Documente Academic
Documente Profesional
Documente Cultură
R1P-SW24 Series
R1P-SW24FL2B-1F1T R1P-SW24FL2B-2T R1P-SW24L2B-1F1T R1P-SW24L2B-2T
User's Guide
| Copyright |
Copyright 2008 by Corecess Inc. All rights reserved. No Part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. The specifications and information regarding the products in this manual are subject to changed without notice.
| Trademark Credit |
Corecess R1P-SW24 is registered trademark of Corecess Inc. Other product names or company names mentioned in this manual are registered trademarks of the appropriate company.
Corecess Inc.
500-2, Sangdaewon-dong, Jungwon-ku, Sungnam-city, Kyungki-do, Korea, 462-120 TEL:+82-31-739-6600 FAX: :+82-31-739-6622 http://www.corecess.com
Manual Contents
Manual Contents
This manual is organized as follows concerning the Corecess R1P-SW24: y Introduction to functions and features y Name and function of each part y How to install on a rack and connect cable to each port y How to configure the Corecess R1P-SW24 Careful reading of this manual before using the Corecess R1P-SW24 will alleviate the complexity of manipulating the system. The user should read the chapters 1~3 to become acquainted with the functions of the product, name and function of each part, and the precautions before installation. Understanding chapters 1~3 will help a great deal for safety in installing and using the product. 9 If you have any problems or questions during installation or while using the product, contact your equipment provider or visit our website at www.corecess.com and leave a message in Q&A.
Audience
This manual is designed for the users with basic knowledge in Ethernet. Thus, this manual assumes that the reader is knowledgeable of basic concepts and terminology about Ethernet and FTTH and does not provide separate explanations for these topics. If you feel that the contents of this manual are difficult and require more detailed explanations, refer to other network related books.
Revison History
Edition 0000 0001 Date 8/2007 3/2008 Description First Draft First Edition
III
Notations
Notations
This manual uses the notations explained below for assisting readers in understanding the contents of this manual.
IV
Notations
Conventions
This manual uses the following conventions:
Note: Introduces useful item for the use of product, reference, and its related materials
Caution: Explains possible situations or conditions of improper operation and possibility of losing data and
provides suggestions how to deal with those cases.
Warning: Explains situtations in which product can be damaged or danger can be imposed to users physically,
and informs you how to respond to those situations.
Organization
Organization
The chapters of this manual are organized as follows: Chapter 1 Overview
This chapter introduces the Corecess R1P-SW24 functions and features and describes several kinds of network examples configurable with the Corecess R1P-SW24.
Chapter 4 Installation
This chapter describes how to mount the Corecess R1P-SW24 on a rack, connect the cables to the ports, and connect the power.
VI
Organization
VII
Organization
VIII
Table of Contents
Table of Contents
Manual Contents ................................................................................................. III
Audience ....................................................................................................................................III Revison History ........................................................................................................................III
Notations .............................................................................................................IV
Notations in Console Screen.................................................................................................. IV Notations in Command Syntax............................................................................................. IV Conventions ...............................................................................................................................V
Chapter 1 Overview
1-1
Applications....................................................................................................... 1-8
L2 Switch.................................................................................................................................. 1-8 E-PON ONU............................................................................................................................ 1-9 WDM-PON ONU ................................................................................................................. 1-10
Chapter 2 Hardware
2-1
III
Table of Contents
RUN LED............................................................................................................................................ 2-5 Fast Ethernet Port LEDs(1~24) ........................................................................................................ 2-6 Fast Ethernet Port (1 ~ 24)................................................................................................................ 2-6
3-1
Preventing ESD....................................................................................................................... 3-3 Installing and Servicing the System .................................................................................... 3-4
Disconnecting Power ........................................................................................................................ 3-4 Grounding the System...................................................................................................................... 3-4 Connecting Cables............................................................................................................................. 3-5 Working with Lasers......................................................................................................................... 3-5 Preventing EMI.................................................................................................................................. 3-5 Covering Blank Slots......................................................................................................................... 3-5
Rack-Mounting the System................................................................................................... 3-6 Lifting the System................................................................................................................... 3-7 Disposing of the System ........................................................................................................ 3-7
Chapter 4 Installation
4-1
IV
Table of Contents
Checking the Rack-Mount Space ......................................................................................... 4-3 Mounting the System on a Rack .......................................................................................... 4-4
Connecting Power to the System .................................................................... 4-14 Starting the System ......................................................................................... 4-15
5-1
Prompt...................................................................................................................................... 5-7 Getting Help............................................................................................................................ 5-8 CLI Command Usage Basics .............................................................................................. 5-10
Entering CLI Commands ............................................................................................................... 5-10 Specifying Ports ............................................................................................................................... 5-11 Editing Commands ......................................................................................................................... 5-11
Specifying System Name and Adjusting System Date and Time................................. 5-17
Changing System Name................................................................................................................. 5-17 Adjusting System Time .................................................................................................................. 5-18 Setting NTP Mode........................................................................................................................... 5-19 Setting the Time Zone..................................................................................................................... 5-20
Table of Contents
Displaying CPU Utilization ................................................................................................ 5-26 Displaying Memory Usage ................................................................................................. 5-27 Displaying System Module Information .......................................................................... 5-29 Displaying System Module Equipment Status................................................................ 5-30 Checking Network Connectivity ....................................................................................... 5-32
Saving Log Message in Log File......................................................................................... 5-42 Clearing System Log ............................................................................................................ 5-42 Displaying Contents of Log File ........................................................................................ 5-43
6-1
Displaying Port Information ............................................................................... 6-8 Configuring Flex links ...................................................................................... 6-12
Flex links Features................................................................................................................ 6-12 Flex links Set up.................................................................................................................... 6-12 Flex links primary port Enable........................................................................................... 6-14
7-1
VI
Table of Contents
Q-in-Q Setup ......................................................................................................................... 7-12 Transparent Switching Setup ............................................................................................. 7-13 Priority Copy Setup ............................................................................................................. 7-13
Pass-through................................................................................................... 7-15
Cisco bpdu tunneling........................................................................................................... 7-15 bpdu tunneling ..................................................................................................................... 7-15
8-1
9-1
VII
Table of Contents
QoS Configuration Commands ....................................................................... 9-35 QoS Configuration Commands ....................................................................... 9-35
10-1
VIII
Table of Contents
Filtering DHCP Offer Packets .......................................................................................... 10-13 File and Resource Sharing Protocol Filtering ................................................................ 10-15 Default Traffic Filtering..................................................................................................... 10-17 CIFS (Cognitive Information Filtering System)............................................................. 10-18
Creating a Class Map.................................................................................................................... 10-19 Creating a Policy Map .................................................................................................................. 10-21 Applying Service Policies to the System.................................................................................... 10-22
11-1
IGMP (Internet Group Management Protocol)................................................. 11-2 Configuring IGMP Snooping............................................................................ 11-3
Enabling IGMP Snooping ................................................................................................... 11-3 Configuring a Multicast Router Port................................................................................. 11-4 Enabling IGMP Fast Leave ................................................................................................. 11-6 Configuring Multicast Group............................................................................................. 11-7 Changing the IGMP Group Membership Time............................................................... 11-8 Specifying the Maximum Number of Multicast Groups ............................................... 11-9
12-1
IX
Table of Contents
Displaying DHCP Snooping Binding Information .................................................................. 12-15 Displaying DHCP Snooping Port Information......................................................................... 12-17 Displaying Information of DHCP Snooping Violation ........................................................... 12-17
L2DhcpRelay................................................................................................. 12-22
13-1
802.1X........................................................................................................... 13-12
Setting Port trust-mode ..................................................................................................... 13-12 Configuring AAA about 802.1X....................................................................................... 13-13 Parameters ........................................................................................................................... 13-14 Status .................................................................................................................................... 13-16
Pass-through................................................................................................. 13-19
Cisco bpdu tunneling......................................................................................................... 13-19 bpdu tunneling ................................................................................................................... 13-19
14-1
Table of Contents
15-1
Appendix A
Product Specifications
A-1
Appendix B
B-1
Connector Specifications...................................................................................B-2
RJ-45 Connector ......................................................................................................................B-2
XI
Table of Contents
LC Connector ..........................................................................................................................B-3
100Base-SX Port .................................................................................................................................B-3 100Base-LX Port.................................................................................................................................B-3 1000Base-SX Port ...............................................................................................................................B-3 1000Base-LX Port...............................................................................................................................B-3
SC Connector...........................................................................................................................B-3
1000Base-PX Port...............................................................................................................................B-3
Cable Specifications..........................................................................................B-4
Twisted Pair Cable .................................................................................................................B-4
According to the speed of devices to be connected: Category-3, 4, 5, 5+, 6.............................B-4 According to the kinds of devices to be connected: Straight-through, Crossover..................B-4
XII
List of Tables
List of Tables
Table 1-1 Table 2-1 Table 2-2 Table 2-3 Table 2-4 Table 2-5 Table 2-6 Table 2-7 Table 2-8 Table 2-9 Table 2-10 Table 2-11 Table 2-12 Table 2-13 Table 2-14 Table 2-15 Table 2-16 Table 2-17 Table 3-1 Table 3-2 Table 3-3 Table 4-1 Table 5-1 Table 5-2 Table 5-3 Table 5-4 Table 5-5 Table 5-6 Table 5-7 Table 5-8 Table 5-9 Table 5-10 Table 5-11 Table 5-12 Table 5-13 Table 5-14 Table 5-15 Table 5-16 Table 5-17 Table 5-18 Table 5-19 Table 5-20 Table 5-21 Table 5-22 Types of Uplink module ................................................................................................................ 1-4 Uplink port LED's function ............................................................................................................ 2-4 Uplink port specification................................................................................................................ 2-4 RUN LED descriptions.................................................................................................................. 2-5 LNK/ACT port status LED descriptions ........................................................................................ 2-6 Fast Ethernet port specification .................................................................................................... 2-6 Uplink Modules of the Corecess R1P-SW24................................................................................ 2-7 LED Functions of the OPT-P1ES1CDModule.............................................................................. 2-8 Specifications of Gigabit Ethernet PON Port on the OPT- P1ES1CD Module ............................ 2-8 Specifications of Gigabit Ethernet Port on the OPT-P2CD Module ............................................. 2-9 LED Functions of Gigabit Ethernet Port on the OPT-P2CD Module........................................ 2-10 1000Base-PX20 port LED Functions of the OPT-P1EL1CD Module ...................................... 2-11 Specifications of 1000Base-PX20 port on the OPT-P1EL1CD Module................................... 2-11 Specifications of Gigabit Ethernet Port on the OPT-P1EL1CD Module................................... 2-12 LED Functions of the OPT-P1EL1CD Module ......................................................................... 2-13 Specifications of Gigabit Ethernet Port on the OPT-P2CD Module ......................................... 2-14 10/100/1000Base-TX port 100/1000Base-SX/LX SFP port LED fuction............................. 2-15 GW-PON port LED fuction........................................................................................................ 2-16 The Number of Required Person to Lift The System ................................................................... 3-7 Temperature and humidity condition ............................................................................................ 3-8 Power condition ............................................................................................................................ 3-8 Configuring a console terminal ................................................................................................... 4-12 CLI modes .................................................................................................................................... 5-4 Command mode access method.................................................................................................. 5-4 Prompt of the main command modes .......................................................................................... 5-7 CLI line-editing commands ......................................................................................................... 5-11 Setting the IP address ................................................................................................................ 5-12 Adding a new user ...................................................................................................................... 5-14 Changing a user password......................................................................................................... 5-15 Deleting a user............................................................................................................................ 5-15 Changing the system name........................................................................................................ 5-17 Adjusting system time............................................................................................................... 5-18 Configuring NTP ....................................................................................................................... 5-19 Setting the time zone................................................................................................................ 5-20 Commands for saving the current running configuration ......................................................... 5-24 Restoring default configuration................................................................................................. 5-25 show cpuinfo field descriptions................................................................................................. 5-26 show meminfo field descriptions .............................................................................................. 5-27 show module field descriptions................................................................................................. 5-29 show system field descriptions ................................................................................................. 5-31 Checking network connectivity ................................................................................................. 5-32 PING field descriptions ............................................................................................................. 5-33 traceroute field descriptions...................................................................................................... 5-34 Configuring event level ............................................................................................................. 5-37
XIII
List of Tables
Table 5-23 Table 5-24 Table 5-25 Table 5-26 Table 5-27 Table 5-28 Table 6-1 Table 6-2 Table 6-3 Table 7-1 Table 7-2 Table 7-3 Table 7-4 Table 7-5 Table 7-6 Table 8-1 Table 8-2 Table 8-3 Table 8-4 Table 8-5 Table 8-6 Table 8-7 Table 8-8 Table 8-9 Table 8-10 Table 8-11 Table 8-12 Table 8-13 Table 8-14 Table 8-15 Table 8-16 Table 9-1 Table 9-2 Table 9-3 Table 9-4 Table 9-5 Table 9-6 Table 9-7 Table 9-8 Table 9-9 Table 9-10 Table 9-11 Table 9-12 Table 10-1 Table 10-2 Table 10-3 Table 10-4 Table 10-5
Configuring log messages to display on the console ............................................................... 5-39 Configuring log messages to display on a remote server ........................................................ 5-40 Configuring log messages to display on a Telnet session ....................................................... 5-41 Saving log messages in a log file ............................................................................................. 5-42 Displaying contents of log file ................................................................................................... 5-43 Downloading software from a remote TFTP server ................................................................. 5-44 Default port configuration ............................................................................................................. 6-2 show port field descriptions .......................................................................................................... 6-8 show port with port argument field descriptions ......................................................................... 6-10 Default VLAN configuration .......................................................................................................... 7-2 Creating a VLAN........................................................................................................................... 7-3 Assigning ports to a VLAN............................................................................................................ 7-4 Assigning IP address to a VLAN .................................................................................................. 7-6 Assigning secondary IP address to a VLAN ................................................................................ 7-7 Configuring trunk port ................................................................................................................... 7-9 Types of community strings.......................................................................................................... 8-5 Default SNMP configuration ......................................................................................................... 8-6 Setting the system contact and location information.................................................................... 8-6 Configuring SNMP community strings.......................................................................................... 8-8 Types of trap supported by Corecess R1P-SW24 ....................................................................... 8-9 Enabling a trap type.................................................................................................................... 8-10 Configuring a trap host ............................................................................................................... 8-11 Configuring SNMP access groups ............................................................................................. 8-12 show snmp-server field descriptions .......................................................................................... 8-14 show snmp-server community-list field descriptions ................................................................ 8-15 show snmp-server statistics field descriptions ......................................................................... 8-16 show snmp-server traphost field descriptions .......................................................................... 8-17 Configuring RMON event group ............................................................................................... 8-20 Configuring RMON alarm group............................................................................................... 8-23 show rmon field descriptions .................................................................................................... 8-28 SNMP & RMON Configuration Commands.............................................................................. 8-29 Criteria for packet classification.................................................................................................. 9-18 Creating a class map.................................................................................................................. 9-19 Creating a policy map................................................................................................................. 9-23 Changing CoS, IP Precedence, or DSCP value of a traffic class in a policy map ..................... 9-25 Configuring packet filtering of a traffic class in a policy map ..................................................... 9-26 Specifying a priority of a traffic class in a policy map................................................................. 9-27 Configuring rate-limint of a traffic class in a policy map ............................................................. 9-28 Applying QoS service policy ....................................................................................................... 9-29 Designating user priority for packets received from a specific port............................................ 9-31 Configuring rate limiting on a port ............................................................................................ 9-33 Configuring Shaping ................................................................................................................. 9-34 QoS configuration commands .................................................................................................. 9-35 Changing timeout for an unattended telent session................................................................. 10-5 Defining access lists ................................................................................................................. 10-7 Applying the access list to terminal line.................................................................................... 10-9 Applying the access list to SNMP access .............................................................................. 10-10 Filtering DHCP offer ............................................................................................................... 10-13
XIV
List of Tables
Table 10-6 Filtering File and Resource Sharing Protocol......................................................................... 10-15 Table 10-7 Filtering Default Traffic ........................................................................................................... 10-17 Table 10-8 Creating a class map.............................................................................................................. 10-19 Table 10-9 Creating a policy map for packet filtering ............................................................................... 10-21 Table 10-10 Applying service policies ...................................................................................................... 10-22 Table 10-11 Security configuration commands ........................................................................................ 10-23 Table 11-1 show ip igmp snoop field descriptions.................................................................................... 11-11 Table 11-2 show ip igmp snoop mrouter field descriptions ...................................................................... 11-12 Table 11-3 IP Snooping commands ......................................................................................................... 11-14 Table 12-1 DHCP snooping action according to DHCP message type ..................................................... 12-6 Table 12-2 Enabling DHCP snooping......................................................................................................... 12-7 Table 12-3 Specifying DHCP snooping ports ............................................................................................. 12-8 Table 12-4 Configuring the system filtering rules ....................................................................................... 12-9 Table 12-5 Configuring port filtering rules................................................................................................. 12-10 Table 12-6 Configuring information policy ................................................................................................ 12-11 Table 12-7 Specifying the maximum number of DHCP clients ................................................................ 12-11 Table 12-8 Adding static binding entries................................................................................................... 12-12 Table 12-9 Clearing dynamic binding entries ........................................................................................... 12-12 Table 12-10 Enabling DHCP option 82 data insertion.............................................................................. 12-14 Table 12-11 Displaying DHCP snooping binding information .................................................................. 12-15 Table 12-12 Displaying DHCP snooping port information........................................................................ 12-17 Table 12-13 Example of DHCP snooping violation data .......................................................................... 12-17 Table 12-14 Enabling ARP snooping........................................................................................................ 12-19 Table 12-15 Configuring Secure-Reply Check Type ................................................................................ 12-20 Table 12-16 Configuring Secure-Request Type ....................................................................................... 12-21 Table 14-1 Configuring link aggregation..................................................................................................... 14-5 Table 14-2 Configuring LACP partner key.................................................................................................. 14-7 Table 15-1 STP Timers............................................................................................................................... 15-4 Table 15-2 Comparison of STP and RSTP port states............................................................................... 15-7 Table 15-3 Default STP configuration......................................................................................................... 15-8 Table 15-4 Enabling STP on a VLAN ......................................................................................................... 15-9 Table 15-5 Enabling STP on a port .......................................................................................................... 15-11 Table 15-6 Configuring the bridge ID for a VLAN..................................................................................... 15-12 Table 15-7 Configuring the path cost........................................................................................................ 15-14 Table 15-8 Configuring STP encoding mode ........................................................................................... 15-16 Table 15-9 Configuring the port priority .................................................................................................... 15-17 Table 15-10 Setting spanning tree timers................................................................................................. 15-18 Table 15-11 Enabling RSTP on a VLAN................................................................................................... 15-22 Table 15-12 Configuring the path cost...................................................................................................... 15-24 Table 15-13 Configuring RSTP encoding mode....................................................................................... 15-26 Table 15-14 Configuring Spanning Tree Protocol Type ........................................................................... 15-27 Table 15-15 Configuring an Edge Port ..................................................................................................... 15-28 Table 15-16 STP configuration commands .............................................................................................. 15-29 Table A-1 Corecess R1P-SW24 hardware specifications ............................................................................ A-2 Table A-2 Corecess R1P-SW24 software specifications ............................................................................. A-3 Table B-1 Pin Configuration of 10/100/1000Base-T Port ............................................................................. B-2 Table B-2 Pin Configuration of Console Port................................................................................................ B-2 Table B-3 System Modules with Fiber Optic Ports ....................................................................................... B-5
XV
List of Tables
XVI
Chapter 1
Overview
This chapter introduces the Corecess R1P-SW24 functions and features and describes several kinds of network examples configurable with the Corecess R1P-SW24. 9 Introduction 1-2 9 Applications 1-6
Introduction
Introduction
The Corecess R1P-SW24 is a Powerful Layer 2 Ethernet Switch that enables enhanced functionalities at the access networks. With the help of the several features on offer by the Corecess R1P-SW24 commonly connected to users directly at the access network. Since the Corecess R1P-SW24 provides 24 auto-sensing 10/100Base-TX Fast Ethernet ports and supports the switching speed of 12.8Gbps@full-duplex and the packet processing speed of 19Mpps@64bytes, the maximum wire speed assigned to each port can be guaranteed. The Corecess R1P-SW24L2B can trunk the Gigabit Ethernet ports to extend uplink bandwidth using IEEE 802.3ad LACP. Since Gigabit Ethernet option modules can be installed in the option slot on the Corecess R1PSW24, it is easy to configure networks that can flexibly respond to a variety of environmental
1-2
Introduction
needs. As it can connect to a remotely located large Gigabit Ethernet backbone device by installing option module into the option slot of the Corecess R1P-SW24, it can be used as an intermediate backbone network device of a large network as well as a mid-range workgroup network. The Corecess R1P-SW24 supports high perfomance QoS (Quality of Service). Thus users can control the various types of traffic (voice, video and other important data) easily. For example, users can set priority of data to provide the serive without interrupt. The Corecess R1P-SW24 is easy to use and can be easily installed as well. Just like an Ethernet hub, it can be used by connecting cables to the target device. And LEDs on the front panel of the Corecess R1P-SW24 make it easy to manage the product and networks through notifying the operation status, port conditions and fault occurrence.
Overview
1-3
Introduction
Hardware Features
Switching and Routing Performence
y Provides the high performance switching fabric of 12.8Gbps@Full-duplex. y Provides the packet processing performance of 19Mpps@64byte.
Memory
y Main Memory (Protocol processing) y Flash Memory y Packet Buffer : 128Mbytes : 64Mbytes : 32Mbytes
Interface
The Corecess R1P-SW24 supports the following interfaces:
y Various type of uplink interface
y Fast Ethernet downlink interface (10/100Base-TX) y Gigabit Ethernet uplink interface (10/100/1000Base-T, 1000Base-LX/SX)
y Local management interface (Console, RJ-45)
Option Slots
The Corecess R1P-SW24 provides one option slot in which a variety of option modules can be installed as follows:
Table 1-1 Types of Uplink module
Specification 1 port of 10/100/1000Base-TX (RJ-45) or 1 port of 1000Base-LX/SX SFP 1 port of 1000Base-PX10(SFF,Single one- core SC) Maximum cable length of 10Km 1 port of 10/100/1000Base-TX (RJ-45) or 1 port of 1000Base-LX/SX SFP 1 port of 1000Base-PX20 (SFF,Single one- core SC) Maximum cable length of 20Km 2 port of 10/100/1000Base-TX (RJ-45) 2 port of 1000Base-LX/SX SFP supported 100M/1000M 1 port GW-PON (Single one-core SC) ONU
OPT-P1EL1CD
OPT-P2CD OPT-P1W
1-4
Introduction
Software Features
Layer 2 Switching Function
Corecess R1P-SW24 provides the following Layer 2 switching functions. y Supports IEEE 802.3x Flow control y Supports IEEE 802.1p Traffic priority (8 priority queues) y Supports Port based VLAN and IEEE 802.1q Tagged VLAN (Maximum: 254) y Supports Link aggregation using Trunk and IEEE802.3ad y Supports STP(Spanning Tree Protocol) and RSTP (Rapid STP)
Security
The Corecess R1P-SW24 supports the following security fuctions: y ( System access control through Telnet or SNMP using access lists y DHCP filtering to prevent operation of an unauthentic private DHCP server y NetBIOS filtering to pervent file share between subscribers y CIFS filtering using MAC address, IP address and TCP/UDP port number
Overview
1-5
Introduction
Network Management
The Corecess R1P-SW24 supports the SNMP and RMON for network management and port mirroring feature for solving the network problem. You can monitor and control the Corecess R1P-SW24 network via the console port, Telnet session, or the Corecess NMS, ViewlinX. The Corecess R1P-SW24 supports the following network management tools: y CLI (Command Line Interface) Commands
The Corecess R1P-SW24 provides the in-band management using SNMP, Telnet and the out-of-band management using the console based on CLI.
y SNMP
Supports the following SNMP MIBs:
- RFC 1213 MIB-II - RFC 1493 Bridge MIB - RFC 1724 RIPv2 MIB - RFC 1757 RMON (4 groups) - RFC 1850 OSPF MIB - RFC 2096 IP Forwarding Table MIBs - Agent MIB - Corecess MIB y RMON
Provides four RMON groups (history, statistics, alarms, and events) in each port as traffic management,
1-6
Introduction
y Port Mirroring
The Corecess R1P-SW24 allows you to use the port mirroring feature without effecting the switching performance.
y Software Maintenance
The Corecess R1P-SW24 provides easy-to-upgrade using FTP and TFTP in a remote place.
Overview
1-7
Applications
Applications
This section describes example applications for the Corecess R1P-SW24.
L2 Switch
1-8
Applications
E-PON ONU
Overview
1-9
Applications
WDM-PON ONU
1-10
Chapter 2
Hardware
This chapter introduces the structures of the front and rear side of the Corecess R1P-SW24 and describes the function and appearance of the cards provided for the Corecess R1P-SW24. 9 System Chassis 2-1 9 Option Modules 2-6
System Chassis
System Chassis
This section describes the external features of the Corecess R1P-SW24 chassis. On the front panel of the Corecess R1P-SW24, there are LEDs, ports, an uplink slot and power devices; thus users can monitor the switch status immediatly, and connect cables easily.
Power Input Power Option Fast Ethernet Port
Ground
There is following product according to base uplink and down link with R1P-SW24 series.
2-2
System Chassis
Ground Connector
Ground connector is used to ground the Corecess R1P-SW24 for preventing damage from electrostatic discharge or lightning. Before connecting power to the system, connect it according to local site practice.
Power Input
The power input is a terminal that connects external AC power of 100 - 240VAC by using a power cord.
Power Switch
The power switch is used when turning the Corecess R1P-SW24 on and off.
Option Slots
On the left of the 10/100Base-TX port, there are an option slot in which an option module can be installed. The Corecess R1P-SW24 provides a variety of option modules that support gigabit ports of various interfaces. The kinds of option modules that can be installed in the option slots of the Corecess R1P-SW24 are described in the Option Modules section in this chapter.
Hardware
2-3
System Chassis
Color
State On
Description The port is enabled and connecting to the devices. Data is being transmitted/received through the port. The port is disabled or not connecting to the device. Indicates that the port is operating at 1000Mbps speed. Indicates that the port is operating at 100/1000Mbps speed.
Green
Blink Off
SPEED/ 1000
Orange
On Off
Uplink port
Uplink port is used to uplink port that connect R1P-SW24 to core network and there is 2 type of uplink port.
Feature Transfer Mode Transfer Speed Connector Type Maximum Transfer Distance Transfer Media
10/100/1000Base-T Port Full-duplex mode or Half-duplex mode (Auto sensing) 10/100/1000Mbps RJ-45 100m Twisted-pair category-5+, 6 cable
1000Base-SX/LX Port Full-duplex mode 1000Mbps SFP SFP module specification SFP module specification
2-4
System Chassis
Reset Switch
The reset switch is used to reboot the Corecess R1P-SW24. When the reset switch is pressed, all the configuration information that has not been saved is deleted, and the connections between each port and other devices are disconnected. Use pointed objects like a ball-point pen when pressing the reset switch.
Console Port
The console port is used to connect a console terminal for monitoring and configuring the Corecess R1P-SW24. To connect the console port to a console terminal, use the included console cable. A PC or workstation installed with a terminal emulation program or VT-100 terminal can be used as a console terminal. Chapter 4/ Installation describes how to connect a console terminal to the console port.
RUN LED
The RUN LEDs, which indicate the operating state of the Corecess R1P-SW24, operate as follows according to the system status:
Table 2-3 RUN LED descriptions
LED
Color
Status
Description
Green On Red Off Green /Red Green Flashing Red Off Green Off Red On Off
The system is being initialized. System initialization is completed and the processor is operating normally. Processor is on abnormal operation Power is not supplied to the Corecess R1P-SW24.
RUN
Hardware
2-5
System Chassis
LED
Color
Status On
Description
The port is enabled and connecting to the devices. Data is being transmitted/received through the port. The port is disabled or not connecting to the device.
LINK/ACT
Green
Flashing
Off
R1P-SW24L2B-Downlink
R1P-SW24FL2B-Downlink
10/100Base-TX 10/100Mbps Full-duplex or half duplex (Auto sensing) RJ-45 24 100m Twisted-pair category-3, 4, 5 cable
100Base-FX 100Mbps Full-duplex or half duplex (Auto sensing) SFP 24 optional Optical cable
Transmission Mode Connector Type Port Number Maximum Cable Length Transmission Media
2-6
Uplink Modules
Uplink Modules
There is an uplink slot on the front panel of the Corecess R1P-SW24, and you can install the following uplink modules into it.
Table 2-6 Uplink Modules of the Corecess R1P-SW24
Specification 1 port 10/100/1000Base-TX (RJ-45) or 1 port 100/1000Base-LX/SX SFP Support 1 port 1000Base-PX10 SFP (Max 10Km), 100M or 1G 1 port 10/100/1000Base-TX (RJ-45) or 1 port 100/1000Base-LX/SX SFP Support 1 port 1000Base-PX20 SFP (Max 20Km), 100M or 1G 2 ports 10/100/1000Base-TX (RJ-45) Support 2 ports 100/1000Base-LX/SX SFP 100M or 1G Support 1 port GW-PON (Single SC), 1G
This section describes types and functions of uplink modules that can be installed in the uplink slot of the Corecess R1P-SW24.
Hardware
2-7
Uplink Modules
OPT-P1ES1CD
The OPT-P1ES1CD provides one Gigabit Ethernet PON port and one Gigabit Ethernet combo port. The SFF type of the Gigabit Ethernet port supports 100Mbps and 1000Mbps. The Gigabit Ethernet PON port (1000Base-PX10) provides maximum 10Km of service length. The feature of the OPT-P1ES1CD is as follows:
1000Base-PX10 port
1000Base-SX/LX port
10/100/1000Base-T port
B
LEDs of 1000Base-PX10 port LEDs of 1000Base-SX/LX SFP port and 10/100/1000Base-T port LED
LED LINK
Color Green
State On Off
Description Indicates that the port have established a valid link with the network. Indicates that the port have not established a valid link with the network. Indicates that the port is transmitting or receiving data.
ACT
Yellow
Blink
1000Base-PX Port
The Gigabit Ethernet PON port can be connected to the E-PON OLT(Optical Line Terminal) through an optical splitter. 1000Base-PX port specification is as following.
Table 2-8 Specifications of Gigabit Ethernet PON Port on the OPT- P1ES1CD Module
2-8
Uplink Modules
Transfer Speed Connector Type Port Number Maximum Transfer Distance Transfer Media
Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the
aperture of the port when no fiber cable is connected. Thus, if you dont use the fiber optic port for a long timeduring the system operation, Close the port with a cap or Connect the port with a fiber optic cable.
Gigabit Ethernet device, a connector of SFP port is automatically disabled. The following table lists the specifications of the Gigabit Ethernet port on the OPT-P1ES1CD module:
Table 2-9 Specifications of Gigabit Ethernet Port on the OPT-P2CD Module
Feature Transfer Mode Transfer Speed Connector Type Maximum Transfer Distance
10/100/1000Base-T Port Full-duplex mode or Half-duplex mode (Auto sensing) 10/100/1000Mbps RJ-45 100m
1000Base-SX/LX Port Full-duplex mode 100/1000Mbps SFP y 1000Base-SX : 550m y 1000Base-LX : 10Km y 100Base-SX : 1310nm Multi-mode y 100Base-LX : 1310nm Single mode y 1000Base-SX : 850nm Multi-mode y 1000Base-LX : 1310nm Single mode
Transfer Media
Hardware
2-9
Uplink Modules
Color
State On
Description Indicates that the port have established a valid link with the network. Indicates that the port is transmitting or receiving data. Indicates that the port have not established a valid link with the network. Indicates that the port is operating at 1000Mbps speed. Indicates that the port is operating at 100Mbps speed.
Green
Blink Off
SPEED 1000
Orange
On Off
2-10
Uplink Modules
OPT-P1EL1CD
The OPT-P1EL1CD provides one Gigabit Ethernet PON port and one Gigabit Ethernet combo port. The SFP type of the Gigabit Ethernet port supports 100Mbps and 1000Mbps. The Gigabit Ethernet PON port (1000Base-PX10) provides maximum 20Km of service length. The feature of the OPT-P1EL1CD is as follows:
100/1000Base-SX/LX SFP port 10/100/1000Base- T port
1000Base-PX20 port
B
1000Base-PX20 port LED 100/1000Base-SX/LX SFP port 10/100/1000Base-T port LED
LED
Color
State On
Description Indicates that the port have established a valid link with the network. Indicates that the port have not established a valid link with the network. Indicates that the port is transmitting or receiving data.
LINK
Green Off
ACT
Yellow
Blink
1000Base-PX20 port
1000Base-PX port can be connected to the E-PON OLT(Optical Line Terminal) through an optical splitter. 1000Base-PX port specification is as following.
Hardware
2-11
Uplink Modules
Transfer Speed Connector Type Port Number Maximum Transfer Distance Transfer Media
Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the
aperture of the port when no fiber cable is connected. Thus, if you dont use the fiber optic port for a long time during the system operation, Close the port with a cap or Connect the port with a fiber optic cable.
Gigabit Ethernet device, a SFP module connector is automatically disabled. The following table lists the specifications of the Gigabit Ethernet port on the OPT-P1EL1CD module:
Table 2-13 Specifications of Gigabit Ethernet Port on the OPT-P1EL1CD Module
Feature Transfer Mode Transfer Speed Connector Type Maximum Transfer Distance Transfer Media
10/100/1000Base-T Port Full-duplex mode or Half-duplex mode (Auto sensing) 10/100/1000Mbps RJ-45 100m Twisted-pair category-5+, 6 cable
1000Base-SX/LX Port Full-duplex mode 1000Mbps SFP y 1000Base-SX : 550m y 1000Base-LX : 10Km y 1000Base-SX : 850nm Multi-mode y 1000Base-LX : 1310nm Single mode
2-12
Uplink Modules
Color
State On
Description Indicates that the port have established a valid link with the network. Indicates that the port is transmitting or receiving data. Indicates that the port have not established a valid link with the network. Indicates that the port is operating at 1000Mbps speed. Indicates that the port is operating at 100Mbps speed.
Green
Blink Off
SPEED 1000
Orange
On Off
Hardware
2-13
Uplink Modules
OPT-P2CD
OPT-P2CD module offers 2 Gigabit Ethernet uplink port (RJ-45 or SFP type). Gigabit Ethernet uplink port offers the 1Gigabit full speed. The feature of the OPT-P2CD is as follows:
10/100/1000Base-TX port
to a Gigabit Ethernet device, a SFP connector port is automatically disabled. The following table lists the specifications of the Gigabit Ethernet port on the OPT-P2CD module:
Table 2-15 Specifications of Gigabit Ethernet Port on the OPT-P2CD Module
Feature Transfer Mode Transfer Speed Connector Type Maximum Transfer Distance
10/100/1000Base-T Port Full-duplex mode or Half-duplex mode (Auto sensing) 10/100/1000Mbps RJ-45 100m
1000Base-SX/LX SFP Port Full-duplex mode 100/1000Mbps SFP y 1000Base-SX : 550m y 1000Base-LX : 10Km
2-14
Uplink Modules
Transfer Media
LED
Color
State On
Description Indicates that the port have established a valid link with the network. Indicates that the port is transmitting or receiving data. Indicates that the port have not established a valid link with the network. Indicates that the port is operating at 1000Mbps speed. Indicates that the port is operating at 100Mbps speed.
LINK
Green
Blink Off
SPEED1000
Orange
On Off
Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the
aperture of the port when no fiber cable is connected. Thus, if you dont use the fiber optic port for a long time during the system operation, Close the port with a cap or Connect the port with a fiber optic cable.
Hardware
2-15
Uplink Modules
OPT-P1W
The OPT-P1W module provides one Gigabit GW-PON ONU port(Single SC type). OPT-P1W supports transmission by 16 light waves of different types of WDM Gigabit Ethernet links in one physical optical cable. The feature of the OPT-P1W is as follows:
Port GW-PON SC
LED
GW-PON port
The GW-PON port is used as an uplink port for the R1P-SW24 to the core network, and the following is the only Gigabit Ethernet port in the OPT-P1W module. y GW-PON port (Single one-core SC connector)
LED
Color
State On
Description Indicates that the port have established a valid link with the network. Indicates that the port have not established a valid link with the network. Indicates that the port is transmitting or receiving data. Indicates that the port is not transmitting or receiving data.
LINK
Green Off
ACT
Yellow
Blink off
Caution: Do not stare into the aperture of a fiber-optic port. Invisible radiation might be emitted from the
aperture of the port when no fiber cable is connected. Thus, if you dont use the fiber optic port for a long time during the system operation, Close the port with a cap or Connect the port with a fiber optic cable.
2-16
Chapter 3
Before Installaion
This chapter describes the precautions for installation of the Corecess R1P-SW24 and installation environment for the normal operation. It also describes the way to unpack box of the Corecess R1P-SW24 and verify the contents.
9 Precautions 3-2 9 Installation Place 3-9 9 Unpacking 3-10
Precautions
Precautions
Warning: Before you install the Corecess R1P-SW24, read this section. This section contains important safety
information you should know before working with the system.
General Precautions
y While or after installing the equipment, keep the equipment clean and free from dust all the time. y After removing the cover of the equipment, keep the cover in safe place. y Any tool or cable should not be left on the way of passage for better safety. y When installing the equipment, the installer should not wear baggy clothing so that tie, scarf, and sleeves should not be caught in the equipment. Keep tie and scarf from getting slack, and roll up the sleeves. y Avoid any harmful action that damages the people or the equipment. y In case that opening the case for repairing or test is required, contact the sales agency where you purchased this equipment, or directly contact Corecess Inc. for professional help.
Power Considerations
y Be careful when connecting the system to the supply circuit so that wiring is not overloaded. y When plugging in a power socket or handling any power source, avoid ring, necklace, metal watch for better safety. If these materials touch the power socket or ground of the product, the parts can be burnt out. y Always verify whether there is any possible danger in the workshop. Wet floor, ungrounded extension, rubbed-off power code, or unsafe (or ungrounded) floor might be dangerous.
3-2
Precautions
AC Power
y The system is designed for connection to TN power systems. A TN power system is a power distribution system with one point connected directly to earth (ground). The exposed conductive parts of the installation are connected to that point by protective earth conductors. y Ensure that the plug-socket combination is accessible at all times, because it serves as the main disconnecting device.
Preventing ESD
Electrostatic discharge (ESD) damage occurs when electronic cards or components are mishandled and can result in complete or intermittent failures. Note the following guidelines before you install or service the system: y Always wear an ESD-preventive wrist or ankle strap when handling electronic components. Connect one end of the strap to an ESD jack or an unpainted metal component on the system (such as a captive installation screw). y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and connector pins. y Handle cards by the faceplates and edges only; avoid touching the printed circuit board and connector pins. y Avoid contact between the cards and clothing. The wrist strap only protects the card from ESD voltages on the body; ESD voltages on clothing can still cause damage. y For safety, periodically check the resistance value of the antistatic strap. The measurement should be between 1 and 10 Mohms.
Before Installaion
3-3
Precautions
Disconnecting Power
When disconnecting power, note the following guidelines. y Locate the emergency power-off switch for the room before working with the system. y Turn off the power and disconnect the power from the circuit when working with components that are not hot-swappable or when working near the system backplane or midplane. If the system does not have an on/off switch, unplug the power cord. y To completely de-energize the system, disconnect the power connection to all power supplies. y For DC power supplies, locate the circuit breaker on the panel board that services the DC circuit, switch the circuit breaker to the off position, and tape the switch handle of the circuit breaker in the off position. y Do not touch the power supply when the power cord is connected. Line voltages are present within the power supply even when the power switch is off and the power cord is connected.
3-4
Precautions
Connecting Cables
When you connect cables, note the following guidelines. y Use caution when installing or modifying telephone lines to prevent electric shock. y Do not work on the system or connect or disconnect cables during periods of lightning activity. y Do not touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the network interface. y Hazardous network voltages are present in WAN ports regardless of whether power to the system is off or on. When you detach cables, detach the end away from the system first. y Do not use a telephone to report a gas leak in the vicinity of the leak. y Do not install telephone jacks in wet locations unless the jack is specifically designed for wet locations.
Preventing EMI
When you run wires for any significant distance in an electromagnetic field, electromagnetic interference (EMI) can occur between the field and the signals on the wires. y Bad plant wiring can result in radio frequency interference (RFI). y Strong EMI, especially when it is caused by lightning or radio transmitters, can destroy the signal drivers and receivers in the system, and can even create an electrical hazard by conducting power surges through lines and into the system. y If Strong EMI occurs in the installation place, consult RFI experts to get rid of it.
3-5
Precautions
y Prevent exposure to hazardous voltages and currents inside the chassis y Help contain electromagnetic interference (EMI) that might disrupt other equipment y Direct the flow of cooling air through the chassis
y Install the system in an open rack whenever possible. If installation in an enclosed rack is unavoidable, ensure that the rack has adequate ventilation. y Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted, or if the intake air is too warm, an over temperature condition can occur. y Avoid placing the system in an overly congested rack or directly next to another equipment rack. Heat exhaust from other equipment can enter the inlet air vents and cause an over temperature condition. y Equipment near the bottom of a rack might generate excessive heat that is drawn upward and into the intake ports of the equipment above. The warm air can cause an over temperature condition in the equipment above. y Ensure that cables from other equipment do not obstruct the airflow through the chassis or impair access to the power supplies or cards. y Bolt the rack to the floor for stability. y Load the rack from the bottom to the top, with the heaviest system at the bottom. y If there is equipment already installed in the rack, select the location for the system carefully considering the size of the system:
3-6
Precautions
Before Installaion
3-7
Installation Place
Installation Place
Environmental Requirements
For the safe installation and use of the Corecess R1P-SW24, the place for installation should satisfy the following requirements: y While or after installing the product, keep the product clean all the time. y The system should be installed in a cool place where has no direct ray of sunlight. Any tool or equipment should not be place on the way of passage. y The following ambience condition for temperature and humidity should always be kept.
Table 3-2 Temperature and humidity condition
Power Supply
y The Corecess R1P-SW24 should be installed in the place where power supply satisfying the following condition is provided.
Table 3-3 Power condition
y Verify the power (source) be clean. If there is too much noise or spark, it is better to have the power control equipment. y Locate an electric outlet near the system for easy installation of power cable. y Be careful with connecting power supply equipment and avoiding overload wiring.
3-8
Unpacking
Unpacking
As the following instructions, unpack the shipping carton and inspecting contents of the shipping carton.
1. Open the shipping carton of the Corecess R1P-SW24. There is this manual, desiccant, a power cable(s), and a console cable on the cushion inserted- Corecess R1P-SW24. 2. Without taking off the cushions, pick out the equipment with two hands, and put it in a safe place. 3. And then, verify whether there is a plastic bag that contains rack brackets and screws under the shipping carton.
Corecess R1P-SW24
Users Guide
Rack brackets (2) Power cable (AC) Pan-head screws (8) Binder-head screws (4)
Recommendation: After unpacking, do not throw away the box including cushions and keep them in a safe
place in case the product is relocated, it is better to move the product after packing with the box including cushions.
Note: If there are some missing contents or damaged components, contact the sales agency where you
purchased this product to replace them with new ones.
Before Installaion
3-9
Unpacking
3-10
Chapter 4
Installation
This chapter describes how to mount the Corecess R1P-SW24 on a rack, connect the cables to the ports, and connect the power.
9 Installation Procedure 4-2
9
Rack-Mounting 4-3
9 Connecting Network Devices 4-6 9 Connecting a Console Terminal 4-10 9 Connecting Power to the System 4-12 9 Starting the System 4-13
Installation Procedure
Installation Procedure
Caution: Before starting the installation
y Be sure that the installation place is satisfy the requirements referred to the Chapter 3/ Before Installation. y Be sure that the power switch is in the OFF (O) position and disconnect all connected cables.
The following summarizes the installation procedure for the Corecess R1P-SW24. The next section will describe in detail the step-by-step procedures for each step. 1. Rack-mount The design allows the Corecess R1P-SW24 to be mounted on a 19-inch rack. Rack brackets and screws needed for rack mounting are enclosed with the product. 2. Connect network devices Connect the Ethernet ports of the Corecess R1P-SW24 and of the option module with other devices using appropriate network cables. 3. Connect a system mangement port Connect a console terminal to change the configuration of the Corecess R1P-SW24 or to monitor its status. 4. Connect power to the system Connect adjacent power after installing the Corecess R1P-SW24. 5. Start the system Turn the Corecess R1P-SW24 on and verity that the system is correctly installed by checking that certain LEDs are lit.
4-2
Rack-Mounting
Rack-Mounting
The design allows the Corecess R1P-SW24 to be mounted on any kind of standard 19-inch racks. This section describes how to install the Corecess R1P-SW24 on a 19-inch rack.
Caution: Before installing the system in a rack, read the Rack-Mounting the System section in the
Chapter 3/ Before Installation to familiarize yourself with the proper site and environmental conditions. Failure to read and follow these guidelines could lead to an unsuccessful installation and possible damage to the system and components.
y Check to see if there is a vertical space of around two rack units (2U) in the rack because of the
Corecess R1P-SW24 (1U) and air flow space (1U).
19inch rack
Installation
4-3
Rack-Mounting
Two (2) rack brackets Four (4) binder-head screws (M5, 8mm) Eight (8) pan-head screws (M3, 6mm)
Note: For more information about ESD, refer to the Chapter 3 Before Installation.
Once all the tools and equipment are prepared, mount the Corecess R1P-SW24 on a 19-inch rack according to the following procedure: 1. Place the Corecess R1P-SW24 on a spacious floor or a sturdy table near the rack. And check the tools and equipment. 2. There are four screw holes on each side of the Corecess R1P-SW24. As shown in the figure, place the rack brackets to the screw holes and fix them using pan-head screws.
4-4
Rack-Mounting
3. Make sure that the 19-inch rack is placed on a convenient location for the Corecess R1PSW24 to be installed. And check to see if there is a 1U high space in the rack where the Corecess R1P-SW24 can be installed. 4. Lift up the Corecess R1P-SW24 installed with rack brackets as high as the available space in the 19-inch rack. 5. Place the rack brackets installed on the Corecess R1P-SW24 to the holes of the 19-inch rack. And fix the brackets using four binder-head screws.
Caution: The following explanations should be noticed when installing the Corecess R1P-SW24 into the 19inch rack: y Locate the heavy things at the bottom of the rack. If there is another equipment already installed in the rack, select the location for the Corecess R1P-SW24 carefully considering the size of the Corecess R1P-SW24. y If the rack is empty, you should install the Corecess R1P-SW24 at the bottom of the rack.
Installation
4-5
10/100Base-TX Port
The 10/100Base-TX port on the front of the Corecess R1P-SW24 can be connected with the Fast Ethernet network that supports the transmission speed up to 100Mbps. Using the RJ-45 UTP(STP) cable, connect the 10/100Base-TX port to the Fast Ethernet device as follows:
R1P-SW24 UTP cable y 10Mbps : Category-3,4 y 100Mbps : Category-5 y 1000Mbps : Category-5+, 6 y MAX. cable length : 100m
PC
Hub or Switch
4-6
100Base-FX Port
The 100Base-FX port on the front of the Corecess R1P-SW24FL2B can be connected with the Fast Ethernet network that supports the transmission speed up to 100Mbps.
R1P-SW24FL2B Series use 100Base - FX SFP optical module on each down link port.
100Base-FX SFP
Optical Converter
PC
Installation
4-7
1000Base-PX Port
The OPT-P1ES1CD and OPT-P1EL1CD module of the Corecess R1P-SW24 provides the Gigabit Ethernet PON uplink port. The Gigabit Ethernet PON uplink port can be connected to the core network using the 1000Base-PX connector. Prepare the single mode fiber optic cable (Tx: 1310nm, Rx: 1490nm), then connect the cable to the 1000Base-PX port of the OPT-P1ES1CD or OPT-P1EL1CD module and a Gigabit Ethernet PON device.
Corecess S5 E-PON OLT Single Mode Fiber Optic Cable y Connector : Simplex SC y Wavelength : 1310nm (Tx), 1490nm (Rx) y Max. cable length : 10/20Km
Corecess 4500 Optical Splitter Single Mode Fiber Optic Cable y Connector : Simplex SC y Wavelength : 1310nm (Rx), 1490nm (Tx) y Max. cable length : 10/20Km
R1P-SW24
4-8
100/1000Base-LX/SX Port
The 100/1000Base-SX/LX SFP module can be installed in the SFP slot of the uplink modules on the Corecess R1P-SW24, and the Corecess R1P-SW24 can be connected to the core network using the 1000Base-SX/LX SFP module. Depends on the type of SFP modules, connect cables as follows:
Single Mode Fiber Optic Cable y Connector : Duplex LC y Wavelength : 1310nm (Rx, Tx) y Max. cable length : 15/40Km
Multi-Mode Fiber Optic Cable y Connector : Duplex LC y Wavelength : 850nm (Rx, Tx) y Max. cable length : 2km
R1P-SW24
Installation
4-9
Single Mode Fiber Optic Cable y Connector : Duplex LC y Wavelength : 1310nm (Rx, Tx) y Max. cable length : 10Km
Multi-Mode Fiber Optic Cable y Connector : Duplex LC y Wavelength : 850nm (Rx, Tx) y Max. cable length : 550m
R1P-SW24
4-10
10/100/1000Base-T Port
The RJ-45 port of the uplink modules on the Corecess R1P-SW24 supports 10/100/1000Base-T interface, and the RJ-45 port can be connected with the Gigabit Ethernet device that support the transmission speed up to 1000Mbps. Using the twisted-pair cable, connect the 10/100/1000Base-T port to the Gigabit Ethernet device.
R1P-SW24
Twisted pair cable y 10Mbps : Category-3, 4 y 100Mbps : Category-5 y 1000Mbps : Category-5+, 6 y Max. cable length : 100m
Note: The 10/100/1000Base-T port on the uplink module support automatic MDIX feature, which allows you to
use either straight-through or crossover twisted-pair cables for connecting to any network devices.
Installation
4-11
y Can browse the logs of various events and traps occurring at the switch. y Can download new software from ftp server. y Can strengthen the system security through specifying hosts that can access switches. There are two different ways to access to a console: y Out-of-Band: The console port on the front panel of the Corecess R1P-SW24 is directly connected to a VT-100 terminal or a PC that is to be used as a console terminal using a console cable comes with the Corecess R1P-SW24. y In-Band: Access is gained from a PC or a VT-100 terminal emulator through Telnet sessions to the Corecess R1P-SW24. To use this method, the IP address and subnet mask of the Corecess R1P-SW24 need to be designated. See the Chapter 5/ Basic Configuration to designate the IP address and subnet mask of the Corecess R1P-SW24.
Bits per second Data bit Parity bit Stop bit Flow control
4-12
R1P-SW24 Console cable (RJ-45 - DB-9) y Console cable included with the system y Max. cable length : 15m
Console Terminal
Installation
4-13
y Be sure that the power to be connected to the system is satisfy the considerationts referred to the Chapter 3/ Before Installation. y Be sure that the power switch on the rear panel is turned off (O).
1. Check that the power switch is in the OFF (O) position. 2. Connect the power cord, which is provided with the product, to the power input located on the front panel of the Corecess R1P-SW24. And plug the power cord into an outlet.
R1P-SW24
4-14
R1P-SW24 u-Boot 1.1.4(3) (sdream@hera) CPU: AMCC PowerPC 405EP Rev. B at 200 MHz (PLB=99, OPB=33, EBC=49 MHz) I2C boot EEPROM disabled Internal PCI arbiter enabled 16 kB I-Cache 16 kB D-Cache Board: Corecess R1P-SW24 I2C: DRAM: In: Out: Err: FMEM: ready 124 MB serial serial serial OneNAND 64MB 2.65/3.3V 16-bit KFG1216D2A Samsung 63.1008 Mbytes available (BB=0), 504Blocks(128KB) BEDBUG:ready Hit CTRL-C to stop autoboot: 0 .. complete. Loading from device onenand(0:0x1800000) to 0x1000000 ... 100% ## Booting image at 01000000 ... . .... OK
FLASH: 512 kB
Installation
4-15
. .
6. Once the initialization is properly completed in a short while, the RUN LED flickers in green. And the following login message is displayed on the console screen.
login:
Now, the Corecess R1P-SW24 is properly installed. If you want to log into the console and to configure the system at the console, refer to Chapter 5/ Basic Configuration.
4-16
Chapter 5
Basic Configuration
This chapter briefs general configuration method of the Corecess R1P-SW24. The Corecess R1P-SW24 already has configured with default upon the shipment and can immediately be used without additional configuration explained in this chapter. If the default configuration should be changed according to users network environment, refer to the contents in this chapter.
9
9 Configuring Basic System Parameters 5-12 9 Configuration File Management 5-22 9 Monitoring and Maintaining the System 5-25 9 System Log Management 5-34 9 Upgrading Software 5-42
Before Configuration
Before Configuration
This section describes how to access the Corecess R1P-SW24 CLI and provides information that you should know before using the Corecess R1P-SW24 Command Line Interface (CLI).
R1P-SW24 Console cable (RJ-45 - DB-9) y Console cable included with the system y Max. cable length : 15m
Console termial environment - 9600 bps, 8 data bits, no parity bit, 1 stop bit, no hardware flow control Console Terminal
2.
Make sure that you have started the emulation software program such as HyperTerminal from your console terminal.
3.
Press [Enter] and the following login message is displayed on the console terminal:
login:
5-2
Before Configuration
4.
Enter the login ID and press the [Enter]. The default login ID is corecess. If you entered the login ID, localhost> prompt appears.
5.
To configure the Corecess R1P-SW24, enter the Privileged mode by enable command. If you enter Privileged mode, the prompt is changed from localhost> to localhost#.
Note: After specifying the IP address of the NMS port(Management interface), you can access the Corecess R1PSW24 CLI through the Telnet session or NMS.
Basic Configuration
5-3
Before Configuration
Command Modes
The commands in the CLI are organized into the following modes:
Table 5-1 CLI modes
Description In this mode, you can display information and perform basic tasks such as Ping and Telnet. In this mode, you can use the same commands as those at the User mode plus configuration commands that do not require saving the changes to the system-configure file.
Privileged
Global
The global mode allows you to globally configure access-lists, DHCP, SNMP, and VLAN. You can also apply or modify parameters for ports on the device. The interface mode allows you to configure the features for the specific VLAN interface. The QoS configuration mode allows you to configure QoS (Quality of Service) on the system. The Class-map configuration mode allows you to configure QoS classmap. The Policy-map configuration mode allows you to configure QoS policy-map. The Policy-map class mode allows you to assign the class map to be applied to QoS policy-map.
Interface
QoS
Configuration
Class-map
Policy-map
Policy-map-class
You can enter the each command mode by entering the following command.
Table 5-2 Command mode access method
To Privileged
Global Interface
From User mode Privileged mode Global configuration Global configuration QoS configuration QoS configuration Policy-map configuration enable
CLI Command
Configuration
5-4
Before Configuration
To exit from Privileged mode, enter disable privileged mode command. The CLI prompt will be changed from # to > returning to the user mode from Privileged mode.
localhost# disable localhost>
If you enter the exit privileged mode command, you can exit form the CLI.
corecess# exit
login:
To exit from Global configuration mode, enter end configuration mode command. The CLI prompt will be changed to localhost# returning to Privileged mode.
localhost(config)# end localhost#
Basic Configuration
5-5
Before Configuration
This example shows how to return to Privileged mode from the policy-map mode by using the end command:
localhost(config-pmap)# end localhost#
5-6
Before Configuration
Prompt
On the Corecess R1P-SW24 CLI prompt, the node name and current command mode are indicated as follows:
localhost(config-qos)#
Node name Command mode
The default node name is localhost. This default node name is used for the prompt until you change them. The following table provides the prompt of the main command modes.
Table 5-3 Prompt of the main command modes
Prompt corecess > corecess # corecess(config)# corecess(config-if)# corecess(config-qos)# corecess(config-cmap)# corecess(config-pmap)# corecess(config-pmap-c)#
Configuration
Note: You can change the node name of the Corecess R1P-SW24 by using hostname global configuration mode command.
Basic Configuration
5-7
Before Configuration
Getting Help
The Corecess R1P-SW24 CLI provides help system that shows the list of available commands or command options. You can also get information about their function and brief description of usage. This section describes how to use help system for the Corecess R1P-SW24 CLI. y To obtain a list of commands that are available for each command mode, enter a question mark (?) at the prompt:
# ? calendar clear clock close cls configure copy debug delete diag disable enable end exit help list no ping reset session show ssh telnet terminal traceroute undebug update write # Delete Diagnosis mode Turn off privileged mode command enable End current mode and down to previous mode Exit current mode and down to previous mode Description of the interactive help system Print command list Negate a command or set its defaults send echo messages reset Create Session Show Open a ssh connection Open a telnet connection Set terminal line parameters Trace route to destination Disable debugging functions (see also 'debug') Update Images Write running configuration to memory, network, or terminal calendar Reset functions System clock Close the terminal Clear a screen Configuration from vty interface Copy from one file to another
5-8
Before Configuration
y To obtain the syntax for commands that are available for each command mode, enter the list command at the prompt:
# list calendar set WORD [WORD] [WORD] [WORD] clear arp clear arp A.B.C.D clear arp-cache clear diag port (fastethernet|gigabitethernet|adsl|vdsl|shdsl) WORD clear host-entries clear host-entries A.B.C.D clear interface vlan id <1-4094> : : update rootfs image id <1-100> write file write memory write terminal write terminal port (fastethernet|gigabitethernet|adsl|vdsl|shdsl |switchfabric|stacking) WORD #
y To obtain a list of any command's associated keywords and arguments, enter a question mark (?) after a partial command followed by a space:
# clear ip ? dhcp igmp netflow route static # clear ip Dynamic Host Configuration Protocol Internet Group Management Protocol netflow Clear all routing table Static routing table & configuration
Basic Configuration
5-9
Before Configuration
But if you enter only co t, the following error message will be displayed. Because there are copy and configure command and the system cant distinguish the two commands.
localhost# co t % Ambiguous command :co t
y To complete a command, press Tab key. If you enter a few known characters, then press Tab key, the CLI displays the rest characters of the command. For example, if you enter only con, then press Tab key, the CLI displays configure on the terminal. y To display a list of available commands or command options, enter ?. If you have not entered part of a command at the command prompt, all the commands supported at the current CLI mode are listed. If you enter part of a command, then enter ?, the CLI lists the options you can enter at the point in the command string.
5-10
Before Configuration
Specifying Ports
To specify ports, follow these rules. y Use slot-number/port-number to specify one port. For example, enter 1/1 to specify the port 1 on the option module installed in the slot 1. y Use dash (-) to specify consecutive number of ports. For example, enter 2/3-6 instead of entering 2/3 2/4 2/5 2/6. y Use comma (,) to specify non-consecutive number of ports. For example, enter 2/1,2/3-4 instead of entering 2/1 2/3 2/4. y See the following figure to check the slot number:
Slot 2 2 Slot 3 3
1 Slot 1
Editing Commands
The CLI supports the following line editing commands. To enter a line-editing command, use the CTRL-key combination for the command by pressing and holding the CTRL key, then pressing the letter associated with the command.
Table 5-4 CLI line-editing commands
Ctrl-Key Combination Ctrl+a Ctrl+b Ctrl+d Ctrl+e Ctrl+f Ctrl+n Ctrl+p Ctrl+u
Description Moves to the first character on the command line. Moves the cursor back one character. Deletes the character at the cursor. Moves to the end of the current command line. Moves the cursor forward one character. Enters the next command line in the history buffer. Enters the previous command line in the history buffer. Deletes all characters from the cursor to the beginning of the command line.
Basic Configuration
5-11
Command enable configure terminal interface management ip address <ip-address>/<M> exit ip route default <gateway-address> end show interface management ping <host> write memory 1. Enter Privileged mode.
Task
2. Enter Global configuration mode. 3. Enter Interface configuration mode for configuring management interface.
5-12
The following is an example of assigning an IP address and subnet mask to the management Ethernet interface and verifying the configuration:
> enable # config t (config)# interface Vlan id 1 (config-if)# ip address 172.27.68.100/16 (config-if)# exit (config)# ip route default 172.27.1.254 (config)# end #show interface vlan id 1 Interface management index 2 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:90:a3:cd:0e:b0 inet 172.27.68.100/16 broadcast 172.27.255.255 input packets 0, bytes 0, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 # ping 172.27.2.49 172.27.2.49 is alive! # write memory Building Configuration... [OK] #
Basic Configuration
5-13
User Management
To access the CLI of the Corecess R1P-SW24, you must login by entering a user name. By default, corecess exists. The corecess is administrators who can read and write the system configuration. You can add new users to the Corecess R1P-SW24, modify the users information, and remove them.
Command enable configure terminal username <name> password <password> [8] end show username write memory 1. Enter Privileged mode.
Task
2. Enter Global configuration mode. 3. Add a user. y <name>: The user ID for entering the CLI. y <password>: The password for the user. 4. Return to Privileged mode. 5. Verify the list of user configuration 6. Save the IP address configuration.
The following example adds a user whose id is kka and password is violet and verifies the configuration:
# configure terminal (config)# username kka passwd violet (config)# end # show username corecess kka none console none Sat Nov 12 12 14:41:45 +0900 2005 **Never logged in**
5-14
Command configure terminal username <name> passwd <password> [8] end write memory
Task 1. Enter Global configuration mode.. 2. Specify a new password. y <name>: The user name to modify password. y <password>: New password y 8: Encrypts the password. 3. Return to Privileged mode. 4. Save the configuration change.
Deleting a User
To delete a user, follow this procedure:
Table 5-8 Deleting a user
Command configure terminal no username <name> end show username write memory
Task 1. Enter Global configuration mode. 2. Delete a user. y <user-name>: The user name to delete. 3. Return to Privileged mode. 4. Verify the list of users. 5. Save the configuration change.
Basic Configuration
5-15
The following is an example of deleting the user kka and verify the deletion:
# configure terminal (config)# no username kka (config)# end # show username # write memory Building Configuration... [OK] #
5-16
Task 1. Enter Global configuration mode. 2. Specify the system name. y <system-name>: The string used for system name. The maximum length of the host name is 63 alphanumeric characters or _ beginning with alphabet. 3. Return to Privileged mode. 4. Save the configuration change.
hostname <system-name>
Basic Configuration
5-17
Task
2. Specify the current system time and date. y <time>: Current time in hours, minutes, and seconds (in the format hh:mm:ss, example : 16:24:00) y <day>: Current day (by date) in the month. y <month>: Current month (1 ~ 12, or name). y <year>: Current year (no abbreviation). 3. Reads manually the calendar into the system clock. 4. Verify the configuration.
The following is an example of adjusting the system calendar and changing the system clock into the system calendar:
> enable # clock set 15:00:00 11 7 2007 # show clock Wed jul 11 15:00:03 KST 2007 # write memory Building Configuration... [OK] #
To change the current software clock (calendar) to the system clock, use the clock readcalendar command in Privileged mode.
# show calendar Wed jul 11 15:00:15 2007 -0.747987 seconds
5-18
Note: 'Clock' system clock if system first shipping or system power supply turns off many long hours because
system charge earth is discharged date and time reset because is done system date and time again set must . Charge takes about smallest 24 hours and system power turns off and system clock acts during smallest 10 days. calendar clock is erased when the system is turned off or reboot. It is different to the system clock that maintains time information even the system turned off or reboot.
Basic Configuration
5-19
Command
Task 2. Set the NTP mode. y broadcast: Configure the system in NTP broadcast client mode. y multicast <group-address>: Configure the system in NTP multicast client mode. - <group-address>: Multicast group address y server <poll> <ip-address>: Configure the system in NTP server mode.
- <poll>: The polling interval. - <ip-address>: The IP address of the NTP server.
ntp config type {broadcast | multicast <groupaddress> | server <poll> <ip-address> preset {on | off}}
y preset: Whether to preset the system clock to the time received from NTP server. - on: Preset. - off: Not preset.
The following example shows how to configure the system in NTP server mode and verify the configuration:
(config)# ntp config type server 32 203.255.112.69 preset on (config)# ntp enable (config)# end # show ntp config ntp config type server 32 203.255.112.69 preset on ntp enable #
Task
5-20
2. Set the time zone. Clock timezone <region> <areacode> y <region>: The region name. Select one of followings: - Africa, America, Antarctica, Arctic, Asia, Atlantic, Australia, Europe, Indian, Pacific y <area-cded>: Area code(area code, 1 ~ 1000). You can see the area code for the selected region by using the show ntp region in Privileged mode. 3. Return to Privileged mode. 4. Verify the configuration. 5. Save the configuration changes. 6. Restart the system.
The following example shows how to set the time zone and the area code to Asis/Seoul:
(config)# clock timezone Asia 54 %set timezone asia/Seoul %please restart vtysh (config)# end 1p_lab# sh running-config Building configuration... Current configuration: ! ! version 0.80 ! hostname r1p_sw24lb clock timezone asia 54 username corecess passwd corecess $1$$Ij31LCAysPM23KuPlm1wA . . . # write memory Building Configuration... [OK] # reset system . .
Basic Configuration
5-21
5-22
Basic Configuration
5-23
Mode
Privileged mode
The following example shows how to save the configuration changes to NVRAM using the
write memory command:
# write memory Building Configuration... [OK] #
The following example shows how to save the configuration changes to NVRAM using the
write file command:
# write file Building Configuration... [OK] #
The following example shows how to save the configuration changes to NVRAM using the
copy running-config startup-config command:
# copy running-config startup-config Building Configuration... [OK] #
5-24
Basic Configuration
5-25
command in Privileged mode. The following is a sample output of the show cpuinfo command:
localhost# sh cpuinfo processor cpu clock revision bogomips machine plb bus clock pci bus clock localhost# : 0 : 405EP : 200MHz : 9.80 (pvr 5121 0950) : 197.63 : Corecess Sparta for IBM 405EP : 99MHz : 33MHz
The following table describes the fields shown by show cpuinfo command:
Table 5-15 show cpuinfo field descriptions
Field cpu clock revision bogomips machine plb bus clock pci bus clock Model name of the CPU. Clock speed of the CPU. Version information of the CPU.
Description
Bogomips is the number of million times per second a CPU can do absolutely nothing and is used for a measurement of speed for the non Intel CPUs. Maker of the CPU. Clock speed of the PLB bus. Clock speed of PCI bus.
5-26
command in Privileged mode. The following is a sample output of the show meminfo command:
# show meminfo MemTotal: 119684 kB MemFree: Buffers: Cached: SwapCached: Active: Inactive: SwapTotal: SwapFree: Dirty: Writeback: AnonPages: Mapped: Slab: SReclaimable: SUnreclaim: PageTables: NFS_Unstable: Bounce: CommitLimit: Committed_AS: VmallocTotal: VmallocUsed: VmallocChunk: # 67472 kB 16876 kB 12072 kB 0 kB 14864 kB 20664 kB 0 kB 0 kB 0 kB 0 kB 6620 kB 4680 kB 3840 kB 816 kB 3024 kB 304 kB 0 kB 0 kB 59840 kB 67288 kB 524216 kB 4792 kB 519316 kB
The table below describes the fields shown by the show meminfo command:
Table 5-16 show meminfo field descriptions
Description Total amount of memory held in bytes. Total amount of used memory in bytes. Total amount of free memory in bytes.
Basic Configuration
5-27
Total amount of shared memory in bytes. Total amount of buffer memory in bytes. Total amount of cache memory in bytes. Total amount of swap in bytes. Total amount of used swap in bytes. Total amount of free swap in bytes. Total amount of memory in Kilobytes. (Continued)
Field MemFree MemShared Buffers Cached SwapCached Active Inactive HighTotal HighFree LowTotal LowFree SwapTotal SwapFree
Description Total amount of free memory in Kilobytes. Total amount of shared memory in Kilobytes. Total amount of buffer memory in Kilobytes. Total amount of cache memory in Kilobytes. Total amount of swap cache in Kilobytes. Amount of buffer or cache memory currently allocated in kilobytes. Amount of free buffer or cache memory in Kilobytes. Amount of memory which is not mapping to kernel directly. This is different according to the type of the used kernel. Amount of free memory which is not mapping to kernel directly. This is different according to the type of the used kernel. Amount of memory which is not mapping to kernel directly. This is different according to the type of the used kernel. Amount of free memory which is not mapping to kernel directly. This is different according to the type of the used kernel. Total amount of swap in Kilobytes. Total amount of free swap in Kilobytes.
5-28
SW24 using the show module command in Privileged mode. The following is a sample output of the show module command:
# show module Codes : * - Internal/Built-in Module, N - Network Attached Module X - Switch Fabric Module, > - Current Management Module Module > Base 1 2 3 Module 1 2 3 # Ports Description N/A 2 2 24 Control Module R1P-SW24 OPT-P1ES1CD R1P-SW24 Hw Status active insert,up insert,up insert,up Fw N/A N/A N/A Sw N/A N/A N/A N/A N/A N/A Serial No. N/A
Version
------- ------------------ ---------------- --------------- --release.rev(patch) 0.0(3) release.rev(patch) N/A release.rev(patch) 0.0(3)
The table below describes the fields shown by the show module command:
Table 5-17 show module field descriptions
Field Module
Ports Description Status Serial No. Hw Fw Sw
Description Slot number which the module is installed on. Number of the ports on the module. Type of the module. Equipment status and operating status of the module. Serial number of the module. Hardware version of the module. Firmware version of the module. Software version of the module.
Basic Configuration
5-29
command in Privileged mode. The following is a sample output of the show system command:
# show system System Information ------------------------------------------------------------Subscriver/Service Interface Board(s) SIB SIB SIB PWR FAN [ [ [ [ [ 1] 2] 3] 1] 1] Normal Normal Normal Normal Normal
Auxiliary Information ------------------------------------------------------------Fan Temperature (`C(`F)) Max/Min Threshold (`C(`F)) Current Temperature Max/Min Threshold MIB-II: System Group Contact: support@corecess.com Name: Corecess R1P Location: Corecess Inc. Descr: R1P Switch ObjectID(36): 1,3,6,1,4,1,2971,50,48 # : : 42 (107 ) 90/ 80 (194/176) : 33/ 25 ( 91/ 77)
-------------------------------------------------------------
5-30
Each field shown by the show system command describes the following information about system state:
Table 5-18 show system field descriptions
Field System Information Fan Max/Min Threshold Temperature Current Temperature Max/Min Threshold
Description The state of the main and option slot, power, and fan module. The range of the normal temperature of the fan module. The Corecess R1P-SW24 doesnt provide this information Current temperature of the inside of the system () The range of the normal temperature of the system.
Basic Configuration
5-31
Commands
Task 1. Ping another node on the network. y <destination>: The IP address of the host or the network number to ping. y count: Sends the specified number of ICMP packets. - <packet-count>: The number of packets to send (1 ~ 512). 2. Trace the route of packets through the network to another node. y <host-ip>: Destination address. y <host-name>: Host name. 3. If the host is unresponsive, check the IP address, subnet mask. 4. If the interface is properly configured, check the default gateway configuration.
5-32
64 bytes from 172.27.2.49: icmp_seq=15 ttl=128 time=762 usec --- 172.27.2.49 ping statistics --16 packets transmitted, 15 packets received, 6% packet loss round-trip min/avg/max/mdev = 0.760/1.304/8.284/1.866 ms #
The following messages are displayed according to the status of host and network:
Table 5-20 PING field descriptions
Displayed message 22 data bytes from <host> : icmp_seq=n. time=n usec no answer from <host> <host> is unreachable Network is unreachable. : 2
Connection Status
Host or network is connected. (When the ICMP echo response messages have been received from the host or network) Destination does not respond. (When any packets have not been received from the host or network) Host is unreachable. Network is unreachable.
This example shows how to perform a traceroute to the host whose IP address is 192.1.1.1:
# traceroute 192.1.1.1 traceroute to 192.1.1.1 (192.1.1.1), 30 hops max, 38 byte packets 1 2 3 4 5 6 7 8 9 . . . 25 26 27 28 29 30 * * * * * * * * * * * * * * * * * * * 172.27.1.254 (172.27.1.254) 61.107.96.1 (61.107.96.1) 172.30.4.1 (172.30.4.1) 4.204 ms 9.754 ms 1.317 ms 1.441 ms 1.838 ms 1.838 ms 2.277 ms * 192.168.11.126 (192.168.11.126) 1.825 ms 61.96.195.249 (61.96.195.249) 172.30.100.33 (172.30.100.33) 172.30.100.10 (172.30.100.10) 211.61.251.1 (211.61.251.1) 211.61.251.4 (211.61.251.4) 1.640 ms 1.778 ms
2.375 ms
1.838 ms
1.856 ms
2.305 ms 3.338 ms
1.861 ms 2.812 ms
1.802 ms 2.811 ms
Basic Configuration
5-33
The following example displays sample traceroute output when a destination host IP address is specified:
# traceroute 61.107.97.51 traceroute to 61.107.97.51 (61.107.97.51), 30 hops max, 40 byte packets n 1 2 3 o # 172.26.1.254 (172.26.1.254) 192.168.11.126 (192.168.11.126) 61.107.97.51 (61.107.97.51) p 14.812 ms 0.497 ms 14.812 ms 29.758 ms 0.454 ms q 29.758 ms 22.752 ms 22.752 ms 0.360 ms
The table below describes the fields shown by the traceroute command:
Table 5-21 traceroute field descriptions
Field n o p q
Description Maximum TTL value and the size of the ICMP datagrams being sent Indicates the sequence number of the switch router in the path to the host IP address of the router Round-trip time for each of the three probes that are sent
The following example shows how to display the interface information of the using the show interface vlan id 1 command:
# sh interface vlan id 1
Interface vlan1 Index30,kernelindex 7(1)metric1mtu1514 <UP,BROADCAST,RUNNING,MULTICAST > HWaddr: 00:90:a3:22:33:4a inet 172.18.1.1/16 broadcast 1.1.255.255 input packets 47, bytes 3781, dropped 12, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 0, bytes 0, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 Status Checking link-status trap is disable no checking member's link status IPv4 Options icmp redirects are not sent icmp unreachables are sent
5-34
IPv4 ARP Information timeout : 1800 sec proxy-arp : routing mode off proxy-arp : bridge mode off #
Basic Configuration
5-35
More critical
5-36
To configure the types and level of the events, use the following command in Global configuration mode.
Table 5-22 Configuring event level
Command logging level <type> <level> end show logging write memory
Task 1. Configure the event types and level to save. y <type>: Type of event to configure the level. y <level>: Level of event (1 ~ 8). Default setting is 6. 2. Return to Privileged mode. 3. Verify the configuration. 4. Save the changed configuration.
The following example configures the sys events of the lower levels (Emergency, Alert, Critical, and Errors) than Errors level (level 4) to be stored in the system log file:
# configure terminal (config) # logging level sys 4 (config) # end # show logging CoreOS Logging System: $Revision: 1.2 $ console logging is disable logging buffer is enable logging file is disable logging buffer size is 128 kbytes Facility ----------sys config filesys authorize Default Severity -----------------6 6 6 6 Current Severity -----------------6 6 6 6
Basic Configuration
5-37
Note:
- sys : Events related to system hardware. - filesys : Events related to file system. - authorize : Events related to security and authentication. - port : Events related to ports. - interface : Events related to interfaces. - vlan : Events related to VLAN (Virtual LAN). - spantree : Events related to spanning tree and bridge. - lacp : Events related to LACP (Link aggregation Control Protocol). - igmp : Events related to IGMP and IGMP snoopping. - mcast : Events related to multicast. - qos : Events related to QoS (Quality Of Service). - acl : Events related to access list. - snmp : Events related to SNMP. - snmp_rmon : Events related to SNMP RMON. - dhcp : Events related to DHCP. - ntp : Events related to NTP. - route_main : Events related to Main Routing Control.
5-38
Command logging console {enable | disable} end show logging write memory
Task 1. Configure whether to display log messages on the console. y enable: Displays log messages on the console. y disable: Doesnt display log messages on the console. 2. Return to Privileged mode. 3. Check the result. 4. Save the changed configuration.
The following example configures the log messages to display on the console screen and check the result:
(config)# logging console enable (config)# end # show logging console logging is enable logging buffer is enable logging file is disable logging buffer size is 128 kbytes . . # write memory Building Configuration... [OK] #
Basic Configuration
5-39
Task 1. Specify a remote host to display the log messages. y <ip-address>: IP address of a remote host. y <host-name>: Host name of a remote host. 2. Return to Privileged mode. 3. Check the result. 4. Save the changed configuration.
The following example configures the system log to display on the remote host whose IP address is 172.10.1.0:
(config)# logging 172.10.1.0 (config)# end # show logging console logging is enable logging buffer is enable logging file is disable logging buffer size is 128 kbytes logging servers 172.10.1.0 . . # write memory Building Configuration... [OK] #
5-40
Task 1. Configure whether to display log messages on Telnet sessions. y enable: Displays log messages on Telnet sessions. y disable: Doesnt display log messages on Telnet sessions. 2. Return to Privileged mode. 3. Save the changed configuration.
The following example configures the system log to display on Telnet sessions:
# configure terminal (config)# logging session enable (config)# end # write memory Building Configuration... [OK] #
Basic Configuration
5-41
Task 1. Configure whether to save the log messages in a log file. y enable: Saves log messages in a file. y disable: Doesnt save log messages in a file.
The following example shows how to configure the log message to be save in a file:
(config)# logging file enable (config)#
5-42
Task 1. Display the log messages saved in the log file. y <line>: Number of log messages to display.
Nov 14 10:06:58 localhost Nov 14 10:07:09 localhost Nov 14 10:07:09 localhost Nov 14 10:07:10 localhost
VLAN-6-VLAN_CREATED: vlan [1] is created SYS-6-SYS_MODULE: module [1] is inserted SYS-6-SYS_MODULE: module [2] is inserted PORT-6-LINK_CHANGE: 1/1: ifIndex 1 Link Up (Up)
Nov 14 10:07:09 localhost SNMP-5-COLDSTART: Cold Start Nov 14 10:07:32 localhost AUTHORIZE-6-LOGIN: login corecess authentication service(login) tty(/cinitrd/dev/console) from (local) Nov 14 10:07:33 localhost AUTHORIZE-6-USER_LOGIN: corecess login from /cinitrd/dev/console #
The following table describes the fields shown by the show logging buffer command:
Nov 24 13:49:56 CCR1PAD AUTHORIZE-6-USER_LOGIN: root login from /dev/console n No n o r o Description Date and time that the event occurred (month date hour:minute:second) System name The brief description of the event in brief. p
Basic Configuration
5-43
Upgrading Software
Upgrading Software
You can download the software for the cards on the Corecess R1P-SW24 from a remote TFTP server. To download software from a TFTP server, the Corecess R1P-SW24 should be connected with remote source server as follows:
Remote telnet
Console
To download software from a remote TFTP server to the Corecess R1P-SW24, perform this task in Privileged mode:
Table 5-28 Downloading software from a remote TFTP server
Command
Task 1. Download specified file from the TFTP server. y <tftp-ip>: IP address of the TFTP server. y image: Downloads system image file from the TFTP server. y <file-name>: The file name used for saving the downloaded file. 2. Verify software download. 3. Select an image used for booting code. y <id>: Id of the image. 4. Reboot the system.
5-44
Upgrading Software
The following is an example of downloading R1Psw24l2-base-osapp-kt_0.0.6.img file from the TFTP server whose IP address is 172.27.2.17:
# copy tftp 172.18.35.35 flash image r1p-base-osapp-kern26.6.img tftp: data 4600 Kbytes done # sh flash image System flash directory: File Length (bytes) Name/status ----- --------------- -----------------------------------------1 5079356 r1p-base-osapp-kern26.4.img (*) 2 5075438 r1p-base-osapp-kern26.5.img 3 4695473 r1p-base-osapp-kern26.6.img [14501 blocks used, 9088 available, 23589 total, 1K-blocks] */# : running/updated image # update flash image id 2 # reset system halt system now Restarting system. ..
Basic Configuration
5-45
Upgrading Software
5-46
Chapter 6
Configuring Ports
Item Port status Port name Port priority level 10/100Base-TX Data trasmission mode 1000Base-PX 1000Base-LX 1000Base-SX 1000Base-TX Enable None configured Normal Auto
Default setting
Port speed STP status 10/100Base-TX Cost 1000Base-PX 1000Base-LX 1000Base-SX 1000Base-TX
When change the Ethernet port configurations, the change becomes part of the running configuration. The change does not automatically become part of the startup configuration file in Flash memory. If you do not save your changes to Flash memory, they are lost when the system restarts. To save the Ethernet port configuration changes to Flash memory, you must enter the write memory command in Privileged mode.
6-2
Configuring Ports
Configuring Ports
This section describes the following port configuration tasks: y Disabling or enabling a port y Changing the duplex mode y Configuring the flow control on a port y Setting the port speed y Setting the port trap y Attaching the port name
Configuring Ports
6-3
Configuring Ports
The following example changes the transmission mode of the Fast Ethernet port 1 to full duplex:
(config)# port fastethernet 1/1 duplex full (config)#
Note: Gigabit Ethernet ports supports the following transmission mode depending on option modules.
y 1000Base-SX/LX and 1000Base-PX ports support auto and full-duplex mode. y 10/100/1000Base-TX port supports all of transmission mode.
6-4
Configuring Ports
The following is an example of setting port speed of the Fast Ethernet port 1:
(config)# port fastethernet 3/1 speed 10 (config)#
Note: Gigabit Ethernet ports supports the following port speed depending on option modules.
y 1000Base-SX/LX and 1000Base-PX ports support auto and 1000 Mbps. y 10/100/1000Base-TX port supports all speed.
Configuring Ports
6-5
Configuring Ports
The following example enables flow control on the Gigabit Ethernet port 1/2:
(config)# port gigabitethernet 1/2 flowctl on (config)#
6-6
Configuring Ports
The following is an example of setting the name of the gigabit Ethernet port 1/1:
(config)# port gigabitethernet 1/1 name uplink-port (config)#
Setting Trap
You can enable or disable the operation of the standard SNMP link trap for a port. By default, the SNMP link trap of the ports on the Corecess R1P-SW24 is disabled. To set trap for a port, use the following command in Global configuration mode:
Command Task 1. Enable or disable the SNMP link trap for the specified port. y <port-type>: The type of Ethernet port to configure. - fastethernet: Configures Fast Ethernet port. - gigabitethernet: Configures Gigabit Ethernet port. y <slot>: Slot number (1 ~ 3) y <port>: Port number (1 ~ 24)
The following example enables the SNMP link trap on the Fast Ethernet port 3/1-24:
(config)# port fastethernet 3/1-24 trap link-status (config)#
Configuring Ports
6-7
Port 1/1 1/2 2/1 2/2 3/1 3/2 3/3 3/4 3/5 . . . 3/21 3/22 3/23 3/24 #
Name DEFAULT DEFAULT DEFAULT DEFAULT DEFAULT DEFAULT DEFAULT DEFAULT DEFAULT
Status notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect notconnect
Vlan FlwCtl Duplex Speed 1 1 1 1 1 1 1 1 1 a-on a-on a-on a-on a-on a-on a-on a-on a-on a-full a-1000 a-full a-1000 a-full a-1000 a-full a-1000 a-half a-0 a-half a-0 a-half a-0 a-half a-0 a-half a-0
Type 1000BaseT 1000BaseT 1000BaseT 1000BaseT 100BaseT 100BaseT 100BaseT 100BaseT 100BaseT
1 1 1 1
The table below describes the fields shown by the show port command:
Table 6-2 show port field descriptions
Description Slot number/port number. Port name. Port admin status and network connection status. Id of the VLAN which the port belongs to. Status of the flow control. Duplex mode. Port speed.
6-8
Type
Port type.
The following is a sample output from the show port command with the port number. This example shows the information about a Fast Ethernet port:
# show port fastethernet 3/23
Port Name Status Vlan FlwCtl Duplex Speed Type ----- ------------- ---------- ----- ------ ------ ------------ ------3/23 DEFAULT notconnect 1 a-off a-half a-0 100BaseT AdminStatus Media-type STP RSTP Edge Trap LinkAgg. ----------- ---------- ---------- ---------- ---------- ---------enable auto disable disable disable off Port Admin Speed Limited Speed Active Speed ----- ---------------- ---------------- ----------------3/23 Desired Unlimited 0 M If Index Logical ID ---------- ---------87 access-type : eferred nt
Port 3/23 Statistics Counters All(bytes) Unicast Multicast Broadcast Discard Error ------------ ------------ ------------- ------------ ---------- ------in 0 0 0 0 0 0 out 0 0 0 0 0 0 Port Error Counters input runt(0)/shortCRC(0)/normalCRC(0)/normalAlign(0)/longCRC(0) output eferred(0)/collision(single/multi/consecutive/late 0/0/0/0) Extension status N/A #
Configuring Ports
6-9
The table below describes the fields shown by the show port command with a port number:
Table 6-3 show port with port argument field descriptions
Field AdminStatus Media-type STP RSTP Edge Trap LinkAgg. Admin Speed Limited Speed Active Speed If Index Logical ID All Unicast in Multicast Broadcast Discard Error All Unicast out Multicast Broadcast Discard Error input runt shortCRC normalCRC
Description Admin status of the port (enable, disable). Media type(MDI/MDIX) of the port (none). STP status of the port (enable, disable). RSTP status of the port (enable, disable). Whether to enable displaying trap messages of the VDSL port (enable, disable). LACP status of the port (on, off). Maximum speed of the port. Limited speed of the port. Current speed of the port. Interface number of the port. Logical ID of the port. Total number of the incoming packets on the port. Total number of the incoming unicast packets on the port. Total number of the incoming multicast packets on the port. Total number of the incoming broadcast packets on the port. Number of the incoming packets discarded on the port. Number of the incoming packets with errors on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Total number of the outgoing packets on the port. Number of frames received without Start of Frame Delimiter detection but with carrier assertion. Number of frames less than 64 bytes in length, received with CRC error. Number of frames with lengths between 64 bytes and the maximum frame size, received with an integral number of bytes and a CRC error.
6-10
Description Number of frames with lengths between 64 bytes and the maximum frame size, received with a non integral number of bytes and a CRC error. Number of frames, larger then the maximum frame size, received with a CRC error. Number of frames deferred at the first transmit attempt due to a busy line in half duplex mode. - single: Number of frames transmitted without any error following a single collision. - multi: Number of frames transmitted without any error following multiple collisions. - consecutive: Number of frames that have experienced 16 consecutive collisions or more, not including late collisions. - late: Number of transmission abortion due to a collision occurring after the transmission of the first 64 bytes fo that packet.
output collision
Configuring Ports
6-11
The primary port stands for the port used in communication under ordinary circumstances and the backup port is the port used when communication is impossible because problem has occurred to the primary port.
Because only the duplication of L2 Layer is provided, two ports which belong to different VLAN from each other are unable to set up Flex links.
y y y
The ports in which STP is set are unable to set up Flex links. Only the first primary port is able to communicate and the communication of backup port gets blocked. In case the link of Active port becomes unable to communicate, the standby port changes its role as an active port. Once that active port that had become unable to communicate is recovered, it stands by as a block state until the active-port is activated with flex-link update [PORT] command.
6-12
The port indicated as blocked in above information is a port blocked by flex-link function. The flex-link can be cleared as follows.
Localhost# configure terminal Localhost(config)# no port fastethernet 3/1 flex-link Localhost(config)# end Localhost# show port flex-link Port flex-link ------- ---------3/1 Disabled 3/2 Disabled 3/3 3/10 Disabled 3/11 Disabled 3/12 Disabled Disabled
Configuring Ports
6-13
If the primary port is activated using the command above, the backup port gets blocked. The following is an example of reactivating the primary port.
Localhost# show port flex-link Port 3/1 3/2 3/3 3/10 Disabled 3/11 Disabled 3/12 Disabled Localhost# flex-link update port fastethernet 3/1 Localhost# show port flex-link Port 3/1 3/2 3/3 3/10 Disabled 3/11 Disabled 3/12 Disabled flex-link Primary (3/2) Backup (3/1) - blocked Disabled ------- ---------flex-link Primary (3/2) - blocked Backup (3/1) Disabled ------- ----------
6-14
Chapter 7
Configuring VLAN
This chapter describes how to configure the VLAN and VLAN interface.
9 VLAN Configuration 7-2 9 Configuring Q-in-Q 9 Pass-through 7-15 7-11
VLAN Configuration
VLAN Configuration
Default Configuration
The table below shows the default VLAN configuration for the Corecess R1P-SW24:
Table 7-1 Default VLAN configuration
Parameter VLAN name VLAN ID Ports STP state IP address Subnet mask Tag VLAN state DEFAULT 1
Default
All ports belong to default VLAN. Off 0.0.0.0 0.0.0.0 Untagged Active
After modifying the default VLAN configuration, modified configuration will be applied immediately without rebooting system or using additional command. To maintain the modified configuration after rebooting the system, save the configuration using write memory command in Privileged mode.
7-2
VLAN Configuration
Creating VLANs
In the factory default configuration, VLAN support is enabled and all the ports are only in the Corecess R1P-SW24 physical broadcast domain, which is given the name DEFAULT. You can partition the Corecess R1P-SW24 into multiple virtual broadcast domains by adding one or more additional VLANs and moving ports from the default VLAN to the new VLANs. Because the default VLAN permanently exists in the Corecess R1P-SW24, adding new VLANs results in multiple VLANs existing in the Corecess R1P-SW24. User-configured VLANs have unique IDs from 2 to 4094. Enter a vlan command with an unused ID to create a VLAN. Enter a vlan command for an existing VLAN to modify the VLAN. To create a VLAN, perform this task in the Privileged mode:
Table 7-2 Creating a VLAN
Commands configure terminal vlan id <vlan-id> name <vlan-name> end show vlan
Task 1. Enter Global configuration mode. 2. Add a VLAN. y <vlan-id>: VLAN ID y <vlan-name>: VLAN name 3. Return to Privileged mode. 4. Verify that a new VLAN is created.
Configuring VLAN
7-3
VLAN Configuration
VLAN Mode: T-Trusted, U-Untrusted, X-DOT1X, H-DHCP, W-WebAuth VLAN Mode Interface 1 2 # T... enable T... disable ---- ---- ---------- -------- -------- -------- ---------------------
To delete a VLAN, use the no vlan command in Global configuration mode. The following example deletes the VLAN whose id is 2:
(config)# no vlan id 2 (config)#
Commands
Task
7-4
VLAN Configuration
vlan {id <vlan-id> | name <vlan-name>} port <port-type> <slot>/<port> end show vlan [id <vlan-id> | name <vlan-name>]
1. Assign the specified ports to the VLAN. y <vlan-id>: VLAN ID. y <vlan-name>: VLAN name. y <port-type>: Port type (gigabitethernet, fastethernet) y <slot>/<port>: slot number / port number to be added to the VLAN. 2. Return to Privileged mode. 3. Verify the VLAN configuration. y <vlan-id>: ID of the VLAN to verify. y <vlan-name>: Name of the VLAN to verify.
The following example adds the ports 3/1 to the VLAN whose id is 2:
(config)# vlan id 2 port fastethernet 3/1 (config)# end # show vlan id 2 VLAN Name Status Slot/Port(s) ---- ---------------- -------- -------------------------------1 DEFAULT active 1/1-2 2/1-2 3/1,3/3,3/4-24 2 test active IGMPs disable disable 3/2 STP enable enable Private Disable Disable Promisc Port(s) None None
VLAN Mode: T-Trusted, U-Untrusted, X-DOT1X, H-DHCP, W-WebAuth VLAN Mode Interface 1 2 T... enable T... disable ---- ---- ---------- -------- -------- -------- ----------------
Configuring VLAN
7-5
VLAN Configuration
To remove ports from the VLAN, use the no vlan command in Global configuration mode. The following example removes the port 3/1 from the VLAN whose name is test:
(config)# no vlan name test port fastethernet 3/1 (config)#
Task 1. Enter Interface configuration mode. y <vlan-id>: Id of the VLAN to configure. y <vlan-name>: Name of the VLAN to configure. 2. Assign the IP address of the VLAN. y <network-num>: IP address. y <M>: subnet mask. 3. Return to Privileged mode. 4. Verify the VLAN configuration. y <vlan-id>: Id of the VLAN to display. y <vlan-name>: Name of the VLAN to display.
ip address <network-num>/<M> end show interface vlan {id <vlan-id> | name <vlan-name>}
This example shows how to specify the IP address of the VLAN whose id is 1:
(config)# interface vlan id 1 (config-if)# ip address 172.27.2.100/16 (config-if)# end # show interface vlan id 1 Interface vlan1 index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:01:02:00:00:db inet 172.27.2.100/16 broadcast 172.27.255.255 input packets 14463, bytes 871754, dropped 0, multicast packets 6281 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 474, bytes 414, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 #
7-6
VLAN Configuration
To remove the IP address of a VLAN, use the no ip address command in interface configuration mode. The following example shows how to remove the IP address of the VLAN whose id is 2.
(config)# interface vlan id 2 (config-if)# no ip address 10.1.1.1/24
Commands interface vlan {id <vlan-id> | name <vlan-name>} ip address <network-num>/<M> secondary end show vlan
Task 1. Enter Interface configuration mode. y <vlan-id>: ID of the VLAN to configure. y <vlan-name>: Name of the VLAN to configure. 2. Specify the secondary IP address of the VLAN. y <network-num>: IP address. y <M>: subnet mask. 3. Return to Privileged mode. 4. Verify the VLAN configuration.
This example shows how to specify the secondary IP address of the VLAN whose id is 1:
# configure terminal (config)# interface vlan id 1 (config-if)# ip address 172.25.1.100/16 secondary (config-if)# end # show interface vlan id 1 Interface vlan1 index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:01:02:00:00:db inet 172.27.2.100/16 broadcast 172.27.255.255 inet 172.25.1.100/16 broadcast 172.25.255.255 secondary
Configuring VLAN
7-7
VLAN Configuration
input packets 14926, bytes 899535, dropped 0, multicast packets 6491 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 474, bytes 414, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 #
To remove the secondary IP address of a VLAN, use the no ip address seconday command in interface configuration mode. The following example shows how to remove the secondary IP address of the VLAN whose id is 1.
(config)# interface vlan id 1 (config-if)# no ip address 172.25.1.100/16 secondary (config-if)# end # show interface vlan id 1 Interface vlan1 index 28 kernel index 4 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:01:02:00:00:db inet 172.27.2.100/16 broadcast 172.27.255.255 input packets 15547, bytes 936795, dropped 0, multicast packets 6752 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0 output packets 474, bytes 414, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 #
7-8
VLAN Configuration
Task 1. Enter Global configuration mode. 2. Set the specified port to a trunk port. y <port-type>: The port type (fastethernet, gigabitethernet) y <slot>: The slot number of the port (1 ~ 3) y <port>: The port number of the port (1 ~ 24) y <tag-id>: The tag id to be tunneled by a trunk port (VLAN ID) 3. Return to the Privileged mode. 4. Verify the 802.1Q trunk port configuration. 1. Enter Global configuration mode.
Configuring VLAN
7-9
VLAN Configuration
The following example describes how to configure the Gigabit Ethernet port 1/2 to a 802.1Q trunk port for VLANs vlan1 and vlan2:
# configure terminal (config)# vlan id 2 port gigabitethernet 1/2 (config)# dot1q port gigabitethernet 1/2 tag 1-2 (config)# end # show dot1q Port -------1/2 Port ---------1/2 Port -------1/2 # allowed 802.1q Static and Dynamic Vlans created by GVRP -----------------------------------------------------1-2 PVID ---2 Acceptable frame types ---------------------all Ingress filter -------------off
7-10
Configuring Q-in-Q
Configuring Q-in-Q
The 802.1Q-in-802.1Q technology which is commonly called Q-in-Q is able to raise extensibility as the number of VLAN's managed as a whole is reduced by dividing the 802.1Q grouping VLAN into many 802.1Q's once again.
Configuring VLAN
7-11
Configuring Q-in-Q
Q-in-Q Features
The Q-in-Q function provided in this equipment is operated by having the following features.
1. The value of 802.1Q VLAN Tag brought from subscriber is irrelevant. 2. The PVID value of subscriber port is used as VLAN value of Outer VLAN Tag. 3. The PVID value of subscriber must be set as VLAN Tag at the Uplink Port connected to ISP network.
Q-in-Q Setup
The Q-in-Q setup assigns subscriber port and assigns the PVID of corresponding subscriber port as a tag at the ISP Uplink port.
Command configure terminal vlan id <1-4095> port vdsl <Port Number> dot1q-tunnel port vdsl <Port Number> dot1q port <Port Type> <Port Number> tag <1-4095> Enter Privileged mode. Task
The Q-in-Q is activated at the subscriber port. The PVID of subscriber port is assigned as a tag at the ISP Uplink port.
The following is an example of setup to provide the Q-in-Q service by adding the VLAN Tag 1000 times for VLAN Tag attached packets that are coming up from the subscriber port.
r1p# configure terminal r1p(config)# vlan id 1000 port vdsl 3/1-24 r1p(config)# dot1q-tunnel port vdsl 3/1-24 r1p(config)# dot1q port gigabitethernet 1/1 tag 1000 r1p(config)# dot1q port gigabitethernet 1/2 tag 1000 r1p(config)#
7-12
Configuring Q-in-Q
Command configure terminal vlan id <1-4095> pass-thru (bpdu|q-in-q) port <Port Type> <Port Number> pass-thru (bpdu|qin-q)
Task Enter Global configuration mode. Enable Transparent Switching on BPDU or Q-in-Q packet at a specific VLAN Enable Transparent Switching on BPDU or Q-in-Q packet at a specific port.
The above is an example of activating the BPDU Transparent Switching function for subscribers of vdsl 3/1 port among the example above.
r1p(config)# r1p(config)# vlan id 1000 pass-thru bpdu r1p(config)# port vdsl 3/1 pass-thru bpdu r1p(config)# port gigabitethernet 1/1-2 pass-thru bpdu r1p(config)# vlan id 1000 pass-thru q-in-q r1p(config)# port vdsl 3/1 pass-thru q-in-q r1p(config)# port gigabitethernet 1/1-2 pass-thru q-in-q r1p(config)#
Configuring VLAN
7-13
Configuring Q-in-Q
The above is an example of setting up Priority Copy on the vdsl 3/2 port.
r1p(config)# r1p(config)# port vdsl 3/2 priority-copy r1p(config)#
7-14
Pass-through
Pass-through
Pass_through is the function that supports the cisco tunneling for the specific BPDU(Bridge Protocol Data Unit)of cisco and the general BPDU, when R1P products of Corecess are between cisco equipment. We support following commands for pass-through function. commands
port <port_type> <slot/port> pass-through cisco port <port_type> <slot/port> pass-through bpdu
Description
Configuring cisco tunnel about cisco bpdu to relevant port. Configuring cisco tunnel about normal bpdu to relevant port.
bpdu tunneling
It supports the cisco tunneling function for the general BPDU. If you configure this function on specific ports, set follwing command. localhost# configure terminal localhost(config)# port vdsl 3/1 pass-through bpdu localhost(config)# exit
Configuring VLAN
7-15
Pass-through
Setting confirmation localhost# show run | include pass-through port vdsl 3/1 pass-through bpdu localhost#
7-16
Chapter 8
This chapter describes how to configure SNMP and RMON on the Corecess R1P-SW24.
9 Configuring SNMP 8-2 9 Configuring RMON 8-18 9 SNMP and RMON Configuration Commands 8-33
Configuring SNMP
Configuring SNMP
SNMP(Simple Network Management Protocol) Overview
The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
Managed Device
Managed Device
Managed Device
Managed Device
A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers.
8-2
Configuring SNMP
y Set a MIB variable: The SNMP agent initiates this function in response to a message from the NMS. The
SNMP agent changes the value of the MIB variable to the value requested by the NMS.
The SNMP agent also sends unsolicited trap messages to notify an NMS that a significant event has occurred on the agent. Examples of traps conditions include, but are not limited to, when a port or module goes up or down, when spanning-tree topology changes occur, and when authentication failures occur. The MIB is the information base, the SNMP agent must keep available for the managers. This information base contains objects whose values provide information on the status of the checked system or objects whose values can be modified by a manager to control the system. Each object is identified by an Object ID (OID). There are two kinds of MIBs, and enterprise-specific MIB. standard MIB
SNMP Manager
SNMP Manager is an integrated management module which collects information from SNMP agent and sometimes sends warning messages depending on the each SNMP agent relations. In other words, the actual data is collected from SNMP agent and this data will be processed by management module and saved. To request information or configuration changes, respond to requests, and send unsolicited alerts, the SNMP manger and SNMP agent use the four messages (Get, GetNext, Set, trap). For more information on these messages, refer to the following section.
8-3
Configuring SNMP
SNMP Messages
The SNMP manger and SNMP agent use the following SNMP messages to request information or configuration changes, respond to requests, and send unsolicited alerts. y Get-Request / Get-Response Message y GetNext-Request / GetNext-Request Message y Set-Request Message y Trap Message
Get-Request Message
Get-Request Message is the basic SNMP request message. Sent by an SNMP manager, it requests information about a single MIB entry on an SNMP agent. For example, the amount of free drive space.
GetNext-Request Message
GetNext-Request Message is an extended type of request message that can be used to browse the entire tree of management objects. When processing a Get-next request for a particular object, the agent returns the identity and value of the object which logically follows the object from the request. The Get-next request is useful for dynamic tables, such as an internal IP route table.
Set-Request Message
If write access is permitted, Set-Request message can be used to send and assign an updated MIB value to the agent.
Trap Message
An unsolicited message sent by an SNMP agent to an SNMP manager when the agent detects that a certain type of event has occurred locally on the managed device. For example, a trap message might be sent on a system restart event.
8-4
Configuring SNMP
Authenication Gives read access to authorized management stations to all objects in the MIB except the community strings, but does not allow write access Gives read and write access to authorized management stations to all objects in the MIB, but does not allow access to the community strings Gives read and write access to authorized management stations to all objects in the MIB, including the community strings
Trap
Trap is a defined status of event or system. For example, event generated when port configuration is changed or a host having not-allowed IP address accesses can be defined as a trap. You can configure the level of trap according to the kind of events. If a trap occurs on the system, the SNMP agent send SNMP trap message to the registered trap host.
8-5
Configuring SNMP
Configuring SNMP
SNMP Default Configuration
The default SNMP configuration of the Corecess R1P-SW24 is as follows:
Table 8-2 Default SNMP configuration
SNMP Configuration Element Agent contact information (MIB-II System Contact variable) Agent location information (MIB-II System Location variable) Community strings Trap Trap Host RMON
Default Setting None configured None configured None configured None enabled None configured Enabled
Command configure terminal snmp-server contact <string> snmp-server location <string> end show snmp-server
Task 1. Enter Global configuration mode. 2. Set the system contact information. y <string>: String described for system contact information. 3. Set the system location information. y <string>: String described for system location information. 4. Return to Privileged mode. 5. Verify the system contact and location information.
8-6
Configuring SNMP
The following is an example of setting the system contact information and system location information:
Parameter System contact information System location information Value Dial System Administrator at phone #2734 1st_floor lab
# configure terminal (config)# snmp-server contact Dial System Administrator at phone #2734 (config)# snmp-server location 1st_floor lab (config)# end # show snmp-server RMON: Extended RMON: Enabled Extended RMON module is not present
sysContact Dial Operator at phone sysLocation 1st_floor_lab : # write memory Building Configuration... [OK] #
8-7
Configuring SNMP
Task 1. Enter Global configuration mode. 2. Define the SNMP community strings for each access type. y <community-string>: The SNMP community name for this system. Enter an unquoted text string with no space and a maximum length of 12 characters. y <auth> : Access type for this community (read-only, read-write) 3. Return to Privileged mode. 4. Verify new community string.
show snmp-server
8-8
Configuring SNMP
Trap Types chassis module port bridge repeater ip_permit sysconfig entity cpuload auth sysauth dhcp
Description Sends a trap message when power supply is installed or uninstalled, temperature limitations are exceeded, or fan errors occur. Sends a trap message when a module goes up or down. Sends a trap message when a port goes up or down. Sends a trap message when there are spanning tree topology changes. Sends a trap message when Ethernet hub repeater state is changed. Sends a trap message when there are access attempts with unauthorized IP address. Sends a trap message when the system backup configuration is changed. Sends a trap message when there is Entity Management Information Base (MIB) change. Sends a trap message when CPU load limitations are exceeded. Sends a trap message when there are access attempts with unauthorized community string. Sends a trap message when unauthorized user attempts access to the system. Sends a trap message when Dynamic Host Configuration Protocol (DHCP) state is changed.
When a trap is enabled, if an error occurs in the device where corresponding trap is enabled or if problem occurs in the part defined by the trap, such error status (trap message) are transmitted to the trap receiving host and NMS, the SNMP agent. By default, all trap types are disabled. To send traps to the trap hosts, the trap types should be enabled.
8-9
Configuring SNMP
Command configure terminal snmp-server enable traps <trap-type> end show snmp-server
Task 1. Enter Global configuration mode. 2. Enable the specified trap type. y <trap-type>: Trap type to be enabled (all: all trap types). 3. Return to Privileged mode. 4. Check the state of the trap.
To disable the trap type, use the no snmp-server enable traps command as follows:
(config)# no snmp-server enable traps port
8-10
Configuring SNMP
Task 1. Enter Global configuration mode. 2. Add a trap host. y <ip-address>: The IP address or host name of an SNMP host that has been configured to receive traps. y <community>: The community name to use when sending traps to the specified SNMP host. y <udp-port>: The UDP port number to use when sending traps to the specified SNMP host (1 ~ 65535). y default: use 162 of default UDP port number. 3. Return to Privileged mode. 4. Verify the trap host entries
8-11
Configuring SNMP
To delete a trap host, use the no snmp-server host command in Global configuration mode. The following example deletes a trap host 172.168.2.23:
(config)# no snmp-server host 172.168.2.23 (config)# end # show snmp-server traphost #
Task 1. Enter Global configuration mode. 2. Configure a new SNMP access group. y <list-number>: Standard access list number (1 ~ 99, 100 ~ 199)
The hosts that belong to 192.89.55.0 network can access to the system via SNMP.
8-12
Configuring SNMP
Trap-Rec-Address Version Trap-Rec-Community ---------------------------- ------- ---------------------udp:172.168.2.23:162 v2c R1PSW24 Traps ------------------------chassis module port bridge repeater ip_permit sysconfig entity cpuload auth sysauth bgp dhcp atm adslAtuc adslAtur mac-flood # Enabled -----------------disabled disabled enabled disabled disabled disabled disabled disabled disabled enabled disabled disabled disabled disabled enabled disabled disabled
8-13
Configuring SNMP
The table below describes the fields shown by the show snmp-server command:
Table 8-9 show snmp-server field descriptions
Field RMON Extended RMON sysContact sysLocation Community-Access community Community-String Trap-Rec-Address TrapReceive r Version Trap-Rec-Community Traps Trap Enabled
Description Status of whether RMON is enabled or disabled Status of whether extended RMON is enabled or disabled SNMP system contact string SNMP system location string Configured SNMP communities - read-only - read-write
SNMP community strings associated with each none SNMP community IP address of trap receiver hosts and UDP port number for sending trap messages. SNMP version of trap host SNMP community string used for trap messages to the trap receiver. Trap types Status of whether trap type is enabled or disabled disabled
The table below describes the fields shown by the show snmp-server community-list command output:
8-14
Configuring SNMP
Description SNMP community strings Access right of the community strings - ro : Read-only - rw : Read-write
8-15
Configuring SNMP
The table below describes the fields shown by the show snmp-server statistics command output:
Table 8-11 show snmp-server statistics field descriptions
Field SNMP packets input Bad SNMP version errors Unknown community name Illegal operation for community name supplied Encoding errors Number of requested variables Number of altered variables Get-request PDUs Get-next PDUs Set-request PDUs SNMP packet output Too big errors No such name errors Bad values errors
Description Total number of SNMP packets input. Number of packets with an invalid SNMP version. Number of SNMP packets with an unknown community name. Number of packets requesting an operation not allowed for that community. Number of SNMP packets that were improperly encoded. Number of variables requested by SNMP managers. Number of variables altered by SNMP managers. Number of get requests received. Number of get-next requests received. Number of set requests received. Total number of SNMP packets sent by the router. Number of SNMP packets which were larger than the maximum packet size. Number of SNMP requests that specified an MIB object which does not exist. Number of SNMP set requests that specified an invalid value for an MIB object. Number of SNMP set requests that failed due to some other error. (It was not a noSuchName error, badValue error, or any of the other specific errors.) Number of responses sent in reply to requests. Number of SNMP traps sent.
8-16
Configuring SNMP
The table below describes the fields shown by the show snmp-server traphost command output:
Table 8-12 show snmp-server traphost field descriptions
Description Protocol : IP address of a trap receiver host: port number. SNMP community strings of the trap receiver host.
8-17
Configuring RMON
Configuring RMON
RMON (Remote MONitoring) Overview
The RMON is a standard MIB that defines current and historical MAC-layer statistics and control objects, allowing you to capture real-time information across the entire network. The RMON standard is an SNMP MIB definition described in RFC 1757 (formerly 1271) for Ethernet. The RMON MIB provides a standard method to monitor the basic operations of the Ethernet, providing inoperability between SNMP management stations and monitoring agents. The RMON also provides a powerful alarm and event mechanism for setting thresholds and for notifying you of changes in network behavior. You can use the RMON to analyze and monitor network traffic data within remote LAN segments from a central location. This allows you to detect, isolate, diagnose, and report potential and actual network problems before they escalate to crisis situations. For example, the Corecess R1P-SW24 can identify the hosts on a network that generate the most traffic or errors. The RMON allows you to set up automatic histories, which the RMON agent collects over a period of time, providing trending data on such basic statistics as utilization, collisions, and so forth. The RMON monitors nine MIB groups including network statistics. The following table lists the RMON MIB groups: The Corecess R1P-SW24 supports the following four groups of the nine groups: 1) Statistics (RMON group 1) Collects the number of packets/bytes, the number of broadcast/multicast packets, the number of collisions, the number of errors occurred (fragment, CRC, jabber, short-length, and long-length) on an interface. 2) History (RMON group 2) Collects a history group of statistics on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces for a specified polling interval. 3) Alarm (RMON group 3)
8-18
Configuring RMON
Monitors a specific management information base (MIB) object for a specified interval, triggers an alarm at a specified value (rising threshold). 4) Event (RMON group 9) Determines the action to take when an event is triggered by an alarm. The action can be to generate a log entry or an SNMP trap.
8-19
Configuring RMON
Configuring RMON
Process that compose RMON in Corecess R1P-SW24 is as following. y Configuring Event Group y Configuring Alarm Groups
the alarm threshold or a channel match event generated. Traps can be delivered by the RMON agent to multiple management stations. In order for RMON to generate trap events, you must set up the SNMP managers table based on the SNMP community strings (for example, public) you are using with the network management application and the hosts on which you are running applications. If you fail to make these changes, the system will be unable to send trap events to the network management station. When you set up the SNMP managers table, you can use the SNMP community strings that the network management application uses and modify the trap receiving tables on the router to use these names. Or, you can configure the router to use specific SNMP community strings and modify the network management software to use these strings. To set an RMON event, use the following commands in Global configuration mode:
Table 8-13 Configuring RMON event group
Command
Task 1. Set an event group. y <index>: Assigned event number (1 ~ 65535) y description <string>: A description of the event y log: Option for generating an RMON log entry when the event is triggered. y trap <community>: Option for generating SNMP trap with the <community> community string when the event occurs. y owner <owner>: Option for specifying an owner for the event. 2. Return to Privileged mode. 3. Verify the configuration.
rmon event <index> description <string> {trap <community> | log | owner <owner>}
8-20
Configuring RMON
The following example shows how to configure an event group on the Corecess R1P-SW24 and how to verify that they are configured:
Parameter Event index Event description Event type Community Owner 10 Event to create log entry and SNMP notification log, trap Public 172.1.1.1 Value
Because the following uses show rmon instruction, is example that display RMON event group which compose with upside.
(config)# end # show rmon (config)# end # show rmon RMON: Extended RMON: [statistics] index 1 2 . . [history] index status 1 2 . . [alarm] index ----status sample -------------- ----------------------------valid valid dataSource ifIndex.1 (gigabitethernet 2/1) ifIndex.2 (gigabitethernet 2/2) ----- -------------- ----------------------------status valid valid dataSource ifIndex.1 (gigabitethernet 2/1) ifIndex.2 (gigabitethernet 2/2) ----- -------------- -----------------------------
8-21
Configuring RMON
----. . #
-------------- ---------------
10 validlogandtrap
To display the detail information on an event group, enter the show rmon events command with the event number:
# show rmon events 10 Event 10 is valid, owned by 172.1.1.1 Description is Event to create log entry and SNMP notification Event firing causes log and trap to community public last fired 0days 00:00:00:00 #
To delete an event group, enter the no rmon event command in Global configuration mode:
(config)# no rmon event 10 (config)#
8-22
Configuring RMON
When you configure an alarm condition, you must define the following values: y The monitoring interval over which data is sampled. y The variable to be sampled. y Rising and falling thresholds used to detect when network trouble starts and when it ends. y The event that takes place when a rising threshold is crossed. y The event that takes place when a falling threshold is crossed. An RMON event is the action that occurs when an associated RMON alarm is triggered. When an alarm event occurs, it can be configured to generate a log event, a trap to an SNMP network management station, or both. An RMON alarm allows you to monitor a MIB object for a desired transitory state. An alarm periodically takes samples of the object's value and compares them to the configured thresholds. RMON allows you to configure two types of sampling, absolute and delta: y Absolute sampling compares the sample value directly to the threshold. This sampling is similar to a gauge, recording values that go up or down. y Delta sampling subtracts the current sample value from the last sample taken, and then compares the difference to the threshold. This sampling is similar to a counter, recording a value that is constantly increasing. To set an RMON alarm, use the following commands in Global configuration mode:
Table 8-14 Configuring RMON alarm group
Command rmon alarm <index> <interval> {<type> <StatisticsIndex> |<variable>} {delta | absolute} {rising | falling | both} threshold <rising-threshold> <falling-threshold> event-index <risingevent-number> <falling-event-number> owner <alarm-owner>
Task 1. Set an alarm group. y <index>: Alarm number (1 ~ 65535) y <interval>: MIB object monitoring interval (1 ~ 2147483647 seconds) y <variable>: OID number of the MIB object to monitor y <type>: Value to monitor. Select one of the following values:
- multicastPkts: The number of incoming multicast packets. - cRCAlignErrors: The number of incoming packets with CRC errors. - collisions: The number of times a collision occurs while the packet is received. - octets: The total number of incoming octets. - pkts: The total number of incoming packets. - broadcastPkts: The number of incoming broadcast packets
8-23
Configuring RMON
- pkts256to511: The number of incoming packets 256 to 511 bytes in length. - pkts512to1023: The number of incoming packets 512 to 1023 bytes in length. - pkts1024to1518: The number of incoming packets 1024 to 1518 bytes in length. - pkts64: The number of incoming packets 64 bytes in length - pkts65to127: The number of incoming packets 65 to 127 bytes in length. - pkts128to255: The number of incoming packets 128 to 255 bytes in length.
y <StatisticsIndex>: The number of statistics group to get the selected value from <type>option (0 ~ 65535). y <variable>: OID number of the MIB object to monitor. y absolute: Option for testing each MIB variable directly. y delta: Option for testing the change between MIB variables y rising: Option for triggering alarm when the monitored value exceeds the rising threshold y falling: Option for triggering alarm when the monitored value exceeds the falling threshold y both: Option for triggering alarm when the monitored value exceeds the rising or falling threshold. y <rising-threshold>: Value at which the alarm is triggered (0 ~ 2147483647) y <falling-threshold>: Value at which the alarm is reset (0 ~ 2147483647) y <rising-event-number>: Event number to trigger when the rising threshold exceeds its limit. (0 ~ 65535) y <falling-event-number>: Event number to trigger when the falling threshold exceeds its limit. (0 ~ 65535) y owner <alarm-owner>: option for specifying an owner for the alarm. end show rmon 2. Return to Privileged mode. 3. Verify the configuration.
Before configure RMON alarm group, you should verify that the statistics group (<StatisticsIndex>) is defined. If you specify undefined statistics group, the Can't fetch the MIB values message will be displayed:
8-24
Configuring RMON
(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 event-index 1 owner kimka Can't fetch the MIB values (config)#
Because the following uses show rmon instruction, is example that display RMON alarm group which compose.
# show rmon RMON: Extended RMON:
[etherstats] index status dataSource ------------------ ----------------------------1 valid ifIndex.3 (gigabitethernet 1/1) 2 valid ifIndex.4 (gigabitethernet 1/2) . . [history] index status dataSource ------------------ ----------------------------1 valid ifIndex.3 (gigabitethernet 1/1) 2 valid ifIndex.4 (gigabitethernet 1/2) . . [alarm] index ----1 [event] index ----10 . . #
status sample -------------- ----------------------------valid etherStatsPkts.1 status type -------------- --------------valid logandtrap
To display the detail information on an alarm group, enter the show rmon alarm command with the alarm number:
# show rmon alarm 1 Alarm 1 is valid, owned by aaa Monitors etherStatsEntry.etherStatsPkts.1 every 10 seconds
8-25
Configuring RMON
Taking absolute samples, last value was 0 Rising threshold is 1000, assigned to event 1 Falling threshold is 100, assigned to event 1 On startup enable rising or falling alarm #
To delete a RMON alarm group, enter the no rmon alarm command in Global configuration mode:
(config)# no rmon alarm 1 (config)#
8-26
Configuring RMON
y etherstats Displays the RMON etherstats table. If you do not specify any option, the contents of the RMON alarm table, event table, history table, and
statistics table are displayed. The following is a sample output of the show rmon command: # show rmon RMON: Extended RMON: Enabled Extended RMON module is not present
[etherstats] index status dataSource ---------------------------------------------1 valid ifIndex.3 (gigabitethernet 1/1) 2 valid ifIndex.4 (gigabitethernet 1/2) [history] index status dataSource ---------------------------------------------1 valid ifIndex.3 (gigabitethernet 1/1) 2 valid ifIndex.4 (gigabitethernet 1/2) [alarm] index ----1 [event] index ----10 #
status -------------valid
sample ----------------------------etherStatsPkts.1
status -------------valid
type --------------logandtrap
8-27
Configuring RMON
The table below describes the fields in the show rmon command output:
Table 8-15 show rmon field descriptions
Field RMON Index etherstats Status dataSource Index history Status dataSource Index alarm Status Sample Index event Status Type
Description Running status of the RMON. Index of the RMON statistics entry into the statisticsTable. Status of the RMON statistics entry. Data source of the RMON statistics entry. Index of the RMON history entry into the historyTable. Status of the RMON history entry. Data source of the RMON history entry. Index of the RMON alarm entry into the alarmTable. The owner of the RMON alarm entry. Data source of the RMON alarm entry. Index of the RMON event entry into the eventTable. Status of the RMON event entry. Type of event.
8-28
Command show snmp-server show snmp-server community-list show snmp-server statistics show snmp-server traphost show snmp-server write-interval show rmon snmp-server community snmp-server contact Displays SNMP parameters.
Function
Displays SNMP community configuration. Displays SNMP statistics. Displays the list of the trap receiver hosts. Save the system configuration automatically at least 24 hour intervals Displays the contents of the RMON alarm table, event table, history table, and statistics table. Configures the SNMP community strings. Specifies the system contact information. Disable a SNMP trap. Enables a SNMP trap. Limits hosts which can access to the system through SNMP based on the access list. Specifies hosts to receive SNMP notifications. Specifies the system location information. Specifies souce IP of a trap Configures the RMON alarm group Configures the RMON Event group
8-29
8-30
Chapter 9
Configuring QoS
This chapter describes how to configure QoS (Quality of Service) on the Corecess R1P-SW24.
9 QoS Ovewview 9-2 9 Configuring QoS 9-17 9 Configuring Non-Class-map QoS Features 9-32 9 QoS Configuration Commands 9-40
QoS Overview
QoS Overview
This section describes QoS (Quality of Service) and QoS features supported by the Corecess R1P-SW24.
Classifier
Marker
Policer
Buffer Manager
Queue Scheduler
Packet Out
Traffic Manager
The Classifier refers to a header of a received packet, and then decides the QoS level. The traffic manager marks the QoS level to the packet header or processes a packet that is in permitted bandwidth. The Traffic Manager also chooses which packet drop when congestion occurs or prefers which packet transmits first. The following section describes parameters to classify packets and how to classify packet.
9-2
QoS Overview
Classifier
Classification Standard
The classifier uses the following values to decide the packet level. y Layer 1 : Number of Input/output port
The input/output ports in Layer 1 packet is a port that a packet is received and transmitted. It is also called as ingress/egress port.
y Layer 2 : Source/Destination MAC Address, EtherType Field, DSAP Field, 802.1P Field, VLAN ID
802.1P field in Layer 2 packet is a three bit field that marks the packet priority, and a number from zero to seven is stuffed in the three bit field.
IP-Prec D - MRZ -T -C
TOS T R C
MRZ
C U
-D -R - CU
The classifier can classify the following types of category with the classification standard. y Subscriber (packet sender) Classification: Who send the packet?
- Packet Classification using Input Port Number, Source MAC Address and Source IP Address
y Subscriber and Application Classification: Who send the packet? And, what kind of application packet is?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address and
Configuring QoS
9-3
QoS Overview
y Subscriber and Destination Classification: Who send the packet. And, who receive the packet?
- Packet Classification using Input Port Number, Source MAC Address, Source IP Address, Output Port Number, Destination MAC Address and Destination IP Address
y Subscriber, Destination and Application Classification; Who send the packet?, Who receive the packet?
And, what kind of application packet is? - Packet Classification using Input Port Number, Source MAC Address, Source IP Address, Output Port Number, Destination MAC Address and Destination IP Address and TCP/UDP Port Number
Classification Table
The classifier has two types. One is MF (Multi Field) classifier that refers several fields of a packet simultaneously and decides QoS service level. The other is BA (Behavior Aggregate) classifier that recognizes the packet decided QoS level. MF classifier uses the following table to decide QoS level and to recognize a QoS profile.
level Classification standard
Source Destination Source Destination Protocol TOS TCP/UDP TCP/UDP IP IP ID Port # Port #
Service Contents
Rule#
VLAN ID
TCP Flag
QoS Profile
1 2 3 4 5 6 7 . . .
9-4
QoS Overview
A QoS profile has information what actions (marking, policing and assigning queue) should be done to the packet decided QoS level through classification standard. The traffic manager actually applies the actions to the packet.
BO
For example, the classification table is defined as follows. There is a packet that source IP address is 1.1.1.0/24, and destination IP address id 20.1.1.0/24. When the classifier receives the packet, the classifier recognizes that the packet matches rule number four, and applies the packet to be processed by the QoS profile.
1.1.1.0/24 20.1.1.0/24 HQ HTTP Packet
Rule#
Source MAC
VLAN ID
Source IP
Destination IP
Source Destination Protocol TCP TOS TCP/UDP TCP/UDP ID Flag Port # Port #
QoS Profile
The BA classifier recognizes the QoS profile, which is applied to the packet, using the tables of 802.1p or ToS field that are only used for QoS. In the table of 802.1p or ToS field, the following field values are defined. One of the profiles is applied to the packet by the field values.
802.1p Table
802.1p Field Value QoS Profile
TOS/DSCP/IP-Prec Table
ToS Field Value QoS Profile
0 1 2 3 4 5 6 7
0 1 2 3 4 5 255
Configuring QoS
9-5
QoS Overview
Packet Marker
Packet marker marks 802.1P field or ToS field with QoS level. QoS level of a packet can use the value decided by the classifier or be changed by QoS profiles. It is called remarking that the first decided level is changed and marked by QoS profiles.
Policer
Policer can limit bandwidth to make users only use engaged traffic. Policer measures traffic flow rate by traffic flow, which classified by classifier, and limits traffic not to use over engaged bandwidth. Policer consists of metering and action block. Metering measures traffic flow rate and compares the result of traffic flow rate to engaged bandwidth, then informs the comparing result to action block. Action block decide how to process traffic depending on the result. There are three methods to process the result as follows: y Pass: transmits packets without the result. y Drop: Discard packets which exceed bandwidth. y Mark: Remark packets which exceed bandwidth.
Policer Variables
To use Policer function, you should understand the following variables. y CIR (Committed Information Rate)
Engaged Bandwidth. It is also called Average rate or Guaranteed rate.
9-6
QoS Overview
EBS
CIR
PIR
PBS
CBS
time
Token Bucket
There are several implementation of policer function, and the typical implementation is the token bucket. The token bucket contains tokens, each of which can represent a unit of bytes. Token is filled up in the token bucket for a certain rate. When packets are arrived, the same amount of tokens is removed from the token bucket.
Packet
Bucket Size
Token Bucket
The variables of policer can be substituted for the element of token bucket as follows: y CIR : Token Rate y CBS : Bucket Size
Configuring QoS
9-7
QoS Overview
If tokens are full in the token bucket, no token is provided. When packets are received, the same amount of token are removed. If the number of tokens is less than size of a packet, the packet is specified as non-conforming packet. And, if the number of tokens is more than size of a packet or is the same as the size of packet, the packet is specified as conforming packet. The packet specified as non-conforming packet is processed by QoS profile of the packet. There are two method of token bucket - single token bucket, dual token bucket. Single token method uses only one bucket, and dual token method uses two bucket. In dual token bucket method (RFC 2698 tr-TCM algorithm), the first bucket receives tokens at PIR rate and the second bucket receives tokens at CIR rate. The first bucket size also is PBS and the second bucket size is CIR. A packet that is specified as non-conforming in the first bucket finally becomes the non-conforming packet. If a packet that is specified as conforming in the first bucket becomes non-conforming in the second bucket, the packet is specified as loosely non-conforming packet. Dual token bucket method can control the packet with detailed classification above. The following graph shows the dual token bucket method.
9-8
QoS Overview
Queue Scheduler
The output port is generally slower than the input port because the output port transmits packets that are received from the several input ports. In the output port, at least one queue is assigned, and packets that have to be processed by the output port are saved. When saved packets in a queue are more than bandwidth that can transmit packets - it means congestion, what packets are transmitted first should be defined in the output port. This is called queue scheduling. There are various queues scheduling method, and the following methods are generally used. y Strict Priority Queuing y WRR (Weight Round Robin) y WFQ (Weight Fair Queuing) y DWRR (Deficit Weight Round Robin)
Output Port
500B 500B 200B 300B 400B
100B 300B
SPQ Scheduler
This method is easy to implement, but if there are plenty of packets that flows into the high priority queue, packets in the low priority queue can not be transmitted at all. This is called
starvation.
Configuring QoS
9-9
QoS Overview
[Q2] Weight: 1
400B 500B 500B
Output Port
[Q3] Weight: 1
400B 300B 600B
WRR Scheduler
If weight values (2, 1, 1) are assigned to each queue as above, the ratio of packets are 2:1:1. It means that two packets are transmitted through the first queue (Q1), and a packet is transmitted through the second queue (Q2), then a packet is transmitted through the third queue (Q3). WRR method can specify priority to each queue and prohibit starvation as above. The disadvantage of WRR is not useful in IP network that packet size is variable because weight is ratio of packets. For example, there are two packets. One is 64byte VoIP packet, and the other is 1500byte data packet. The packets are serviced through two queues that weight is 2:1. Even though the VoIP packet is serviced through high weight queue, 128bytes are sent each time, but the 1500byte data packet can be sent through the low weight queue.
9-10
QoS Overview
1 bit
Last bit of 400B Pkt Last bit of 400B Pkt Last bit of 500B Pkt Last bit of 300B Pkt Last bit of 600B Pkt Last bit of 500B Pkt
[Q2] Weight: 1
400B 500B 500B
Packet Reassembler
[Q3] Weight: 1
400B 300B 600B
400B
400B
500B
300B
200B
600B
300B
500B
400B
100B 300B
Output Port
This method can transmit packets without the packet size at the ratio that is specified in the queue, but it is complicated to implement.
Configuring QoS
9-11
QoS Overview
Output Port
DWRR Scheduler
DWRR Scheduler
[Picture 1]
[Picture 2]
The DWRR scheduler visits the number 1 of queue, then deficit counter value becomes 1000bytes. 300byte, 100byte and 400byte packets are transmitted through output port. After the transmission, the deficit counter value becomes 200 (Picture 2). The DWRR scheduler visits the number 2 of queue. The number 2 of deficit counter set the value as 500byte, then 500byte packet is transmitted. After the transmission, the deficit counter value becomes 0. The next time the number 3 of queue should be processed, but the first packet in the number 3 of queue is 600byte and is bigger than deficit counter of 500byte. In this case, deficit counter is not changed, and no packet is transmitted. The DWRR scheduler visits the number 1 of queue again, then the quantum value is added to the current deficit counter value. In this time, the deficit counter value becomes 1200bytes, and the number 1 of queue can transmit packets up to 1200byte. 300byte and 200byte packets can be transmitted, then deficit counter becomes 700 (Picture 3).
[Q1] Weight: 2 Quantum=1000, DeficiCounter=700B
[Q2] Weight: 1 Quantum=500, DeficitCounter=0B 400B [Q3] Weight: 1 Quantum=500, DeficitCounter=100B 400B
DWRR Scheduler
[Picture 3]
[Picture 4]
There is no packet in the number 1 of queue, so the DWRR scheduler visits the number 2 of queue. The deficit counter is set as 500byte, and 500byte packet is transmitted in the number 2 of queue, then deficit counter becomes 0. In the num 3 of queue that could not transmit packets
9-12
QoS Overview
previous time, the deficit count becomes 1000byte, and 600byte and 300byte packet are transmitted. After the transmission, the deficit counter becomes 100 (Picture 4). The rest of packets are processed as above.
Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than target traffic rate flows into a queue. The traffic that is more than target traffic rate is stored into the buffer. If there is enough bandwidth to transmit, the stored traffic is transmitted.
Bandwidth(bps) Bandwidth(bps)
Offered Traffic
Buffered
This method is more flexible than policing, but is not useful in real-time traffic such as voice traffic because transfer delay occurs.
Configuring QoS
9-13
QoS Overview
Buffer Manager
Queues of an output port have fixed size. If a queue is full of packets, and other packets flow into the queue, the packets are discarded as a particular rule. Buffer manager is the function that discards received packets selectively to solve the congestion of the queue. This section introduces that buffer manager methods.
Tail Drop
In Tail drop method, if there is no space to store packets, packets that arrived after full of the queue are discarded. The ratio that packets are discarded is 1 when the amount of packet in the queue becomes the size of the queue (Max Size) as the right graph. Retransmission requests are sent to senders
0 Max Size Queue Size 1 Drop Probability
the queue is full. The host that received retransmission requests considers that the link is not stable and makes transmission speed slow. If this situation occurs repetitively, the speed of whole network is slower. This problem is called TCP global synchronization.
9-14
QoS Overview
Output port #1
TC #1 TC #1 TC #1
Classifier
Input port #1 match match match . . . . . .
Q6 Q7
. .
.
. .
. . .
Input port #n
Q0 Q1
. .
Output port #n
Q6 Q7
The Corecess R1P-SW24 classifies the packets from ingress (incoming) port according to the criteria defined the class map, stores the classified packets to each transmit queue (0 ~ 7), and transmits packets via TC (Traffic Class) applied the QoS action defied the policy map.
Packet Classification
Packet classification partitions traffic into multiple priority levels, or classes of service. The Corecess R1P-SW24 uses the values in the following fields of the layer 1 ~ layer 4 IP packet header as a criterion to classify packets: y Layer 1:Input/output port number y Layer 2: Source/destination MAC address, EtherType field, DSAP field, 802.1P filed, VLAN ID y Layer 3:Source/destination IP address, protocol ID, TOS/IP Precedence/DSCP filed y Layer 4:Input/output port number, TCP flag
Configuring QoS
9-15
QoS Overview
Policing
The Corecess R1P-SW24 supports Policing. Policing is the process by which the system limits the bandwidth consumed by a flow of traffic. You can limit the bandwidth of a specific traffic flow by using a policy map or limit the full bandwidth of a port.
Transmit Queue
The Corecess R1P-SW24 provides eight transmit queues for each engress port. These transmit queues are scheduled by the Strict Priority Queueing (SPQ) mechanism. You can use the following value to determine queue priority: y Users priority (The value that is set by using the priority command in Policy-map class configuration
mode)
y DSCP y CoS y VLAN priority When the transmit queue is full, frames at the end of the queue are dropped (tail drop).
9-16
Configuring QoS
Configuring QoS
This section describes how to configure QoS on the Corecess R1P-SW24.
A class map consists of criteria for classifying traffic into several classes. The first task for configuring QoS service policy is defining class maps.
A policy map consists of classes which have actions to apply to the traffic class. The second step for configuring QoS service policy is defining policy maps.
A policy map class consists of actions to apply to the specified class of traffic (bandwidth priority, filtering, rate limiting). The third step for configuring QoS service policy is configuring policy map class.
A service policy consists of a policy-map and ingress/egress ports which the policy map will be applied to. The last step of configuring the QoS Service policy is defining service policies.
Configuring QoS
9-17
Configuring QoS
Criterion cos dsap dscp tos ip-prec ip-sa ip-da mac-sa mac-da tcp-dpn tcp-flag tcp-spn udp-spn udp-dpn ether-type input-port output-port protocol vlan-sid vlan-did
Description The CoS (Class of Service) value The DSaP (Destination Service Access Point) value The DSCP (DiffServe Code Point) value The ToS (Type of Service) value The IP precedence value The source IP address The destination IP address The source MAC address The destination MAC address The destination TCP port number The TCP flag value The source TCP port number The source UDP port number The destination UDP port number The Ethernet Type filed value The input port number The output port number The L4 Protocol field value The VLAN ID that the input port belongs to. The VLAN ID that the output port belongs to.
9-18
Configuring QoS
CoS field can not be included with DSCP or IP precedence in the same class-map. The R1PSW24 has a basic setting that does not allow the use of CoS value. After creating class-maps, system checks the inbound or outbound packets by the criteria in class-maps. QoS actions defined in the policy-map for the class will be applied to the classified packets into classes. You can create a class-map by using the class-map command in QoS configuration mode. When you enter the class-map command, the Corecess R1P-SW24 enters the class-map configuration mode. In this mode, the match criterion is defined for the traffic by using the match command. To create a class-map and add the criteria to the class-map, use the following command in the Privileged mode: To create a class map and specify the way in which the Corecess R1P-SW24 should classify traffic, enter the following commands in Global configuration mode:
Table 9-2 Creating a class map
Command qos
Task 1. Enter QoS configuration mode. 2. (Optional) Enables IEEE 802.1p. If IEEE 802.1p is enabled, CoS field is available for the criterion of the class-map. If IEEE 802.1p is disabled (default setting), IP precedence and DSCP fields become available instead of CoS field. 3. Create a class map and enters class-map configuration mode. y <class-map-name>: Class map name.
class-map <class-map-name> match cos <cos-value> match dsap <dsap-value> match dscp <dscp-value> match ether-type <ether-type> match input-port <port-type> <slot>/<port> match ip-da <dest-ip> <mask> match ip-prec <ip-prec-value> match ip-sa <sour-ip> <wildcard> match mac-da <dest-mac> match mac-sa <sour-mac> match output-port <port-type> <slot>/<port>
Configuring QoS
9-19
Configuring QoS
Command match match match match match match match match end show classmap <class-map-name> write memory protocol <protocol-id> tcp-dpn <tcp-port-num> tcp-flag <flag-num> tcp-spn <tcp-port-num> udp-dpn <udp-port-num> ucp-spn <udp-port-num> vlan-did <vlan-id> vlan-sid <vlan-id>
Task
5. Return to the Privileged mode. 6. Verify the class map configuration. y <class-map-name>: Class map name. 7. Save the configuration changes.
Note : To delete a class map, enter the no class-map <class-map-name> command in the qos configuration mode. To delete the criteria, enter the no match command in the qos configuration mode.
The following example shows how to create a class map and define a classification criterion by using the source IP address:
(config)# qos (config-qos)# class-map class1 (config-cmap)# match ip-sa 172.27.2.16 0.0.255.255 (config-cmap)# end # show classmap ClassMap -------------------------------------------------Name Match Content Total Entries = 1 # write memory Building Configuration... [OK] : class1 : ip-sa 172.27.2.16/0.0.255.255
The following example shows how to create a class map and define the criteria by using the destination IP address and the destination TCP port number:
(config)# qos
9-20
Configuring QoS
(config-qos)# class-map class2 (config-cmap)# match ip-da 10.10.10.1 0.0.0.255 (config-cmap)# match tcp-dpn 25 (config-cmap)# end # show classmap class2 ClassMap -------------------------------------------------Name Match Content : class2 : ip-da : tcp-dpn Total Entries = 2 # write memory Building Configuration... [OK] 10.10.10.1/0.0.0.255 25
To delete a class-map, use the no class-map <class-map-name> command in the QoS configuration mode. To remove a criterion from a class-map, use no match command in the class-map configuration mode.
Configuring QoS
9-21
Configuring QoS
9-22
Configuring QoS
Creating a Policy-map
To create a policy-map and configure QoS actions for a traffic class, perform this task in the Global configuration mode:
Table 9-3 Creating a policy map
Command qos
Task 1. Enter QoS configuration mode. 2. Create a policy map and enter the policy-map configuration mode. y <policy-map-name>: Name of a policy map to define. 3. Specify the class to which the policy map applies and enter the policy-map-class configuration mode. y <class-name>: The name of the class to which the policy map applies.
policy-map <policy-map-name>
class <class-name>
mark {cos|dscp|ip-prec} <value> filter {deny|permit|to-proc} priority <value> rate-limit rate <target-rate>
4. Configures Qos actions for the class. Refer to the following sections for configuring QoS actions in the policy-map class configuration mode.
5. Return to the Privileged mode. 6. Verify the policy map configuration. 7. Save the configuration changes.
The sections which describes how to add the QoS actions in the Step 4 and how to verify the policy map configuration in Step 5 will follow. The following example shows how to create a policy map and specify a class map to which the policy map applies:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class1 (config-pmap-c)# priority 7 (config-pmap-c)# end # show policymap policy1 PolicyMap -------------------------------------------------Name : policy1 Linked ClassMap : class1
Configuring QoS
9-23
Configuring QoS
Policy #
: priority 7
You can delete a policy-map using the no policy-map command in the QoS configuration mode. This example shows how to delete a policy-map:
(config)# qos (config-qos)# no policy-map TEST (config-qos)#
You can remove a class-map from the policy-map, using the no class command in the policy-map configuration mode. The no class command does not delete the class-map but disconnects the relation between the policy-map and the class-map. To delete a class-map, use the no class-map command in the QoS configuration mode. This example shows how to remove a class-map from the policy-map and verify the result:
(config)# qos (config-qos)# policy-map polmap6 (config-pmap)# no class class1 (config-pmap)# end # show policy-map Policy-map polmap6 #
9-24
Configuring QoS
Command qos policy-map <policy-map-name> class <class-name> 1. Enter QoS configuration mode.
Task
2. Create a policy map and enter policy-map configuration mode. y <policy-map-name>: The name of a policy-map. 3. Specify the class to which the policy map applies and enter policy-mapclass configuration mode. y <class-name>: The name of the class to which the policy map applies. 4. Specify the value and type of the field to change. y cos <value>: Specify the value of the CoS field (0 ~ 7). y dscp <value>: Specify the value of the DSCP field. (0 ~ 64). y ip-prec <value>: Specify the value of the IP precedence field(0 ~ 7).
This example configure remarking feature to set the CoS field to 7 of the traffic class class1 in the policy map policy1:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class1 (config-pmap-c)# mark cos 7 (config-pmap-c)#
Configuring QoS
9-25
Configuring QoS
Command qos policy-map <policymap-name> class <class-name> 1. Enter QoS configuration mode.
Task
2. Create a policy map and enter policy-map configuration mode. y <policy-map-name>: The name of a policy-map. 3. Specify the class to which the policy map applies and enter policy-mapclass configuration mode. y <class-name>: The name of the class to which the policy map applies. 4. Select the filtering method of the traffic class. y deny: Discard the traffic. y permit: Forward the traffic. y to-proc: Send the traffic to the CPU.
filter {deny|
permit|to-proc}
This example configure to discard the traffic class class2 in the policy map policy1:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class2 (config-pmap-c)# filter deny (config-pmap-c)#
9-26
Configuring QoS
The following is a procedure for specifying the user-defined priority for a traffic class:
Table 9-6 Specifying a priority of a traffic class in a policy map
Task
This example assigns the queue with the priority of 7 to the traffic class class4 in the policy map policy1:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class4 (config-pmap-c)# priority 7 (config-pmap-c)#
Configuring QoS
9-27
Configuring QoS
Command
Task 4. Specifies the limited rate to be applied to traffic of the class in the specific policy-map y <target-rate>: Average rate to be applied to the traffic which meets the condition of the class(0 ~ 1000000Kbps). The value must be in increments of 64 kbps.
rate-limit rate
<target-rate>
Note : Policing can be applied to a specific port as well as a specific traffic class. Entering the rate-limit
commandin the QoS configuration mode sepcifies the target bandwdith to be applied to both incoming and outgoing traffic through a port. How to configure policing for a port will be described later in this chapter.
This example specifies the target bandwidth of the traffic class class5 to apply the rate limiting in the policy map policy1:
(config)# qos (config-qos)# policy-map policy1 (config-pmap)# class class5 (config-pmap-c)# rate-limit rate 640 (config-pmap-c)#
9-28
Configuring QoS
Command qos service-policy <service-name> policy-map <policy-map-name> [input-port <port-type> <slot>/<port>] [output-port <port-type> <slot>/<port>] end show service-policy [<service-name>] write memory
Task 1. Enter the QoS configuration mode. 2. Attach a policy map to an input port or an output port, to be used as the service policy for that port. y <service-name>: Name of the service map. y <policy-map-name>: Name of the policy map to be applied. y input-port: Attach the policy map to input traffic. y output-port: Attach the policy map to output traffic. y <port-type>: Type of the port (gigabitethernet, fastethernet). y <slot>/<port>: Slot number(1~8) and port number (1~4) of the port. 3. Return to the Privileged mode. 4. Verify the service policy configuration. y <service-name>: Name of the service map. 5. Save the configuration changes.
Note: the port designated when defining service policy is the aggregated ID. In other words, if port
number 1/1 and port number 1/2 are tied with LACP, QoS rules can be applied to port number 1/1, the representative port of these two ports (aggregated ID), and they cannot be applied to port number 1/2. Of course, the rules that apply to port number 1/1 will also apply to number 1/2. Additionally, the QoS rules that applied to each port before being tied with LACP are no longer valid after they are tied with LACP. However, the moment they are released from the LACP, the previous QoS rules apply. For more detailed information regarding LACP, please refer to Chapter 14 Port Trunking (LACP) setting.
Configuring QoS
9-29
Configuring QoS
This example applies the policy map named policy1 to the Gigabit Ethernet port 1/2 and verifies the configuration:
(config)# qos (config-qos)# service-policy service1 policy-map policy1 input-port gigabitethernet 1/2 output-port gigabitethernet 1/2 (config-qos)# end # show service-policy ServicePolicy -------------------------------------------------Name Linked PolicyMap Port(In ) Port(Out) Total Entries = 1 # write memory Building Configuration... [OK] : service1 : policy1 : 1/2 : 1/2
9-30
Command qos 8021p enable 8021p user-priority <priority> vlan <vlan-id> [port <port-type> <slot>/<port>] end show user-priority write memory
Task 1. Enter QoS configuration mode. 2. If necessary, enable 802.1p class of service on the system. 3. Assigns the priority to the specific VLAN interface. y <priority>: The priority (0 ~ 7) y <vlan-id>: VLAN ID (1 ~ 4094) y <port-type>: Type of the port (gigabitethernet, fastethernet). y <slot>/<port>: Slot number and port number of the port. 5. Return to the privileged mode. 6. Verify the assigned CoS value. 7. Save the configuration changes.
Note : If you do not specify the port, assigned priority are applied to all ports in the specified VLAN.
The following example shows how to assign a priority of 6 to the Gigabit Ethernet port 1/1 which belongs to the default VLAN:
(config)# qos (config-qos)# 8021p user-priority 6 vlan 1 port gigiabitethernet 1/1
Configuring QoS
9-31
(config-qos)# end # show user-priority Default User Priority -------------------------------------------------Entry[ 1] Vlan Priority Port # : : : 1 6 1/1
9-32
Command qos rate-limit input-port <port-type> <slot>/<port> [output-port <porttype> <slot>/<port>] rate <target-rate> end show rate-limit 1. Enter QoS configuration mode.
Task
2. Configure the maximum bandwidth of a specific port. y input-port: Applies rate limiting on an input port. y output-port: Applies rate limiting on a output port. y <port-type>: Type of the port (gigabitethernet, fastethernet). y <slot>/<port>: Slot number and port number of the port. y <rate>: The maximum bandwidth (0 ~ 1000000Kbps, in 64Kbps step). 3. Return to Privileged mode. 4. Verify the configuration.
The following example shows how to configure input rate limiting for the class:
(config)# qos (config-qos)# rate-limit input-port fastethernet 3/1 output-port fastethernet 3/1 rate 24000 (config-qos)# end # show rate-limit RateLimit -------------------------------------------------Rate Port(In ) Port(Out) Total Entries = 1 # : 24000 : 3/1 : 3/1
Configuring QoS
9-33
Configuring Shaping
Shaping is a function that limits bandwidth with buffering when traffic that is bigger than target traffic rate flows into a queue. The traffic that is more than target traffic rate is stored into the buffer. If there is enough bandwidth to transmit, the stored traffic is transmitted. To configure shaping in the Corecess R1P-SW24, use following commands.
Table 9-11 Configuring Shaping
Command qos shaping output-port <port-type> <slot>/<port> rate <target-rate> end show shaping 1. Enter QoS configuration mode.
Task
2. Configure shaping for traffic that transmits through the specified output port. y <port-type> Port type (fastethernet, gigabitethernet) y <slot>/<port> Slot number and port number y <targe-rate> Target bandwidth (1~1000000Kbps, in 64Kbps step) 3. Return to Privileged mode. 4. Verify shaping configuration.
The following example shows how to configure shaping for the traffic that is transmitted through the Gigabit Ethernet port 1/1.
(config-qos)# shaping output-port gigabitethernet 1/1 rate 128000 (config-qos)# end # show shaping Shaping -------------------------------------------------Shaping Port(In ) Port(Out) Total Entries = 1 # : 128000 : : 1/1
9-34
Command 8021p user-priority class-map dhcp-offer filter discard filter mark netbios filter discard policy-map priority rate-limit rate-limit service-policy weight
Function Assigns the priority for 802.1p class of service to a port or a VLAN Enters the class-map configuration mode to configure class maps. Filters the DHCP server packets received from the specified port. Configures filtering a class of traffic which belongings to a policy map. Configures the remarking feature which modifies the CoS, IP precedence, or DSCP field of a traffic class. Filters the NetBIOS packets received from the specified port. Enters QoS policy map configuration mode to configure the QoS policy map. Specifies the priority of a traffic class during network congestion condition. Configures the rate limiting to a traffic class. Applies the rate limiting feature to the specified port. Defines a service policy to attach a policy map to the input/output ports. Specifies the ratio of the bandwidth to be assigned to a traffic class.
Configuring QoS
9-35
9-36
Chapter 10
Configuring Security
This chapter describes how to configure security features on the Corecess R1P-SW24.
9 Configuring Password and Session Timeouts 10-2 9 Configuring Access Lists 10-6 9 Configuring Packet Filtering 10-11 9 Security Configuration Commands 10-23
Configuring Password
You can provide access control on a terminal line by entering the password and establishing password checking.
Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers. New password: ******** Re-enter new password: ******** Password changed. >
Enter the new password. Enter the new password again.
The User mode is signified on the system by the > prompt. In this mode, you can enter a variety of commands to view statistics on the system, but you cannot change the configuration of the system.
10-2
After setting the Privileged mode password, you should enter the password to go to the Privileged mode from user mode as follows:
> enable Password: R1PSW24
Privileged mode is signified by the # prompt. In the Privileged mode, you can enter all commands to view statistics and configure the system.
#
The privileged mode prompt
Configuring Security
10-3
Password Encryption
All passwords on the system can be viewed by using the write terminal command in Privileged mode. You can hide clear-text passwords by storing passwords in an encrypted manner so that anyone entering write terminal commands will not be able to determine the clear-text password. The following example shows how to encrypt a user password and display the password on the terminal line:
# configure terminal (config)# username guest passwd guest (config)# end # write terminal Building configuration... Current configuration: ! ! version ! hostname localhost username guest passwd 8 $1$$ysap7EeB9ODCrO46Psdbq/ : : 0.75
10-4
Session Timeouts
The timeout for an unattended telnet session provides an additional security measure. If the telnet line is left unattended in Privileged mode, any user can modify the system configuration. The default timeout for an unattended telnet session is 10 minutes. To change the login timeout, enter the following command in the global configuration mode:
Table 10-1 Changing timeout for an unattended telent session
Task 1. Enter the VTY-line configuration mode. 2. Set the login timeout.
Configuring Security
10-5
Server B
R1P-SW24 Access list x Source IP address : 172.20.128.64 x Permit/deny : Permit x Flow : Out Host A IP: 172.20.128.10 Host B IP: 172.20.128.64
In the above example, the access list allows access from the 172.20.128.64 host. Therefore the host B connected to the Corecess R1P-SW24 can access to the Server A or Server B and the host A cant access to the Servers.
10-6
Task 1. Enter the Global configuration mode. 2. Configure an ACL with the IP addresses you want to allow or deny to access the system. y <list-number>: Number of the standard access list (1 ~ 99, 1300 ~ 1999) y permit: Permits the frame whose source address matches the condition. y deny: Denies the frame whose source address matches the condition. y dynamic: Permits the frame whose source address matches the condition dynamically. y <source-ip>: The IP address of the source network or host in hexadecimal form (xxx.xxx.xxx.xxx). y <wildcard>: Wildcard bit to be applied to <sourceip>. The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros. Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value matches. y host: Indicates only the specified IP address for which the access actions are available. y any: Configures the policy to match on all host addresses. 3. Return to the Privileged mode. 4. Verify the defined access lists.
Note: x The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros. Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value matches. For example, the <source-ip> and <wild-card> values 209.157.22.26 0.0.0.255 mean that all hosts in the Class C sub-net 209.157.22.x match the policy. x The packets that do not match any entries in an access list are denied.
Configuring Security
10-7
The following example shows how to define an access list which permit the access from hosts in the specified network:
# configure terminal (config)# access-list 1 permit 192.5.34.0 0.0.0.255 (config)# access-list 1 permit 128.88.0.0 0.0.255.255 (config)# access-list 1 permit 36.0.0.0 0.255.255.255 (config)# end # show access-list Standard IP access list 1 permit 192.5.34.0, wildcard bits 0.0.0.255 permit 128.88.0.0, wildcard bits 0.0.255.255 permit 36.0.0.0, wildcard bits 0.255.255.255 #
The following example shows how to define an access list which deny the access from the specified host:
# config t (config)# access-list 2 deny host 171.69.198.102 (config)# access-list 2 permit any (config)# end # show access-list Standard IP access list 2 deny # 171.69.198.102 permit any
10-8
Task 1. Enter the VTY-line configuration mode. 2. Apply the access lists to terminal line. y <list-number>: Number of an IP access list (1 ~ 99, 1300 ~ 1999). y in: Restricts incoming connections between the system and the addresses in the access list. y out: Restricts outgoing connections between the system and the addresses in the access list. 3. Return to Privileged mode. 4. Save the configuration.
The following example shows how to apply the access list to terminal line. The Corecess R1PSW24 allows Telnet access to all IP addresses except the hosts listed in access list 2.
(config)# line vty (config-line)# access-class 2 in (config-line)# end # write memory Building Configuration... [OK]
The following example show how to apply the access list to terminal line. The Corecess R1PSW24 denies connections to networks other than network 192.89.55.0:
# configure terminal (config)# access-list 12 permit 192.89.55.0 0.0.0.255 (config)# line vty 0 5 (config-line)# access-class 12 out (config-line)# end # write memory Building Configuration... [OK]
Configuring Security
10-9
Note : To remove access restrictions, use the no access-class <list-number> {in | out} command.
Command configure terminal snmp-server group access <list-number> end write memory
Task 1. Enter the global configuration mode. 2. Apply the access list to SNMP access. y <list-number>: Standard access list number (1 ~ 99, 1300 ~ 1999) 3. Return to the privileged mode. 4. Save the configuration changes.
The following example shows how to apply the access list to SNMP access. The Corecess R1PSW24 allows SNMP access to all IP addresses except the hosts listed in access list 2.
# configure terminal (config)# snmp-server group access 2 (config)# end # write memory Building Configuration... [OK]
10-10
Packet Filtering
Type of Packet Filtering
The Corecess R1P-SW24 supports the following types of packet filtering:
server.
10-11
- The destination MAC address - The source MAC address - The destination IP address - The source IP address - The destination TCP port number (0 ~ 65535) - The source TCP port number (0 ~ 65535) - The destination UDP port number (0 ~ 65535) - The source UDP port number (0 ~ 65535)
10-12
Internet or LAN
DHCP server
DHCP server
DHCP server
To discard the all DHCP OFFER packets, enter the following command in Global configuration mode:
Table 10-5 Filtering DHCP offer
Command qos dhcp-offer filter discard [port <port-type> <slot>/<port>] end show dhcp-offer-filter write memory
Task 1. Enter QoS configuration mode. 2. Configure the specified port to filter DHCP OFFER packets received. y <port-type>: Type of the port (fastethernet, gigabitethernet) y <slot>/<port>: Slot number and port number of the port. 3. Return to Privileged mode. 4. Display the ports configured to filter the DHCP packets received from hosts. 5. Save the changed configuration.
Configuring Security
10-13
The following example configures to discard all the DHCP OFFER packets received:
(config)# qos (config-qos)# dhcp-offer filter discard (config-qos)# end # show dhcp-offer-filter Dhcp Offer Filter Ports -------------------------------------------------Discard # : All Ports
10-14
Ethernet Switch
Internet or LAN
Corecess R1P-SW24
Host
Host
To filter the packet of file and resource sharing protocol, use the following commands.
Table 10-6 Filtering File and Resource Sharing Protocol
Command qos
Task 1. Enter QoS configuration mode. 2. Set to deny receiving particular protocol packets.
apple-filesharing-protocol filter discard netbios filter discard [port <port-type> <slot>/<port>] rendezvous filter discard upnp filter discard end show running-config
2-1. Refuse Apple FileSharing packets. This command is applied to all ports. 2-2. Refuse NetBIOS packet received to the specified port. y <port-type> Port type (fastethernet, gigabitethernet) y <slot>/<port> Slot number and port number 2-3. Refuse Rendezvous packets. This command is applied to all ports. 2-4. Refuse UPnP packets. This command is applied to all ports. 3. Return to Privileged mode. 4. Verify the filtering configuration.
Configuring Security
10-15
The following example shows how to filter the file and resource sharing protocols received to all ports.
(config)# qos (config-qos)# apple-filesharing-protocol filter discard (config-qos)# netbios filter discard (config-qos)# rendezvous filter discard (config-qos)# upnp filter discard (config-qos)# end # show running-config . . ! qos netbios filter discard rendezvous filter discard apple-filesharing-protocol filter discard upnp filter discard hsrp filter discard ! . .
10-16
Task 1. Enter QoS configuration mode. 2. Set default traffic to be refused. 3. Return to Privileged mode. 4. Verify the filtering configuration..
The following example shows how to refuse default traffic that is not classified with class map.
(config)# qos (config-qos)# default traffic deny (config-qos)# end # show default-traffic-policy Default QoS Traffic Policy -------------------------------------------------Deny #
Configuring Security
10-17
10-18
Command qos class-map <class-map-name> match ip-da <destination-ip> <wildcard> match ip-sa <source-ip> <wildcard> match tcp-dpn <tcp-port-num> match tcp-spn <tcp-port-num> match udp-dpn <udp-port-num> match ucp-spn <udp-port-num> end show classmap [<class-map-name>] write memory
Task 1. Enter the QoS configuration mode. 2. Create a class map and enter class-map configuration mode. y <class-map-name>: Class map name. 3. Specify the destination IP address as a match criterion of a class map. y <destination-ip>: The destination IP address y <wildcard>: Wildcard bit to be applied to <dest-ip>. 4. Specify the source IP address as a match criterion of a class map. y <source-ip>: The source IP address y <wildcard>: Wildcard bit to be applied to <source-ip>. 5. Specify the destination TCP port number as a match criterion of a class map. y <tcp-port-num>: The destination TCP port number (0 ~ 65535) 6. Specify the source TCP port number as a match criterion of a class map. y <tcp-port-num>: The source TCP port number (0 ~ 65535) 7. Specify the destination UDP port number as a match criterion of a class map. y <udp-port-num>: The destination UDP port number (0 ~ 65535) 8. Specify the source UDP port number as a match criterion of a class map. y <udp-port-num>: The source UDP port number (0 ~ 65535) 9. Return to the Privileged mode. 10. Verify the class map configuration. 11. Save the configuration changes.
The following example shows how to create a class map and define a classification criterion by using the destination IP address and the destination TCP port number:
(config)# qos (config-qos)# class-map class101 (config-cmap)# match ip-da 10.10.10.1 0.0.0.255 (config-cmap)# match tcp-dpn 25 (config-cmap)# end
Configuring Security
10-19
# show classmap class101 ClassMap -------------------------------------------------Name Match Content : class101 : ip-da : tcp-dpn # write memory Building Configuration... [OK] 10.10.10.1/0.0.0.255 25
10-20
Task 1. Enter the QoS configuration mode. 2. Create a policy map and enter the policy-map configuration mode. y <policy-map-name>: Name of a policy map to define. 3. Specify the class to which the policy map applies and enter the policy-map-class configuration mode. y <class-name>: Class map name. 4. Specify whether to filter the traffic class or not. y deny: Discards the class of traffic belonging to a policy map. y permit: Permits the class of traffic belonging to a policy map. 5. Return to the Privileged mode. 6. Verify the QoS policy. y <policy-map-name>: Name of a policy map to verify. 7. Save the configuration changes.
The following example shows how to define QoS policy that you want the system to filter that particular class of traffic:
(config)# qos (config-qos)# policy-map filter-policy (config-pmap)# class class101 (config-pmap-c)# filter deny (config-pmap-c)# end # show policymap filter-policy PolicyMap -------------------------------------------------Name Linked ClassMap Action # write memory Building Configuration... [OK] : filter-policy : class101 : Deny
Configuring Security
10-21
Command qos service-policy <service-policy-name> policy-map <policy-map-name> end show service-policy [<service-policy-name>] write memory
Task 1. Enter the QoS configuration mode. 2. Applies the service policy you specify to both inbound and outbound traffic. y <service-policy-name>: The name of a service policy. y <policy-map-name>: The name of a policy map to be applied. 3. Return to the Privileged mode. 4. Verify that the policy map is applied to the system. y <service-policy-name>: The name of a service policy. 5. Save the configuration changes.
The following example shows how to apply a policy map, filter-policy, to the inbound and outbound traffic:
(config)# qos (config-qos)# service-policy service1 policy-map filter-policy (config-qos)# end # show service-policy service1 ServicePolicy -------------------------------------------------Name Linked PolicyMap Port(In ) Port(Out) # write memory Building Configuration... [OK] : service1 : filter-policy : :
10-22
Command access-class access-list (Standard) apple-filesharingprotocol filter discard class class-map Default traffic deny dhcp-offer filter discard enable passwd exec-timeout filter match netbios filter discard passwd policy-map
Function Restricts incoming and outgoing connections between the Corecess R1P-SW24 virtual terminal and the addresses in an access list. Defines a standard IP access list using source addresses for filtering packets received/transmitted through the specific interface. Refuse the apple filesharing packets. Enters Policy-map class configuration mode to specify a previously created class map to be included in the policy map. Enters the class-map configuration mode to configure class maps. Discard all packets that is not classified by class map. Discards the all DHCP OFFER packets received (packets received through the UDP port 67). Sets the Privileged mode password. Sets the interval that the EXEC command interpreter waits until user input is detected. Configures filtering a class of traffic which belongings to a policy map. Specifies a match criterion for a class map. Filters NetBIOS packets Specifies or changes the CLI login password Enters QoS policy map configuration mode to configure the QoS policy map. Refuse rendezvous packets. Applies a policy map to all packets received or sent to the system. Limits hosts which can access to the system through SNMP based on the access list. Refuse UPnP packets.
Configuring Security
10-23
10-24
Chapter 11
This chapter describes how to configure IGMP snooping on the Corecess R1P-SW24. 9 IGMP (Internet Group Management Protocol) 11-2 9 Configuring IGMP Snooping 11-3 9 Configuring IGMP Information 11-10 9 IGMP Snooping Commands 11-14
11-2
The following example enables global IGMP snooping and disables IGMP snooping on the
VLAN 2:
(config)# ip igmp snoop (config)# no ip igmp snoop vlan id 2 (config)#
11-3
To disable IGMP snooping, use the no ip igmp snoop command in Global configuration mode:
(config)# no ip igmp snoop (config)# ip igmp snoop vlan id 2 (config)#
The following example adds the Gigabit Ethernet port 1/1 as a router port:
(config)# ip igmp snoop mrouter port gigabitethernet 1/1
11-4
(config)# end # show ip igmp snoop mrouter ---------port ---------internal 1/1 ------------------# ----vlan ----N/A 1 ----------------------router ip --------------0.0.0.0 0.0.0.0 -----------------------------
Total Number : 2
To remove a multicast router port, use the no ip igmp snoop mrouter command in Global configuration mode.
(config)# no ip igmp snoop mrouter port gigabitethernet 1/1 (config)#
Note: Multicast routers that support only IGMPv1 cannot process host membership report messages received
from devices that support IGMPv2. In addition, multicast routers which support only IGMPv1 cannot understand Leave messages, which are sent by hosts leaving multicast groups. Since there is no way for IGMP snooping devices, such as the Corecess R1P-SW24, to automatically recognize ports connected to these IGMPv1 multicast routers, the user must manually specify them.
11-5
This example shows how to enable IGMP fast-leave processing on the Gigabit Ethernet port 1/1:
(config)# ip igmp snoop fast-leave port gigabitethernet 1/1 (config)#
To disable IGMP fast-leave processing, use the no ip igmp snoop fast-leave command in Global configuration mode:
(config)# no ip igmp snoop fast-leave port gigabitethernet 1/1 (config)#
11-6
Note : This instruction is valid in state that IGMP snooping function does not act.
This example shows how to add the Fast Ethernet port 3/1 as a member of the group
(config)# ip igmp snoop mgroup 01:00:5e:00:02:03 port fastethernet 3/1 (config)# end # show ip igmp snoop ---vlan ---1 ------# ------------------ -----------------mac group 1:0:5e:0:2:3 ip group 0.0.0.0 ------------------ ----------------------------------- ----------------------------------- --------------------------- ------ports 1/1,3/1 type static ---------- ---------------- ---------------- -----------------timeout left -----------0 -----------------------
Total number : 1
To remove the port from the multicast group, use the no ip igmp snoop mgroup command in Global configuration mode.
(config)# no ip igmp snoop mgroup 01:00:5e:00:02:03 port fastethernet 3/1 (config)#
11-7
11-8
The following example shows how to specify the number of multicast groups for the Fast Ethernet port 3/1 to 2048 and verify the result:
(config)# ip igmp snoop group-number-limit 2048 port fastethernet 3/1 (config)# end # show ip igmp snoop port fastethernet 3/1 Port 3/1(3/1) BridgeIndex(65) (link down) ref(2) fast-leave (off), access-group (none) group(s): host(s): 0 stats : received (report/leave/query) 0/0/0 : sent (report/leave/query) 0/0/0 # static/dynamic/mrouter (0/0/0) limit(2048)
To restore the default value, enter the no ip igmp snoop group-number-limit command in Global configuration mode.
(config)# no ip igmp snoop group-number-limit port fastethernet 3/1 (config)#
11-9
The following example displays the multicast groups that are directly connected to the Corecess R1P-SW24 and that were learned via IGMP snooping:
# show ip igmp snooping ---vlan ---1 2 ------# --------------mac group --------------1:0:5e:64:64:65 ------------------------------------------group ip --------------239.100.100.101 -------------------------------------ports ---------1/1-2,2/1 3/1-4 ------------------------type ------static dynamic ------------------timeout ------N/A 240 -------------
0:a0:cc:77:a1:8d 224.1.2.3
Total number : 2
11-10
The following example displays the multicast groups for the default VLAN:
# show ip igmp snoop vlan id 1 ---vlan ---1 ------# --------------- --------------mac group group ip --------------- --------------1:0:5e:64:64:65 239.100.100.101 --------------- ----------------------------- -----------------------ports ---------1/1-2,2/1 ------------------------type ------static ------------------timeout ------N/A -------------
Total number : 1
The following table describes the fields in the show ip igmp snoop command output:
Table 11-1 show ip igmp snoop field descriptions
Filed vlan mac group group ip ports type VLAN ID of the multicast group. MAC Address of the multicast group.
Description
IP Address of the multicast group. In case of a static multicast group, 0.0.0.0 is displayed.
timeout left
How long in seconds until the entry is removed from the IGMP groups table. In
case of a static multicast group, 0 is displayed.
11-11
Total Number : 1
The following table describes the fields in the show ip igmp snoop mrouter command output:
Table 11-2 show ip igmp snoop mrouter field descriptions
Description Slot number and port number of the multicast router port ID of the VLAN that the multicast router port belongs to. IP address of multicast router that the multicast port is connected to. The number of multicast router ports that are registered to the system.
11-12
11-13
Command ip igmp snoop ip igmp snoop fast-leave ip igmp snoop group-number-limit ip igmp snoop membership timeout ip igmp snoop mgroup ip igmp snoop mrouter show ip igmp snoop show ip igmp bypass show ip igmp snoop fast-leave show ip igmp snoop host show ip igmp snoop membership show ip igmp snoop mrouter show ip igmp snoop port show ip igmp snoop statistics show ip igmp snoop summary
Description Enables IGMP snooping feature on the router. Enables IGMP immediately leave feature which is the router immediately removes a port when it detects an IGMP version 2 leave message on that port. Configure the maximum number of multicast groups that a port can belong to. Specifies IGMP group membership time which defines how long a group will remain active on an interface in the absence of a group report. Adds a port as a member of a multicast group. Configures a static router port. Displays the multicast groups with receivers that are directly connected to the router, and that were learned through IGMP snooping. Displays bypass mode information. Display the list of the VLANs and ports which IGMP immediately leave feature is enabled on Display hosts included in IGMP group. Displays IGMP group membership time which defines how long a group will remain active on an interface in the absence of a group report. Displays information on dynamically configured multicast router interfaces learned and manually
Display IGMP snooping information for each port. Display the IGMP snooping statistics information. Display the IGMP snooping summary information.
11-14
Chapter 12
This chapter describes how to configure DHCP snooping for the Corecess R1P-SW24 series to manage the DHCP traffic and ARP traffic.
9 DHCP Snooping 12-2 9 ARP Snooping 12-19 9 L2DhcpRelay 12-22
DHCP Snooping
DHCP Snooping
DHCP Snooping Overview
The DHCP server uses a client-server model that allocates IP address and other optional setup parameters to the client (host) when client is booting. These setup parameters are leased by the server to the client for a set amount of time. When the host is booted, TCP/IP stack within the host delivers the broadcast message (DHCPDISCOVER) acquires the IP address and subnet mask from a variety of other setup parameters. This starts message exchange between the DHCP server and the host. DHCP is composed of DHCP client, DHCP server, and DHCP relay agent. The DHCP client demands that the DHCP server allocates resources. The DHCP server allocates network resources according to the DHCP client requests. The DHCP relay agent newly delivers the request and reply packets between the DHCP client and the DHCP server. DHCP Client
Network resources IP
DHCP Server
address and so on
DHCPREQUEST
Server port relays the DHCP messages between the client ports and the transparent ports. No policy is applied to the server port. If no server port is specified, the DHCP messages will be sent to CPU.
12-2
DHCP Snooping
y Client port
Client port generates, deletes, or manages the dynamic binding entries using DHCP messages which are passed through and transmits the DHCP messages (DHCPDISCOVER, DHCPREQUEST, and so on) to the server ports. If there is no server port, client port sends the messages to CPU.
y Transparent port
Transparent port does the same functions as the client port. But no policy and limitation are applied. DHCP snooping uses the following filtering rules:
y System base rule
System base rule is the global filtering rule applied to the whole system. There are two system base rules, permit and deny. If the system base rule is set to deny, all packets except DHCP messages will be denied on all ports. If the system base rule is set to permit, all packets will be forwarded on all ports. The default system base rule is deny.
y Port base rule
Port base rule is the filtering rule applied to a specific port. It overrides the system base rule. There are two port base rules, permit and deny. If the port base rule is set to deny, all packets except DHCP messages will be denied on the specified port. If the port base rule is set to permit, all packets will be forwarded on the specified port.
The following picture illustrates the flow of the DHCP authentication process. From the viewpoint of DHCP server, the client sends the DHCPDISCOVER message using datalink-level broadcasting. When the server has allocated network resources (such as IP address), the DHCP server that received the DHCPDISCOVER message relays the DHCPOFFER message to the client. Then the client (if the client receives a reply from more than one server) selects a server, and relays the DHCPREQUEST. The DHCP server that received the DHCPREQUEST message sends the client the DHCPACK message which includes information about the allocated resources. Finally, the client uses this information to connect to the network.
12-3
DHCP Snooping
DHCP Client
DHCPDISCOVER
DHCPDISCOVER
DHCPOFFER
DHCPOFFER
DHCPREQUEST
DHCPREQUEST
DHCPACK
DHCPRELEASE
The switch drops DHCP packets if any of the following situations arises: y The switch receives a packet such as DHCPOFFER, DHCPACK, DHCPNAK from the DHCP server, or a DHCPLEASEQUERY packet from outside the network or firewall. y y The switch receives the packet on an unsecured connection, and the source MAC address and DHCP client hardware address do not coincide. The switch has received DHCPRELEASE or DHCPDECLINE message that has MAC address within the DHCP snooping binding table, but the data in the connection data in the binding table and the connection data of the received message do not coincide. y The switch has received DHCP packet with a relay agent IP address other than 0.0.0.0.
12-4
DHCP Snooping
DHCP snooping uses the following filtering rules: y System base rule The system base rule is a global filtering rule that applies to the entire system. There are two system base rules, permit and deny. If the system base rule is set to deny, all packets other than DHCP message packets will be denied in all ports. If the system base rule is set to permit, all packets will be transmitted in all ports. The default system base rule is deny. y Port base rule The port base rule is a filtering rule that applies to specific ports. This rule overrules the system base rule. There are also two port base rules, permit and deny. If the port base rule is set to deny, all packets other than DHCP message packets will be denied in a specific port. If the port base rule is set to permit, all packets will be transmitted in a specific port.
12-5
DHCP Snooping
DHCP Messages
These DHCP messages are used to determine the DHCP snooping action:
Table 12-1 DHCP snooping action according to DHCP message type
DHCP Snooping Action Forwards this message to the server port or the CPU. Forwards this message to the client ports. Forwards this message to the server port or the CPU. Forwards this message to the client ports.
When DHCP snooping is enabled, the system base rule is set to deny which means no packets can be received or sent except DHCP messages. The DHCP messages received from the client ports will be forwarded to the server port or the CPU. If the CPU detects DHCPACK message is received from the DHCP server, DHCP snooping saves the binding information (such as the MAC address, the IP address, the lease time, and so on) in the database, and then forwards the message to the client ports.
12-6
DHCP Snooping
Task 1. Enter the Global configuration mode. 2. Enable the DHCP snooping.
To disable DHCP snooping on the Corecess R1P-SW24, use the no ip dhcp snoop command in Global configuration mode.
(config)# no ip dhcp snoop (config)#
12-7
DHCP Snooping
Commands
Description Specifies DHCP snooping port. ( <port-type>: Type of the port to be configured as a DHCP snooping port. ( <slot>/<port>: Slot number and port number of the port to be configured as a DHCP snooping port.
( <snoopport-type>: Type of the DHCP snooping port. Select one of the following types: - client: Sets the specified port as a client port (default). - server: Sets the specified port as a server port. - transparent: Sets the specified port as a transparent port.
Note: If you enable DHCP snooping, all packets except DHCP messages will be discarded on all ports. If you do
not want to apply this limitation to a port, configure the port as a transparent port.
The following example specifies the Gigabit Ethernet ports 1/1-2 as a server port:
(config)# ip dhcp snoop port gigabitethernet 1/1-2 server (config)#
The following is example that compose 3/1 fastethernet port to DHCP Snooping port.
(config)# ip dhcp snoop port fastethernet 3/1 (config)#
12-8
DHCP Snooping
Task 1. Configure DHCP snooping filtering for the whole system. y permit: Disables the DHCP snooping filtering (all permit rule). y deny: Enables the DHCP snooping filtering (all deny rule). 2. Specify the type of DHCP snooping filtering rule. y <type>: The type of DHCP snooping filtering rule. - ip: Applies IP-based filtering rule. - mac: Applies MAC-based filtering rule. - non: DHCP session tracking mode
The following example shows how to enable DHCP snooping filtering for the whole system:
(config)# ip dhcp snoop port fastethernet 3/1 base-rule deny (config)#
The following example shows how to set the type of DHCP snooping filtering rule:
(config)# ip dhcp snoop port fastethernet 3/1 port-rule unicast (config)#
12-9
DHCP Snooping
Commands
Task 1. Configures DHCP snooping filtering rule for the specified port. y <port-type>: Type of the port to configure the filtering rule. y <slot>/<port>: Slot number and port number of the port to configure the filtering rule. y permit: Disables the DHCP snooping filtering (all permit rule). y deny: Enables the DHCP snooping filtering (all deny rule). 2. Configure the packet type allowed on the specified port. y <port-type>: Type of the port y <slot>/<port>: Slot number and port number of the port. y <packet-type>: The type of packets allowed on the port Select one of the followings: - all: all types of packets (multicast, unicast, and unknown unicast). - unicast: all types of packets except the multicast packets (unicast and unknown unicast). - strict-unicast: unicast packets only
12-10
DHCP Snooping
Description y drop: Ignores the information which is different from the existing information. y replace: Replace and forwards the information which is different from the existing information.
The following example shows how to change the information reforwarding policy to replace:
(config)# ip dhcp snoop information policy replace (config)#
Description Specify the maximum number of DHCP clients for a specific port. y <port-type>: Type of the port. y <slot>/<port>: Slot number and port number of the port. y <number>: Maximum number of the DHCP clients (1 ~ 255).
The following is example that specify maximum DHCP client's number on fastethernet 3/1 port.
(config)# ip dhcp snoop port fastethernet 3/1 clients-limit 10 (config)#
12-11
DHCP Snooping
Description Add a static DHCP snoop binding entry. y <port-type>: Type of the port to add a binding entry. y <slot>/<port>: Slot number and port number of the port. y <mac-addr>: MAC address of a DHCP client. y <ip-addr>: IP address of a DHCP client.
The following is example that add static binding entry on fastethernet 3/1 port.
(config)# ip dhcp snoop port fastethernet 3/1 static 0:4:23:24:bb:6f 10.10.10.1 (config)#
Description Clears all dynamic binding entries. y <port-type>: Type of the port to clear dynamic binding entries. y <slot>/<port>: Slot number and port number of the port.
The following is example that remove all dynamic binding entries from fastethernet 3/1 - 24 ports.
# clear ip dhcp snoop port fastethernet 3/1-24 * #
12-12
DHCP Snooping
n o p
Each field is expressed in the <field name:bits> form. Each part means location code (n), port information (o), and site code (p). You can set the location code and site code using the ip
dhcp snoop opt82-attr in Global configuration mode. If you set the Circuit ID for a port or
a PVC using ip dhcp snoop port circuit-id command, the Circuit ID is used for DHCP option 82 data instead of the above suboption format. The following figure shows the format of the suboption when you select NAS encoding:
Port type (1 byte) Version (1 byte) Reserved (2 bytes) NAS IP address (4 bytes) N/A (1 byte) Slot (1 byte) Port (2 bytes)
The following figure shows the format of the suboption when you select Switch encoding:
Type (1 byte) Length (1 byte) Ifindex (4 bytes) Type (1 byte) Length (1 byte) Switch-mac (6 bytes)
12-13
DHCP Snooping
To configure the information reforwarding policy, use the following command in Global configuration mode:
Table 12-10 Enabling DHCP option 82 data insertion
Command
Task 1. Enables DHCP option 82 data insertion. y atm-vc: DHCP option 82 field is encoded based on ATM-VC. y nas <ip-address>: DHCP option 82 field is encoded based on the IP address of NAS. y switch: DHCP option 82 field is encoded based on the interface index and MAC address of the switch. 2. When you select atm-vc option in the above step, set DHCP option 82 data using the following commands.
2-1. Sets DHCP option 82 data that is globally used. y location-code: Defines location code for ATM-VC encoding. ( site-code: Defines site code for ATM-VC encoding. ( <string>: Strings defining the specified attribute. 2-2. Sets DHCP option 82 data that is used for a specific port or PVC (Circuit ID). y <port-type>: Type of the port to set DHCP option 82 data. y <slot>/<port>: Slot number and port number of the port. y <channel>: The logical channel number of a PVC (1 ~ 8). y <string>: Strings defining the Circuit ID
Note: If you not specify the DHCP option 82 data for a port or a PVC (Circuit ID) using the ip dhcp snoop
port circuit-id command, the global DHCP option 82 data defined using the ip dhcp snoop opt82-attr command is used.
The following example shows how to enable the system to insert DHCP option 82 data based on ATM-VC and how set the location code and site code that is used globally:
(config)# ip dhcp snoop opt82 atm-vc (config)# ip dhcp snoop opt82-attr location-code 00120-DSL01-001 (config)# ip dhcp snoop opt82-attr site-code HRl-C (config)#
This example shows how to specify the Circuit ID for the fastethernet port 3/1:
(config)#ip dhcp snoop port fastethernet 3/1 (config)# circuit-id DSL1/04/01/0/35/01@MDF1
12-14
DHCP Snooping
Command show ip dhcp snoop binding {port <port-type> <slot>/<port> | vlan id <vlan-id> <ip-address>}
Description y <port-type>: Type of the port to display the IP address binding information y <slot>/<port>: Slot number and port number of the port. y <vlan-id>: VLAN ID (1 ~ 4094). y <ip-address>: IP address assigned to a DHCP client.
The following is the sample output from show ip dhcp snoop binding command:
# show ip dhcp snoop binding port fastethernet 3/1 port 2/1 IP address binding information Hardware address : 0:4:23:24:bb:6f, ip address: 10.10.10.1 client status : established, lease expiration : 3 minutes rule : permit is applied # operation status : request (2 minutes 39 seconds elapsed)
12-15
DHCP Snooping
The following is a sample output of show ip dhcp snoop binding command that shows summarized binded data.
# sh ip dhcp snoop binding dhcp snoop binding information for vlan 1 (B:binding, D:Discover, O:Offer, R:Request, A:Ack, S:Static) (d:decline, r:release, i:inform, n:nak) ------------------------------------------------------------------------Total entries = 0 dhcp snoop binding information for vlan 50 (B:binding, D:Discover, O:Offer, R:Request, A:Ack, S:Static) (d:decline, r:release, i:inform, n:nak) ------------------------------------------------------------------------Total entries = 0 dhcp snoop binding information for vlan 1000 (B:binding, D:Discover, O:Offer, R:Request, A:Ack, S:Static) (d:decline, r:release, i:inform, n:nak) ------------------------------------------------------------------------V1000-00:0b:5d:75:51:8c 0.0.0.0 V1000-00:03:47:7b:27:5c 0.0.0.0 V1000-00:90:a3:a4:00:02 0.0.0.0 V1000-20:e0:6c:39:32:11 0.0.0.0 V1000-00:50:fc:4d:99:0c 0.0.0.0 V1000-00:13:8f:42:b9:4d 0.0.0.0 . . on 3/8 none . . on 3/8 none . . on 3/8 none . . on 3/8 none . . on 3/8 none . . on 3/8 none
12-16
DHCP Snooping
Description y <port-type>: Type of the port to display the DHCP snooping information. y <slot>/<port>: Slot number and port number of the port to display the DHCP snooping information.
The following is the sample output from display dhcp snoop port command:
# show ip dhcp snoop port fastethernet 3/1 DHCP snooping port 3/1 is disable ref(3) type(L:A) link up, vlan 0, clients limit 10 (serviced 0) base port rule: deny, port snooping type: client port traffic rule: unicast port timer-id: off opt82 circuit-id (none)
12-17
DHCP Snooping
dhcp snoop violation information for vlan 50 violation information: last faked source ip/violation count(s)/good-time ------------------------------------------------------------------------Total entries = 0
12-18
ARP Snooping
ARP Snooping
Configuring ARP Snooping
This section describes the following ARP snooping configuration tasks:
y Enabling ARP snooping
Task 1. Enter the Global configuration mode. 2. Enable the DHCP snooping.
The following example shows how to enable ARP snooping on the Corecess R1P-SW24:
# configure terminal (config)# ip arp snoop (config)#
Note: To disable ARP snooping on the Corecess R1P-SW24, use the no ip arp snoop command in
Global configuration mode. (config)# no ip arp snoop (config)#
12-19
ARP Snooping
Task Configure secure-reply check type. y all: Check source and target address. y source: Check source address. y target: Check target address.
The following example shows how to set sanity check on the Corecess R1P-SW24:
(config)# ip arp snoop reply source (config)#
12-20
ARP Snooping
To configure secure-request type, use the following commands in Global configuration mode.
Table 12-16 Configuring Secure-Request Type
Commands configure terminal ip arp snoop request {broadcast| protected-broadcast| restrict-broadcast| secure-broadcast}
Task 1. Enter Global configuration mode. 2. Configure secure-request type. y broadcast: No ARP check. Broadcast ARP request. y protected-broadcast: Broadcast ARP requests to only sever and router ports. y restrict-broadcast: Check source address if source is valid or not. y secure-broadcast: Convert ARP request to unicast request.
The following example shows how to configure secure-request type on the Corecess R1P-SW24:
# configure terminal (config)# ip arp snoop request secure-broadcast (config)#
The following is the sample output from the show ip arp snoop table command:
# show ip arp snoop table ip arp snoop $Revision: 1.2 $ vlan 1 Status(A:Auth, R:Router, S:Static, I:Incomplete) vlan 1 total entries = 0 #
12-21
L2DhcpRelay
L2DhcpRelay
L2DhcpRelay is the fuction that relay DHCP packet to DHCP server in L2 Switch. Usually, When there is no DHCP server to subnet with client that receive actual IP, it is that 'L2Dhcprelay' relay packet between DHCP client and DHCP server. Therefore, this function acts in gateway. However, you should offer DHCP Relay function in L2 switch if it is situation that operate each DHCP server because several subnets share single gateway mounting and ISP exists in each subnet. In this case you need DHCP Relay function in L2 switch.
Command dhcp snoop l2-relay <id> gateway ip <ip> dhcp snoop l2-relay <id> helper-address <ip> Task To relevant vlan giaddr l2-relay that do <ip> action. To vlan that l2-relay is acting helper-address addition.
ip id ip id
The setting example is as follows; localhost# configure terminal localhost(config)# ip dhcp snoop localhost(config)# ip dhcp snoop l2-relay vlan id 10 gateway ip 10.1.1.254 localhost(config)# ip dhcp snoop l2-relay vlan id 10 helper-address 20.1.1.1 localhost(config)# ip dhcp snoop l2-relay vlan id 20 gateway ip 30.1.1.254 localhost(config)# exit Setting confirmation. localhost# show ip dhcp l2-relay Corecess L2-Relay Configurations -----------------------------------------------------------------VLAN 10 20 Status enable enable Helper-address 20.1.1.1 NULL ------------------------------------------------------------------
12-22
L2DhcpRelay
30 localhost#
disable
NULL
------------------------------------------------------------------
12-23
L2DhcpRelay
12-24
Chapter 13
Configuring AAA
This chapter describes how to configure PPPoE snooping and AAA(Autentication Authorization Accounting).
9 9 9 9
PPPoE Snooping 13-2 RADIUS Management 13-7 802.1X 13-11 Pass-through 13-19
PPPoE Snooping
PPPoE Snooping
This solution is designed for the PPPoE access method and is based on the Access Node implementing a PPPoE intermediate agent function in order to insert access loop identification. This functionality is described in the following. The PPPoE Intermediate Agent intercepts all upstream PPPoE discovery stage packets, i.e. the PADI, PADR and upstream PADT packets, but does not modify the source or destination MAC address of these PPPoE discovery packets. Upon reception of a PADI or PADR packet sent by the PPPoE client, the Intermediate Agent adds a PPPoE TAG to the packet to be sent upstream. The TAG contains the identification of the access loop on which the PADI or PADR packet was received in the Access Node where the Intermediate Agent resides. If a PADI or PADR packet exceeds 1500 octets after adding the TAG containing the access loop identification, the Intermediate Agent must not send the packet to the Broadband Network Gateway. In response to the received PADI or PADR packet, the PPPoE Intermediate Agent should issue the corresponding PADO or PADS response with a Generic-Error TAG to the sender.
PPPoE Client
PADI
PADI+tag ge
d msg
PADO
PAD O
PADS
P AD S
PADT
PADT
13-2
PPPoE Snooping
The concept of PPPoE Snooping function can know through above figure. Existent PPPoE Service could not send identification informations to PPPoE Server. PPPoE Snooping fuction can send message adding Circuit ID or Remote-ID from PPPoE client to server configured PPPoE or PPPoE+
0x0105 (Vendor-Specific)
TAG_LENGTH
0x00000DE9 or Corecess ID
0x01
length
0x02
length
PPPoE Snooping fuction send Corecess ID, Circuit ID and Remote-ID and so on to PPPoE or PPPoE+ server Using verdor-specfi-tag among one of TLV value
Configuring AAA
13-3
PPPoE Snooping
pppoe-snoop pppoe-snoop port <Port Type> <Port Number> server/client pppoe-snoop port <Port Type> <port Number> tag dsl
Enable PPPoE snooping. Sets up whether the port to be determined as .PPPoE snooping isServer Port or Client Port. The PPPoE snoop agent sets up the DSL tag.
The following is an example of PPPoE Snooping setup. (During DSL tag setup)
Localhost# configure terminal Localhost(config)# pppoe-snoop Localhost(config)# pppoe-snoop port fastethernet 3/7 server Localhost(config)# pppoe-snoop port fastethernet 3/1-3 client Localhost(config)# pppoe-snoop port fastethernet 3/1-3 tag dsl Localhost(config)# end
Task Enable the confirmation of Client Session currently at the PPPoE Snooping
The following is an example of confirming the PPPoE Snooping Client Session. Right_Router# show pppoe-snoop client session
13-4
PPPoE Snooping
PPPoE Snoop Session Client Codes: I :The client sends PADI and waits for PADO O :The server send PADO and waits for PADR R :The client sends PADR and waits for PADS S :The client receives PADS from the server T :PADT is sent by either the client or the server ---- ---- ---- ------------------- ------------------ ----- ------Slot Port Vid Client mac-address Server mac-address State Timeout 00:0X:XX:XX:XX:XX 00:0X:XX:XX:XX:XX IORS IORS 783377 482377 ---- ---- ---- ------------------- ------------------ ----- ------0003 0002 0000 00:X0:00:XX:XX:XX 0003 0001 0000 00:X0:00:XX:XX:XX Total PPPoE Snoop Sesson 2
The following is an example of setting up compatibility between PPPoE Snooping and Cisco equipment.
Localhost# configure terminal Localhost(config)# pppoe-snoop port fastethernet 3/1-3 compact cisco Localhost(config)# end
Configuring AAA
13-5
PPPoE Snooping
Commands configure terminal pppoe-snoop port <Port Type> <Port Number> circuit-id <WORD>
Task Enter Global configuration mode.. Configure ID entering to remote-id of PPPoE Packet to Client port to leave equipment. If it is configued to port, Each Circuit-ID has priority more than global ID
Commands configure terminal pppoe-snoop port <Port Type> <Port Number> remote-id <WORD>
Task Enter Global configuration mode. Configure ID entering to remote-id of PPPoE Packet to Client port to leave equipment. Remote-id is optional
The following is an example of setting up node-id, circuit-id and remote-id with PPPoe Snooping
Localhost# configure terminal Localhost(config)# pppoe-snoop port node-id Corecess Localhost(config)# pppoe-snoop port fastethernet 3/1 circuit-id Corecess_3_1_CIRCUIT_ID Localhost(config)# pppoe-snoop port fastethernet 3/1 remote-id Corecess_3_1_REMOTE_ID Localhost(config)# end
13-6
RADIUS Management
RADIUS Management
Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization, and accounting) protocol for controlling access to network resources by Server/Client method. Corecess R1P product series support RADIUS server and Proxy Server functions for Dot1x and PPPoE Authentication Service.
You register server using following commands. localhost(config)# realm corecess localhost(config)# realm corecess As following, you can confirm that servers are registered. localhost# show radius config RADIUS Configuration. ========================== Query time-out = 5 Max. # of retries = 5 <Authentication Server> = 192.168.10.1 corecess <Accounting Server> = 192.168.10.2 corecess ========================== @corecess @corecess radius acct-server ip 192.168.10.2 key corecess radius auth-server ip 192.168.10.1 key corecess
Configuring AAA
13-7
RADIUS Management
Accounting start
If do Accounting, you must enable function in relevant interface. You must execute command at interface node as follows. localhost(config-if)# aaa accounting If disable function, you use following command. localhost(config-if)# no aaa accounting
13-8
RADIUS Management
Interim-Report
Interim Report's execution availability and setting of time frame can do separatively in each interface. If you do following setting, it send Interim-Report to Accounting server every 5 minutes. localhost(config-if)# aaa accounting interim-report 300 If disable function, you use following command. localhost(config-if)# no aaa accounting interim-report
Framed-IP-Address
Subscriber can send attaching Internet Protocol Address that subscriber is using on accounting packet when offer L3 service. locahost(config)# radius accounting framed-ip-addr If disable function, you use following command. locahost(config)# no radius accounting framed-ip-addr
Nas-Port/Nas-Port-Type
Service Manager recognizes each subscriber of interface and apply setting of the interface to subscriber. These point businessman can configure account to unique policy by interface. The present subscriber attaches interface and type of relevant interface on Service Manager's accounting packet to help this. localhost(config)# radius accounting nas-port localhost(config)# radius accounting nas-port-type vlan 90 If disable function, you use following command.
Configuring AAA
13-9
RADIUS Management
Setting confirmation localhost# show running-config service-manager ! ! interface management ! interface vlan id 1 ! interface vlan id 200 radius-proxy port 1812 !
13-10
RADIUS Management
Parameters
* Shared Secret Each Proxy RADIUS Server processes RADIUS Client's Request that have unique Key and have Key that agree. Each interface has independent Key and can keep the best security state. localhost(config-if)# radius-proxy key corecess * realm-stripping RADIUS Proxy Server finds server to do Forwarding using Realm that is included in Request's User-name field that arrive. This time, you can remove request's user-name field realm that do forwarding. localhost(config-if)# radius-proxy realm-stripping * Access List Service Manager supports that register Access List by RADIUS Proxy Server of each interface and elutriate packet to control illegal RADIUS Client's access. localhost(config)# access-list 99 permit 192.168.123.0 0.0.0.255 localhost(config)# access-list 99 deny any localhost(config)# interface vlan id 200 localhost(config-if)# radius-proxy list 99 in
Configuring AAA
13-11
802.1X
802.1X
All the setting of 802.1X of Corecess products is on interfaces each. It means that each of interfaces gives us specific services. The 802.1X of Corecess products does not support the portbased athentication that certifies a specific port, but also supports mac-based athenitication that certifies subscribers each. The 802.1X of Corecess products can be configured per interfaces independently. The type of interfaces for configuring 802.1X is as follows;
y dot1x port-based : Setting 802.1X as port-based athentication y dot1x mac-based : Setting 802.1X as mac-based athentication localhost# localhost# configure terminal localhost(config)# interface vlan id 100 localhost(config-if)# dot1x port-based localhost(config-if)# end
13-12
802.1X
Setting confirmation localhost# show dot1x interface vlan100 L2 Address: 0:90:a3:0:0:3 quietPeriod = 60 reAuthMax = 2 txPeriod = 30 keyTxEnabled = Disabled reAuthPeriod = 3600 reAuthEnabled = Enabled localhost#
y nas-ip setting : Nas-ip of equipment for communication with radius server setting . y auth-server setting : Authentication server for authentication setting . y acct-server setting : Accounting server for accounting setting . localhost# configure terminal
Configuring AAA
13-13
802.1X
localhost(config)# radius nas-ip 10.1.1.254 localhost(config)# "com" localhost(config)# "com" radius auth-server ip 20.1.1.8 key "aaa" realm radius auth-server ip 20.1.1.7 key "aaa" realm
Parameters
y
Re-authentication
IEEE 802.1X can request re-autoentication about single subscriber. Setting of Re-authentication is as follows; localhost(config-if)# dot1x reauthentication vlan100) Reauthentication Enabled localhost(config-if)# dot1x timeout re-authperiod 1800 vlan100) Reauthentication Period = 1800 localhost(config-if)# dot1x max-reauth 5 vlan100) Maximum number of Reauthentication = 5 Whenever re-authperiod does expire, Corecess 802.1X sends EAP-Request Identity frame to subscriber and re-authentication does beginning (trigger). Once re-authentication beside such periodic re-authentication is available. Administrator can do as receive authentication newly using following command when catch abnormal operation from specification subscriber. localhost# configure terminal localhost(config)# dot1x re-authenticate a:b:c:d:e:f Subscriber at the same time that command is executed changes and begins authentication newly by state (unauthorized) that authentication does not become.
13-14
802.1X
* MAC Control Corecess 802.1X does access control by subscriber unit that physical port unit is not with that is described to white paper.This time, about specification subscriber, you can do fixed setting (Authorized/Unauthorized). localhost# conf t localhost(config)# inter vl id 100 localhost(config-if)# dot1x mac-control force-authorized a:b:c:d:e:f localhost(config-if)# dot1x mac-control force-unauthorized 0:0:ff:ee:aa While subscriber a:b:c:d:e:f becomes in authentication success state at the same time connection, 0:0:ff:ee:aa is impossible authentication. These setting can be terminated through following CLI command. Relevant subscriber passes through general IEEE 802.1X authentication procedure and receive authentication since the terminated moment. localhost(config-if)# dot1x mac-control auto 0:0:ff:ee:aa * Quiet Period & Tx Period The Quiet Period and the Tx Period do following function by FSM parameter of IEEE 802.1X.
Parameter Description Subscriber who fail in authentication can not begin new authentication during Quiet Period interval. After send EAP-Response, think that subscriber disappears in case there does not exist when sent as Tx Period.
Setting of each parameter is as follows; localhost(config-if)# dot1x timeout quiet-period 120 localhost(config-if)# dot1x timeout tx-period 60
Configuring AAA
13-15
802.1X
Status
Corecess 802.1X supplies following state information to administrator. y interface setting information y session(subscriber) information y statistics information localhost# show dot1x interface vlan100 L2 Address: 0:90:a3:0:0:3 quietPeriod = 60 reAuthMax = 2 txPeriod = 30 keyTxEnabled = Disabled reAuthPeriod = 3600 reAuthEnabled = Enabled localhost# show dot1x session
802.1X Session ---------------------------------------------------------------------0a:0b:0c:0d:0e:0f(static entry) Identity: Interface: vlan100 FORCE_AUTHORIZED REAUTH_INITIALIZE localhost# show dot1x statistics EAPoL ============================= Received Sent EAPoL Fail = 0 = 1 = 0
EAPoL Success = 1
13-16
802.1X
EAPoL Start
= 0
EAPoL Log-off = 0 EAPoL Resp/ID = 0 EAPoL Req/ID Length Error Last Version = 0 = 0 = 0 EAPoL Invalid = 0
Displays the current configuration of 802.1X Displays the 802.1X-enabled interface and configurations Lists the 802.1X Supplicants and their status Displays packet counts involved in 802.1X Turns on the debug flag Triggers the reauthentication of the 802.1X supplicant whose ethernet address is A:B:C:D:E:F Enable/Disables port-based dot1x Enable/Disables mac-based dot1x Enable/Disables reauthentication feature of IEEE 802.1X Re-authenticates the subscriber every chosen seconds Sets the subscriber's authentication status. force-authorized and force-unauthorized statically set the subscriber's status. auto, however, removes the statical setting of the subscriber Limits the maximum number of
Configuring AAA
13-17
802.1X
reauthentication per a subscriber. by multiplying the max-reauth and the reauthperiod, it is possible to know the maximum life time of each subscriber session
dot1x timeout quiet-period <0-300> dot1x timeout tx-period <1-300>
during quiet-period, any packet from the subscriber is ignored 802.1X Authenticator changes the status of the subscriber when tx-period expires since its last packet sent
13-18
Pass-through
Pass-through
Pass_through is the function that supports the cisco tunneling for the specific BPDU(Bridge Protocol Data Unit)of cisco and the general BPDU, when R1P products of Corecess are between cisco equipment. We support following commands for pass-through function.
commands port <port_type> <slot/port> pass-through cisco port <port_type> <slot/port> pass-through bpdu Description Configuring cisco tunnel about cisco bpdu to relevant port. Configuring cisco tunnel about normal bpdu to relevant port.
bpdu tunneling
It supports the cisco tunneling function for the general BPDU. If you configure this function on specific ports, set follwing command. localhost# configure terminal
Configuring AAA
13-19
Pass-through
localhost(config)# port vdsl 3/1 pass-through bpdu localhost(config)# exit Setting confirmation localhost# show run | include pass-through port vdsl 3/1 pass-through bpdu localhost#
13-20
Chapter 14
Configuring LACP
For high bandwidth connection, use trunking group which allows several ports to be connected together to operate as a single link. This chapter describes how to configure a trunking group by using LACP (Link Aggregation Control Protocol).
9 LACP (Link Aggregation Control Protocol) 14-2 9 Configuring Link Aggregation 14-4
14-2
y Odd number of port > Gigabit Ethernet port > Even number of port (Up Down) y The same add or even number : Higher number of port (Right Left) For example, if 1/1, 1/2, 1/3 and 1/4 ports aggregates, odd number of ports (1/1, 1/3) is selected properly, then higher port (1/3) is decided to the aggregated ID.
Configuring LACP
14-3
LACP Mode
You can enable the feature on an individual port basis, in active, passive, or passive manual mode.
y Active mode (Default)
When you enable a port for active link aggregation, the Corecess R1P-SW24 port can exchange standard LACP Protocol Data Unit (LACPDU) messages to negotiate trunk group configuration with the port on the other side of the link. In addition, the Corecess R1P-SW24 port actively sends LACPDU messages on the link to search for a link aggregation partner at the other end of the link, and can initiate an LACPDU exchange to negotiate link aggregation parameters with an appropriately configured remote port. y Passive mode When you enable a port for passive link aggregation, the Corecess R1P-SW24 port can exchange LACPDU messages with the port at the remote end of the link, but the Corecess R1P-SW24 port cannot search for a link aggregation port or initiate negotiation of an aggregate link. Thus, the port at the remote end of the link must initiate the LACPDU exchange. y Manual mode When you enable a port for manual link aggregation, you can manually configure aggregate links containing multiple ports
14-4
To configuring a dynamic aggregation link, one end of the aggregation link should be configured to LACP active mode and the other end of the aggregation link should be configured to LACP active or LACP passive mode.
Switch A Port X : LACP mode : Active Port Y : LACP mode : Active
Active Active Active Passive
To configure an aggregation link manually, both ends of the aggregation link should be configured to LACP manual mode.
Switch A Port X : LACP mode : Manual
Passive Passive
To assign the LACP admin key and set LACP mode, perform this task in the Privileged mode:
Table 14-1 Configuring link aggregation
Task 1. Go to the global configuration mode. 2. Assign LACP admin key and specify the LACP mode for the specific ports. y <key-num>: LACP key value (0 65535). y <port-type>: The type of the port. - fastethernet : Fast Ethernet port. - gigabitethernet : Gigabit Ethernet port. y <slot>/<port>: The slot number and port number of the port. y active: Enables active mode. y passive : Enables passive mode. y manual : Enables manual mode. You can manually configure an aggregation link, which will enable the aggregation of multiple ports without LACP protocol. 3. Return to the privileged mode. 4. Verify the configuration. y <port-type>: Type of the port to display the 802.3ad link aggregation configuration information. - fastethernet : Fast Ethernet port. - gigabitethernet : Gigabit Ethernet port. y <slot>/<port>: Slot number and port number.
end
Configuring LACP
14-5
The following example shows how to configure link aggregation parameters for the 1 Fast Ethernet port:
# configure terminal (config)# lacp key 10 port fastethernet 3/1 mode active (config)# end # show lacp port fastethernet 3/1 Link State: Port Index: Oper Mode: Actor Port Admin Key: Actor Admin State: Partner Port Admin Key: Partner Admin State: # write memory Building Configuration... [OK] # down 769 Active 10 0x07 769 0x06
14-6
* Actor key is the operational key value assigned to the port by the Actor. * Partner key is the operational key value assigned to the port associated with this link by the Partner.
To configure LACP partner key to be assigned to the port on the other side of the aggregation link, perform this task in the Privileged mode:
Table 14-2 Configuring LACP partner key
Command configure terminal lacp force-partner-key <key-num> port <port-type> <slot>/<port> end show lacp lag all
Task 1. Enter Global configuration mode. 2. Configure LACP partner key of the specified port. y <key-num>: Link aggregation to be assigned (1 ~ 65535). y <port-type>: The type of the port. - fastethernet : Fast Ethernet port. - gigabitethernet : Gigabit Ethernet port. y <slot>/<port>: The slot number and port number of the port. 3. Return to Privileged mode. 4. Verify the LACP configuration.
The following example assigns 15 to the port connected to the Fast Ethernet port 3/1 for link aggregation key:
# configure terminal (config)# lacp force-partner-key 15 port fastethernet 3/1 (config)# end # show lacp port fastethernet 3/1
Configuring LACP
14-7
Link State: Port Index: Oper Mode: Actor Port Admin Key: Actor Admin State: Partner Port Admin Key: Partner Admin State #
14-8
Switch A
Active <-----> Passive
Trunk group y Port : 2/1-4 on Switch A 2/1-4 on Switch B y LACP admin key : 33
Switch B
Switch A
The following shows how to configure link aggregation on the switch A:
Switch A # configure terminal Switch A(config)# lacp key 33 port fastethernet 3/1-4 mode active Switch A(config)# end Switch A# write memory Building Configuration... [OK] Switch A#
Switch B
The following shows how to configure link aggregation on the switch B:
Switch B# configure terminal Switch B(config)# lacp key 33 port fastethernet 3/1-4 mode passive Switch B(config)# end Switch B# write memory Building Configuration... [OK] Switch B#
Configuring LACP
14-9
14-10
Chapter 15
Configuring STP/RSTP
This chapter describes how to configure STP (Spanning Tree Protocol) on the Corecess R1PSW24.
9 Understanding STP 14-2 9 Configuring STP 14-8 9 Configuring RSTP 14-21 9 STP Configuration Commands 14-29
Understanding STP
Understanding STP
This section introduces some basic information on STP (Spanning Tree Protocol) and RSTP (Rapid STP).
STP Overview
Introduction
A network that has several paths for one destination is fault-tolerant. It is because packets can be transmitted through other paths even if one of paths can not be used on the network. But, loops might occur on the network. If a loop is occurs between two nodes, when packets are broadcasted, the packet transmission is repeated infinitely. Because of the loop, the network can be congested, then the network becomes instable. In the following network configuration, there are two paths from Switch A to Switch C. One of the path is path 2 connected directly and the other path is path 1 and path 2 through Switch B. A loop is formed in this network because multiple active paths exist between Switch A and Switch C. In this network, end stations might receive duplicate messages. For example, if Switch A broadcasts packets, Switch C broadcasts the received packets to Switch A, and Switch A broadcast the packets again.
Switch A
Path 1
Path 2
STP (Spanning Tree Protocol) prevents the loop on the network in which several paths are existed. STP defines a tree with a root switch. When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost settings determine which interface is put in the forwarding state and which is put in the blocking state. Spanning tree forces redundant data paths into a standby (blocked) state. Therefore, when traffic is processed, packets are only transmitted through paths of non-blocking state.
15-2
Understanding STP
If the path 3 is blocked in the network configuration mentioned previously, you can have a loop-free path between Switch A and Switch C as follows:
Switch A
Path 1 (Forwarding)
Path 2 (Forwarding)
Switch B
Path 3 (Blocking)
Switch C
Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at regular intervals. The switches do not forward these frames, but use the frames to construct a loop-free path. If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path.
Root Port
Root Port
Designated Switch
Designated Switch
Designated Port
Designated Switch
Configuring STP/RSTP
15-3
Understanding STP
When the switches in a network are powered up, each function operates as the root switch. Each switch sends a configuration BPDU through all of its ports. The BPDUs communicate and compute the spanning-tree topology. Each configuration BPDU contains this information: y Unique bridge ID of the switch that the sending switch identifies as the root switch y Spanning-tree path cost to the root y Bridge ID of the sending switch y Aging time of BPDU y Interface ID that transmits BPDU y Spanning tree timer values (Hello, Forward delay, Max-age)
Bridge ID determines the selection of the root switch. Each VLAN on the switch has a unique 8-
byte bridge ID; the two most-significant bytes are used for the switch priority, and the remaining six bytes are derived from the switch MAC address. The switch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch.
Path cost determines the selection of the root port and designated switch. The port that provides
the best path (lowest cost) when the switch forwards packets to the root switch is called the root port. The switch that provides the lowest path cost when forwarding packets from that LAN to the root switch is called the designated switch. The port through which the designated switch is attached to the LAN is called the designated port. BPDU has three spanning-tree timers (hello, forward delay, max age). The following table describes the timers that affect the entire spanning-tree performance:
Table 15-1 STP Timers
Description When this timer expires, the interface sends out a Hello message to the neighboring nodes. Determines how long each of the listening and learning states last before the interface begins forwarding. Determines the amount of time the switch stores protocol information received on an interface.
15-4
Understanding STP
y Learning: The port prepares to participate in frame forwarding. y Forwarding: The port forwards frames. y Disabled: The port is not participating in spanning tree because of a shutdown port, no link on the port,
or no spanning-tree instance running on the port.
Forwarding State
A port that STP is operating always starts at the blocking state. When a switch is initialized, the switch assumes that the switch is the root switch and transmits BPDU to connected devices through all ports. Ports of the blocking state discards all frames except BPDU. Ports that receive BPDU become the listening state. Ports of the listening state exchange BPDUs with other devices and select the root switch. Then, after forward delay time is passed, the listening state becomes the learning state.
Configuring STP/RSTP
15-5
Understanding STP
Ports of the learning state learn MAC addresses to transmit frames. Then, after forward delay time is passed, the learning state becomes the forwarding state. Frames that are received before ports become the forwarding state are discarded. After the forwarding, received frames are transmitted through ports. Ports of the disabled state do not participate in the spanning tree. These ports neither transmit or receive BPDUs and do not transmit frames.
Selecting Path
The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port based on the role of the port in the active topology. When two interfaces on a switch are part of a loop, the spanning-tree port priority and path cost settings determine which interface is put in the forwarding state and which is put in the blocking state. The port priority value represents the location of an interface in the network topology and how well it is located to pass traffic. The path cost value represents media speed. Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path.
15-6
Understanding STP
Configuring STP/RSTP
15-7
Configuring STP
Configuring STP
These sections describe how to configure spanning-tree features on the Corecess R1P-SW24.
Feature VLAN STP State Port STP State VLAN ID (Switch priority) Spanning-tree port priority 10Mbps Spanning-tree port cost 100Mbps 1Gbps 10Gbps Incoding method for port cost Hello time Timer Forward delay Max age Admin Edge STP Version
Default Setting RSTP is enabled by default on all VLANs. Disabled 32768 128 2,000,000 200,000 20,000 2,000 32 bit (1 ~ 200,000,000) 2 seconds 15 seconds 20 seconds Disabled RSTP version 2
15-8
Configuring STP
Command configure terminal stp vlan id <vlan-id> stp protocol-version stp vlan id <vlan-id> end show stp vlan {all | id <vlan-id>}
Task 1. Enter global configuration mode. 2. Enable STP on the specific VLAN. y <vlan-id>: VLAN ID (1 ~ 4094) 3. Set spanning tree protocol to STP. y <vlan-id> VLAN ID (1 ~ 4094) 4. Return to privileged mode. 5. Verify the STP configuration. y <vlan-id>: VLAN ID (1 ~ 4094)
Configuring STP/RSTP
15-9
Configuring STP
LAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: . . . #
Disable STP only if you are sure there are no loops in the network topology . When STP is disabled and loops are present in the topology, excessive traffic and indefinite packet duplication can drastically reduce network performance. To disable STP on a per-VLAN basis, enter the no stp vlan command in Global configuration mode. The following example shows how to disable STP on the VLAN whose ID is 1:
(config)# no stp vlan id 1 (config)#
If you disable STP on a VLAN, STP is disabled on all ports belongs to the VLAN.
15-10
Configuring STP
Task 1. Enter global configuration mode. 2. Enable STP on a specific Ethernet port. y <port-type>: The type of Ethernet port to enable STP on.
y <slot>/<port>: The slot number and port number of the Ethernet port. end 3. Return to privileged mode. 4. Verify the STP configuration. y <port-type>: The type of Ethernet port show stp port <port-type> <slot>/<port>
- fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port
y <slot>/<port>: The slot number and port number of the Ethernet port.
The following example enables STP on the port 1/1 and 3/1:
(config)# port gigabitethernet 1/1 stp (config)# port fastethernet 3/1 stp (config)# end # show stp port fastethernet 3/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: . . up enabled 32bit 65 0x08
Configuring STP/RSTP
15-11
Configuring STP
To disable STP on a specific port, enter the no stp port command in Global configuration mode. The following example disables STP on the Fast Ethernet port 3/1:
(config)# no stp port fastethernet 3/1 (config)#
Command configure terminal stp bridge-priority <priority> vlan id <vlan-id> end show stp vlan id <vlan-id>
Task 1. Enter global configuration mode. 2. Set the bridge ID for a specific VLAN. y <priority>: Bridge ID (0 ~ 65535). A higher numerical value means a lower priority; thus, the highest priority is 0. y <vlan-id>: VLAN ID (1 ~ 4094) 3. Return privileged mode. 4. Verify the STP configuration change. y <vlan-id>: VLAN ID (1 ~ 4094)
The following example shows how to set bridge ID for a VLAN to 3000 (hexa-decimal : 0x0BB8):
# configure terminal (config)# stp bridge-priority 3000 vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: Time since topology change: 2 enabled yes rstp(2) 32bit 0x0BB8-00905ACC0202 281(s)
15-12
Configuring STP
0 0x8000-00905ACC0202
To restore the bridge ID for a VLAN to the default priority (32768, hexa decimal : 0x8000), enter the no stp bridge-priority command in Global configuration mode:
(config)# no stp bridge-priority vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: Time since topology change: . . . # 2 enabled yes rstp(2) 32bit 0x8000-00905ACC0202 1968(s)
Configuring STP/RSTP
15-13
Configuring STP
Note: The default path cost for the Ethernet ports on the Corecess R1P-SW24 is derived from STP prottocol version and the media speed of the port as follows: Port Speed STP 100 19 4
If you want to rarely use a port that is high speed because of a lack of stability or other reasons, you specify high path cost of the port. To configure the path cost for an Ethernet port, perform this task in Privileged mode:
Table 15-7 Configuring the path cost
Task 1. Enter global configuration mode. 2. Set the path cost for a specific Ethernet port. y <port-type>: The type of Ethernet port. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port>: The slot number and port number to set the path cost. y <path-cost>: The port's cost as a path to the spanning tree's root bridge (STP: 1~65525) 3. Return to privileged mode. 4. Verify the STP configuration change. y <port-type>: The type of Ethernet port. y <slot>/<port>: The slot number and port number.
15-14
Configuring STP
The following example shows how to set the path cost for the Fast Ethernet port 2/1 running STP protocol:
(config)# port fastethernet 3/1 pathcost 10 (config)# end # show stp port fastethernet 3/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: Designated Path Cost: AdminEdge: # Recommand: We recommand that you set the path cost as follows according to the running STP prottocol version and the media speed of the port: Port Speed STP 50~ 600 10 ~ 60 3 ~ 10 1~5 up enabled 32bit 129 0x8 10 false
10Mbps 100Mbps
1Gbps 10Gbps
Configuring STP/RSTP
15-15
Configuring STP
Command configure terminal stp pathcost-encoding stp8021d1998 end show stp vlan id <vlan-id>
Task 1. Enter global configuration mode. 2. Configure the type of STP encoding mode. y stp8021d1998: Calculates STP cost using 16 bits. 3. Return to privileged mode. 4. Verify the STP configuration change. y <vlan-id>: VLAN ID (1 ~ 4094)
The following example shows how to configure the type of STP encoding mode to 16 bits:
(config)# stp pathcost-encoding stp8021d1998 (config)# end # show stp vlan id 1 1 enabled yes stpCompatible(0) 16bit 0x8000-00905ACC0201
VLAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: . . #
15-16
Configuring STP
Task 1. Enter global configuration mode. 2. Sets the spanning-tree port priority for a specified Ethernet port. y <port-type>: The type of Ethernet port. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port>: The slot number and port number of the Ethernet port. y <priority>: The value of the STP port priority (0 ~ 15, default:8) 3. Return to privileged mode. 4. Verify the STP configuration change. y <port-type>: The type of Ethernet port. y <slot>/<port>: The slot number and port number of the Ethernet port .
The following examples shows how to configure the port priority of the Fast Ethernet port 3/1 to 1:
(config)# port fastethernet 3/1 priority 1 (config)# end # show stp port fastethernet 3/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: . . up enabled 32bit 129 0x1
Configuring STP/RSTP
15-17
Configuring STP
The following example shows how to set STP hello timers to 5 seconds for a VLAN:
# configure terminal (config)# stp hello-time 5 vlan id 2 (config)# end # show stp vlan id 2
15-18
Configuring STP
To return the STP hello timers to the default value, use the no form of these command in Global configuration mode:
(config)# no stp hello-time vlan id 2 (config)#
The following example shows how to set STP forward delay timers to 20 seconds for a VLAN:
# configure terminal (config)# stp forward-delay 20 vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: Protocol Operation: . . Bridge HelloTime: . . # 5(s) Bridge ForwardDelay: 20(s) 2 enabled
To return the STP forward delay timers to the default value, use the no form of these command in Global configuration mode:
(config)# no stp forward-delay vlan id 2 (config)#
Configuring STP/RSTP
15-19
Configuring STP
The following example shows how to set STP max age timers to 25 seconds for a VLAN:
(config)# stp max-age 30 vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: . . HelloTime: ForwardDelay: Bridge MaxAge: Bridge HelloTime: Bridge ForwardDelay: . . # 2(s) 15(s) 25(s) 5(s) 20(s) 2
To return the STP max age timers to the default value, use the no form of these command in Global configuration mode:
(config)# no stp max-age vlan id 2 (config)#
15-20
Configuring RSTP
Configuring RSTP
This section describes how to configure RSTP on the Corecess R1P-SW24.
previous section.
Configuring STP/RSTP
15-21
Configuring RSTP
Command configure terminal stp vlan id <vlan-id> end show stp vlan {all | id <vlan-id>}
Task 1. Enter Global configuration mode. 2. Enable RSTP on a specified VLAN. y <vlan-id> VLAN ID (1 ~ 4094) 3. Return to Privileged mode. 4. Verify STP configuration.
The following example shows how to enable RSTP on the VLAN whose ID is 2:
# configure terminal (config)# stp vlan id 1 (config)# end # show stp vlan id 1 VLAN ID: Protocol Operation: STP version: Pathcost Encoding: BridgeID: Time since topology change: Topology changes: . . . # 1 enabled rstp(2) 32bit 0x8000-0001020000DB 1539(s) 0
15-22
Configuring RSTP
Disable RSTP only if you are sure there are no loops in the network topology . When RSTP is disabled and loops are present in the topology, excessive traffic and indefinite packet duplication can drastically reduce network performance. To disable RSTP on a per-VLAN basis, enter the no stp vlan command in Global configuration mode. The following example shows how to disable RSTP on the VLAN whose ID is 2:
(config)# no stp vlan id 1 (config)#
If you disable RSTP on a VLAN, STP is disabled on all ports belongs to the VLAN.
Configuring STP/RSTP
15-23
Configuring RSTP
Task 1. Enter Global configuration mode. 2. Set the path cost for a specific port.. y <port-type>: The type of Ethernet port. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port> slot/port number of a port y <path-cost> path cost of a port (1 ~ 200000000). 3. Return to Privileged mode. 4. Verify the configuration result.
The following example shows how to set the path cost for the Fast Ethernet port 3/2 to 20000:
(config)# port fastethernet 3/1 pathcost 20000 (config)# end # show stp port fastethernet 3/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: Designated Path Cost: AdminEdge: up enabled 32bit 129 0x8 20000 false
15-24
Configuring RSTP
Recommendation: We recommend that you set the path cost as follows according to the running RSTP
protocol version and the media speed of the port: Port Speed 10Mbps 100Mbps 1Gbps 10Gbps Range 200000 ~ 20000000 20000 ~ 2000000 2000 ~ 200000 200 ~ 20000
Configuring STP/RSTP
15-25
Configuring RSTP
Command configure terminal stp pathcost-encoding stp8021t2001 end show stp vlan id <vlan-id>
Task 1. Enter Global configuration mode. 2. Configure the type of RSTP encoding mode. 3. Return to Privileged mode. 4. Verify the configuration result.
The following example shows how to configure the type of STP encoding mode to 32 bits:
(config)# stp pathcost-encoding stp8021t2001 (config)#
15-26
Configuring RSTP
Command configure terminal stp protocol-version stp vlan id <vlan-id> end show stp vlan id <vlan-id>
The following example shows how to set spanning tree protocol to STP on the VLAN whose ID is 2:
(config)# stp protocol-version stp vlan id 2 (config)# end # show stp vlan id 2 VLAN ID: Protocol Operation: Root Bridge: STP version: Pathcost Encoding: BridgeID: . . .# 2 enabled yes stpCompatible(0) 32bit 0x8000-0001AB0DEF11
Reference: RSTP is automatically compatible with STP. When equipment with active RSTP receives STP BPDU from binded equipment, it also transmits STP BPDU instead of RSTP BPDU. Therefore, if RSTP is activated in the VLAN, it is not necessary to execute stp protocol-version stp command for compatibility
Configuring STP/RSTP
15-27
Configuring RSTP
Command configure terminal stp adminEdge port <port-type> <slot>/<port> end show stp port <porttype> <slot>/<port>
Task 1. Enter Global configuration mode. 2. Configures a port as an Edge port. y <port-type>: The type of Ethernet port. - fastethernet: Fast Ethernet port - gigabitethernet: Gigabit Ethernet port y <slot>/<port> The slot number and port number of the port 3. Return to Privileged mode. 4. Verify the configuration result.
The following example shows how to configure the Gigabit Ethernet port 3/1 as an Edge port:
(config)# stp adminEdge port fastethernet 3/1 (config)# end Corecess # show stp port fastethernet 3/1 Link State: Protocol Operation: Pathcost Encoding: Port Number(logical): Port Priority: AdminEdge: # up enabled 32bit 1 0x8 true
15-28
Command port pathcost port priority port stp show stp port show stp vlan stp adminEdge port stp bridge-priority stp forward-delay stp hello-time stp max-age stp pathcost-encoding stp protocol-version stp vlan
Description Sets the spanning-tree port path cost for the specified Ethernet port. Sets the spanning-tree port priority for the specified Ethernet port. Enables or disables STP(Spanning Tree Protocol) on the specified Ethernet port. Displays spanning-tree information for the specified port. Displays spanning-tree information for the specified VLAN interface. Configures a port as an Edge port. Sets the bridge ID for a VLAN. Sets the bridge forward delay for a VLAN. Sets the bridge hello time for a VLAN. Sets the bridge maximum aging time for a VLAN. Configures the type of Spanning Tree Protocol encoding mode. Configure the type of Spanning Tree Protocol mode to run for a specific VLAN. Enables the spanning tree algorithm for a specific VLAN.
Configuring STP/RSTP
15-29
15-30
Appendix A
Product Specifications
Appendix A describes the specifications of the Corecess R1P-SW24. 9 Hardware Specification A-2 9 Software Specification A-3
Hardware Specifications
Hardware Specifications
Table A-1 Corecess R1P-SW24 hardware specifications
Switching Fabric y Switching throughput y Performance y MAC address Memory y Main memory : 128MB (SDRAM) y Flash memory : 64MB(OneNAND) System Dimension and Weight y Size : 440 x 44 x 220mm (W x H x D) AC Power Supply y Frequency : 50/60Hz y Input Voltage : 100 ~ 240VAC y Input Voltage Range : 88 ~ 264VAC Temperature y Operating Range : -20 ~ 60(Commercial) (OPT-P1W -20 ~ 50C) -40 ~ 65(Industrial) y Storage Range : -30 ~ 75C Humidity y Operating Range : 10 ~ 95% (40C, non-condensing) Rack Installation Kit y Four binder-head screws Cables Packages y Console Cable (RJ-45 DB-9) Manual y Users Guide : 12.8Gbps full-duplex : 19Mpps (64 byte packets) : Maximum 16K (Layer 2)
Hardware
Operational Environment
A-2
Software Specifications
Software Specifications
Table A-2 Corecess R1P-SW24 software specifications
VLAN Function y Support Port based VLAN, IEEE 802.1q tagged VLAN (Maximum 254) y Support Spanning Tree and Multicast per VLAN Link aggregation Function y IEEE 802.3ad Link aggregation y Support the maximum 16 of aggregation Groups Multicasting Function y IGMP v2.0 y IGMP snooping QoS Function Function y Multi field packet classification y 802.1p CoS Marking, Reclassification y TOS Marking, Reclassification y DSCP Marking, Reclassification y Scheduling: SP (Strict Priority) Security Function y Access List y MAC Filtering y DHCP Filtering y NetBIOS Filtering Internet Access Function y NTP (Network Time Protocol)
Product Specifications
A-3
Software Specifications
(Continued)
Management Function y Console - Local : RJ-45 Console Port (Out-band) - Remote : Telnet and Web based Console (In-band) y CLI (In-band, Out-band) y NMS (ViewlinX Manager/EMS) Function y Port mirroring y SNMP v1/v2c y RMON - Group 1 (Statistics), Group 2 (History), Group 3 (Alarm), Group 9 (Events) - Extended RMON y System log file (configuration log) y Remote software upgrade (FTP/TFTP) y RFC 768 UDP y RFC 791 IP y RFC 792 ICMP y RFC 826 ARP y RFC 768 UDP y RFC 783 TFTPv2 y RFC 793 TCP y RFC 826 ARP y RFC 854 Telnet y RFC 951 BOOTP y RFC 1058 RIP v1 y RFC 1112 Host Extensions for IP Multicasting y RFC 1157 SNMPv1 y RFC 1165 NTP y RFC 1256 ICMP Router Discover Message y RFC 1349 Type of Service in the Internet Protocol Suite y RFC 1542 Clarifications and Extensions for the Bootstrap Protocol y RFC 2573 SNMP Applications y RFC 3195 Syslog y RFC 1901 SNMP v2 y RFC 2236 Internet Group Management Protocol, Version 2
IETF Standard
MIB
y CORECESS-BASIC-MIB y CORECESS-SMI y RFC 1213 MIB-II y RFC 1493 BRIDGE-MIB y RFC 1757 RMON-MIB y RFC 1907 SNMPv2-MIB
A-4
Appendix B
Appendix B describes the specifications of the ports on the Corecess R1P-SW24. In addition, the kinds and specifications of cables needed for the connection of each port. 9 Connector Specifications B-2 9 Cable Specifications B-4
Connector Specifications
Connector Specifications
RJ-45 Connector
10/100/1000Base-T Port
10/100/1000Base-T ports on the uplink modules have the 8-pin RJ-45 connector. The
cable used for connecting 10/100/1000Base-T port is twisted-pair cable with RJ-45
8 1
Pin 1 2 3 4
Signal Tx, Rx+ (1 pair) Tx, Rx- (1 pair) Tx, Rx+ (2 pair) Tx, Rx- (3 pair)
Pin 5 6 7 8
Signal Tx, Rx+ (3 pair) Tx, Rx- (2 pair) Tx, Rx+ (4 pair) Tx, Rx- (4 pair)
Console Port
1 8
The CONSOLE port on the front panel of the Corecess R1P-SW24L2B has an 8-pin RJ45 connector. The cable used for connecting console port is serial cable with an RJ-45 connector and a DB-9 at each end.
Pin 3 6 4 or 5
Signal Tx Rx GND
B-2
Connector Specifications
LC Connector
100Base-SX Port
100Base-SX ports on the downlink modules have Duplex LC connectors. The cable
used for connecting these LC connectors is multi mode fiber optic cable (transmitting/receiving wavelength: 850nm).
100Base-LX Port
100Base-LX ports on the downlink modules have Duplex LC connectors. The cable
used for connecting these LC connectors is Single mode fiber optic cable (transmitting/receiving wavelength: 1310nm).
1000Base-SX Port
1000Base-SX ports on the uplink modules have Duplex LC connectors. The cable used
for
connecting
these
LC
connectors
is
multi
mode
fiber
optic
cable
1000Base-LX Port
1000Base-LX ports on the uplink modules have Duplex LC connectors. The cable used
for
connecting
these
LC
connectors
is
Single
mode
fiber
optic
cable
SC Connector
1000Base-PX Port
1000Base-PX ports on the OPT-P1ES1CD module and OPT-P1EL1CD module have simplex SC connectors. The cable used for connecting these SC connectors is single
B-3
Cable Specifications
Cable Specifications
Twisted Pair Cable
The 10/100/1000Base-T ports on the uplink modules are connected by using twisted pair cables with RJ-45 connectors at both ends. There are two types of twisted pair cables: UTP (unshielded twisted pair) cable and STP (shielded twisted pair) cable. The following figure shows a twisted pair cable with RJ-45 connectors at both ends.
B-4
Cable Specifications
Connector
Interface
Fiber Optic Cable Single mode Multi-mode Single mode Multi-mode Single mode Single mode
Wave Length(nm) y Tx : 1310nm y Rx : 1490nm y Rx/Tx : 850nm y Rx/Tx : 1310nm y Rx/Tx : 850nm y Rx/Tx : 1310nm y Rx/Tx : 1530~1565nm
Simplex SC
1000Base-PX 100Base-SX
Duplex LC
OPT-P1W
Simplex SC
GW-PON
B-5
Cable Specifications
is
fiber-optic
cable
with
simplex
SC
connectors
at
both
ends
Caution : This document described general setup and connection of equipment. Did not describe about various
transceiver and compatibility of fiber optic connectors. Detailed item requires to technical support team (support@corecess.com)
B-6
Cable Specifications
Console Cable
Console cable is used to connect the console port to a console terminal (ASCII terminals or PCs equipped with terminal emulation programs). Console cable has an RJ-45 connector and a DB-9
connector at each ends.
Note: Before connecting the console port, ensure that console terminal is configured as follows:
Baud rate 9600 Data bit 8 Parity None Stop bit 1 Flow control None
B-7
Cable Specifications
B-8