Documente Academic
Documente Profesional
Documente Cultură
com
Legal Notices
Raisecom Technology Co., Ltd makes no w arranty of a ny ki nd w ith r egard t o t his manual,
including, but not l imited t o, t he i mplied w arranties of merchantability and fitness for a pa rticular
purpose. Raisecom Technology Co., Ltd shall not be held liable for errors contained herein or direct,
indirect, special, incidental or consequential damages in connection with the furnishing, performance,
or use of this material.
Warranty.
A copy of the s pecific warranty terms applicable to your Raisecom product and replacement pa rts
can be obtained from Service Office.
Copyright Notices.
Copyright 2007 Raisecom. All rights reserved.
No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any
means, e lectronic or m echanical, i ncluding phot ocopying a nd m icrofilm, w ithout pe rmission i n
Writing from Raisecom Technology Co., Ltd.
Trademark Notices
is the trademark of Raisecom Technology Co., Ltd.
Java is a U.S. trademark of Sun Microsystems, Inc.
Microsoft is a U.S. registered trademark of Microsoft Corporation.
Windows NT is a U.S. registered trademark of Microsoft Corporation.
Windows 2000 is a U.S. registered trademark of Microsoft Corporation.
Windows XP is a U.S. registered trademark of Microsoft Corporation.
Windows and MS Windows are U.S. registered trademarks of
Microsoft Corporation.
Contact Information
Technical Assistance Center
The Raisecom TAC i s av ailable t o all cus tomers w ho need technical as sistance w ith a R aisecom
product, technology, or, solution. You can communicate with us through the following methods:
Address: Building 2, No. 28 of the Shangdi 6th Street, Haidian District, Beijing 100085
Tel:
+86-10-82883305
Fax:
+86-10-82883056
Feedback
Comments a nd que stions a bout how t he ISCOM2924GF-4GE/4C system sof tware w orks a re
welcomed. Please review the FAQ in the related manual, and if your question is not covered, send
email by using the following web page:
http://www.raisecom.com/en/contact-us.html.
If you have comments on the ISCOM2924GF-4GE/4C specification, instead of the web page above,
please send comments to:
export@raisecom.com
CONTENTS
Chapter 1
Chapter 2
2.1
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2
2.3
2.4
2.5
Overview ------------------------------------------------------------------------------------------------------------------------------- 18
Configure TFTP auto-upload method------------------------------------------------------------------------------------------- 19
Upgrade system software by BootROM --------------------------------------------------------------------------------------- 20
Upgrade system software by FTP/TFTP -------------------------------------------------------------------------------------- 21
Checking configuration ------------------------------------------------------------------------------------------------------------- 22
2.6
2.7
2.8
2.9
2.10
Chapter 3
Ethernet -------------------------------------------------------------------------------------- 31
Overview----------------------------------------------------------------------------------------------------------------- 31
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.2
3.1
Ethernet interface-------------------------------------------------------------------------------------------------------------------- 31
MAC address forwarding table --------------------------------------------------------------------------------------------------- 32
VLAN ----------------------------------------------------------------------------------------------------------------------------------- 35
QinQ ------------------------------------------------------------------------------------------------------------------------------------ 36
VLAN mapping ----------------------------------------------------------------------------------------------------------------------- 37
STP/RSTP/MSTP ------------------------------------------------------------------------------------------------------------------- 38
Loopback detection ----------------------------------------------------------------------------------------------------------------- 42
Interface protection------------------------------------------------------------------------------------------------------------------ 43
Interface mirror ----------------------------------------------------------------------------------------------------------------------- 43
Layer-2 protocol transparent transmission ------------------------------------------------------------------------------------ 44
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.3
3.4
3.11
3.10
3.9
Configure MSTP------------------------------------------------------------------------------------------------------- 55
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.7.8
3.7.9
3.7.10
3.7.11
3.7.12
3.7.13
3.7.14
3.7.15
3.7.16
3.7.17
3.8
3.7
3.6
Configure QinQ-------------------------------------------------------------------------------------------------------- 50
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.5
3.11.4
3.11.5
3.12
3.13
Maintenance ------------------------------------------------------------------------------------------------------------ 68
Configure examples ------------------------------------------------------------------------------------------------- 69
3.13.1
3.13.2
3.13.3
3.13.4
3.13.5
3.13.6
3.13.7
3.13.8
3.13.9
3.13.10
Chapter 4
4.1
Routing --------------------------------------------------------------------------------------- 94
Overview----------------------------------------------------------------------------------------------------------------- 94
4.1.1
4.1.2
4.1.3
4.2
ARP ------------------------------------------------------------------------------------------------------------------------------------- 94
Layer-3 interface --------------------------------------------------------------------------------------------------------------------- 95
Routing --------------------------------------------------------------------------------------------------------------------------------- 95
4.3
4.4
4.5
4.6
Maintenance ------------------------------------------------------------------------------------------------------------ 99
Configuration examples-------------------------------------------------------------------------------------------- 99
4.6.1
4.6.2
4.6.3
Chapter 5
5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.2
5.3
5.4
5.5
Chapter 6
6.1
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.2
6.3
6.4
6.5
6.6
6.7
Chapter 7
7.6
Overview--------------------------------------------------------------------------------------------------------------- 141
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.5
7.4
Configure traffic rate limit over interface and VLAN --------------------------------------------------- 133
6.5.1
6.5.2
6.5.3
6.5.4
7.3
7.2
7.1
7.6.4
7.6.5
7.6.6
7.7
7.8
Chapter 8
8.1
8.2
8.3
8.4
8.5
8.6
8.7
Chapter 9
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.4
9.3
9.2
Overview--------------------------------------------------------------------------------------------------------------- 165
8.1.1
8.1.2
8.1.3
8.1.4
9.1
9.4.2
9.4.3
9.4.4
9.4.5
9.4.6
9.5
9.6
9.7
9.8
Overview--------------------------------------------------------------------------------------------------------------- 225
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
10.2
10.3
10.6
10.7
10.5
10.4
10.7.1
10.7.2
10.7.3
10.7.4
Chapter 11
11.1
11.9
11.8
11.7
11.6
11.5
11.4
11.3
Overview--------------------------------------------------------------------------------------------------------------- 259
11.1.1
11.1.2
11.1.3
11.1.4
11.1.5
11.1.6
11.1.7
11.1.8
11.1.9
11.1.10
11.1.11
11.1.12
11.1.13
11.2
11.9.2
11.9.3
11.9.4
11.13
11.14
11.15
11.16
11.17
11.17.1
11.17.2
11.17.3
11.17.4
11.17.5
11.17.6
11.17.7
11.17.8
Preface
About This Manual
This manual introduces primary functions of the configuration management software for RC series
products.
Organization
This manual is an introduction of the main functions of ISCOM2924GF-4GE/4C. To ha ve a qui ck
grasp of the using of the ISCOM2924GF-4GE/4C, please read this manual carefully. The manual is
composed of the following chapters:
Chapter 1 Overview
Chapter 2 Basic Configuration
Chapter 3 Ethernet
Chapter 4 Routing
Chapter 5 DHCP
Chapter 6 QoS
Chapter 7 Multicast
Chapter 8 Security
Chapter 9 Reliability
Chapter 10 OAM
Chapter 11 System Management
Appendix A Glossary Table
Appendix B Acronym
Compliance
The RC series products developed by Raisecom are strictly complied with the following standards as
well a s ITU-T, IEEE, IETF and related standards from other international telecommunication
standard organizations:
YD/T900-1997 SDH Equipment Technical Requirements - Clock
YD/T973-1998 SDH 155Mb/s and 622Mb/s Technical conditions of optical transmitter module and
receiver module
YD/T1017-1999 Network node interface for the Synchronous Digital Hierarchy (SDH)
YD/T1022-1999 Requirement of synchronous digital hierarchy (SDH) equipment function
YD/T1078-2000 S DH Transmission N etwork Technique R equirements-Interworking of N etwork
Protection Architectures
YD/T1111.1-2001 Technical R equirements of S DH Optical Transmitter/Optical R eceiver
Modules2.488320 Gb/s Optical Receiver Modules
YD/T1111.2- 2001 Technical Requirements of S HD Optical Transmitter/Optical R eceiver
Modules2.488320 Gb/s Optical Transmitter Modules
YD/T1179- 2002 Technical Specification of Ethernet over SDH
G.703 Physical/electrical characteristics of hierarchical digital interfaces
G.704 Synchronous frame structures used at 1544, 6312, 2048, 84 48 and 44 73 6 kbit/s hierarchical
levels
G.707 Network node interface for the synchronous digital hierarchy (SDH)
G.774 Synchronous di gital hi erarchy ( SDH) - Management i nformation m odel f or t he n etwork
element view
G.781 Synchronization layer functions
G.783 Characteristics of synchronous digital hierarchy (SDH) equipment functional blocks
G.784 Synchronous digital hierarchy (SDH) management
G.803 Architecture of transport networks based on the synchronous digital hierarchy (SDH)
G.813 Timing characteristics of SDH equipment slave clocks (SEC)
G.823 The control of jitter and wander within digital networks which are based on the 2048 kbit/s
hierarchy
G.825 The control of jitter and wander within digital networks which are based on the synchronous
digital hierarchy (SDH)
G.826 E nd-to-end e rror pe rformance pa rameters a nd o bjectives f or i nternational, c onstant bi t-rate
digital paths and connections
G.828 Error performance parameters and objectives for international, constant bit-rate synchronous
digital paths
G.829 Error performance events for SDH multiplex and regenerator sections
G.831 M anagement c apabilities of t ransport ne tworks ba sed on t he s ynchronous di gital hi erarchy
(SDH)
www.raisecom.com
User Manual
ISCOM2924GF-4GE/4C e nhanced
Descriptions
Login device (RJ45 Console/USB Console/Telnet/SHHv2)
Command line
Management files (BootROM/system files/configuration files)
Load and upgrade (TFTP autoloading, BootROM upgrade,
FTP/TFTP upgrade)
Time management
Interface management
Basic information (device name, switchover language mode,
save/delete configuration, device restart)
Task scheduling
Ethernet
Route
ARP
Layer-3 interface
Static route and default gateway
DHCP
DHCP client
DHCP Snooping
DHCP Option82 / DHCP Option61
www.raisecom.com
User Manual
Features
QoS
Descriptions
Trust priority
Flow classification (ToS priority, DSCP priority, CoS priority) and
Flow policy (Flow speed limit based on flow policy, redirection,
heavy label)
Internal priority and queue scheduling
Flow speed limit based on interface and VLAN (The maximum
speed:10Gbps, the minimum step: 8Kbps)
Multicast
Safety
ACL (999)
RADIUS authentication
TACACS+
Storm suppression
Reliability
OAM
System
SNMP
management
KeepAlive
RMON
Cluster management
LLDP
Extended OAM
Optical module digital diagnosis
System log
Alarm management
Hardware environment monitoring
Fan monitoring
CPU monitoring
Ping and Traceroute
Note: The four functions of STP, loopback detection, interface backup and Ethernet ring on device
may influence each other; it is recommended not to enable them simultaneously.
2
www.raisecom.com
User Manual
This chapter i ntroduces t he ba sic c onfiguration and configuration process about I SCOM2924GF
device and provides the related configuration cases.
Login device
Command line
Manage files
Upload and upgrade
Configure clock management
Configure interface management
Configure basic information for device
Configure task calling function
Configure watchdog
Configuration cases
Brief introduction
ISCOM2924GF s witch device can be configured and m anaged by the c ommand l ine C LI
(Command-Line Interface) mode or NView NNM network management mode.
ISCOM2924GF switch command-line mode has a variety of configuration modes:
Console mode: it must use Console mode in the first configuration; the device is in support of
RJ-45 Console port and USB Console port.
Telnet mode: log on through the Console mode, open Telnet service on the switch, configure
Layer-3 interface IP address, set t he us er na me and pa ssword and then take remote Telnet
configuration.
SSHv2 mode: before logging on the device through SSHv2, you need to login the device and
start the SSHv2 service through the Console interface.
When c onfiguring the device i n network management mode, you must f irst configure Layer-3
interface IP address by the command line mode, and then configure the device through NView NNM
network management platform.
Note: The manual configuration steps uses command line mode.
www.raisecom.com
User Manual
2.1.2.1
Figure 2-1 Login the device through PC connected with RJ45 Console port
www.raisecom.com
2.1.2.2
User Manual
2.1.3
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip if-number
Raisecom(config-ip)#ip address
ip-address [ ip-mask ] [ vlan-id ]
Raisecom(config-ip)#quit
4
Raisecom(config)#telnet-server accept
port { all | port-list }
Raisecom(config)#telnet-server close
terminal-telnet session-number
Raisecom(config)#telnet-server
max-session session-number
Telnet Client: When user connects PC terminal emulation program or Telnet client program
with the de vice, then telnet ot her device and configure/manage it. As Figure 2-6 shows,
Switch A is not only performed as Telnet Server but also provides Telnet Client.
www.raisecom.com
2.1.4
User Manual
Step
Configuration
Description
Default value
Prohibit
512bit
password
600s
20
22
Enable
Configuration
Description
Raisecom#config
Raisecom(config)#generate ssh-key
length
Raisecom(config)#ssh2 server
www.raisecom.com
Step
Configuration
Description
Raisecom(config)#ssh2 server
authentication {password|rsa-key}
Raisecom(config)#ssh2 server
authentication public-key
Raisecom(config)#ssh2 server
authentication-timeout period
Raisecom(config)#ssh2 server
authentication-retries times
2.1.5
User Manual
Raisecom(config)#ssh2 server
session session-list enable
Configuration
Description
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#user user-name
{ allow-exec | disallow-exec }
first-keyword [ second-keyword ]
2.1.6
Entry
Description
Raisecom#show telnet-server
www.raisecom.com
User Manual
0~4: visitor, users can execute the commands of ping, clear, and history, etc. in this level;
5~10: monitor, users can execute the command of show and so on;
11~14: operator, users can execute commands for different services like VLAN, IP, etc.;
15: administrator, used for system basic running commands.
Input enable command and correct password, then enter to privileged EXEC mode. The default
password is Raisecom.
Raisecom>enable
Password:
Raisecom#
In privileged E XEC m ode, i nput t he c ommand of config terminal to e nter gl obal c onfiguration
mode.
Raisecom#config terminal
Raisecom(config)#
Note:
Command line prompt "Raisecom" is the default host name. Users can use the command of
hostname string to modify the host name in privileged EXEC mode.
Some commands can be achieved both in global configuration mode and other modes, but the
accomplished functions are closely related to command line modes.
Generally, i n a c ommand line m ode, y ou c an go ba ck to t he pr evious l evel command line
mode by the com mand of quit or exit, but i n t he privileged EXEC mode, you need to use
disable command to go back to user EXEC mode.
Users can go back to privileged EXEC mode through end command from any command line
mode except the user EXEC mode or privileged EXEC mode.
Enter method
Description
Raisecom>
Privileged EXEC
mode
Raisecom#
Global configuration
mode
Raisecom(config)#
Physical layer
interface
configuration mode
Raisecom(config-port)#
10
www.raisecom.com
User Manual
Mode
Enter method
Description
Layer-3 interface
configuration mode
Raisecom(config-ip)#
VLAN
configuration mode
Raisecom(config-vlan)#
Traffic classification
configuration mode
Raisecom(config-cmap)#
Traffic policy
configuration mode
Raisecom(config-pmap)#
Traffic policy
configuration mode
binding with traffic
classification
Raisecom(config-pmap-c)#
Raisecom(config-aclmap)#
Aggregation group
configuration mode
Raisecom(config-aggregator)#
Service instance
configuration mode
Raisecom(config-service)#
EVC configuration
mode
Raisecom(config-evc)#
MST region
configuration mode
Raisecom(config-region)#
Profile configuration
mode
Raisecom(config-igmp-profile)#
Cluster
configuration mode
Raisecom(config-cluster)#
Raisecom#
Description
Up cursor key ()
www.raisecom.com
User Manual
Shortcut
Description
Backspace
Tab
Ctrl+A
Ctrl+C
Ctrl+D or Delete
Ctrl+E
Ctrl+K
Ctrl+X
Ctrl+Z
Space or y
Enter
Complete help
User can get complete help in the below three conditions:
Click ? in a ny c ommand mode to ge t a ll c ommands a nd their brief de scription under the
command view.
Raisecom>?
12
www.raisecom.com
User Manual
Display as below:
clear
Clear screen
enable
exit
help
history
List command
quit
terminal
Configure terminal
test
Test command
Input a c ommand and followed by a ? after one cha racter space, if the position of ? is
keyword, list all keyword and brief description.
Raisecom(config)#ntp ?
Display as below:
peer
refclock-master
server
Input a c ommand a nd followed by a ? after one cha racter space, if the position of ? is
parameter, list the range and brief description.
Raisecom(config)#interface ip ?
Display as below:
<0-14>
2.2.5.2
IP interface number
Partial help
User can get partial help in the below three conditions:
Input a character string and followed by a ?, the device will list all keywords start with the
character string under current mode.
Raisecom(config)#c?
Display as below:
class-map
clear
Clear screen
cpu
create
Input a c ommand a nd f ollowed by a c haracter s tring w ith ?, the de vice w ill lis t a ll
keywords start with the character string in the command of current mode.
Raisecom(config)#show li?
Display as below:
link-aggregation
link-state-tracking
Link aggregation
Link state tracking
Input t he f irst f ew l etters of a c ommand ke yword a nd c lick <Tab> key to s how c omplete
13
www.raisecom.com
User Manual
keyword. The precondition i s the input letters can identify the ke yword clearly, otherwise,
different ke ywords w ill be s hown c ircularly af ter cl ick <Tab> key c ontinued, user c an
choose the right keyword from them.
2.2.5.3
Description
% * Incomplete command.
% Unconfirmed command.
% Unknown command.
Note: If there is error prompt message mentioned above, please use the command line help message
to solve the problem.
Display characteristics
Command line interface provides the following display characteristics:
The help message and prompt message i n command line interface are di splayed in bot h
Chinese and English languages.
Provide pa use function when one time display message exceeds one screen, users have the
following options at this time, as shown in Table 2-1.
Table 2-1 Function keys description for command line message display characteristics
2.2.6.2
Function key
Description
Input Space or y
Input Enter
www.raisecom.com
User Manual
2.2.6.3
Configuration
Description
Configuration
Description
Raisecom>enable
Raisecom#history
www.raisecom.com
User Manual
Perform description text c ommand in physical layer interface mode to modify the i nterface
description; perform no de scription command to delete the interface description and restore
the default values.
Perform shutdown command in physical layer interface mode to disable an i nterface;
perform no shutdown command to enable an interface.
Perform vlan vlan-id command in global configuration mode to create a VLAN; perform no
vlan vlan-id command to delete a specified VLAN.
Perform terminal page-break enable command i n global c onfiguration m ode t o e nable
terminal page-break display message function; perform terminal page-break disable
command to prohibit terminal page-break display message function.
Note: Most configuration commands have default values, which often are stored by no option.
ram size:128M
testing...done
Description
www.raisecom.com
User Manual
Operation
Description
Configuration
Description
Raisecom#erase [ file-name ]
www.raisecom.com
User Manual
if there is no configuration files in memory, the device take the default parameters for initialization.
The device running configuration is called as current configuration.
User can modify device current configuration through command line. The current configuration can
be us ed as ini tial configuration when ne xt t ime pow er on, us er m ust us e c ommand write to save
current configuration into memory and form configuration file.
Please configure the configuration files management for device as below:
(All the following steps are optional and no sequencing.)
Step
Configuration
Description
Raisecom#erase [ file-name ]
Raisecom#write
Item
Description
Raisecom#show startup-config
Raisecom#show running-config
Overview
Uploading
In traditional, c onfiguration files a re loaded by serial port, it takes a long time to load for the low
speed and remote loading is unavailable. FTP and TFTP loading modes can solve those problems and
make operation more convenient.
ISCOM2924GF device is in support of TFTP auto-loading mode.
TFTP auto-loading means users get the device configuration files from server and then configure the
device. Auto-loading function allows configuration f iles to contain loading r elated c ommands f or
multiple c onfigurations l oading s o a s t o m eet file auto-loading r equirements i n c omplex ne twork
environment.
18
www.raisecom.com
User Manual
ISCOM2924GF provides several methods to confirm configuration file name in TFTP server, such as
input by manual, obtain by DHCP Client, use default configuration file name, etc. Besides, users can
assign certain denomination r ule f or configuration files and then, t he device confirms t he na me
according t o t he r ules a nd combines w ith i tself a ttribution ( device t ype, M AC a ddress, s oftware
version, etc.).
2.4.1.2
Upgrading
The device needs to u pgrade if user needs to i ncrease new features, opt imize functions or solve
current software version BUGs.
ISCOM2924GF device supports the following two upgrade modes:
Upgraded by BootROM
Upgraded by FTP/TFTP
2.4.2
Item
Description
Raisecom#config
Raisecom(config)#service config
tftp-server ip-address
Raisecom(config)#service config
filename rule [ rule-number ]
Raisecom(config)#service config
filename file-name
Raisecom(config)#service config
version { system-boot | bootstrap
| startup-config } version
Raisecom(config)#service config
overwrite enable
Raisecom(config)#service config
19
www.raisecom.com
2.4.3
User Manual
No.
Item
Description
Raisecom(config)#service config
trap enable
Operation
Log in device through serial port as administrator and enter Privileged EXEC
mode, reboot device by the command of reboot.
Raisecom#reboot
Please input 'yes' to confirm:yes
Rebooting ...
Raisecom#
begin...
ram size:128M
testing...done
Click <Space> key t o enter i nterface of [ raisecom] w hen the di splay s hows
Press space into Bootstrap menu..., then input ? to display command list:
[Raisecom]:?
?
- Reboot
20
www.raisecom.com
User Manual
Step
Operation
Input T to download through TFTP and replace system boot file, the display
information shows as below:
[Raisecom]:T
Index
Name
Size
---------------------------------------------------------1
ROS_5.0.0_ISCOM2924GF.1.20110825
-----------
5512f5
0
dev name:ISCOM2924GF
unit num:1
Done
Note: Make sure the input file name here is correct, the file name shouldnt be
longer than 80 characters.
4
2.4.4
Item
Description
Raisecom#write
Raisecom#reboot [ now ]
21
www.raisecom.com
2.4.5
User Manual
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show version
Default value
System time
default
UTC+8
+08:00
disable
Please configure time and time zone for the device as below:
Step
Configuration
Description
Raisecom#clock mode
{auxiliary|default|timestamp}
Raisecom#clock timezone { + |
- } hour minute timezone-name
22
www.raisecom.com
2.5.2
User Manual
Configuration
Description
Note:
When user set system time by manua, if the system uses DST, such as DST from 2 oclock
on the second Sunday, April to 2 oclock on the second Sunday, September every year, users
have to advance the clock one hour faster during this period, set time offset as 60 minutes and
from 2 oclock to 3 oclock on the second Sunday, April each year is an inexistent time. The
time setting by manual operation during this period shows failure.
The summer time in southern hemisphere is opposite to northern hemisphere, which is from
September to April of next year. If user configures start time later than ending time, system
will suppose it is in the Southern Hemisphere. That is to say, the summer time is the start time
this year to the ending time of next year.
2.5.3
Configure NTP
NTP (Network T ime P rotocol) i s a t ime s ynchronization pr otocol de fined by RFC1305, us ed t o
synchronize time between distributed time servers and clients. NTP transportation is based on UDP,
using port 123.
The pur pose of N TP i s t o synchronize a ll c locks i n a ne twork qui ckly a nd t hen the de vice c an
provide different a pplication over a unified time. Meanwhile, NTP can ensure very high accuracy,
with accuracy of 10ms around.
The device in support of NTP can not only accept synchronization from other clock source, but also
to synchronize other devices as a clock source.
ISCOM2924GF device adopts multiple NTP working mode for time synchronization:
Server/Client mode
In this mode, c lient sends c lock synchronization message to different servers. The server works i n
server m ode b y a utomation a fter r eceiving s ynchronization m essage a nd s end answering m essage.
The client received answering message and perform clock filer and selection, then synchronize it to
privileged server.
In this mode, client can synchronize to server but the server cannot synchronize to client.
Equity mode
23
www.raisecom.com
User Manual
In this mode, active equity send clock synchronization message to passive equity. The passive equity
works in passive mode by automation after receiving message and send answering message back. By
exchange message, the two sides build up equity mode. The active and passive equities in this mode
can synchronize each other.
The NTP default configuration is as below:
Function
Default value
no
inexistent
inexistent
0.0.0.0
Configuration
Description
Raisecom#config
Raisecom(config)#ntp server
ip-address [ version [ v1 | v2 | v3 ] ]
2.5.4
Configure SNTP
SNTP (Simple Network Time Protocol) is mainly used to synchronize switch system time with the
SNTP device tim e in the n etwork. The t ime s ynchronized by S NTP protocol i s Greenwich Mean
Time, which can be changed to local time according to system setting of time zone.
The SNTP default configuration is as below:
Function
Default value
inexistent
Configuration
Description
24
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Note: After configuring SNTP server address, the device will try to get clock information from SNTP
server every three seconds, and the maximum timeout for clock information is 10 seconds.
2.5.5
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show clock
[ summer-time recurring ]
Raisecom#show sntp
2.6.2
Function
Default value
1526Byte
Auto-negotiation
Interface speed
Auto-negotiation
2s
Disable
Interface status
Enable
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#system mtu
size
Raisecom(config)#interface
port port-id
Raisecom(config-port)#duplex
{ auto|full|half }
Raisecom(config-port)#speed
{auto|10|100|1000}
2.6.3
Configuration
Description
Raisecom#config
26
www.raisecom.com
2.6.4
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#flowcontrol
{ receive | send } { off | on }
2.6.5
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#shutdown
2.6.6
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#hostname name
Raisecom#language
{ chinese | english }
Raisecom#write
Save configuration.
Save configuration information to device after configuration,
and the new saved configuration information will cover the
original configuration information.
Without saving, the new configuration information will lose
after rebooting, and the device will continue working with the
original configuration.
Note: Use the command erase file-name to delete
configuration files, which cannot be restored, so please take
careful operation.
Raisecom#reboot [ now ]
Configuration
Description
Raisecom#config
28
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#command-string schedule-list
list-number
Configuration
Desription
Raisecom#watchdog enable
Raisecom#show watchdog
2.10.1.1
Networking requirement
As Figure 2-7 s hows be low, c onnect T FTP s erver with switch, configure auto-loading f unction i n
switch to let switch auto-loading configuration file f rom T FTP se rver. Hereinto, TFTP se rver IP is
192.168.1.1 and the denomination rule for configuration file name satisfies following conditions:
Device model is included in configuration file name
Integrated MAC address is included in configuration file name
Software version higher 2 bits is included in configuration file name
No in support of extension rule
29
www.raisecom.com
User Manual
2.10.1.2
Configuration steps
Step 1
Raisecom#config
Raisecom(config)#service config tftp-server 192.168.1.1
Step 2
Step 3
Step 4
Step 5
Raisecom(config)#service config
2.10.1.3
Show result
To view auto-loading configuration by the command of show service config:
Raisecom(config)#show service config
Auto upgrade :
Config server IP address:
Config filename rule:
enable
192.168.1.1
81650
ABC
1107290
:48:050
0000000
enable
disable
none
Operation states:
done
Result:
none
30
www.raisecom.com
User Manual
Chapter 3 Ethernet
This c hapter i ntroduces pr inciple a nd configuration procedure of E thernet f eatures, a lso pr oviding
related configuration applications:
Overview
Configure MAC address forwarding table
Configure VLAN
Configure QinQ
Configure VLNA conversion
Configure STP
Configure MSTP
Configure loopback detection
Configure interface protection
Configure interface mirror
Configure layer-2 protocol transparent transmission
Maintenance
Configuration Applications
3.1 Overview
3.1.1
Ethernet interface
With the highly f lexible, relatively s imple, easy t o i mplement f eatures, Ethernet has be come an
important LAN networking technology. Ethernet int erface is di vided into: E thernet e lectrical
interface and Ethernet optical interface.
ISCOM2924GF device i s n s upport of Ethernet electrical interface and Ethernet o ptical i nterface.
The s pecific interface mode depends on t he de vice, support s ituation of chip and achievement
situation of drive.
3.1.1.1
Auto-negotiation function
The m ain f unction of a uto-negotiation i s t o m ake t he devices i n both e nds of physical link to
automatically s elect the s ame working parameters through i nteraction information. The c ontent of
auto-negotiation mainly i ncludes dupl ex m ode, operating speed and flow cont rol p arameters, etc.
Once the negotiation is passed, the devices in both ends of link will be locked in the same duplex
mode and operating speed.
ISCOM2924GF-4C 10GE interface is only in support of full-duplex mode; ISCOM2924GF Combo
electrical interface and 10/100/1000BASE-T photoelectric conversion module auto-negotiation is in
support of 10M/100M/1000M operating s peeds, f ull-duplex a nd ha lf-duplex working mode
configuration.
31
www.raisecom.com
3.1.1.2
User Manual
Connecting cable
General standard Ethernet cabl e is di vided into direct-through cable MDI ( Medium D ependent
Interface) and cross-over cable MDI-X (Medium Dependent Interface cross-over). MDI provides
physic a nd c ircuit connections from terminal end to network trunk device. MDI-X offers the sa me
device (terminal to terminal) connection. The interface type of host and router is MDI, the port type
of hub a nd s witch is MDI-X. Generally, heterogeneous de vices i nterconnect with direct-through
cable, while similar devices interconnect with cr oss-over cable. Adaptive connection need not to
consider direct-through cable or cross-over cable.
ISCOM2924GF Ethernet connection is in support of adaptive MDI / MDI-X.
3.1.2
3.1.2.1
3.1.2.2
32
www.raisecom.com
User Manual
1
Message purpose
MAC D
Local MACMAC A
Local portPort 1
2
Search MAC address table
MAC
D
Interface
Port 4
VLAN
1
PC A
PC C
Switch
PC B
PC D
3
Forward message according to
the interface in MAC address
forwarding table
3
Receive message
correctly
PC A
PC C
Switch
PC D
3.1.2.3
www.raisecom.com
User Manual
entry.
Static MAC address table entry: also called permanent address, added and removed by the
user manually, does not age with time. For a network with small device change, adding static
address table entry manually can reduce the network broadcast traffic, improve the security of
the i nterface a nd prevent ta ble e ntry f rom losing after the system re set, interface b oard hot
swapping or interface board reset.
Dynamic M AC addres s t able entry: the switch can add dynamic M AC address t able ent ry
through MAC address learning mechanism or manual establishment by users. The table entry
will be aged according to the aging time configuration, and be empty after he system reset,
interface board hot swapping or interface board reset.
ISCOM2924GF i s i n s upport of t he m aximum 32k dy namic M AC addresses a nd 1 00 s tatic M AC
addresses.
3.1.2.4
3.1.2.5
3.1.2.6
www.raisecom.com
User Manual
MAC address learning amount limit is mainly used to restrict the size of MAC address forwarding
table and improve the forwarding speed of switch chip.
You can control the MAC address forwarding table entry number maintained by Ethernet switch by
setting the maximum nu mber of MAC address learnt in the Ethernet interface or sp ecified VLAN.
When the number of MAC address learnt in interface or specified VLAN reaches the threshold set by
the user, the interface will no longer take the restriction to the MAC address learning or other VLAN
messages.
3.1.3
3.1.3.1
VLAN
VLAN overview
VLAN (Virtual Local Area Network) is a protocol to solve Ethernet broadcast and security problem.
It is a layer-2 isolation technique that divides a LAN into different broadcast domains by logic but
not by ph ysics, t hen t he different br oadcast dom ains can w ork a s v irtual gr oups w ithout a ny
influence from one another. Looking from the function, VLAN has the same features as LAN, but
members in one VLAN can access one another without restriction by physical location. As shown in
Figure 3-3:
35
www.raisecom.com
3.1.3.2
User Manual
Interface
type
Access
Tag message
VLAN IDdefault
VLAN ID, receive the
message
VLAN IDdefault
VLAN ID, discard the
message
Trunk
3.1.4
Default VLAN ID is
included in interface permit
passing VLAN ID list,
receiving the message and
adding default VLAN Tag.
QinQ
QinQ ( also know n a s Stacked VLAN or Double V LAN) technique is a n e xtension f or 802. 1Q
defined in IEEE 802.1ad standard.
3.1.4.1
Basic QinQ
Basic QinQ is a simple layer-2 VPN tunnel technique, which encapsulate outer VLAN Tag for user
private network message at carrier access end, then the message takes double VLAN Tag to transmit
through ba ckbone ne twork ( public ne twork) of c arrier. In publ ic ne twork, m essage j ust be
transmitted in accordance with outer VLAN Tag (namely the public network VLAN Tag), the user
private network VALN Tag is transmitted as data in message.
www.raisecom.com
User Manual
Typical networking of basic QinQ is shown as Figure 3-4, ISCOM2924GF is PE (Provider Edge).
The message is transmitted to PE device from user device, and the VLAN ID of message tag is 100.
The message will be printed outer tag with V LAN 200 when pa ssing through PE device user side
interface and then enter PE network.
The VLAN 200message is transmitted to PE device on the other end by PE, and then the other PE
will strip the outer tag VLAN 200 and send it to user device. So the message returns to VLAN 100
tag.
This technique can s ave pu blic ne twork V LAN I D r esource. Users can m ark out pr ivate ne twork
VLAN ID to avoid conflict with public network VLAN ID.
3.1.4.2
Flexible QinQ
Flexible Q inQ i s an enhancement of ba sic Q inQ, which classifies f low accor ding to user da ta
features, then encapsulate d ifferent t ypes f low into different outer V LAN t ag. This technique is
realized by combination of interface and VLAN. Besides the functions of basic QinQ, flexible QinQ
can perform different action on different VLAN Tag received by one interface and add different outer
VLAN ID for different inner VLAN ID. According to configure mapping rule for inner and outer Tag,
users can encapsulate different outer Tag for different inner Tag message.
Flexible QinQ function makes c arrier ne twork structure m ore f lexible. Customers can classify
different t erminal us ers at a ccess de vice i nterface accor ding to VLAN Tag and then, encapsulate
different outer Tag for different class users. In public network, customer can configure QoS pol icy
according t o out er T ag a nd configure data t ransmission priority f lexibly so as to m ake us ers i n
different class receive the corresponding services.
3.1.5
VLAN mapping
The main function of VLAN mapping is to replace private network VLAN Tag in Ethernet service
message b y car rier V LAN Tag, m ake t he m essage be t ransmitted i n c arrier V LAN m apping r ule.
When the message is mapped from carrier network to peer customer private network, restore VLAN
mapping to original pr ivate network VLAN Tag by t he s ame r ule so t hat the m essage can ar rive
destination correctly. The VLAN mapping principle is shown in Figure 3-5:
www.raisecom.com
User Manual
3.1.6
3.1.6.1
STP/RSTP/MSTP
STP
With the increasing complexity of network structure and growing number of switches in the network,
the E thernet ne twork l oops become t he most prominent pr oblem. Because of the packet broadcast
mechanism, network loop will make the network generate network storm, exhaust network resources,
and have serious impact to the normal data forwarding. The network storm caused by network loops
is shown in Figure 3-6.
Figure 3-6 Sketch map of network storm caused by network loops circuit
STP (Spanning Tree P rotocol) is c ompliant to IEEE 802.1d s tandard and us ed t o r emove da ta
physical loop in data link layer in LAN.
STP running device can interact BPDU (Bridge Protocol Data Unit) packet with each other for the
election of root switch and selection of root port and designated port. It also can block loop interface
in the de vice logically according to the selection results, eventually trimming the loop ne twork
structure to t ree ne twork s tructure without l oop w hich t akes a de vice a s r oot, s o a s t o pr event the
continuous proliferation and limitless circulation of packet in loop network from causing broadcast
storm a nd a void declining packet pr ocessing capacity caused by ceceiving the s ame packets
repeatedly.
The loop network diagram running STP is shown in Figure 3-7.
38
www.raisecom.com
User Manual
3.1.6.2
RSTP
For i mproving the low c onvergent speed of STP, IEEE 802.1w e stablishes RSTP (Rapid Spanning
Tree Protocol), which increase the mechanism to change interface blocking state to forwarding state,
speed up the topology convergence rate.
The purpose of S TP/RSTP is t o s implify a br idge c onnection L AN t o a uni tary s panning t ree i n
logical topology and so as to avoid broadcast storm.
The di sadvantages of S TP/RSTP e xposed w ith t he r apid de velopment of V LAN t echnology. The
unitary spanning tree simplified from STP/RSTP leads the below problems:
The w hole s witched network ha s onl y one s panning t ree, w hich w ill le ad to longer
convergence time in a larger network.
Waste of bandwidth since a link doesnt carry any flow after it is blocked;
Message of partial VLAN cannot be forwarded when network structure is unsymmetrical. As
shown in Figure 3-8, Switch B is root switch, RSTP protocol blocks the link between Switch
A and Switch C logically and make that the VLAN 100 message cannot be transmitted and
Switch A and Switch C cannot communicate.
39
www.raisecom.com
User Manual
3.1.6.3
MSTP
MSTP (Multiple Spanning Tree Protocol) is defined by IEEE 802.1s. Recovering the disadvantages
of S TP a nd RSTP, t he M STP realizes fa st convergence and distributes different VLAN flow
following its own path to provide an excellent load sharing mechanism.
MSTP di vides a s witch ne twork i nto m ultiple dom ains, c alled MST dom ain. Each M ST dom ain
contains s everal s panning t rees but t he t rees ar e i ndependent o ne an other. Each s panning t ree i s
called a MSTI (Multiple Spanning Tree Instance).
MSTP protocol introduces CST (Conmon Spanning Tree) and IST (Internal Spanning Tree) concepts.
CST refers to take MST domain as a w hole to calculate and generate a spanning tree. IST means to
generate spanning tree in internal MST domain.
Compared with STP and RSTP, MSTP also introduces total root (CIST Root) and domain root (MST
Region Root) concepts. The total root is a global concept; all switches running STP/RSTP/MSTP can
only ha ve one total r oot, which is the CIST R oot. T he domain root i s a l ocal c oncept, which is
relative to an instance in a domain. As Figure 3-9, all connected devices only have one total root, and
the number of domain root contained in each domain is associated with the number of instances.
40
www.raisecom.com
User Manual
www.raisecom.com
User Manual
Compared with the previous STP and RSTP, MSTP has obvious advantages, including cognitive
ability of VLAN, load balance sharing ability, similar RSTP port status switching ability as well as
binding multiple VLAN to one MST instance to reduce resource occupancy rate. In addition, MSTP
running devices in network are also compatible with the STP and RSTP running devices.
3.1.7
Loopback detection
The i nterface l oopback de tection f unction s olves i nfluence o n ne twork caused by s elf-loop or
external loop, and then improves network error-detection, error tolerance and stability.
Procedure of loopback detection:
Each i nterface of device sends loopback-detection message by interval (the interval is
configurable, by default is 4 seconds);
The device check source MAC field for interface received loopback detection packets, if the
source M AC i s i dentical t o device M AC, some i nterfaces of t he de vice form a l oop;
otherwise, discard the message;
It is self-loop if the sending interface ID is identical to receiving interface ID, shutdown the
interface;
It is external loop if the sending interface ID is identical to receiving interface ID, shutdown
42
www.raisecom.com
User Manual
the interface with bigger ID, and leave the smaller interface ID in UP status.
3.1.8
Interface protection
User needs to take layer-2 data isolation among different interface and add the interface to different
VLAN. S ometimes i nterfaces i n the s ame VLAN al so n eed to be t aken data is olation by interface
protection feature, which can isolate interfaces in one VLAN.
Through interface protection festure, user can enable the protection feature to interfaces needed to be
controlled to achieve the layer-2 data isolation and reach physical isolation effect among interfaces,
which improve network security and provide flexible networking solution to cutomer.
The packets among interfaces in a protection group cannot communicate after configuring interface
protection, but the communication between i nterfaces enabling interface protection and disabling
interface protection wont be influenced.
3.1.9
Interface mirror
Interface mirror func tion refers t o assign some packets m irror of s ource i nterface t o de stination
interface, i.e. the m onitoring i nterface without a ffecting t he nor mal pa cket f orwarding f unction.
Switch user can monitor the pa ckets s ending a nd r eceiving of one interface by t his f unction a nd
analyze the relevant network conditions.
www.raisecom.com
User Manual
3.1.10
44
www.raisecom.com
3.2.1.2
User Manual
Preconditions
N/A
3.2.2
3.2.3
Function
Default value
Enable
300s
unlimited
Configuration
Description
Raisecom#config
Raisecom(config)#mac-address-table static
unicast mac-address vlan vlan-id port port-id
Raisecom(config)#mac-address-table static
multicast mac-address vlan vlan-id port
port-list
Raisecom(config)#mac-address-table
blackhole mac-address vlan vlan-id
Raisecom(config)#mac-address-table
multicast filter { all | vlan vlan-list }
Note:
MAC address, multicast address, FFFF.FFFF.FFFF and 0000.0000.0000 of the device cannot
be configured as static unicast MAC address.
At present, the configurable static unicast MAC address amount of ISCOM2924GF device is
100.
3.2.4
Configuration
Description
Raisecom#config
Raisecom(config)#mac-address-table
learning { enable | disable } { port-list
{ all | port-list } | vlanlist vlan-list }
www.raisecom.com
3.2.5
User Manual
3.2.6
Step
Configuration
Description
Raisecom#config
Raisecom(config-port)#mac-address-table
threshold threshold-value
Raisecom(config-port)#mac-address-table
threshold threshold-value vlan vlan-id
Configuration
Description
Raisecom#config
3.2.7
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
46
www.raisecom.com
User Manual
3.3.1.2
Preconditions
Before configuring VLAN, users need to configure physical parameter for the interface to make the
status Up.
3.3.2
Default value
Create VLAN
Has VLAN 1
suspend
Interface mode
Access
Access VLAN
VLAN 1
VLAN 1
All VLAN
VLAN 1
47
www.raisecom.com
3.3.3
User Manual
Configuration
Description
Raisecom#config
Create VLAN.
The command can also be used to
create VLAN in batch.
Raisecom(config)#vlan vlan-id
Raisecom(config-vlan)#name vlan-name
Note:
The V LAN created by command vlan vlan-id is i n s uspend s tatus, us ers need t o us e
command state active to activate VLAN if they want to make it effective in system.
By default, there are two VLAN in system, the default VLAN (VLAN 1) and cluster VLAN
(VLAN 2) , a ll i nterfaces i n A ccess m ode be longed t o default V LAN. Both VLAN 1 and
VLAN 2 cannot be created and deleted.
By de fault, the de fault V LAN ( VLAN 1) is c alled Default; cluster VL AN ( VLAN 2) i s
called Cluster-Vlan. Other V LAN i s na med as VLAN plus 4 di gits V LAN ID, f or
example, VLAN10 is named VLAN0010 by default, VLAN4094 is named as VLAN4094
by default.
All configurations of VLAN are not effective until the VLAN is activated. When VLAN is in
suspend s tatus, us er can also configure the VLAN, s uch as d elete/add interface, s et V LAN
name, etc. The system w ill ke ep t he c onfigurations, once the V LAN is activated, the
configurations will take effect in the system.
3.3.4
3.3.5
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#switchport
mode { access | trunk }
Configuration
Description
Raisecom#config
www.raisecom.com
User Manual
Step
Configuration
Description
Note:
The interface permits Access VLAN packets passing regardless of configuration for VLAN
permitted by Access interface, the forwarded packets dont take with VLAN TAG.
When s etting Access VLAN, system w ill cr eate an d activate VLAN by a utomation if us er
hasnt created and activated VLAN in advance.
If us er de letes or s uspends Access VLAN by manual, system w ill s et t he i nterface A ccess
VLAN as default VLAN by automation.
When c onfiguring interface Access VL AN as no n-default Access V LAN, default Access
VLAN 1 is Access egress interface permitted VLAN, user can delete Access VLAN 1 from
permitted VLAN list of Access egress interface by deleting this VLAN.
If the configured Access V LAN is not default VLAN and there i s n o default V LAN in
permitted VLAN list of Access interface, the interface doesnt permit default VLAN packets
passing.
Permitted VLAN list of Access interface is only effective to static VLAN, and inefficient to
cluster VLAN, GVRP dynamic VLAN, etc.
3.3.6
Configuration
Description
Raisecom#config
Raisecom(config-port)#switchport trunk
allowed vlan { all | [ add | remove ] vlan-list }
Raisecom(config-port)#switchport trunk
untagged vlan { all | [ add | remove ] vlan-list }
Note:
The interface permits NATIVE VLAN packets passing regardless of configuration on Trunk
interface pe rmitted V LAN l ist a nd Untagged VLAN l ist, t he f orwarded pa ckets do nt ta ke
with VLAN TAG.
System will create and activate the VLAN if there is no VLAN was created and activated in
advance when setting Native VLAN.
System set the interface Trunk Native VLAN as default VLAN if user has deleted or blocked
Native VLAN by manual.
49
www.raisecom.com
User Manual
3.3.7
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
3.4.1.2
Preconditions
Users must finish below operations before configuring QinQ.
Connect interface and configure interface physical parameters to make the physical layer Up.
Create VLAN
3.4.2
www.raisecom.com
3.4.3
User Manual
Function
Default value
0x8100
Disable
Disable
3.4.4
Step
Configuration
Description
Raisecom#config
Raisecom(config-port)#switchport qinq
dot1q-tunnel
3.4.5
Step
Configuration
Description
Raisecom#config
Raisecom(config-port)#switchport
vlan-mapping cvlan vlan-list add-outer vlan-id
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#switchport
mode trunk
www.raisecom.com
3.4.6
User Manual
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
3.5.1.2
Preconditions
Users must finish below operations before configuring VLAN mapping.
Connect interface and configure interface physical parameters to make the physical layer Up.
Create VLAN
3.5.2
3.5.3
Step
Configuration
Description
Raisecom#config
Raisecom(config-port)#switchport
vlan-mapping { ingress | egress } vlan-list
translate vlan-id
Checking configuration
Check the result by the commands below after configuration:
52
www.raisecom.com
User Manual
No.
Item
Description
3.6.1.2
Preconditions
Configure interface physical parameters to make it Up before configuring STP.
3.6.2
3.6.3
Function
Default value
Disable
Enable
32768
128
max-age timer
20s
hello-time timer
2s
forward-delay timer
15s
Configuration
Description
53
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree enable
3.6.4
Configuration
Description
Raisecom#config
3.6.5
Raisecom(config)#spanning-tree root
{ primary | secondary }
Raisecom(config-port)#spanning-tree
inner-path-cost cost-value
Raisecom(config)#spanning-tree
hello-time value
Raisecom(config)#spanning-tree
transit-limit value
Raisecom(config)#spanning-tree
forward-delay value
Raisecom(config)#spanning-tree
max-age value
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show spanning-tree
Raisecom#show spanning-tree
port-list port-list
54
www.raisecom.com
User Manual
3.7.1.2
Preconditions
Configure interface physical parameters to make it Up before configuring MSTP.
3.7.2
3.7.3
Function
Default value
Disable
Enable
20
32768
128
max-age timer
20s
hello-time timer
2s
forward-delay timer
15s
Configuration
Description
Raisecom#config
www.raisecom.com
3.7.4
User Manual
Step
Configuration
Description
Raisecom(config)#spanning-tree enable
Please configure MSTP domain and its maximum hop count for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree
region-configuration
Raisecom(config-region)#name name
4
5
Raisecom(config-region)#exit
6
Raisecom(config)#spanning-tree
max-hops hops-value
Note: The maximum hop count is M ST domain maximum hop count if and onl y if the configured
device is root of the domain; other roots cannot configure this item effectively.
3.7.5
www.raisecom.com
User Manual
assigning root bridge method, otherwise, the assigned root bridge or backup bridge may be invalid.
Please configure root bridge or backup bridge for the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree [instance
instance-id] root {primary|secondary}
Note:
User can confirm the effective instance of root bridge or backup bridge through the parameter
instance instance-id. The current device will be assigned as root bridge or backup bridge of
CIST if instance-id is 0 or parameter instance instance-id is omitted.
The roots in device instances are independent mutually, that is to say, they can not only be the
root bridge or ba ckup bridge of on e i nstance, but also the root bridge or ba ckup bridge of
other spanning tree instances. However, in the same spanning tree instance, the same device
cannot be used as root bridge and backup bridge at the same time.
User cannot assign two or more root bridges for one spanning tree instance, but can assign
several backup bridges for one spanning tree. Generally speaking, users had better assign one
root bridge and several backup bridges for a spanning tree.
3.7.6
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree [instance
instance-id] priority priority-value
Raisecom(config-port)#exit
4
Raisecom(config)#spanning-tree [instance
instance-id] priority priority-value
Note: Value of priority must be multiples of 4096, like 0, 4096, 8192, etc. it is 32768 by default.
57
www.raisecom.com
3.7.7
User Manual
3.7.8
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree
bridge-diameter bridge-diameter-value
Configuration
Description
Raisecom#config
Raisecom(config-port)#spanning-tree [ instance
instance-id ] inter-path-cost cost-value
58
www.raisecom.com
3.7.9
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
3.7.10
3.7.11
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree
transit-limit value
www.raisecom.com
User Manual
3.7.12
Step
Configuration
Description
Raisecom#config
Raisecom(config)#spanning-tree
hello-time value
Raisecom(config)#spanning-tree
forward-delay value
Raisecom(config)#spanning-tree
max-age value
3.7.13
Step
Configuration
Description
Raisecom#config
Raisecom(config-port)#spanning-tree
edged-port { auto | force-true | force-false }
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config-port)#spanning-tree
link-type { auto | point-to-point | shared }
3.7.14
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
3.7.15
61
www.raisecom.com
3.7.16
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#spanning-tree
loopguard { enable | disable }
Configuration
Description
Raisecom#config
3.7.17
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show spanning-tree
Raisecom#show spanning-tree
[ instance instance-id ] port
port-list [ detail ]
Raisecom#show spanning-tree
region-operation
www.raisecom.com
User Manual
intentionally or i nvoluntary. Enable loopback de tection function at dow nlink i nterface of access
device to av oid the network jam formed by unlimited copies of data traffic caused by downlink
interface loop. Block the loop interface once there is a loop.
3.8.1.2
Preconditions
Configure interface physical parameters to make it Up before configuring loopback detection.
3.8.2
3.8.3
Function
Default value
Disable
No automatic recovery
trap-only
4s
VLAN mode
infinite
Configuration
Description
Raisecom#config
Raisecom(config)#loopback-detection
{ enable | disable } port-list port-list
Raisecom(config)#loopback-detection
hello-time period
Raisecom(config)#loopback-detection mode
{ port-based | vlan-based }
Raisecom(config)#loopback-detection loop
{ discarding | trap-only } port-list port-list
63
www.raisecom.com
3.8.4
User Manual
Step
Configuration
Description
Raisecom(config)#loopback-detection
down-time { time-value | infinite }
Raisecom(config)#no loopback-detection
discarding port-list port-list
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show loopback-detection
[ port-list port-list ]
Raisecom#show loopback-detection
block-vlan [ port-list port-list ]
configuration.
3.9.1.2
Preconditions
N/A
3.9.2
3.9.3
Function
Default value
Disable
www.raisecom.com
3.9.4
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config-port)#switchport protect
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show switchport
protect
3.10.1.2 Preconditions
N/A
3.10.2
Default value
Disable
N/A
Port 1
0000.0000.0000
65
www.raisecom.com
User Manual
Function
Default value
0000.0000.0000
Note: The mirror monitoring interface displays empty when configuring message mirror to CPU.
3.10.3
3.10.4
Step
Configure
Description
Raisecom#config
Raisecom(config)#mirror { monitor-cpu |
monitor-port port-id }
Raisecom(config)#mirror enable
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show mirror
66
www.raisecom.com
User Manual
3.11.1.2 Preconditions
Configure physical pa rameters f or t he i nterface to set it in Up status be fore configuring layer-2
protocol transparent transmission function.
3.11.2
3.11.3
Function
Default value
Disable
NULL
010E.5E00.0003
NULL
Configuration
Description
Raisecom#config
Raisecom(config)#relay
destination-address mac-address
www.raisecom.com
3.11.4
User Manual
Configuration
Description
Raisecom#config
Raisecom(config-port)#relay
drop-threshold { cdp | dot1x | lacp | pvst |
stp | vtp } packet
Raisecom(config-port)#relay
shutdown-threshold { cdp | dot1x | gvrp
|lacp | pvst | stp | vtp } value
Note: The range packet loss threshold and interface shutdown threshold of transparent transmission
message are bot h 1 -4096. G enerally, please configure packet l oss threshold smaller tha n interface
shutdown threshold.
3.11.5
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
3.12 Maintenance
Users can maintain Ethernet features by the following commands:
Commands
Description
Raisecom(config)#clear mac-address-table
{ all | blackhole | dynamic | static }
Raisecom(config)#search mac-address
mac-address { all | dynamic | static } [ port
port-id ] [ vlan vlan-id ]
Raisecom(config-port)#spanning-tree clear
statistics
Raisecom(config-port)#clear
loopback-detection statistic
www.raisecom.com
User Manual
Create VLAN 10 and active it, add Port 2 into VLAN 10:
Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport mode access
Raisecom(config-port)#switchport access vlan 10
Raisecom(config-port)#exit
Step 2
Step 3
www.raisecom.com
User Manual
Aging time: 500 seconds
Mac Address
Port
Vlan
Flags
------------------------------------------------------0001.0203.0405
3.13.2
port2
10
Static
Create VLAN10 and VLAN20 on the two devices respectively and activate them.
Configure Switch A:
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 10,20 active
Configure Switch B:
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#create vlan 10,20 active
Step 2
Add Access mode interface Port 2 and Port 3 of Switch B into VLAN 10, add Access mode
70
www.raisecom.com
User Manual
interface Port 4 into VLAN20, interface Port 1 is in Trunk mode and permits VLAN 10 passing.
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 10
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 10
SwitchB(config-port)#exit
SwitchB(config)#interface port 4
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 20
SwitchB(config-port)#exit
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 10 confirm
SwitchB(config-port)#exit
Step 3 Add Access mode interface Port 2 of Switch A into VLAN 10, add Trunk mode interface
Port 3 into VLAN20, interfacePort1 is in Trunk mode and permits VLAN 10 passing.
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 10
SwitchA(config-port)#exit
SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk native vlan 20
SwitchA(config-port)#exit
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 10 confirm
Step 4
Enable interface protection function for interface Port 2 and Port 3 of Switch B:
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport protect
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport protect
www.raisecom.com
User Manual
State
------------------------------------------------------------------------------1
Default
active static --
1-6
10
VLAN0010
active
static --
1,3-4
20
VLAN0020
active
static --
Check whether the interface VLAN configuration is correct by the command of show interface port
port-id switchport.
Take Switch B for example:
SwitchB#show interface port 2 switchport
Interface: port2
Administrative Mode: access
Operational Mode: access
Access Mode VLAN: 10
Administrative Access Egress VLANs: 1
Operational Access Egress VLANs: 1,10
Trunk Native Mode VLAN: 1
Administrative Trunk Allowed VLANs: 1-4094
Operational Trunk Allowed VLANs: 1,10,20
Administrative Trunk Untagged VLANs: 1
Operational Trunk Untagged VLANs: 1
Check whether the interface protection configuration is correct by the command of show switchport
protect
SwitchB#show switchport protect
Port
Protected State
-------------------------P1
enable
P2
enable
P3
enable
P4
enable
P5
disable
P6
disable
P7
disable
Check whether Trunk interface permitting VLAN passing is correct by operating PC1 ping PC5, PC2
ping PC5, PC3 ping PC4:
PC1 ping PC5, ping successfully, VLAN 10 communication is normal;
PC2 ping PC5, ping successfully, VLAN 10 communication is normal;
PC3 ping PC4, ping unsuccessfully, VLAN 20 communication is abnormal.
72
www.raisecom.com
User Manual
Check whether the interface protection function is correct by operating PC1 ping PC2:
PC1 ping PC2, ping unsuccessfully, interface protection function takes effect.
3.13.3
Create VLAN 100, VLAN 200, and VLAN 1000 and activate them, TPID is 9100.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#mls double-tagging tpid 9100
SwitchA(config)#create vlan 100,200,1000 active
73
www.raisecom.com
User Manual
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#mls double-tagging tpid 9100
SwitchB(config)#create vlan 100,200,1000 active
Step 2
Configure Switch A.
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk native vlan 1000
SwitchA(config-port)#switchport qinq dot1q-tunnel
SwitchA(config-port)#exit
SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk native vlan 1000
SwitchA(config-port)#switchport qinq dot1q-tunnel
SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk native vlan 1000
SwitchB(config-port)#switchport qinq dot1q-tunnel
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk native vlan 1000
SwitchB(config-port)#switchport qinq dot1q-tunnel
SwitchB(config-port)#exit
Step 3
Configure Switch A.
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 1000 confirm
Configure Switch B.
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 1000 confirm
74
www.raisecom.com
User Manual
QinQ Status
---------------------------P1
--
P2
Dot1q-tunnel
P3
Dot1q-tunnel
P4
--
P5
--
P6
--
3.13.4
IP Phone sever
VLAN 300-400
Port 3
Port 1
VLAN 1000
VLAN 2000
Switch B
Port 1
Port 2
Port 2
Switch A
PC Internet
server
VLAN 100-150
Port 3
Switch C
Switch D
IP
PC Internet user
VLAN 100-150
IP
IP Phone user
VLAN 300-400
www.raisecom.com
User Manual
Create VLAN 100, VLAN 200, and VLAN 1000 and activate them, TPID is 9100.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#mls double-tagging tpid 9100
SwitchA(config)#create vlan 100-150, 300-400, 1000, 2000 active
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#mls double-tagging tpid 9100
SwitchB(config)#create vlan 100-150, 300-400, 1000, 2000 active
Step 2
Configure Switch A.
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000
SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchA(config-port)#exit
SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000
SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000
SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000
SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm
SwitchB(config-port)#exit
Step 3
Configure Switch A.
76
www.raisecom.com
User Manual
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 1000,2000 confirm
Configure Switch B.
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 1000,2000 confirm
Outer VLAN
COS
VLAN
COS
Status
ID
Enable
------------------------------------------------------------------------P2
100-150
--
1000
--
Outer VLAN
COS
VLAN
COS
Status
ID
-------------------------------------------------------------------P3
3.13.5
300-400
--
2000
--
Enable
77
www.raisecom.com
User Manual
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 100,200,1000,2008 active
Step 2
Configure interface Port 1 in trunk mode, permit VLAN 1000 and VLAN 2008 passing.
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 1000,2008 confirm
SwitchA(config-port)#exit
Step 3 Configure interface Port 2 in Access mode, permit VLAN 100 passing and enable VLAN
mapping.
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 100
SwitchA(config-port)#switchport vlan-mapping ingress 100 translate 1000
SwitchA(config-port)#switchport vlan-mapping egress 1000 translate 100
SwitchA(config-port)#exit
78
www.raisecom.com
User Manual
Step 4 Configure interface Port 3 in t runk mode, pe rmit VLAN 200 pa ssing a nd e nable VLAN
mapping.
SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 200 confirm
SwitchA(config-port)#switchport vlan-mapping ingress 200 translate 2008
SwitchA(config-port)#switchport vlan-mapping egress 2008 translate 200
Direction: Ingress
Original
Original
Outer-tag
New
Inner-tag
Outer-VID Mode
New
Inner-VID Hw-ID
---------------------------------------------------------------------------------P2
100
Translate
1000
--
--
3.13.6
Configure STP
Configure Switch A.
79
www.raisecom.com
User Manual
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#spanning-tree enable
SwitchA(config)#spanning-tree mode stp
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#spanning-tree enable
SwitchB(config)#spanning-tree mode stp
Configure Switch C.
Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#spanning-tree enable
SwitchC(config)#spanning-tree mode stp
Step 2
Configure Switch A.
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
Configure Switch C.
SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
SwitchC(config)#interface port 2
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
Step 3
Configure Switch A.
SwitchA(config)#spanning-tree priority 0
SwitchA(config)#interface port 2
SwitchA(config-port)#spanning-tree inter-path-cost 10
Configure Switch B.
80
www.raisecom.com
User Manual
SwitchB(config)#interface port 1
SwitchB(config-port)#spanning-tree inter-path-cost 10
RootCost 0
Operational:
Configured:
Switch B:
Raisecom#show spanning-tree
MSTP Admin State: Enable
Protocol Mode: STP
BridgeId:
Root:
Mac 000E.5E83.ABD1
Priority 32768
RootCost 10
Operational:
Configured:
Switch C:
Raisecom#show spanning-tree
MSTP Admin State: Enable
Protocol Mode: STP
BridgeId:
Root:
Mac 000E.5E83.ABD5
Priority 32768
RootCost 200000
Operational:
Configured:
oper: enable
disable
Loopguard: disable
ExternPathCost:10
Partner MSTP Mode: stp
Bpdus send:
279
Bpdus received:13
State:forwarding
(TCN<0>
(TCN<13>
Role:designated
Config<279>
Config<0>
RST<0> MST<0>)
RST<0>
Priority:128
MST<0>)
Cost: 200000
81
www.raisecom.com
User Manual
Root:
RootCost 0
DesignatedPort 32777
Port ID:2
PortEnable: admin: enable
Rootguard:
oper: enable
disable
Loopguard: disable
ExternPathCost:200000
Partner MSTP Mode: stp
Bpdus send:
279
(TCN<0>
Config<279>
Bpdus received:6
(TCN<6>
State:forwarding
Role:designated
Root:
Config<0>
RST<0> MST<0>)
RST<0>
MST<0>)
Priority:128
Cost: 200000
RootCost 0
DesignatedPort 32778
Switch B:
Raisecom#show spanning-tree port 1, 2
Port ID:1
PortEnable: admin: enable
Rootguard:
oper: enable
disable
Loopguard: disable
ExternPathCost:10
Partner MSTP Mode: stp
Bpdus send:
279
Bpdus received:13
State:forwarding
Root:
(TCN<0>
Config<279>
(TCN<13>
Config<0>
Role:designated
RST<0> MST<0>)
RST<0>
Priority:128
MST<0>)
Cost: 200000
RootCost 0
DesignatedPort 32777
Port ID:2
PortEnable: admin: enable
Rootguard:
oper: enable
disable
Loopguard: disable
ExternPathCost:200000
Partner MSTP Mode: stp
Bpdus send:
279
(TCN<0>
Config<279>
Bpdus received:6
(TCN<6>
State:forwarding
Role:designated
Root:
Config<0>
RST<0> MST<0>)
RST<0>
Priority:128
MST<0>)
Cost: 200000
RootCost 0
DesignatedPort 32778
Switch C:
Raisecom#show spanning-tree port 1, 2
82
www.raisecom.com
User Manual
Port ID:1
PortEnable: admin: enable
Rootguard:
oper: enable
disable
Loopguard: disable
ExternPathCost:200000
Partner MSTP Mode: stp
Bpdus send:
22
Bpdus received:390
(TCN<12>
Config<10>
RST<0>
MST<0>)
(TCN<0>
Config<390>
RST<0>
MST<0>)
State:blocking
Role:non-designated
Priority:128
Root:
Cost: 200000
RootCost 200000
Priority 32768
DesignatedPort 32777
Port ID:2
PortEnable: admin: enable
Rootguard:
oper: enable
disable
Loopguard: disable
ExternPathCost:200000
Partner MSTP Mode: stp
Bpdus send:
38
(TCN<6>
Config<32>
Bpdus received:368
(TCN<0>
Config<368>
State:forwarding
Root:
Role:root
Priority:128
RST<0>
RST<0>
MST<0>)
Cost: 200000
3.13.7
MST<0>)
RootCost 200000
DesignatedPort 32778
Configure MSTP
83
www.raisecom.com
User Manual
Create VLAN 3 and VLAN 4 on the three switches respectively and activate them.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 3-4 active
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#create vlan 3-4 active
Configure Switch C.
Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#create vlan 3-4 active
Step 2 Set Switch A interface Port 1, Port 2 in trunk mode and permit all VLAN passing, Switch
B interface Port 1, Port 2 in trunk mode and permit all VLAN passing, Switch C interface Port 1,
Port 2 in trunk mode and permit all VLAN passing. Interface Port 3 and Port4 of Switch B and
Switch C are in Access mode and permit VLAN3 and VLAN4 passing respectively.
Configure Switch A.
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
84
www.raisecom.com
User Manual
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport access vlan 3
SwitchB(config-port)#exit
SwitchB(config)#interface port 4
SwitchB(config-port)#switchport access vlan 4
SwitchB(config-port)#exit
Configure Switch C.
SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
SwitchC(config)#interface port 2
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
SwitchC(config)#interface port 3
SwitchC(config-port)#switchport access vlan 3
SwitchC(config-port)#exit
SwitchC(config)#interface port 4
SwitchC(config-port)#switchport access vlan 4
SwitchC(config-port)#exit
Step 3 Set MSTP mode for Switch A , Switch B, Switch C, enable spanning tree protocol. Enter
MSTP configuration m ode a nd s et dom ain na me as aaa, revision version is 0, instance 3
mapping to VLAN 3, instance 4 mapping to VLAN 4, exit mst configuration mode.
Configure Switch A.
SwitchA(config)#spanning-tree mode mstp
SwitchA(config)#spanning-tree enable
SwitchA(config)#spanning-tree region-configuration
SwitchA(config-region)#name aaa
SwitchA(config-region)#revision-level 0
SwitchA(config-region)#instance 3 vlan 3
SwitchA(config-region)#instance 4 vlan 4
Configure Switch B.
SwitchB(config)#spanning-tree mode mstp
85
www.raisecom.com
User Manual
SwitchB(config)#spanning-tree enable
SwitchB(config)#spanning-tree region-configuration
SwitchB(config-region)#name aaa
SwitchB(config-region)#revision-level 0
SwitchB(config-region)#instance 3 vlan 3
SwitchB(config-region)#instance 4 vlan 4
SwitchB(config-region)#exit
Configure Switch C.
SwitchC(config)#spanning-tree mode mstp
SwitchC(config)#spanning-tree enable
SwitchC(config)#spanning-tree region-configuration
SwitchC(config-region)#name aaa
SwitchC(config-region)#revision-level 0
SwitchC(config-region)#instance 3 vlan 3
SwitchC(config-region)#instance 4 vlan 4
Step 4 The inner path cost of spanning tree instance 3 interface Port 1 modified from Switch B is
500000.
SwitchB(config)#interface port 1
SwitchB(config-port)#spanning-tree instance 3 inter-path-cost 500000
Vlans Mapped
----------------------
1,2,5-4094
Check whether the basic information of spanning tree instance 3 is correct by the command of show
spanning-tree instance 3.
Switch A:
SwitchA#show spanning-tree region-operation
MSTP Admin State: Enable
86
www.raisecom.com
User Manual
Protocol Mode: MSTP
MST ID: 3
----------------------------------------------------------BridgeId:
PortState
PortRole
Priority 32768
PathCost
InternalRootCost 0
PortPriority LinkType
TrunkPort
------------------------------------------------------------------------1
128
point-to-point
no
128
point-to-point
no
Switch B:
SwitchB#show spanning-tree instance 3
MSTP Admin State: Enable
Protocol Mode: MSTP
MST ID: 3
----------------------------------------------------------BridgeId:
PortState
PortRole
Priority 32768
PathCost
InternalRootCost 400000
PortPriority LinkType
TrunkPort
------------------------------------------------------------------------1
discarding
alternate 500000
forwarding
root
128
200000
point-to-point no
128
point-to-point no
128
point-to-point
no
Switch C:
Switch C#show spanning-tree instance 3
MSTP Admin State: Enable
Protocol Mode: MSTP
MST ID: 3
----------------------------------------------------------BridgeId:
PortState
PortRole
Priority 32768
PathCost
InternalRootCost 200000
PortPriority LinkType
TrunkPort
------------------------------------------------------------------------2
forwarding
root
200000
128
point-to-point no
128
point-to-point
no
128
point-to-point
no
Check whether the basic information of spanning tree instance 4 is correct by the command of show
spanning-tree instance 4.
Switch A:
SwitchA#show spanning-tree instance 4
Spanning-tree admin state: enable
87
www.raisecom.com
User Manual
Spanning-tree protocol mode: MSTP
MST ID: 4
----------------------------------------------------------BridgeId:
PortState
PortRole
PathCost
InternalRootCost 0
PortPriority LinkType
TrunkPort
-------------------------------------------------------------------------------P1
discarding
disabled
200000
128
point-to-point
yes
P2
disabled
disabled
200000
128
point-to-point
yes
Switch B:
SwitchB#show spanning-tree instance 4
MSTP Admin State: Enable
Protocol Mode: MSTP
MST ID: 4
----------------------------------------------------------BridgeId:
PortState
PortRole
Priority 32768
PathCost
InternalRootCost 200000
PortPriority LinkType
TrunkPort
------------------------------------------------------------------------1
forwarding
root
128
discarding
128
disabled
200000
200000
128
point-to-point
no
point-to-point no
point-to-point no
Switch C:
SwitchC#show spanning-tree instance 4
MSTP Admin State: Enable
Protocol Mode: MSTP
MST ID: 4
----------------------------------------------------------BridgeId:
PortState
PortRole
Priority 32768
PathCost
InternalRootCost 200000
PortPriority LinkType
TrunkPort
-------------------------------------------------------------------------
3.13.8
forwarding
root
200000
discarding
alternate 200000
128
point-to-point no
discarding
disabled
128
point-to-point no
200000
128
point-to-point
no
www.raisecom.com
User Manual
State
Status
loop
vlanlist
-------------------------------------------------------------89
www.raisecom.com
User Manual
port2
3.13.9
Ena
no
trap-only --
www.raisecom.com
User Manual
Mirrored ports: --
3.13.10
Configure Switch A.
Raisecom#hostname SwitchASwitchA#config
SwitchA(config)#create vlan 100,200 active
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#create vlan 100,200 active
Step 2 Configure interface port 2 in Access mode, Access VLAN is 100, enable STP transparent
transmission, and set STP message transparent transmission threshold as 1500.
Configure Switch A.
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 100
SwitchA(config-port)#relay stp
SwitchA(config-port)#relay port 1
SwitchA(config-port)#relay drop-threshold stp 1500
SwitchA(config-port)#exit
91
www.raisecom.com
User Manual
Configure Switch B.
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 100
SwitchB(config-port)#relay stp
SwitchB(config-port)#relay port 1
SwitchB(config-port)#relay drop-threshold stp 1500
SwitchB(config-port)#exit
Step 3 Set i nterface por t 2 in Access m ode, Access VLAN is 200, enable STP transparent
transmission, and set STP message transparent transmission threshold as 1000.
Configure Switch A.
SwitchA(config)#interface port 3
SwitchA(config-port)#switchport mode access
SwitchA(config-port)#switchport access vlan 200
SwitchA(config-port)#relay stp
SwitchA(config-port)#relay port 1
SwitchA(config-port)#relay drop-threshold stp 1000
SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode access
SwitchB(config-port)#switchport access vlan 200
SwitchB(config-port)#relay stp
SwitchB(config-port)#relay port 1
SwitchB(config-port)#relay drop-threshold stp 1000
SwitchB(config-port)#exit
Step 4
Configure Switch A.
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
Configure Switch B.
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
www.raisecom.com
User Manual
SwitchA#show relay port-list 1-3
COS for Encapsulated Packets: 5
Destination MAC Address for Encapsulated Packets: 010E.5E00.0003
Port
vlan
Egress-Port
Protocol
Drop-Threshold Shutdown-Threshold
------------------------------------------------------------------------port1(up)
--
--
stp
-dot1x
port2(up)
--
port1
---
--
gvrp
--
--
cdp
--
--
vtp
--
--
pvst
--
--
stp(enable)
1500
port1
---
lacp
--
--
lacp
dot1x
port3(up)
--
--
--
--
gvrp
--
--
cdp
--
--
vtp
--
--
pvst
--
--
stp(enable)
1000
--
dot1x
--
--
lacp
--
--
gvrp
--
--
cdp
--
--
vtp
--
--
pvst
--
--
93
www.raisecom.com
User Manual
Chapter 4 Routing
This chapter introduces basic principle and configuration of routing features, and provides the related
configuration examples.
Overview
Configuring ARP
Configuring layer-3 interface
Configuring static routing
Maintenance
Configuration examples
4.1 Overview
4.1.1
ARP
In TCP/IP network e nvironment, e ach h ost w as assigned with a 32 -bit I P a ddress that is a lo gical
address us ed t o i dentify ho st be tween ne tworks. To t ransmit message i n ph ysical l ink, us er m ust
know the physical address of destination host, which requires mapping IP address to physical address.
In Ethernet environment, physical address is 48-bit MAC address. Users have to transfer the 32-bit
destination hos t I P a ddress to 48 -bit E thernet a ddress for t ransmitting message t o destination hos t
correctly. Then ARP (Address Resolution Protocol) is applied to analyze IP address to MAC address
and set mapping relationship between IP address and MAC address.
ARP address mapping table includes the following two types:
Static table entry: bi nd I P a ddress and MAC address to avoid A RP dy namic learning
cheating.
Static ARP address table entry needs to be added / deleted manually.
No aging to static ARP address.
Dynamic table entry: MAC address automatically learned through ARP.
This dynamic ta ble e ntry is a utomatically generated by switch. User can adjust pa rtial
parameters of it manually.
The dynamic ARP address table entry will age at the aging time if no use.
The d evice i s i n s upport of two ki nds of dynamic l earning modes f or ARP a ddress mapping t able
entry: learn-all and learn-reply-only.
ARP request packets and answer packets both learning when in learn-all mode. When device
A s ends ARP r equest f or g rouping, it writes the mapping relationship of IP address and
physical address into ARP request packets. After receiving ARP request packets from device
A, Device B w ill le arn the address mapping relationship to its own a ddress mapping table.
Then the device B can send packets to device A later without ARP request.
Only learn A RP a nswering packets w hen d evice is in learn-reply-only mode. Just answer
ARP pa ckets f or t he A RP r equest f rom ot her de vices without ARP a ddress m apping t able
learning. This m ode i ncreases network l oad but a voids some ne twork a ttack ove r ARP
request packet.
94
www.raisecom.com
4.1.2
User Manual
Layer-3 interface
Layer-3 interface refers t o IP i nterface, is the v irtual int erface c onfiguration based on V LAN.
Configuring L ayer-3 interface is generally us ed in the need for device network management or
routing link c onnection of multiple de vices. Associate a l ayer-3 interface to VLAN r equired
configuring IP address; each layer-3 interface will correspond to an IP address and associate with one
VLAN at least.
4.1.3
Routing
Routing function is required for communication among different devices in one VLAN, or different
VLAN. Routing is to transmit packets through network to destination, which adopts routing table for
packets forwarding.
There are three modes to execute routing function:
Default routing: f orwarding t he packets w ithout destination address to a n assigned de fault
router.
Static routing: configure routing manually to f orward packets f rom t he a ssigned i nterface.
This is suitable to simple network topology.
Dynamic routing: learning routing dynamically through routing protocol which can calculate
the best route for packets forwarding. This mode will take up more bandwidth and network
resource. Now, there are two dynamic routing protocols available:
Distance v ector pr otocol: ea ch device m aintains a vector t able, which lists the known
best di stance and pa th to other de stination devices. By e xchanging i nformation w ith
neighbor devices, the device can update internal vector table continuously.
Link s tatus pr otocol: the devices bui ld l ink s tatus da tabase t hrough ne twork i nterface
status notification; the database contains all links status straight-connected to all devices.
All devices share the same network topology, but each device can judge the best path to
each node in network topology. Link status protocol can response on topology changes
quickly, but ne ed more b andwidth a nd r esources c ompared w ith di stance vector
protocol.
The ISCOM2924GF device is only in support of default routing and static routing, dynamic routing
function is unavailable at present.
4.1.3.1
Default routing
Default Routing is a special routing that only be used when there is no matched item searched from
routing t able. Default r outing a ppears a s a r oute t o n etwork 0.0.0. 0 ( with mask 0.0.0.0) i n r outing
table. User can show default routing configuration by the command of show ip route. If destination
address of pa cket c annot m atch w ith a ny i tem i n t he r outing t able, t he pa cket w ill c hoose d efault
routing. If t he de vice ha snt configured de fault r outing a nd the destination I P of pa cket i s not i n
routing t able, t he de vice w ill di scard t he p acket a nd r eturn an IC MP p acket t o transmitting end to
inform that the destination address or network is unavailable.
4.1.3.2
Static routing
Static routing is routing configured manually. It is available to simple, small and stable network. The
disadvantage is it cannot a dapt t o n etwork t opology c hanges a utomatically and ne eds m anual
intervention.
95
www.raisecom.com
User Manual
4.2.1.1
Networking situation
The mapping relation of IP address and MAC address is stored in ARP address mapping table.
Generally, A RP a ddress m apping table i s d ynamic maintained by de vice. The de vice searches the
mapping r elation between IP ad dress and M AC addres s automatically a ccording t o A RP pr otocol.
Users jus t ne ed to configure the de vice manually for pr eventing A RP dynamic l earning f rom
cheating and adding static ARP address mapping table entry.
4.2.1.2
Preconditions
N/A
4.2.2
4.2.3
Function
Default value
N/A
1200s
4.2.4
Step
Configuration
Description
Raisecom#config
Raisecom(config)#arp ip-address
mac-address
Configuration
Description
96
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#arp
aging-time second
Note: The ARP dynamic table entry wont be aged if setting the aging time as 0s.
4.2.5
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show arp
4.3.1.1
Networking situation
User can connect a l ayer-3 interface f or V LAN w hen configuring IP a ddress for i t. Each layer-3
interface will correspond to an IP address and connect a VLAN.
4.3.1.2
Preconditions
Configure VLAN associated with interface and activate it before configuring layer-3 interface.
4.3.2
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip if-number
97
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config-ip)#ip address
ip-address [ ip-mask ] [ sub ] [ vlan-list ]
Note:
Configure VLAN associated with layer-3 interface and activate it. User can use the command
state {active | suspend} to activate the suspending VLAN before configuring it.
Configure VLAN a ssociated with layer-3 interface, and user can specify m ore t han on e
VLAN. I f configuring f or m any t imes, t he ne w configuration w ill cover the or iginal
configuration, not to accumulate.
ISCOM2924GF device can be configured 15 Layer-3 interfaces with range from 0 to 14.
4.3.3
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show interface ip
Networking situation
Configure static r outing f or s imple ne twork t opology manually to build a n i ntercommunication
network.
4.4.1.2
Preconditions
Configure IP address for layer-3 interface correctly.
Configuration
Description
Raisecom#config
98
www.raisecom.com
User Manual
Step
Configuration
Raisecom(config)#ip
default-gateway
ip-address
Description
Configure IP address for default gateway.
Note: W hen message required to forward doesnt ha ve
related r outing i n t he d evice, t he c ommand of ip
default-gateway can configure default ga teway, and
forward this message to default gateway. The IP address of
default ga teway must i n the s ame ne twork segment w ith
the IP address of any local IP interface..
Configuration
Description
Raisecom#config
Raisecom(config)#ip route
ip-address ip-mask next-hop
Item
Description
Raisecom#show ip route
4.5 Maintenance
Use the following command to maintain IP feature:
Command
Description
Raisecom(config)#clear arp
Configure ARP
Networking requirement
As t he Figure 4-1 shows below, ISCOM2924GF connects to host, connects to upstream R outer by
interface Port 1. IP address of Router is 192.168.1.10/24, MAC address is 0050-8d4b-fd1e.
User ne eds t o configure dynamic A RP ta ble entry aging t ime a s 600 s econds. To i mprove
communication security between ISCOM2924GF and Router, user needs to configure related static
ARP table entry on ISCOM2924GF device.
99
www.raisecom.com
User Manual
4.6.1.2
Configuration steps
Configure device dynamic ARP table entry aging time as 600 seconds:
Raisecom#config
Raisecom(config)#arp aging-time 600
4.6.1.3
Show result
Check whether al l the table e ntry information i n A RP a ddress m apping t able i s correct by t he
command of show arp:
Raisecom#show arp
ARP table aging-time: 600 seconds(default: 1200s)
Ip Address
Mac Address
Type
Interface ip
------------------------------------------------------192.168.1.10
0050.8d4b.fd1e
192.168.100.1
000F.E212.5CA0
static
dynamic
-1
Total: 2
Static: 1
Dynamic: 1
100
www.raisecom.com
4.6.2
4.6.2.1
User Manual
4.6.2.2
Configuration steps
Create VLAN and add the interface into VLAN.
Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport access vlan 10
Configure layer-3 interface on ISCOM2924GF device, and make the IP address interconnect VLAN.
Raisecom(config)#interface ip 10
Raisecom(config-ip)#ip address 192.168.1.2 255.255.255.0 10
Raisecom(config-ip)#exit
4.6.2.3
Show result
Check whether the binding relation of VLAN and physical interface is correct b y the command of
show vlan:
Raisecom(config-port)#show vlan 10
Switch Mode: -VLAN Name
State
------------------------------------------------------------------------1
Default
10
VLAN0010
1-6
static --
Check whether the layer-3 interface configuration is correct by the command of show interface ip.
Raisecom(config-ip)#show interface ip
IF
Address
NetMask
Source
Catagory
---------------------------------------------------------10
192.168.1.2
255.255.255.0
assigned
primary
101
www.raisecom.com
User Manual
Vlan list
---------------------------0
10
10
Check whether the device and PC can ping each other by the command of ping:
Raisecom#ping 192.168.1.3
Type CTRL+C to abort
Sending 5, 8-byte ICMP Echos to 192.168.18.119, timeout is 3 seconds:
Reply from 192.168.1.3: time<1ms
Reply from 192.168.1.3: time<1ms
Reply from 192.168.1.3: time<1ms
Reply from 192.168.1.3: time<1ms
Reply from 192.168.1.3: time<1ms
4.6.3
4.6.3.1
min/avg/max = 0/0/0.
102
www.raisecom.com
User Manual
4.6.3.2
Configuration steps
Configure IP address for each device.
Enable routing function and configure static routing on Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#ip routing
SwitchA(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.4
SwitchA(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.4
103
www.raisecom.com
4.6.3.3
User Manual
Show result
Check whether all the devices can ping successfully with one another by the command of ping:
SwitchA#ping 10.1.1.3
Type CTRL+C to abort
Sending 5, 8-byte ICMP Echos to 192.168.18.119, timeout is 3 seconds:
Reply from 192.168.18.119: time<1ms
Reply from 192.168.18.119: time<1ms
Reply from 192.168.18.119: time<1ms
Reply from 192.168.18.119: time<1ms
Reply from 192.168.18.119: time<1ms
min/avg/max = 0/0/0.
104
www.raisecom.com
User Manual
Chapter 5 DHCP
This c hapter i ntroduces b asic pr inciple a nd c onfiguration of D HCP and pr ovides r elated
configuration applications.
Overview
Configure DHCP Client
Configure DHCP Snooping
Configure DHCP Option
Configuring Applications
5.1 Overview
5.1.1
DHCP overview
DHCP (Dynamic Host Configuration Protocol) refers to assign IP address configuration information
dynamically for user in TCP/IP network. It is based on BOOTP (Bootstrap Protocol) protocol, and
adds automatically specified available network address, network address re-use, and other extended
configuration options over BOOTP protocol.
With enlargement of ne twork s cale a nd de velopment of ne twork c omplexity, qua ntity of PC i n
network usually exceeds available distributing IP address amount. Meanwhile, the widely use of
notebook and wireless network lead PC position changes frequently and also the related IP address
must update frequently. As a result of that, network configuration becomes more and more complex.
DHCP is developed to solve these problems.
DHCP adopts client/server communication mode. Client applies configuration to server (including IP
address, Subnet mask, default gateway etc.) and server replies IP address for client and other related
configuration information to realize dynamic configuration of IP address, etc.
It us ually includes a s et of DHCP s erver and s everal c lients in typical a pplication of DHCP (for
example PC or Notebook), as the Figure 5-1 shows below.
www.raisecom.com
User Manual
situations:
Network is large. It requires a lot of work for manual configuration, and is difficult to manage
the entire network intensively.
The number of hosts in ne twork is greater than the number of IP a ddresses, which make it
unable t o a ssign a fixed IP a ddress, and restrict t he nu mber of us ers c onnected t o network
simultaneously (Such as Internet access s ervice pr oviders). A large num ber of users must
obtain their own IP address dynamically through DHCP service.
Only the minority of hosts in ne twork need fixed I P addresses, most of hosts have no
requirement for fixed IP address.
DHCP technology ensures the rational allocation, avoid the waste and improve the utilization rate of
IP addresses in the entire network.
5.1.2
DHCP packet
DHCP packets format shows in the Figure 5-2. DHCP packets are encapsulated in UDP data packet.
Length
1
Description
Packet type.
Value at 1: it is request packet;
Value at 2: it is reply packet.
Hardware type
Hardware length
Hops
Transaction ID
106
www.raisecom.com
User Manual
Field name
Length
Description
Seconds
Flags
5.1.3
Client IP address
Your(client) IP
address
Server IP address
Relay agent IP
address
Client hardware
address
16
64
File
128
Options
Modifiable
DHCP Option
DHCP transmits control information and network configuration parameters through Option field in
packet t o r ealize a ddress dy namical di stribution s o a s t o pr ovide a bundant network c onfiguration
information for c lient. DHCP protocol ha s 2 55 ki nds of opt ions, t he f inal opt ion i s 255. Common
used DHCP options are:
Options
Description
DNS server option, to assign DNS server address distributed by DHCP client.
18
DHCP client flag option over IPv6, to assign interface information for DHCP client.
51
www.raisecom.com
User Manual
Options
Description
53
55
Request parameter lis t option. Client uses this optical to indicate ne twork
configuration pa rameters ne ed t o obt ain f rom s erver. The c ontent of t his opt ion i s
values corresponding to client requested parameters.
61
DHCP client flag option over IPv6, to assign device information for DHCP client.
66
TFTP server na me, t o a ssign dom ain na me f or T FTP s erver di stributed b y D HCP
client.
67
Start up file name, to assign start up file name distributed by DHCP client.
82
DHCP client flag option over IPv4, user-defined, mainly used to mark position o f
DHCP client.
150
TFTP server address, to assign TFTP server address distributed by DHCP client.
184
DHCP reserved opt ion, a t present Option184 is m ainly used t o carry i nformation
required by voice calling. Through Option184 it can distribute IP address for DHCP
client with voice function and meanwhile provide voice calling related information.
255
Complete option
Fields 18, 37, 61 a nd 82 i n DHCP Option are r elay age nt information options i n DHCP packets.
When r equest pa ckets f rom DHCP client a rrive D HCP s erver, if ne ed DHCP relay or DHCP
Snooping, DHCP relay or DHCP Snooping increase Option field into request packets.
Fields Option18, 37, 61 and 82 implement r ecord DHCP client i nformation on DHCP server. By
cooperating with other software, it can realize IP address distribution restriction and accounting, etc.
functions. Such as cooperate with IP Source Guard to defend deceive of IP address+MAC address.
Field Option82 can i nclude a t m ost 255 s ub-options. If de fined f ield Option82, at l east one
sub-option m ust be de fined. The d evice supports two s ub-option t ypes c urrently: Sub-Option 1
(Circuit ID) and Sub-Option 2 (Remote ID).
Sub-Option 1 contains interface ID of DHCP client request packet, interface VLAN and the
additional information.
Sub-Option 2 is interface MAC address (DHCP relay) or device bridge MAC address (DHCP
Snooping device) for receiving DHCP client request packets.
5.1.4
DHCP client
ISCOM2924GF de vice can be us ed as DHCP cl ient t o get I P addr ess f rom D HCP s erver and
management in future, as the Figure 5-3 shows below.
108
www.raisecom.com
User Manual
5.1.5
5.1.5.1
DHCP Snooping
DHCP Snooping overview
DHCP Snooping is a security feature of DHCP with the below functions:
Guarantee DHCP client gets IP address from legal DHCP server;
If there is false DHCP server existing in network, DHCP client may get error IP address and network
configuration pa rameters, b ut c annot c ommunicate nor mally. As the Figure 5-4 shows be low, i n
order to make DHCP client get IP address from legal DHCP server, DHCP Snooping security system
permits to set interface as trust interface and untrust interface: trust interface forwards DHCP packets
normally; untrust interface discard the reply packets from DHCP server.
Record corresponding relationship between DHCP client IP address and MAC address.
DHCP S nooping records e ntries t hrough m onitor r equest a nd r eply pa ckets r eceived b y t rust
interface, including client MAC address, obtained IP address, DHCP client connected interface and
VLAN of the interface, etc. Then implement following by the record information:
109
www.raisecom.com
User Manual
ARP Detection: judge legality of user that sends ARP packet and avoid ARP attack from
illegal user.
IP Source G uard: filter i nterface f orwarded packets b y d ynamically ge tting DHCP
Snooping entry to avoid illegal packets pass the interface.
VLAN mapping: packets s ent to user modify mapped V LAN to original VLAN b y
searching m apped V LAN r elated D HCP c lient I P a ddress, M AC a ddress a nd or iginal
VLAN information in DHCP Snooping entry.
5.1.5.2
Networking situation
As DHCP client, ISCOM2924GF device will get IP address from assigned DHCP server to manage
the device in future.
The IP a ddress a ssigned by D HCP c lient is li mited with a cer tain lease pe riod w hen a dopting
dynamic address distribution mode. DHCP server will t ake back the IP address when it is expired.
DHCP client has to relet IP address foe continuous using. DHCP client can release IP address if it
doesnt want to use it any more before its expiration.
We suggest that the number of DHCP relays is less than 4 if DHCP client needs to obtain IP address
from DHCP server from multiple DHCP relays.
5.2.1.2
Preconditions
Finish the following tasks before configuring DHCP client:
Create VLAN and add layer-3 interface to it.
The DHCP Snooping function is disabled.
Default value
110
www.raisecom.com
User Manual
Function
Default value
hostname
raisecom
class-id
raisecom-ROS
client-id
raisecom-SYSMAC- IF0
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip 0
111
www.raisecom.com
User Manual
No.
Item
Description
Networking situation
DHCP Snooping is a security feature of DHCP, being used to guarantee DHCP client gets IP address
from legal DHCP server and record corresponding relationship between DHCP client IP and MAC
address.
Option field of DHCP packet records location of DHCP client. Administrator can locate DHCP client
through Option field and control client security and accounting. ISCOM2924GF device configured
with D HCP S nooping a nd Option c an pe rform related process a ccording to Option field e xistence
status in packet.
5.3.1.2
Preconditions
N/A
Default value
Disable
Enable
Untrust
Disable
www.raisecom.com
5.3.3.1
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#ip dhcp
snooping
Raisecom(config)#ip dhcp
snooping port-list { all |
port-list }
Raisecom(config)#interface
port port-id
Raisecom(config-port)#ip
dhcp snooping trust
Raisecom(config-port)#ipv4
dhcp option option-id
Raisecom(config-port)#exit
Raisecom(config)#ip dhcp
snooping option client-id
5.3.3.2
Raisecom(config)#ip dhcp
snooping information
option
Configuration
Description
Raisecom#config
Raisecom(config)#ipv6
dhcp snooping
113
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#ipv6
dhcp snooping port-list
{ all | port-list }
Raisecom(config)#interface
port port-id
Raisecom(config-port)#ipv6
dhcp snooping trust
Raisecom(config)#ipv6
dhcp snooping option
interface-id
Raisecom(config)#ipv6
dhcp snooping option
remote-id
Item
Description
Raisecom#show ip dhcp
snooping [ binding ]
Raisecom#show ipv6
dhcp snooping [ binding ]
Networking situation
Fields 18, 61, 82 of DHCP Option are r elay pr oxy i nformation opt ions i n D HCP pa cket. When
DHCP Client sends request packet to DHCP Server, DHCP Snooping or DHCP relay will add Option
field into request packet if it requires for DHCP Snooping or DHCP relay.
DHCP Option18 field is used t o r ecord DHCP c lient i nformation ov er IPv6, DHCP Option61, 82
fields a re us ed t o r ecord DHCP c lient ov er I Pv4. DHCP server c ooperates w ith other sof tware t o
implement IP address distribution restriction and accounting, etc. functions over these information.
5.4.1.2
Preconditions
N/A
114
www.raisecom.com
User Manual
Default value
Null
switch-mac
Null
Configuration
Description
Raisecom#config
Raisecom(config-port)#exit
Raisecom(config)#ipv4 dhcp option client-id
{ ascii ascii-string | hex hex-string | ip-address
ip-address }
Raisecom(config)#interface port port-id
Raisecom(config-port)#ipv4 dhcp option
client-id { ascii ascii-string | hex hex-string |
ip-address ip-address }
115
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config-port)#exit
Item
Description
Raisecom#show ip dhcp
information option
Networking requirement
As the Figure 5-5 s hows be low, Switch is us ed as D HCP cl ient, host na me i s r aisecom, access t o
DHCP server and NMS platform through SNMP interface. DHCP server should assign IP address to
SNMP interface of Switch and make NMS platform to manage Switch.
116
www.raisecom.com
User Manual
5.5.1.2
Configuration steps
Configure DHCP client information.
Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip dhcp client hostname raisecom
5.5.1.3
Show result
Check whether DHCP client configuration is correct by the command of show ip dhcp client.
Raisecom#show ip dhcp client
Hostname:
raisecom
Class-ID:
Raisecom-ROS
Client-ID:
Raisecom-000e5e000000-IF0
0.0.0.0
Subnet mask:
0.0.0.0
Default Gateway:
--
Jan-01-1970 08:00:00
Jan-01-1970 08:00:00
0(sec)
DHCP Server:
Tftp server name:
0.0.0.0
--
--
Startup_config filename:
--
---
117
www.raisecom.com
User Manual
Networking requirement
As the Figure 5-6 s hows be low, S witch i s us ed a s DHCP Snooping device. The n etwork r equires
DHCP c lient ge ts I P a ddress f rom l egal D HCP s erver a nd s upports O ption82 to facilitate c lient
management; user can configure circuit ID sub-option information on interface Port 3 as raisecom,
remote ID sub-option as user01.
5.5.2.2
Configuration steps
Configure global DHCP Snooping function.
Raisecom#config
Raisecom(config)#ip dhcp snooping
Configure DHCP relay in support of Option82 function and configure field Option82.
Raisecom(config)#ip dhcp snooping information option
Raisecom(config)#ip dhcp information option remote-id string user01
Raisecom(config)#interface port 3
Raisecom(config-port)#ip dhcp information option circuit-id raisecom
5.5.2.3
Show result
Check whether DHCP client configuration is correct by the command of show ip dhcp information
option.
Raisecom#show ip dhcp information option
DHCP Option Config Information
118
www.raisecom.com
User Manual
Circuit-ID : default
Remote-ID Mode:
string
Remote-ID String:
user01
P3
Circuit ID:
raisecom
ipv4Global
ipv4Port
P1:
P2:
P3:
P27:
P28:ipv6Global
ipv6Port
P1:
P2:
P3:
P27:
P28
119
www.raisecom.com
User Manual
Chapter 6 QoS
This chapter introduces basic principle and configuration of QoS and provides related configuration
applications.
Overview
Priority trust
Traffic classification and traffic policy
Priority mapping and queue schedule
Traffic rate limit over interface and VLAN
Maintenance
Configuring applications
6.1 Overview
User br ings f orce di fferent service qua lity de mands f or ne twork a pplication, t hen network s hould
distribute a nd schedule resource for different ne twork application a ccording to user de mands. QoS
(Quality of Service) can ensure s ervice i n real-time and i ntegrity w hen network overload or
congested and guarantee the whole network runs high-efficiently.
QoS is composed by a group of traffic management technology:
Service model
Priority trust
Traffic classification
Traffic policy
Priority mapping
Queue schedule
Rate limit over interface and VLAN
6.1.1
Service model
QoS technical service contains three models:
Best-effort Service
Integrated Services (IntServ)
Differentiated Services (DiffServ)
6.1.1.1
Best-effort
Best-effort service is the most basic and simplest service model over store and forward mechanism
Internet (IPv4 standard). In Best-effort service model, the application program can send any number
of pa ckets at any time without permitting in advance and notifying the ne twork. F or B est-effort
service, the network will send packets as possible as it can, but cannot guarantee the delay time and
reliability.
Best-effort is the default Internet service model now, applying to most network applications, such as
120
www.raisecom.com
User Manual
FTP, E -mail, etc. which is achieved by first in first out (FIFO) queue.
6.1.1.2
IntServ
IntServ model is a comprehensive service model, which can meet a variety of QoS requirements and
needs t o s end specific s ervice r equest to ne twork b efore s ending m essages. This r equest is
accomplished through signaling. Firstly, the application program need to apply for service quality it
required f rom ne twork by s ignaling, s uch a s bandwidth, de lay time, pr iority, e tc. The a pplication
program w ill s end messages onc e r eceiving t he c onfirmation f rom ne twork, w hich m eans t he
network has already pr eset i ts corresponding s ervice qua lity r esource. At t he same t ime, the
messages se nt b y program s hould be c ontrolled w ithin t he range described i n t he application
parameters.
After r eceiving service qua lity application messages f rom a pplication pr ogram, t he ne twork w ill
check r esource di stribution, i .e. w hether t he current network resource can m eet appl ication from
application pr ogram, once m eeting the a pplication, network will return a ne twork r esource
confirmation and allocate corresponding network resource for application program. In the process of
sending messages, as l ong a s t he a pplication pa cket traffics a re controlled within the range of
application parameters, the network will undertake to meet QoS requirements. In order to fulfill the
commitment f or t ransmitting traffics, the ne twork will maintain a s tate for t hem, classifying
messages, monitoring traffics and taking queue scheduling over the state.
In the IntServ service model, the signaling transmitting QoS request is RSVP (Resource Reservation
Protocol), w hich i s r esponsible f or not ifying t he Q oS r equirements of application program to
network. RSVP applies for network resource before the application program sending messages, so it
is out of band signaling.
Intserv service model diagram is shown in Figure 6-1.
www.raisecom.com
User Manual
network nodes. A fter expanding network scale, there will be a substantial increasing in the
maintenance cost, which will have a serious impact to the packet wire-speed processing performance
of the network nodes, especially the core nodes.
6.1.1.3
DiffServ
DiffServ model is a multi-service model, which can satisfy different QoS requirements. The largest
difference from Intserv model is tha t it does not require R SVP signaling. In other words, DiffServ
model doesnt need to notify the network to reserve resources before sending messages.
DiffServ model does not need t o maintain state for each f low. I t provides differentiated s ervices
according t o the QoS cl assification of each packet. Many different methods can be used for Q oS
packet cl assification, such as I P pa cket pr iority ( IP precedence), t he pa cket s ource addres s or
destination address and so on.
Generally, DiffServ i s us ed to pr ovide end t o e nd Q oS s ervices for a num ber of i mportant
applications, which is achieved mainly through the following techniques:
CAR (Committed Access Rate): CAR refers to classify the messages according to the pre-set
messages m atching rules, s uch a s IP m essages pr iority ( IP pr ecedence), t he pa cket s ource
address or destination address, etc. Continue to send the messages if the flow is in line with
the rules of token bucket. If it is beyond the specified flow, discard the messages or remark IP
precedence, DSCP, EXP, etc. CAR not only can control the traffics, but also mark and remark
the messages.
Queue t echnology: the queuing t echnologies of SP, WRR, DRR, SP + WRR, SP + DRR
cache and schedule the congestion messages to achieve congestion management.
6.1.2
Priority trust
Priority trust re fers to the de vice us es pr iority of pa ckets f or classification and pe rforms Q oS
management. Generally speaking, the bigger the packet priority field is, the higher the priority is.
ISCOM2924GF device is in support of packet priority trust over interface, including:
DSCP (Differentiated Services Code Point) priority over IP packets.
CoS (Class of Service) priority over VLAN packets.
6.1.3
Traffic classification
Traffic classification denotes recognizing packets of certain cl ass by setting rules, pe rforming
different Q oS pol icy f or the pa ckets m atch w ith di fferent r ules. It i s pr emise a nd base of di verse
service.
ISCOM2924GF device is in support of traffic classification of ToS (Type of Service) priority over IP
packets, DSCP priority and CoS priority over VLAN packets, as well as the classification over ACL
rule. The traffic classification procedure is shown as the following Figure 6-2:
122
www.raisecom.com
User Manual
6.1.3.1
6.1.3.2
CoS priority
VLAN pa cket ov er IEEE 802.1 Q standard m akes m odification on E thernet pa cket, i ncrease 4
bytes802.1Q t ag between s ource a ddress f ield a nd pr otocol t ype f ield, a s Figure 6-5 shows be low.
The tag includes field of 2 bytes TPID (Tag Protocol Identifier, value at 0x8100) and field of 2 bytes
TCI (Tag Control Information).
123
www.raisecom.com
User Manual
6.1.4
Traffic policy
Perform di fferent ope ration for di fferent pa ckets a fter classifying packets t raffic, the t raffic
classification and operation binding form the traffic policy.
6.1.4.1
Rate limit
Rate limit is to control network traffic, by monitoring traffic rate enters network to discard overflow
part a nd c ontrol t he e ntering t raffic in a r easonable r ange, t hus t o pr otect ne twork r esource a nd
carrier interest.
ISCOM2924GF device is in support of rate limit at packet ingress direction over traffic policy.
6.1.4.2
Re-direction
Re-direction means to forward packets in the original corresponding relation between destination and
interface, it forwards packet to assigned interface to implement policy routing.
ISCOM2924GF device supports forwarding ingress packets to assigned interface.
6.1.4.3
Re-mark
Re-mark means to set some priority fields in packet again and then classify packets according to self
standard. Besides, downstream node i n ne twork c an pr ovide di verse Q oS s ervice a ccording t o
re-marked information.
ISCOM2924GF device is in support of re-mark for below priority fields:
IP packets ToS priority
IP packets DSCP priority
VLAN packets CoS priority
6.1.4.4
Traffic statistics
Traffic statistics is used for data messages statistics of specified service traffic, which is the number
of messages and bytes passed through matching traffic classification or discarded.
Traffic statistics itself is not QoS control measure, but can be used in combination with other QoS
124
www.raisecom.com
User Manual
6.1.5
Priority mapping
When packets enter device, priority mapping function sends them to queues with different internal
priority i n a ccordance w ith m apping r elationship f rom e xternal t o i nternal, t hus t he pa ckets c an
perform queue schedule at packets egress direction.
Note: I nternal pr iority is a ki nd of i nternal pr iority de vice di stributed t o pa ckets, corresponding to
interface queue No. Packets with bigger internal priority value will be processed precedent.
ISCOM2924GF device supports DSCP priority over IP packets or CoS priority over VLAN packets
to perform priority mapping.
By default, the mapping relationship among ISCOM2924GF device internal priority, DSCP priority
and CoS priority is shown in the table 6-1 below:
Table 6-1 Mapping relationship of internal priority, DSCP priority, CoS priority
6.1.6
Internal
DSCP
0~7
8~15
16~23
CoS
24~31 32~39
3
Queue schedule
Queue s chedule i s necessary when t here i s i ntermittent c ongestion i n ne twork a nd de lay s ensitive
services require higher QoS service than non-sensitive services.
Queue s chedule adopts different s chedule a lgorithm t o t ransport pa ckets f low i n que ue.
ISCOM2924GF de vice is in s upport of SP ( Strict-Priority), W RR (Weight R ound R obin), DRR
(Deficit Round Robin), SP+WRR and SP+DRR algorithm to solve network flow problem and have
different influences on distribution, delay, and jitter of bandwidth resource:
SP: t o s chedule s trictly a ccording t o que ue pr iority order. Lower pr iority queue cannot
perform s chedule unt il t he packets i n higher priority que ue a ll f inished s chedule, as Figure
6-7 shows below.
www.raisecom.com
User Manual
WRR: on basis of round schedule each queue according to queue priority, schedule packets in
various queues according to weight of each queue, as Figure 6-8 shows below.
6.1.7
126
www.raisecom.com
User Manual
Networking situation
User c an c hoose pr iority for t rusted pa ckets f rom ups tream de vice, unt rusted pr iority pa ckets a re
processed by traffic classification and traffic policy. After configuring priority trust, device operates
packets according to their priorities and provides related service.
6.2.1.2
Preconditions
N/A
Default value
Enable
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#mls qos
trust { cos | dscp }
Item
Description
127
www.raisecom.com
User Manual
No.
Item
Description
Networking situation
Traffic cl assification is t he ba se of QoS, user can classify pa ckets f rom upst ream de vice i n
accordance with priorities or ACL rule.
Traffic classification c onfiguration w ont ta ke e ffect unt il us er bi nds i t to traffic policy. Applying
traffic policy is related to network current loading condition and period. Usually, packets traffic rate
is limited according to configured speed when it enters network, and re-mark priority according to
packet service feature.
6.3.1.2
Preconditions
N/A
Default value
Actions for the traffic over the rate limit and sudden value
drop
Configuration
Description
Raisecom#config
Raisecom(config)#class-map
class-map-name { match-all |
match-any }
128
www.raisecom.com
Step
User Manual
Configuration
Description
Raisecom(config-cmap)#match
{ access-list-map | ip-access-list |
ipv6-access-list | mac-access-list }
acl-number
Raisecom(config-cmap)#match
class-map class-map-name
Raisecom(config-cmap)#match ip
dscp dscp-value
Raisecom(config-cmap)#match ip
precedence ip-precedence-value
Raisecom(config-cmap)#match vlan
vlan-id [ double-tagging inner ]
Configuration
Description
Raisecom#config
Raisecom(config)#mls qos
aggregate-policer policer-name rate
burst [ exceed-action { drop |
policed-dscp-transmit marked-dscp |
policed-localpriority-transmit
localpriority-value } ]
Raisecom(config)#mls qos
class-policer policer-name rate burst
[ exceed-action { drop |
policed-dscp-transmit marked-dscp |
policed-localpriority-transmit
localpriority-value } ]
Raisecom(config)#mls qos
single-policer policer-name rate burst
[ exceed-action { drop |
policed-dscp-transmit marked-dscp |
policed-localpriority-transmit
localpriority-value } ]
Configuration
Description
129
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#policy-map
policy-map-name
Raisecom(config-pmap)#description
string
Raisecom(config-pmap)#class-map
class-map-name
Raisecom(config-pmap-c)#police
policer-name
Raisecom(config-pmap-c)#redirect-to
port port-id
Raisecom(config-pmap-c)#set { cos
cos-value | ip dscp ip-dscp-value | ip
precedence ip-precedence-value | vlan
vlan-id }
Raisecom(config-pmap-c)#statistics
enable
Raisecom(config-pmap-c)#quit
Raisecom(config-pmap)#quit
Raisecom(config)#service-policy
policy-name { egress port-id | ingress
port-id [ egress port-id ]}
Item
Description
Raisecom(config)#show class-map
[ class-map-name ]
Raisecom(config)#show policy-map
[ policy-map-name [ class class-map-name ]
| class class-map-name | port port-id ]
130
www.raisecom.com
User Manual
No.
Item
Description
Raisecom(config)#show service-policy
statistics [ port port-id ]
Networking situation
When network has congestion, user want to balance delay and delay jitter of various packets, packets
of key services (like video and voice) can be processed preferentially; packets of secondary services
(like E-Mail) w ith identical pr iority can be fairly pr ocessed, different priority can be pr ocessed
according t o i ts weight value. User c an configure queue schedule i n t his situation. Selection of
schedule algorithm is depended on service condition and customer requirements.
Priority mapping is precondition for queue schedule. User can map priority of packets from upstream
device t o di fferent local pr iority, a nd de vice pe rform q ueue s chedule f or t he pa ckets a ccording t o
local priority. Generally speaking, IP packets need to configure mapping relationship between DSCP
priority a nd l ocal pr iority; VLAN packets ne ed t o configure mapping r elationship be tween CoS
priority and local priority.
6.4.1.2
Preconditions
N/A
6.4.2 Configure mapping relationship between DSCP priority and local priority
Please configure mapping r elationship be tween DSCP priority a nd l ocal pr iority o n t he d evice a s
below.
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mls qos
mapping dscp dscp-value to
localpriority local-priority
6.4.3 Configure mapping relationship between CoS priority and local priority
Please configure mapping relationship be tween CoS pr iority a nd local pr iority on t he device a s
below.
131
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#mls qos
enable
Raisecom(config)#mls qos
mapping cos cos-value to
localpriority local-priority
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#mls qos
port-priority port-priority
Configuration
Description
Raisecom#config
Raisecom(config)#mls
qos queue scheduler sp
Configuration
Description
Raisecom#config
Raisecom(config)#mls qos
queue scheduler wrr
Raisecom(config)#mls qos
queue wrr weight1 weight2
weight3 weight4 weight5
weight6 weight7 weight8
132
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#mls qos
queue scheduler drr
Raisecom(config)#mls qos
queue drr weight1 weight2
weight3 weight4 weight5
weight6 weight7 weight8
Item
Description
Networking situation
When ne twork h as c ongestion, us er c an configure rate li mit o ver int erface or V LAN if w ant to
restrict burst traffic flow at an interface or a VLAN to make it transports in a well-proportioned rate,
so as to remove network congestion.
6.5.1.2
Preconditions
Related VLAN must be created before configuring rate limit over VLAN or QinQ.
Configuration
Description
Raisecom#config
133
www.raisecom.com
User Manual
Step
Configuration
Description
Configuration
Description
Raisecom#config
Raisecom(config)#rate-limit
double-tagging-vlan outer { outer-vlan-id |
any } inner { inner-vlan-id | any } rate-value
burst-value [ statistics ]
Item
Description
Raisecom(config)#show rate-limit
port-list [ port-list ]
6.6 Maintenance
User can maintain QoS feature by the following commands.
Command
Description
134
www.raisecom.com
User Manual
Networking requirement
As the Figure 6-10 s hows below, U ser A , User B , User C a re r espectively be longed t o V LAN1,
VLAN2, VLAN3, and connected to ISCOM2924GF through Switch A, Switch B, Switch C.
User A provides voice and video services, User B provides voice, video and data services, User C
provides video and data services.
According to service requirements from users, make rules as below:
For U ser A, m ust pr ovide 2 5M ba ndwidth, burst t raffic f low p ermit 100K B, di scarding r edundant
traffic;
For U ser B , m ust pr ovide 35M ba ndwidth, bur st t raffic f low pe rmit 100 KB, di scarding r edundant
traffic;
For U ser C , m ust pr ovide 30M ba ndwidth, bur st t raffic f low pe rmit 100 KB, di scarding r edundant
traffic.
6.7.1.2
Configuration steps
Create and configure traffic classification, classify different users according to VLAN ID.
Raisecom#config
Raisecom(config)#mls qos enable
Raisecom(config)#class-map usera match-any
Raisecom(config-cmap)#match vlan 1
Raisecom(config-cmap)#quit
Raisecom(config)#class-map userb match-any
Raisecom(config-cmap)#match vlan 2
135
www.raisecom.com
User Manual
Raisecom(config-cmap)#quit
Raisecom(config)#class-map userc match-any
Raisecom(config-cmap)#match vlan 3
Raisecom(config-cmap)#quit
6.7.1.3
Show result
Show traffic classification configuration by the command of show class-map.
Raisecom#show class-map usera
Class Map match-any usera (id 0)
Match vlan 1
Raisecom#show class-map userb
Class Map match-any userb (id 1)
Match vlan 2
Raisecom#show class-map userc
Class Map match-any userb (id 2)
Match vlan 3
Show rate limit rule configuration by the command of show mls qos policer.
Raisecom(config)#show mls qos policer
single-policer usera
25000
136
www.raisecom.com
User Manual
100
exceed-action drop
Used by policy map usera
single-policer userb
35000
100
exceed-action drop
Used by policy map userb
single-policer userc
30000
100
exceed-action drop
Used by policy map userc
Networking requirement
As Figure 6-11 shows below, User A provides voice and video services, User B provides voice, video
and data services, User C provides video and data services.
CoS priority of voice service is 5, CoS priority of video service is 4, CoS priority of data service is 2.
The internal priorities for these three kinds service are respectively 6, 5, and 2.
Make below rules for different service type:
For voice service, need to perform SP schedule, make sure this part of traffic passes preferentially;
For video service, need to perform WRR schedule, weighted at 50;
For data service, need to perform WRR schedule, weighted at 20;
137
www.raisecom.com
User Manual
6.7.2.2
Configuration steps
Configure interface priority trust.
Raisecom#config
Raisecom(config)#mls qos enable
Raisecom(config)#interface port 2
Raisecom(config-port)#mls qos trust cos
Raisecom(config-port)#quit
Raisecom(config)#interface port 3
Raisecom(config-port)#mls qos trust cos
Raisecom(config-port)#quit
Raisecom(config)#interface port 4
Raisecom(config-port)#mls qos trust cos
Raisecom(config-port)#quit
6.7.2.3
Show result
Show m apping r elationship c onfiguration of a ssigned priority b y t he c ommand of show mls qos
138
www.raisecom.com
User Manual
mapping
Raisecom(config)#show mls qos mapping cos
CoS-LocalPriority Mapping:
CoS:
-------------------------------------------------LocalPriority:
Show queue schedule configuration by the command of show mls qos queue.
Raisecom(config)#show mls qos queue
Queue
Weight(WRR)
------------------------1
20
50
Queue
Weight(DRR)
------------------------1
Networking requirement
As the Figure 6-12 shows below, User A, User B, User C are respectively connected to Switch A,
Switch B, Switch C and ISCOM2924GF.
User A provides voice and video services, User B provides voice, video and data services, User C
provides video and data services.
According to service requirements from users, make rules as below:
For U ser A, m ust p rovide 2 5M ba ndwidth, burst t raffic f low pe rmit 100K B, di scarding r edundant
traffic;
139
www.raisecom.com
User Manual
For U ser B , m ust pr ovide 35M ba ndwidth, bur st t raffic f low pe rmit 100 KB, di scarding r edundant
traffic;
For U ser C , m ust pr ovide 30M ba ndwidth, bur st t raffic f low pe rmit 100KB, di scarding r edundant
traffic.
Figure 6-12 Networking sketch map of traffic rate limit over interface
6.7.3.2
Configuration steps
Configure rate limit over interface.
Raisecom#config
Raisecom(config)#rate-limit port-list 2 ingress 25000 100
Raisecom(config)#rate-limit port-list 3 ingress 35000 100
Raisecom(config)#rate-limit port-list 4 ingress 30000 100
6.7.3.3
Show result
Show rate limit configuration over interface by the command of show rate-limit port-list.
Raisecom(config)#show rate-limit port-list 2-4
I-Rate:
Ingress Rate
Egress Rate
I-Rate(kbps)
I-Burst(kB)
E-Rate(kbps)
E-Burst(kB)
---------------------------------------------------------------------P2
25000
100
3448
34
P3
35000
100
3448
34
P4
30000
100
1048576
512
140
www.raisecom.com
User Manual
Chapter 7 Multicast
7.1 Overview
7.1.1 Multicast overview
With t he c ontinuous d evelopment of I nternet ne twork, the various interacting network data, v oice
and video will become more and more; the other hand, the emerging e-commerce, online meetings,
online a uctions, v ideo on d emand, di stance l earning a nd ot her s ervices also rise gradually. These
services come up w ith higher r equirements for ne twork ba ndwidth, i nformation security and pa id.
Traditional unicast and broadcast cannot meet these requirements well, while multicast has met them
timely.
Multicast is a poi nt to m ultipoint data transmission m ethod. The m ethod can effectively s olve t he
single point sending and multipoint receiving problems. During the network packet transmission, it
can save network resources and improve information security.
7.1.1.1
www.raisecom.com
User Manual
transmission to combine User B and User C to a receiver set, then the information source just needs
to s end one piece of information. E ach switch in t he network will establish their m ulticast
forwarding t able a ccording t o IGMP pa ckets, a nd f inally transmit the information to the a ctual
recipient B and C.
7.1.1.2
7.1.1.3
www.raisecom.com
User Manual
7.1.1.4
Multicast address
In or der to make multicast s ource and multicast group members communicate across the I nternet,
you ne ed t o pr ovide network-layer m ulticast address a nd l ink-layer multicast a ddress, i.e. IP
multicast a ddress a nd m ulticast M AC a ddress. Note: m ulticast a ddress onl y can be de stination
address, but not source address.
IP multicast address
143
www.raisecom.com
User Manual
IANA (Internet Assigned Numbers Authority) assigns Class D address space to IPv4 multicast; the
range of IPv4 multicast address is from 224.0.0.0 to 239.255.255.255.
Multicast MAC address
When Ethernet transmits unicast IP packet, the destination MAC address will use the recipient MAC
address. However, when multicast packets are in transmission, the destination is no longer a specific
receiver, but a group with uncertain member, so it needs to use multicast MAC address.
Multicast MAC address for link layer identifies the receiver of the same multicast group.
According to IANA, the high 24-bit of multicast MAC address are 0x01005E, the 25-bit is fixed 0,
the 23-bit corresponds to the low 23-bit of IPv4 multicast address.
The mapping relation between IP multicast address and MAC address is shown in Figure7-3
Figure 7-3 Mapping relation between IPv4 multicast address and multicast MAC address
Since the first 4 bits of IP multicast address are 1110, indicating multicast identification. In the last
28bits, only 23 bits are mapped to the multicast MAC address. And the missing 5 bits information
will make 32 IP multicast addresses map to the same multicast MAC address. Therefore, in Layer 2,
the device may receive some other data out of IP v4 multicast group, and these extra multicast data
need to be filtered by the upper device.
7.1.1.5
144
www.raisecom.com
User Manual
Figure 7-4 The operating positions of IGMP and Layer-2 multicast features
IGMP i s t he pr otocol r esponsible f or I Pv4 multicast member management in TCP / IP protocol
family. IGMP r uns b etween m ulticast r outer a nd hos t, de fines t he establishment a nd maintenance
mechanism of multicast gr oup m embership be tween host and multicast r outer. IGMP d oes not
contain the transmission and maintenance of group membership between multicast routers, which is
completed by multicast routing protocol.
IGMP manages group members by I GMP messages interaction be tween host and multicast router.
IGMP messages are encapsulated in IP messages, including Query messages, Report messages and
Leave messages. The basic functions of IGMP are:
Host sends Report messages joining multicast group, sends Leave messages leaving multicast group,
and automatically decides which multicast group messages to receive.
The multicast rout er se nds Query messages periodically and receives Report messages and Leave
messages from hosts to understand the multicast group members in connected network segment. The
multicast data will be forwarded to the network segment if there are multicast group members; not
forward if no multicast group members.
Up to now, IGMP has three versions: IGMPv1 version, IGMPv2 version and IGMPv3 version, the
new version is fully compatible with old version. Currently the most widely used version is IGMPv2,
while Leave messages only apply to IGMPv2 and IGMPv3.
Layer-2 multicast manages a nd c ontrols multicast gr oups by monitoring a nd a nalyzing IGMP
messages be tween hosts a nd multicast r outers as s o to achieve multicast data f orwarding a nd
suppress multicast data diffusion in layer-2 network.
7.1.1.6
IGMP Snooping
IGMP MVR
IGMP Proxy (IGMP Proxy)
IGMP filtering
Note:
The functions of IGMP Snooping and IGMP MVR on ISCOM2924GF device can be enabled
simultaneously.
ISCOM2924GF device is in support of IGMPv1and IGMPv2 simultaneously.
145
www.raisecom.com
User Manual
146
www.raisecom.com
User Manual
www.raisecom.com
User Manual
the ne twork s ide pr otocol packet a nd n etwork l oad. IGMP Proxy e stablishes multicast pa cket
forwarding list by intercepting IGMP packet between the user and the multicast routers.
Configuration
Description
Raisecom#config
Raisecom(config)#igmp immediate-leave
{ interface-type interface-number } [ vlan
vlan-list ]
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#igmp ring
interface-type interface-number
Raisecom(config)#mac-address-table
static multicast mac-address vlan vlan-id
interface-type interface-number-list
Item
Description
Networking situation
As the Figure 7-5 shows below, multiple hosts receive multicast source data, and multiple hosts
belong to the same VLAN. It can run IGMP Snooping on switch connecting multicast router and host
and establish and maintain multicast forwarding table by monitoring the message between multicast
routers and hosts to achieve Layer 2 multicast.
www.raisecom.com
7.3.1.2
User Manual
Precondition
Before c onfiguring I GMP Snooping, you s hould create t he V LAN a nd j oin t he c orresponding
interface to VLAN.
Default value
Disable
Disable
Configuration
Description
Raisecom#config
Raisecom(config)#igmp snooping
Raisecom(config)#igmp snooping
vlan vlan-list
Raisecom(config)#mac-address-table
(Optional) Configure static multicast
static multicast mac-address vlan
forwarding table.
vlan-id interface-type
Interface joins the multicast group usually
interface-number-list
through the IGMP Report message
transmitted by host. User also can add an
interface to a multicast group manually.
Item
Description
150
www.raisecom.com
User Manual
Networking situation
As the Figure 7-6 shows below, when multiple users need to receive data from the multicast source,
the da ta among multiple us ers and multicast r outers all belongs to different VLAN. User can run
IGMP M VR function o n Switch A, configure multicast V LAN s o as t o make u sers in different
VLAN receive the same multicast data with one multicast VLAN and also reduce bandwidth waste.
7.4.1.2
Precondition
Before configuring IGMP MVR, you should create a VLAN and join the corresponding interface to
the VLAN.
Default value
Disable
Disable
N/A
151
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#igmp mvr
Raisecom(config)#igmp mvr
interface-type interface-number
Raisecom(config)#mac-address-table
static multicast mac-address vlan vlan-id
interface-type interface-number-list
Item
Description
Raisecom#show igmp
mvr[ interface-type interface-number ]
Networking situation
There are multiple hosts or multiple user subnets in a large-scale multicast protocols application
network. Configure IGMP pr oxy on switch which connects w ith multicast r outer and h ost t o
intercept the IGMP packets and reduce network burden.
IGMP P roxy can reduce t he configuration a nd management w ork of multicast r outers to users
subnets, at the same time, achieve the multicast connection of customer subnet.
152
www.raisecom.com
User Manual
IGMP Proxy function is generally used with IGMP Snooping or IGMP MVR.
7.5.1.2
Precondition
Before c onfiguring IGMP Proxy, you should c reate V LAN a nd join the c orresponding interface to
the VLAN.
Default value
Disable
Disable
Disable
60s
10s
1s
Configuration
Description
Raisecom#config
Raisecom(config)#igmp proxy
Raisecom(config)#igmp proxy
suppression
Raisecom(config)#igmp proxy
query-interval seconds
Raisecom(config)#igmp proxy
query-max-response-time period
Raisecom(config)#igmp proxy
last-member-query period
Note:
153
www.raisecom.com
User Manual
Configure IGMP P roxy if it isnt ena bled: set source I P address, t he que ry interval, the
maximum response time of Query packet transmission, Query transmission interval of final
member, once MVR Proxy is started, the configuration takes effect immediately.
IGMP Proxy function can be started when enabling IGMP Snooping or IGMP MVR.
Item
Description
Networking situation
The di fferent us ers in the s ame multicast group receive different multicast requirements a nd
permissions, allow configuring filter rule on switch which connects multicast router and user host so
as to restrict multicast users. It also can set the maximum number of multicast group allowing user
joining. IGMP Proxy function is generally used with IGMP Snooping or IGMP MVR.
7.6.1.2
Precondition
Before configuring IGMP filtering, you should create VLAN and join the corresponding interface to
the VLAN.
Default value
Disable
N/A
Refuse
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#igmp filter
Note: When configuring IGMP filtering template or the maximum group limitation, please use the
command igmp filter to enable global IGMP filtering at first.
Configuration
Description
Raisecom#config
Raisecom(config-igmp-profile)#permit |
deny
Raisecom(config-igmp-profile)#range
range-id start-ip-address [ end-ip-address ]
Raisecom(config-igmp-profile)#exit
Raisecom(config)#interface interface-type
interface-number
6
Raisecom(config-aggregator)#igmp filter
profile profile-number [ vlan vlan-list ]
Note: Perform the command of igmp filter profile profile-number in interface configuration mode
to make the created IGMP Profile apply to the specified interface. One IGMP Profile can be applied
to multiple interfaces, but each interface can have only one IGMP Profile.
Configuration
Description
Raisecom#config
Raisecom(config)#interface
interface-type interface-number
Raisecom(config-port)#igmp filter
max-groups group-number [ vlan
vlan-list ]
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config-aggregator)#igmp
filter max-groups group-number
[ vlan vlan-list ]
Raisecom(config-port)#igmp filter
max-groups action { drop |
replace } [ vlan vlan-list ]
Raisecom(config-aggregator)#igmp
filter max-groups action { drop |
replace } [ vlan vlan-list ]
Item
Description
7.7 Maintenance
Users can maintain multicast features operation and configuration by the following command.
7.8
Command
Description
Configuration application
7.8.1
7.8.1.1
www.raisecom.com
User Manual
7.8.1.2
Configuration steps
Create VLAN and add interface to VLAN.
Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 10
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport access vlan 10
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#switchport access vlan 10
Raisecom(config-port)#exit
source-ip 192.168.1.2
157
www.raisecom.com
7.8.1.3
User Manual
Show result
Check whether IGMP Snooping configuration is correct.
Raisecom#show igmp snooping
igmp snooping
:Enable
:10
:Disable
:300
igmp ring
:--
Vlan
GroupID
Live-time
------------------------------------------------------port 1
10
234.5.6.7
270
:Enable
:Enable
:Enable
:192.168.1.2
:60
:10
:1
7.8.2
7.8.2.1
:10
158
www.raisecom.com
User Manual
7.8.2.2
Configuration steps
Create VLAN on Switch A and add the interface into it.
Raisecom(config)#config
Raisecom(config)#creat vlan 3,12,13 active
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 3
Raisecom(config-port)#switchport trunk untagged vlan 12,13
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 12
Raisecom(config-port)#switchport trunk untagged vlan 3
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 13
Raisecom(config-port)#switchport trunk untagged vlan 3
Raisecom(config-port)#exit
www.raisecom.com
7.8.2.3
User Manual
Show result
Check whether the IGMP MVR configuration configuration is correct.
Raisecom#show igmp mvr
igmp mvr running
:Enable
:port-list 2-3
:3(2)
:Disable
:300
igmp ring
:--
Check whether the multicast VLAN and group address information are correct.
Raisecom#show igmp mvr vlan-group
mcast-vlan
start-group
end-group
-------------------------------------------
7.8.3
7.8.3.1
225.1.1.1
225.1.1.1
234.5.6.7
234.5.6.7
www.raisecom.com
7.8.3.2
User Manual
Configuration steps
Create VLAN and add the interface into it.
Raisecom#config
Raisecom(config)#creat vlan 3,12,13 active
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 3
Raisecom(config-port)#switchport trunk untagged vlan 12,13
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 12
Raisecom(config-port)#switchport trunk untagged vlan 3
Raisecom(config-port)#exit
Raisecom(config)#interface port 3
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk native vlan 13
Raisecom(config-port)#switchport trunk untagged vlan 3
Raisecom(config-port)#exit
Configure the maximum group number limitation for set-top box interface.
Raisecom(config-port)#igmp filter max-groups 1
Raisecom(config-port)#igmp filter max-groups action replace
7.8.3.3
Show result
Check whether the IGMP filtering configuration is correct.
Raisecom#show igmp filter port 2
161
www.raisecom.com
User Manual
IGMP profile:
MaxGroup:
7.8.4
7.8.4.1
Currentgroup:
action:
replace
7.8.4.2
Configuration steps
Enable STP function, create VLAN and add interface into the VLAN.
Configure Switch A
162
www.raisecom.com
User Manual
SwitchA#config
SwitchA(config)#spanning-tree enable
SwitchA(config)#spanning-tree mode stp
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk native vlan 200
SwitchA(config)#exit
SwitchA(config-port)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk native vlan 200
Configura Switch B
SwitchB#config
SwitchB(config)#spanning-tree enable
SwitchB(config)#spanning-tree mode stp
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk native vlan 200
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk native vlan 200
Configura Switch C
SwitchC#config
SwitchC(config)#spanning-tree enable
SwitchC(config)#spanning-tree mode stp
SwitchC(config)#interface port 2
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#switchport trunk native vlan 200
SwitchC(config-port)#exit
SwitchC(config)#interface port 4
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#switchport trunk native vlan 200
Configura Switch B
SwitchB(config)#igmp ring port 2,3
SwitchB(config)#igmp snooping
SwitchB(config)#igmp snooping vlan 200
Configura Switch C
163
www.raisecom.com
User Manual
SwitchC(config)#igmp ring port 2,4
SwitchC(config)#igmp snooping
SwitchC(config)#igmp snooping vlan 200
7.8.4.3
Show result
Disconnect any one link in ring link to check whether the multicast traffic can be reveived normally.
164
www.raisecom.com
User Manual
Chapter 8 Security
8.1 Overview
Network application is getting more and more popular with the continuous development of Internet.
More and more enterprises speed up its development by using network. To ensure data and resource
security in open network environemtn become more and more important. Besides, some user access
network unconsciously but cause damage to network also lead device performance degrade or even
cause abnormal.
To d eploy a ccess c ontrol, user a uthentication, e tc. s ecurity t echnology c an effectively i mprove
network and device security.
8.1.1 ACL
ACL (Access Control List) is a set of ordered rules, which can control the device to receive or refuse
to some data message.
User needs to configure rules in network to control illegal packets influent network perofmrnace and
decide packets allowed passing. These rules are defined by ACL.
ACL is a series of rule composed by permit | deny sentences. The rules are described according to
source a ddress, destination a ddress, por t I D of da ta pa ckets. Device j udges r eceiving or r ejecting
packets according to the rules.
8.1.2 RADIUS
RADIUS (Remote Authentication Dial I n User S ervice) i s a kind of s tandard communication
protocol t hat a uthenticate r emote acces s us ers intensively. RADIUS uses UDP a s t he t ransmission
protocol (port 1812 and port 1813) which has a good instantaneity; at the same time, RADIUS is in
support of retransmission mechanism and standby server mechanism which has a good reliability.
165
www.raisecom.com
8.1.2.1
User Manual
8.1.2.2
8.1.3 TACACS+
TACACS+ (Terminal Access Controller Access Control System) i s a ki nd of ne twork a ccess
authentication protocol similar to RADIUS. The differences between them are:
TACACS+ uses TCP port, which has higher transmission reliability compared with UPD port
used by RADIUS.
TACACS+ encrypts the holistic of packets except the standard head of TACACS+, and there
is an area to show whether the data packets are encrypted in the head of packet. Compared to
RADIUS user password encryption, the TACACS+ is much safer.
TACACS+ authentication function is separated from authorization and accounting functions;
it is more flexible in deployment.
In a w ord, TACACS+ is s afer a nd more r eliable than R ADIUS, but RADIUS is used w ider i n
network as an open protocol.
166
www.raisecom.com
User Manual
Networking situation
ACL can help network device to recognize filter objects. The device recognizes special objects and
then permit or denay packets passing according to the configured policy.
ACL includes the below types:
IP ACL: make classification rule according to source or destination address taken by packets
IP head, port ID used by TCP or UDP, etc. attributes.
IPv6 A CL: m ake c lassification r ule a ccording t o s ource or de stination address t aken by
packets IPv6 head, tag value, etc. attributes.
MAC A CL: make c lassification r ule a ccording t o s ource M AC a ddress, de stination M AC
address, layer-2 protocol type taken by packets layer-2 frame head, etc. attributes.
MAP ACL: MAP ACL can define more protocols and more detailed protocol fields than IP
ACL and MAC ACL, also can match any bytes in the former 64 b ytes of layer-2 data frame
according to users definition.
There are 4 kinds of ACL application according to difference of application environment: ACL over
the whole device, over interface, over flow from ingress port to egress port and over VLAN.
8.2.1.2
Preconditions
N/A
Default value
Disable
Mismatch
Mismatch
Mismatch
Mismatch
Mismatch
Mismatch
Mismatch
Mismatch
Mismatch
167
www.raisecom.com
User Manual
Function
Default value
Mismatch
Configuration
Description
Raisecom#config
Raisecom(config)#ip-access-list acl-number
{ deny | permit } { protocol-id | icmp | igmp |
ip } { source-ip-address ip-mask | any }
{ destination-ip-address ip-mask | any }
Confiugre IP ACL.
Raisecom(config)#ip-access-list acl-number
{ deny | permit } { tcp | udp }
{ source-ip-address ip-mask | any }
[ source-protocol-port ] { destination-ip-address
ip-mask | any } [ destination-protocol-port ]
Configuration
Description
Raisecom#config
Configuration
Description
Raisecom#config
Raisecom(config)#mac-access-list acl-number
{ deny | permit } [ protocol-id | arp | ip | rarp |
any ] { source-mac-address mask | any}
{ destination-mac-address mask | any }
168
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#access-list-map acl-number
{ deny | permit }
Raisecom(config-aclmap)#match mac
{ destination | source } mac-address mask
Raisecom(config-aclmap)#match ethertype
ethertype [ ethertype-mask ]
Raisecom(config-aclmap)#match arp
{ sender-mac | target-mac } mac-address
Raisecom(config-aclmap)#match arp
{ sender-ip | target-ip } ip-address [ ip-mask ]
10
Raisecom(config-aclmap)#match ip
{ destination-address | source-address }
ip-address [ ip-mask ]
11
Raisecom(config-aclmap)#match ip
precedence { precedence-value | routine |
priority | immediate | flash | flash-override |
critical | internet | network }
12
Raisecom(config-aclmap)#match ip tos
{ tos-value | normal | min-monetary-cost |
min-delay | max-reliability |
max-throughput }
13
Raisecom(config-aclmap)#match ip dscp
{ dscp-value | af11 | af12 | af13 | af21 | af22 |
af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 |
cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | default }
14
Raisecom(config-aclmap)#match ip protocol
{ protocol-id | ahp | esp | gre | icmp | igmp |
igrp | ipinip | ospf | pcp | pim | tcp | udp }
169
www.raisecom.com
User Manual
Step
Configuration
Description
15
Raisecom(config-aclmap)#match ip tcp
{destination-port|source-port} {port-id
|bgp|domain|echo|exec|finger|ftp| ftp-data|
gopher|hostname|ident|irc|klogin| kshell| login|
lpd|nntp|pim-auto-rp|pop2|pop3|smtp |sunrpc|
syslog|tacacs|talk|telnet|time|uucp|whois|www}
16
17
Raisecom(config-aclmap)#match ip udp
{destination-port | source-port}
{port-id|biff|bootpc|bootps|domain |
echo|mobile-ip|netbios-dgm|netbios-ns |
netbios-ss|ntp|pim-auto-rp|rip|snmp|snmptrap
|sunrpc|syslog|tacacs|talk|tftp|time|who}
18
Raisecom(config-aclmap)#match ip icmp
icmp-type-id [ icmp-code ]
19
Raisecom(config-aclmap)#match ip igmp
{igmp-type-id|dvmrp| query|leave-v2|
report-v1|report-v2|report-v3 | pim-v1}
20
Raisecom(config-aclmap)#match ipv6
{ destination-address | source-address }
ipv6-address/mask
21
Raisecom(config-aclmap)#match ipv6
flow-label label-id
22
23
Raisecom(config-aclmap)#match ipv6
traffic-class class-id
24
Raisecom(config-aclmap)#match user-define
rule-string rule-mask offset
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#filter
{ access-list-map | ip-access-list |
ipv6-access-list | mac-access-list }
{ all | acl-list } [ statistics ]
Raisecom(config)#filter enable
Configuration
Description
Raisecom#config
Raisecom(config)#filter { access-list-map
| ip-access-list | ipv6-access-list |
mac-access-list } { all | acl-list } { ingress
| egress } port-list port-list [ statistics ]
Raisecom(config)#filter enable
ACL application over traffic flow from ingress port to egress port
Step
Configuration
Description
Raisecom#config
171
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#filter { access-list-map |
ip-access-list | ipv6-access-list |
mac-access-list } { all | acl-list } from
port-id to port-id [ statistics ]
Raisecom(config)#filter enable
Configuration
Description
Raisecom#config
Raisecom(config)#filter
{ access-list-map | ip-access-list |
ipv6-access-list | mac-access-list }
{ all | acl-list } vlan vlan-id
[ double-tagging inner | statistics ]
Raisecom(config)#filter enable
Item
Description
Raisecom(config)#show access-list-map
[ acl-number ]
172
www.raisecom.com
User Manual
Networking situation
User can deploy RADIUS server in network to take authentication and accounting so as to control
user access to de vice and network. This device can be used as agent of RADIUS server, which
authorizes user accessing according to feedback from RADIUS.
8.3.1.2
Preconditions
N/A
Default value
Disable
0.0.0.0
0.0.0.0
1812
1813
N/A
online
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip if-number
Raisecom(config-ip)#ip address
ip-address ip-mask vlan-id
Raisecom(config-ip)#end
173
www.raisecom.com
Step
User Manual
Configuration
Description
Raisecom#radius-key string
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip
if-number
Raisecom(config-ip)#ip address
ip-address ip-mask vlan-id
Raisecom(config-ip)#end
Raisecom#radius [ backup ]
accounting-server ip-address
[ account-port ]
Raisecom#radius accounting-server
key string
174
www.raisecom.com
User Manual
Item
Description
Raisecom#show radius-server
Networking situation
User c an a uthenticate a nd c harge us er by de ploying TACACS+ server i n network t o c ontrol user
access to device and network. TACACS+ is safer and more reliable than RADIUS. This device can
be us ed a s a gent of TACACS+ server, authorize us er accessing according t o result feedback f rom
TACACS+.
8.4.1.2
Preconditions
N/A
Default value
Disable
Login mode
local-user
0.0.0.0, shown as --
0.0.0.0, shown as --
Null
online
Configuration
Description
175
www.raisecom.com
Step
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip
if-number
Raisecom(config-ip)#ip address
ip-address ip-mask vlan-id
Raisecom(config-ip)#end
Raisecom#tacacs-server [ backup ]
ip-address
Raisecom#enable login { |
local-tacacs | local-user |
tacacs-local [ server-no-response ] |
tacacs-user }
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip if-number
Raisecom(config-ip)#end
Raisecom#tacacs [ backup ]
accounting-server ip-address
www.raisecom.com
User Manual
Step
Configuration
Description
Item
Description
Raisecom#show tacacs-server
Raisecom#show radius-server
Networking situation
Configure storm suppression in layer-2 network can control the broadcast storm when the broadcast
packets increasing in network and then ensure unicast be forwarded normally.
The f ollowing f lows m ay c ause br oadcast f low, us er needs t o s et r ate l imit on l ayer-2 device f or
themre spectively:
Unknown uni cast flow: de stination MAC is unicast f low not existing in MAC table,
broadcast this flow on layer-2 device.
Multicast flow: destination MAC is multicast flow, broadcast this flow on layer-2 device.
Broadcast flow: destination MAC is broadcast flow, broadcast this flow on layer-2 device.
8.5.1.2
Preconditions
Connect interfaces and configure physical pa rameters f or i nterface be fore con figuring s torm
suppression and make physical interface is Up.
Default value
Enable
177
www.raisecom.com
User Manual
Function
Default value
Disable
1024pps
Configuration
Description
Raisecom#config
Raisecom(config)#storm-control
{ broadcast | dlf | multicast } { enable |
disable } port-list port-list
Item
Description
Raisecom#show storm-control
8.6 Maintenance
User can maintain system security through below command.
Command
Description
Raisecom(config)#clear filter
statistics [ filter-number-list ]
Networking requirement
As the Figure 8-1 shows below, configure ACL denies 192.168.1.1 to access server 192.168.1.100 on
Switch A to restrict client access server.
178
www.raisecom.com
User Manual
8.7.1.2
Configuration steps
Configure IP ACL.
Raisecom#config
Raisecom(config)#ip-access-list 1 permit ip any any
Raisecom(config)#ip-access-list 2 deny ip 192.168.1.1 255.255.255.255 192.168.1.100 255.255.255.255
8.7.1.3
Show result
Check whether IP ACL configuration is correct by the command of show ip-access-list.
Raisecom#show ip-access-list
Src Ip: Source Ip Address
Dest Ip: Destination Ip Address
List
Access
Dest Ip:Port
-----------------------------------------------------------------1
permit
IP
0.0.0.0:0
0.0.0.0:0
deny
IP
192.168.1.0:0
192.168.1.0:0
Check whether the filter configuration is valid by the command of show filter.
Raisecom#show filter
Rule filter: Enable
Filter list(Larger order number, Higher priority):
Order ACL-Index
IPort
EPort
Pkts
------------------------------------------------------------------1
IP
port1
--
--
--
Yes
No
--
IP
port1
--
--
--
Yes
No
--
Networking requirement
As the Figure 8-2 shows below, user needs to configure RADIUS authentication and accounting
features on Switch A to authenticate login users on Switch A and record the operations. The packets
179
www.raisecom.com
User Manual
update transmitting interval is 2 minutes. User will be offline if the accounting fails.
8.7.2.2
Configuration steps
Configure user login authentication through RADIUS.
Raisecom#radius 192.168.1.1
Raisecom#radius-key raisecom
Raisecom#user login radius-user
Raisecom#enable login local-radius
8.7.2.3
Show result
Show RADIUS configuration by the command of show radius-server.
Raisecom#show radius-server
Authentication server IP:
192.168.1.1 port:1812
raisecom
192.168.1.1 port:1813
0.0.0.0 port:1813
raisecom
Accounting login:
enable
Update interval:
offline
180
www.raisecom.com
User Manual
Networking requirement
As the Figure 8-3 shows be low, configure TACACS+ a uthentication on Switch A to authenticate
login user and control user access to device.
8.7.3.2
Configuration steps
Configure user login authentication through TACACS+.
Raisecom#tacacs-server 192.168.1.1
Raisecom#tacacs-server key raisecom
Raisecom#user login tacacs-user
Raisecom#enable login local-tacacs
8.7.3.3
Show result
Show TACACS+ configuration by the command of show tacacs-server.
Raisecom#show tacacs-server
Server Address:
192.168.1.1
-raisecom
--
181
www.raisecom.com
User Manual
Networking requirement
As the Figure 8-4 shows be low, to restrict influence on Switch A c aused by broadcast storm, user
needs to configure storm suppression feature on Switch A to control broadcast packets and unknown
unicast packets, threshold is 2000pps.
8.7.4.2
Configuration steps
Configure storm control function on Switch A.
Raisecom#config
Raisecom(config)#storm-control broadcast enable port-list 1-2
Raisecom(config)#storm-control dlf enable port-list 1-2
Raisecom(config)#storm-control pps 2000
8.7.4.3
Show result
Show storm control configuration by the command of show storm-control.
Raisecom#show storm-control
Threshold: 2000 pps
Interface
Broadcast
Multicast
Unicast
----------------------------------------------------------port1
Enable
Disable Enable
port2
Enable
Disable Enable
port3
Enable
Disable Disable
port4
Enable
Disable Disable
port5
Enable
Disable Disable
port6
Enable
Disable Disable
182
www.raisecom.com
User Manual
Chapter 9 Reliability
This chapter introduces basic principle and configuration of network reliability and provides related
configuration applications.
Overview
Configure link aggregation
Configure interface backup
ELPS
ERPS
Configure Ethernet ring
Maintenance
Configuring applications
9.1 Overview
Ethernet is becoming more and more widely used for its simple structure, high-efficient and
cost-effective f eatures. One of t he i mportant reasons to restrict Ethernet ap plication in
telecommunication is the tr aditional E thernet r eliability. Packeting services ar e pr esented in burst
mode usually; it is difficult to ensure invariable traffic. As two features of Ethernet, statistic TDM
and a ddress l earning s ystem pr ovide e fficient a nd f lexible ba ndwidth a nd m eanwhile i mport
incertitude for service bandwidth and path.
In order to improve Ethernet reliability and meet demands of telecommunication network, customer
can deploy special reliability technology in Ethernet.
www.raisecom.com
User Manual
The pe er r eceives L ACPDU and com pares i nformation with other interfaces received, c hoosing
interface i n Selected status. The i nterfaces at bot h ends be come consi stent i n Selected status. The
operation Key pe rforms a ggregation a nd c ontrol on t he a utomatical ge nerated c onfiguration gr oup
according to the interface configuration (speed, duplex mode, Up/Down status, basic configuration
information, etc.).
The m ain difference be tween static LACP aggregation a nd m anual a ggregation is: s tatic LACP
aggregation m ode ha s standby l ink, w hile a ll t he member i nterfaces of m anual a ggregation a re i n
forwarding status and share loading flow.
Link aggregation is the most widely used and simplest function in Ethernet reliability technology.
184
www.raisecom.com
User Manual
www.raisecom.com
User Manual
9.1.3 ELPS
ELPS (Ethernet Linear Protection Switching) is an APS (Automatic Protection Switching) protocol
over IT U-T G.8031 r ecommendation. It is a n end-to-end pr otection t echnology us ed t o pr otect a n
Ethernet connection.
ELPS de ploys pr otection r esources f or w orking r esources, l ike pa th a nd ba ndwidth, e tc. E LPS
technology takes a simple and fast predictable mode to realize network resource switching, easier for
carrier to program network more efficiently and know network active status.
9.1.4 ERPS
ERPS (Ethernet Ring Protection Switching) is an APS protocol over ITU-T G.8032 recommendation.
It is special used in Ethernet ring link protocol. Generally, ERPS can avoid broadcast storm caused
by data loopback. When Ethernet has loop or device malfault, ERPS can switch the link to backup
link and ensure service restore quickly.
ERPS t akes t he s pcial VLAN i n r ing ne twork t o t ransmit r ing ne twork c ontrol i nformation a nd
meanwhile, combining with the topology feature of ring network to discover network fault quickly
and enable backup link to restore service fast.
www.raisecom.com
User Manual
nodes on t he Ethernet ring, the first interface No. and the second interface No. play the s ame r ole
basically.
Ethernet ring generates master node by the election, so each node needs to collect device information
on Ethernet ring, only the right collection leads to correct election. Topology collection is completed
by Hello messages, which contain all nodes information the node collected from the other interface.
The normal state of Ethernet ring is shown in Figure 9-3.
187
www.raisecom.com
User Manual
Networking situation
Link a ggregation f unction can pr ovide hi gher communication bandwidth a nd r eliability f or l ink
between two devices. It aggregates several physical Ethernet interface together and make one logical
link. This f unction realizes upbound a nd downbound flow l oad s haring a mong m ember i nterfaces
and then increases bandwidth; at the same time, the member interfaces are dynamic to one another
which improve link reliability.
9.2.1.2
Preconditions
Please configure interface physical pa rameters be fore c onfiguring l ink a ggregation a nd m ake
interface physical layer in Up status.
www.raisecom.com
User Manual
Function
Default value
Enable
Sxordmac mode
32768
32768
active
fast
Configuration
Description
Raisecom#config
Raisecom(config)#interface
port-channel port-channel-number
Raisecom(config-aggregator)#mode
manual
Raisecom(config-aggregator)#exit
Raisecom(config-port)#channel group
group-id
Raisecom(config-port)#exit
Raisecom(config)#link-aggregation
enable
Raisecom(config)#link-aggregation
loading-sharing mode { dip | dmac | sip
| smac | sportxorsxordmac | sxordip |
sxordmac }
Note: In one link aggregation group, the member interfaces take part in load sharing must have
identical c onfiguration, or e lse, t he da ta f orwarding w ill be a pr oblem. The c onfiguration i ncludes
STP, QoS, QinQ, VLAN, interface attributes, MAC address learning:
STP c onfiguration: int erface S TP e nable/disable s tatus, link attributes c onnects to the
interface (point-to-point or not), interface path overhead, STP priority, packets sending rate
limit, loopback protection, root protection, edge port or not.
QoS c onfiguration: f low m onitor, f low r eshaping, j am a voidance, i nterface r ate l imit, S P
queue, WRR queue, interface priority, interface trust mode.
189
www.raisecom.com
User Manual
QinQ configuration: interface QinQ enable/disable status, added outer VLAN Tag, policy for
adding outer VLAN Tag by different inner VLANID.
VLAN c onfiguration: i nterface pe rmitting V LAN, de fault V LAN I D, i nterface l ink t ype
(Trunk, Hybrid, A ccess), s ub-net VL AN configuration, V LAN packets w ith T ag
configuration or not.
Interface at tributes conf iguration: i nterface i s adde d into i solation gr oup or not , i nterface
speed, duplex mode, link up.down status.
MAC a ddress l earning c onfiguration: M AC a ddress l earning e nable/disable, i nterface w ith
max. Learning MAC address number limit or not, MAC address table can control forwarding
when it is full.
Configuration
Description
Raisecom#config
Raisecom(config)#lacp system-priority
system-priority
Raisecom(config)#interface port-channel
port-channel-number
Raisecom(config-aggregator)#mode
lacp-static
Raisecom(config-aggregator)#{ max-active
| min-active } links number
Raisecom(config-aggregator)#exit
Raisecom(config-port)#channel group
group-id
10
Raisecom(config-port)#lacp port-priority
port-priority
11
12
Raisecom(config-port)#exit
13
Raisecom(config)#link-aggregation
enable
www.raisecom.com
User Manual
Note:
Interface in s tatic LACP l ink a ggregation gr oup can b e i n a ctive or s tandby s tatus. Both
active interface and standby i nterface can receive/transmit LACP p ackets, but s tandby
interface cannot forward client packets.
System chooses default interface in the order of neighbor discover, interface maximum speed,
interface hi ghest LACP pr iority, interface minimum ID. The int erface is in active s tatus by
default, the interface with identical speed, identical peer and identical device operation key is
also in active status; other interfaces are in standby status.
Item
Description
Raisecom#show lacp
internal [ detail ]
Raisecom#show lacp
neighbor[ detail ]
Raisecom#show lacp
statistics [ port-list
port-list ]
Raisecom#show lacp
sys-id
Raisecom#show
link-aggregation
191
www.raisecom.com
9.3.1.2
User Manual
Preconditions
Finish the following tasks before configuring interface backup:
Create VLAN
Add interface to VLAN
Disable STP function
9.3.2
9.3.3
Function
Default value
N/A
Recovery time
15s
Recovery mode
Configuration
Description
Raisecom#config
Raisecom(config)#interface
interface-type primary-interface-number
Raisecom(config-port)#switchport
backup interface-type
backup-interface-number [ vlanlist
vlan-list ]
Raisecom(config-aggregator)#switchport
backup interface-type
backup-interface-number [ vlanlist
vlan-list ]
4
Raisecom(config-port)#exit
Raisecom(config-aggregator)#exit
5
Raisecom(config)#switchport backup
restore-delay period
Raisecom(config)#switchport backup
restore-mode { disable |
neighbor-discover | port-up }
Note:
In one interface backup group, on interface cannot be master interface and standby interface
at the same time.
On t he s ame VLAN, one i nterface/link a ggregation gr oup c annot be a m ember of bot h
192
www.raisecom.com
User Manual
9.3.4
Configuration
Description
Raisecom#config
Raisecom(config)#interface
interface-type primary-interface-number
Raisecom(config-port)#switchport
backup [ interface-type
backup-interface-number ] force-switch
Raisecom(config-aggregator)#switchport
backup [ interface-type
backup-interface-number ] force-switch
9.3.5
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
193
www.raisecom.com
User Manual
Networking situation
Configuring ELPS f eature in Ethernet can make Ethernet r eliability up to telecommunication level
(network self-heal time less than 50ms). It is an end-to-end protection technology used for protecting
an Ethenet link.
ELPS is in support of two protection modes: 1+1 and 1:1.
1+1 pr otection s witching m ode: de ploys a pr otection pa th f or e ach w orking path. In
protection domain, source end transmits traffic at both working path and protection path, but
destination end only choose one path to receive traffic.
1:1 protection switching mode: deploys a protection path for each working path. Traffic just
be transmitted in either working path or protection path, need APS protocol for negotiation
and the source end and destination end choose the same path.
One-way s witching a nd bi -directional s witching c an b e c hosen a ccording t o w hether bot h e nds
switches at the same time when link error.
One-way s witching: t he f ault of w hen one di rection at a l ink causes one end can r eceive
traffic, but t he ot her end cannot r eceive. In this cas e, the end cannot r eceive t raffic de tects
link error and performs switching, while the normal end doesnt detect and switch. The result
of switching is that two ends of ELPS may choose different link to receive traffic.
Bi-directional switching: when link is error, even only one direction has fault, both ends of
the link require APS protocol to negotiate and switch to backup link at the same time. The
result of s witching i s t hat t wo e nds of ELPS s hould c hoose one l ink f or t ransmitting and
receiving.
This de vice doe snt di fferenciate one -way a nd bi -directional s witching unt il i n 1 +1 m ode, onl y
bi-directional switching is available in 1:1 mode.
ELPS provides two modes for fault detection:
Detecting fault over physical interface status: to get link fault quickly and switching in time,
available to neighbor devices.
Detecting fault ov er C FM: a vailable to one-way de tection or m ulti-devices ac crossing
detection.
9.4.1.2
Preconditions
Finish the below tasks before configuring ELPS:
Connect i nterface a nd configure physical pa rameters f or i t, the i nterface i s Up at physical
layer
Create VLAN
Add interface into VLAN
Configure CFP detection among devices (prepairing when adopting CFP detection mode)
Default value
194
www.raisecom.com
User Manual
Function
Default value
revertive mode
WTR timer
5min
HOLDOFF timer
Enable
Physical link
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet
line-protection line-id working
{ port port-id | port-channel
port-channel-number } vlan-list
protection { port port-id |
port-channel port-channel-number }
vlan-list { one-plus-one-bi |
one-plus-one-uni | one-to-one }
[ non-revertive ] [ protocol-vlan
vlan-id ]
Raisecom(config)#ethernet
line-protection line-id name string
Raisecom(config)#ethernet
line-protection line-id wtr-timer
wtr-timer
Raisecom(config)#ethernet
(Optional) Configure HOLDOFF timer. After
line-protection line-id hold-off-timer configuring HOLDOFF timer, system delays process
hold-off-timer
fault time when working link is error, that is to say,
it switches to protection link after a delay time to
avoid f requent s witch c aused by working l ink
change. By default, HOLDOFF timer is 0.
Note: HOLDOFF t imer configures i n large v alue
will i nfluence 50m s s witching pe rformance, i t i s
recommended to use defaulted value 0.
Raisecom(config)#ethernet
line-protection trap enable
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet line-protection
line-id { working | protection } failure-detect
physical-link
Raisecom(config)#ethernet line-protection
line-id { working | protection } failure-detect cc
[ md md-name ] ma ma-name level level mep
LocalMepid RemoteMepid
Raisecom(config)#ethernet line-protection
line-id { working | protection } failure-detect
physical-link-or-cc [ md md-name ] ma ma-name
level level mep LocalMepid RemoteMepid
Note: The working path a nd protection pa th c an configure different f ault de tection mode, but it is
better to keep their configuration consistent.
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet
line-protection line-id lockout
Raisecom(config)#ethernet
line-protection line-id force-switch
Raisecom(config)#ethernet
line-protection line-id manual-switch
Raisecom(config)#ethernet
line-protection line-id
manual-switch-to-work
Raisecom(config)#clear ethernet
line-protection line-id end-to-end
command
Note: By de fault, traffic will s witch t o pr otection l ink when w orking l ink i s f ault. Thus E LPS is
needed in some special conditions.
196
www.raisecom.com
User Manual
Item
Description
Raisecom#show ethernet
line-protection [ line-id ]
Raisecom#show ethernet
Show protection line statistic information.
line-protection [ line-id ] statistics
Raisecom#show ethernet
line-protection [ line-id ] aps
Networking situation
With the development of Ethernet to telecom level network, voice and video multicast services bring
forth higher requirements on Ethernet redundant protection and fault-restore time. The fault-restore
convergent time of current STP system is in second level that is far away to meet requirement. By
defining different roles for nodes in a ring, ERPS can break loop link and avoid broadcast storm in
normal condition. Then the service link can switch to backup link if the ring link or node faults and
remove loop, perform fault protection switch and automatic fault restore, whats more, the protection
switch t ime is l ower t han 50ms. It is i n s upport of s ingle r ing, c rossed r ings a nd t angent r ings
networking modes.
ERPS provides two fault detection modes:
Fault de tection ov er phy sical i nterface s tatus: t o ge t l ink f ault a nd s witching quickly,
available to adjacent devices.
Fault detection over CFM: available to uni-directional detection or multi-devices cross over
detection.
9.5.1.2
Preconditions
Finish the below tasks before configuring ERPS:
Connect i nterface a nd configure physical pa rameters f or i t, the i nterface i s Up at physical
layer
Create VLAN
Add interface into VLAN
Configure CFP detection among devices (prepairing when adopting CFP detection mode)
Default value
Protocol VLAN
1
197
www.raisecom.com
User Manual
Function
Default value
Protection ring
Revertive mode
5min
Guard timer
500ms
Disable
with mode
Disable
Physical interface
WTB timer
5s
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet
ring-protection ring-id east { port
port-id | port-channel
port-channel-number } west { port
port-id | port-channel
port-channel-number } [ node-type
rpl-owner rpl { east | west } ]
[ not-revertive ] [ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]
western-bound
198
www.raisecom.com
Step
User Manual
Configuration
Description
Raisecom(config)#ethernet
ring-protection ring-id east { port
port-id | port-channel
port-channel-number } west { port
port-id | port-channel
port-channel-number } node-type
rpl-neighbour rpl { east| west }
[ not-revertive ] [ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]
Raisecom(config)#ethernet
ring-protection ring-id east { port
port-id | port-channel
port-channel-number } west { port
port-id | port-channel
port-channel-number } [ not-revertive ]
[ protocol-vlan vlan-id ] [ block-vlanlist
vlan-list ]
Raisecom(config)#ethernet
ring-protection ring-id name string
Raisecom(config)#ethernet
ring-protection ring-id version { 1 | 2 }
Raisecom(config)#ethernet
ring-protection ring-id guard-time
guard-time
Raisecom(config)#ethernet
ring-protection ring-id wtr-time
wtr-time
Raisecom(config)#ethernet
ring-protection ring-id holdeoff-time
holdoff-time
Neighbour.
Raisecom(config)#ethernet
ring-protection trap enable
199
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
200
www.raisecom.com
Step
4
User Manual
Configuration
Description
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet ring-protection
ring-id { east | west } failure-detect
physical-link
Raisecom(config)#ethernet ring-protection
ring-id { east | west } failure-detect cc [ md
md-name ] ma ma-name level level mep
LocalMepid RemoteMepid
Raisecom(config)#ethernet ring-protection
ring-id { east | west } failure-detect
physical-link-or-cc [ md md-name ] ma
ma-name level level mep LocalMepid
RemoteMepid
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet ring-protection
ring-id force-switch { east | west }
Raisecom(config)#ethernet ring-protection
ring-id manual-switch { east | west }
201
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config)#ethernet ring-protection
ring-id wtb-time wtb-time
Raisecom(config)#clear ethernet
ring-protection ring-id { command |
statistics }
Note: By de fault, traffic will s witch t o pr otection l ink w hen w orking l ink i s f ault. Thus E RPS i s
needed in some special conditions.
Item
Description
9.6.1.2
Preconditions
Before configuring Ethernet ring, configure interface physical parameters to make interface physical
layer state Up.
202
www.raisecom.com
9.6.2
User Manual
9.6.3
Function
Default value
Disable
1s
5s
Bridge priority
15s
Configuration
Description
Raisecom#config
Raisecom(config)#interface interface-type
primary-interface-number
Raisecom(config-port)#exit
9.6.4
Raisecom#config
Raisecom(config)#ethernet ring
ring-id hello-time hello-time
203
www.raisecom.com
User Manual
Raisecom(config)#ethernet ring
ring-id restore-delay delay-time
Raisecom(config)#ethernet ring
ring-id priority priority
Raisecom(config)#ethernet ring
ring-id description string
Raisecom(config)#ethernet ring
ring-id hold-time hold-time
Raisecom(config)#ethernet ring
ring-id protocol-vlan vlan-id
Note: master node election: at the beginning, all nodes consider themselves the master node, one of
two interfaces is Block, so no data loop on the ring; when two interfaces on the ring node receive the
same Hello packets for many times, the node considers that the ring topology is stable and can elect
master node. Other nodes will not enable the blocked interface, usually only one master node, which
ensures only one blocked interface, and ensures the connectivity of the nodes on the ring.
9.6.5
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
9.7 Maintenance
User can maintain network reliability by the below commands:
Command
Description
Raisecom(config)#clear ethernet
line-protection [ line-id ] statistics
Raisecom(config)#clear ethernet
ring-protection ring-id statistics
Raisecom(config)#clear ethernet
ring ring-id statistics
www.raisecom.com
User Manual
Networking requirement
As the Figure 9-5 shows below, in order to improve link reliability between Switch A and Switch B,
configure manual link aggregation for the two devices; add Port 1 and Port 2 into link aggregation
group t o b uild up a unique l ogical i nterface. T he l ink a ggregatin gr oup p erforms l oad s haring
according to source MAC.
9.8.1.2
Configuration Steps
Create manual link aggregation group.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#interface port-channel 1
SwitchA(config-aggregator)#mode manual
SwitchA(config-aggregator)#exit
Configure Switch B.
Raisecom#hostname SwitchB
SwitchA#config
SwitchB(config)#interface port-channel 1
SwitchB(config-aggregator)#mode manual
SwitchB(config-aggregator)#exit
www.raisecom.com
User Manual
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#channel group 1
SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 1
SwitchB(config-port)#channel group 1
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#channel group 1
SwitchB(config-port)#exit
Configure Switch B.
SwitchB(config)#link-aggregation load-sharing mode smac
Configure Switch B.
SwitchB(config)#link-aggregation enable
9.8.1.3
Show result
Show global configuration of manual link aggregation by the command of show link-aggregation:
SwitchA#show link-aggregation
Link aggregation status:Enable
Load sharing mode:SMAC
Load sharing ticket generation algorithm:Direct-map
M - Manual
L - Lacp-static
--------------------------------------------------------------------1
1-2
206
www.raisecom.com
User Manual
Networking requirement
As the Figure 9-6 shows below, in order to improve link reliability between Switch A and Switch B,
configure static L ACP l ink a ggregation f or t he t wo devices, a dd Port 1 a nd Port 2 i nto l ink
aggregation group. Port 1 is the master link and Port 2 is standby link.
9.8.2.2
Configuration steps
Configure static LACP link aggregation group on Switch A and set Switch A as active end.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#lacp system-priority 1000
SwitchA(config)#interface port-channel 1
SwitchA(config-aggregator)#mode lacp-static
SwitchA(config-aggregator)#exit
SwitchA(config)#interface port 1
SwitchA(config-port)#channel group 1
SwitchA(config-port)#lacp port-priority 1000
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#channel group 1
SwitchA(config-port)#exit
SwitchA(config)#link-aggregation enable
www.raisecom.com
User Manual
SwitchB(config-port)#channel group 1
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#channel group 1
SwitchB(config-port)#exit
SwitchB(config)#link-aggregation enable
9.8.2.3
Show result
Show static LACP link aggregation global configuration on Switch A by the command of show
link-aggregation:
Raisecom#show link-aggregation
Link aggregation status:Enable
Load sharing mode:SXORDMAC
Load sharing ticket generation algorithm:Direct-map
M - Manual
L - Lacp-static
--------------------------------------------------------------------1
1-2
Show pe er s ystem LACP i nterface s tatus, mark, i nterface pr iority, management ke y, ope ration key
and status of interface status machine on Switch A by the command of show lacp internal:
Raisecom(config)#show lacp internal
Flags:
S - Device is requesting Slow LACPDUs
Interface State
Flag
Port-Priority
Admin-key
Oper-key
Port-State
------------------------------------------------------------------------P1
active
SA
1000
0x45
P2
standby
SA
32768
0x45
Show pe er system LACP interface s tatus, mark, interface pr iority, management ke y, ope ration key
and status of interface status machine on Switch A by the command of show lacp neighbor.
208
www.raisecom.com
User Manual
Networking requirement
As the Figure 9-7 shows below, to achieve the realiable accress from remote PC to server, configure
interface backup group on Switch A and assign VLAN list so as to achieve interface link protection
and load sharing. The requirement is as below:
Configure Switch A on V LAN 100VLAN 150, Port 1 i s m aster i nterface a nd P ort 2 i s
standby interface.
Configure S witch A on V LAN 15 1VLAN 200, Port 2 i s m aster interface, a nd Port 1 i s
standby interface.
Port 1 can be switched to Port 2 to keep link normal when it has link fault.
Switch A needs to support interface backup function, but Switch B, Switch C, Switch D need not.
9.8.3.2
Configuration steps
Create VLAN 100VLAN 200 and add Port 1 and Port 2 into it.
Raisecom#config
Raisecom(config)#create vlan 100-200 active
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm
Raisecom(config-port)#exit
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport mode trunk
Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm
Raisecom(config-port)#exit
Configure Port 1 as master interface and Port 2 as standby interface on VLAN 100VALN 150.
Raisecom(config)#interface port 1
Raisecom(config-port)#switchport backup port 2 vlanlist 100-150
209
www.raisecom.com
User Manual
Raisecom(config-port)#exit
Configure Port 2 as master interface and Port 1 as standby interface on VLAN 151VALN 200.
Raisecom(config)#interface port 2
Raisecom(config-port)#switchport backup port 1 vlanlist 151-200
9.8.3.3
Show result
Check i nterface ba ckup s tatus i nformation i n c onditions of normal l ink s tatus a nd l ink fault
separately by the command of show switchport backup.
When the link of Port 1 and Port 2 is Up, Port 1 forwards traffics on VLAN 100VALN 1 50, while
Port 2 forwards traffics on VLAN 151VALN 200.
Raisecom#show switchport backup
Restore delay: 15s.
Restore mode: port-up.
Active Port(State)
Backup Port(State)
Vlanlist
--------------------------------------------------------port1
(Up)
port2
(Standby)
100-150
port2
(Up)
port1
(Standby)
151-200
Break the link simulation fault between Switch A and Switch B manually, then the status of Port 1
will become Down, Port 2 will forward traffics on VLAN 100VALN 200.
Raisecom#show switchport backup
Restore delay: 15s
Restore mode: port-up
Active Port(State)
Backup Port(State)
Vlanlist
----------------------------------------------------------------port1 (Down)
port2
(Up)
100-150
port2 (Up)
port1
(Down)
150-200
When Port1 recovers t o Up st atus for 15s (re cover de lay), Port 1 will forward traffics on VLAN
100VALN 150, and Port 2 on VLAN 151VALN 200.
Networking requirement
As the Figure 9-8 shows below, in order to improve link reliability between Switch A and Switch B,
configure 1:1 ELPS on the two devices and detect fault over physical interface status. Port 1 and Port
2 set in VLAN range 100~200.
www.raisecom.com
9.8.4.2
User Manual
Configuration steps
Create VLAN 100~VLAN 200 and add interface into VLAN 100~VLAN 200.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 100-200 active
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm
SwitchA(config-port)#exit
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#create vlan 100-200 active
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm
SwitchB(config-port)#exit
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working port 1 100-200 protection port 2 100-200 one-to-one
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working failure-detect physical-link
211
www.raisecom.com
User Manual
SwitchB(config)#ethernet line-protection 1 protection failure-detect physical-link
9.8.4.3
Show result
Show 1: 1 m ode E LPS c onfiguration on t he de vice by t he c ommand of
line-protection.
show ethernet
Show 1:1 mode ELPS APS protocol information on t he device by the command of show ethernet
line-protection aps.
Take Switch A for example:
SwitchA#show ethernet line-protection 1 aps
Id
Type
-------------------------------------------------------------------1-Local
1:1
bi
yes
1-Remote 1:1
bi
yes
yes NR-W
null/null
Networking requirement
As the Figure 9-9 shows below, in order to improve link reliability between Switch A and Switch B,
configure 1+1 one-way ELPS on the two devices and detect fault over CFM. Port 1 and Port 2 set in
VLAN range 100~200.
212
www.raisecom.com
9.8.5.2
User Manual
Configuration steps
Create VLAN 100~VLAN 200 and add interface into VLAN 100~VLAN 200.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 100-200 active
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm
SwitchA(config-port)#exit
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#create vlan 100-200 active
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm
SwitchB(config-port)#exit
Configure CFM.
Configure Switch A.
SwitchA(config)#ethernet cfm domain md-name md1 level 7
SwitchA(config)#service ma1 level 7
SwitchA(config-service)#service vlan-list 100
SwitchA(config-service)#service mep down mpid 1 port 1
SwitchA(config-service)#service mep down mpid 2 port 2
SwitchA(config-service)#service remote-mep 3
SwitchA(config-service)#service remote-mep 4
SwitchA(config-service)#service cc enable mep 1
SwitchA(config-service)#service cc enable mep 2
SwitchA(config-service)#exit
SwitchA(config)#ethernet cfm enable
Configure Switch B.
213
www.raisecom.com
User Manual
SwitchB(config)#ethernet cfm domain md-name md1 level 7
SwitchB(config)#service ma1 level 7
SwitchB(config-service)#service vlan-list 100
SwitchB(config-service)#service mep down mpid 3 port 1
SwitchB(config-service)#service mep down mpid 4 port 2
SwitchB(config-service)#service remote-mep 1
SwitchB(config-service)#service remote-mep 2
SwitchB(config-service)#service cc enable mep 3
SwitchB(config-service)#service cc enable mep 4
SwitchB(config-service)#exit
SwitchB(config)#ethernet cfm enable
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working port 1 100-200 protection port 2 100-200 one-plus-one-uni
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working failure-detect cc md md1 ma ma1 level 7 mep 3 1
SwitchB(config)#ethernet line-protection 1 protection failure-detect cc md md1 ma ma1 level 7 mep 4 2
9.8.5.3
Show result
Show 1+ 1 m ode E LPS configuration on
line-protection.
www.raisecom.com
User Manual
Show 1+1 mode ELPS APS protocol information on t he device by the command of show ethernet
line-protection aps.
Take Switch A for example:
SwitchA#show ethernet line-protection 1 aps
Id
Type
-------------------------------------------------------------------1-Local
1+1
uni
yes
Networking requirement
As the Figure 9-10 shows below, in order to improve Ethernet reliability, the four devices Switch A,
Switch B, Switch C and Switch D build up an ERPS single ring.
Switch A device i s R PLOwner, Switch B i s R PLNeighbour; the RPL link between Switch A a nd
Switch B is blocked.
The fault de tection mode between Switch A and Switch D i s physical-link-or-cc, other links adopt
default fault detection mode (physical-link).
By default, VLAN is 1, and the congested VLAN range is 1~4094.
9.8.6.2
Configuration steps
Add interface into VLAN 1~VLAN 4094.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
215
www.raisecom.com
User Manual
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
Configure Switch C.
Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
SwitchC(config)#interface port 2
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
Configure Switch D.
Raisecom#hostname SwitchD
SwitchD#config
SwitchD(config)#interface port 1
SwitchD(config-port)#switchport mode trunk
SwitchD(config-port)#exit
SwitchD(config)#interface port 2
SwitchD(config-port)#switchport mode trunk
SwitchD(config-port)#exit
Configure CFM.
Configure Switch A.
SwitchA(config)#ethernet cfm domain md-name md1 level 7
SwitchA(config)#service ma1 level 7
SwitchA(config-service)#service vlan-list 1
SwitchA(config-service)#service mep down mpid 1 port 2
SwitchA(config-service)#service remote-mep 2
SwitchA(config-service)#service cc enable mep 1
SwitchA(config-service)#exit
SwitchA(config)#ethernet cfm enable
Configure Switch D.
SwitchD(config)#ethernet cfm domain md-name md1 level 7
216
www.raisecom.com
User Manual
SwitchD(config)#service ma1 level 7
SwitchD(config-service)#service vlan-list 1
SwitchD(config-service)#service mep down mpid 2 port 1
SwitchD(config-service)#service remote-mep 1
SwitchD(config-service)#service cc enable mep 2
SwitchD(config-service)#exit
SwitchD(config)#ethernet cfm enable
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-neighbour rpl west
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 2
1
9.8.6.3
Show result
Check i f E RPS protection ring is ef fective on the de vice b y t he command of show ethernet
ring-protection status.
Take Switch A for example, RPL link is congested to avoid loopback:
SwitchA#show ethernet ring-protection status
Id/Name
Status
Last Occur(ago)
--------------------------------------------------------------------1
idle
0 day 0050750
block
forwarding
1-4094
Cut off link between Switch B and Switch C by manual to simulate fault, execute command to show
ERPS protection ring status on Switch A again, RPL link switches to forwarding status.
SwitchA#show ethernet ring-protection status
Id/Name
Status
Last Occur(ago)
------------------------------------------------------------------1
Protection
0 day 0055950
forwarding forwarding
1-4094
217
www.raisecom.com
User Manual
Networking requirement
As the Figure 9-11 shows below, in order to improve Ethernet reliability, the devices Switch A,
Switch B, Switch C, Switch D, Switch E and Switch F build up double ring ERPS network.
Switch A, Switch B, Switch C and Switch D build up the master ring, Switch D is master ring
RPLOwner, S witch C i s m aster r ing R PLNeighbour, c ongest S witch D Port 1 i nterface, pr otocol
VLAN adopts default value 1.
Switch A, Switch B, S witch E and Switch F bui ld up secondary r ing, S witch F i s s econdary r ing
RPLOwner, Switch A is secondary ring RPLNeighbour, congest Switch F Port 1 i nterface, protocol
VLAN is 4094. Virtual path mode of secondary ring is defaulted with mode.
Congestion VLAN range of master and secondary ring are both defaulted 1~4094.
Master ring devices all adopt physical-link-or-cc mode to detect fault, secondary ring adopt defaulted
fault detection mode (physical-link).
9.8.7.2
Configuration steps
Add interface into VLAN 1~VLAN 4094.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
SwitchA(config)#interface port 3
218
www.raisecom.com
User Manual
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
SwitchB(config)#interface port 3
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
Configure Switch C.
Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
SwitchC(config)#interface port 2
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
Configure Switch D.
Raisecom#hostname SwitchD
SwitchD#config
SwitchD(config)#interface port 1
SwitchD(config-port)#switchport mode trunk
SwitchD(config-port)#exit
SwitchD(config)#interface port 2
SwitchD(config-port)#switchport mode trunk
SwitchD(config-port)#exit
Configure Switch E.
Raisecom#hostname SwitchE
SwitchE#config
SwitchE(config)#interface port 1
SwitchE(config-port)#switchport mode trunk
SwitchE(config-port)#exit
SwitchE(config)#interface port 2
SwitchE(config-port)#switchport mode trunk
SwitchE(config-port)#exit
Configure Switch F.
Raisecom#hostname SwitchF
219
www.raisecom.com
User Manual
SwitchF#config
SwitchF(config)#interface port 1
SwitchF(config-port)#switchport mode trunk
SwitchF(config-port)#exit
SwitchF(config)#interface port 2
SwitchF(config-port)#switchport mode trunk
SwitchF(config-port)#exit
Configure Switch B.
SwitchB(config)#ethernet cfm domain md-name md1 level 7
SwitchB(config)#service ma1 level 7
SwitchB(config-service)#service vlan-list 1
SwitchB(config-service)#service mep down mpid 3 port 1
SwitchB(config-service)#service mep down mpid 4 port 2
SwitchB(config-service)#service cc enable mep 3
SwitchB(config-service)#service cc enable mep 4
SwitchB(config-service)#exit
SwitchB(config)#ethernet cfm enable
Configure Switch C.
SwitchC(config)#ethernet cfm domain md-name md1 level 7
SwitchC(config)#service ma1 level 7
SwitchC(config-service)#service vlan-list 1
SwitchC(config-service)#service mep down mpid 5 port 1
SwitchC(config-service)#service mep down mpid 6 port 2
SwitchC(config-service)#service cc enable mep 5
SwitchC(config-service)#service cc enable mep 6
SwitchC(config-service)#exit
SwitchC(config)#ethernet cfm enable
Configure Switch D.
SwitchD(config)#ethernet cfm domain md-name md1 level 7
SwitchD(config)#service ma1 level 7
220
www.raisecom.com
User Manual
SwitchD(config-service)#service vlan-list 1
SwitchD(config-service)#service mep down mpid 7 port 1
SwitchD(config-service)#service mep down mpid 8 port 2
SwitchD(config-service)#service cc enable mep 7
SwitchD(config-service)#service cc enable mep 8
SwitchD(config-service)#exit
SwitchD(config)#ethernet cfm enable
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-neighbour rpl west
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-owner rpl east
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 3
2
SwitchB(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 4
5
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 5
4
SwitchC(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 6
7
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 7
6
SwitchD(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 8
1
www.raisecom.com
User Manual
SwitchA(config)#ethernet ring-protection 2 propagate enable
Configure Switch B.
SwitchB(config)#ethernet ring-protection 2 east port 3 protocol-vlan 4094
SwitchB(config)#ethernet ring-protection 2 propagate enable
Configure Switch E.
SwitchE(config)#ethernet ring-protection 2 east port 1 west port 2 protocol-vlan 4094
Configure Switch F.
SwitchF(config)#ethernet ring-protection 2 east port 1 west port 2 node-type rpl-owner rpl east protocol-vlan
4094
9.8.7.3
Show result
Check i f E RPS protection ring i s e ffective on t he de vice b y t he c ommand of show ethernet
ring-protection status.
Execute the c ommand on Switch A, Switch D and Switch F r espectively, the r esult w ill s how a s
below if configure successfully.
SwitchA#show ethernet ring-protection status
Id/Name
Status
Traffic-vlanlist
------------------------------------------------------------------------1
Id/Name
idle
Status
0 day 0050750
forwarding
forwarding 1
1-4094
Traffic-vlanlist
------------------------------------------------------------------------2
idle
0 day 0050750
forwarding
forwarding 1
1-4094
Status
Last Occur(ago)
------------------------------------------------------------------------1
idle
0 day 0050750
block
forwarding
1-4094
Status
Last Occur(ago)
------------------------------------------------------------------------2
idle
0 day 0050750
block
forwarding
1-4094
Networking requirement
As t he F igure 9 -12 s hows be low, t o i mprove t he r eliability of E thernet, t he S witch A , S witch B,
Switch C, Switch D have constituted an Ethernet single ring Ring 1.
The figure shows that the four devices are added to Ring 1 interface. MAC addresses are Switch A
(000E.5E00.000A), Switch B (000E.5E00.000B), Switch C (000E.5E00.000C), Switch D
(000E.5E00.000D).
222
www.raisecom.com
User Manual
The status and priority of four nodes are the same, Mac address of Switch D is biggest, and therefore,
Switch D is the master node of Ethernet ring.
9.8.8.2
Configuration steps
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#interface port 1
SwitchA(config-port)#ethernet ring 1 port 2
SwitchA(config-port)#exit
SwitchA(config)#ethernet ring 1 enable
Switch Switch B, Switch C, and Swtch C, please take Switch A configuration for reference.
9.8.8.3
Show result
Check Ethernet ring configuration by the command of show ethernet ring.
Take Switch D for example, when the loop is normal, the first ring interface of master node Switch D:
Port 1 Block clears data loop.
SwitchD#show ethernet ring
Ethernet Ring Upstream PortList:-Ethernet Ring 1:
Ring Admin:
Enable
Ring State:
Enclosed
Bridge State:
Block
Bridge MAC:
000E.5E00.000D
Ring DB State:
Block
Ring DB Priority:
Ring DB:
000E.5E00.000D
223
www.raisecom.com
User Manual
Hello Time:
Restore delay:
Hold Time
15
Protocol Vlan
Break l ink s imulation f ault be tween S witch A a nd S witch B m anually, P ort 1 of S witch D w ill
change i ts s tatus f rom B lock t o F orwarding, Port 1 of S witch B w ill c hange i ts status fr om
Forwarding to Block. Check Ethernet ring status again.
SwitchD#show ethernet ring
Ethernet Ring Upstream-Group:1
Ethernet Ring 1:
Ring Admin:
Enable
Ring State:
Unenclosed
Bridge State:
Two-Forward
Bridge MAC:
000E.5E00.000D
Ring DB State:
Block
Ring DB Priority:
Ring DB:
000E.5E00.000B
Hello Time:
Restore delay:
15
Hold Time
15
Protocol Vlan
224
www.raisecom.com
User Manual
Chapter 10 OAM
This chapter introduces basic principle and configuration of OAM and provides related configuration
applications.
Overview
EFM
CFM
SLA
E-LMI
Maintenance
Configuring applications
10.1
Overview
10.1.1
OAM overview
Ethernet i s de signed f or LAN initially; the OAM ( Operation, Administration and Management) i s
weak for its small scale and possesses administrative system of NE level. With the wider application
of E thernet i n t elecom ne twork, t he l ink l ength a nd network s cal become bi gger a nd bi gger, i t
demands an efficient management and maintenance system in telecom network.
To confirm connectivity of Ethernet virtual connection, detecting, confirming and locating fault from
Ethernet layer, as well as balance network utility and network performance, then providing service
according S LA (Service Level Agreement) i mplementing OAM o n E thernet has becoming a
inevitable developing trend.
Ethernet OAM is graded to achieve, as shown in Figure 10-1, it is generally divided into two levels:
Link level Ethernet OAM: mostly used to the Ethernet physical link between PE (P rovider
Edge) and CE (Customer Edge) (i.e.: the last mile) to monitor the link status between users
network and and operators network. The typical protocol is EFM (Ethernet in the First Mile)
OAM protocol.
Service-class Ethernet OAM: mostly us ed t o network access conv ergence l ayer to monitor
the e ntire ne twork connectivity, position network connectivity fault, and monitor link
performance. The typical protocol is CFM (Connectivity Fault Management) OAM protocol.
225
www.raisecom.com
User Manual
10.1.2
EFM
Complied with IEEE 8802.3ah protocol, EFM is a kind of Ethernet OAM technology in link level,
which provides link connectivity detection function, link fault monitoring function, and remote fault
notification function, etc to the link between two straight-connection devices.
"The last mile" in EFM r efers t o the c onnection f rom telecommunications carrier t o the users. Its
goal is to promote the widely used E thernet technology to the telecommunications access ne twork
market, which can significantly improve network performance and reduce device and operating costs.
EFM is mainly used for user access network edge Ethernet link.
Switch device provides the IEEE 802.3ah standard EFM function.
10.1.3
CFM
CFM is a kind of Ethernet OAM technology in network level, implementing end-to-end connectivity
fault de tection, f ault n otification, j udgement a nd l ocation f unctions. It is us ed t o diagnose f ault
actively for EVC (Ethernet Virtual Connection) and provide c ost-effective ne twork maintenance
solution via fault management function and improve network maintenance.
The s witch provides CFM function which is compatible w ith IEEE 802.1ag and ITU-T Y.1731
recommendations.
226
www.raisecom.com
User Manual
Service instance
Service Instance also called MA (Maintenance Association) is part of MD. One MD can be divided
into one or multiple service instances. One service instance corresponds to one service, mapping to
one V LAN group; VLAN of different service instances cannot cross. Though service instance can
map to multiple VLAN, one instance can use one VLAN for transmitting or receiving OAM packets.
This VLAN is master VLAN of the intance.
MEP
As the Figure 10-3 shows below, MEP (Maintenance associations End Point) is edge node of service
intance. MEP can transmit a nd deal with CFM packets, instance that MEP located and MD decide
the VLAN and level for MEP packets transmission and reception
MEP o n a ny de vice r unning C FM i n ne twork i s c alled l ocal MEP; MEP on ot her de vices i n t his
instance is called RMEP (Remote Maintenance association End Point).
One i nstance can configure multiple MEP; packets s ent by M EP i n one i nstance t ake i dentical
S-VLAN TAG, priority and C-VLAN TAG. MEP can receive OAM packets sent by other MEP in
the instance, stop packets with the same level or lower than its own level and transmit packets higher
than its own level.
227
www.raisecom.com
User Manual
MIP
As the Figure 10-3 shows above, MIP (Maintenance association Intermediate Point) is inner node of
service instance, which is created by device automatically. MIP cannot send CFM p ackets actively
but can manage and answer LTM (LinkTrace Message) and LBM (LoopBack Message) packets.
MP
MEP and MIP are both called MP (Maintenance Point).
10.1.4
SLA
SLA is a telecommunication service evaluating standard negotiated by service provider and users to
provide agreement to service quality, priority and responsibility, etc.
In technology, S LA is real-time ne twork performance de tection and statistic technology which c an
give s tatistics to responding t ime, ne twork j itter, delay, packet loss rate, etc. SLA can choose
different task for different application and monitor related measurement value.
Basic concepts related to SLA:
Operation
Static conc ept: it is a SLA ne twork performance t esting t ask f rom e nd-to-end, i ncluding layer-2
network delay/jitter te st ( y1731-echo/y1731-jitter) and
layer-3 network delay/jitter te st
(icmp-echo/icmp-jitter).
Test
Dynamic concept: it is used to describe an execution of one operation.
Detection
Dynamic concept: it is used to describe a procedure of transmitting-receiving packet in operation test.
According to definition of operation, one operation test can contain multiple detections (one test only
contains one time of detection for Echo operation).
Schedule
Dynamic concept: it is used to describe a schedule of one operation; one schedule contains multiple
periodical tests executions.
228
www.raisecom.com
10.1.5
User Manual
E-LMI
Refering to Frame Relay Local Management Interface Specification, MEF (Metro Ethernet Forum)
defines t he E thernet L ocal M anagement I nterface. E -LMI i s the O AM pr otocol to locate in UNI
(User-Network Interface), mainly used between CE and PE devices.
E-LMI enables service providers to configure CE automatically according to purchased services. By
E-LMI, CE can automatically r eceive mapping information from us er VLAN t o EVC and the
corresponding bandwidth and QoS settings. E-LMI CE device auto-configuration function not only
reduces the w ork of the services establishment, but also the coordination work between service
providers and enterprises users. As a result, enterprise users neednt to know the configuration of CE
devices; service pr ovider w ill t ake t he i ntegrateconfiguration a nd m anagement w hich r educes the
risk of human errors.
In addition, E-LMI also provides the EVC status information to CE device. Once the EVC fails (such
as PE uses CFM to provide fault detection function for EVC), PE will notify the CE device to access
side route for switching.
The deployment location of E-LMI in the network is shown in Figure 10-4:
10.2
EFM
10.2.1
10.2.1.1
Networking situation
Deploy E FM f eature be tween s traight t hrough c onnected de vices c an efficiently improve E thernet
link management and maintenance capability and ensure network running stable.
10.2.1.2
Preconditions
Before c onfiguring E FM, users ha ve to c onnect interface a nd configure physical pa rameters f or it,
the interface is Up at physical layer.
10.2.2
Default value
229
www.raisecom.com
10.2.3
User Manual
Function
Default value
Passive
10100ms
5s
Disable
Disable
Respond
1s
1 error frame
60s
1s
100ms
1s
Enable
Disable
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#oam
{ active | passive }
230
www.raisecom.com
Step
User Manual
Configuration
Raisecom(config-port)#exit
Raisecom(config)#oam
send-period period-number
Description
(Optional) OAM link sends INFO packets to each other
timing, use this command to set packets sending interval
and control link communication period. The unit is 100ms.
By default, sending interval is 10 (10100ms).
Raisecom(config)#oam timeout
period-number
Raisecom(config)#interface port
port-id
Raisecom(config-port)#oam enable
10.2.4
10.2.4.1
Configuration
Description
Raisecom#config
Raisecom(config)#interface
port port-id
Raisecom(config-port)#oam
remote-loopback
Raisecom(config-port)#no oam
remote-loopback
Note:
Perform loopback detection periodically can discover network fault in time. By loopback
detection in network sections can locate exact fault area and help users remove fault.
In link loopback status, the device loopback all packets except OAM packets received by link
to peer device, user data packets cannot forwarded normally. Please disable this function in
time when doesnt need detection.
10.2.4.2
Configuration
Description
Raisecom#config
www.raisecom.com
10.2.4.3
User Manual
Step
Configuration
Description
Raisecom(config)#interface
port port-id
Raisecom(config-port)#oam
peer event trap enable
Configuration
Description
Note: By ge tting c urrent variable value of pe er de vice to get s tatus of c urrent l ink. IEEE802.3
Clause30 defines a nd e xplains s upporting O AM ge tting v ariable a nd i ts denotation in details. The
variable t akes Object as t he m aximum di vision, e ach obj ect c ontains Package a nd Attribute. A
package contains several attributes. Attribute is the minimum unit of variable. When OAM variable
getting, it de fines object, package, brach and leaf description of a ttributes by C lause30 to describe
requesting object, and the branch and leaf are followed by variable value to denote object responds
variable r equest. The de vice i s i n s upport of OAM inf ormation and interface s tatistics f or obj ect
variable getting.
Peer variable getting cannot realize until building up EFM connection.
10.2.5
10.2.5.1
Configuration
Description
Raisecom#config
Raisecom(config)#interface
port port-id
Raisecom(config-port)#oam
loopback { ignore | process }
Note: Peer EFM remote loopback function wont take effect until remote loopback process function
232
www.raisecom.com
User Manual
is configured at local.
10.2.5.2
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#oam
errored-frame window window
threshold threshold
Raisecom(config-port)#oam
errored-frame-period window
window threshold threshold
Raisecom(config-port)#oam
errored-frame-seconds window
window threshold threshold
Raisecom(config-port)#oam
errored-symbol-period window
window threshold threshold
Note:
OAM link m onitor is us ed t o de tect a nd r eport l ink error i n di fferent c ondition. When
detection link has fault, device notifies peer the error generated time, windown and threshold
setting, etc. by OAM event, the peer receives event notification and report NMS center via
SNMP Trap. Besides, local device can direct report event to NMS center via SNMP Trap.
By default, system has default value for error generated time, windown and threshold setting.
10.2.5.3
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface
port port-id
Raisecom(config-port)#oam
notify { critical-event |
dying-gasp | errored-frame |
errored-frame-period |
errored-frame-seconds |
errored-symbol-period }
{ disable | enable }
10.2.5.4
Configuration
Description
233
www.raisecom.com
10.2.6
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface
port port-id
Raisecom(config-port)#oam
event trap enable
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show oam
[ port-list port-list ]
10.3
CFM
10.3.1
10.3.1.1
Networking situation
To develop Ethernet technology application in telecommunication network, Ethernet needs to realize
service level identical to telecommunication transmission network. CFM provides full OAM tool to
telecommunication Ethernet to solve this problem.
CFM provides the below OAM functions:
Fault detection function
Fault detection function refers to use CC (Continuity Check) protocol to detect the connectivity of
Ethernrt v irtual ne twork a nd c onfirm the M P c onnection s tatus. This f unction i s r ealized by MEP
sending CCM (Continuity Check Message) periodically, other MEP in one service instance receives
234
www.raisecom.com
User Manual
packet to confirm the status of RMEP. The device fault or link configuration error may make MEP
cannot fail to receive and process CCM from RMEP. If MEP hasnt recived remote CCM packet in
3.5 CCM intervals, the link is considered to be fault, system will send fault trap according to alarm
priority configuration.
Fault acknowledgement function
Using L B ( LoopBack), this f unction c onfirms connectivity be tween t wo M P by s ending L BM
(LoopBack Message) from source MEP and answering LBR (LoopBack Reply) by destination MP.
Source MEP sends LBM to MP for fault acknowledgement; the MP receives LBR and sends a LBR
to source ME P. I f the source ME P can receive LBR, the pa th is connective; if sou rce ME P cant
receive LBR, the path is not connective.
Fault location function
Using LT, this function sends LTM (LinkTrace Message) to destination MP by source MEP, each MP
device on LTM transmitting path will answer LTR ( LinkTrace Reply) to source MEP, and then the
efficient LTR and LTM fault location point can be recorded.
Alarm indication signal function (AIS, Alarm Indication Signal)
This function is used to stop alarm when detected fault at server layer (sub-layer). MEP (including
server MEP) sends AIS frame to client MD when detected fault. ETH-AIS frame is transmitted on
MEP (or server MEP). When receiving AIS frame, it doesnt contain peer MEP information of fault,
the M EP m ust inhi bit a ll pe er M EP tr ap regardless of the c onnectivity s tatus. It can inhibit c lient
alarm information through AIS function to make the network easier to manage and maintain when
server layer has fault.
Ethernet signal lock function (LCK, Lock)
This function is used to notify management lock for server layer (sub-layer) MEP and the followed
data s ervice traffic ha lt. The s ervice traffic is sent for MEP expected to receive traffic. Then MEP
receives ETH-LCK frame can identify it is fault or management lock of server layer MEP. Lock is
OAM f unction a ccording t o r equirement, a t ypical a pplication of M EP l ock i s w hen pe rforming
diagnostic test when service halts.
Anyway, CFM implements end-to-end service OAM technology, reducing service provider operation
cost and improve competion.
10.3.1.2
Preconditions
Finish below tasks before configuring CFM:
Connect i nterface a nd configure physical pa rameters f or i t, the i nterface i s Up at physical
layer
Create VLAN
Add interface into VLAN
10.3.2
Default value
235
www.raisecom.com
10.3.3
User Manual
Function
Default value
Disable
Enable
MD status
Not exist
Up
100min
100min
Not transmit
Passive
10s
Ineffective
Disable
Disable
100min
Disable
1s
Enable
Disable
Enable CFM
Please configure CFM for the device as below.
Note: CFM fault detection and location function cannot take effect unless enabling CFM function on
the device.
Step
Configuration
Description
Raisecom#config
236
www.raisecom.com
10.3.4
User Manual
Step
Configuration
Description
Raisecom(config)#ethernet cfm
enable
Raisecom(config)#interface port
port-id
Raisecom(config-port)#ethernet
cfm enable
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet cfm
domain [ md-name
domain-name ] level level
Raisecom(config)#service cisid
level level
www.raisecom.com
10.3.5
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet cfm
remote mep age-time minutes
Raisecom(config)#ethernet cfm errors (Optional) Configure hold time for e rror C CM p ackets.
archive-hold-time minutes
The device saves all fault information of MEP.
By de fault, hol d t ime f or error C CM packets i s 100
minutes. New h old time configured by the s ystem w ill
check data i n database once; the data will be cl eared
immediately if it is over time.
Raisecom(config-service)#service cc
interval { 1 | 10 | 60 | 600 | 3ms | 10ms
| 100ms }
Raisecom(config-service)#service cc
enable mep { mepid-list | all }
Raisecom(config-service)#service
remote-mep mep-list [ port port-id ]
Raisecom(config-service)#service
remote-mep learning active
10
Raisecom(config-service)#service
remote-mep cc-check enable
Raisecom(config-service)#service
cvlan vlan-id
www.raisecom.com
User Manual
Step
Configuration
11
Raisecom(config-service)#service
priority priority
Description
(Optional) Configure CFM OAM packets priority.
After configuring packets priority, all CCM, LBM, LTM,
DMM sent by MEP use assigned priority.
By default, packet priority is 6.
12
Raisecom(config-service)#snmp-server
trap cfm { all | ccmerr | macremerr |
none | remerr | xcon } mep { all |
mep-list }
10.3.6
Configuration
Description
Raisecom#config
Raisecom(config)#service cisid
level level
Raisecom(config-service)#ping
{ mac-address | mep rmep-id }
[ count count ] [ size size ]
[ source mep-id ]
Note:
Make s ure gl obal C FM f unction e nable be fore executing t his c ommand, ot herwise t he
command will be executed unsuccessfully;
If there is no MEP configured in service instance, ping unsuccessfully because of fail to find
source MEP;
If assigned source MEP is invalid, ping unsuccessfully. For example, assigned source MEP is
not existing or CFM of the source MEP interface is disabled;
If assigning destination MEPID to perform ping operation, ping unsuccessfully when fail to
find destination MEP MAC address according to MEPID;
Operation will f ail if ot her us ers a re us ing t he a ssigned s ource M EP t o pe rform ping
operation.
239
www.raisecom.com
10.3.7
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet cfm
traceroute cache enable
Raisecom(config)#ethernet cfm
traceroute cache hold-time minutes
Raisecom(config)#ethernet cfm
traceroute cache size size
Raisecom(config-service)#traceroute
{ mac-address | mep mep-id } [ ttl
ttl ] [ source mep-id ]
Note:
Make s ure gl obal C FM f unction e nable be fore executing t his c ommand, ot herwise t he
command will be executed unsuccessfully;
If there is no MEP configured in service instance, Traceroute unsuccessfully because of fail to
find source MEP;
If the assigned source MEP is invalid, Traceroute will fail. For example, assigned source
MEP is not existing or CFM of the source MEP interface is disabled;
If a ssigning de stination MEPID to pe rform Traceroute operation, Traceroute unsuccessfully
when fail to find destination MEP MAC address according to MEPID;
If C C f unction i s not e ffective, configure static re mote ME P a nd a ssigne M AC a ddress t o
ensure layer-2 traceroute operating successfully;
Operation will f ail if other users a re using the a ssigned source MEP to perform Traceroute
operation.
240
www.raisecom.com
10.3.8
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#service cisid
level level
Raisecom(config-service)#service
ais enable
Raisecom(config-service)#service
ais period { 1 | 60 }
Raisecom(config-service)#service
ais level level
10.3.9
Step
Configuration
Description
Raisecom#config
Raisecom(config-service)#service
suppress-alarms enable mep { all |
mep-list }
Configuration
Description
Raisecom#config
Raisecom(config)#service cisid
level level
Raisecom(config-service)#service
lck start mep { all | mep-list }
Raisecom(config-service)#service
lck period { 1 | 60 }
Raisecom(config-service)#service
lck level level
241
www.raisecom.com
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#service cisid
level level
Raisecom(config-service)#service
suppress-alarms enable mep
{ all | mep-list }
Configuration
Description
10.4
SLA
10.4.1
10.4.1.1
Networking situation
Carrier and customer sign SLA protocol to guarantee users can enjoy certain quality network service.
To perform SLA protocol effectively, carrier needs to deploy SLA feature test performance on device
and the test result is evidence to ensure users performance.
SLA feature chooses two testing node, configure SLA operation on one node and schedule executing
242
www.raisecom.com
User Manual
10.4.1.2
Preconditions
Finish the below task before configuring SLA:
Deploy CFM between the tested devices.
10.4.2
10.4.3
Function
Default value
Disable
0 level
1s
10
forever
20s
Configuration
Description
Raisecom#config
243
www.raisecom.com
User Manual
Step
Configuration
Description
Note:
After c onfiguring basic information for on e o peration ( differed by ope ration I D), i t i s no t
allowed to modify or configure again. That is to say, delete the operation at first if user wants
to configure it again.
SLA supports a t m ost 100 operations s chedule a t one time up t o 100 pi eces, b ut w ait a
schedule to finish (reach schedule life time or stop schedule) before schedule again or modify
schedule information.
10.4.4
10.4.5
Step
Configuration
Description
Raisecom#config
Raisecom(config)#sla schedule
oper-num [ life { forever |
life-time } ] [ period period ]
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
www.raisecom.com
User Manual
10.5
E-LMI
10.5.1
10.5.1.1
Networking situation
By E -LMI, PE can s end t he m apping i nformation from VLAN to EVC to CE and achieve t he
automatic configuration function of CE d evice. This not onl y reduces the work of t he business
establishment, but also the coordination work between service providers and enterprise users. As a
result, enterprise users neednt to know the configuration of CE devices; service provider will take
the integrateconfiguration and management which reduces the risk of human errors.
Cooperating w ith O AM pr otocol ( such a s C FM pr otocol), E -LMI can give f eedback of the EV C
status inf ormation in service pr ovider ne twork t o C E de vice timely. Once the E VC f ails, PE will
notify the CE device to access side route for switching.
10.5.1.2
Preconditions
Finish the following tasks before configuring E-LMI:
Connect interface and configure the interface physical pa rameters, make the physical l ayer
status of interface Up;
Configure the physical layrer interface between PE and CE for Trunk mode.
Configure CFM between PE devices.
10.5.2
Default value
Enable
Disable
pe
Close
asyn
10s
15s
Enable
Value of N391counter
360
Value of N393counter
245
www.raisecom.com
10.5.3
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet lmi
enable
Raisecom(config)#ethernet lmi
trap { enable | disable }
Raisecom(config)#ethernet lmi pe
Raisecom(config)#interface port
port-id
Raisecom(config-port)#ethernet
lmi enable
Raisecom(config-port)#ethernet
lmi t392 enable
Raisecom(config-port)#ethernet
lmi t392 value
Raisecom(config-port)#ethernet
lmi n393 value
Configure EVC
Step
Configuration
Description
Raisecom#config
Raisecom(config-evc)#oam-protoco
l cfm svlan vlan-id level level
246
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config-evc)#uni count
number
Configure UNI
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface port
port-id
Raisecom(config-port)#ethernet lmi
uni uni-id
Raisecom(config-port)#ethernet lmi
uni { bundling | all-to-one-bundling |
service-multiplexing }
Raisecom(config-port)#ethernet lmi
evc evc-number
Raisecom(config-port)#ethernet lmi
ce-vlan map { vlan-list | untagged |
all } evc evc-number
247
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config-port)#ethernet lmi
default-evc evc-number
Raisecom(config-port)#ethernet lmi
evc-notify { asyn | full }
10.5.4
Step
Configuration
Description
Raisecom#config
Raisecom(config)#ethernet lmi ce
www.raisecom.com
10.5.5
User Manual
Check configuration
Check the result by the commands below after configuration:
10.6
No.
Item
Description
Maintenance
User can maintain OAM features by the below commands.
Command
Description
10.7
Configuring applications
10.7.1
Application of EFM
10.7.1.1
Networking requirement
As the Figure 10-5 s hows be low, de ploy E FM f eature on de vice t o i mprove E thernet l ink
management and maintenance capa bility be tween Switch A and Switch B. Switch A is active end,
Switch B is passive end. Deploy OAM event trap function on Switch A.
249
www.raisecom.com
User Manual
10.7.1.2
Configuration steps
Configure active end Switch A.
Raisecom#hostname Switch A
SwitchA#config
SwitchA(config)#interface port 1
SwitchA(config-port)#oam active
SwitchA(config-port)#oam enable
SwitchA(config-port)#oam event trap enable
SwitchA(config-port)#oam peer event trap enable
10.7.1.3
Show result
Show EFM configuration on Switch A by the command of show oam.
SwitchA#show oam port-list 1
Port:port1
Mode:Active
Administrate state:
Operation state:
Enable
Disable
1518
Send period:
1000 ms
Link timeout :
5s
Config revision:
Supported functions:
Show OAM event larm configuration on Switch A by the command of show oam trap.
SwitchA#show oam trap port-list 1
Port:
port1
Event trap:
Enable
Enable
0
250
www.raisecom.com
User Manual
Lost trap timestamp:
10.7.2
10.7.2.1
Application of CFM
Networking requirement
As t he Figure 10-6 shows b elow, users communicate w ith server through t he ne twork bui ldup by
Switch A, Switch B a nd Switch C. To make E thernet l ink between server and user ge t
telecommunication service l evel, user can deploy C FM f eature on Switch device t o realize act ive
fault detection, acknowledgement and location. Switch A and Switch C are MEP, Switch B is M IP,
detecting Ethernet fault from Switch A Port 1 to Switch C Port 2, maintenance domain level is 3.
10.7.2.2
Configuration steps
Configure interface adding into VLAN.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#create vlan 100 active
SwitchA(config)#interface port 1
SwitchA(config-port)#switchport access vlan 100
SwitchA(config-port)#exit
SwitchA(config)#interface port 2
SwitchA(config-port)#switchport mode trunk
SwitchA(config-port)#exit
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
251
www.raisecom.com
User Manual
SwitchB(config)#interface port 2
SwitchB(config-port)#switchport mode trunk
SwitchB(config-port)#exit
Configure Switch C.
Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#create vlan 100 active
SwitchC(config)#interface port 2
SwitchC(config-port)#switch access vlan 100
SwitchC(config-port)#exit
SwitchC(config)#interface port 1
SwitchC(config-port)#switchport mode trunk
SwitchC(config-port)#exit
Configure Switch B.
SwitchB(config)#ethernet cfm domain level 3
SwitchB(config)#service ma1 level 3
SwitchB(config-service)#service vlan-list 100
SwitchB(config-service)#exit
SwitchB(config)#ethernet cfm enable
Configure Switch C.
SwitchC(config)#ethernet cfm domain level 3
SwitchC(config)#service ma1 level 3
SwitchC(config-service)#service vlan-list 100
SwitchC(config-service)#service mep up mpid 302 port 2
SwitchC(config-service)#service remote mep 301
SwitchC(config-service)#service cc enable mep all
SwitchC(config-service)#exit
252
www.raisecom.com
User Manual
SwitchC(config)#ethernet cfm enable
Ingress/EgressPort
IsForwarded
RelayAction
NextHop
----------------------------------------------------------------------------------
10.7.2.3
000E.5E00.0003
2/1
Yes
rlyFdb
000E.5E00.0003
000E.5E00.0003
1/2
Yes
rlyFdb
000E.5E00.0001
!3
000E.5E00.0001
1/-
No
rlyHit
000E.5E00.0002
Show result
Show CFM configuration on Switch by the command of show ethernet cfm.
Take Switch A for example:
SwitchA#show ethernet cfm
Global CFM Admin Status: enable
Port CFM Enabled Portlist: P:1-28
PC:1-3
253
www.raisecom.com
10.7.3
10.7.3.1
User Manual
Application of SLA
Networking requirement
As the Figure 10-7 shows b elow, users com municate with server through t he ne twork bui ldup by
Switch A, Switch B and Switch C, deploying CFM on Switch to make Ethernet link between server
and user get telecommunication service level. C arrier deploys SLA feature on Switch A and
schedules execution periodically, then it is able to detect network performance between Switch A and
Switch C.
Switch A performs layer-2 delay test to Switch C. Configure y1731-echo on Switch A, operation ID
is 2, remote MEP is 2, MD level is 3, VLAN-ID is 100, service level is 0. Schedule life period is 20
seconds, testing period is 10 seconds.
10.7.3.2
Configuration steps
Configure CFM on Switch device.
Refer to Configure CFM Application for details.
Configure y1731-echo on Switch A and enable the operation schedule.
SwitchA#config
SwitchA(config)#sla 2 y1731-echo remote-mep 302 level 3 svlan 100 cos 0
SwitchA(config)#sla schedule 2 life 20 period 10
10.7.3.3
Show result
Show SLA configuration on Switch A by the command of show sla configuration.
Raisecom(config)#show sla 2 configuration
-----------------------------------------------------------------------Operation <2>:
Type:
Y1731-ECHO
Frame type:
Schedule Starttime:
Loopback
0
days, 00:00:00
-----------------------------------------------------------------------254
www.raisecom.com
User Manual
Cos:
100
MD Level:
302
Timeout(sec):
10.7.4
10.7.4.1
Schedule Life(sec):
20
Schedule Period(sec):
10
Schedule Status:
Completed!
10.7.4.2
Configuration steps
Configure PE device interface adding VLAN.
Configure PE A.
Raisecom#hostname PEA
PEA#config
PEA(config)#create vlan 100 active
PEA(config)#interface port 1
PEA(config-port)#switchport mode trunk
PEA(config-port)#exit
PEA(config)#interface port 2
PEA(config-port)#switchport mode trunk
PEA(config-port)#exit
Configure PE B.
Raisecom#hostname PEB
PEB#config
PEB(config)#create vlan 100 active
255
www.raisecom.com
User Manual
PEB(config)#interface port 1
PEB(config-port)#switchport mode trunk
PEB(config-port)#exit
PEB(config)#interface port 2
PEB(config-port)#switchport mode trunk
PEB(config-port)#exit
Configure PE B.
PEB(config)#ethernet cfm domain level 3
PEB(config)#service ma1 level 3
PEB(config-service)#service vlan-list 100
PEB(config-service)#service mep up mpid 302 port 2
PEB(config-service)#service remote-mep 301
PEB(config-service)#service cc enable mep all
PEB(config-service)#exit
PEB(config)#ethernet cfm enable
Configure PE B.
PEB(config)#ethernet lmi enable
256
www.raisecom.com
User Manual
PEB(config)#ethernet lmi pe
PEB(config)#ethernet lmi evc 1 evc1
PEB(config-evc)#oam-protocol cfm svlan 100 level 3
PEB(config-evc)#exit
PEB(config)#interface port 2
PEB(config-port)#ethernet lmi uni uni1
PEB(config-port)#ethernet lmi uni bundling
PEB(config-port)#ethernet lmi evc 1
PEB(config-port)#ethernet lmi ce-vlan map 100 evc 1
PEB(config-port)#exit
Configure CE B.
Raisecom#hostname CEB
CEB#config
CEB(config)#ethernet lmi enable
CEB(config)#ethernet lmi ce
10.7.4.3
Show result
Check whether E-LMI configuration is correct on PE device by the command of show ethernet lmi
config port-list port-list.
Take PE A as example.
PEA#show ethernet lmi config port-list 1
E-LMI Global Enable Status:
Enable
TrapEnable:
(default is disabled)
Enable
Mode:
(default is enabled)
PE
(default is PE)
(default is enabled)
64
N393:
Notify Type:
T392 Enable Status:
T392:
4
Aysn
Enable
15s
(default is 4)
(default is Aysn)
(default is enabled)
(default is 15s)
Check whether the VLAN configuration is learnt correctly on CE device by the command of show
257
www.raisecom.com
User Manual
vlan.
Take CE A as example.
CEA#show vlan
Switch Mode: -VLAN
Name
State
--------------------------------------------------------------1
100
Default
VLAN0100
1-6
3
258
www.raisecom.com
User Manual
11.1
Overview
11.1.1
SNMP
SNMP ( Simple N etwork Management P rotocol) i s a dvanced by IETF (Internet E ngineering Task
Force) f or s olving m anagement pr oblem of ne twork de vices i n I nternet. S NMP l ets r emote
management for network devices supporting this protocol through one NMS (Network Management
System) possible, including monitor network status, modify network device configuration, receiving
network event alarm, etc. It is the widest applied network management protocol in TCP/IP network.
259
www.raisecom.com
User Manual
11.1.1.3 MIB
MIB ( Management Information B ase) i s t he c ollection of a ll obj ects managed by N MS. It de fines
attributes for the managed objects:
260
www.raisecom.com
User Manual
Name
Access right
Data type
The device-related statistic contents can be reached by accessing data items. Each proxy has its own
MIB. MIB can be taken as an interface between NMS and Agent, through which NMS can
read/write every managed object in Agent to manage and monitor the device.
MIB store information in a tree structure, its root is on the top, without name. Nodes of the tree are
the managed obj ects, which take a u niquely pa th s tarting f rom r oot ( OID) f or i dentication. S NMP
protocol packets can access network devices by checking the nodes in MIB tree directory.
ISCOM2924GF is in support of standard MIB and Raisecom customized MIB.
11.1.2
KeepAlive
KeepAlive packet is a ki nd of keepAlive mechanism running i n HDLC ( High-Level D ata Link
Control) l ink l ayer pr otocol. The de vice w ill s end a KeepAlive pa cket to c onfirm w hether the
opposite side is online every several seconds so as to realize neighbor detection mechanism.
Trap is the unrequested information sent by the device actively to NMS, used to report some urgent
and important events.
Switch s ends K eepAlive Trap pockers act ively which includes the basic inf ormation of s witch
(device name, device OID, MAC address and IP address). Network management synchronizes device
information by IP t o m ake t he NMS di scover ne twork s egment i n a s hour t ime, i mprove w orking
efficiency and reduce working load of administrators.
11.1.3
RMON
RMON ( Remote Network Monitoring) is a standard stipulated by IETF (Internet Engineering Task
Force) for network data monitoring through different network Agent and NMS.
RMON is achieved based on SNMP architecture, including the network management center and the
Agent running on network devices. On the foundation of SNMP, increase the subnet traffic, statistics,
and analysis to achieve the monitoring to one network segment and the whole network, while SNMP
only c an monitor t he partial inf ormation of a s ingle de vice and it is difficult for i t t o monitor one
network segment.
RMON Ag ent is c ommonly r eferred t o a s the pr obe pr ogram; R MON Probe can take the
communication s ubnet s tatistics a nd pe rformance a nalysis. W henever it finds network f ailure,
RMON Probe can report network management center, and describes the capture information under
unusual ci rcumstances so t hat the ne twork management cent er doesnt ne ed t o pol l the de vice
constantly. Compared with SNMP, RMON can monitor remote de vices more act ively and more
effectively, ne twork a dministrators c an t rack t he ne twork, network segment or de vice m alfunction
more quickly. T his a pproach r educes t he data traffics be tween network m anagement cent er and
Agent, makes it pos sible to manage l arge ne tworks simply and pow erfully, and m akes up the
limitations of SNMP in growing distributed Internet.
RMON Probe data collection methods:
Distributed RMON. N etwork management center obtains ne twork management information
and controls network resources directly from RMON Probe through dedicated RMON Probe
collection data.
261
www.raisecom.com
User Manual
Embedded RMON. Embed RMON Agent directly to network devices (such as switches) to
make the m w ith RMON Probe f unction. N etwork m anagement c enter will collect network
management i nformation through the basic operation of SNMP and the exchange data
information of RMON Agent.
Our d evices a re e mbedded RMON. S hown i n F igure 1 1-2, t he de vice i mplements R MON Agent
function. Through this function, the management station can obtain the overall traffic, error statistics
and performance statistics information of this network segment connected to the managed network
device interface so as to achieve the monitoring to one segment.
11.1.4
Cluster management
Cluster management protocol is used to manage a set of switch e quipment to provide users a ne w
management method.
Users can set up a cl uster by master s witch so as to achieve the centralized management and
configuration to multiple devices added to the cluster. The main switch is called command device,
the other managed switches are member devices. Command device has a public IP address, while the
member devices do not set the IP address; the management and maintenance of member devices are
often achieved by command device redirection.
The c luster m anagement c an r educe t he w orkload of e ngineering a nd m aintenance, and also save
public IP address resources. Administrators only need to configure public IP address on one device to
achieve the management and maintenance of all cluster equipment without logging into each device
for configuration.
The benefits of c luster management are beyond doubt. H owever, when using cluster management,
different manufacturers ha ve di fferent i mplementations on t he c luster pr ogram, g enerally us ing
262
www.raisecom.com
User Manual
proprietary pr otocols, c luster, w hich shows t hat the c luster m anagement t echnology ha s i ts
limitations
11.1.4.1
Cluster role
According to the different position and function of switches, the cluster has different roles. User can
configure to specify the role of switch. The cluster role can be command device, member device and
candidate device.
Command device (Commander): also known as management device, used to assign public IP
address t o provide m anagement i nterface f or al l s witch in the c luster. C ommand de vice
manages m ember de vice by command redirection: n etwork m anagement s ystem s ends
commands t o t he c ommand de vice for pr ocessing via t he publ ic ne twork. The c ommand
device will f orward c ommands t o m ember de vice i f i t f inds t he c ommands s hould b e
executed on member device. Command device can discover neighbor information, collect the
entire network topology, manage cluster, maintain cluster state, and support a variety of agent
functions.
Member device (Member): members in cluster, generally do not configure public IP address.
User manages member devices by commands redirection via the command device. Member
device can discover neighbor information, accept command device management, equipment,
execute t he c ommands from command device, and report fault/log. M ember device can b e
managed through network management system or Telnet mode directly on c ommand device
after activating.
Candidate device (Candidate): ha s not joi ned any c lusters but s till ha s c luster a bility to
become a cl uster m ember s witch. The di fference from member de vice i s the t opology
information of candidate device has already collected by command device but not yet joined
the c luster. When adding a candidate device to the cluster, the de vice will be come member
device; w hen r emoving a member device from the cluster, t he device will recover to
candidate device again.
www.raisecom.com
User Manual
device can form a cluster. The device not joined cluster but still had cluster ability is candidate
device.
11.1.4.2
11.1.5
LLDP
As the growing of network scale and the i ncreasing of network devices, ne twork t opology is
becoming m ore c omplex a nd network m anagement is become pa rticularly i mportant. T o t rack
changes i n network t opology information, m any ne twork management s oftware has a dopted the
"automatic di scovery" f unction, but m ost ne twork m anagement s oftware only can analyze t he
network layer topology without determining by which i nterface other devices connected t o other
devices.
LLDP ( Link Layer D iscovery P rotocol) is a link la yer di scovery pr otocol de fined by t he I EEE
802.1AB. Network m anagement s ystem c an m aster l ayer-2 network t opology a nd t he c hanges
quickly by the protocol.
LLDP or ganizes the l ocal device i nformation to di fferent T LV ( Type Length V alue uni t), a nd
encapsulates t hem in LLDPDU ( Link Layer D iscovery P rotocol Data U nit) to s end to directconnected neighbors. Meanwhile, LLDP will save the information from neighbors with the standard
MIB ( Management Information Base) f or m anagement s ystem to inquiry and judge links
communication status.
11.1.5.1
Basic concept
LLDP messages: Ethernet messages encapsulated LLDPDU in data unit.
LLDPDU: da ta uni t of LLDP message. Before the c omposition of L LDPDU, the de vice w ill
264
www.raisecom.com
User Manual
encapsulate local information to TLV, and a number of TLV will combine into one LLDPDU, which
encapsulated in the Ethernet data part will be transmitted.
Shown in Figure 11-4, LLDPDU is formed by a number of TLV, which contains four mandatory TLV
and a number of optional TLV.
11.1.5.2
TLV type
Description
Compulsory or not
Compulsory
Compulsory
Compulsory
Compulsory
Optional
System Name
Optional
System Description
Optional
Optional
Management Address
Optional
www.raisecom.com
User Manual
from l ocal de vice t o oppo site de vice (or se nd LLDP messages w hen there i s cha nge in local
information) to notify the link state to opposite device.
The data traffic is as follows:
When sending, the de vice obtains system information r equired by the selected TLV, and
obtains configuration information from LLDP MIB, generates TLV, constitutes LLDPDU,
encapsulates to LLDP messages and sends them to opposite device.
After r eceiving LLDP messages, oppos ite de vice w ill a nalyze a ll the T LV information. If
there i s c hange, t he oppos ite de vice w ill upda te t he i nformation to LLDP neighbors M IB
table and inform NMS.
The aging time TTL (Time to live) of local device information in the neighbor node can be adjusted
by modifying t he pa rameter v alues of aging coefficient, s ends LLDP m essages t o ne ighbor node ,
after r eceiving LLDP messages, ne ighbor no de will adjust the a ging time of its neighbor n odes
(sending side) information. Aging time formula, TTL = Min {65535, (interval hold-multiplier)}:
Interval indicates the time period to send LLDP messages from neighbor node.
Hold-multiplier refers to the aging coefficient of device information in neighbor node.
11.1.6
11.1.7
System Log
System Log means the device records system information and debug information, etc. in the form of
log and outputs them to assigned destination. When the device has fault, the system log will take it
easy for user to check and locate fault.
System information and some debug outputs of ISCOM2924GF will be sent to system log. System
log s ends the i nformation t o di fferent de stination a ccording t o us er c onfiguration. The system log
destinations are as below:
Console: output log information to local Console through Console interface
Log host: output log information to log host in log file format
Monitor: output log information to monitor, such as Telnet terminal
File: output log information to device Flash in log file format
Buffer: output log information to buffer
Format of system log:
266
www.raisecom.com
User Manual
timestamp
FEB-22-2005 06:46:20
FEB-22-2005 06:45:56
CONFIG-6-LINK_U:port 2 Link UP
01
10:22:15
ISCOM2924GF:
ISCOM2924GF:
The system log information can be divided into eight levels according to the order of severity, as the
Table 11-2 shows:
Information levels:
Severity level
Level
Description
emergencies
alerts
critical
criticalstatus
errors
Error status
warnings
Alarm status
notifications
informational
Notification event
debugging
Debug information
Note: The severity level of output information can be set manually. According to the severity level, it
only outputs low level or the same level configuration information with severity level. For example,
configure i nformation out put f or s pecified level 3 (or a ssign the severity l evel e rrors di rectly); t he
level is 0 to 3, i.e. the information with severity level of emergencies ~ errors can be output.
11.1.8
Alarm management
Alarm means when the device has fault or some working condition changes, the system will generate
alarm information according to different fault types and different alarm sources.
Alarm information is used to report some of the urgent and important event and notify them to the
network administrator promptly, which provides strong support for monitoring device operation and
fault diagnosis.
Alarm information is stored in the alarm buffer, and at the same time generated to log information. If
configuring network management system, the alarm information will be sent to network management
267
www.raisecom.com
User Manual
system through SNMP (Simple Network Management Protocol). The information sent to the network
management system is called Trap information.
11.1.8.1
11.1.8.2
Description
Index
Alarm index
268
www.raisecom.com
11.1.8.3
User Manual
Field
Description
TimeStamp
Alarm time
HostName
ModuleName
Severity
name
Alarm name
Alarm description
Description
Corresponding Syslog
Critical (3)
1 (Alert)
Major (4)
Minor (5)
3 (Error)
Warning (6)
This alarm will not affect the current service, but maybe
the potential error will affect the service, so it can be
considered as needing to take measures.
4 (Warning)
Indeterminate (2)
5 (Notice)
Cleared (1)
5 (Notice)
11.1.8.4
(Critical)
Alarm-related concepts
Introduction of alarm related concepts:
Alarm suppression
The device only records root-cause alarm, but not incidental alarm when enabling alarm suppression.
For example, the generation of alarm A will inevitably produce alarm B, then alarm B is suppressed
and doe snt appe ar i n alarm buffer and r ecord l og information when e nabling a larm s uppression.
Enabling alarm suppression can reduce the number of alarms effectively.
269
www.raisecom.com
User Manual
The root-cause alarm and all other incidental alarms will be recorded on device when disabling alarm
suppression.
Alarm Auto-reporting
Auto-reporting refers to the a larm w ill be r eported t o network m anagement s ystem automatically
with i ts ge neration a nd ne ednt initiate inqui ries or s ynchronization. User can set auto-reporting
function to a larms generated f rom s ome property module ( alarm source), s ome interface ( alarm
source), and the specified property module in the specified interface.
Note: Alarm S ource: refers t o the alarm entities ge nerated related alarms, such as i nterface, alarm
module (in support of alarm features) and so on.
Alarm monitoring
Alarm monitoring is used to deal with each module alarms:
The alarm module will receive alarms generated by each module when enabling alarm
monitoring function, and deal with them according to the configuration of alarm module,
such as record alarm in alarm buffer, and record system logs, etc;
The a larm m odule w ill di scard t he a larm ge nerated by t he m odule without follow-up
treatment when disabling alarm monitoring function and the alarms will not be recorded
on the device.
User can take alarm monitoring to some property module, some interface or the specified property
module in the specified interface.
Alarm reverse mode
Alarm reverse refers t o the de vice will r eport t he i nformation oppos ite t o a ctual s tatus w hen
recording alarm information, or report the a larm when there is no alarm inf ormation. Not r eport if
there is alarm information.
Currently, t he de vice is only in support of reverse mode configuration of the i nterface. There a re
three reverse modes to be set; the specific definitions are as follows:
No reverse mode
Device alarm is reported normally.
Manual reverse mode
Set the alarm reverse mode of an interface as manual reverse mode, then no matter what the current
alarm state is, the reported alarm state of the interface will be changed opposite to the actual alarm
state i mmediately, that is to say, not report when there are alarms, report when there arent alarms
actually. The interface will maintain the oppos ite alarm state regardless of the alarm state cha nges
before the alarm reverse state being restored to non-reverse mode.
Auto-reverse mode
Set the alarm re verse mode as aut o-reverse m ode. If t he i nterface hasnt actual r everse al arm
currently, the setting will return fail; if the interface has actual reverse alarm, the setting is success
and enter reverse m ode, i.e. t he i nterface r eported alarm s tatus is changed oppos ite t o t he actual
alarm s tatus immediately. After t he al arm is f inished, t he e nabling s tate of interface alarm reverse
will e nds automatically and cha nges to no n-reverse al arm mode so that t he al arm s tate can be
reported normally in next alarm.
Alarm delay
Alarm delay refers to the device will record alarms and report alarms to NMS after a delay time but
not immediately when alarms generate. Both recording delay time and reporting delay time are the
270
www.raisecom.com
User Manual
same.
By default, the device alarm is reported once generating (0s), which is instant reporting; clear alarm
once it ends (0s), which is instant clearing.
Alarm storage mode
Alarm storage mode refers t o how t o record new ge nerated alarms w hen the a larm buf fer i s f ull.
There are two ways:
Stop: stop mode, when the alarm buffer is full, new generated alarms will be discarded
without recording.
Loop: wrapping mode, when the alarm buffer is full, the new generated al arms will
replace old alarm information and take rolling records.
Use configured storage m ode t o deal with new generated alarm information w hen the al arm
information in device alarm table is full.
Alarm clear
Clear the current alarm, which i s delete the current alarm from current alarm table. T he cleared
alarms will enter history alarm table.
Check alarm
Administrators can check alarms directly on t he device, monitor alarm information. If the device is
configured network management system, they can monitor on the network management system.
11.1.9
11.1.9.1
Alarm event
Power monitoring alarm
There are two power status alarms specifically:
Abnormal supply voltage alarm
The al arm ge nerates w hen the p ower v oltage is ov er or be low 20% of t he predetermined v oltage
value 12V , on the contrary, alarm will also generates when voltage restore the no rmal value. This
alarm event is in support of recording hardware monitoring alarm table, Trap and Syslog output.
Power state change alarm
271
www.raisecom.com
User Manual
Power state change refers to the power present changes to power absent, or power absent changes to
power present state. ISCOM2924GF device is in support of dual power supplies, so the power state
change alarm can be divides into one power state of two powers changes and device power-down.
One power state of dual powers changes: the alarm e vent will inform user the state of
power 1/2 changes, which is in support of recording hardware monitoring alarm table,
Trap and Syslog output.
Device power-down: Both powers are down, that is to say, both powers are changed to
absent state, which is only support of Syslog output.
Temperature beyond threshold alarm
The device is in support of temperature beyond threshold alarm event, when the current temperature
is lower than low temperature threshold, the low temperature alarm event will generate, which is in
support of recording hardware monitoring alarm table, Trap and Syslog output.
When the device current temperature is higher than high temperature threshold, the high temperature
alarm e vent w ill ge nerate, w hich i s a lso i n support of recording ha rdware monitoring a larm t able,
Trap and Syslog output.
Voltage beyond threshold alarm
The device is in support of voltage beyond threshold alarm event, when the current voltage is lower
than low v oltage threshold, the low v oltage a larm e vent w ill ge nerate, w hich is in support of
recording hardware monitoring alarm table, Trap and Syslog output.
When the device current voltage is higher than high voltage threshold, the high voltage alarm event
will ge nerate, w hich i s a lso i n support of r ecording h ardware m onitoring a larm t able, T rap a nd
Syslog output.
Note: the device only monitor 3.3V master chip voltage.
Interface status alarm
Each interface has three alarm events:
Interface link-fault alarm: link failure alarm refers to the peer link signal loss. The alarm
event only aims at optical port, but not power port.
Interface link-down alarm: interface status Down alarm.
Interface not-forwarding alarm: The interface will change to non-forwarding state under
all VLAN.
All three alarm events are in support of recording hardware monitoring alarm table, Trap and Syslog
output.
11.1.9.2
www.raisecom.com
User Manual
Trap output
Alarm information is output to network management center in Trap mode.
Trap output has global switch and all monitored alarm events still have their own Trap alarm output
switches. When enabling the global switch and monitored alarm events switches simultaneously, the
alarm will generate Trap output.
The contents of Trap information are shown in Table 11-5.
Table 11-5 Trap description
Field
Description
Alarm status
Alarm source
Timestamp
Syslog output
Record alarm information to Syslog.
Syslog output ha s global s witch and all monitored alarm e vents still ha ve the ir o wn Syslog alarm
output s witches. When e nabling t he gl obal s witch a nd monitored alarm ev ents s witches
simultaneously, the alarm will generate Syslog output.
Syslog contents are shown in Table 11-6.
Table 11-6 Syslog information description
Field
Description
Facility
Severity
Level, Please see table 11-2 for the same system log difined levels.
Mnemonics
Alarm event type, please see table 11-5 for the detailed type deacription.
273
www.raisecom.com
User Manual
Field
Description
Msg-body
11.1.12 Ping
The na me of P ing comes from sonar location operation, us ed t o detect whether the ne twork
connection is normal.
Generally, Ping function is achieved with ICMP echo messages. Firstly, send echo request message
to an address, then the address corresponding device will respond to echo reply message. When echo
request reaches the de stination a ddress, the de vice w ill r eturn echo reply message to t he s ource
274
www.raisecom.com
User Manual
address in an effective time to show the destination is reachable. If not receiving echo reply within
the effective time, the sending end will display timeout, which means the destination is unreachable.
Ping function principle is shown in Figure 11-6.
11.1.13 Traceroute
Same to P ing, Traceroute i s a commonly used maintenance method in network m anagement.
Traceroute function is often used to test the network nodes of messages from sender to destination,
detect whether the network connection is reachable and analyze network fault.
The implementation process of Traceroute is as follows:
First, send a piece of TTL1 sniffer message (UDP port number of message is unavailable to
any application programs in destination side).
TTL deducts 1 when reaching the first hop; because the TTL value is 0, in the first hop, the
device returns an ICMP timeout message, indicating that this message cannot be sent.
The sending host will add 1 to TTL and resend this message.
Because TTL value was reduced to 0 in the second hop, the device will return an ICMP
timeout message, indicating that this message cannot be sent.
The above steps will continue until the messages reach destination host, which will not return ICMP
timeout message. Because the port number of destination host hasnt be used, destination host will
send port unreachable message and finish the test. Thus, the sending host can record the source
address of each ICMP T TL t imeout message, and a nalyze t he pa th t o de stination a ccording t o t he
response message. Traceroute function principle is shown in Figure 11-7.
275
www.raisecom.com
User Manual
11.2
SNMP
11.2.1
11.2.1.1
Networking situation
When us er needs t o l og o n ISCOM2924GF device t hrough N MS, pl ease configure SNMP basic
functions for ISCOM2924GF in advance.
11.2.1.2
Preconditions
Finish below tasks before configuring SNMP:
Configure SNMP interface IP address.
Configure routing pr otocol, a nd m ake s ure r outing be tween ISCOM2924GF and N MS is
available.
11.2.2
Default value
SNMP view
SNMP community
CommunityName ViewName
public
private
Permission
internet
internet
ro
rw
www.raisecom.com
User Manual
Function
Default value
SNMP user
Index
-0
1
GroupName
UserName S ecModel
initialnone
raisecomnone us m
nitial r aisecommd5nopriv us m
2 i nitial r aisecomshanopriv us m
11.2.3
support@Raisecom.com
Trap status
Enable
N/A
Step
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server community
com-name [ view view-name ] { ro | rw }
277
www.raisecom.com
User Manual
Step
Configuration
Description
11.2.4
Configuration
Description
Raisecom#config
www.raisecom.com
11.2.5
User Manual
Step
Configuration
Description
Configuration
Description
Raisecom#config
11.2.6
Configure Trap
Note: Except for target host configuration, Trap configuration of SNMP v1, v2c and v3 are identical.
Trap means the device sends unrequested information to NMS automatically, which is used to report
some critical events.
Finish the following tasks befoce configuring Trap function:
Configure SNMP ba sic function. SNMP v 1 and v2c versions need to configure community
name; SNMP v3 needs to configure username and SNMP view.
Configure routing pr otocol, a nd m ake s ure r outing be tween ISCOM2924GF and N MS is
available.
Please configure SNMP Trap on the device as below.
Step
Configuration
Description
Raisecom#config
279
www.raisecom.com
11.2.7
User Manual
Step
Configuration
Description
Raisecom(config)#interface ip if-number
Raisecom(config)#exit
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom(config)#show snmp
community
11.3
KeepAlive
11.3.1
11.3.1.1
Networking situation
Switch sends KeepAlive packet to make network management discover network segment in a short
time, improve working efficiency and reduce the working load of administrators. User can configure
to e nable or di sable t he K eepAlive t ransmission a nd i ts pe riod. When e nabling KeepAlive T rap
switch, if setting snmp enable traps and layer-3 IP address, switch will send a KeepAlive Trap to all
280
www.raisecom.com
User Manual
11.3.1.2
Preconditions
Configure SNMP interface IP address.
Configure basic function of SNMP: SNMP v1 and v2c versions need to configure community
name; SNMP v3 needs to configure username and SNMP view.
Configure routing pr otocol, a nd m ake s ure r outing be tween ISCOM2924GF and N MS is
available.
11.3.2
11.3.3
Function
Default value
Disable
300s
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server
keepalive-trap enable
Raisecom(config)#snmp-server
keepalive-trap interval period
Note: To avoid multiple de vices s ending KeepAlive Trap in the s ame t ime accor ding to the s ame
period and causing heavy network management load, the real transmission period of KeepAlive Trap
is timed as period+5s random transmission.
11.3.4
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show keepalive
281
www.raisecom.com
User Manual
11.4
RMON
11.4.1
11.4.1.1
Networking situation
RMON can help user monitor network and statistic traffic flow.
RMON is a more efficient monitoring method than SNMP. User just needs to assign alarm threshold,
device over t hreshold w ill s end trap information without variable information, which r educes
communication amount between management device and managed device management and provides
simple and efficient management to network.
11.4.1.2
Preconditions
Link between device and NMS is available.
11.4.2
11.4.3
Function
Default value
Statistics group
Disable
Alarm group
N/A
Event group
N/A
Configuration
Description
Raisecom#config
Raisecom(config)#rmon statistics
{ ip if-number | port-list port-list }
[ owner owner-name ]
Note: When using the command of no rmon statistics to disable interface statistics function, user
cannot continue to obtain the interface statistics, but the interface still can take data statistics.
282
www.raisecom.com
11.4.4
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#rmon history
{ port-list port-list | ip if-number }
[ shortinterval short-period]
[ longinterval long-period] [ buckets
buckets-number ] [ owner owner-name ]
Note: When using the command of no rmon history to disable interface history statistics function,
the interface will not take data statistics and clear all history data collected previously.
11.4.5
11.4.6
Step
Configuration
Description
Raisecom#config
283
www.raisecom.com
11.4.7
User Manual
Step
Configuration
Description
Raisecom#config
Checking configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show rmon
11.5
Cluster management
11.5.1
11.5.1.1
Networking situation
There ar e a l arge number of s witches ne eded t o be managed in l ayer-2 ne twork, bu t t he us able IP
address is limited, cluster management function can use one IP address to manage multiple devices
in one cluster.
11.5.1.2
Preconditions
Finish the following tasks before configuring cluster management function:
The link between command device and member device is available.
Create VLAN.
Add interface to VLAN.
11.5.2
Default value
Disable
284
www.raisecom.com
11.5.3
User Manual
Function
Default value
Enable
Disable
16 jumpers
Disable
128
Disable
0000.0000.0000
11.5.4
Step
Configuration
Description
Raisecom#config
Raisecom(config)#rndp enable
Raisecom(config-port)#rndp enable
Configuration
Description
Raisecom#config
Raisecom(config)#rtdp enable
Raisecom(config)#rtdp
max-hop max-hop
Raisecom(config)#cluster vlan
vlan-id port-list port-list
www.raisecom.com
11.5.5
User Manual
11.5.5.1
11.5.5.2
Step
Configuration
Description
Raisecom#config
Raisecom(config)#cluster
Raisecom(config-cluster)#
max-member max-number
11.5.5.3
Step
Configuration
Description
Raisecom#config
Raisecom(config)#cluster
Raisecom(config-cluster)#member auto-build
[ active user-name password [ all ] ]
Configuration
Description
Raisecom#config
286
www.raisecom.com
11.5.5.4
User Manual
Step
Configuration
Description
Raisecom(config)#cluster
Raisecom(config-cluster)#member
mac-address active [ user-name
password ]
11.5.5.5
Step
Configuration
Description
Raisecom#config
Raisecom(config)#cluster-autoactive
Raisecom(config)#cluster-autoactive
commander-mac mac-address
11.5.6
Step
Configuration
Description
Raisecom#config
Raisecom(config)#cluster
Raisecom(config-cluster)#rcommand
{ hostname [ mac-address ] | mac-address }
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
287
www.raisecom.com
User Manual
No.
Item
Description
Raisecom#show rndp
Raisecom#show rtdp
Raisecom#show cluster
11.6
LLDP
11.6.1
11.6.1.1
Networking situation
When users obtain connection information between devices through NView NNM system for
topology di scovery, the de vices need t o e nable L LDP f unction, not ify their inf ormation to the
neighbors mutually, and store neighbor information to facilitate the NView NNM system queries.
11.6.1.2
Preconditions
N/A
11.6.2
Default value
Disable
Enable
2s
30s
Aging coefficient
Restart timer
2s
Alarm ebable/disable
Enable
5s
288
www.raisecom.com
11.6.3
User Manual
11.6.4
Step
Configuration
Description
Raisecom#config
Raisecom(config)#lldp enable
11.6.5
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface
port port-id
Raisecom(config-port)#lldp
enable
Configuration
Description
Raisecom#config
Raisecom(config)#lldp
message-transmission
interval period
Raisecom(config)#lldp
message-transmission delay
period
Raisecom(config)#lldp
message-transmission
hold-multiplier hold-multiplier
www.raisecom.com
11.6.6
User Manual
Step
Configuration
Description
Raisecom(config)#lldp
restart-delay period
11.6.7
Step
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server
lldp-trap enable
Raisecom(config)#lldp
trap-interval period
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
11.7
11.7.1
11.7.1.1
Networking situation
Fault di agnostics f unction of opt ical m odule pr ovides a detection m ethod to SFP pe rformation
parameters; user can predict t he s ervice l ife of opt ical m odule, isolate s ystem f ault and check its
compatibility during installation through analyzing the monitoring data.
290
www.raisecom.com
11.7.1.2
User Manual
Preconditions
N/A
11.7.2
11.7.3
Function
Default value
Disable
Enable
Disable
Enable
Configuration
Description
Raisecom#config
Raisecom(config)#transceiver
ddm enable
Raisecom(config)#interface port
port-id
Raisecom(config-port)#transceiver
ddm enable
11.7.4
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server
trap transceiver enable
291
www.raisecom.com
11.7.5
User Manual
Step
Configuration
Description
Raisecom(config)#interface port
port-id
Raisecom(config-port)#transceiver
ddm enable
Check configuration
Check the result on the device as below after configuration.
No.
Item
Description
Raisecom#show transceiver
Raisecom#show transceiver
information port-list port-list
Raisecom#show transceiver
threshold-violations port-list port-list
11.8
System log
11.8.1
11.8.1.1
Networking situation
Device will generate the key information, debugging information, error information, etc. to system
log, output a s log file or transmit to log host, Console port or control c onsole to facilitate users to
check and locate the fault.
11.8.1.2
Preconditions
N/A
11.8.2
Default value
292
www.raisecom.com
User Manual
Function
Default value
Enable
Disable
4KB
No limit
11.8.3
Configuration
Description
Raisecom#config
Raisecom(config)#logging on
Raisecom(config)#logging
time-stamp { debug | log }
{ datetime | none | uptime }
Raisecom(config)#logging
rate-limit log-num
Raisecom(config)#logging
sequence-number
www.raisecom.com
11.8.4
User Manual
Step
Configuration
Description
Raisecom(config)#logging
discriminator
distriminator-number { facility |
mnemonics | msg-body } { drops
| includes | none } key
Configuration
Description
Raisecom#config
Raisecom(config)#logging history
294
www.raisecom.com
User Manual
Step
11.8.5
Configuration
Description
Check configuration
Check the result by the commands below after configuration:
11.9
11.9.1
11.9.1.1
No.
Item
Description
Raisecom#show logging
Raisecom#show logging
discriminator
Alarm management
Preparation for configuration
Networking situation
When t he d evice f ails, alarm management m odule will collect fault information and output alarm
occurrence time, alarm name and description information in log format to help users locate problem
quickly.
If the device is configured network management system, alarm information can be reported directly
to the network management system, providing possible alarm causes and treatment recommendations
to help users deal with fault.
Alarm management makes it easy for the user to take alarm suppression, alarm auto-reporting, alarm
monitoring, alarm reverse, alarm delay, alarm memory mode, alarm clear and alarm view directly on
the device.
11.9.1.2
Preconditions
N/A
11.9.2
www.raisecom.com
11.9.3
User Manual
Function
Default value
Alarm suppression
Enable
Alarm monitoring
All enable
Alarm auto-reporting
All auto-reporting
No reverse
0s
Stop mode
Enable
Configuration
Description
Raisecom#config
Raisecom(config)#alarm auto-report
{ module_name [ group_name ] | port-list
port-list [ module_name
[ group_name ] ] } enable
Raisecom(config)#alarm monitor
{ module_name [ group_name ] | port-list
port-list [ module_name
[ group_name ] ] } { enable | disable }
Raisecom(config)#alarm { active |
cleared } delay { delay }
Raisecom(config)#alarm active
storage-mode { loop | stop }
Raisecom(config)#alarm clear
module_name [ group_name ]
296
www.raisecom.com
User Manual
Step
Configuration
Description
10
Raisecom(config)#exit
Note: All modules providing a larm support c an be configured to enable/disable a larm monitoring,
alarm auto-reporting and alarm clear function.
11.9.4
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show alarm
management [ module_name ]
Raisecom#show alarm
management statistics
11.10.1.2
Preconditions
Hardware environment monitoring alarm output:
In Syslog output mode, alarm information will generate system log. When you need to send
alarm information to the system log host, please configure system log host IP address for the
device.
In Trap output mode, please configure network management center IP address for the device.
297
www.raisecom.com
11.10.2
User Manual
Default value
Disable
Disable
11.10.3
60C
20C
3450mV
3150mV
Configuration
Description
Raisecom#config
Raisecom(config)#logging alarm
Raisecom(config)#snmp-server
alarm-trap enable
Note:
When e nabling gl obal ha rdware e nvironment monitoring a larm S yslog out put, a larm e vent
can generate syslog only when Syslog output under alarm event is also enabled.
When e nabling gl obal ha rdware e nvironment monitoring a larm s ending T rap, a larm e vent
can send Trap only when Trap output under alarm event is also enabled.
11.10.4
www.raisecom.com
11.10.5
User Manual
Step
Configuration
Description
Raisecom#config
Raisecom(config)#alarm
power-supply { notifies | syslog }
Configuration
Description
Raisecom#config
Raisecom(config)#alarm
temperature { high high-value |
low low-value | notifies | syslog }
11.10.6
Configuration
Description
Raisecom#config
Raisecom(config)#alarm voltage
{ high high-value | low low-value
| notifies | syslog }
11.10.7
Configuration
Description
Raisecom#config
Raisecom(config)#alarm port
{ link-down | link-fault |
not-forwarding } { notifies |
syslog } port-list port-list
299
www.raisecom.com
11.10.8
User Manual
Configuration
Description
Raisecom#config
Raisecom(config)#clear alarm
11.10.9
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
Raisecom#show alarm
Raisecom#show power-card
www.raisecom.com
11.11.1.2
User Manual
Preconditions
N/A
11.11.2
Step
Configuration
Description
Raisecom#config
Raisecom(config)#fan-monitor temperature-scale
temperature1 temperature2 temperature3
11.11.3
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
11.12.1.2
Preconditions
Finish the following task before configuring CPU monitor:
When the CPU monitor alarm information needs to be output in Trap mode, configure Trap output
target host address on the device, which is IP address of network management center.
301
www.raisecom.com
11.12.2
User Manual
11.12.3
Function
Default value
Disable
100%
1%
60s
11.12.4
Step
Configuration
Description
11.12.5
Step
Configuration
Description
Raisecom#config
Raisecom(config)#snmp-server
traps enable cpu-threshold
Raisecom(config)#cpu
rising-threshold
rising-threshold-value
[ falling-threshold
falling-threshold-value ]
[ interval interval-value ]
Check configuration
Check the result by the commands below after configuration:
No.
Item
Description
302
www.raisecom.com
User Manual
No.
Item
Description
Raisecom#show cpu-utilization
Configuration
Description
Raisecom#show version
Raisecom#show running-config
Raisecom#show clock
Raisecom#show environment
[ power | temperature | voltage ]
Raisecom#show power-card
11.14 Ping
Please configure Ping function on the device as below:
Step
Configuration
Description
Note: The device c annot perform ot her operations in the pr ocess of Ping. It can perform other
operations only when Ping is finished or break off Ping through "ctrl + c".
11.15 Traceroute
Configure the I P address an d default ga teway f or ISCOM2924GF de vice be fore us ing T raceroute
function.
Please configure Traceroute function on the device as below:
Step
Configuration
Description
Raisecom#config
Raisecom(config)#interface ip if-number
303
www.raisecom.com
User Manual
Step
Configuration
Description
Raisecom(config-ip)#exit
Raisecom(config)#ip default-gateway
ip-address
Raisecom(config)#exit
11.16 Maintenance
User can maintain system features by the following commands.
Command
Description
Raisecom(config)#clear lldp
statistic port port-id
Raisecom(config)#clear lldp
remote-table [ port port-id ]
Raisecom(config)#clear rmon
304
www.raisecom.com
11.17.1.2
User Manual
Configuration steps
Configure IP address for Switch.
Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 20.0.0.10 255.255.255.0 1
Raisecom(config-ip)#exit
11.17.1.3
Show result
Check IP address configuration by show interface ip.
Raisecom#show interface ip
IF
Address
NetMask
Source
Catagory
---------------------------------------------------------0
20.0.0.10
255.255.255.0 assigned
primary
1.3.6.1.2.1
Mask:
--
Type:
include
Community Name
View Name
Permission
-----------------------------------------------------------1
private
internet
rw
public
internet
ro
raisecom
mib2
ro
IP family:
IPv4
IP address:
20.0.0.221
305
www.raisecom.com
User Manual
Port:
162
User Name:
raisecom
SNMP Version:
v2c
11.17.2
11.17.2.1
11.17.2.2
Configuration steps
Configure IP address for Switch.
Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 20.0.0.10 255.255.255.0 1
Raisecom(config-ip)#exit
Create gue stgroup a ccess g roup, s ecurity mode i s us msecurity le vel is a uthentication w ithout
encryption, readable view name is mib2.
Raisecom(config)#snmp-server access guestgroup read mib2 usm authnopriv
www.raisecom.com
User Manual
Raisecom(config)#snmp-server enable traps
Raisecom(config)#snmp-server host 20.0.0.221 version 3 authnopriv guestuser1
11.17.2.3
Show result
Check SNMP access group configuration by show snmp access.
Raisecom#show snmp access
Index:
Group:
guestgroup
exact
Read View:
mib2
Write View:
--
Notify View:
internet
Check the mapping relationship configuration between user and access group by show snmp group.
Raisecom#show snmp group
Index
GroupName
UserName
SecModel
----------------------------------------------------------0
initialnone
none
usm
initial
md5nopriv
usm
initial
shanopriv
usm
guestgroup
guestuser1
usm
IP family:
IPv4
IP address:
20.0.0.221
Port:
162
User Name:
guestuser1
SNMP Version:
v3
11.17.3
11.17.3.1
www.raisecom.com
User Manual
11.17.3.2
Configuration steps
Configure IP address for Switch.
Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 192.168.1.2 255.255.255.0 1
Raisecom(config-ip)#exit
11.17.3.3
Show result
Check KeepAlive configuration information by show keepalive.
Raisecom#show keepalive
Keepalive Admin State:Enable
Keepalive trap interval:120s
Keepalive trap count:1
11.17.4
11.17.4.1
308
www.raisecom.com
User Manual
11.17.4.2
Configuration steps
Create e vent w ith index I D 10, us ed t o r ecord a nd s end l og information with description s tring
High-ifOutErrors, the owner of log information is system.
Raisecom#config
Raisecom(config)#rmon event 1 log description High-ifOutErrors owner system
Create a larm i tem w ith i ndex I D 1 0, used t o m onitor M IB variables 1.3.6.1.2.1.2.2.1.20.1, c heck
every 20 seconds, if the variable increases over 15, the Trap alarm is triggered, the owner of alarm
information is also system.
Raisecom(config)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 interval 20 delta rising-threshold 15 1 falling-threshold
0 owner system
11.17.4.3
Show result
Check w hether t here i s e vent gr oup i nformation on t he de vice by t he c ommand of show rmon
alarms.
Raisecom#show rmon alarms
Alarm 10 is active, owned by system
Monitors 1.3.6.1.2.1.2.2.1.20.1 every 20 seconds
Taking delta
Check w hether t here i s a larm gr oup i nformation on t he de vice by the c ommand of show rmon
events.
Raisecom#show rmon events
Event 1 is active, owned by system
Event generated at 0:0:0
Send TRAP when event is fired.
When alarm event is triggered, user can also check related information by alarm management part of
NNM system.
309
www.raisecom.com
11.17.5
11.17.5.1
User Manual
11.17.5.2
Configuration steps
Switch A is command device, take the following configuration on Switch A.
Configure global and interface enabling RNDP function.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#rndp enable
SwitchA(config)#interface range 1-2
SwitchA(config-range)#rndp enable
SwitchA(config-range)#exit
www.raisecom.com
User Manual
SwitchA(config)#cluster-autoactive
Assign itself for command device and start cluster management function.
SwitchA(config)#cluster
Configure to enable RNDP and RTDP function on Switch B, and enable auto-active function, assign
MAC address for auto-active command device.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#rndp enable
SwitchB(config)#interface port 3
SwitchB(config-port)#rndp enable
SwitchB(config-port)#exit
SwitchB(config)#rtdp enable
SwitchB(config)#cluster-autoactive
SwitchB(config)#cluster-autoactive commander-mac 000e.5e03.5318
Configure to enable RNDP and RTDP function on Switch C, and enable auto-active function, assign
MAC address for auto-active command device.
Raisecom#hostname SwitchC
SwitchC#config
SwitchC(config)#rndp enable
SwitchC(config)#interface port 3
SwitchC(config-port)#rndp enable
SwitchC(config-port)#exit
SwitchC(config)#rtdp enable
SwitchC(config)#cluster-autoactive
SwitchC(config)#cluster-autoactive commander-mac 000e.5e03.5318
www.raisecom.com
User Manual
SwitchA(config)#cluster
SwitchA(config-cluster)#rcommand SwitchC
Login: raisecom
Password:
SwitchC>
11.17.5.3
Show result
Check cluster information on Switch A by show cluster.
SwitchA#show cluster
Identity:Commander
Current member number:2
Max member number:128
Operation
State
Hostname
----------------------------------------------------000E.5EBD.5951
Up
Active
SwitchB
000E.5E03.023C Up
Active
SwitchC
Check cluster information on Switch C; please take cluster information on Switch B for reference.
11.17.6
11.17.6.1
312
www.raisecom.com
User Manual
11.17.6.2
Configuration steps
Configure to globally enable LLDP and LLDP alarm.
Configure Switch A.
Raisecom#hostname SwitchA
SwitchA#config
SwitchA(config)#lldp enable
SwitchA(config)#snmp-server lldp-trap enable
Configure Switch B.
Raisecom#hostname SwitchB
SwitchB#config
SwitchB(config)#lldp enable
SwitchB(config)#snmp-server lldp-trap enable
Configure Switch B.
SwitchB(config)#create vlan 1024 active
SwitchB(config)#interface port 1
SwitchB(config-port)#switchport access vlan 1024
313
www.raisecom.com
User Manual
SwitchB(config)#interface ip 1
SwitchB(config-ip)#ip address 10.10.10.2 1024
Configure Switch B.
SwitchB(config)#lldp message-transmission interval 60
SwitchB(config)#lldp message-transmission delay 9
SwitchB(config)#lldp trap-interval 10
11.17.6.3
Show result
Check the local configuration by show lldp local config.
SwitchA#show lldp local config
System configuration:
------------------------------------------------------------------------LLDP enable status:
1-28
LldpMsgTxInterval:
60
(default is 30s)
LldpMsgTxHoldMultiplier:
(default is 4)
LldpReinitDelay:
(default is 2s)
LldpTxDelay:
(default is 2s)
LldpNotificationInterval: 5
LldpNotificationEnable:
(default is 5s)
enable (default is enabled)
LldpNotificationEnable:
enable(default is enabled)
destination-mac:0180.C200.000E
port2
destination-mac:0180.C200.000E
port3
destination-mac:0180.C200.000E
LldpMsgTxInterval:
60
(default is 30s)
LldpMsgTxHoldMultiplier:
(default is 4)
LldpReinitDelay:
(default is 2s)
314
www.raisecom.com
User Manual
LldpTxDelay:
LldpNotificationInterval: 10
LldpNotificationEnable:
(default is 2s)
(default is 5s)
ChassisId
PortId
SysName
MgtAddress
ExpiredTime
------------------------------------------------------------------------port1 000E.5E02.B010
port 1
SwitchB 10.10.10.2
106
ChassisId
PortId
SysName
MgtAddress
ExpiredTime
------------------------------------------------------------------------port1 000E.5E12.F120
port 1
SwitchA 10.10.10.1
106
11.17.7
11.17.7.1
11.17.7.2
Configuration steps
Configure device IP address.
Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 20.0.0.6 255.0.0.0 1
Raisecom(config-ip)#exit
11.17.7.3
Show result
Show system log configuration by the command of show logging.
315
www.raisecom.com
User Manual
Raisecom#show logging
Syslog logging:
enable
Rate-limited:
Logging config:
disable
informational(6)
disable
datetime
none
4kB
Debug level:
low
disable
Status
Level
LoggedMsgs DroppedMsgs
Discriminator
----------------------------------------------------------------------------buffer
disable
console
enable
informational(6)
trap
disable
warnings(4)
file
monitor
disable
informational(6)
warnings(4)
disable
203
0
0
informational(6)
0
0
10
Target Address
Level
Port
Facility
Sent
Drop
Discriminator
----------------------------------------------------------------------------------------------20.0.0.168
warnings(4)
local7
Show device log information typed from PC terminal emulation program interface.
07-01-2008 11:31:28 Local0.Debug 20.0.0.6 JAN
CONFIG-7-CONFIG:USER " raisecom " Run " logging on "
11.17.8
11.17.8.1
01
10:22:15
ISCOM2924GF:
ISCOM2924GF:
ISCOM2924GF:
ISCOM2924GF:
ISCOM2924GF:
01
10:03:35
www.raisecom.com
User Manual
prevent fault.
11.17.8.2
Configuration steps
Configure device IP address.
Raisecom#config
Raisecom(config)#interface ip 0
Raisecom(config-ip)#ip address 20.0.0.6 255.255.255.0 1
Raisecom(config-ip)#exit
11.17.8.3
Show result
Check device sending Trap configuration by show snmp config.
Raisecom#show snmp config
Contact information: support@Raisecom.com
Device location :
enable
800022B603000E5E156789
IP family:
IPv4
IP address:
20.0.0.1
Port:
162
User Name:
public
SNMP Version:
v2c
www.raisecom.com
User Manual
TagList:
Enabled
Logging alarm:
Disabled
Power Supply
Notifies:
Disabled
Syslog:
Enabled
Temperature
High threshold(Celsius):
Low
threshold(Celsius):
Notifies:
Syslog:
50
20
Enabled
Enabled
Voltage
High threshold:
Low
threshold:
Notifies:
Syslog:
3450mV
3150mV
Disabled
Disabled
318
www.raisecom.com
User Manual
Failover
Provide a port association solution, extending link backup range. Transport fault
of upper layer device quickly to downstream device by monitoring upstream link
and synchronize downstream link, then trigger switching between master and
standby device and avoid traffic loss.
Precision Time
ProtocolPTP
Connectivity
Fault
Management
CFM
Link
Aggregation
SyncE
A technology adopts Ethernet link codes recover clock, similar to SDH clock
synchronization quality, SyncE provides frequency synchronization of high
precision. Unlike traditional Ethernet just synchronize data packets at receiving
node, SyncE implements real-time synchronization system for inner clock.
802.1Q in
802.1Q
QinQ is (also called Stacked VLAN or Double VLAN) extended from 802.1Q,
defined by IEEE 802.1ad recommendation. Basic QinQ is a simple layer-2 VPN
tunnel technology, encapsulating outer VLAN Tag for client private packets at
carrier access end, the packets take double VLAN Tag passing through trunk
network (public network). In public network, packets only transmit according to
outer VLAN Tag, the private VLAN Tag are transmitted as data in packets.
Solve communication problem from BTS to BSC for 2G, NodeB to RNC for 3G.
Mobile
Backhaul
Mobile backhaul for 2G focuses on voice service, not request high bandwidth,
implemented by TDM microwave or SDH/PDH device.
In 3G times, lots of data service as HSPA, HSPA+, etc concerning to IP service,
voice is changing to IP as well, namely IP RAN, to solve problem of IP RAN
mobile backhaul is solving whole network backhaul, satisfying both data
backhaul and voice transportation over IP (clock synchronization).
Ethernet Ring
Protection
Switching
ERPS
Ethernet Linear
Protection
Switching
ELPS
319
www.raisecom.com
User Manual
Appendix B Acronym
Numerics
Full Spelling
A
ACL
APS
C
CCM
CFM
CoS
Class of Service
D
DoS
Deny of Service
DRR
DSCP
E
EFM
ELPS
ERPS
EVC
F
FTP
G
GARP
GPS
GSM
GVRP
320
www.raisecom.com
User Manual
IEEE
IETF
IP
Internet Protocol
ITU-T
L
LACP
LBM
LoopBack Message
LBR
LoopBack Reply
LLDP
LLDPDU
LTM
LinkTrace Message
LTR
LinkTrace Reply
M
MA
Maintenance Association
MAC
MD
Maintenance Domain
MEG
MEP
MIB
MIP
MSTI
MSTP
N
NNM
O
OAM
Management
P
PC
Personal Computer
Q
321
www.raisecom.com
User Manual
QoS
Quality of Service
R
RADIUS
RMON
RMEP
RNC
RSTP
S
SFP
SLA
SNMP
SNTP
SP
Strict-Priority
SSHv2
Secure Shell v2
STP
T
TACACS+
TCP
TFTP
TLV
ToS
Type of Service
V
VLAN
W
WRR
322
Address: Building 2, No. 28 of the Shangdi 6th Street, Haidian District, Beijing. Postcode:
100085
Tel: +86-10-82883305
Fax: +86-10-82883056
Email: export@raisecom.com
http://www.raisecom.com