63. It is divided into two sub-ASs. One is defined as AS65010, which includes R3, R5 and R6, and the other is defined as AS65020, which includes R4 and R7.
178
Chapter 17
BGP Configuration
R2
Lo: 210.61.30.1
2.2.2.1/30 210.61.19.1/30
210.61.19.2/30
AS65010
Lo: 210.61.10.1
R3
Lo: 210.61.20.1
R4 AS65020
Lo: 210.61.40.1
R5
R6
R7 AS200
Configuration of R3
ZXR10_R3(config)#router bgp 65010 ZXR10_R3(config-router)#bgp confederation identifier 200 ZXR10_R3(config-router)#bgp confederation peers 65020 ZXR10_R3(config-router)#neighbor 210.61.10.1 remote-as 65010 ZXR10_R3(config-router)#neighbor 210.61.20.1 remote-as 65010 ZXR10_R3(config-router)#neighbor 210.61.19.2 remote-as 65020 ZXR10_R3(config-router)#neighbor 2.2.2.2 remote-as 100
Configuration of R5
ZXR10_R5(config)#router bgp 65010 ZXR10_R5(config-router)#bgp confederation identifier 200 ZXR10_R5(config-router)#neighbor 210.61.30.1 remote-as 65010 ZXR10_R5(config-router)#neighbor 210.61.20.1 remote-as 65010
When establishing the neighbor relation, the EBGP neighbor relation is established between R3 and the confederation peers. The IBGP neighbor relation is established with the confederation, and the EBGP neighbor relation is also established with AS100. The confederation is non-existent to AS100, so AS100 still establishes the neighbor relation with R3 as AS200. Configuration of R1
ZXR10_R1(config)#router bgp 100 ZXR10_R1(config-router)#neighbor 2.2.2.1 remote-as 200
179
Half-life-time: 1~45 min, 15 min by default Reuse-value: 1~20000, 750 by default Suppress-value: 1~20000, 2000 by default Max-suppress-time: 1~255, 4 times of half-life-time by default To enable dampening on the router:
ZXR10(config)#router bgp 100 ZXR10(config-router)#bgp dampening ZXR10(config-router)#network 203.250.15.0 255.255.255.0 ZXR10(config-router)#neighbor 192.208.10.5 remote-as 300
180
Chapter 17
BGP Configuration
AS1
155.16.10.0/24
Static route:
172.16.1.2/16 172.16.20.2/16 R1 172.16.1.1/16 173.16.20.2/16 192.16.20.0/24 192.16.21.0/24 192.16.22.0/24 170.16.10.0/24
R2
172.16.20.1/16
R4 AS2
R3
183.16.20.2/16
R5 AS3
Configuration of R4
ZXR10_R4(config)#route bgp 2 ZXR10_R4(config-router)#redistribute static ZXR10_R4(config-router)#neighbor 172.16.20.2 remote-as 1 ZXR10_R4(config-router)#aggregate-address 192.16.0.0 255.255.0.0 count 0 as-set summary-only ZXR10_R4(config-router)#neighbor 172.16.20.2 route-map torouter1 out ZXR10_R4(config)#acl basic number 1 ZXR10_R4(config-basic-acl)#rule 1 permit 172.16.10.0 0.0.0.255 ZXR10_R4(config)#route-map torouter1 deny 10 ZXR10_R4(config-route-map)#match ip address 1 ZXR10_R4(config)#route-map torouter1 permit 20
Configuration of R1
ZXR10_R1(config)#route bgp 1 ZXR10_R1(config-router)#no synchronization ZXR10_R1(config-router)#neighbor 172.16.1.2 remote-as 1 ZXR10_R1(config-router)#neighbor 172.16.1.2 next-hop-self ZXR10_R1(config-router)#neighbor 172.16.20.1 remote-as 2
Configuration of R2
ZXR10_R2(config)#ip route 183.16.0.0 255.255.0.0 vlan4 ZXR10_R2(config)#route bgp 1 ZXR10_R2(config-router)#neighbor 172.16.1.1 remote-as 1 ZXR10_R2(config-router)#neighbor 172.16.1.1 next-hop-self ZXR10_R2(config-router)#neighbor 183.16.20.2 remote-as 3 ZXR10_R2(config-router)#neighbor 183.16.20.2 ebgp-multihop 2 ZXR10_R2(config-router)#neighbor 183.16.20.2 route-map torouter5 in ZXR10_R2(config)#acl basic number 1 ZXR10_R2(config-basic-acl)#rule 1 permit 155.16.10.0 0.0.0.255
181
Configuration of R5
ZXR10_R5(config)#ip route 173.16.0.0 255.255.0.0 gei_1/1 ZXR10_R5(config)#route bgp 3 ZXR10_R5(config-router)#neighbor 173.16.20.2 remote-as 1 ZXR10_R5(config-router)#neighbor 173.16.20.2 ebgp-multihop 2
View the BGP neighbor relation and show the current neighbor statuses
Command format show ip bgp neighbor [in|out] <ip-address> Command mode All modes Command function Shows related information of BGP neighbors
Besides the show command, the debug command can be used to observe the BGP neighbor relation establishment and route update process.
Command format debug ip bgp in Command mode Privileged Command function Tracks and shows the notification messages sent by BGP and lists error codes and sub-error codes
182
Chapter 17
BGP Configuration
Privileged
Tracks and shows the notification messages sent by BGP and lists error codes and sub-error codes Tracks and shows the BGP connecting statuses and migration
Privileged
Use the debug ip bgp events command to track the process of BGP status migration.
ZXR10#debug ip bgp events BGP events debugging is on ZXR10# 04:10:07: BGP: 192.168.1.2 reset due to Erroneous BGP Open received 04:10:07: BGP: 192.168.1.2 went from Connect to Idle 04:10:08: BGP: 192.168.1.2 went from Idle to Connect 04:10:13: BGP: 192.168.1.2 went from Connect to OpenSent 04:10:13: BGP: 192.168.1.2 went from OpenSent to OpenConfirm 04:10:13: BGP: 192.168.1.2 went from OpenConfirm to Established ZXR10#
183
184
Chapter
18
Multicast Overview
Multicasting is a point-to-point or multipoint-to-multipoint communication, that is, multiple receivers receive the same information from one source at the same time. Applications on the basis of multicasting include videoconferencing, teleeducation and software distribution. Multicasting protocols include Internet Group Management Protocol (IGMP) and Multicast Route Protocols (MRP). IGMP is used to manage the participation and leaving of multicast group members. MRPs are used to exchange information and establish the multicast tree among routers. MRPs include Protocol Independent Multicast Sparse Mode (PIM-SM) and Multicast Source Discovery Protocol (MSDP). ZXR10 T160G/T64G supports the following protocols: Internet Group Management Protocol (IGMP) Protocol Independent Multicast Sparse Mode (PIM-SM) Multicast Source Discovery Protocol (MSDP)
185
Multicast Address
In a multicast network, the originator sends a packet to multiple receivers via multicasting. The originator is called multicast source. The multiple receivers of the same packet can be identified using a single ID, which is called multicast source address. In the IP address allocation scenario, addresses Class-D, i.e. 224.0.0.0~239.255.255.255, are multicast source addresses. 224.0.0.0~224.0.0.255 and 239.0.0.0~239.255.255.255 are used for research and management.
IGMP
IGMP allows the multicast router to learn about the information of multicast group members and runs between host and multicast router. A multicast router sends group member query messages to all the hosts periodically to learn about which group members exist in the connected networks. The hosts return group member report messages containing the information of the multicast groups to which they belong. When a host wants to be added in a new group, it sends a group member report message instead of waiting for a query. When the host begins to receive information as a group member, the multicast router will query the group periodically to learn about whether this member is still in the group. If members of the group still exist on an interface, the multicast router will continue to forward data from the group to the interface. When the host leaves the group, it will send a leave message to the multicast router. The multicast router will query immediately whether the group still contains active members or not. If yes, the multicast router continues to forward data; if no, it stops forwarding data. There are two versions, IGMP V1 and IGMP V2, in the practical applications. IGMP V2 has more enhanced features than IGMP V1. It uses 4 types of messages to accomplish the information interaction between the hosts and the router. Group member query V2 member report Leave report V1 member report Where, the V1 member report is used to be compatible with IGMP V1.
Multicast Tree
To enable multicast communication in the networks, the multicast source, receivers and the paths of multicast packets should be available. The most commonly used routing method is to establish tree routes, which provides the following two advantages: Packets are sent to different receivers along the tree branches in parallel.
186
Chapter 18
Packets are copied only on crotches, which minimizes the number of packets transmitted in the networks. A multicast tree is a set of a series of router incoming interfaces and outgoing interfaces. It determines a unique forwarding path between the subnet to which the multicast source belongs and all the subnets that contain the group members. There are two ways to construct a multicast tree: per-source multicast tree and shared multicast tree.
PIM-SM
PIM-SM transmits multicast packets using a shared tree. A shared tree has a central point, which is responsible for sending packets for all the sources in a multicast group. Each source sends packets to the central point along the shortest-path route and then takes the central point as the root node to distribute the packets to all the receivers in the group. The central point of a PIM-SM group is called Rendezvous Point (RP). A network can have multiple RPs, but a multicast group can only have one RP.
187
A router can learn about the positions of RPs in three ways. The first way is to configure static RP manually on each router that runs PIM-SM. The other two ways are dynamic, depending on the version of PIM-SM used in the network. PIM-SM V1 uses Auto-RP. PIM-SM V2 uses candidate-RP. PIM-SM V2 allows the manually configured routers that run PIM-SM to be used as candidate bootstrap routers (BSRs) and elects the candidate BSR with the highest priority as the formal BSR. BSR is responsible for collecting the candidate RP messages from all the multicast router, trying to find the candidate RPs existing in the multicast domain and advertising them to all the PIM routers in the PIM domain. Each PIM router selects the optimum RP for each group in the RP set according to the unified RP election rule. RP candidates are configured manually. Routers running PIM-SM attempt to find each other and maintain the neighbor relation by exchanging hello messages. On the multi-access network, a hello message also includes router priority information, which can be used to elect the designated router (DR). The multicast source or the first-hop router (DR directly connected to the source) encapsulates the packet into a Register message and sends it to the RP via a unicast route. When receiving the Register message, the RP decapsulates the packet and sends it along the shared tree downward to the receivers in this group. Each host acting as a receiver will join the multicast group via an IGMP member report message. The last-hot router (or DR on the multi-access network) sends the received Join message by level to the RP for registration. The media router checks if a route for this group is available after receiving the Join message. If yes, it adds the downstream requesting router into the shared tree as a branch. Otherwise, the Join message will proceed to the RP. If the RP or multicast router is directly connected to any receiver, it can be switched over from the shared tree to the per-source, shortest-path tree. When receiving a Register message from a new multicast source, the RP returns a Join message to the DR directly connected to the multicast source, thus establishing the tree with the shortest-path from the source to the RP. When a DR or a router with multicast members connected directly receives the first multicast packet from the multicast group, or when the received packets reach a threshold, it can be switched over from the shared tree to the per-source, shortest-path tree. Once the switchover occurs, the route will send a Prune message to the upstream neighbors, requesting to be separated from the shared tree.
MSDP
MSDP is a mechanism that allows the RPs in each PIM-SM domain to share information about active sources. Each RP knows the receivers within the local domain. When the RPs have learnt about the information about the active sources in the remote domains, they can transfer the information to the receivers in the local domain. Thus, multicast packets can be forwarded among domains.
188
Chapter 18
The MSDP speaker in a PIM-SM domain establishes the MSDP session relation with the MSDP neighbors in other domains via TCP connection. When the MSDP speaker has learnt about a new multicast source (through the PIM register mechanism) in the local domain, it will create a Source-Active message and send it to all the MSDP neighbors. Each receiving neighbor uses a neighbor RPF check to check the SA message. Only the SA message received on the correct interface is forwarded. Other SA messages will be discarded. If the MSDP neighbor receiving this SA message is the RP in the local domain, and the outgoing interface corresponding to the (*, G) entry for the multicast group G in the SA is non-null, which means there are receivers in this domain. The RP will then create a (S, G) status for the multicast source and add it to the shortest-path tree of the source. In addition, each MSDP neighbor will save the received SA messages in a cache, thus establishing a SA cache table. If the RP in a PIM-SM domain receives a message for joining a new multicast group G, the RP will search its own SA cache table to get all the active multicast sources immediately, thus generating the corresponding (S, G) Join message.
When the IP multicast routing function is enabled, the router will forward multicast packets. Delete IP multicast routing table
Command format clear ip mroute [group-address <group-address>] [source-address <source-address>] Command mode Command function Deletes IP multicast routing table
Privileged
If the command does not contain any option, all the multicast route entries will be deleted.
Configuring IGMP
The IGMP function of ZXR10 T160G/T64G is based on the PIM interface. The IGMP function will be enabled automatically on all the PIM-enabled interfaces.
189
Configure the range of groups from which IGMP is allowed to leave immediately After receiving an IGMP Leave message, or no report message is received after (last member query interval2+1) seconds, the group members will leave.
Command format ip igmp immediate-leave [group-list <acl-number>] Command mode VLAN interface Command function Configure the range of groups from which IGMP can leave immediately
190
Chapter 18
Configure static group members on an IGMP interface You can bind a static group address on an interface, suppose there always be group members on this interface.
Command format ip igmp <group-address> static-group Command mode VLAN interface Command function Configure members interface static on an group IGMP
Configure the max response time contained in the query message sent by IGMP
191
Command mode
Command function Configures the value of max response time contained in the query message sent by IGMP
VLAN interface
Configuring PIM-SM
The details of the PIM-SM configuration are described in the following sections.
192
Chapter 18
ZXR10(config-router)#static-rp 10.1.1.1
The default priority of a candidate BSR is 0. The candidate BSR with the highest priority will become the formal BSR. If multiple routers have the same BSR priority, the IP addresses will be compared. The candidate BSR with the largest address will become the formal BSR.
The default priority of a candidate RP is 192. The candidate RP with a smaller priority is preferred.
193
Command format
Command mode
Command function Configures the router to which receivers are connected directly to the switchover from shortest path tree back to the shared tree (RP tree)
Routing PIM-SM
When the command is configured on an interface, bootstrap data messages will not be able to pass through the border in any direction. This command allows a network to be divided into areas using different BSRs. However, other PIM messages can pass through the domain border.
Setting DR Priorities
A DR should be elected from a shared (or multi-access) network. The router with the highest priority will be elected. If the routers have the same priority, the one with the largest IP address will be selected. On the shared network connected to the multicast data source, only the DR can send Register messages to the RP. On the shared network connected to the receivers, only the DR can respond to the IGMP Join/Leave messages and send PIM Join/Prune messages to the upstream routers.
194
Chapter 18
The priority of a route is contained in a Hello message exchanged with neighbors. The default is 1.
Configuring MSDP
The details of the MSDP configuration are described in the following sections.
195
When the default MSDP peer is configured, the local router will accept the SA messages from the peers RP under the control of the list. If no list parameter is configured, all the SA messages from this peer will be accepted. When multiple default peers are configured on a route, if one of them requires a list parameter, all the peers should be configured with list parameters. Configure an originating RP This configuration is used to generate the MSDP speaker of SA messages and use the address of the specified interface as the RP address in a SA.
Command format ip msdp <interface-name> originator-id Command mode Global Command function Uses the address of the specified interface as the RP address in a SA
Configure the MSDP peer as a mesh group member A "mesh group" appears to be a group of MSDP speakers which have fully meshed connectivity.
Command format ip msdp mesh-group <peer-address> <mesh-name> Command mode Global Command function Configures the MSDP peer as a mesh group member
Clear the TCP connection established with the MSDP peer This command shuts down the TCP connection to the MSDP peer and reset all the statistics of the MSDP peer.
Command format clear ip msdp [<peer-address>] peer Command mode Privileged Command function Clear the TCP connection(s) established with one or all of the MSDP peers
196
Chapter 18
Clear the statistical counter for the MSDP peer This configuration clears the statistical counter for the MSDP peer but does not reset the MSDP sessions.
Command format clear ip msdp [<peer-address>] statistics Command mode Privileged Command function Clear the statistical counter for the MSDP peer
R3
10.10.30.1/24 Lo:10.1.1.1/32 10.10.10.1/24 R1 10.10.20.1/24 10.10.20.2/24 10.10.40.1/24 Lo:10.1.1.2/32
R2 10.10.50.1/24
10.10.10.2/24
10.10.50.2/24
Multicast Source
Receiver
Configuration of R1
ZXR10_R1(config)#interface loopback1 ZXR10_R1(config-if)#ip address 10.1.1.1 255.255.255.255 ZXR10_R1(config)#ip multicast-routing ZXR10_R1(config)#router pimsm ZXR10_R1(config-router)#rp-candidate loopback1 priority 10 ZXR10_R1(config-router)#bsr-candidate loopback1 10 10 ZXR10_R1(config)#interface vlan1
197
ZXR10_R1(config-if)#ip address 10.10.10.1 255.255.255.0 ZXR10_R1(config-if)#ip pim sm ZXR10_R1(config)#interface vlan2 ZXR10_R1(config-if)#ip address 10.10.20.1 255.255.255.0 ZXR10_R1(config-if)#ip pim sm ZXR10_R1(config)#interface vlan3 ZXR10_R1(config-if)#ip address 10.10.30.1 255.255.255.0 ZXR10_R1(config-if)#ip pim sm ZXR10_R1(config)#router ospf 1 ZXR10_R1(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
Configuration of R2
ZXR10_R2(config)#interface loopback1 ZXR10_R2(config-if)#ip address 10.1.1.2 255.255.255.255 ZXR10_R2(config)#ip multicast-routing ZXR10_R2(config)#router pimsm ZXR10_R2(config-router)#rp-candidate loopback1 priority 20 ZXR10_R2(config-router)#bsr-candidate loopback1 10 20 ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 10.10.20.2 255.255.255.0 ZXR10_R2(config-if)#ip pim sm ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 10.10.40.1 255.255.255.0 ZXR10_R2(config-if)#ip pim sm ZXR10_R2(config)#interface vlan3 ZXR10_R2(config-if)#ip address 10.10.50.1 255.255.255.0 ZXR10_R2(config-if)#ip igmp access-group 10 ZXR10_R2(config)#router ospf 1 ZXR10_R2(config-router)#network 10.0.0.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config)#access-list 10 permit any
Configuration of R3
ZXR10_R3(config)#interface loopback1 ZXR10_R3(config-if)#ip address 10.1.1.3 255.255.255.255 ZXR10_R3(config)#ip multicast-routing ZXR10_R3(config)#router pimsm ZXR10_R3(config-router)#rp-candidate loopback1 priority 30 ZXR10_R3(config-router)#bsr-candidate loopback1 10 30 ZXR10_R3(config)#interface vlan1 ZXR10_R3(config-if)#ip address 10.10.30.2 255.255.255.0 ZXR10_R3(config-if)#ip pim sm ZXR10_R3(config)#interface vlan2 ZXR10_R3(config-if)#ip address 10.10.40.2 255.255.255.0 ZXR10_R3(config-if)#ip pim sm
198
Chapter 18
Note the sequence of configuration. The ip multicast-routing should be configured prior to router pimsm. Next, enable ip pim sm on the interface. The configuration will not be successful if the sequence is not followed. To allow multicast data to be sent from the source to the receivers when using the ZXR10 T160G, the rpf incoming interface should be configured for all the routers on the entire path from the source to the receivers (command: ip pimsm source A.B.C.D group A.B.C.D receive-port <interface>). In a ring network, if the next-hop of the unicast route changes due to a link status change, the rpf incoming interface should be re-configured.
(*, 229.3.3.16), 00:00:01/00:03:34, RP 5.5.5.6 , 0/0, flags: SP Incoming interface: vlan5, RPF nbr 5.5.5.6 Outgoing interface list: NULL (100.1.1.100, 229.3.3.16), 00:00:01/00:03:34 , 0/0, flags: UN
199
Incoming interface: vlan4, RPF nbr 4.4.4.5 Outgoing interface list: vlan6, Forward/Sparse, 00:00:01/00:03:29
Display the multicast forwarding route entries If the command does not contain any source address option, it displays the (*, G) and (S, G) multicast forwarding entries. If it contains a source address option, it displays the (S, G) multicast forwarding entries.
Command format show ip mforwarding module {summary|group-address <group-address> [source-address <source-address>]} Command mode Command function
<module-number>
All modes
IP Forwarding Multicast Routing Table Flags: N -No Used,U -Up Send,L -Limit upSend,A - Assert send
(*, 229.3.3.16), Flags:, HitFlag:0, Incoming interface: Null, LastSrcIp: 0.0.0.0 Outgoing vlan interface list: NULL
L2bitmap:0x0000000000000000 L3bitmap:0x0000000000000000
(100.1.1.100, 229.3.3.16), Flags:, HitFlag:0, Incoming interface: vlan4 19/3, LastSrcIp: 0.0.0.0 Outgoing vlan interface list: NULL
L2bitmap:0x4000000000000008 L3bitmap:0x0000000000000000
IGMP
Use the following command to display the IGMP related information. View the IGMP configurations on an interface Displayed information includes the current IGMP version, querier ID, query time interval and max response time.
200
Chapter 18
PIM-SM
Use the following command to display the PIM-SM related information. Display the BSR information
Command format show ip pim bsr Command mode All modes Command function Displays the BSR information
201
Expires:00:00:49 This system is a candidate BSR candidate BSR address: 6.6.6.6, priority: 0, hash mask length: 30 This System is Candidate_RP: candidate RP address: 6.6.6.6(vlan6),priority:192
RP 6.6.6.6 <?>, :v2, Priority :192 BSR: 6.6.6.6 <?>, via bootstrap Uptime: 00:00:14, expires: 00:02:16
202
Chapter 18
0.0.0.0
vlan100
Down 0
30
0.0.0.0
MSDP
Use the following command to display the MSDP related information. Display the statistics of SA messages Display the number of SA messages from every MSDP peer in the SA cache
Command format show ip msdp count Command mode All modes Command function Displays the statistics of SA messages
Total entries: 32
203
Description: Connection status: State: Down, Resets: 0, Connection source: vlan4 (4.4.4.4) Uptime(Downtime): 00:00:04, Messages sent/received: 0/0 Connection and counters cleared 00:00:04 ago SA Filtering: Input (S,G) filter: none Output (S,G) filter: none Peer ttl threshold: 0 SAs learned from this peer: 0
204
Chapter
19
ACL Configuration
This chapter describes access control list (ACL). ACL is applied to port or policy for filtering and control of data flow. This chapter includes: ACL Overview Configuring ACL Examples of Configuring ACL ACL Maintenance and Diagnosis
ACL Overview
To filter data, a network device should be configured with a series of matching rules to identify the objects to be filtered. After identifying the specific objects, corresponding packets will be allowed or denied according to the preset policy. ACL is used to implement these functions. Generally, ACL is used to implement data message filtering, policy routing and special flow control. An ACL may contain one or more rules defined for special types of packets. These rules tell the switch to allow or deny the access of packets that match the criteria specified in the rules. Packet matching rules defined in ACL can also used in the cases where flow should be identified, for example, defining flow classification rules in QoS. ZXR10 T160G/T64G provides four types of ACLs: Basic ACL: Only source IP addresses are matched against the ACL. Extended ACL: Source/destination IP address, IP protocol type, TCP source/destination port number, UDP source/destination port number, ICMP type, ICMP code, DiffServ Code Point (DSCP), ToS and precedence are matched against the ACL. Layer 2 ACL: Source/destination MAC address, source VLAN ID, Layer 2 Ethernet protocol type and 802.1p priority value are matched against the ACL.
205
Mixed ACL: Source/destination MAC address, source VLAN ID, source/destination IP address, TCP source/destination port number, UDP source/destination port number are matched against the ACL. Each ACL has an ACL code for identification, which is a digit. The code ranges of different types of ACLs are as follows: Basic ACL: 1~99 Extended ACL: 100~199 Layer 2 ACL: 200~299 Mixed ACL: 300~349 Each ACL supports up to 100 rules with the codes ranging from 1 to 100.
Configuring ACLs
d To configure ACL, follow the three steps in order:
Configure a time range Define an ACL Apply the ACL to physical ports
Global
Defining ACLs
To configure an ACL, enter the ACL configuration mode first, and then define the ACL rules. Note the following issues when you define ACL rules:
206
Chapter 19
ACL Configuration
If a packet meets multiple rules, the first rule will be matched. So the rule sequence is very important. Generally, rules in a small range are put in the front and rules in a large range are put in the back. Considering the network security, the system will add an implicit deny rule to the end of each ACL automatically for denying all the packets. A permit rule for allowing all the packets should be defined at the end of each ACL.
Basic ACL
Defines rules
Example: Define a basic ACL to allow the access of messages from network 192.168.1.0/24 but deny the messages from source IP address 192.168.1.100.
ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 deny 192.168.1.100 0.0.0.0 ZXR10(config-basic-acl)#rule 2 permit 192.168.1.0 0.0.0.255
<acl-number>|name <acl-name>}
207
Command format rule <rule-no> {permit|deny} icmp {<source> <source-wildcard>|any} {<dest> <dest-wildcard>|any} [<icmp-type> [icmp-code <icmp-code>]] [{[precedence <pre-value>] <dscp-value>] [tos <tos-value>]}|dscp [time-range <timerange-name>] rule <rule-no> {permit|deny} {<ip-number>|ip} {<source> <source-wildcard>|any} {<dest> <dest-wildcard>|any} [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>] rule <rule-no> {permit|deny} tcp {<source> <source-wildcard>|any} [<rule> <port>] {<dest> <dest-wildcard>|any} [<rule> <port>] [established] [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>] rule <rule-no> {permit|deny} udp {<source> <source-wildcard>|any} [<rule> <port>] {<dest> <dest-wildcard>|any} [<rule> <port>] [{[precedence <pre-value>] [tos <tos-value>]}|dscp <dscp-value>] [time-range <timerange-name>]
Command mode
Command function
Extended ACL
Extended ACL
Extended ACL
Extended ACL
Example: Define an extended ACL to implement the following functions. Allows the access of UDP messages from network 210.168.1.0/24, destination IP address 210.168.2.10, source port 100 and destination port 200. Denies the BGP messages from network 192.168.2.0/24. Denies all the ICMP messages. Denies all the messages with IP protocol code 8.
ZXR10(config)#acl extend number 150 ZXR10(config-ext-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq 100 210.168.2.10 0.0.0.0 eq 200 ZXR10(config-ext-acl)#rule 2 deny tcp 192.168.2.0 0.0.0.255 Eq BGP any ZXR10(config-ext-acl)#rule 3 deny icmp any any ZXR10(config-ext-acl)#rule 4 deny 8 any any
208
Chapter 19
ACL Configuration
Layer 2 ACL
Defines rules
Example: Define a Layer 2 ACL to allow the access of IP packets with source MAC address 00d0.d0c0.5741 and 802.1p code 5.
ZXR10(config)#acl link number 200 ZXR10(config-link-acl)#rule 1 permit ip cos 5 ingress 10 00d0.d0c0.5741 0000.0000.0000 ZXR10(config-link-acl)#rule 2 deny 8847
<acl-number>|name <acl-name>}
Mixed ACL
209
Mixed ACL
Mixed ACL
Example: Define a mixed ACL to implement the following functions. Allows the access of UDP messages from network 210.168.1.0/24, destination IP address 210.168.2.10, destination MAC address 00d0.d0c0.5741, source port 100 and destination port 200. Denies the BGP messages from network 192.168.3.0/24. Denies the messages from MAC address 0100.2563.1425.
ZXR10(config)#acl hybrid number 300 ZXR10(config-hybd-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq 100 210.168.2.10 0.0.0.0 eq 200 Egress 00d0.d0c0.5741 0000.0000.0000 ZXR10(config-hybd-acl)#rule 2 deny tcp 192.168.3.0 0.0.0.255 Eq BGP any ZXR10(config-hybd-acl)#rule deny any any ingress 0100.2563.1425 0000.0000.0000
210
Chapter 19
ACL Configuration
Tip: A physical port can only apply one ACL. The new configuration overwrites the old one. For example, in the gei_4/1 port configuration mode, the following two commands are configured in order: ip access-group 10 in ip access-group 100 in Only ACL 100 takes effect.
211
Internet
Dept. A 192.168.1.0/24
Dept. B 192.168.2.0/24
The server IP addresses are allocated as follows: Mail server: 192.168.4.50 FTP server: 192.168.4.60 VOD server: 192.168.4.70 Switch configuration
/* Configure a time range */
ZXR10(config)#time-range working-time 9:00:00 to 17:00:00
212
Chapter 19
ACL Configuration
ZXR10(config-ext-acl)#rule 2 deny ip 192.168.2.0 0.0.0.255 192.168.4.60 0.0.0.0 time-range working-time ZXR10(config-ext-acl)#rule 3 deny tcp any eq 8888 192.168.4.70 0.0.0.0 time-range working-time ZXR10(config-ext-acl)#rule 4 permit ip any any
213
214
Chapter
20
QoS Configuration
Quality of Service (QoS) refers to the capability to provide better service to the selected network communication by using various technologies. In this chapter, you will learn about: QoS Overview Configuring QoS Example of Configuring QoS QoS Maintenance and Diagnosis
QoS Overview
Traditional networks provide best-effort services in which all messages are treated equally. The network devices do their best effort to send messages to the destination following the First Come, First Served principle. However, they do not provide any guarantee of message transmission reliability or relay. As new applications continually appear, new requirements of network QoS are addressed. The best-effort services of traditional networks no long meet the requirements for the applications. For example, in VoIP services and real-time video transmission, if the message transmission relay is too large, the users will not be able to use the services normally. A feasible way to solve these problems is to provide the networks with the support for the QoS capability. QoS is designed to provide different service quality for various applications depending on the requirements, e.g. providing dedicated bandwidth, reducing message loss rate, lowering message transmission relay and relay jitter. QoS provides the following functions to achieve these goals: Traffic classification Traffic monitoring and control Traffic shaping
215
Queue scheduling and default 802.1p priority Redirection and policy routing Priority tagging Traffic mapping Traffic statistics
Traffic Classification
Traffic refers to the messages passing through the switches. Traffic classification allows the messages transmitted across the switches to be classified, and defines or describes the messages with specific characteristics. QoS traffic classification is based on ACL and the rule of ACL must be permit. The customer can classify the messages based on the filtering options of an ACL, e.g. source/destination IP address of the message, source/destination MAC address, IP protocol type, TCP source/destination port number, UDP source/destination port number, ICMP type, ICMP code, DSCP, ToS, precedence, source VLAN ID, Layer 2 Ethernet protocol type and 802.1p priority.
Traffic Shaping
Traffic shaping allows the control of message output rate, which allows the messages to be sent at an equal rate. Traffic shaping is usually used to match the message rate with the downstream devices to avoid congestion and prevent the messages from being discarded. The primary difference between traffic shaping and traffic monitoring and control is that the shaping caches the messages exceeding the rate limit so that the messages can be sent at an equal rate, whereas traffic monitoring and control discards the messages exceeding the rate limit. Traffic shaping increases delay, but traffic monitoring and control does not. Traffic shaping includes: Bandwidth traffic shaping on ingress interfaces Bandwidth traffic shaping on egress interfaces
216
Chapter 20
QoS Configuration
217
Priority Tagging
Priority tagging re-allocates a set of service parameters for the specific traffic described in an ACL. The following operations are allowed: Change the CoS queue of data messages as well as the 802.1p value. Change the CoS queue of data messages, but the 802.1p value is not changed. Change the DSCP value of data messages. Change the discard priority of data messages.
Traffic Mapping
Traffic mapping enables the service traffic that matches ACL rules to be copied to the CPU or the specified port for message analysis and monitoring, which is generally used for network failure diagnosis.
Traffic Statistics
Traffic statistics provides statistics of packets of the specified service traffic so that you can learn about the actual network conditions and allocate network resources as required. Traffic statistics mainly provides the number of packets received on a port in the incoming direction.
Configuring QoS
The details of the QoS configuration are described in the following sections.
<rule-no>
Global
in <acl-number> rule-id rate-limit <limit-value> bucket-size <size> exceed forward [remark-dscp <dscp-value>]
<rule-no>
<rule-no>
218
Chapter 20
QoS Configuration
in <acl-number> rule-id rate-limit <limit-value> bucket-size <size> exceed remark-dscp <dscp-value> [forward|drop-precedence <drop-value>] traffic-limit
<rule-no>
in <acl-number> rule-id rate-limit <limit-value> bucket-size <size> drop-precedence <drop-value> [remark-dscp <dscp-value>] traffic-limit
<rule-no>
Global
Example: Monitor and control the traffic of packets with destination IP address 168.2.5.5 on port gei_5/1. Set the bandwidth to 10 M, burst transmission rate to no greater than 1 M and change the DSCP value to 23 for the part that exceeds the limit and set the discard priority to high (this part of packets will be discarded at a higher priority in queue congestion).
ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit any 168.2.5.5 ZXR10(config-ext-acl)#exit ZXR10(config)#traffic-limit in 100 rule-id 1 rate-limit 10000 bucketsize 1000 exceed remark-dscp 23 drop-precedence high ZXR10(config)#interface gei_5/1 ZXR10(config-if)#ip access-group 100 in
Traffic Shaping
Use the following commands to configure port traffic shaping:
Command format traffic-limit {in|out} Command mode rate-limit Port Command function Enables the shaping of traffic on a port
Example: Enable traffic shaping on port gei_5/1. Set the ingress rate to 200 M and egress rate to 40 M.
ZXR10(config)#interface gei_5/1 ZXR10(config-if)#traffic-limit rate-limit 200000 bucket-size 2000 in ZXR10(config-if)#traffic-limit rate-limit 40000 bucket-size 2000 Out
219
Port
Example: Enable strict scheduling based on priority on port gei_5/1. Enable WRR scheduling on port gei_5/2. The weights of Queue 0~7 are 10, 5, 8, 10, 5, 8, 9, 10. Set the default 802.1p of port gei_5/2 to 5.
ZXR10(config)#interface gei_5/1 ZXR10(config-if)#queue-mode strict-priority ZXR10(config-if)#exit ZXR10(config)#interface gei_5/2 ZXR10(config-if)#queue-mode wrr queue-0 10 queue-1 5 queue-2 8 queue-3 10 queue-4 5 queue-5 8 queue-6 9 queue-7 10 ZXR10(config-if)#priority 5
Global
Example: Redirect the packets with the source IP address 168.2.5.5 on port gei_4/4 to port gei_6/3. Enable policy routing for the packets with the destination IP address 66.100.5.6. Set the next-hop IP address to 166.88.96.56.
ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit ip 168.2.5.5 any ZXR10(config-ext-acl)#rule 2 permit ip any 66.100.5.6
220
Chapter 20
QoS Configuration
ZXR10(config-ext-acl)#exit ZXR10(config)#redirect in 100 rule-id 1 interface gei_6/3 ZXR10(config)#redirect in 100 rule-id 2 next-hope 166.88.96.56 0.0.0.0 ZXR10(config)#interface gei_4/4 ZXR10(config-if)#ip access-group 100 in
Priority Tagging
Use the following commands to configure priority tagging.
Command format priority-mark in <acl-number> rule-id <rule-no> {[dscp <dscp-value>] [drop-precedence <drop-value>] [cos <cos-value>|local-precedence <local-value>]} Command mode Command function
Global
Example: Change the DSCP value of the packets with the source IP address 168.2.5.5 on port gei_5/1 to 34, and select 4 for output queues.
ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 168.2.5.5 ZXR10(config-basic-acl)#exit ZXR10(config)#priority-mark in 10 rule-id 1 dscp 34 cos 4 ZXR10(config)#interface gei_5/1 ZXR10(config-if)#ip access-group 10 in
Traffic Mapping
Use the following commands to configure traffic mapping:
Command format traffic-mirror in <acl-number> rule-id <rule-no> {cpu|interface <port-name>} Command mode Global Command function Enables the mapping of the specified traffic
Example: Map the data traffic with the source IP address 168.2.5.6 on port gei_4/8 to port gei_4/4.
ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 168.2.5.5 ZXR10(config-basic-acl)#rule 2 permit 168.2.5.6 ZXR10(config-basic-acl)#exit ZXR10(config)#traffic-mirror in 10 rule-id 2 interface ZXR10(config)#interface gei_4/8
221
Tip: If cross-card traffic mapping is configured, only one session can be configured for port mapping.
Traffic Statistics
Use the following commands to configure traffic statistics:
Command format traffic-statistics in <acl-number> rule-id <rule-no> Command mode Global Command function Collects the statistics on the specified traffic
Example: Collect the traffic statistics on the data in the network with the destination IP address 67.100.88.0/24 on port gei_4/8.
ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit ip 168.2.5.5 0.0.0.0 any ZXR10(config-ext-acl)#rule 2 permit ip any 67.100.88.0 0.0.0.255 ZXR10(config-ext-acl)#exit ZXR10(config)#traffic-statistics in 100 rule-id 2 ZXR10(config)#interface gei_4/8 ZXR10(config-if)#ip access-group 100 in
222
Chapter 20
QoS Configuration
Internet
Network A 192.168.1.0/24
Network B 192.168.2.0/24
VOD Server
Switch configuration
ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit tcp any eq 8888 192.168.4.70 0.0.0.0 ZXR10(config-ext-acl)#rule 2 permit ip any 192.168.3.100 0.0.0.0 ZXR10(config-ext-acl)#rule 3 permit ip any any ZXR10(config-ext-acl)#exit
ZXR10(config)#acl extend number 101 ZXR10(config-ext-acl)#rule 1 permit tcp 192.168.2.0 0.0.0.255 eq 8888 192.168.4.70 0.0.0.0 ZXR10(config-ext-acl)#rule 2 permit ip any 192.168.3.100 0.0.0.0 ZXR10(config-ext-acl)#rule 3 permit ip any any ZXR10(config-ext-acl)#exit
223
ZXR10(config)#interface fei_2/1 ZXR10(config-if)#ip access-group 100 in ZXR10(config-if)#exit ZXR10(config)#interface fei_2/2 ZXR10(config-if)#ip access-group 101 in
ISP1 100.1.1.1
ISP2 200.1.1.1
Switch configuration
/* Define an ACL. Describe the users in networks 10.10.0.0/24 and 11.11.0.0/24 */
ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 10.10.0.0 0.0.0.255 ZXR10(config-basic-acl)#rule 2 permit 11.11.0.0 0.0.0.255 ZXR10(config-basic-acl)#exit
224
Chapter 20
QoS Configuration
225
226
Chapter
21
DHCP Configuration
This chapter introduces the dynamic host configuration protocol (DHCP). DHCP is a widely used protocol providing the capability of obtaining dynamic addresses for the hosts in a network. ZXR10 T160G/T64G can be configured as a DHCP server or DHCP relay according to the actual networking requirement. In this chapter, you will learn about: DHCP Overview Configuring DHCP Examples of Configuring DHCP DHCP Maintenance and Diagnosis
DHCP Overview
DHCP allows a host on a network to obtain an IP address for normal communications and related configuration information from a DHCP server. Details of DHCP are described in RFC 2131. DHCP uses UDP as the transmission protocol. The host sends messages to port 67 of the DHCP server, who will return messages to port 68 of the host. A DHCP works in the following steps: 1. 2. 3. A host sends a DHCPDiscover broadcast message requesting an IP address and other configuration parameters. A DHCP server returns a DHCPOffer unicast message containing a valid IP address. The host selects the server at which the DHCPOffer arrives first, and sends a DHCPRequest unicast message to the server, which indicates it accepts the related configurations. The selected DHCP server returns a DHCPAck unicast message for acknowledgement.
4.
Thus, the host can communicate with other network devices using the IP address and related configurations obtained from the DHCP server.
227
The IP addresses allocated by the DHCP server for the host include 3 types: Administrator allocates an IP address to a specific host An address is allocated to a host permanently at random. An address is allocated to a host at random for a period of time. The third type of address is generally used. The validity time of an address is called lease period. Before the lease period expires, the host must request continue lease from the server. The address can no longer be used unless the server accepts the request otherwise the address will be abandoned unconditionally. The routers do not send the received broadcast packets from one subnetwork to anther by default. When the DHCP server and the client host do not exist in the same subnetwork, the router acting as the default gateway of the client host must send the broadcast packets to the subnetwork where the DHCP server resides, which is called DHCP relay. ZXR10 T160G/T64 can be used either as a DHCP server or the DHCP relay for forwarding DHCP information, but the two functions cannot be enabled at a time.
Configuring DHCP
The DHCP server configurations include the following contents: Configure an IP address pool. DHCP server allocates the addresses in the pool to client hosts.
Command format ip local pool <pool-name> <low-ip-address> <high-ip-address> <net-mask> Command mode Global Command function Configures an IP address for a DHCP server
Global
Enable the DHCP attribute on the interface connected to the subnetwork where clients reside
228
Chapter 21
DHCP Configuration
Configure the default user gateway address on the interface connected to the subnetwork where clients reside
Command format ip dhcp <ip-address> server gateway Command mode VLAN interface Command function Configures the gateway address interface DHCP for an
The DHCP relay configurations include the following contents: Enable the DHCP attribute on the interface connected to the subnetwork where clients reside
Command format user-interface Command mode VLAN interface Command function Configures a interface flag user-side
Configure the default user gateway address on the interface connected to the subnetwork where clients reside
Command format ip dhcp relay agent <ip-address> Command mode VLAN interface Command function Configures the DHCP proxy address for an interface
Configure the IP address for the external DHCP server on the interface connected to the subnetwork where clients resides
Command format ip dhcp relay server <ip-address> Command mode VLAN interface Command function Configures the IP address for the external DHCP server for an interface
229
DNS Server
10.10.2.2/24
R1 10.10.1.1/24
PC
FTP Server
10.10.1.2/24
Configuration of R1
ZXR10(config)#ip dhcp server dns 10.10.2.2 ZXR10(config)#ip dhcp server leasetime 90 ZXR10(config)#ip local pool dhcp 10.10.1.3 10.10.1.254 255.255.255.0 ZXR10(config)#interface vlan10 ZXR10(config-if)#user-interface ZXR10(config-if)#ip address 10.10.1.1 255.255.255.0 ZXR10(config-if)#ip dhcp server gateway 10.10.1.1 255.255.255.0 ZXR10(config-if)#peer default ip pool dhcp ZXR10(config-if)#exit ZXR10(config)#ip dhcp server enable
230
Chapter 21
DHCP Configuration
As shown in Figure 70, the DHCP relay function is enabled on R1. The separate server 10.10.2.2 provides the DHCP server functions. This method is usually used in the case where there are many hosts that require the DHCP service.
DHCP Server
10.10.2.2/24
R1 10.10.1.1/24
PC
FTP Server
10.10.1.2/24
Configuration of R1
ZXR10(config)#interface vlan10 ZXR10(config-if)#user-interface ZXR10(config-if)#ip address 10.10.1.1 255.255.255.0 ZXR10(config-if)#ip dhcp relay agent 10.10.1.1 ZXR10(config-if)#ip dhcp relay server 10.10.2.2 ZXR10(config-if)#exit ZXR10(config)#ip dhcp relay enable
231
Display the list of current online users on the DHCP server process module
Command format show ip dhcp server user Command mode All modes except user mode Command function Displays the list of current online users on the DHCP server process module
show ip interface
All modes
The debug commands allow you to track the packet sending/receiving and processing of the DHCP server/relay process
Command format Command mode Command function Tracks the packet sending/receiving and processing on the DHCP server/relay
debug ip dhcp
Privileged
232
Chapter
22
VRRP Configuration
This chapter introduces the Virtual Router Redundancy Protocol (VRRP). In the case where there are many egress routers, this protocol can be used to provide the redundancy of multiple egress gateways for a host. In this chapter, you will learn about: VRRP Overview Configuring VRRP Examples of Configuring VRRP VRRP Maintenance and Diagnosis
VRRP Overview
In a broadcast domain, a default gateway is generally set as the next-hop of the routing packets for the hosts. When the default gateway does not work normally, the hosts in this broadcast domain will be unable to communicate with the hosts in other networks. To prevent the single point failure due to the default gateway, you can configure multiple router interfaces in a broadcast domain and enable VRRP on these routers. VRRP puts multiple router interfaces in a broadcast domain into one group to form a virtual router, and allocates it an IP address as the interface address. The interface address of the virtual router can be either the address of one of the routers, or a third-party address. If the interface address of a router is used, the router having this IP address is used as the master router, while others are used as the backup routers. If a third-party address is used, the router with a higher priority is used as the master router. If two routers have the same priority, the one who sends a VRRP message first is the master router. On the hosts in this broadcast domain, set the IP address of the virtual router as the gateway. When the master router fails, the router with the highest priority will be selected from the backup routers to replace it, which has no impact on the hosts in this domain. The hosts in this domain can communicate with the outside world unless no routers in this VRRP GROUP work properly.
233
These routers can also be put into multiple groups and act as standby routers for each other. The host in the domain use different IP addresses as the gateways, thus achieving data load-balance.
Configuring VRRP
d To configure VRRP:
Run VRRP on an interface
Command format vrrp <group> [secondary] ip <ip-address> Command mode VLAN interface Command function Sets a VRRP virtual IP address and runs VRRP on an interface
A VRRP group can be configured with multiple virtual addresses. The hosts connected to it can use any one of them as the gateway for communications. Configure the VRRP priority on an interface
Command format vrrp <group> priority <priority> Command mode VLAN interface Command function Configures a VRRP priority, 100 by default
VLAN interface
VLAN interface
On an interface, configure how to know the interval for sending VRRP messages
Command format vrrp <group> learn Command mode VLAN interface Command function Configures the interval of
234
Chapter 22
VRRP Configuration
messages sending from the master to be learnt from a VRRP message Non-learn by default. The local configuration is used
authentication
VLAN interface
Master
Backup
R1
10.0.0.1/16
R2
10.0.0.2/16
PC1
PC2
PC3
PC4
Gateway: 10.0.0.1/16
Configuration of R1
ZXR10_R1(config)#interface vlan 1 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.0.0 ZXR10_R1(config-if)#vrrp 1 ip 10.0.0.1
235
Configuration of R2
ZXR10_R2(config)#interface vlan 1 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.0.0 ZXR10_R2(config-if)#vrrp 1 ip 10.0.0.1
Master
Backup
R1
R2
PC1
PC2
PC3
PC4
Gateway: 10.0.0.1/16
Gateway: 10.0.0.2/16
Configuration of R1
ZXR10_R1(config)#interface vlan 1 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.0.0 ZXR10_R1(config-if)#vrrp 1 ip 10.0.0.1 ZXR10_R1(config-if)#vrrp 2 ip 10.0.0.2
Configuration of R2
ZXR10_R2(config)#interface vlan 1 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.0.0 ZXR10_R2(config-if)#vrrp 1 ip 10.0.0.1 ZXR10_R2(config-if)#vrrp 2 ip 10.0.0.2
236
Chapter 22
VRRP Configuration
237
238
Chapter
23
239
paths. This policy ensures that the packets with the same source-destination address pair arrive in order. In the case where there are a lot of source-destination address pairs in the traffic, load balance will be more effective. ZXR10 T160G/T64G supports up to 8 different paths to the same destination. After configuring load balance, the traffic on the interfaces will be balanced after a period of time.
The maximum number of paths can be configured in RIP, OSPF, IS-IS and BGP routing configuration modes. The default number of paths is 1. Up to 8 paths are supported. Configure load balance for static routes
Command format ip route [vrf <vrf-name>] <prefix> <net-mask> {<forwarding-router's-address>|<int erface-name>} [<distance-metric>] [tag <tag>] Command mode Command function
Global
Configure multiple static routes to one destination. Up to 8 routes are supported, but they should have different tags. The default value of tag is 3.
240
Chapter 23
10.1.1.2/24 vlan8 10.1.1.1/24 PC1 vlan7: vlan6: vlan5: vlan4: vlan3: vlan2: vlan1: R1 107.1.1.1/30 106.1.1.1/30 105.1.1.1/30 104.1.1.1/30 103.1.1.1/30 102.1.1.1/30 101.1.1.1/30 vlan7: vlan6: vlan5: vlan4: vlan3: vlan2: vlan1: vlan8
20.1.1.1/24
...
20.1.1.2/24
PC2
The following sections describe the configurations of load balance in examples of static route and dynamic route protocol OSPF.
Static Route
Configuration of R1
ZXR10_R1(config)#interface vlan1 ZXR10_R1(config-if)#ip address 101.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan2 ZXR10_R1(config-if)#ip address 102.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan3 ZXR10_R1(config-if)#ip address 103.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan4 ZXR10_R1(config-if)#ip address 104.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan5 ZXR10_R1(config-if)#ip address 105.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan6 ZXR10_R1(config-if)#ip address 106.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan7 ZXR10_R1(config-if)#ip address 107.1.1.1 255.255.255.252 ZXR10_R1(config)#interface vlan8 ZXR10_R1(config-if)#ip address 10.1.1.1 255.255.255.0
ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 107.1.1.2 1 tag 157 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 106.1.1.2 1 tag 156 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 105.1.1.2 1 tag 155 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 104.1.1.2 1 tag 154 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 103.1.1.2 1 tag 153 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 102.1.1.2 1 tag 152 ZXR10_R1(config)#ip route 20.1.1.0 255.255.255.0 101.1.1.2 1 tag 151
Configuration of R2
241
ZXR10_R2(config)#interface vlan1 ZXR10_R2(config-if)#ip address 101.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan2 ZXR10_R2(config-if)#ip address 102.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan3 ZXR10_R2(config-if)#ip address 103.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan4 ZXR10_R2(config-if)#ip address 104.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan5 ZXR10_R2(config-if)#ip address 105.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan6 ZXR10_R2(config-if)#ip address 106.1.1.2 255.255.255.252 ZXR10_R2(config)#interface vlan7 ZXR10_R2(config-if)#ip address 107.1.1.3 255.255.255.252 ZXR10_R2(config)#interface vlan8 ZXR10_R2(config-if)#ip address 20.1.1.1 255.255.255.0
ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 107.1.1.1 1 tag 157 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 106.1.1.1 1 tag 156 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 105.1.1.1 1 tag 155 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 104.1.1.1 1 tag 154 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 103.1.1.1 1 tag 153 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 102.1.1.1 1 tag 152 ZXR10_R2(config)#ip route 10.1.1.0 255.255.255.0 101.1.1.1 1 tag 151
The 7 links between R1 and R2 achieve load balance. Users PC1 and PC2 can access each other via the 7 links.
OSPF
Configuration of R1
ZXR10_R1(config)#router ospf 100 ZXR10_R1(config-router)#network 101.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 102.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 103.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 104.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 105.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 106.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 107.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R1(config-router)#network 10.1.1.0 0.0.0.255 area 0.0.0.0 ZXR10_R1(config-router)#maximum-paths 7
Configuration of R2
242
Chapter 23
ZXR10_R2(config)#router ospf 100 ZXR10_R2(config-router)#network 101.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 102.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 103.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 104.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 105.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 106.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 107.1.1.0 0.0.0.3 area 0.0.0.0 ZXR10_R2(config-router)#network 20.1.1.0 0.0.0.255 area 0.0.0.0 ZXR10_R2(config-router)#maximum-paths 7
The 7 links between R1 and R2 achieve load balance. Users PC1 and PC2 can access each other via the 7 links.
In the load balance of static routes, 7 paths to the destination network 20.1.1.0/24 can be seen from R1.
ZXR10_R1#show ip route 20.1.1.0 IPv4 Routing Table: Dest 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 20.1.1.0 ZXR10_R1# Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Gw 107.1.1.1 106.1.1.1 105.1.1.1 104.1.1.1 103.1.1.1 102.1.1.1 101.1.1.1 Interface vlan7 vlan6 vlan5 vlan4 vlan3 vlan2 vlan1 Owner static static static static static static static pri metr 1 0 1 0 1 0 1 0 1 0 1 0 1 0
In the load balance of dynamic routes, 7 paths to the destination network 20.1.1.0/24 can be seen from R1.
ZXR10_R1#show ip route 20.1.1.0 IPv4 Routing Table:
243
244
Chapter
24
NTP
NTP Overview
NTP is applied to different network elements for time synchronization. The transmission of NTP itself is based on UDP. Devices enabling NTP adjust their system clocks by exchanging NTP messages and keep their clock in synchronization. ZXR10 T160G/T64G can be used as an NTP client in practical applications.
Configuring NTP
The configuration of NTP includes: Define a time server
Command format ntp server <ip-address> [version Command mode Global Command function Defines a time server
245
<number>]
Enable NTP
Command format ntp enable Command mode Global Command function Enables NTP
Configure the source address used for sending a Synchronize Time request via NTP
Command format Command mode Command function Configures the source address used for sending a Synchronize Time request via NTP
Global
192.168.2.2/24
vlan24
ZXR10
192.168.2.1/24
NTP Server
Configuration of ZXR10
ZXR10(config)#interface vlan2 ZXR10(config-if)#ip address 192.168.2.2 255.255.255.0 ZXR10(config-if)#exit ZXR10(config)#ntp enable ZXR10(config)#ntp server 192.168.2.1 version 2
246
Chapter 24
RADIUS Authentication
RADIUS Overview
Remote Authentication Dial-In User Service (RADIUS) is a standard authorization, authentication and accounting (AAA) protocol. To the routing switch, AAA allows the users accessing the switch to be authenticated to prevent illegal users and improve the device security. ZXR10 T160G/T64G supports the RADIUS authentication function for authenticating Telnet users accessing the routing switch. ZXR10 T160G/T64G supports multiple RADIUS server groups. Each RADIUS group can be configured with 3 authentication servers. A server timeout parameter and the number of timeout retransmissions can be set for each group. The administrators can select specific RADIUS servers by configuring different RADIUS groups.
Configuring RADIUS
The configuration of RADIUS includes: Configure RADIUS servers
Command format radius server <group-number> authen {master|slave|third} <ip-address> <port> <key> Command mode Global Command function Sets a configuration group for the RADIUS server authentication
Global
User configuration
Command format user-authentication-type {local|radius <group>} Command mode Global Command function Specifies the type of user authentication for Telnet login
247
SNMP
SNMP Overview
SNMP is one of the most popular network management protocols. This protocol enables a network management server to manage all the devices in a network. SNMP allows the management based on server and client. The background network management server acts as the SNMP server. The foreground network equipment acts as the SNMP client. The foreground and background systems share the same MIB management database and communicate with each other via SNMP. The routing switch acts as an SNMP agent. A specified SNMP server should be configured. Contents allowed to be collected by network administrators and the collection rights should also be defined. ZXR10 T160G/T64G supports multiple versions of SNMP.
Configuring SNMP
The SNMP configuration on ZXR10 T160G/T64G includes: Set the community name in an SNMP message
Command format snmp-server community [view <community-name> <view-name>] [ro|rw] Command mode Global Command function Sets the community name in an SNMP message
The SNMPv1/v2c authentication is based on community. An SNMP community is named using a character string. Different communities can be assigned read-only or read-write privileges. Communities with the read-only privilege can only query device information. Those with the read-write privilege can configure the devices. However, the privileges of both read-only and read-write are limited by view. Operations are allowed within the scope of view only. If the view parameter is omitted, the default view in the system is used. If the ro/rw parameter is omitted, ro (read-only) is used.
248
Chapter 24
The included or excluded parameter of this command adds or removes <subtree-ID> from the specified view. Configurations are allowed for many times for the same <view-name>, which results in a set of cooperating commands. Set the system contact (sysContact) for the MIB objects
Command format snmp-server <mib-syscontact-text> contact Command mode Global Command function Sets the system contact for an MIB object
sysContact is a management variable in the system group in MIB II. It contains the ID and contact of the person relevant to a managed device. Set the location (sysLocation) of the system of an MIB object
Command format snmp-server <mib-syslocation-text> location Command mode Global Command function Sets the location of the system of an MIB object
sysLocation is a management variable in the system group in MIB II. It is used to indicate the locations of managed devices. Set the type of TRAP allowed to be sent
Command format snmp-server enable [<notification-type>] trap Command mode Global Command function Sets the type of trap allowed to be sent by a proxy
Trap is the information a managed device sends to the Network Management System (NMS) without request. It is used to report emergent and important events. Set a trap destination host
Command format snmp-server host [mng|vrf <ip-address> <vrf-name>] [trap|inform] [version {1|2c|3 {auth|noauth|priv}}] <community-name> [udp-port <udp-port>] [<trap-type>] Command mode Command function Configures the sending address, port, version and type of the trap or inform for the host
Global
ZXR10 T160G/T64G supports 5 types of conventional traps: snmp, bgp, ospf, rmon and stalarm. View relevant information of SNMP
Command format show snmp Command mode All modes except user mode Command function Displays the statistics on SNMP messages
249
Remote Monitoring
Remote Monitoring Overview
The Remote Monitoring (RMON) system is used to monitor the services on remote-ends. With RMON, a remote probe is used to collect and process data, i.e. the routing switch system. The routing switch also includes RMON agent software communicating with the NMS via SNMP. Information is transferred from the routing switch to the NMS only when it is required.
Configuring RMON
The RMON configuration on ZXR10 T160G/T64G includes: Enable statistics on an interface (only for Ethernet)
Command format rmon collection statistics <index> [owner <string>] Command mode Port Command function Enables statistics on a port
Global
250
Chapter 24
Command format rmon collection history <index> [owner <string>] [buckets [interval <bucket-number>] <seconds>]
Command mode
Port
Configure an event
Command format rmon event <index> [log] [trap [description <community>] <string>] [owner <string>] Command mode Global Command function Configures an event
Suppose n computers are connected to port fei_1/1. When these computers communicate on a subnetwork, traffic statistics can be viewed via the network management software or using a show command.
ZXR10#show rmon statistics EtherStatsEntry 1 is active, and owned by rmontest Monitors ifEntry.1.1 which has Received 60739740 octets, 201157 packets, 1721 broadcast and 9185 multicast packets, 0 undersized and 0 oversized packets, 0 fragments and 0 jabbers, 0 CRC alignment errors and 32 collisions. # of dropped packet events (due to lack of resources): 511 # of packets received of length (in octets): 64: 92955, 65-127: 14204, 128-255: 1116, 256-511: 4479, 512-1023: 85856, 1024-1518:2547 ZXR10#
251
Configure an alarm control entry and wait for 10s. Use a show command to view the contents of the RMON event.
ZXR10#show rmon event Event 1 is active, owned by rmontest
252
Chapter 24
Description is test Event firing causes log and trap to community rmontrap, last fired 05:40:20 Current log entries: index 1 ZXR10# time 05:40:14 description test
System Log
SysLog Overview
ZXR10 T160G/T64G allows the user to set and query logs. Log information makes it easy for maintaining the routing switch regularly. Log information allows you to view the alarm information and port status changes on the routing switch. Logs can be displayed on the configured terminals in real time, or saved on the routing switch or a background log server in files. You can enable the SysLog protocol on ZXR10 T160G/T64G to transmit the logs by communicating with the background syslog server via the protocol.
Configuring SysLog
The configuration of SysLog includes: Enable log
Command format logging on Command mode Global Command function Enables log
253
Command function Sets the level of logs to be saved in the log cache
Global
Sets a log level for SysLog protocol processing Sets the parameters of the background SysLog server
Global
The types of supported alarmed information include environment, board, port, ROS, database, OAM, security, OSPF, RIP, BGP, DRP, TCP-UDP, IP, IGMP, Telnet, ARP, ISIS, ICMP, SNMP and RMON.
254
255
Abbreviation FTP GBIC GRE ICMP IETF IGMP IGP IP ISO ISP LACP LAN LAPB LCP LDP LSA LSP LSR MAC MD5 MED MIB MPLS MSTP MTU NAT NBMA NCP NIC NLRI NMS NSAP NSP NTP NVT OAM
Full Name File Transfer Protocol Gigabit Interface Converter General Routing Encapsulation Internet Control Message Protocol Internet Engineering Task Force Internet Group Management Protocol Interior Gateway Protocol Internet Protocol International Organization for Standardization Internet Service Provider Link Aggregation Control Protocol Local Area Network Link Access Procedure Balanced Link Control Protocol Label Distribution Protocol Link State Advertisement Link State PDU Label Switch Router Media Access Control Message Digest 5 MULTI_EXIT_DISC Management Information Base Multi-Protocol Label Switching Multiple Spanning Tree Protocol Maximum Transmission Unit Network Address Translation Non-Broadcast Multiple Access Network Control Protocol Network Information Center Network Layer Reachable Information Network Management System Network Service Access Point Network Service Provider Network Time Protocol Network Virtual Terminal Operation And Management
256
Full Name Open Systems Interconnection Open Shortest Path First Password Authentication Protocol Port Address Translation Pulse Code Modulation Protocol Data Unit Packet over SDH Point-to-Point Protocol
257
258
Figures
Figure 1 ZXR10 T160G/T64G sketch map of system principle ...........................10 Figure 2 Abridged General View of ZXR10 T160G components position...............11 Figure 3 ZXR10 T160G Front Panel ...............................................................12 Figure 4 Abridged General View of ZXR10 T64G components position ................13 Figure 5 ZXR10 T64G Front Panel .................................................................13 Figure 6 The front panel of ZXR10 T160G MCS ...............................................14 Figure 7 The front panel of ZXR10 T64G MCS .................................................14 Figure 8 Front panel of 44+4 fast Ethernet electrical interface board .................17 Figure 9 Front panel view of twelve-port gigabit Ethernet optical interface ..........18 Figure 10 Front panel view of twenty-four-port gigabit Ethernet optical interface board................................................................................................19 Figure 11 Front panel view of twelve-port gigabit Ethernet electrical interface board ........................................................................................................20 Figure 12 Front panel view of twenty-four-port gigabit Ethernet electrical interface board................................................................................................22 Figure 13 Front panel view of one-port 10-gigabit Ethernet optical interface board ........................................................................................................23 Figure 14 Front panel view of two-port 10-gigabit Ethernet optical interface board ........................................................................................................24 Figure 15 Front panel view of power supply module ........................................26 Figure 16 Rear panel view of DC power supply board.......................................26 Figure 17 Rear panel view of AC power supply board.......................................26 Figure 18 Front Panel View of Fan Plug-in Box ................................................28 Figure 19 ZXR10 T160G/T64G Configuration Mode..........................................30 Figure 20 Hyperterminal Configuration 1 .......................................................31 Figure 21 Hyperterminal Configuration 2 .......................................................31 Figure 22 Hyperterminal Configuration 3 .......................................................32 Figure 23 Running Telnet ............................................................................33 Figure 24 Telnet login schematic diagram ......................................................34 Figure 25 Setting the IP address and port No of SSH server .............................36 Figure 26 Setting SSH version......................................................................37 Figure 27 WFTPD Window............................................................................38 Figure 28 User/Rights Security Dialog Box .....................................................38 Figure 29 TFTPD Window.............................................................................39 Figure 30 Configuration Dialog Box ...............................................................40 Figure 31 Example of Port Mirroring ..............................................................66 Figure 32 The Format of VLAN Tag ...............................................................70 Figure 33 Typical Networking of VLAN ...........................................................74 Figure 34 Typical QinQ Networking ...............................................................76 Figure 35 Example of SuperVLAN Configuration ............................................79 Figure 36 Example of MAC Address Table Configuration ...................................90 Figure 37 MSTP Configuration Example Networking Diagram 1........................ 100 Figure 38 MSTP Configuration Example Networking Diagram 2........................ 101 Figure 39 Example of Link Aggregation Configuration .................................... 105 Figure 40 IGMP Snooping Application ..........................................................109 Figure 41 Example of IGMP Snooping Configuration ......................................113 Figure 42 Configuring Static Route .............................................................120 Figure 43 Static Routes Summarization ....................................................... 121 Figure 44 Configure Default Route ..............................................................122
259
Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure Figure
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
Basic RIP Configuration ...............................................................129 OSPF Router Types.....................................................................134 Basic OSPF Configuration ............................................................141 Example of Multi-Area OSPF Configuration .....................................142 Example of OSPF Virtual Link Configuration....................................144 Example of OSPF Authentication Configuration ...............................145 IS-IS Area Diagram ....................................................................151 IS-IS Configuration in Single Area ................................................156 IS-IS Configuration in Multi Area ..................................................157 Basic BGP Configuration ..............................................................165 Advertising BGP Routes...............................................................166 Advertising BGP Aggregation .......................................................167 Configuring BGP Multihop ............................................................168 Filtering Routes via NLRI ............................................................. 170 Configuring the Local Preference Attribute .....................................172 Configuring the MED Attribute......................................................173 Configuring BGP Synchronization.................................................. 176 Configuring BGP Route Reflectors .................................................177 Configuring BGP Confederation ....................................................179 Example of Configuring BGP ........................................................181 Example of Configuring Multicasting..............................................197 Example of Configuring ACL.........................................................212 Example of a Typical QoS Configuration.........................................223 Example of Configuring Policy Routing........................................... 224 Configuring a DHCP Server ..........................................................230 Configuring a DHCP Relay ........................................................... 231 Basic VRRP Configuration ............................................................235 Symmetric VRRP Configuration.....................................................236 Example of Configuring Load Balance ............................................241 Example of Configuring NTP......................................................... 246
260
Tables
Table 1 Typographical Conventions ................................................................iii Table 2 Mouse Operation Conventions ............................................................iv Table 3 Safety Signs....................................................................................iv Table 4 ZXR10 T160G/T64G Technical Features and Parameters ...................... 6 Table 5 Features of Fast Ethernet Management Interface ................................ 15 Table 6 Functional description of front panel LEDs in the control switching board 15 Table 7 Functional description of buttons in the control switching board ............ 16 Table 8 Characteristics of 44+4 Fast Ethernet Electrical Interface Board............ 17 Table 9 Functional description of front panel LEDs in 44+4 fast Ethernet interface board............................................................................................... 17 Table 10 Characteristics of twelve-port gigabit Ethernet optical interface board .. 18 Table 11 Functional description of front panel LEDs in 12-port gigabit Ethernet optical interface board .................................................................................. 18 Table 12 Characteristics of twenty-four-port gigabit Ethernet optical interface board ....................................................................................................... 19 Table 13 Functional description of front panel LEDs in 24-port gigabit Ethernet optical interface board .................................................................................. 20 Table 14 Characteristics of twelve-port gigabit Ethernet electrical interface board21 Table 15 Functional description of front panel LEDs in 12-port gigabit Ethernet electrical interface board..................................................................... 21 Table 16 Characteristics of twenty-four-port gigabit Ethernet electrical interface board............................................................................................... 22 Table 17 Functional description of front panel LEDs in 24-port gigabit Ethernet electrical interface board..................................................................... 23 Table 18 Characteristics of one-port 10-gigabit Ethernet optical interface board . 24 Table 19 Functional description of front panel LEDs in one-port 10-gigabit Ethernet optical interface board ........................................................................ 24 Table 20 Characteristics of two-port 10-gigabit Ethernet optical interface board . 25 Table 21 Functional description of front panel LEDs in two-port 10-gigabit Ethernet optical interface board ........................................................................ 25 Table 22 Command Mode ........................................................................... 41 Table 23 Range of IP Addresses .................................................................115
261