Documente Academic
Documente Profesional
Documente Cultură
Version: 2.8.23.C
ZTE CORPORATION
NO. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright 2011 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided as is, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
I
3.5.3 Setting a Privileged Mode Key .................................................................3-11
3.5.4 Setting Telnet Username and Password....................................................3-11
3.5.5 Setting the System Clock .........................................................................3-11
3.5.6 Setting System Console User Connection Parameters...............................3-11
3.5.7 Setting System Telnet User Connection Parameters ................................. 3-12
3.5.8 Allowing Multiple Users to Configure the System at the Same Time ........... 3-12
3.6 Viewing System Information .............................................................................. 3-13
3.6.1 Viewing Hardware and Software Versions ................................................ 3-13
3.6.2 Viewing the Operating Configuration........................................................ 3-13
3.6.3 System Abnormal Display and Record..................................................... 3-13
3.6.4 Collecting System Information by One Command ..................................... 3-14
3.6.5 Collecting System Fault and Diagnosis Information .................................. 3-15
3.7 Memory Detection ............................................................................................ 3-15
3.7.1 Function Overview.................................................................................. 3-15
3.7.2 Command Description ............................................................................ 3-15
3.7.3 Configuration Examples.......................................................................... 3-17
3.8 Configuring System by One-Command ............................................................. 3-19
3.9 Device Power-off Alarm .................................................................................... 3-20
3.10 Restart on Schedule ....................................................................................... 3-21
3.10.1 Periodical Restart Overview .................................................................. 3-21
3.10.2 Configuring Scheduled Restart ............................................................. 3-21
3.10.3 Periodical Restart Configuration Example .............................................. 3-22
3.11 System Maintenance ...................................................................................... 3-22
3.11.1 System Maintenance Overview.............................................................. 3-22
3.11.2 Configuring System Maintenance Function............................................. 3-22
3.11.3 System Maintenance Configuration Example.......................................... 3-23
II
4.1.10 Configuring Multicast Packet Suppression on an Ethernet Port.................. 4-5
4.1.11 Configuring Illegal Packet Suppression on an Ethernet Port ...................... 4-5
4.1.12 Configuring the Link State Monitoring Mode of an Ethernet Port ................ 4-6
4.1.13 Configuring a Gigabit Optical Port to Support a 1000Base-T Small
Form-factor Pluggable (SFP) Module ....................................................... 4-6
4.1.14 Viewing the Layer 2Interface Operation Status ....................................... 4-6
4.1.15 Displaying Port Information ..................................................................... 4-7
4.1.16 Viewing Queue Statistics ........................................................................ 4-8
4.1.17 Analyzing and Diagnosing Cable Connections.......................................... 4-9
4.1.18 Monitoring Interface Traffic.................................................................... 4-10
4.2 Port Mirroring Configuration .............................................................................. 4-10
4.2.1 Port Mirroring Overview .......................................................................... 4-10
4.2.2 Configuring Port Mirroring ........................................................................4-11
4.2.3 Port Mirroring Configuration Examples..................................................... 4-12
4.3 ERSPAN Configuration ..................................................................................... 4-14
4.3.1 ERSPAN Overview ................................................................................. 4-14
4.3.2 Configuring ERSPAN.............................................................................. 4-14
4.3.3 ERSPAN Configuration Example ............................................................. 4-15
4.4 Loopback Detection Configuration ..................................................................... 4-16
4.4.1 Introduction to Interface Loopback Detection............................................ 4-16
4.4.2 Configuring Interface Loopback Detection................................................ 4-16
4.5 DOM Configuration........................................................................................... 4-18
4.5.1 DOM Function Overview......................................................................... 4-18
4.5.2 Configuring DOM ................................................................................... 4-18
III
5.3.4 MFF Maintenance and Diagnosis .............................................................. 5-8
IV
7.2.10 Configuring Tail-Drop ............................................................................ 7-16
7.2.11 Configuring Traffic Statistics .................................................................. 7-16
7.3 Configuring 802.1p and MPLS EXP Mapping Function ....................................... 7-17
7.3.1 Configuring the Mapping from Multi Protocol Label Switching (MPLS)
EXP to Class of Service (CoS)/DSCP..................................................... 7-17
7.3.2 Configuring the Mapping from CoS to MPLS EXP .................................... 7-18
7.3.3 Viewing EXP Mapping Configuration ....................................................... 7-19
7.3.4 Viewing CoS Mapping Configuration........................................................ 7-19
7.3.5 Enabling MPLS-EXP Mapping on a Port .................................................. 7-20
7.3.6 Enabling CoS Mapping on a Port............................................................. 7-20
7.4 QoS Configuration Examples ............................................................................ 7-21
7.4.1 Typical QoS Configuration Example......................................................... 7-21
7.4.2 Policy Routing Configuration Example ..................................................... 7-22
7.5 QoS Maintenance and Diagnosis ...................................................................... 7-23
7.6 WRED Function ............................................................................................... 7-23
7.6.1 WRED Overview .................................................................................... 7-23
7.6.2 Configuring WRED ................................................................................. 7-24
V
9.3.1 Basic VRRP Configuration Example .......................................................... 9-2
9.3.2 Symmetric VRRP Configuration Example................................................... 9-3
9.4 VRRP Maintenance and Diagnosis...................................................................... 9-4
VI
12.2.7 Configuring the Function of Sending TCN Packets.................................. 12-5
12.2.8 Configuring the Interface Detection Mode .............................................. 12-6
12.2.9 Configuring Link-Hello Packet Parameters ............................................. 12-7
12.3 ZESR/ZESR+ Configuration Examples ............................................................ 12-7
12.3.1 ZESR Configuration Example................................................................ 12-7
12.3.2 ZESR and ZESR+ Hybrid Configuration Example .................................. 12-11
VII
14.4.3 RMON Configuration Examples............................................................14-10
14.5 SysLog Configuration ....................................................................................14-12
14.5.1 SysLog Overview ................................................................................14-12
14.5.2 Configuring SysLog .............................................................................14-12
14.5.3 Syslog Configuration Example..............................................................14-14
14.6 TACACS+ Configuration ................................................................................14-15
14.6.1 TACACS+ Overview ............................................................................14-15
14.6.2 Configuring TACACS+ .........................................................................14-15
14.6.3 TACACS+ Configuration Example ........................................................14-17
VIII
16.4.4 MFF Maintenance and Diagnosis .........................................................16-10
Figures............................................................................................................. I
Tables ............................................................................................................ III
Glossary .........................................................................................................V
IX
X
About This Manual
Purpose
This manual is applicable to ZXR10 5900E series (V2.8.23.C) easy-maintenance MPLS
routing switches (abbreviated throughout this guide as ZXR10 5900E).This includes:
l ZXR10 5916E Easy-Maintenance MPLS Routing Switch
l ZXR10 5928E Easy-Maintenance MPLS Routing Switch
l ZXR10 5928E-FI Easy-Maintenance MPLS Routing Switch
l ZXR10 5952E Easy-Maintenance MPLS Routing Switch
Chapter Summary
Chapter 2, Usage and Operation Describes configuration and command modes and command
line usage.
Chapter 3, System Management Describes in detail system management, the file system, switch
operation and software upgrade procedures.
Chapter 4, Interface Configuration Describes interface configuration for the ZXR10 5900E .
Chapter 5, Network Protocol Describes Internet Protocol (IP) address configuration and ARP
Configuration configuration for the ZXR10 5900E.
Chapter 6, Access Control List Describes the ACL concept, related configuration commands and
(ACL) Configuration configuration examples.
Chapter 7, QoS Configuration Describes the QoS concept, related configuration commands
and configuration examples.
Chapter 8, DHCP Configuration Describes the DHCP concept, related configuration commands
and configuration examples.
Chapter 9, VRRP Configuration Describes the VRRP concept, related configuration commands
and configuration examples.
Chapter 10, DOT1X Configuration Describes the DOT1X concept, related configuration commands
and configuration examples.
Chapter 11, VBAS Configuration Describes the VBAS concept, related configuration commands
and configuration examples.
I
Chapter Summary
Chapter 13, IPTV Configuration Describes the IPTV concept, related configuration commands
and configuration examples.
Chapter 14, Network Describes Network Time Protocol (NTP), Remote Authentication
Management Configuration Dial-In User Service (RADIUS), Simple Network Management
Protocol (SNMP), Remote Monitoring (RMON) and System
Log (SysLog) concepts, related configuration commands and
configuration examples.
Chapter 15, Cluster Management Describes cluster management concepts, related configuration
Configuration commands and configuration examples.
Chapter 17, URPF Configuration Describes the URPF concept, related configuration commands.
Chapter 18, M_Button Function Describes the M_Button functions and mode switch methods.
II
Chapter 1
Safety Instructions
Table of Contents
Safety Introduction .....................................................................................................1-1
Safety Signs ...............................................................................................................1-1
Debug commands affect device performance, which may have serious consequences. So,
use the debug commands with caution. Especially, the debug all command, which opens
all debug processes. Therefore, do not use this command on in-service devices. ZTE
Corporation recommends that ZXR10 5900E series users NOT use the debug commands
while user networks are in the normal state.
ZTE Corporation assumes no responsibility for consequences of violating general
operational safety guidelines.
Caution!
Indicates matters needing attention during configuration.
Note:
Provides enhanced description, hint, tip and so on for ZXR10 5900E series operations.
1-1
1-2
2-1
1. Click Start > Programs > Accessories > Communications > HyperTerminal to start
HyperTerminal.
2. The Location Information dialog box is displayed. See Figure 2-2. Enter the location
information, and click OK.
3. The Connection Description dialog box is displayed. See Figure 2-3. Enter a name
and select an icon for the new connection. Click OK.
2-2
4. Select COM1 or COM2 according to the serial port used in the connection. See Figure
2-4.
2-3
Apply power to and boot the ZXR10 5900E series unit to initialize the system and begin
configuration for operation.
2-4
a. Configure a Virtual Local Area Network (VLAN) and its interfaces Internet Protocol
(IP) address through the console port. For VLAN configuration, refer to ZXR10
5900E Series (V2.8.23.C) Easy-Maintenance MPLS Routing Switch User Manual
(Ethernet Switching).
b. Configure a Telnet login username and password through the console port.
c. Connect the host network port to the ZXR10 5900E devices Ethernet port.
d. Set the network mask of the host IP address to match the VLAN interface so that
the host can ping the IP address of the VLAN interface successfully.
e. Log in to the ZXR10 5900E series unit by running the telnet command on the host.
f. Enter the IP address of the VLAN interface in the Open text field of the Run dialog
box. See Figure 2-6.
2-5
Note:
a. Up to 16 Telnet users can access the ZXR10 5900E series unit simultaneously.
b. Never modify or delete the IP address of the management Ethernet port during
Telnet configuration. If the IP address of the management Ethernet port is modified
or deleted during Telnet configuration through the management port, the Telnet
connection fails.
2. Perform the following steps to log in to the device through Telnet from another device
(such as a switch or router).
a. Configure an IP address and VLAN interface through the console port.
b. Configure a Telnet login username and password through the console port.
c. Connect the router (or switch) to the ZXR10 5900E series unit, and ensure that
the router (or the switch) can ping the units VLAN interface successfully.
d. Run the telnet command on the unit and type the IP address of the VLAN interface
to log in to the device.
SSH consists of a server and a client. ZXR10 5900E serves as an SSH server. A host
runs the SSH client to log in to the ZXR10 5900E series unit.
1. To enable the SSH server in a ZXR10 5900E series environment, run the ssh server
enable command. By default, the SSH server is disabled.
2. Connect the host network interface to an Ethernet interface on the ZXR10 5900E series
unit so that the host can ping the ZXR10 5900E series unit VLAN interface successfully.
3. Run the SSH client software (PuTTY) on the host.
a. Click Session in the Category field. Set an IP and port number of the SSH server.
See Figure 2-8.
2-6
b. Click SSH in the Category field. Set the SSH version. See Figure 2-9.
2-7
2-8
Enter a question mark (?) at the system prompt to obtain a list of the commands available
for each command mode. Refer to Table 2-1 for the main ZXR10 5900E command modes.
2-9
To view the list of the commands available, enter a question mark after the prompt in a
command mode.
To return to the user mode, execute the disable command in privileged mode.
To exit the device, execute the exit command in user mode and privileged mode. To return
to the previous mode from other command modes, execute the exit command.
To return to the privileged mode from a command mode other than user mode and
privileged mode, execute the end command or entering Ctrl+z.
2-10
2-11
At the end of this example, the system prompts that the command is incomplete and
other keywords or parameters should be typed.
Note:
The command line is not case sensitive.
Action Function
Press Ctrl+P or the up arrow key. Recalls a command from the buffer forward
Press Ctrl+N or the down arrow key. Recalls a command from the buffer backward
In privileged mode, execute the show history command to list the most recent commands.
2-12
Note:
By default, the software file name for the ZXR10 5900E series unit must be zxr10.zar.
2. CFG: The CFG directory stores the configuration file named startrun.dat. Information
is saved in memory when the system executes a command that modifies device
configuration. To prevent configuration data loss during device restarts, use the write
command to write information into the flash memory, and save information in the
startrun.dat file. To clear the original configuration in the device and configure new
3-1
data, use the delete command to delete the startrun.dat file, and then restart the
device.
3. DATA: The DATA directory stores the log.dat file which records alarm information.
3-2
2. This example shows how to create a directory named ABC in the flash memory and
then delete it.
ZXR10#mkdir ABC /*Add a sub-directory of ABC in
current directory*/
ZXR10#dir /*view the information in current directory
and find the sub-directory of ABC*/
Directory of flash:/
attribute size date time name
1 drwx 512 MAY-17-2004 14:22:10 IMG
2 drwx 512 MAY-17-2004 14:38:22 CFG
3 drwx 512 MAY-17-2004 14:38:22 DATA
4 drwx 512 MAY-17-2004 15:40:24 ABC
65007616 bytes total (48861184 bytes free)
ZXR10#rmdir ABC /*remove the sub-directory of ABC*/
ZXR10#dir /*Show the current directory information and
find sub-directory of ABC which has been removed*/
Directory of flash:/
attribute size date time name
1 drwx 512 MAY-17-2004 14:22:10 IMG
2 drwx 512 MAY-17-2004 14:38:22 CFG
3 drwx 512 MAY-17-2004 14:38:22 DATA
65007616 bytes total (48863232 bytes free)
3-3
3. Select Security > User/Rights. The User/Rights Security dialog box displays.
See Figure 3-2.
a. Click New User to create a user, such as target, and set a password for the new
user.
b. Select target from the User Name drop-down list.
c. Enter the directory name of the software or configuration file in the Home
Directory text box, for example, D:\IMG.
3-4
3. Select Tftpd > Configure. The Tftpd Settings dialog box displays. See Figure 3-4.
3-5
4. Click Browse after the Home Directory text box on the dialog box, and select a di-
rectory to store the software of configuration file, for example, D:\IMG.
5. Click OK to finish the settings.
When the system enables the TFTP sever, execute the copy command to back up or
recover files and import or export configurations.
3-6
Note:
1. When using the copy command to transfer an FTP file between a background host and
ZXR10 5900E series unit, first configure the host IP address in the VLAN interfaces
network segment. Ensure that the interface that the host connects to belongs to the
VLAN and can ping the VLAN successfully.
2. When editing the startrun.dat file through a text editor, note that the format should
meet the command requirements. In addition, the start and end of the configuration
file should not be modified. If the format does not meet the command requirements,
or the start and end of the configuration file are modified, the configuration file cannot
be loaded successfully.
3-7
2. Ensure that the management Ethernet port of the ZXR10 5900E series unit and the
host PC have the same IP network mask.
3. Start the background FTP server.
4. Reboot the ZXR10 5900E series unit, and then press any key in a HyperTerminal
session to enable the Boot state. The information displayed is as follows:
ZXR10 System Boot Version: 1.0
Creation date: Dec 31 2002, 14:01:52
(Omitted)
Press any key to stop for change parameters...
2
[Boot]:
Type c in the Boot state, and press ENTER to enable the parameter modification state.
Change the boot mode to booting from the background FTP. Change the FTP server
address to that of the background host. Change the client and the gateway addresses
to that of the management Ethernet port of ZXR10 5900E. Set the subnet mask, the
FTP username and the password. After the modification, the prompt Boot: displays.
[Boot]:c
'.' = clear field; '-' = go to previous field; '^' = quit
Boot Location [0:Net,1:Flash] : 0
/*0 means booting from the background FTP, 1 means botting from Flash*/
Port Number : 24
Client IP [0:bootp]: 168.4.168.168
/*Management Ethernet port address*/
Netmask: 255.255.0.0
Server IP [0:bootp]: 168.4.168.89
/*Background FTP server address*/
Gateway IP: 168.4.168.168
/*Management Ethernet port address*/
FTP User: target
/*FTP user name target*/
FTP Password:
/*Password of target*/
FTP Password Confirm:
Bootfile: zxr10.zar
Enable Password: /*Default*/
Enable Password Confirm: /*Default*/
[Boot]:
5. Type b and press ENTER. The system automatically boots from the background FTP
server.
[Boot]:b
Loading... get file zxr10.zar[15922273] successfully!
file size 15922273.
3-8
/*Omitted*/
**********************************************************
Welcome to ZXR10 5928E Switch of ZTE Corporation
**********************************************************
ZXR10>
6. If the system starts successfully, enter show version to check whether the new version
is running in the memory. If not, repeat steps 1 to 4.
7. Delete the old version file (zxr10.zar) from the IMG directory in flash by using the delete
command.
8. Copy the new software file from the background FTP server to the IMG directory in
flash. Name the new version file zxr10.zar.
a. Set a temporary VLAN interface connected to the host (for example, IP address
168.4.168.1).
b. Set the host IP address (for example, 168.4.168.89) in the network segment where
the VLAN interface IP address located. Ensure that the interface that the host
connects to belongs to the VLAN and can ping the it successfully.
c. Use the copy command in the privileged mode.
ZXR10#copy ftp: //168.4.168.89/zxr10.zar@target:target
flash: /img/zxr10.zar
Starting copying file
.................................................................
.................................................................
......................................
file copied successfully.
ZXR10#
9. Search for the new software file in flash. If it cannot be located, repeat step 7 to copy
the version file again.
10. Reboot the ZXR10 5900E series unit and follow step 3 to change the boot mode to
booting from flash. The Bootfile is modified to /img/zxr10.zar automatically.
Note:
The booting mode can be changed to booting form flash through the nvram imgfile-lo
cation local command in global configuration mode.
11. Type b at the prompt Boot: and press ENTER to boot the system using the new
software in flash.
12. When the system boots successfully, check the operating version to confirm a
successful upgrade.
3-9
Note:
The remote upgrade is implemented on a switch by Telnet. Use the FTP function to copy
the version file from the host to the switch and then restart the switch remotely. After the
switch runs normally, check the version information by Telnet. Note: Exercise caution
when users perform the remote upgrade. Do not forget to save the current configuration
or back up the related files.
3-10
Command Function
Command Function
Command Function
Command Function
3-11
Command Function
Command Function
By default, the absolute time-out is 1440 minutes and the idle time-out is 120 minutes.
Command Function
3-12
Caution!
Use extreme caution when performing this function. If the configuration is not done
properly, the device configuration does not operate.
[MPU]
Main processor: ZXR10 MPC8270, 450M - PCI with 256M bytes of memory
8K bytes of non-volatile configuration memory
16M bytes of processor board System flash (Read/Write)
ROM: System Bootstrap, Version: V2.01 , RELEASE SOFTWARE
Hardware Version: V1.1, CPLD Version: V1.4
System serial: 4294967295
System temperature(Celsius):43
3-13
Command Function
Command Function
Instruction
1. If no option is configured for this command, all the collected system information will be
written to /flash/data/tech.dat.
2. If a protocol option (such as bgp) is configured in the command, the system collects
and writes general information and protocol-related information to /flash/data/te
ch.dat.
3. If only the common option is configured in the command, the system only collects and
writes the general information to /flash/data/tech.dat.
After completing a diagnosis command, the command line displays a system prompt before
implementing the command. Copy the /flash/data/tech.dat file in flash to the FTP
or TFTP server through the copy command and view the file by text software such as
notepad and wordpad.
Examples
1. This example shows how to collect all system information by one-command.
ZXR10#show tech-support
2. This example shows how to collect general system information, OSPF information and
IS-IS information by one-command.
ZXR10#show tech-support ospf isis
3. This example shows how to collect general system information only.
ZXR10#show tech-support common
3-14
Command Function
Instruction
1. If the all option is not configured in this command, invoking the command only
executes part of the diagnosis commands. The diagnosis information that is in text
format is written to /flash/data/diaginfo.dat and read directly.
2. If the all option is configured in this command, invoking the command executes all
diagnosis commands. The file with diagnosis information is written into /flash/dat
a/diaginfo.dat in zar decompression format.
The prompt displays when one-command for diagnosis is completed, copy the /flash/
data/diaginfo.dat file in flash to the FTP/TFTP server through the copy command.
Then check the file according to whether the all option is used in this command.
Command Function
Example
Configure the memory detection function after entering environment configuration mode.
This example shows how to enter environment configuration mode.
3-15
ZXR10(config)#environ
ZXR10(config-environ)#
Command Function
Example
This example shows how to configure the high limit and low limit of the remaining memory
threshold detection alarm to 30 and 8, respectively.
ZXR10(config-environ)#memory-check-threshold high-grade 30 low-grade 8
ZXR10(config-environ)#
Command Function
Example
This example shows how to configure the time interval of the remaining memory threshold
detection to 30 seconds.
ZXR10(config-environ)#memory-check-interval 30
3-16
ZXR10(config-environ)#
Command Function
Example
This example shows how to configure the switch of remaining memory threshold detection
to on.
ZXR10(config-environ)#memory-check-switch on
ZXR10(config-environ)#
Note:
This example means that all the configurations use default values.
3-17
Assume that the current memory usage is 68.364%. The remaining memory is 31.636%.
PhyMem: Physical memory (megabyte)
Panel CPU(5s) CPU(1m) CPU(5m) PhyMem Buffer Memory
MP(M) 1 10% 10% 10% 256 0% 68.364%
To clear the alarm, configure a new memory high threshold, as shown below:
ZXR10(config-environ)#memory-check-threshold high-grade 30
If the remaining memory exceeds the high threshold, the alarm clears and a message
prints.
When the remaining memory rate is less than the threshold (for example, 5%), ZXR10
5900E series unit raises an alarm. But when the remaining memory rate returns to a value
between the high threshold and low threshold, the alarm does not clear. The alarm clears
only when the remaining memory rate exceeds the high threshold.
In this example, the alarm appears after the ZXR10(config-environ)#memory-check-thres
hold high-grade 40 low-grade 5 command is configured. During the next detection, if the
system detects that the remaining memory rate is a value between the high threshold and
the low threshold, the alarm does not display again.
Configuring the detection time interval regulates the frequency of detection. The default is
once per second (s). The value can be configured from 1 s to 1800 s (30 minutes).
The above configuration disables the detection switch of the remaining memory threshold,
but the configuration still can be seen through the show run command.
ZXR10(config)#environ
ZXR10(config-environ)#memory-check-threshold high-grade 30 low-grade 5
ZXR10(config-environ)#memory-check-interval 30
ZXR10(config-environ)#memory-check-switch off
The above configuration is valid and still exists, but cannot be configured when the
detection switch of the remaining memory threshold is off.
3-18
Command Function
Instructions
1. If the time parameter is configured in this command, the device executes the
configuration at the specified time. It is unnecessary to add an absolute path or
a relative path to the file name. It is only necessary to list the file name. Before
configuration, copy the file to the /flash/cfg/ in flash.
2. The requirements of the information in the file are:
l The first line in the file must be the configure terminal command (the abbreviation
is con t) to enter configuration mode.
l Subsequent commands can be modified according to required mode. Then add
the configuration commands by one command one line.
l After completing the configuration, add the write command and press ENTER
after a command is typed. If the commands were copied and pasted from the
screen, invisible characters can be present and lead to execution failure.
l After completing file editing, upload it to the /flash/cfg/ directory in flash.
3. If the time parameter is not set in this command, the device executes the configuration
immediately.
4. The no exec file command cancels the regular configuration of the system. If the time
needs to be reset, this command must be implemented for the next configuration to
pass its check.
5. The show exec-cmd-file command can be executed in any mode except the user mode.
Use this command to view the systems current execution timing plans. If a plan exists,
the detailed execution time and configuration file displays. If no plan exists, no current
system execution timing plan displays.
6. One-command for configuration is used to open the file according to specific
parameters. The generated file name (without extension name) has the same name
3-19
as the opened file, but the extension name changes from .dat to .log. For example,
using the exec file zerodis.dat command to open the /flash/cfg/zerodis.dat
file, generates the /flash/data/zerodis.log file.
Examples
1. This command runs the zerodis.dat configuration file.
ZXR10(config)#exec file zerodis.dat
2. This command sets the system to execute the configuration file at 19:00:00 on
20091230.
ZXR10(config)#exec file zerodis.dat 19:00:00 dec 30 2009
3. This command cancels the existing timing configuration.
ZXR10(config)#no exec file
4. This command displays the information in a configuration file (that is, the information
in the zerodispo.dat file)
con t
int vlan 10
ip add 10.1.1.2 255.255.255.0
exit
int vlan 20
ip add 20.1.1.3 255.255.255.0
exi
exi
write
5. This command displays the schedule for regularly executed system commands.
ZXR10#show exec-cmd-file
The ZXR10 5900E series system supports the device power off alarm function. To
implement the power-off alarm function, do the following:
Connect the Alarm Out port of SW1 on the first ZXR10 5900E series unit to SW2 of the
second ZXR10 5900E series unit using a straight-through network cable.
When power is not applied to the first unit, the second units Alarm indicator activates,
turning red and flashing. When power is applied to the first unit, the second units alarm
indicator de-activates.
3-20
Command Function
Parameter descriptions:
Command Description
< hh:mm:ss > Configures the specific time point. The format is
HH:MM:SS.
<1-31> Configures the specific date. The value varies with the
maximum number of days in each month.
Instructions:
The periodical restart function is supported only by the terminals of the B2, 2823C, and
later versions. The Reload command followed by no parameter refers to immediate restart.
The Reload command followed by the parameters such as at refers to the restart at the
absolute time. The Reload command followed by the in parameter refers to the restart
at the relative time. The Reload command followed by the cancel parameter refers to
canceling the restart operation to be executed. The time for periodical restart ranges from
0 to 35791. The unit is minute.
3-21
Command Function
Parameter descriptions:
Command Description
3-22
Command Description
min -ttl<1-255> Initial TTL, which is the number of hops allowed by the first
packet
The value of this parameter ranges from 1 to 255 and is
smaller than the maximum TTL. The default value is 1.
repeat<1-65535> Number of probe packets sent each time. The value of this
parameter ranges from 1 to 65535. The default value is 3.
source < source-address > Source IP address of the traced packet. The address must
be a valid IP address configured on the device.
udpporttype<1-65535> UDP port of the target device. The value of this parameter
ranges from 1 to 65535. The default value is 33434.
strict < source-address > IP header option. The switch probes packets in strict mode
in accordance with the specified path. When configuring
the IP header option, configure the IP address of the device
on each hop of the specified path.
record < 1-9 > IP header option. The parameter records the IP address
of the device on each hop of the path.
timestamp < 1-9 > IP header option, time stamp of the probe packet during
packet trace. The value of this parameter ranges from 1
to 9.
Instructions:
1. The output information of the trace command includes the IP addresses of all the L3
devices on the path to the destination device and the extended information.
2. If a device times out, the switch prints "* * *".
3. During command execution, press Ctrl+C to end the operation.
3-23
3-24
Note:
The daughter board is not hot swappable.
The ZXR10 5900E series unit names ports in the following formats:
<Port type>_<Slot No.>/<Port No.>
l <Port type> : gei (1000M Ethernet interface) and xgei (10G Ethernet interface).
l <Slot No.>
ZXR10 5928E/5928E-FI only has two slots.
ZXR10 5952E has six slots.
l <Port No.>
The port numbers on the interface board start at 1.
Example:
4-1
Command Function
The shutdown command disables the physical link provided by the port. All ports are
enabled by default.
Command Function
When the GE port operates at 1000 Mbps, enable the auto-negotiation function.
The 10Gbps Ethernet port operates in full-duplex mode and does not support the
auto-negotiation function.
4-2
Command Function
When the port physical state operates in electrical interface mode (GE, Fast Ethernet [FE],
10Mpbs), half-duplex, and full-duplex can be set to whether it can be notified.
When the port physical state operates in optical interface mode, only half-duplex and
full-duplex can be set to whether the system can notify the unit. The notification of speed
cannot be set.
The four negotiation modes (negotiation auto speed 100, negotiation auto speed 10, negotiat
ion auto, and no negotiation auto) are mutual exclusive.
After configuring negotiation auto [ speed [10|100]], the speed and duplex mode of a port
cannot be configured but are sensitive to network conditions.
Command Function
Command Function
Only the GE ports support duplex mode and rate configurations. It is necessary to disable
automatic negotiation on the port before configuration.
4-3
Command Function
Flow control limits the packets sent to an Ethernet port during a specific period. When the
receiving buffer is full, the port sends a pause packet to tell the remote port not to send
any packets during the period. The Ethernet port can also receive pause packets from
other devices and perform those operations as required.
Command Function
By default, the maximum frame allowed on an Ethernet port is 1560 bytes and jumbo frame
functionality is disabled. The maximum frame allowed on an Ethernet port is 16379 bytes
with jumbo frame functionality enabled. For cross-chips, up to 16344 bytes of frames are
allowed to pass an Ethernet interface.
Command Function
4-4
Command Function
Broadcast traffic through an Ethernet port can be limited by dropping broadcast packets
when the traffic exceeds a configured limit. This effectively suppresses broadcast storm,
helps to avoid congestion, and ensures normal network service operation.
Command Function
Command Function
4-5
Command Function
The port-mode poll command configures a device to monitor port link states by scanning
all the ports at regular intervals. If the link state of a port changes, the system records
the change in the log. The port-mode interrupt command configures a device to monitor
port link states recording changes to each ports link-state as soon as the change takes
place. By default, ZXR10 5900E series units monitor port link states using the port-mode
poll method. The 5928E-FI unit does not support the link-state monitoring function.
Command Function
Command Function
Example
The following example shows how to view the interface operation status.
ZXR10#show interface brief
Interface portattribute mode BW(Mbits) Admin Phy Prot Description
gei_2/1 electric Duplex/full 1000 up up up none
gei_2/2 electric Duplex/full 1000 up up up none
gei_2/3 electric Duplex/full 1000 up up up none
gei_2/4 electric Duplex/full 1000 up up up none
4-6
Admin, Phy, and Prot indicate administration, physical, and protocol states of an interface,
respectively. Only when all three states are up is the interface working properly.
The shutdown command, when executed from interface configuration mode, sets the
Admin interface state to DOWN.
Table 4-1 lists some abnormal interface conditions and their solutions.
Command Function
Examples:
1. This example shows how to view the state and statistics information on interface
gei_1/2.
ZXR10#show int gei_1/2
gei_1/2 is down, line protocol is down
Description is none
The port is electric
4-7
Duplex full
Mdi type:auto
MTU 1500 bytes BW 1000000 Kbits
Last clearing of "show interface" counters never
20 seconds input rate : 0 Bps, 0 pps
20 seconds output rate: 0 Bps, 0 pps
Interface peak rate :
input 0 Bps, output 0 Bps
Interface utilization: input 0%, output 0%
/* Forward packets input/output statistics, including error packet statistics */
Input:
Packets : 19 Bytes : 1501
Unicasts : 19 Multicasts: 0
Broadcasts : 0 Undersize : 0
Oversize : 0 CRC-ERROR : 0
Dropped : 0 Fragments : 0
Jabber : 0 MacRxErr : 0
Output:
Packets : 0 Bytes : 0
Unicasts : 0 Multicasts: 0
Broadcasts : 0 Collision : 0
LateCollision: 0
Total:
64B : 0 65-127B : 19
128-255B : 0 256-511B : 0
512-1023B : 0 1024-2047B: 0
2. This example shows how to view the configuration information on interface gei_1/2.
ZXR10(config)#show running-config interface gei_1/2
Building configuration...
!
interface gei_1/2
out_index 9
!
end
Command Function
4-8
Command Function
Example:
This example shows how to view packet loss statistics information of each queue on
gei_1/5
ZXR10#show interface queue gei_1/5
----------------------------------------------------------------------
A GE electrical port connects to another device through a twisted pair network cable. The
port uses pairs 1-2 and 3-6 when operating at 100Mbps. The port uses all four pairs (1-2,
3-6, 4-5 and 7-8) when operating at 1Gbps. Line detection can test the state of each
twisted pair with the following possible cable states:
4-9
In case of a line fault, the system locates the failure. To analyze and diagnose a fault, run
the show vct interface command in any configuration mode other than user configuration
mode.
Caution!
In a connection check, the tested port restarts, disconnecting and reconnecting its links.
Command Function
4-10
4-11
Destination Port:
Port: gei_1/3
4-12
Session 2
------------
Source Ports:
Port: gei_1/1 Monitor Direction: rx
Destination Port:
Port: gei_1/4
ZXR10(config)#
Example 2
The following example shows an RSPAN mirroring configuration.
Monitor data received on gei_1/1, and monitor data received and sent on gei_1/2. Port
gei_1/3 is the mirroring egress port connected to other devices. The VLAN of RSPAN is
VLAN 10 and the priority is 1. Figure 4-2 shows the network topology.
4-13
Destination Port:
Port: gei_1/3
RSPAN :
VLAN ID: 10 Rspan priority: 1
ZXR10(config)#
The ERSPAN function of the ZXR10 5900E system meets the following criteria:
l Supports up to one ERSPAN group, which supports up to fifty-two mirrored ports.
l Port mirroring can cross interface boards, that is, the mirrored ports and the monitoring
ports can be on different interface boards.
l Port mirroring can monitor only packets sent only packets received through the
mirrored ports.
l Supports cross-device port mirroring, that is, the mirrored ports and the monitoring
ports can be on different devices.
4-14
3 ZXR10(config)#show monitor session { all |< session-number>} Displays the configuration and
state of ERSPAN.
4-15
4-16
4-17
Command Function
4-18
Command Function
Example
The following example shows how to display an interface's optical module information.
ZXR10#show optical-inform brief
If device is externally calibrated, only calibrated values are printed.
-Inf: not applicable, Tx: transmit, Rx: receive.
Optical Optical
Interface Temperature Voltage Voltage Current Tx Power Rx Power
Name (Celsius) (3.3Volts) (5 Volts) (mA) (mW) (mW)
gei_1/21 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/22 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/23 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/24 12.00 2.00 5.00 60.00 0.00 1.00
Command Function
Parameter descriptions:
Parameter Description
4-19
Parameter Description
The threshold is related to the optical module hardware. If optical modules and/or
manufacturers are different, the system displays different information.
Example
The following example shows how to display interface optical module threshold information
and the type of information displayed.
ZXR10#show optical-inform brief
If device is externally calibrated, only calibrated values are printed.
-Inf: not applicable, Tx: transmit, Rx: receive.
Optical Optical
Interface Temperature Voltage Voltage Current Tx Power Rx Power
Name (Celsius) (3.3 Volts) (5 Volts) (mA) (mW) (mW)
------------------------------------------------------------
gei_1/21 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/22 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/23 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/24 12.00 2.00 5.00 60.00 0.00 1.00
Command Function
4-20
The threshold is related to the optical module hardware. If optical modules and/or
manufacturers are different, the system displays different information.
Example
The following example shows how to display optical module threshold alarm information
and the type of information displayed.
ZXR10#Show optical-inform threshold-alarm
Description:
tem : temperature vol : voltage cur: current
tx : transmit power rx : receive power
h-w : high-warning(+) h-a : high-alarm(++)
l-w : low-warning(-) l-a : low-alarm(--)
Interface Time in slot Threshold Violation Type(s) of Last Known
Name (DDDD:HH:MM:SS) (DDDD:HH:MM:SS) Threshold Violation
-------------------------------------------------------------
gei_2/1/22 14:57:27 04/29/2008 14:57:07 04/29/2008
tem h-w -52.00C>=-52.00C
14:57:07 04/29/2008 vol h-w 5.00V>=5.00V
14:57:07 04/29/2008 cur l-w 60.00mA<=80.00mA
14:57:07 04/29/2008 rx l-a -440.00dBm<=-333.01dBm
14:57:07 04/29/2008 rx l-a -440.00dBm<=-333.01dBm
gei_2/1/23 14:57:27 04/29/2008 14:57:07 04/29/2008
tem h-w -52.00C>=-52.00C
14:57:07 04/29/2008 vol h-w 5.00V>=5.00V
14:57:07 04/29/2008 cur l-w 60.00mA<=80.00mA
14:57:07 04/29/2008 rx l-a -440.00dBm<=-333.01dBm
14:57:07 04/29/2008 rx l-a -440.00dBm<=-333.01dBm
Parameter descriptions:
4-21
Parameter Description
Example
This example shows how to display the optical module information of an interface.
ZXR10#show optical-inform brief
If device is externally calibrated, only calibrated values are printed.
-Inf: not applicable, Tx: transmit, Rx: receive.
Optical Optical
Interface Temperature Voltage Voltage Current Tx Power Rx Power
Name (Celsius) (3.3 Volts) (5 Volts) (mA) (mW) (mW)
------------------------------------------------------------
gei_1/21 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/22 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/23 12.00 2.00 5.00 60.00 0.00 1.00
gei_1/24 12.00 2.00 5.00 60.00 0.00 1.00
The optical module information varies with different functions supported by the module
hardware. For example, the optical module information is different if the module types or
vendors are different.
4-22
Example
This example shows how to display the optical module information of an interface.
ZXR10(config)#show optical-inform
Portname Online EtherProperty Vendor VendorPN VendorSn Type Length
--------------------------------------------------------------------------------------
gei_4/1 SFP FINISAR CORP. FTLX8571D3BCL AKE0PKT
gei_4/3 SFP FIBERXON INC. FTM-C012R-LMG NL201094633432
gei_4/4 SFP 1000BASE-LX NEOPHOTONICS PT7620-61-2W A1107014252 single 150 hm
gei_4/5 SFP WTD RTXM139-400 BE0742010327
ZXR10(config)#
ZXR10(config-gei_4/5)#show optical-inform interface gei_4/4
Portname Online EtherProperty Vendor VendorPN VendorSn Type Length
--------------------------------------------------------------------------------------
gei_4/4 SFP 1000BASE-LX NEOPHOTONICS PT7620-61-2W A1107014252 single 150 hm
The optical module information varies with different functions supported by the module
hardware. For example, the optical module information is different if the module types or
vendors are different. In addition, users need to enable the DOM function before using
this command on the interface.
4-23
4-24
Command Function
5-1
The following example shows how to display the IP address of the interface with the show
ip interface command.
ZXR10(config-if-vlan1)#show ip interface
5-2
Command Function
To view the ARP entities on a specified interface, use the show arp [ interface { vlan | supe
rvlan }<id>] command.
The following example shows how to view the ARP table of the Layer 3 interface VLAN 1:
ZXR10#show arp
Address Age(min) Hardware Addr Interface
10.1.1.1 - 000a.010c.e2c6 vlan1
10.1.100.100 18 00b0.d08f.820a vlan1
10.10.10.2 S 0000.1111.2222 vlan1
10.10.10.3 P 0000.1111.2221 vlan1
ZXR10#
The - under the Age(min) column indicates that this is an ARP entity of the VLAN interface.
VLAN interface address configuration generates the ARP entity. S indicates that it is a
static ARP entity. P indicates that it is a permanent ARP entity added manually.
5-3
5-4
All the configuration examples are executed in this network topology. P1 is configured with
the MFF function and P2 is configured with the MFF gateway and DHCP server functions.
5-5
In this example, the IP address of the MFF gateway is 168.1.70.1, the IP address of PC1
is 168.1.70.80, and the IP address of PC2 is 168.1.70.70.
The configuration of P1:
ZXR10#config ter
ZXR10(config)# mff enable
ZXR10(config)# mff gateway detect enable
ZXR10(config)# interface vlan 100
ZXR10(config-if-vlan100)# mff enable manu
ZXR10(config-if-vlan100)# set mff gateway ip 168.1.70.1
ZXR10(config-if) # exit
ZXR10(config)# interface gei_1/1
ZXR10(config-gei_1/1)# set mff user-port vlan 100
ZXR10(config-if) # exit
ZXR10(config)# interface gei_1/10
ZXR10(config-gei_1/10)# set mff user-port vlan 100
ZXR10(config-if) # exit
ZXR10(config)# interface gei_1/20
ZXR10(config-gei_1/20)# set mff network-port
ZXR10(config-if) # end
5-6
5-7
Command Function
Note:
The ARP packet reply information of the MFF can be obtained by using the debug ARP
switch.
5-8
Command Function
6-1
Example
The following example shows how to define a standard ACL that permits packets from
the network segment 192.168.1.0/24 but rejects packets with the source IP address
192.168.1.100.
ZXR10(config)#acl standard number 10
ZXR10(config-std-acl)#rule 1 deny 192.168.1.100 0.0.0.0
ZXR10(config-std-acl)#rule 2 permit 192.168.1.0 0.0.0.255
6-2
Example
The following example shows how to configure an extended ACL to do the following:
1. Permit UDP packets from network segment 210.168.1.0/24 with the destination IP
address 210.168.2.10, the source port 100 and the destination port 200.
2. Deny the Border Gateway Protocol (BGP) packets from the network segment
192.168.2.0/24.
3. Deny all ICMP packets.
4. Deny all packets with the IP protocol number 8.
ZXR10(config)#acl extend number 150
ZXR10(config-ext-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 eq 100 210.168.2.10
0.0.0.0 eq 200
ZXR10(config-ext-acl)#rule 2 deny tcp 192.168.2.0 0.0.0.255 eq bgp any
ZXR10(config-ext-acl)#rule 3 deny icmp any any
ZXR10(config-ext-acl)#rule 4 deny 8 any any
6-3
Example
The following example shows how to define a Layer 2 ACL to permit IP packets with
the source MAC address 00d0.d0c0.5741 and the 802.1p 5 from VLAN 10 and deny the
received MPLS (Ethernet type is 8847) packets.
ZXR10(config)#acl link number 200
ZXR10(config-link-acl)#rule 1 permit ip cos 5 ingress 00d0.d0c0.5741 0000.0000.0000
ZXR10(config-link-acl)#rule 2 deny 8847
Example
The following example shows how to configure a hybrid ACL to do the following:
6-4
1. Permit UDP packets from the network segment 210.168.1.0/24 with the destination IP
address 210.168.2.10, the destination MAC address 00d0.d0c0.5741, the source port
100 and the destination port 200.
2. Deny the BGP packets from the network segment 192.168.3.0/24.
3. Deny all packets with the MAC address 0100.2563.1425.
ZXR10(config)#acl hybrid number 300
ZXR10(config-hybd-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq 100 210.168.2.10
0.0.0.0 eq 200 any egress 00d0.d0c0.5741 0000.0000.0000
ZXR10(config-hybd-acl)#rule 2 deny tcp 192.168.3.0 0.0.0.255 Eq BGP any any
ZXR10(config-hybd-acl)#rule 3 deny any any any ingress 0100.2563.1425 0000.0000.0000
Example
The following example shows how to define an ACL to permit packets from network
segment 3001::/16.
ZXR10(config)# ipv6 acl standard number 2000
ZXR10(config-std-v6acl)# rule 1 permit 3001::/16
6-5
Example
The following example shows how to define an extended IPv6 ACL to permit packets from
the network segment 3000::/16 to the destination network segment 4000::/16.
ZXR10(config)#ipv6 acl extended 2500
ZXR10(config-ext-v6acl)#rule 1 permit ipv6 3000::/16 4000::/16
Note:
Only one ACL can be applied on a given physical port when the ACL is applied on an
ingress VFP. The new configuration overwrites the old one.
For example, configuration of the following commands takes place in interface
configuration mode.
ZXR10(config-gei_1/1)#ip access-group 10 vfp
ZXR10(config-gei_1/1)#ip access-group 100 vfp
Note:
Only one ACL can be applied in each VLAN. The new configuration overwrites the old one.
For example, configuration of the following commands takes place in VLAN configuration
mode.
ZXR10(config-vlan1)#ip access-group 10 in
6-6
Note:
Only one ACL can be applied on the inbound direction. The new configuration overwrites
the old one.
For example, configuration of the following commands takes place in interface
configuration mode.
ZXR10(config-gei_1/x)#ip access-group 10 in
ZXR10(config-gei_1/x)#ip access-group 100 in
ACL 10 is valid in the inbound direction. ACL 100 is valid in the outbound direction.
6-7
Note:
Only one ACL can be applied in the outbound direction. The new configuration overwrites
the old one.
For example, configuration of the following commands takes place in interface
configuration mode.
ZXR10(config-gei_1/x)#ip access-group 10 out
ZXR10(config-gei_1/x)#ip access-group 100 out
6-8
Note:
Only one ACL can be applied on a physical port in a given direction. The new configuration
overwrites the old one. For example, configuration of the following commands takes place
in interface configuration mode of fei_1/1.
ZXR10(config-if)#ip access-group 10 in
ZXR10(config-if)#ip access-group 100 in
Example
The following example shows how to define a standard ACL that permits packets from
the network segment 192.168.1.0/24 and denies packets with the source IP address
192.168.1.100. Rule 1 and rule 2 can use different names.
ZXR10(config)#acl standard number 10
ZXR10(config-std-acl)#rule 1 deny 192.168.1.100 0.0.0.0
6-9
ZXR10(config-std-acl)#rule-description 1 test1
ZXR10(config-std-acl)#rule 2 permit 192.168.1.0 0.0.0.255
ZXR10(config-std-acl)#rule-description 2 test2
Note:
Currently, only IPv4 standard rules, extended rules, hybrid rules, and L2 ACLs support the
description function.
6-10
6-11
Command Function
6-12
The traffic classification of QoS is based on the ACL and the ACL rule must be permit. The
user can classify packets in accordance with some filter items of the ACL, such as source
IP address, destination IP address, source MAC address, destination MAC address, IP
protocol type, source TCP port, destination TCP port, source UDP port, destination UDP
port, ICMP type, ICMP code, DSCP, ToS, precedence, In/Out VLAN ID, and 802.1p priority.
7-1
of a single service stream. Level 2 traffic policing refers to limiting the total bandwidth
of multiple service streams in one ACL. Level 2 traffic policing is implemented based on
level 1 traffic policing. In other words, to configure level 2 traffic policing, users must
configure level 1 traffic policing first. In this way, level 2 traffic policing can take effect.
Figure 7-1 shows the level 2 traffic policing in Single-or mode.
The traffic policing does not cause any delay. For the traffic policing process, refer to
Figure 7-2.
7-2
l The ZXR10 5900E supports the following algorithms: Flow, Single Rate Three Color
Marker (RFC2697), Two Rate Three Color Marker (RFC2698), and Modified Two Rate
Three Color Marker (RFC4115). All the algorithms except Flow support the Color-Blind
and Color-Aware modes.
l The Meter can work in two modes. In color-blind mode, it considers packets colorless.
In color-aware mode, it considers packets marked with colors. The switch marks each
received packet with a color in accordance with certain rules (information contained
in the packet). The Maker colors IP packets in accordance with the result from the
Meter and records the colors in the DS domain.
l The four marking algorithms are described as follows.
1. Single Rate Two Color Marker (Flow)
The algorithm is used in the Diffserv traffic conditioner. It measures traffic and marks
packets in accordance with two traffic parameters Committed Information Rate (CIR)
and Committed Burst Size (CBS). After passing the ingress policing, a packet needs
to obtain a token from the CBS bucket. If the operation is successful, the packet is
marked green. Otherwise, the packet is marked red. By default, the packets marked
red will be discarded.
7-3
yellow. Otherwise, the packet is marked red. By default, the packets marked red will
be discarded.
3. Two Rate Three Color Marker (TrTCM)
The algorithm is used in the Diffserv traffic conditioner. It measures IP traffic and
marks packets in accordance with two rate parameters Peak Information Rate (PIR)
and Committed Information Rate (CIR), and related CBS and PBS parameters. The
packets can be marked green, yellow, or red. If the rate of a packet exceeds the PIR,
it is marked red. If the rate of a packet exceeds the CIR, it is marked yellow. If the rate
of a packet does not exceed the CIR, it is marked green.
7-4
The level 2 traffic policing of the ZXR10 5900E supports only the Flow mode.
When the level 2 traffic policing is configured, the function is enabled only when the packets
marked red are discarded.
The relationship between the level 1 traffic policing and level 2 traffic policing is described
as follows:
1. Single-or mode
In this mode, the total bandwidth for level 2 traffic policing must be larger than or equal
to the sum of the bandwidth for level 1 traffic policing in the group. In this way, the level
1 traffic policing can guarantee the minimum bandwidth for each type of services. If
the total bandwidth is not fully occupied, all the services in the group can preempt the
remaining bandwidth. In this mode, the level 1 traffic policing must work in Flow mode.
The traffic policing result is as follows:
Level 1 Traffic Level 2 Traffic Level 1 Color Level 2 Color Final Color
Policing Mode Policing Mode
2. Single-and mode
In this mode, the total bandwidth for level 2 traffic policing must be smaller than or equal
to the sum of the bandwidth for level 1 traffic policing in the group. In this way, the level
1 traffic policing can both limit the maximum bandwidth for each type of services and
7-5
use the bandwidth properly. In this mode, the level 1 traffic policing must work in Flow
mode.
The traffic policing result is as follows:
Level 1 Traffic Level 2 Traffic Level 1 Color Level 2 Color Final Color
Policing Mode Policing Mode
3. Dual mode
In this mode, the total bandwidth is also limited but the working principle is complicated.
The level 1 traffic policing uses the modified trTCM. Therefore, there are three cases
after packets are colored. In this mode, the level 1 traffic policing must be configured
to the modified trTCM (RFC4115).
The traffic policing result is as follows:
Level 1 Traffic Level 2 Traffic Level 1 Color Level 2 Color Final Color
Policing Mode Policing Mode
7-6
7-7
7-8
7-9
Command Function
In the ZXR10 5900E system, this command configures the traffic policing function using
the coloring parameters cir, cbs, ebs and pir. If the pir parameter indicates the two-rate
marking algorithm. The ebs parameter indicates the Peak Burst Size (PBS) specified in
the protocol.
The modified-trtcm keyword means the modified Two-rate Three Color Marker (TrTCM)
marking algorithm that is differentiated from the TrTCM marking algorithm.
The <mode> parameter indicates the working mode. Blind refers to the color-blind mode,
and aware refers to the color-aware mode.
The drop-yellow keyword means that the yellow packets are to be discarded. By default,
the yellow packets are to be forwarded.
The forward-red keyword means that the red packets are to be forwarded. By default, the
red packets will be discarded.
The remark-red-dp parameter means to remark the drop priority of the red packets as
either high, medium or low.
The remark-red-dscp parameter means to remark the Differentiated Services Code Point
(DSCP) value of the red packets. The range of the <value> parameter is 063.
The remark-yellow-dp parameter means to remark the drop priority of the yellow packets
as either high, medium or low.
The remark-yellow-dscp parameter means to remark the DSCP value of the yellow packets.
The range of the <value> parameter is 063.
7-10
Example
This example shows how to configure traffic policing for the packets with the destination
IP address 168.2.5.5 on gei_1/1 and set the bandwidth to 10 M.
ZXR10(config)#acl extended number 100
ZXR10(config-ext-acl)#rule 1 permit ip any 168.2.5.5 0.0.0.0
ZXR10(config-ext-acl)#exit
ZXR10(config)#traffic-limit-micro 100 rule-id 1 cir 10000 cbs 2000 pir 10001 pbs 2000
mode blind
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#ip access-group 100 in
Note:
To configure level 2 traffic policing, users must first configure level 1 traffic policing and a
template of level 2 traffic policing.
It is necessary to apply the template of level 2 traffic policing to rules.
Command Function
Example
This example shows how to configure traffic policing for the packets with the destination
IP addresses 168.2.5.1, 168.2.5.2, 168.2.5.3, and 168.2.5.4 on gei_1/1 and set the
bandwidths to 10 M, 20 M, 30 M, and 20 M, respectively. The total bandwidth is limited to
100 M. The mode is single-or.
/*Configure an ACL*/
ZXR10(config)#acl extended number 100
ZXR10(config-ext-acl)#rule 1 permit ip any 168.2.5.1 0.0.0.0
ZXR10(config-ext-acl)#rule 2 permit ip any 168.2.5.2 0.0.0.0
ZXR10(config-ext-acl)#rule 3 permit ip any 168.2.5.3 0.0.0.0
ZXR10(config-ext-acl)#rule 4 permit ip any 168.2.5.4 0.0.0.0
ZXR10(config-ext-acl)#exit
/*Configure level 1 traffic policing*/
7-11
Note:
Outbound ACLs do not support this function.
Modifying the outer VLAN-ID is only supported by inbound ACLs.
Only ACLs bound to a VLAN and an ingress VFP support modifying VLAN-IDs.
Command Function
Example
This example shows how to modify outer-layer VLAN-ID of packets with the destination IP
address 168.2.5.1 on gei_1/1 to 100.
/*Configure an ACL*/
ZXR10(config)#acl extended number 100
ZXR10(config-ext-acl)#rule 1 permit ip any 168.2.5.1 0.0.0.0
ZXR10(config-ext-acl)#exit
/*Configure QoS*/
ZXR10(config)#qos set change-vlan acl 100 rule 1 change outer-vlan 100
ZXR10(config)#interface gei_1/1
7-12
Command Function
Example
This example shows how to configure traffic shaping on gei_1/1 and set the interface rate
to 20 M.
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#traffic-shape data-rate 20000 burst-size 4
Command Function
Example
This example shows how to configure queue bandwidth limit on gei_1/1. The maximum
bandwidth of queue 1 is limited to 20 M, and the minimum bandwidth of queue 1 is limited
to 2 M. The maximum bandwidth of queue 2 is limited to 20 M. The minimum bandwidth
of queue 3 is limited to 2 M.
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#traffic-shape queue 1 max-datarate-limit 20000
min-gua-datarate 2000
ZXR10(config-gei_1/1)#traffic-shape queue 2 max-datarate-limit 20000
ZXR10(config-gei_1/1)#traffic-shape queue 3 min-gua-datarate 2000
Command Function
7-13
Example
This example shows how to configure SP scheduling on gei_1/1. Use Weighted Round
Robin (WRR) scheduling on gei_1/2. Set the weight of queue 0 to queue 7 to 10, 5, 8, 10,
5, 8, 9, and 10, respectively. Set the default 802.1p to 5 on gei_1/2.
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#queue-mode strict-priority
ZXR10(config-gei_1/1)#exit
ZXR10(config)#interface gei_1/2
ZXR10(config-gei_1/2)#queue-mode wrr 0 10
ZXR10(config-gei_1/2)#queue-mode wrr 1 5
ZXR10(config-gei_1/2)#queue-mode wrr 2 8
ZXR10(config-gei_1/2)#queue-mode wrr 3 10
ZXR10(config-gei_1/2)#queue-mode wrr 4 5
ZXR10(config-gei_1/2)#queue-mode wrr 5 8
ZXR10(config-gei_1/2)#queue-mode wrr 6 9
ZXR10(config-gei_1/2)#queue-mode wrr 7 10
ZXR10(config-gei_1/2)#priority 5
Command Function
Example
This example shows how to redirect the packets with the source IP address 168.2.5.5 on
gei_1/4 to gei_1/3. Implement policy routing for the packets with the destination IP address
66.100.5.6, and specify the next-hop IP address to 166.88.96.56.
ZXR10(config)#acl extend number 100
ZXR10(config-ext-acl)#rule 1 permit ip 168.2.5.5 0.0.0.0 any
ZXR10(config-ext-acl)#rule 2 permit ip any 66.100.5.6 0.0.0.0
ZXR10(config-ext-acl)#exit
ZXR10(config)#redirect in 100 rule-id 1 interface gei_1/3
ZXR10(config)#redirect in 100 rule-id 2 next-hop 166.88.96.56
ZXR10(config)#interface gei_1/4
ZXR10(config-gei_1/4)#ip access-group 100 in
7-14
Command Function
Example
This example shows how to modify the DSCP value of the packets with the source IP
address 168.2.5.5 on gei_1/1 to 34 and set the output queue to 4.
ZXR10(config)#acl standard number 10
ZXR10(config-std-acl)#rule 1 permit 168.2.5.5
ZXR10(config-std-acl)#exit
ZXR10(config)#priority-mark 10 rule-id 1 dscp 34 local-precedence 4
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#ip access-group 10 in
Command Function
Example
This example shows how to set the outer-layer VLAN value of traffic that matches the ACL
rule 1 on gei_1/4 to 2000.
ZXR10(config)#acl standard number 10
ZXR10(config-std-acl)#rule 1 permit 168.2.5.5
ZXR10(config-std-acl)#exit
ZXR10(config)#interface gei_1/4
ZXR10(config-gei_1/4)#ip access-group 10 in
ZXR10(config-gei_1/4)#exit
ZXR10(config)#qos set change-vlan acl 10 rule 1 change outer-vlan 2000
Command Function
7-15
Example
This example shows how to mirror the packets with the source IP address 168.2.5.6 on
gei_1/8 to gei_1/4.
ZXR10(config)#acl standard number 10
ZXR10(config-std-acl)#rule 1 permit 168.2.5.5
ZXR10(config-std-acl)#rule 2 permit 168.2.5.6
ZXR10(config-std-acl)#exit
ZXR10(config)#traffic-mirror in 10 rule-id 2 interface gei_1/4
ZXR10(config)#interface gei_1/8
ZXR10(config-gei_1/8)#ip access-group 10 in
ZXR10(config-gei_1/8)#exit
Command Function
Example
This example shows how to configure the tail-drop parameters and apply the tail-drop
function on gei_1/8. In queue 1, set the threshold to drop the red packets to 120, set the
threshold to drop the yellow packets to 120, and set the threshold to drop all packets to
240.
ZXR10(config)#qos tail-drop 1 queue-id 1 240 120 120
ZXR10(config)#interface gei_1/8
ZXR10(config-gei_1/8)#drop-mode tail-drop 1
Command Function
7-16
Example
This example shows how to collect statistics of the packets with the destination IP address
67.100.88.0/24 on gei_1/8.
ZXR10(config)#acl extend number 100
ZXR10(config-ext-acl)#rule 1 permit ip 168.2.5.5 0.0.0.0 any
ZXR10(config-ext-acl)#rule 2 permit ip any 67.100.88.0 0.0.0.255
ZXR10(config-ext-acl)#exit
ZXR10(config)#traffic-statistics 100 rule-id 2 pkt-type all statistics-type byte
ZXR10(config)#interface gei_1/8
ZXR10(config-gei_1/8)#ip access-group 100 in
Command Function
Parameters descriptions:
Parameter Description
0 0 0
1 1 8
2 2 16
3 3 24
4 4 32
5 5 40
6 6 48
7-17
7 7 56
If the mapping of an <exp-list> value is configured multiple times, only the last configuration
is reserved.
Example
This example shows how to map the EXP value 1 to CoS value 2 and DSCP value 15.
ZXR10(config)#qos conform-exp 1 cos 2
ZXR10(config)#qos conform-exp 1 dscp 15
Command Function
Parameter descriptions:
Parameter Description
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
The command can be used to set the mapping from the CoS field to the EXP field.
7-18
Repeatedly configure the mapping with the same value of <cos-list> and save only the last
configuration.
Run the no command to restore the default system configuration.
If no CoS mapping is configured and the CoS mapping list is bound to an interface or
VLAN, the default mapping relationship will be enabled.
Example
This example shows how to map the CoS value 1 to EXP value 5.
ZXR10(config)#qos conform-cos 1 exp 5
ZXR10(config)#qos conform-cos 1 exp 5
Command Function
0 0 0 4 4 32
1 1 8 5 5 40
2 2 16 6 6 48
3 3 24 7 7 56
Command Function
0 0 4 4
7-19
1 1 5 5
2 2 6 6
3 3 7 7
Command Function
Parameter descriptions:
Parameter Description
Example
This example shows how to enable EXP mapping on gei_1/1.
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#trust-exp-map enable
Command Function
Example
This example shows how to enable CoS mapping on gei_1/1.
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#trust-cos-map enable
7-20
7-21
7-22
Command Function
ZXR10(config)#show qos [ name < acl-name>| number < Displays QoS configuration
acl-number>] information.
Example
The following example shows how to display QoS configuration information:
ZXR10(config)#show qos
traffic-limit-macro template 100 rule-group 1 cir 100000 cbs 100 mode single-or
traffic-limit-micro 100 rule-id 1 cir 10000 cbs 100
traffic-limit-macro template-bind 100 group-id 1 with rule-id 1
traffic-limit-micro 100 rule-id 2 cir 20000 cbs 100
traffic-limit-macro template-bind 100 group-id 1 with rule-id 2
traffic-limit-micro 100 rule-id 3 cir 30000 cbs 100
traffic-limit-macro template-bind 100 group-id 1 with rule-id 3
traffic-limit-micro 100 rule-id 4 cir 20000 cbs 100
traffic-limit-macro template-bind 100 group-id 1 with rule-id 4
7-23
Command Function
ZXR10(config)#drop-mode wred < session-index > global Applies a template in global mode.
Parameter descriptions:
Parameter Description
<pkt-start-threshold> The average queue threshold to drop packets on the basis of the
number of packets, in the range of 111264.
<pkt-end-threshold> The average queue threshold to drop all packets on the basis of
the number of packets, in the range of 111264.
<cell-start-threshold> The average queue threshold to drop packets on the basis of the
number of bytes, in the range of 13047424.
<cell-end-threshold> The average queue threshold to drop all packets on the basis of
the number of bytes, in the range of 13047424.
<weight> The weight that the current queue is mapped to the average
queue, in the range of 015.
capavg The calculation that replaces the average queue length with the
current queue length as the drop rate.
7-24
Example
This example shows how to configure a WRED functional template on the basis of the
number of packets. In the template, the start threshold to drop the green TCP packets is
1000, the end threshold to drop all packets is 2000, and the maximum drop rate is 100. The
start threshold to drop the non-TCP packets is 500, the end threshold to drop all packets
is 800, and the maximum drop rate is 80. The weight that the current queue is mapped to
the average queue is 15. Apply this template globally, to gei_1/1 and queue 1.
ZXR10(config)# qos wred 1 packet-type 0 green-tcp 1000 2000 100 no-tcp 500
800 80 weight 15
ZXR10(config)#drop-mode wred 1 global
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#drop-mode wred 1 port
ZXR10(config-gei_1/1)#drop-mode wred 1 queue-id 1
7-25
7-26
Command Function
Command Function
8-1
Command Function
Command Function
Command Function
8-2
Command Function
Command Function
Command Function
8-3
Command Function
Command Function
Command Function
8-4
Command Function
Command Function
Command Function
8-5
Command Function
Command Function
Command Function
8-6
Command Function
Command Function
ZXR10(config-if-vlanX)#ip dhcp mode [server | relay | Enables the DHCP mode of the
proxy] interface.
l relay refers to enabling the
DHCP Relay function of the
interface.
l server refers to enabling the
DHCP Server function of the
interface.
l proxy refers to enabling the
DHCP Proxy function of the
interface.
After enabling the built-in DHCP relay process, the system processes an IP address
request sent from a DHCP client on the interface. It allocates an IP address to a DHCP
client dynamically through an external DHCP server configured on an interface.
After enabling the built-in DHCP proxy process, the system processes an IP address
request sent from a DHCP client on the interface. It allocates an IP address to a
DHCP client dynamically through an external DHCP server configured in an interface.
It replaces the short lease deployed by the proxy with the long lease deployed by
the server. When the DHCP client sends a request to continue the lease, if the long
lease allocated by the DHCP server does not expire, the DHCP proxy will respond to
the DHCP client directly rather than the DHCP Server. This relieves the load on the
DHCP server.
8-7
Command Function
Command Function
This command is valid for a DHCP server and, under special conditions, for a DHCP
relay.
For a DHCP server, the DHCP user quota limits the maximum number of DHCP
users on an interface. It limits the number of IP addresses allocated on the interface
indirectly.
For a DHCP relay, standard mode does not support the DHCP user quota
configuration. In secure forwarding mode, however, user quota is valid for a DHCP
relay.
5. Configure the policy according to the interface that chooses an external DHCP server.
Command Function
8-8
Command Function
7. Enable the DHCP log print switch so that the ZXR10 5900E system can record the
DHCP users online logs.
Command Function
Command Function
ZXR10(config)#ip dhcp snooping binding <mac> vlan Adds a binding entity to the
<vlan><ip address><interface-number> expiry <2147483647> DHCP snooping binding table
manually.
The <mac> parameter is the
users MAC address.
The <vlan> parameter is a VLAN
to which the user belongs or a
range of VLANs to which the
users belong, in the range of
14096.
The <interface-number>
parameter is a physical port,
such as fei, gei and smartgroup.
8-9
Command Function
2. Delete an entity in the DHCP snooping binding table on a Layer 2 interface manually.
Command Function
Command Function
Command Function
Command Function
8-10
Command Function
Command Function
ZXR10(config)#ip dhcp snooping information policy {keep Configures the policy for DHCP
| replace} Option82 packets.
The keep keyword means to
keep the previous Option82.
The replace keyword means to
replace the previous Option82.
By default, the system keeps the
previous Option82.
Run the no command to cancel
the configured Option82 policy
and restore the default policy.
Command Function
8. To configure the interface connected to the DHCP server as a trust interface, use the
following command. The switch does not restrict a trust interface. By default, the other
interfaces are not trust interfaces.
Command Function
8-11
Command Function
10. To configure the circuit-id when the format of the Option82 in VLAN mode is
user-configuration, use the following command:
11. To configure the remote-id when the format of the Option82 in VLAN mode is
user-configuration, use the following command:
Caution!
The configuration of the Option82 in VLAN mode is higher than that in global mode and
lower than that in port+VLAN mode in terms of priority.
8-12
Command Function
Before enabling the DHCP Relay to forward DHCP requests to the DHCP server,
configure the IP address of the DHCP Relay. The IP address is one of the IP addresses
of the interface configured for the DHCP client.
The DHCP server allocates IP addresses in accordance with the IP address of the
DHCP Relay so that the IP addresses belong to different subnets. The DHCP Relay
forwards the DHCP responses from the DHCP server to the DHCP client. Therefore,
the DHCP server must be configured with a route in the subnet where the DHCP Relay
resides.
2. Configure the forwarding mode on an interface.
Command Function
The standard forwarding mode complies with the standard DHCP protocol. After users
are assigned with IP addresses, the DHCP process does not perform any action during
future unicast interaction, for example, security check. Meanwhile, the function of
writing data to the ARP table is invalid to the standard mode. In standard mode,
the DHCP process does not perform any action during future unicast interaction and
therefore the performance is enhanced in case of large traffic.
8-13
In security mode, the DHCP protocol and ZTE protocols are used together to control
and process all the actions performed between DHCP users and the DHCP server, for
example, security check. In this way, the DHCP process can perform actions during the
whole process of DHCP interaction. In addition, the DHCP process supports writing
data to the ARP table. The default forwarding mode of the DHCP Relay is standard.
3. Configure the number of retry attempts that a DHCP relay applies for an address from
the external DHCP servers.
Command Function
ZXR10(config)#ip dhcp relay server retry <limit-values> Configures the number of retry
attempts that a DHCP relay
applies for an address from the
external DHCP servers.
The range of the <limit-values>
parameter is 51000. The
default value is 10.
4. Configure a DHCP client with a specific domain name to apply for an IP address from
the external DHCP server.
Command Function
ZXR10(config)#ip dhcp relay server vclass-id <domain Configures a DHCP client with a
name><ip-address>{standard | security} specific domain name to apply
for an IP address from the
external DHCP server.
The <domain name> parameter is
the domain name contained in
the request sent by the DHCP
client.
The <ip-address> parameter is
the IP address of the external
DHCP server.
5. Configure not to strictly check the message for continue a lease of a DHCP user in the
standard forwarding mode on a DHCP relay.
Command Function
8-14
Command Function
7. Configure the policy for a DHCP packet when there has been an Option82 request.
Command Function
ZXR10(config)#ip dhcp relay information policy {keep | Configures the policy for a DHCP
replace} packet when there has been an
Option82 request.
The keep keyword means to
keep the previous Option82
information.
The replace keyword means to
replace the previous Option82
information.
By default, the system keeps the
previous Option82 information.
Run the no command to cancel
the configured Option82 policy
and restore the default policy.
Command Function
ZXR10(config)#ip dhcp relay security client server-id Configures the server-id that a
<ip-address> DHCP relay replies to a DHCP
client.
<ip-address> indicates the IP
address of the server-id. The
IP address is in dotted decimal
notation.
Run the no command to delete
the IP address of the server-id
from the DHCP Relay to the
DHCP client.
8-15
Command Function
10. Enable the ZXR10 5900E series system to obtain the DHCP packets of all reply types
on an interface.
Command Function
11. Enable the ZXR10 5900E series system to obtain the DHCP packets of all request
types on an interface.
Command Function
Command Function
Command Function
ZXR10(config)#ip dhcp relay snooping trust enable Enables the function of DHCP
Relay Snooping Trust globally.
Command Function
8-16
Command Function
Command Function
Command Function
Command Function
8-17
R1 configuration:
ZXR10(config)#interface vlan 10
ZXR10(config-if-vlan10)#ip dhcp mode server
ZXR10(config-if-vlan10)#ip address 10.10.1.1 255.255.255.0
ZXR10(config-if-vlan10)#exit
ZXR10(config)#ip pool pool1
ZXR10(config-ip-pool)#range 10.10.1.10 10.10.1.100 255.255.255.0
ZXR10(config-ip-pool)#exit
ZXR10(config)#ip dhcp pool dhcp1
ZXR10(config-dhcp-pool)#ip-pool pool1
ZXR10(config-dhcp-pool)#default-route 10.10.1.1
ZXR10(config-dhcp-pool)#exit
ZXR10(config)#ip dhcp policy p1 1
ZXR10(config-dhcp-policy)#dhcp-pool dhcp1
ZXR10(config-dhcp-policy)#exit
ZXR10(config)#interface vlan 10
ZXR10(config-if-vlan10)#ip dhcp policy p1
ZXR10(config)#ip dhcp enable
8-18
R1 configuration:
ZXR10(config)#interface vlan10
ZXR10(config-if-vlan10)#ip dhcp mode relay
ZXR10(config-if-vlan10)#ip address 10.10.1.1 255.255.255.0
ZXR10(config-if-vlan10)#ip dhcp relay agent 10.10.1.1
ZXR10(config-if-vlan10)#ip dhcp relay server 10.10.2.2 security
ZXR10(config-if-vlan10)#exit
ZXR10(config)#ip dhcp enable
8-19
R1 configuration:
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#switch access vlan 100
ZXR10(config-gei_1/1)#exit
ZXR10(config)#interface gei_1/2
ZXR10(config-gei_1/2)#switch access vlan 100
ZXR10(config-gei_1/2)#exit
ZXR10(config)#ip dhcp snooping enable
ZXR10(config)#ip dhcp snooping vlan 100
ZXR10(config)#ip dhcp snooping trust gei_1/1
R1 configuration:
8-20
Command Function
8-21
8-22
Command Function
A VRRP group can consist of multiple virtual addresses. A host can use any address
as the gateway for communications.
Command Function
ZXR10(config-if-vlanX)#vrrp < group> preempt [ delay < Configures the VRRP priority.
seconds>]
3. Configure preemption.
Command Function
9-1
Command Function
5. Configure the interval for retrieving VRRP messages from the master.
Command Function
Command Function
Command Function
ZXR10(config-if-vlanX)#vrrp < group> track < track-num>{ Configures the VRRP uplink
decrement< priority>}|{ bfd { priority-down | switch }} track function.
Command Function
Command Function
9-2
R1 configuration:
ZXR10_R1(config)#interface vlan 1
ZXR10_R1(config-if-vlan1)#ip address 10.0.0.1 255.255.0.0
ZXR10_R1(config-if-vlan1)#vrrp 1 ip 10.0.0.1
R2 configuration:
ZXR10_R2(config)#interface vlan 1
ZXR10_R2(config-if-vlan1)#ip address 10.0.0.2 255.255.0.0
ZXR10_R2(config-if-vlan1)#vrrp 1 ip 10.0.0.1
9-3
R1 configuration:
ZXR10_R1(config)#interface vlan 1
ZXR10_R1(config-if-vlan1)#ip address 10.0.0.1 255.255.0.0
ZXR10_R1(config-if-vlan1)#vrrp 1 ip 10.0.0.1
ZXR10_R1(config-if-vlan1)#vrrp 2 ip 10.0.0.2
R2 configuration:
ZXR10_R2(config)#interface vlan 1
ZXR10_R2(config-if-vlan1)#ip address 10.0.0.2 255.255.0.0
ZXR10_R2(config-if-vlan1)#vrrp 1 ip 10.0.0.1
ZXR10_R2(config-if-vlan1)#vrrp 2 ip 10.0.0.2
Command Function
9-4
Command Function
Command Function
10-1
Command Function
Command Function
Command Function
6. Enable/disable accounting.
Command Function
7. Allow multiple users and configure the maximum number of users, or disallow multiple
users.
Command Function
Command Function
ZXR10(config-nas)#aaa < rule-id> default-isp < isp-name>[ Configures the default ISP name.
default]
Command Function
10-2
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
10-3
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
10-4
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
10-5
Command Function
Command Function
Command Function
Command Function
Command Function
10-6
Command Function
Command Function
Command Function
Command Function
Command Function
10-7
Switch configuration:
ZXR10(config)#radius authentication-group 1
10-8
Ensure that only hosts that can pass authentication can access the Internet, and other
hosts can only access enterprise intranet resources.
10-9
l Enable the 802.1X relay function on the Ethernet switch inside the subnet. Enable
802.1X authentication on the Ethernet port of the gateway on the subnet.
l Do not account users on the intranet. Authenticate users on the RADUIS server. The
IP addresses of the master and the slave authentication servers are 10.1.1.1 and
10.1.1.2, respectively.
The 2826E Ethernet switch is used on the intranet. The ZXR10 5900E series unit is used
as a gateway.
The ZXR10 5900E unit configuration is as follows:
ZXR10(config)#radius authentication-group 1
ZXR10(config-authgrp-1)#server 1 10.1.1.1 key aaazte port 1812
ZXR10(config-authgrp-1)#server 2 10.1.1.2 key aaazte port 1812
ZXR10(config-authgrp-1)#exit
ZXR10(config)#nas
ZXR10(config-nas)#create aaa 1 port gei_1/1
ZXR10(config-nas)#aaa 1 control dot1x enable
ZXR10(config-nas)#aaa 1 authentication radius
ZXR10(config-nas)#aaa 1 authorization auto
ZXR10(config-nas)#aaa 1 accounting disable
ZXR10(config-nas)#aaa 1 multiple-hosts enable
ZXR10(config-nas)#aaa 1 default-isp zte163.net
ZXR10(config-nas)#aaa 1 fullaccount disable
ZXR10(config-nas)#aaa 1 radius-server authentication 1
10-10
In the configuration, the ZXR10 5900E series unit provides the local authentication
function to meet the application requirements. According to the configuration, only users
whose MAC addresses are 00d0.d0d0.1234, 00d0.d0d0.1456 or 00d0.d0d0.1689 can be
accessed. The Internet access duration of the users, numbered as A0001, A0002 and
A0003, is accounted. The duration is recorded on the RADIUS server.
In the above configuration, the system applies the local authentication function of the
ZXR10 5900E series unit to meet the application requirement.
Command Function
10-11
Command Function
ZXR10#debug radius {all | exception | user <user name><domain Traces interaction with RADIUS.
name>|{authentication | accounting}{ data | error | event | packet
{<group number>| all }}}
10-12
Command Function
Command Function
11-1
Command Function
Command Function
Note:
In this example, there should be at least two interfaces in VLAN1. One is connected to a
user and the other is connected to the BRAS device. Here gei_1/1 is connected the BRAS
device.
The following example shows how to configure VBAS on the ZXR10 5900E system.
Enable the VBAS function, enable VBAS in VLAN 1, set gei_1/1 to a trust interface and
set the port type to user.
ZXR10(config)#vbas enable
ZXR10(config)#vlan 1
ZXR10(config-vlan1)#vbas enable
ZXR10(config-vlan1)#exit
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#vbas trust
ZXR10(config-gei_1/1)#vbas port-type net
11-2
Command Function
11-3
11-4
Command Function
To configure a ZESR domain, first configure a protection instance. At most, the system
accepts four configured instances. Each domain is identified by a control VLAN.
12-1
A ZESR protection instance is the same as a Spanning Tree Protocol (STP) instance. The
service VLANs are in the protection instance. So, in general, STP should be enabled to
work with ZESR. The control VLAN should use a VLAN without service. The control VLAN
should not be the same as the service VLANs or network management VLANs. The Port
VLAN ID (PVID) of a port must not be the control VLAN. A port outside the ring must not
be added to the control VLAN.
Example
This example shows how to configure a protection instance in a ZESR domain whose
control VLAN is VLAN 4000.
ZXR10(config)#zesr ctrl-vlan 4000 protect-instance 1
Command Function
Parameter descriptions:
Parameter Description
<0-500> Preup value, in seconds. Once the Master detects that the ring is
up, the status changes after preup time. The default value is 0.
Before the preforward and preup parameters are set, the role and port of the node must
be determined. The preup parameter can only be used by the master or zess-master node.
Before the interface is configured, it must be added to the control VLAN. The interface is
a Link Aggregation Control Protocol (LACP) interface. Ensure that STP is disabled on the
member interfaces.
12-2
Because the secondary interface of a zess-master node determines the blocking location,
it must be on the uplink that is intended to be blocked. ZTE also recommends setting the
secondary interface of a zess-transit node on an uplink.
Example
1. This example shows how to configure a node whose control VLAN is 4000, whose role
is master, and whose interfaces are gei_2/10 and gei_2/20.
ZXR10(config)# zesr ctrl-vlan 4000 major-level role master gei_2/10 gei_2/20
2. This example shows how to configure a node whose control VLAN is 4000, whose role
is zess-master, and whose interfaces are gei_2/10 and gei_2/20.
ZXR10(config)# zesr ctrl-vlan 4000 major-level role zess-master gei_2/10
gei_2/20
3. This example shows how to configure the preforward and preup of a master whose
control VLAN is 4000 to 20 s and 10 s, respectively.
ZXR10(config)#zesr ctrl-vlan 4000 major-level preforward 20 preup 10
Command Function
Parameter descriptions:
Parameter Description
<1-10> The segment number on an access ring. At most there are four
access rings on a level.
<0-500> Preup value, in seconds. Once the Master detects that the ring is
up, the status changes after preup time. The default is 0.
12-3
A ZXR10 5900E series unit can be at the intersection point of a major ring and an
access ring. At that time, it can be in on the major ring or on the access ring. There
are two interfaces on the major ring and there is one interface on the access ring. The
device is named an access node in such situation. The role of the access node can be
edge-assistant or edge-control on the access ring. The edge-control role equals to a
master role of a general node.
Example
1. This example shows how to configure an access ring node whose control VLAN is
4000, level is 1, seg is 1, role is master, and interface is fei_1/10 or fei_1/20.
ZXR10(config)#zesr ctrl-vlan 4000 level 1 seg 1 role master fei_1/10 fei_1/20
2. This example shows how to configure an access ring node whose control VLAN is
4000, whose role is edge-assistant, whose level is 1, whose seg is 1, and whose
interface is fei_1/10.
ZXR10(config)#zesr ctrl-vlan 4000 level 1 seg 1 role edge-assistant fei_1/10
3. This example shows how to configure an access ring node whose control VLAN is
4000, level is 1, seg is 1, preforward is 20s, and preup is 10s.
ZXR10(config)#zesr ctrl-vlan 4000 level 1 seg 1 preforward 20 preup 10
Command Function
Example
This example shows how to set the ZESR restart time to 60 s.
ZXR10(config)#zesr restart-time 60
12-4
Example
This example shows how to configure the destination MAC address of ZESR in special
mode.
ZXR10(config)#zesr protocol-mac special
Command Function
ZXR10(config)#no zesr ctrl-vlan <1-4094> tcn cancel-sending Control VLAN of the <1-4094>
domain, ID of the ZESR domain
To configure the function of sending TCN packets in a ZESR domain, create the ZESR
domain first. The commands can be used to enable or disable the function of sending
TCN packets in a ZESR domain. By default, the function is enabled.
When the user runs the zesr ctrl-vlan <1-4094> tcn cancel-sending command, TCN packets
will not be sent in the ZESR domain. The configuration can be saved or restored.
Example
1. This example shows how to disable the function of sending TCN packets in the ZESR
domain with the VLAN ID of 100.
ZXR10(config)#zesr ctrl-vlan 100 tcn cancel-sending
2. This example shows how to enable the function of sending TCN packets in the ZESR
domain with the VLAN ID of 100.
ZXR10(config)#no zesr ctrl-vlan 100 tcn cancel-sending
Command Function
Parameter descriptions:
12-5
Parameter Description
Example
1. This example shows how to disable the function of sending TCN packets on interface
gei_3/1.
ZXR10(config-gei_3/1)#zesr tcn-sending disable
2. This example shows how to enable the function of sending TCN packets on interface
gei_3/1.
ZXR10(config-fei_1/1)#zesr tcn-sending enable
Command Function
Parameter descriptions:
Parameter Description
Example
1. This example shows how to enable gei_1/1 to send Link-Hello packets.
ZXR10(config)#zesr link-hello gei_1/1 special
2. This example shows how to disable gei_1/1 to send Link-Hello packets.
ZXR10(config)#zesr link-hello gei_1/1 normal
12-6
Command Function
Parameter description:
Parameter Description
To validate the parameter, the Link-Hello detection mode of an interface must be set to
special. If hello-interval is configured to 500 ms and fail-times is configured to 5, the
timeout time is 2500 ms (500 ms x 5).
Example
This example shows how to configure the interval of sending Link-Hello packets to 500 ms
and the timeout times to 5.
ZXR10(config)#zesr link-hello hello-interval 500 fail-times 5
12-7
On S1, sg1 (fei_1/1, fei_1/2) is connected to S2, and sg2 (fei_1/3, fei_1/4) is connected to
S3.
On S2, fei_1/1 is connected to S3, fei_1/2 is connected to S4, and sg2 (fei_1/3, fei_1/4) is
connected to S1
On S3, fei_1/1 is connected to S2, fei_1/2 is connected to S4, and sg2 (fei_1/3, fei_1/4) is
connected to S1.
On S4, fei_1/1 is connected to S2, and fei_1/2 is connected to S3.
The network formed by S1, S2, and S3 is at the major level. S2 is the master node. The
port on S2 that is connected to S1 is the major port (sg1). The network formed by S2, S3,
and S4 is the secondary ring level 1 seg 1. S4 is the master node. The port on S4 that is
connected to S3 is a secondary interface (fei_1/2 of S4). The control VLAN is VLAN 4000.
S1 configuration:
ZXR10_S1(config)#spanning-tree enable
ZXR10_S1(config)#spanning-tree mst configuration
ZXR10_S1(config-mstp)#instance 1 vlan 100-200
ZXR10_S1(config-mstp)#exit
12-8
S2 Configuration:
ZXR10_S2(config)#spanning-tree enable
ZXR10_S2(config)#spanning-tree mst configuration
12-9
ZXR10_S2(config)#interface smartgroup1
ZXR10_S2(config-smartgroup1)#switchport mode trunk
ZXR10_S2(config-smartgroup1)#smartgroup mode 802.3ad
ZXR10_S2(config-smartgroup1)#switchport trunk vlan 100-200
ZXR10_S2(config-smartgroup1)#switchport trunk vlan 4000
ZXR10_S2(config-smartgroup1)#exit
S3 Configuration:
The configurations (such as the interface instance configuration) are the same as those
on SW2.
12-10
S4 configuration:
The configurations (such as the interface instance configuration) are the same as those
on S2
ZXR10_S4(config)#zesr ctrl-vlan 4000 protect-instance 1
ZXR10_S4(config)#zesr ctrl-vlan 4000 level 1 seg 1 role master fei_1/1 fei_1/2
ZXR101 configuration:
Node 1 is an ordinary switch, which is used for transparently transmitting packets. For
the switch, configure a VLAN and disable the function of broadcast/unknown unicast
suppression of the interface.
12-11
ZXR10_S1(config)#interface fei_1/1
ZXR10_S1(config-fei_1/1)#negotiation auto
ZXR10_S1(config-fei_1/1)#switchport mode trunk
ZXR10_S1(config-fei_1/1)#switchport trunk vlan 100-200
ZXR10_S1(config-fei_1/1)#switchport trunk vlan 4000
ZXR10_S1(config-fei_1/1)#exit
//Connect to ZXR10-2
ZXR10_S1(config)#interface fei_1/2
//Set the interface working mode to auto negotiation
ZXR10_S1(config-fei_1/2)#negotiation auto
ZXR10_S1(config-fei_1/2)#switchport mode trunk
ZXR10_S1(config-fei_1/2)#switchport trunk vlan 100-200
ZXR10_S1(config-fei_1/2)#switchport trunk vlan 4000
ZXR10_S1(config-fei_1/2)#exit
ZXR102 configuration:
//Connect to ZXR10-1
ZXR10_S2(config)#interface fei_2/1
ZXR10_S2(config-fei_2/1)switchport mode trunk
ZXR10_S2(config-fei_2/1)switchport trunk vlan 100-200
ZXR10_S2(config-fei_2/1)switchport trunk vlan 4000
ZXR10_S2(config-fei_2/1)exit
//Connect to ZXR10-3
ZXR10_S2(config)#interface fei_2/2
ZXR10_S2(config-fei_2/2)negotiation auto
ZXR10_S2(config-fei_2/2)switchport mode trunk
ZXR10_S2(config-fei_2/2)switchport trunk vlan 100-200
ZXR10_S2(config-fei_2/2)switchport trunk vlan 4000
ZXR10_S2(config-fei_2/2)exit
//Connect to ZXR10-4
ZXR10_S2(config)#interface fei_2/3
ZXR10_S2(config-fei_2/3)negotiation auto
ZXR10_S2(config-fei_2/3)switchport mode trunk
ZXR10_S2(config-fei_2/3)switchport trunk vlan 100-200
ZXR10_S2(config-fei_2/3)switchport trunk vlan 4000
ZXR10_S2(config-fei_2/3)exit
12-12
ZXR103 configuration:
The configurations (such as the interface instance configuration) are the same as those
on ZXR102.
ZXR104 configuration:
The configurations (such as the interface instance configuration) are the same as those
on ZXR102.
12-13
12-14
Command Function
Command Function
13-1
Command Function
Command Function
Command Function
Command Function
Command Function
The range of channel numbers is 0256. The numbers 0255 are for special channels,
and it is necessary to specify a multicast address for each channel. The number 256
is the general channel, and does not require a multicast address.
2. Set the name of a channel.
Command Function
13-2
Command Function
ZXR10(config)#iptv channel < 0-256> mvlan <1-4094> Sets the multicast VLAN to which
a channel belongs.
4. Delete a channel.
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
13-3
Command Function
ZXR10(config)#iptv cac-rule < 1-256> name <WORD> Sets the name of a CAC rule.
Command Function
ZXR10(config)#iptv cac-rule < 1-256> prvcount <0-65535> Sets the maximum number of
previews of a rule. By default,
the value is the global maximum
number of previews.
Command Function
ZXR10(config)#iptv cac-rule < 1-256> prvtime <2-65535> Set the maximum duration of
previews of a rule. By default,
the value is the global maximum
duration.
Command Function
ZXR10(config)#iptv cac-rule < 1-256> prvinterval <2-65535> Sets the minimum intervals of
previews of a rule. By default,
the value is the global minimum
intervals of previews.
Command Function
Command Function
8. Delete a rule.
Command Function
13-4
Command Function
Command Function
Instructions:
Enable the IPTV function before enabling the privilege function. Otherwise, the system
prompts an error.
Command Function
Instructions:
Enable the IPTV privilege function before running the command. Otherwise, the system
prompts an error.
13-5
Command Function
Instructions:
It is unnecessary to enable the IPTV privilege function before a privilege rule is created or
deleted. However, the rule will not be validated before the privilege function is enabled.
13-6
R1 configuration:
ZXR10(config)#vlan 10 //Protection VLAN
ZXR10(config-vlan10)#exit
ZXR10(config)#vlan 4000 //Control VLAN
ZXR10(config-vlan4000)#exit
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#switchport mode trunk
ZXR10(config-gei_1/1)#switchport trunk vlan 10
ZXR10(config-gei_1/1)#switchport trunk vlan 4000
ZXR10(config-gei_1/1)#exit
ZXR10(config)#interface gei_1/2
ZXR10(config-gei_1/2)#switchport mode trunk
ZXR10(config-gei_1/2)#switchport trunk vlan 10
13-7
R2 configuration:
ZXR10(config)#vlan 10 //Protection VLAN
ZXR10(config-vlan10)#exit
ZXR10(config)#vlan 4000 //Control VLAN
ZXR10(config-vlan4000)#exit
ZXR10(config)#interface gei_1/1
ZXR10(config-gei_1/1)#switchport mode trunk
ZXR10(config-gei_1/1)#switchport trunk vlan 10
ZXR10(config-gei_1/1)#switchport trunk vlan 4000
ZXR10(config-gei_1/1)#exit
ZXR10(config)#interface gei_1/2
ZXR10(config-gei_1/2)#switchport mode trunk
ZXR10(config-gei_1/2)#switchport trunk vlan 10
ZXR10(config-gei_1/2)#switchport trunk vlan 4000
ZXR10(config-gei_1/2)#exit
ZXR10(config)#spanning-tree enable
ZXR10(config)#spanning-tree mst configuration
ZXR10(config-mstp)#instance 1 vlans 10
ZXR10(config-mstp)#exit
ZXR10(config)#zesr ctrl-vlan 4000 protect-instance 1
ZXR10(config)#zesr ctrl-vlan 4000 major-level role transit gei_1/1 gei_1/2
ZXR10(config)#interface gei_1/3 //Interface connected to the VOD user
ZXR10(config-gei_1/3)#switchport access vlan 2
13-8
ZXR10(config-gei_1/3)#exit
ZXR10(config)#nas
ZXR10(config-nas)#iptv control enable
ZXR10(config-nas)#exit
ZXR10(config-nas)#iptv privilege enable
ZXR10(config-nas)#iptv privilege mvlan 10
ZXR10(config-nas)#create iptv privilege-rule 1 port gei_1/1
//Privilege right assigned for the interface on the ring
ZXR10(config-nas)#create iptv privilege-rule 2 port gei_1/2
//Privilege right assigned for the interface on the ring
//The following command is used to assign privilege rights for the user interface.
CAC rules or channels can also be configured for the user port.
ZXR10(config-nas)#create iptv privilege-rule 3 port gei_1/3
ZXR10(config)#ip igmp snooping querier //Querier configuration
ZXR10(config)#vlan 2
ZXR10(config-vlan2)#igmp snooping querier
After the configuration is complete, the user can play any channel on gei_1/3 of R2.
Command Function
Instructions:
The configuration includes the enable status of the privilege function and the VLAN ID
of the privilege source. If the source VLAN is not configured, the related field shows
"Unspecified".
2. Show the IPTV privilege rule table.
Command descriptions:
Command Function
Instructions:
The configuration includes the maximum number of rules, number of current rules,
number of historical rules, and details of current rules.
13-9
Command Function
Instructions:
The configuration includes the maximum number of users supported by the privilege
module, number of current online users, number of historical online users, and details
of current online users.
To check whether IGMP packets can pass the privilege module on the switch
configured with the IPTV privilege function, use the debug ip igmp-snooping command.
13-10
Command Function
ZXR10(config)#show iptv client [{port<portno>| vlan <vlanid>| Displays the online IPTV users
device <devno>}]
13-11
13-12
Command Function
14-1
Command Function
Command Function
3. Set the source address used by NTP to send a time synchronization request.
Command Function
Command Function
14-2
Command Function
ZXR10 configuration:
ZXR10(config)#interface vlan24
ZXR10(config-if-vlan24)#ip address 192.168.2.2 255.255.255.0
ZXR10(config-if-vlan24)#exit
ZXR10(config)#ntp enable
ZXR10(config)#ntp server 192.168.2.1 version 2
ZXR10 5900E series units support several RADIUS server groups. In each RADIUS group,
there are at most three authentication servers.
14-3
Command Function
Command Function
Command Function
14-4
Command Function
Command Function
ZXR10#debug radius {all | exception | user <user name><domain Shows the Radius debug
name>|{authentication | accounting}{ data | error | event | information.
packet {<group number>| all }}}
ZXR10#clear accounting local-buffer {< group number>| all} Clears the accounting packets
cached locally.
ZXR10#show configuration radius {all | auto-change | nas-id} Shows the Radius configuration.
all: shows the configuration of
Radius authentication group and
accounting group.
auto-change: shows the Radius
auto-change configuration.
nas-id: shows the Radius
NAS-ID configuration.
ZXR10(config)#radius accounting-group 1
ZXR10(config-acct-group-1)#algorithm round-robin
ZXR10(config-acct-group-1)#calling-station-format 2
ZXR10(config-acct-group-1)#deadtime 5
14-5
ZXR10(config-acct-group-1)#local-buffer enable
ZXR10(config-acct-group-1)#max-retries 5
ZXR10(config-acct-group-1)#nas-ip-address 10.1.1.4
ZXR10(config-acct-group-1)#server 1 10.2.1.3 key uas
ZXR10(config-acct-group-1)#server 2 12.1.2.3 key uas
ZXR10(config-acct-group-1)#timeout 10
Command Function
Command Function
14-6
Command Function
SysContact is a management variable of the system group in MIB II. It records the ID
and contact mode of the related personnel who manage the device.
4. Set the location (SysLocation) of an MIB object.
Command Function
Command Function
ZXR10(config)#snmp-server enable trap [<notification-type>] Sets the types of TRAP that can
be sent.
TRAP is a type of information sent by the managed device to the NM server without
requests. It is used to report emergent events.
6. Set a TRAP destination host.
Command Function
ZXR10 5900E supports five types of traps: SNMP, BGP, Open Shortest Path First
(OSPF), RMON, and stalarm.
7. Use an ACL to control the host that can access the system through SNMP.
Command Function
14-7
Command Function
ZXR10(config)#snmp-server context < context name > Defines the name of an SNMP
context.
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
14-8
Command Function
Command Function
17. Display the information of SNMPv3 group, use the following command.
Command Function
Command Function
14-9
Command Function
Command Function
Command Function
4. Configure an event.
Command Function
Command Function
Assume that there are several computers connected to gei_1/1. When these
computers communicate on the subnet, traffic statistics data can be viewed through
the NM system. RMON statistics information also can be viewed with the show rmon
statistics command, as shown below.
ZXR10#show rmon statistics
14-10
RMON historical information can be viewed with the show rmon history command, as
shown below.
ZXR10#show rmon history
Entry 1 is active, and owned by rmontest
Monitors ifEntry.1.1 every 10 seconds
Requested # of time intervals, ie buckets, is 10
Granted # of time intervals, ie buckets, is 10
Sample # 1 began measuring at 00:11:00
Received 38346 octets, 216 packets,
0 broadcast and 80 multicast packets,
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions.
# of dropped packet events is 0
Network utilization is estimated at 1
l This example shows how to configure and enable the RMON alarm control entities.
ZXR10(config)#rmon alarm 1 system.3.0 10 absolute rising-threshold 1000 1
Falling-threshold 10 1 owner rmontest
ZXR10(config)#
RMON alarm information can be viewed with the show rmon alarm command, as
shown below.
ZXR10#show rmon alarm
Alarm 1 is active, owned by rmontest
Monitors system.3.0 every 10 seconds
Taking absolute samples, last value was 54000
Rising threshold is 1000, assigned to event 1
14-11
Configure an alarm control entity. After 10 seconds, RMON events can be viewed
with the show rmon event command, as shown below.
ZXR10#show rmon event
Event 1 is active, owned by rmontest
Description is test
Event firing causes log and trap to community/user rmontrap, last fired 0w0d, 05:40:20
last fired 05:40:20
Current log entries:
index time description
1 05:40:14 test
ZXR10#
Command Function
Command Function
14-12
Command Function
4. Set the level of the logs displayed on the console interface or a TELNET interface.
Command Function
Command Function
Command Function
7. Set the parameters used for sending alarm information to a trap server.
Command Function
8. Set the parameters that are used for packaging information in the alarm buffer to a file
and sending it to an FTP server.
Command Function
ZXR10(config)#syslog-server host < ip-address>[ fport < Sets the parameters that are
fport>][ lport < lport>][ alarmlog level <level>][ cmdlog][ used for packaging information
debugmsg] in the alarm buffer to a file and
sending it to an FTP server.
Command Function
14-13
Command Function
Command Function
14-14
Command Function
Command Function
Command Function
Parameter descriptions:
14-15
Parameter Description
Command Function
Parameter descriptions:
Parameter Description
Command Function
Parameter descriptions:
Parameter Description
port The port number of a TCP connection. The default value is 49.
Command Function
Parameter description:
14-16
Parameter Description
<key> The key used for interacting with messages between an NAS
and a server, with 163 characters (no spaces). The key
defined on the server must be the same as this one.
Command Function
Command Function
Command Function
Parameter description:
Parameter Description
14-17
14-18
There is only one command switch in a cluster. The command switch can collect the
device topology automatically and establish a cluster. After the cluster is established,
the command switch provides a management channel through which the cluster can
manage the member switches. The member switches are candidate switches before
being added into the cluster. The switches that do not support cluster management are
called independent switches.
For the network of a cluster, see Figure 15-1.
15-1
For the rules for the four types of switches to change their roles in a cluster, see Figure
15-2.
15-2
Command Function
Command Function
Command Function
15-3
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
15-4
Command Function
Command Function
Command Function
4. Set the hold-time between member switches and the command switch on the
command switch.
Command Function
Command Function
Command Function
15-5
Command Function
Command Function
Command Function
Command Function
1. Set the two ports to be in a VLAN (such as VLAN 1, and ensure that no Layer 3 address
is configured on VLAN 1).
2. Execute the show zdp neighbor command on DUT A to ensure that the ZDP neighbor
relationship has been established.
3. Execute the ztp start command on DUT A to start topology collection. Then execute
the show ztp device-list command to ensure that DUT A and DUT B are listed.
15-6
4. Set DUT A to the command switch with the group switch-type commander command.
Ensure that DUT A is the command switch with the show group command.
5. Set DUT B to the member switch with the group member device 1 command. Display
the member switches with the show group member command, and the state is up.
6. In privileged mode, the Member 1 can be logged into with the rlogin member 1 com-
mand on the command switch. The command switch can be logged in to with the
rlogin commander command on the member switch.
Command Function
ZXR10#show zdp neighbour [ interface <interface>| mac Displays the ZDP neighbors
<mac-address>] (directly connected ZDP nodes).
15-7
15-8
Command Function
16-1
16-2
Figure 16-3 IP Source Guard Configuration based on an IP Address and a MAC Address
Command Function
16-3
Command Function
Command Function
Configure this command in interface mode. It is used to modify the alarm threshold for
a protocol packet type on a physical port. When the number of the specific protocol
packets exceeds this threshold in 30 s, an alarm message is sent. The default alarm
threshold is 3000.
4. Configure the peak rate or the average rate of a protocol packet type.
Command Function
The unit is packets-per-second (pps). The range of the peak rate is 1001000, and
the default peak rate is 300. The range of the average rates is 10600, and the default
average rate is 100.
5. Configure the port type of an interface type.
Command Function
16-4
When the protocol packets are set to be discarded, even if the packets are sent to the
MUX module, they are still discarded by this module. They cannot hit the platform.
When the control plane security module finds that a protocol packet type is sent to the
platform at too fast a rate, it sends alarms to remind users that there may be a protocol
packet type attacking the CPU. When this alarm appears, users can set the system to
discard the packets or limit the packet rate to prevent the attack on the CPU.
Note:
If the protocol packets of some types are discarded, the related services may fail.
Command Function
16-5
A, B and C are in the same broadcast domain, that is, the same network segment. When
A and B communicate with each other, ARP packets are sent and C can intercept these
ARP packets. If C acts as a man in the middle to do malicious scanning, it sends free ARP
to A to inform that the IP corresponding to the MAC address of B has been updated to
that of C, causing traffic from A to B to be directly forwarded to C. As the same time, traffic
from B to A also can be forwarded to C. After doing malicious scanning on the packets, C
modifies the destination address to the real MAC address of B or A and returns the packets
to the switch. Traffic between A and B can be forwarded properly and not be perceived so
that C completes a man-in-the-middle attack.
To avoid that, check all ARP packets. Packets that pass the check are forwarded. ARP
packets that fail the check are discarded.
Based on this requirement, the ZXR10 5900E system to help prevent ARP attack.
l For untrusted interfaces, DAI intercepts all ARP packets and sends them to the upper
layer for confirmation.
l Users can configure the rate at which ARP packets sent to the CPU can be configured.
l When the DHCP snooping function is enabled, the relation between an IP address, a
MAC address and a port is checked. Illegal packets are discarded.
16-6
DAI checks the ARP packets according to the association between IP addresses and MAC
addresses in the trusted database. When enabled, the DHCP snooping function of a VLAN
creates a database. If the ARP packets are received from a trusted port, the device does
not check the packets and forwards the packets directly. If the ARP packets are received
from an untrusted port, the switch only forwards valid packets.
Command Function
ZXR10#show ip arp inspection vlan [{<1-4094>| disable | enable | Displays DAI configuration
name vlan_name}] information of a VLAN.
16-7
The prerequisite is that the DHCP snooping function of VLAN 2 has been enabled.
ZXR10(config)#ip dhcp snooping enable
ZXR10(config)#ip dhcp snooping vlan 2
ZXR10(config)#ip dhcp snooping trust fei_X/X
16-8
Command Function
Command Function
Command Function
Command Function
Command Function
Command Function
16-9
16-10
Command Function
16-11
16-12
Command Function
Command Function
17-1
Command Function
17-2
18-1
8. Uplink ingress bandwidth usage mode (BW%): In this mode, the indicator shows
the current ingress bandwidth usage of the uplink port based on the current uplink
port rate. The 5928E and 5928E-FI use the indicators of ports 1-20 to represent the
bandwidth usage, with 5% for each port. The 5952E uses the indicators of ports 1-16
on the main control board to represent the bandwidth usage, with 6.25% for each port.
9. Ping NMS center mode (PING): In this mode, the first five indicators are used to show
the status. The device sends five ICMP packets to the NMS center. If a correct
response is received for each ICMP packet, the corresponding indicator is lit green.
Otherwise, the corresponding indicator is lit yellow. After the five indicators are lit for
20s, they are off to go to the next Ping process. If the NMS address is not configured,
the five indicators are lit yellow at the same time and then off to go to the next Ping
process.
10. CRC port display mode (CRC): In this mode, the indicator prompts a CRC error. If a
CRC error exists on the port, the indicator is lit yellow. Otherwise, the indicator is off.
11. STORM port display mode (STORM): In this mode, the indicator indicates a storm port.
If the port is a storm port, the indicator is lit yellow. Otherwise, the indicator is off.
12. NoMAC port display mode (NoMAC): In this mode, the indicator indicates whether the
port learns the MAC address. If the port does not learn the MAC address, the indicator
is lit yellow. Otherwise, the indicator is off. This mode supports the trunk function. If
the trunk port learns the MAC address, the indicators of active ports in the trunk are
off.
18-2
Caution!
Only when the electrical ports at both ends of two interconnected devices enable the
energy-efficiency function, the function can take effect.
19-1
ZXR10(config)#show power-usage
The Device is not support get Power-Usage.
Command Function
If the eee enable and eee disable commands are used in the configuration mode, they help
enable and disable the global EEE function. When the global EEE function is disabled,
the actual PHY chip does not work in the EEE state no matter whether the EEE function
is enabled on the interface. By default, the EEE function is enabled on the supported
devices.
If the eee statistic from-now-on command is used in the configuration mode, it provides
users with the time points recorded when power statistics are collected. When the user
runs the command, the data in the specified statistic field will be cleared and accumulated
every hour.
19-2
Command Function
If the eee enable and eee disable commands are used in the interface mode, they enable
and disable the EEE function of an interface. When the global EEE function and the EEE
function of the interface are enabled at the same time, the PHY chip will work in the EEE
state. By default, the EEE function is enabled on the supported devices.
Command Function
If the eee statistic from-now-on command is used in the configuration mode, it provides
users with the time points recorded when power statistics are collected. When the user
runs the command, the data in the specified statistic field will be cleared and accumulated
every hour. The 12Hours column shows the saved power in last 12 hours before the data
is shown. The 24Hours column shows the saved power in last 24 hours before the data is
shown. The User column shows the saved power after the user customizes the time and
before the data is shown. The Total column shows the saved power after the system is
started and before the data is shown. The unit is joule.
If the clear eee statistic command is used in the privilege mode, it clears all the EEE
statistics.
19-3
19-4
I
ZXR10 5900E Series User Manual (Basic Configuration)
II
Tables
Table 2-1 Command Modes ...................................................................................... 2-9
Table 2-2 Recalling Recent Commands .................................................................. 2-12
Table 4-1 Interface State Abnormal Conditions ......................................................... 4-7
Table 7-1 Display Format ........................................................................................ 7-19
Table 7-2 Display Format ........................................................................................ 7-19
III
Tables
DOS
- Disk Operating System
DSCP
- Differentiated Services Code Point
DSL
- Digital Subscriber Line
DSLAM
- Digital Subscriber Line Access Multiplexer
EAPS
- Ethernet Automatic Protection Switching
FE
- Fast Ethernet
FTP
- File Transfer Protocol
GRE
- General Routing Encapsulation
I2C
- Inter-Integrated Circuit
V
ZXR10 5900E Series User Manual (Basic Configuration)
ICMP
- Internet Control Message Protocol
IEEE
- Institute of Electrical and Electronics Engineers
IP
- Internet Protocol
IPTV
- Internet Protocol Television
IPX
- Internetwork Packet Exchange protocol
IS-IS
- Intermediate System-to-Intermediate System
ISP
- Internet Service Provider
LACP
- Link Aggregation Control Protocol
MAC
- Medium Access Control
MFF
- MAC-Forced Forwarding
MIB
- Management Information Base
MSTP
- Multiple Spanning Tree Protocol
NAS
- Network Access Server
NM
- Network Management
NMS
- Network Management Server
NNI
- Network Node Interface
NTP
- Network Time Protocol
OSPF
- Open Shortest Path First
PBS
- Peak Burst Size
VI
Glossary
PPP
- Point to Point Protocol
PPPoE
- Point to Point Protocol over Ethernet
PVID
- Port VLAN ID
RED
- Random Early Detection
RIP
- Routing Information Protocol
RMON
- Remote Monitoring
SNMP
- Simple Network Management Protocol
SSH
- Secure Shell
STB
- Set-top Box
STP
- Spanning Tree Protocol
TACACS+
- Terminal Access Controller Access-Control System Plus
TCP
- Transfer Control Protocol
TFTP
- Trivial File Transfer Protocol
TPID
- Tag Protocol Identifier
TTL
- Time To Live
TrTCM
- Two-rate Three Color Marker
UDP
- User Datagram Protocol
UNI
- User Network Interface
URPF
- Unicast Reverse Path Forwarding
VII
ZXR10 5900E Series User Manual (Basic Configuration)
VBAS
- Virtual Broadband Access Server
VLAN
- Virtual Local Area Network
VOD
- Video On Demand
VRRP
- Virtual Router Redundancy Protocol
WRED
- Weighted Random Early Detection
WRR
- Weighted Round Robin
ZDP
- ZTE Discovery Protocol
ZESR
- ZTE Ethernet Switch Ring
ZTP
- ZTE Topology Protocol
VIII