ZTE OLT ZXR10 5900E Series (V3.00.11) Configuration Guide (IP Service)

ZXR10 5900E Series
Easy-Maintenance MPLS Routing Switch

Configuration Guide (IP Service)
Version: 3.00.11
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright © 2014 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit the ZTE technical support website http://support.zte.com.cn to inquire for related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
Revision No. Revision Date Revision Reason
R1.0 2015–01–15 First edition
Serial Number: SJ-20150114102049-004
Publishing Date: 2015-01-15 (R1.0)
SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

Contents
About This Manual ......................................................................................... I
Chapter 1 IP Address Configuration......................................................... 1-1
1.1 IP Address Overview .......................................................................................... 1-1
1.2 Configuring IP Address ....................................................................................... 1-2
1.3 Maintaining IP Address ....................................................................................... 1-2
1.4 IP Address Configuration Example ...................................................................... 1-3
Chapter 2 IP Performance.......................................................................... 2-1

2.1 ICMP Response ................................................................................................. 2-1
2.2 Clearing Static Data ........................................................................................... 2-2
2.3 Configuring IP Source Route Options .................................................................. 2-2
2.4 Enabling the ICMP Redirection Packet Function................................................... 2-3
2.5 Maintaining IP Performance ................................................................................ 2-4
Chapter 3 IP MTU Configuration ............................................................... 3-1

3.1 IP MTU Overview ............................................................................................... 3-1
3.2 Configuring IP MTU ............................................................................................ 3-2
3.3 Maintaining IP MTU ............................................................................................ 3-2
3.4 IP MTU Configuration Example ........................................................................... 3-3
Chapter 4 DHCP Configuration ................................................................. 4-1

4.1 DHCP Server Configuration ................................................................................ 4-2
4.1.1 DHCP Server Overview ............................................................................ 4-2
4.1.2 Configuring a DHCP Server ...................................................................... 4-2
4.1.3 Maintaining a DHCP Server ...................................................................... 4-6
4.1.4 DHCP Server Configuration Example .......................................................4-11
4.2 DHCP Relay Configuration ............................................................................... 4-14
4.2.1 DHCP Relay Overview ........................................................................... 4-14
4.2.2 Configuring a DHCP Relay ..................................................................... 4-15
4.2.3 Maintaining a DHCP Relay ..................................................................... 4-20
4.2.4 DHCP Relay Configuration Example........................................................ 4-24
4.3 DHCP Proxy Configuration ............................................................................... 4-28
4.3.1 DHCP Proxy Overview ........................................................................... 4-28
4.3.2 Configuring a DHCP Proxy ..................................................................... 4-29
4.3.3 Maintaining a DHCP Proxy ..................................................................... 4-31
4.3.4 DHCP Proxy Configuration Example........................................................ 4-33

4.4 DHCP Snooping Configuration .......................................................................... 4-35
4.4.1 DHCP Snooping Overview ...................................................................... 4-35
4.4.2 Configuring DHCP Snooping................................................................... 4-38
4.4.3 Maintaining DHCP Snooping................................................................... 4-46
4.4.4 DHCP Snooping Configuration Examples ................................................ 4-49
Chapter 5 TCPv4 Configuration ................................................................ 5-1

5.1 TCPv4 Overview ................................................................................................ 5-1
5.2 Configuring TCPv4 ............................................................................................. 5-1
5.3 Maintaining TCPv4 ............................................................................................. 5-4
Chapter 6 UDPv4 Configuration................................................................ 6-1

Chapter 7 Cluster Management Configuration ........................................ 7-1
7.1 Cluster Management Overview ........................................................................... 7-1
7.2 Configuring Cluster Management Configuration ................................................... 7-1
7.3 Maintaining Cluster Management ........................................................................ 7-3
7.4 Cluster Management Configuration Example........................................................ 7-4
Chapter 8 IPTV Configuration ................................................................... 8-1

8.1 IPTV Overview ................................................................................................... 8-1
8.2 Configuring IPTV................................................................................................ 8-3
8.3 Maintaining IPTV................................................................................................ 8-9
8.4 IPTV Configuration Example ............................................................................. 8-14
Figures............................................................................................................. I
Glossary ........................................................................................................ III
II

About This Manual
Purpose
This manual is the ZXR10 5900E Series (V3.00.11) Easy-Maintenance MPLS Routing
Switch Configuration Guide (IP Service), which is applicable to the ZXR10 5900E
(V3.00.11) series switches.
Intended Audience
This manual is intended for:
l Network planning engineers

l Debugging engineers
l Attendants
What Is in This Manual

This manual contains the following chapters:
Chapter 1, IP Address Describes the overview and principles of IP address configuration,

Configuration related configuration and maintenance commands, and configuration
examples.
Chapter 2, IP Performance Describes the overview and principles of IP performance configuration,

related configuration and maintenance commands, and configuration
examples.
Chapter 3, IP MTU Describes the overview and principles of MTU configuration, related
Configuration configuration and maintenance commands, and configuration examples.
Chapter 4, DHCP Describes the overview and principles of DHCP configuration, related
Chapter 5, TCPv4 Describes the overview and principles of TCPv4 configuration, related
Chapter 6, UDPv4 Describes the overview and principles of UDPv4 configuration, related
Chapter 7, Cluster Describes the overview and principles of cluster management

Management Configuration configuration, related configuration and maintenance commands, and
configuration examples.
Chapter 8, IPTV Describes the overview and principles of IPTV configuration, related
Conventions
This manual uses the following typographical conventions:

Italics Variables in commands. It may also refer to other related manuals and documents.
Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters, and commands.
Constant Text that you type, program codes, filenames, directory names, and function names.
width
[] Optional parameters.
{} Mandatory parameters.
| Separates individual parameters in a series of parameters.
Danger: indicates an imminently hazardous situation. Failure to comply can result in

death or serious injury, equipment damage, or site breakdown.
Warning: indicates a potentially hazardous situation. Failure to comply can result in

serious injury, equipment damage, or interruption of major services.
Caution: indicates a potentially hazardous situation. Failure to comply can result in

moderate injury, equipment damage, or interruption of minor services.
Note: provides additional information about a certain topic.
II

Chapter 1
IP Address Configuration
Table of Contents
IP Address Overview..................................................................................................1-1
Configuring IP Address...............................................................................................1-2
Maintaining IP Address...............................................................................................1-2
IP Address Configuration Example .............................................................................1-3
1.1 IP Address Overview

Internet Protocol (IP) address is an unique 32 bit identifies, which is allocated to the host
or router indirectly connecting to Internet. IP address is graduated. An IP address is
composed of network ID (the first grade) and host ID (the second grade) that is convenient
for people to manage IP addresses. IP address is used to help people do addressing in
Internet.
IP addresses are divided into five classes: A, B and C, D and E. Among class A, B and
C addresses, some addresses are reserved for private networks. This is recommended
that private network addresses must be used for establishing internal networks. These
addresses refer to:
l Class A: 10.0.0.0-10.255.255.255
l Class B: 172.16.0.0-172.31.255.255
l Class C: 192.168.0.0-192.168.255.255
Address division is originally intended to facilitate design of routing protocols, so that

header feature bit of an IP address is enough for judging type of a network. However,
classification method restricts utilization of address space to greatest extent. With rapid
expansion of Internet, problem of insufficient addresses becomes more and more serious.
To utilize IP addresses to greater extent, a network can be divided into multiple subnets.
The "bit borrowing" mode can be used: highest bits of host bits are borrowed to serve
as subnet bits and left host bits still serve as host bits. Thus structure of an IP address
consists of three parts: Network bits, subnet bits and host bits.
Network bits and subnet bits are used to uniquely identify a network. Use subnet mask to
find which part in IP address indicates network bits and subnet bits, which part stands for
host bits. The part with subnet mask of "1" corresponds to network bits and subnet bits of
IP address, while the part with subnet mask of "0" corresponds to host bits.
Division of subnets greatly improves utilization of IP addresses, which relieves the problem
of insufficient IP addresses to some extent.
Regulations on IP addresses are shown below.
1-1

ZXR10 5900E Series Configuration Guide (IP Service)
l (0.0.0.0) is used when a host without an IP address is started. Reverse Address

Resolution Protocol (RARP), BOOTstrap Protocol (BOOTP) and Dynamic Host
Configuration Protocol (DHCP) are used to obtain IP address. The address serves
as default route in routing table.
l 255.255.255.255 is a destination address used for broadcast and cannot serve as a
source address.
l 127. X.X.X is called loopback address. Even if actual IP address of host is unknown,
address still can be used to stand for the "local host".
l Only IP addresses with host bits being all "0" indicate network itself. An IP address
with host bits being all "1" serves as broadcast address of the network.
l For a legal host IP address, the network part or the host part must not be all "0" or all
"1".
1.2 Configuring IP Address

To configure IP address on ZXR10 5900E, perform the following steps.
Step Command Function
ZXR10(config)#interface < interface-name> This enters layer 3 vlan

1
interface configuration mode.
ZXR10(config-if-interface-name)#ip address This configures IP address.

2
<ip-address><net-mask>[<broadcast-address>| secondary]
Descriptions of the parameters are shown below.
Parameter Description
<ip-address> IP address, in decimal dotted notation
<net-mask> IP subnetwork mask, in decimal dotted notation
<broadcast-address> The broadcast address connecting to the interface, in decimal

dotted notation
secondary Interface secondary address
1.3 Maintaining IP Address

People can use the following command to locate and solve fault when the fault occurs in
IP address. The common-used command is show.
Command Function
ZXR10#show ip interface [ brief [ phy This shows the information of the IP address
|<interface-name >|[{ exclude | include}<line>]]] configured in the current interface.
Descriptions of the parameters are shown below.
1-2

Chapter 1 IP Address Configuration
brief This shows the brief information of interface.
<interface-name > Interface name
phy This shows the state of physical interface
{ exclude | include}<line>] <line> is regular expression.
This example describes how to show the information of vlan1.

ZXR10#show ip interface vlan1
vlan1 AdminStatus is up, PhyStatus is up, line protocol is down
Internet address is 180.1.1.1/24
Broadcast address is 255.255.255.255
IP MTU 1500 bytes
Descriptions of command output are shown below.
show Command Output Description
AdminStatus is up It indicates whether the administrator state of interface is

available. The up represents that the administrator state is
available while the down represents that the administrator
state is unavailable.
PhyStatus is down It indicates whether the physical state of interface is available.

The up represents that the physical state is available while
the down represents that the physical state is unavailable.
line protocol is up It indicates whether the link layer protocol is available. The
up represents that the alink layer protocol state is available
while the down represents that the link layer protocol state
is unavailable.
Internet address IP address of interface. An interface can have many IP

addresses.
Broadcast address Broadcast address. It is decided by IP address. The default

value is 255.255.255.255
IP MTU MTU value of IP packet
1.4 IP Address Configuration Example

Configuration Description
As shown in Figure 1-1, the interfaces gei-0/1/1/1 of S1 and gei-0/1/1/2 of S2 connect each
other directly. It is required that S1 and S2 can ping each other successfully.
1-3

Figure 1-1 IP Address Configuration Example Topology
Configuration Flow
1. Configure IP addresses of the layer 3 vlan interface.
2. Test the configuration result to confirm that S1 and S2 can ping each other.
Configuration Commands
S1 configuration,
S1(config)#switchvlan-configuration
S1(config-swvlan)#interface gei-0/1/1/1
S1(config-swvlan-if-gei-0/1/1/1)#switchport access vlan50
S1(config-swvlan-if-gei-0/1/1/1)#!
S1(config)#interface vlan50
S1(config-if-vlan50)#ip address 10.1.1.1 255.255.255.0
S1(config-if-vlan50)#exit
S2 configuration,
S2(config-swvlan-if-gei-0/1/1/2)#switchport access vlan50
S1(config-swvlan-if-gei-0/1/1/2)#!
S2(config-if-vlan50)#ip address 10.1.1.2 255.255.255.0
Configuration Verification
Validate the configuration on S1,
S1#ping 10.1.1.2
sending 5,100-byte ICMP echoes to 10.1.1.2,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max=
129/185/200 ms.

S2#ping 10.1.1.1
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max=
129/185/200 ms.
1-4

Chapter 2
IP Performance
Table of Contents
ICMP Response .........................................................................................................2-1
Clearing Static Data ...................................................................................................2-2
Configuring IP Source Route Options .........................................................................2-2
Enabling the ICMP Redirection Packet Function.........................................................2-3
Maintaining IP Performance .......................................................................................2-4
2.1 ICMP Response

ICMP Fast Response Overview
The fast response function of ICMP is comparative to ICMP slow response. Fast ICMP
response function reduces time delay and decreases delay jitter, which increases network
delay stand-reaching rate.
ICMP Response Configuration Example

l Configuration Description
As shown in Figure 2-1, the interface gei-0/1/1/1 of S1 connects to gei-0/1/1/2 of S2

directly. ICMP response (ping) is required between S1 and S2.
Figure 2-1 ICMP Response Configuration Example Topology
l Configuration Thought
1. Configure IP addresses of S1 and S2 interfaces.
2. Test configuration result to make sure that ICMP response (ping) is realized
between S1 and S2.
l Configuration Process
S1 configuration,
S1(config-swvlan-intf)#switchport access vlan 1
S1(config-swvlan-intf)#exit
2-1

S1(config-if)#ip address 10.1.1.1 255.255.255.0
S2 configuration,
S2(config-swvlan-intf)#switchport access vlan 2
S2(config-swvlan-intf)#exit
l Configuration Check
S1#ping 10.1.1.2
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/21 ms.
S2#ping 10.1.1.1
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/21 ms.
2.2 Clearing Static Data

User needs to view the current statistic data sometimes, therefore, it is necessary to clear
the history statistic data on interface. To clear the statistic data on ZXR10 5900E, use the
following command.
Command Function
ZXR10#clear statistics interface This clears the performance value

which is continuously accumulated on
an interface (if not specified, it means
all interfaces).
2.3 Configuring IP Source Route Options

Switch has software to inspect the IP packet header option of each packet. Currently, the
following packet header options are supported, Strict Source Route, Loose Source Route
and so on. Router will perform the corresponding operation if the software finds any packet
header option is available. When a packet containing invalid option is received, router will
send a ICMP invalid parameter packet to the packet's source address and discard the
packet.
2-2

Chapter 2 IP Performance
The source host specifies a path called source path by IP network. Software forwards the
packets according to the specified source path. This function is required when a packet
has to be transmitted by using the specified path. By default, source route processing is
executed.
To configure IP source route options on ZXR10 5900E, use the following commands.
Command Function
ZXR10(config)#ip source-route This makes the switch process the data

packets containing IP source route
options.
ZXR10(config)#no ip source-route This configures to discard the data

packets containing IP source route
options.
2.4 Enabling the ICMP Redirection Packet Function

If the redirection packet function is enabled on a switch interface, the switch can send a
redirection packet to notify the host of a better next hop address, so the host can locate a
better next hop switch. The switch can also notify the host through the redirection packet
that the destination address is a neighbor node.
To enable or disable sending ICMP redirection packets on the ZXR10 5900E, perform the
following steps:
ZXR10(config)#icmp-config Enters ICMP configuration

1
mode.
ZXR10(config-icmp)#interface<interface-name> Enters ICMP interface

2
configuration mode.
ZXR10(config-icmp-if)#ip redirect Enables the switch to send

3
ICMP redirection packets.
ZXR10(config-icmp-if)#no ip redirect Disables the ICMP redirection

4
packet function.
Example
The following example shows how to enable the ICMP redirection packet function on
interface vlan50:
ZXR10(config)#icmp-config
ZXR10(config-icmp)#interface vlan50
ZXR10(config-icmp-if)#ip redirect
2-3

2.5 Maintaining IP Performance

To maintain IP performance on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show ip traffic Displays IP transmission statistics.
ZXR10#clear ip traffic Clears IP transmission statistics.
The following shows the output of the show ip traffic command:

ZXR10#show ip traffic
IP statistics:
Rcvd: 116 total, 0 local destination
format errors checksum errors bad hop count unknown protocol
0 0 0 0
Frags:reassembled timeouts couldn't reassemble
0 0 0
fragmented couldn't fragment
0 0
Bcast:received sent
0 0
Sent: generated forwarded encapsulation failed no route
0 114 114 0
ICMP statistics:
Rcvd: 0 total
format errors redirects unreachable echo
0 0 0 0
echo reply mask requests mask replies quench
0 0 0 0
timestamp request timestamp reply time exceeded parameter problem
0 0 0 0
Sent: 0 total
format errors redirects unreachable echo
0 0 0 0
echo reply mask requests mask replies quench
0 0 0 0
timestamp request timestamp reply time exceeded parameter problem
0 0 0 0
UDP statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 0 total
TCP statistics:
Rcvd: 0 total, 0 checksum errors
Sent: 0 total
2-4

Chapter 3
IP MTU Configuration
Table of Contents
IP MTU Overview .......................................................................................................3-1
Configuring IP MTU....................................................................................................3-2
Maintaining IP MTU....................................................................................................3-2
IP MTU Configuration Example ..................................................................................3-3
3.1 IP MTU Overview

Both Ethernet and 802.3 have a restriction in the data frame length, which the maximum
values are 1500 bytes and 1476 bytes respectively. This feature is called IP Maximum
Transmission Unit (MTU). Most of networks have their own restriction.
When a data packet is transmitted in IP layer but its length is more than MTU, IP layer
will do fragmentation. That is to say, the data packet is divided into many fragments, and
every fragment is smaller than IP MTU.
IP MTU values are different in the different networks. In order to avoid fragmentation and
improve network performance, use ip mtu command to modify the size of IP MTU.
In order to get higher transmission efficiency in network layer, the data packets which
containing byte values are less than the restricted values are not sent. Therefore, the
restricted value indicates the data packet size.
An important problem is that the larger the IP MTU value is set, the more packets are
saved in cache. Thus, the client sends packets with lower rate that causes the time delay
for sending packets is bigger.
Another problem is that when a large packet is transmitted from a PC to another PC, it will
pass through many network connections which have smaller IP MTU values. In this way,
the large packet will be disassembled, sent and reassembled. The packet transmission
time is increased a lot.
However, IP MTU value can not be set too small because each packet has a 40 bytes
header containing important control information. The header occupies lots of available
bandwidth if IP MTU value is smaller. For example, a good working 56k modem can upload
data at 4200bytes/second. If IP MTU value is set to 90 bytes, and the header occupies 40
bytes (44% of the size of the whole data packet). The utilization rate of bandwidth is very
low because 44% of 4200 (1428 bytes) bytes are used to transmit the header, only 2772
bytes are used to transmit user data. Therefore, it is necessary to configure an appropriate
IP MTU value.
3-1

3.2 Configuring IP MTU

To configure IP MTU value on ZXR10 5900E, perform the following steps.
ZXR10(config)#interface {<interface-name>| byname This enters interface mode of

1
<byname>} the interface to be configured.
ZXR10(config-if-interface-name)#ip mtu <bytes> This configures IP MTU value

2
of the interface.
Description of the parameter used by step 2 is shown below.
<bytes> IP MTU value of the interface. The unit is byte.

In Ethernet port, the value of IP MTU equals to 68-9202. The
default value is 1500.
3.3 Maintaining IP MTU

When IP MTU problem occurs in interfaces, people can use command to locate and solve
fault. Here, the most common-used command is show. To view IP MTU value of interface,
use the following command.
Command Function
ZXR10# show ip interface <interface-name> Displays the IP MTU value of the

interface.
For example: to view the IP MTU value of the vlan100 interface, run the following
command:
ZXR10(config-if-vlan100)#show ip interface vlan100
gre_tunnel1 AdminStatus is up, PhyStatus is up, line protocol is down
IP MTU 1000 bytes
Command Output Description
Show Command Output Description
IP MTU 1000 bytes The IP MTU value of interface VLAN100 is 1000bytes.
3-2

Chapter 3 IP MTU Configuration
3.4 IP MTU Configuration Example

This example describes how to control the maximum packet length of forwarding flow by
setting IP MTU value. As shown in Figure 3-1, the interface gei-0/1/1/4 of S1 connects to
gei-0/1/1/1 of S2. gei-0/1/1/4 on S1 and gei-0/1/1/1 on S2 are for VLAN100 and VLAN200
respectively. The L2 packet can be forwarded properly if the length of packet is less than
the MTU value preset in gei-0/1/1/4. Otherwise, the packet will be discarded directly.
Figure 3-1 MTU Configuration Example Topology
Configuration Flow
1. Enter interface configuration mode.
2. Configure IP MTU value of the interface.
S1 configuration,
S1(config-if-vlan100)#ip mtu 1300
Verification
Run the following command to verify the IP MTU value of the interface for VLAN100:
S1(config-if-vlan100)#show running-config-interface vlan100
!<INTERFACE>
interface vlan100
ip mtu 1300
$
!</INTERFACE>
As shown above, the IP MTU value of the interface for VLAN100 is 1300 bytes.
3-3

This page intentionally left blank.
3-4

Chapter 4
DHCP Configuration
The predecessor of DHCP BOOTP. BOOTP is applied for the network connecting to a
diskless PC. The PC connects to the network by using BOOTROM (the client), not starting
from a disk. BOOTP (the server) can establish TCP/IP environment automatically.
DHCP is the enhanced version of BOOTP. It has two parts, one is the server, and another is
the client. The DHCP service manages all the IP network configuration data in a centralized
way and processes DHCP requests coming from the client. The client uses the IP data
allocated by the server.
DHCP uses UDP as the transmission protocol. The host sends a message to port 67 of
the DHCP server, and the DHCP server replies a message to port 68 of the host. The
DHCP works in the following steps:
1. The host sends a broadcast packet DHCP Discover to request IP address and other
configuration parameters.
2. The DHCP server returns a unicast/broadcast DHCP Offer packet that contains a valid
IP address and the configurations.
3. The host selects the server that receives the DHCP Offer first, and then sends
a broadcast packet DHCP Request to the server, indicating that the related
configurations are accepted.
4. The selected DHCP server returns a unicast/broadcast DHCP Ack packet.
By now the host can use the IP address and configurations obtained from the DHCP server
for communication.
The IP addresses allocated by the DHCP server to the host fall into the following three
forms:
1. The administrator allocates an IP address to a specific host.
2. An IP address is allocated to a host randomly and permanently.
3. An IP address is allocated to a host for a certain period randomly.
Usually the third method is used. The valid time segment is called lease period. Once the
lease period expires, the host must request the server for renewing the lease. The host
cannot renew the lease until the server accepts the request. Otherwise, the host must give
up unconditionally.
A router does not forward the received broadcast packet from a subnet to another by
default. However, the router acting as the default gateway of the user host must send the
broadcast packet to the subnet where the DHCP server is located if the DHCP server and
the user host are not in the same subnet. This function is called DHCP relay.
ZXR10 5900E can act as a DHCP server or DHCP relay to forward DHCP information.
Table of Contents
4-1

DHCP Server Configuration........................................................................................4-2

DHCP Relay Configuration .......................................................................................4-14
DHCP Proxy Configuration .......................................................................................4-28
DHCP Snooping Configuration .................................................................................4-35
4.1 DHCP Server Configuration

4.1.1 DHCP Server Overview
DHCP server is responsible for allocating IP address and initialization configuration data
to DHCP client.
DHCP server is driven by DHCP client. It gives the corresponding response according to
the request packets coming from DHCP client.
DHCP server allocates a free IP address from IP address pool and obtains the parameters
requested by DHCP client after receiving DHCP Discover packet. It makes a DHCP Offer
packet to reply DHCP client.
When the DHCP Server receives the DHCP Request packet, if a valid IP address and the
configurations can be allocated to a user, the server returns the DHCP Ack packet as a
reply, and then the DHCP Client obtains the IP address and the configurations. Otherwise,
the server returns the DHCP NAK packet as a reply. The DHCP Client repeats the DHCP
process again automatically.
When DHCP server receives a DHCP Release packet, it will cancel the binding between
the IP address and the DHCP client, and reclaim the IP address for next allocation.
When DHCP server receives a DHCP Decline packet, it will disable the client IP address
and not allocate this IP address to other.
4.1.2 Configuring a DHCP Server

To configure a DHCP server on the ZXR10 5900E, perform the following steps:
ZXR10(config)#dhcp Enters DHCP configuration

1
mode.
ZXR10(config-dhcp)#enable Enables the embedded DHCP

2
process.
ZXR10(config-dhcp)#max-hops <1-16> Configures the maximum

3
number of hops for DHCP.
ZXR10(config-dhcp)#ramble Enables the DHCP roaming

4
function.
ZXR10(config-dhcp)#suppress-nak Suppresses DHCP NAK

5
packets.
4-2

Chapter 4 DHCP Configuration
ZXR10(config-dhcp)#server update arp Enables the server to learn

6
ARP entities.
ZXR10(config-dhcp)#server max-user <1-64000> Configures the maximum

7 number of users for the DHCP
server.
ZXR10(config)#ip dhcp access list <access-list-name> Enters DHCP access list

8
configuration mode.
ZXR10(config-dhcp-access-list)#rule <rule-id>{deny | Configures a filtering rule for

9
permit}{any | option60 <option60-string>} the DHCP access list.
ZXR10(config-dhcp-access-list)#default-rule {deny Configures the default filtering

10
| permit} any rule for the DHCP access list.
ZXR10(config-dhcp)#interface <interface-name> Enters DHCP interface

11
configuration mode.
ZXR10(config-dhcp-if)#mode [server | relay | proxy] Configures the DHCP operating

mode on the interface.
12
server: sets the device as a
DHCP server.
ZXR10(config)#ip pool <pool-name> Configures an IP address pool.

The DHCP server allocates
ZXR10(config-ip-pool)#range <start-ip><end-ip><mask-
addresses in the IP address
ip>
pool to clients.
ZXR10(config-ip-pool)#exclude <exclude-ip>[<exclude
13
-end-ip>]
ZXR10(config-ip-pool)#conflict-time <1-18000>
ZXR10(config-ip-pool)#network <network-number><ne
twork-mask>
ZXR10(config)#ip dhcp pool <dhcppool-name> Binds the specified IP pool to

the DHCP pool.
ZXR10(config-dhcp-pool)#ip-pool <ip-pool-name>
ZXR10(config-dhcp-pool)#binding <mac-address><ip-add Static bind the IP address and

ress><ip-address-mask>[vrf-instance <instance-name>] MAC address in the DHCP
pool.
14 ZXR10(config-dhcp-pool)#lease-time [[infinite]|[<days><h Configures the lease time for

ours><minutes>]] how long the DHCP server
rents IP addresses to the
clients.
ZXR10(config-dhcp-pool)#dns-server *(<ip-address>) Configures the DNS address

that the DHCP server returns
to users.
4-3

ZXR10(config-dhcp-pool)#default-router *<ip-address> Configures the IP address of

the default router.
ZXR10(config-dhcp-pool)#option <option_code>[subopti Configures other DHCP

on_code <sub_option_code>]{ascii <ascii_string>|hex <hex options.
_string>|ip <IP>[<IP>][<IP>]}[<IP>][<IP>][<IP>][<IP>][<IP>]
ZXR10(config)#ip dhcp policy < policy-name>< priority> Binds the specified DHCP pool
to a DHCP policy.
ZXR10(config-dhcp-policy)#dhcp-pool<dhcppool-name>
ZXR10(config-dhcp-policy)#relay-agent <ip-address> Specifies the IP address of a

relay agent.
15
ZXR10(config-dhcp-policy)#option60 { partial-match Creates an option60 matching
| string <option60>| other} policy.
ZXR10(config-dhcp-policy)#vrf-instance Binds a VRF instance.

<instance-name>
ZXR10(config-dhcp-if)#policy <policy-name> Binds the DHCP policy to the

16
interface.
ZXR10(config-dhcp-if)#user quota <limit-value> Configures the quota of

DHCP users for the interface,
17 meaning the maximum number
of DHCP clients permitted on
the interface.
ZXR10(config-dhcp-if)#dscp <value> Configures the DSCP value,

18
range: 0-63.
ZXR10(config-dhcp-if)#dhcp-access-list <name> Configures the name of a

19
DHCP access list.
ZXR10(config-dhcp-if)#server relay destination udp port Configures the UDP port

20 {67 | 68} number that the server returns
to the relay.
ZXR10#kick-off ip dhcp server user [[interface <interface-n Gets users offline based on the
21 ame>]|[mac <mac-address>]|[ip <ip-address>[vrf-instance specified attribute (interface,
<vrf-name>]]] MAC address, or IP address).
For a description of the parameters in Step 12, refer to the following table:
<relay> Enables the DHCP relay function on the interface.
<server> Enables the DHCP server function on the interface.
<proxy> Enables the DHCP proxy function on the interface.
4-4

<pool-name> Name of an IP address pool, range: 1-16 characters.
<start-ip> Start IP address of the range.
<end-ip> End IP address of the range.
<mask-ip> IP mask of the range.
<exclude-ip> Start IP address of the reserved addresses.
<exclude-end-ip> End IP address of the reserved addresses.
<conflict-time> Conflict time of the address pool.
<dhcp-pool-name> Name of the DHCP address pool, range: 1-16 characters.
<IP-pool-name> Name of the IP address pool, range: 1-16 characters.
<days> Number of days, range: 0-365.
<hours> Number of hours, range: 0-23.
<minutes> Number of minutes, range: 0-59.
infinite Sets the lease time to infinite.
<option_code> Option code, range: 1-254.
<sub_option_code> Sub-option code.
<ascii_string> ASCII string, range: 1-64 characters.
<hex_string> Hex string, range: 1-64 characters.
<IP> IP address.
<ip-addr> IP address. A maximum of eight IP addresses can be

configured.
<ipv6-prefix> Prefix and length of IPv6 addresses, format:

X:X::X:X/<1-128>.
<ipv4-mask-length> Length of IPv4 address masks, range: 1-32, unit: bytes.
<ipv6-prefix> Prefix and length of IPv6 addresses, format:

X:X::X:X/<1-128>.
<ipv4-mask-length> Length of IPv4 address masks, range: 1-32, unit: bytes.
<policy-name> Name of a DHCP policy, range: 1-16 characters.
<priority> Priority, range: 1-64.
4-5

<dhcp-pool-name> Name of a DHCP address pool, range: 1-16 characters.
<ip-address> IP address.
<option60> Option60 contained in packets. The policy is matched when

the contents of option60 and option60-string are the same.
<instance-name> Name of a VRF instance, range: 1-32 characters.
For a description of the parameter in Step 16, refer to the following table:
<policy-name> Name of the DHCP policy that is bound to the interface.
<limit-value> Limit of DHCP users configured on the interface, range:

1-32000.
4.1.3 Maintaining a DHCP Server

To maintain a DHCP server on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show ip dhcp configuration Displays the configuration of the

DHCP process module.
ZXR10#show ip local pool {[configure <pool-name> Displays the information about the
vrf-instance <instance name>] , [conflict-ip <pool-name> local address pool.
vrf-instance <instance name>] , [exclude-ip <pool-name>
vrf-instance <instance name>] , [statistics <pool-name> total],
[used-exclude-ip <pool-name> vrf-instance <instance name>] ,
[used-ip <pool-name> vrf-instance <instance name>]}
ZXR10# show ip dhcp server user [interface <interface-name>[ Displays the information about
total-count]]|[ total-count] current online users on the DHCP
server.
ZXR10#show running-config [<interface-name>] Displays the configuration of

the DHCP server or relay on an
interface.
ZXR10#show ip dhcp packet statistic MP-0/1/0 {global | mgmt_eth | Displays statistics of DHCP
supervlan <1-4000>| vlan <1-4094>} packets sent and received.
4-6

Command Function
ZXR10#show ip dhcp pool [<dhcp-pool-name>[binding]] Displays the information about a

DHCP pool.
ZXR10#show ip dhcp policy [<policyname>] Displays the information about a

DHCP policy.
Run the show ip dhcp configuration command to display the configuration of the DHCP
process module. The following shows the output of the show ip dhcp configuration
command:
DHCP process state information
process state :enable(running)
ramble state:disable
suppress_nak state:disable
max_hops: 4
DHCP server configure:
server support max user: 64000
server update arp: off
DHCP relay configure:
not insert relay option82 information in BOOTREQUEST.
relay option82 policy: replace
relay option82 format: china-tel
relay option82 user policy: interface
relay support max user: 64000
relay update arp: off
For a description of the fields, refer to the following table:
Field Description
process state Whether the DHCP process is operating.
ramble state Whether the roaming function is enabled.
suppress_nak state Whether the NAK packet suppression function is enabled.
max_hops Maximum number of hops for DHCP packets.
server support max user Maximum number of users supported on the server.
server update arp Whether the ARP update function is enabled on the server.
not insert relay information in Whether Option82 is inserted. Here, it is not inserted.
BOOTREQUEST
relay information policy Policy of Option82.
relay information format Format of Option82. The user-configuration indicates

Option82 configured by users. The default configuration is
China-Tel.
4-7

Field Description
relay information user policy Policy of Option82. There are two modes, uniform, and
interface.
relay support max user Maximum number of users supported on the relay.
relay update arp Whether the ARP update function is enabled on the relay.
Run the show ip local pool command to display the information about the local address
pool. The following shows the output of the show ip local pool command:
ZXR10(config)#show ip local pool
PoolName Begin End Mask Free Used
zte 20.1.1.1 20.1.1.100 24 100 0
TotalPool: 1
Field Description
PoolName Address pool name.
Begin Start IP address of the address pool.
End End IP address of the address pool.
Mask Subnetwork mask of the address pool.
Free Number of free IP addresses in the address pool.
Used Number of used IP addresses in the address pool.
TotalPool Number of IP address pools.
Run the show ip dhcp server user command to display the information about the current
online users on the DHCP server. The following shows the output of the show ip dhcp
server user command:
ZXR10#show ip dhcp server user
CLIENT MAC addr: 0010.9400.0001
IP addr: 29.160.1.10
State: BOUND
Expiration: 11:16:07 06/07/2010
VRF:
CLIENT MAC addr: 0010.9400.0002
IP addr: 29.160.1.11
State: BOUND
Expiration: 11:16:07 06/07/2010
VRF:
ZXR10#show ip dhcp server user interface vlan1000 total-count
Current online users on this interface are: 2
ZXR10#show ip dhcp server user total-count
Current online users are: 2
4-8

Run the show running-config command to display the configuration of the DHCP server or
relay on an interface. The following shows the output of the show running-config command:
ZXR10#show running-config vlan1000
!<Interface>
interface vlan1000
ip address 30.1.1.100 255.255.0.0
$
!</Interface>
!<ETHER_PORT>
interface vlan1000
!</ETHER_PORT>
!</DHCP>
dhcp
interface vlan1000
mode server
policy 1000
$
$
!</DHCP>
Field Description
mode Interface mode.
policy Policy bound to the interface of the server.
ip address IP address of the interface.
Run the show ip dhcp packet statistic command to display statistics of DHCP packets sent
and received. The following shows the output of the show ip dhcp packet statistic command:
ZXR10#show ip dhcp packet statistic MP-0/1/0 global
----------------------------------------------
All received DHCP packet of the slot 1 is: 0
----------------------------------------------
Valid request packet: 0
DHCPDISCOVER: 2
DHCPREQUEST : 1
DHCPDECLINE : 0
DHCPRELEASE : 0
DHCPINFORM : 0
reply packet: 0
DHCPOFFER: 0
DHCPACK : 0
DHCPNAK : 0
4-9

----------------------------------------------
ZXR10#
Field Description
Valid request packet Number of valid request packets.
DHCPDISCOVER Number of Discover packets.
DHCPREQUEST Number of Request packets.
DHCPDECLINE Number of Decline packets.
DHCPRELEASE Number of Release packets.
DHCPINFORM Number of Inform packets.
reply packet Number of reply packets.
DHCPOFFER Number of Offer packets.
DHCPACK Number of Ack packets.
DHCPNAK Number of Nak packets.
Run the show ip dhcp pool command to display the information about a DHCP pool. The
following shows the output of the show ip dhcp pool command:
ZXR10#show ip dhcp pool
PoolName IpPool LeaseTime DnsNum RouterNum OptionNum BindNum
1 ss 0 2 0 0 0 0 0
Total: 1
Field Description
PoolName Name of the DHCP pool.
IpPool Name of the IP pool.
LeaseTime Lease time.
DnsNum Number of DNSs.
RouterNum Number of default gateways.
OptionNum Number of options.
BindNum Number of users bound statically.
Total Number of DHCP pools.
Run the show ip dhcp policy command to display the information about a DHCP policy. The
following shows the output of the show ip dhcp policy command:
ZXR10#show ip dhcp policy

PolicyName Priority DhcpPool RelayAgent Vrf-instance Option60
4-10

1 1 ss 1.1.1.1
Total: 1
Field Description
PolicyName Name of the DHCP policy.
Priority Priority of the DHCP policy.
DhcpPool Name of the DHCP pool.
RelayAgent Gateway address.
Vrf-instance Name of the VRF instance.
Option60 Option60
Total Number of DHCP policies.
4.1.4 DHCP Server Configuration Example

As shown in Figure 4-1, S1 acts as both DHCP server and the default gateway. PC obtains
IP address dynamically by DHCP.
Figure 4-1 DHCP Server Configuration Example Topology
l In global configuration mode, configure IP Pool, DHCP Pool, DHCP Policy on S1, and
enable DHCP function.
l In interface configuration mode, configure IP address and DHCP server mode and
bind DHCP Policy on S1.
Configuration Flow
1. Configure IP pool. The range of address pool needs to be configured in a network
segment.
2. Configure DHCP Pool. DHCP Pool needs to bind with IP Pool and configures DNS,
lease-time, default router and so on.
3. Configure DHCP Policy. DHCP Policy is a policy option. Many priorities are supported
by a name for policy management.
4. Configure DHCP Server. Configure Server functional mode in DHCP interface mode
and bind the policy.
5. Enable DHCP globally.
4-11

S1 configuration,
/*This configures IP Pool.*/
S1(config)#ip pool pool1
S1(config-ip-pool)#range 10.10.1.3 10.10.1.254 255.255.255.0
S1(config-ip-pool)#exit
/*This binds IP Pool to DHCP Pool.*/

S1(config)#ip dhcp pool pool1
S1(config-dhcp-pool)#ip-pool pool1
S1(config-dhcp-pool)#exit
/*This binds DHCP Pool to DHCP Policy.*/

S1(config)#ip dhcp policy policy1 1
S1(config-dhcp-policy)#dhcp-pool pool1
S1(config-dhcp-policy)#exit
/*This configures interface and the IP address of interface*/

S1(config-swvlan)#vlan1000
S1((config-swvlan-sub)#switchport pvid gei-0/1/1/1
S1((config-swvlan-sub)#exit
S1(config-swvlan)#exit
S1(config-if)#exit
/*This enables DHCP.*/

S1(config)#dhcp
S1(config-dhcp)#enable
/*This configures Server mode in interface and selects policy.*/

S1(config-dhcp)#interface vlan1000
S1(config-dhcp-if)#mode server
S1(config-dhcp-if)#policy policy1
S1(config-dhcp-if)#exit
S1(config-dhcp)#exit
View the configuration of IP Pool on S1.
S1(config)#show ip local pool

pool1 10.10.1.3 10.10.1.254 24 252 0
4-12

TotalPool: 1
View the configuration of DHCP Pool on S1.

S1(config)#show ip dhcp pool
pool1 pool1 0 1 0 0 0
View the configuration of DHCP policy on S1.

S1(config)#show ip dhcp policy
PolicyName Priority DhcpPool RelayAgent Vrf-instance
policy1 1 pool1
Total: 1
Show DHCP configuration on S1.

S1(config)#show running-config dhcp
!<DHCP>
ip dhcp pool pool1
ip-pool pool1
!
ip dhcp policy policy1 1
dhcp-pool pool1
!
dhcp
enable
interface vlan1000
mode server
policy policy1
$
!</DHCP>
Show DHCP configuration of the specified interface on S1.

S1(config)#show running-config-interface vlan1000
!<Interface>
interface vlan1000
ip address 10.10.1.1 255.255.255.0
$
!</Interface>
!<ETHER_PORT>
interface vlan1000
!</ETHER_PORT>
!</DHCP>
dhcp
interface vlan1000
mode server
policy 1000
$
4-13

$
!</DHCP>
4.2 DHCP Relay Configuration

4.2.1 DHCP Relay Overview
The main functions of DHCP Relay module include,
l Realize the transparent interaction between DHCP Client and DHCP Server.
l Allocate and manage dynamic addresses of DHCP Client.
For DHCP Client, DHCP Relay Agent acts as a DHCP Server while for DHCP Server,
DHCP Relay Agent acts as a DHCP Client. Therefore, DHCP Relay Agent needs to
capture and process DHCP protocol network packets coming from both DHCP Client and
DHCP Server. It remakes the message protocol packets according to the requirements of
Relay Agent protocol, fills the data option field of Relay Agent into packets, and performs
the transforming of DHCP protocol network packets between the Client and Server.
When a DHCP user tries to obtain an address, the DHCP request packet is sent in
broadcast mode, which cannot be transmitted to multiple subnets. To send the packet to
multiple subnets, a DHCP Relay is required. The DHCP Relay can be a router or a host.
In generally, UDP packets whose UDP destination ports are 67 sent between all devices
that provide the DHCP Relay function need special processing. Therefore, the DHCP
Relay needs to monitor all packets whose UDP destination port number is 67.
When DHCP Relay receives a packet which UDP destination port number is 67, it will judge
whether the packet is user's request packet. If this port number exceeds the configured
value, this packet will be dropped.
If the hop value is in the ruled region, and DHCP Relay decides to transmit this packet, it
will inspect the value of "Relay Agent" field. There are two conditions,
l The value of "Relay Agent" field is 0.
DHCP Relay fills the IP address of the port which receives the request packet in the
"Relay Agent" field. If this port has many IP addresses, DHCP Relay will select an IP
address and continue to use this IP address to transmit all DHCP packets.
l The value of "Relay Agent" field is not 0.

The value of this field can not be modified, and broadcast address can not be filled in.
Under both of the conditions described above, the packets are transmitted to a new
destination (or DHCP Server) in unicast. Obviously, the new destination address is
configurable. In this way, DHCP packets can pass through many sub-networks.
When DHCP Relay finds a responding packet coming from DHCP Server, it inspects the
"Relay Agent", "Client hardware address" fields and so on. These fields provide enough
informations to DHCP Relay for transmitting responding packet to client PC.
4-14

The value of "Relay Agent" field (non-zero) is often used to identify a logical port for
transmitting responding packets. The responding packet will be discarded if the value
can not match any logical port directly connecting to DHCP Relay.
Meanwhile, DHCP Relay inspects the value of broadcast identifier bit containing in "flag"
field. If the value is 1, it will broadcast the encapsulated packet. Otherwise, the packet will
be encapsulated and transmitted to DHCP Client in unicast way.
4.2.2 Configuring a DHCP Relay

To configure a DHCP relay on the ZXR10 5900E, perform the following steps:
ZXR10(config)#dhcp Enters DHCP configuration

1
mode.
ZXR10(config-dhcp)#enable Enables the embedded DHCP

2
process.
ZXR10(config-dhcp)#max-hops <max-hops> Configures the maximum

3
number of hops for DHCP.
ZXR10(config-dhcp)#ramble Enables the DHCP roaming

4
function.
ZXR10(config-dhcp)#suppress-nak Suppresses DHCP NAK

5
packets.
ZXR10(config-dhcp)#proxy client leasetime Configures the short lease time

6 <short-leasetime> of the DHCP proxy, range:
30–3600.
ZXR10(config)#ip dhcp access list <access-list-name> Enters DHCP access list

7
configuration mode.
ZXR10(config-dhcp-access-list)#rule <rule-id>{deny | Configures a filtering rule for

8
permit}{any | option60 <option60-string>} the DHCP access list.
ZXR10(config-dhcp-access-list)#default-rule {deny Configures the default filtering

9
| permit} any rule for the DHCP access list.
ZXR10(config-dhcp)#interface <interface-name> Enters DHCP interface

10
configuration mode.
ZXR10(config-dhcp-if)#relay agent <ip-address> Configures the default gateway

11 address on the interface
connected to users.
ZXR10(config-dhcp)#relay forbid send release Forbids the proxy relay to send

12
release packets to the server.
ZXR10(config-dhcp)#relay update arp Enables the DHCP relay to

13
learn ARP entities.
4-15

ZXR10(config-dhcp)#relay max-user <max-user-num> Configures the maximum

number of users supported by
14
the DHCP relay on each line
card.
ZXR10(config-dhcp)#relay option82 format {china-tel | Configures the format of

dsl-forum |telenor| user-configuration} Option82 inserted when the
15
DHCP process performs relay
forwarding.
ZXR10(config-dhcp)#relay option82 option Inserts Option82 when the

16 DHCP process performs relay
forwarding.
ZXR10(config-dhcp)#relay option82 policy{add| keep | Maintains or replaces the

replace} existing Option82 when
Option82 has been inserted in
17
relay forwarding packets while
the local configuration requires
inserting Option82.
ZXR10(config-dhcp)#relay option82 uniform circuit-id Configures the DHCP OPT82

18 <circuit-id string > circuit-id sub-option based on
unified mode.
ZXR10(config-dhcp)#relay option82 uniform remote-id Configures the DHCP OPT82

19 <remote-id string > remote-id sub-option based on
unified mode.
ZXR10(config-dhcp)#relay option82 user-configuration Configures the policy of

policy { uniform | interface } selecting the DHCP OPT82
user-configuration mode based
20 on unified mode (uniform or
interface). This command is
used when the agent-format is
set to user-configuration.
ZXR10(config-dhcp-if)#relay option82 circuit-id Configures the DHCP OPT82

21 <circuit-id string > circuit-id sub-option based on a
layer-3 interface.
ZXR10(config-dhcp-if)#relay option82 remote-id Configures the DHCP OPT82

22 <remote-id string > remote-id sub-option based on
a layer-3 interface.
ZXR10(config-dhcp-if)#relay server group < Configures the group of the

23 group-number> DHCP server group of the
interface.
4-16

ZXR10(config)#ip dhcp relay server group < group-number> Configures a DHCP server
group, and binds the server
ZXR10(config-dhcpr-server-group)#server <server-
24
address to the group.
number><ip-address>{security | standard}[master][dscp
<dscp-number>]
ZXR10(config)#ip dhcp relay server policy group Enters DHCP relay server
<group-no> policy group configuration
mode.
ZXR10(config-dhcpr-policy-group)#server-group Binds the server group.

<server-group-number>
25
ZXR10(config-dhcpr-policy-group)#vclass-id Configures option60 of the
<option-string> group.
ZXR10(config-dhcpr-policy-group)#vlan-id <vlan-id-i Configures the VLAN-ID range

ndex>{internal-vlan <internal-vlan-range>[external-vlan of the DHCP relay server policy
<external-vlan-range>]} group.
ZXR10(config-dhcpr-server-group)#max-retry < Configures the number of times

retry-times> that the DHCP relay retries
26
to requests address from the
DHCP server.
ZXR10(config-dhcpr-server-group)#algorithm {first | Configures the algorithm of

forward-all | round-robin} selecting a server in the DHCP
relay server group.
ZXR10(config-dhcpr-server-group)#deadtime <5-3600> Configures the deadtime of the

27
server in the DHCP relay server
group.
ZXR10(config-dhcpr-server-group)#description <1-32> Configures the description for

the DHCP relay server group.
ZXR10#kick-off ip dhcp relay user [[interface <interface-n Gets users offline from the relay
ame>]|[mac <mac-address>]|[ip <ip-address>[vrf-instance based on the specified attribute
28
<vrf-name>]]] (interface, MAC address, or IP
address).
ZXR10(config-dhcp-if)#relay source-ip <relay-source-ip Configures the source IP

29 -address> address of the packets sent by
the relay.
ZXR10(config-dhcp-if)#user quota <limit-value> Configures the quota of users

30 supported on the interface on
the relay, range: 1-32000.
ZXR10(config-dhcp-if)#helper-address policy [vclass-id Configures the type of matching

31 | vlan-id] the related relay policy for the
interface on the relay.
4-17

ZXR10(config-dhcp-if)#dhcp-access-list <dhcp-access-li Configures a DHCP access list

32 st-name> used to match option60 for the
interface on the relay.
<ip-address> IP address of the DHCP agent on the interface, in dotted

decimal notation.
china-tel Option82 format of China-Tel.
dsl-forum Option82 format of the DSL forum.
telenor Option82 format of telenor.
user-configuration User-configured Option82 format.
keep Maintains the original Option82, and transmits it transparently.
replace Replaces the original Option82.
add Maintains the original Option82, and adds Option82 of the

relay in front of the original Option82.
uniform Uniform mode.
interface Interface mode.
circuit-id string Contents of Option 82 circuit-id configured by users.
4-18

<remote-id-string > Contents of Option 82 remote-id configured by users, range:

1–64 characters.
<group-number> Serial number of the DHCP Relay server group bound to the
interface, range: 1–20.
<group-number> Serial number of the DHCP Relay server group bound to the
interface, range: 1–20.
<server-number> Serial number of the server, range: 1–8.
<ip-address> IP address of the server, in dotted decimal notation.
security Security mode.
standard Standard mode.
master Master server.
<dscp-number> Priority.
<group-no> Serial number of the DHCP relay server policy group, range:
1–20.
<server-group-number> Serial number of the bound server group, range: 1–20.
<option-string> Option60 contents, with a maximum of 32 characters.
vlan-id-index VLAN index.
internal-vlan-range Internal VLAN label, range: 1–4094.
external-vlan-range External VLAN label, range: 1–4094.
<retry-times> Number of time that the server retries, range: 5–20.
4-19

<interface-name> Gets all DHCP relay users offline compulsively on the

interface.
<mac-address> Gets the DHCP relay users whose MAC is mac-address

offline compulsively.
<ip-address> Gets the DHCP relay users offline compulsively based on

the IP address.
<vrf-name> Gets the DHCP relay users offline compulsively based on

the VRF instance.
4.2.3 Maintaining a DHCP Relay

To maintain a DHCP relay on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show ip dhcp configuration Displays the configuration of the

DHCP process module.
ZXR10#show ip dhcp relay user [interface <interface-name>[ Displays the information about
total-count]]|[ total-count] current online users on the DHCP
relay.
ZXR10#show running-config [<interface-name>] Displays the configuration of

the DHCP server or relay on an
interface.
ZXR10#show ip dhcp packet statistic MP-0/1/0 {global | mgmt_eth | Displays statistics of DHCP
supervlan <1-4000>| vlan <1-4094>} packets sent and received.
ZXR10#show ip dhcp relay server group [<group-no>] Displays the information about a
DHCP relay server group.
ZXR10#show ip dhcp relay server policy [<policy_no>] Displays the information about a
DHCP relay server policy group.
ZXR10#show ip dhcp relay information {[interface Displays the information related to

<interface-name>]| uniform} DHCP relay option82.
ZXR10#show ip dhcp proxy client Display the lease time of the

DHCP proxy.
Run the show ip dhcp configuration command to display the configuration of the DHCP
process module. The following shows the output of the show ip dhcp configuration
command:
process state: disable(stop)
ramble state: disable
4-20

suppress_nak state: disable

max_hops: 4
server update arp: off
relay option82 policy: replace
relay option82 format: china-tel
relay update arp: off
show Command Output Description
process state Whether the DHCP process is operating.
ramble state Whether the roaming function is enabled.
server support max user Maximum number of users supported on the server.
server update arp Whether the ARP update function is enabled on the server.
not insert relay option82 information Whether Option82 is inserted. Here, it is not inserted.
in BOOTREQUEST
relay option82 policy Policy of Option82.
relay option82 format Format of Option82. User-configuration means Option82

configured by users. Default: China-Tel.
relay option82 user policy Policy of user-configured Option82. There are two modes,
uniform, and interface.
relay support max user Maximum number of users supported on the relay.
relay update arp Whether the ARP update function is enabled on the relay.
Run the show running-config [<interface-name>] command to display the configuration of

the DHCP server or relay on an interface. The following shows the output of the show
running-config [<interface-name>] command:
ZXR10#show running-config vlan2000
!<Interface>
interface vlan2000
ip address 30.1.1.100 255.255.0.0
$
!</Interface>
!<ETHER_PORT>
interface vlan2000
!</ETHER_PORT>
4-21

!</DHCP>
dhcp
interface vlan2000
mode relay
relay server group 1
relay agent 30.1.1.100
$
$
!</DHCP>
Field Description
relay agent Relay agent.
relay server group DHCP server group.
Run the show ip dhcp packet statistic command to display statistics of DHCP packets sent
and received. The following shows the output of the show ip dhcp packet statistic command:
ZXR10#show ip dhcp packet statistic MP-0/1/0 global
-------------------------------------------------
All received DHCP packet of the slot 1 is: 0
-------------------------------------------------
Valid request packet: 0
DHCPDISCOVER: 2
DHCPREQUEST : 1
DHCPDECLINE : 0
DHCPRELEASE : 0
DHCPINFORM : 0
reply packet: 0
DHCPOFFER: 0
DHCPACK : 0
DHCPNAK : 0
--------------------------------------------------
ZXR10#
Field Description
Valid request packet Number of valid request packets.
DHCPDISCOVER Number of Discover packets.
DHCPREQUEST Number of Request packets.
DHCPDECLINE Number of Decline packets.
DHCPRELEASE Number of Release packets.
4-22

Field Description
DHCPINFORM Number of Inform packets.
reply packet Number of reply packets.
DHCPOFFER Number of Offer packets.
DHCPACK Number of Ack packets.
DHCPNAK Number of Nak packets.
Run the show ip dhcp relay server group command to display the information about a DHCP
relay server group. The following shows the output of the show ip dhcp relay server group
command:
ZXR10#show ip dhcp relay server group 1
group-no: 1 deadtime: 60 max-retries: 8 algorithm: round-robin
description:
DHCP server group server: 1 2.2.2.2 security dscp 0
ZXR10#
Field Description
group-no Serial number of the group
deadtime Deadtime.
max-retries Maximum number of retry times.
algorithm Algorithm of selecting the server.
description Description.
DHCP server group server Information about the server, including the serial number of
the serve, IP address, mode, and DSCP value.
Run the show ip dhcp relay server policy command to display the information about a DHCP
relay server policy group. The following shows the output of the show ip dhcp relay server
policy command:
ZXR10#show ip dhcp relay server policy 1
PolicyNo ServerNo VclassID InternalVLAN ExternalVLAN
1 1 llll
VlanNum:0
ZXR10#
Field Description
PolicyNo Serial number of the group.
ServerNo Serial number of the DHCP relay server group.
4-23

Field Description
VclassID Option60.
InternalVLAN Internal VLAN label.
ExternalVLAN External VLAN label.
Run the show ip dhcp relay information command to display the information about DHCP
relay option82. The following shows the output of the show ip dhcp relay information
command:
ZXR10#show ip dhcp relay information
DHCP relay information of all by user configuration are:
TYPE circuit-id-len remote-id-len
uniform 3 3
ZXR10#
Field Description
TYPE Whether the Option82 policy is globally valid or valid for an

interface.
circuit-id-len Length of the circuit-id.
remote-id-len Length of the remote-id.
Run the show ip dhcp proxy client command to display the information about the lease
time of the DHCP proxy. The following shows the output of the show ip dhcp proxy client
command:
ZXR10#show ip dhcp proxy client
DHCP client configure information in proxy mode:
leasetime :33 seconds
ZXR10#
4.2.4 DHCP Relay Configuration Example

When DHCP client and server do not belong to the same network, a router connecting
directly to user side needs to act as DHCP Relay.
As shown in Figure 4-2, DHCP Relay function is enabled on S1, a single server (IP address
is 10.10.2.2) acts as DHCP server on S2. This method is usually adopted when many PCs
require DHCP service.
4-24

Figure 4-2 DHCP Relay Configuration Example Topology
l Configure IP address, DHCP Server address, DHCP Relay mode on S1 interface.

l Configure IP address, DHCP Server mode and bind DHCP Policy on S2 interface.
l In global configuration mode on S2, enable DHCP, configure IP Pool, DHCP Pool,
DHCP Policy and the route pointing to S1 interface network segment.
Configuration Flow
1. A route has to be required between the DHCP Server and the Relay interface (Global
static route can be used for testing).
2. For the configuration of server, see DHCP Server Configuration. In policy
configuration, Relay Agent is the IP address of Relay interface.
3. For Relay configuration, the parameters need to be configured in DHCP interface. IP
addresses of Relay interface and IP Pool corresponding to DHCP Server need to be
in the same network segment.
4. DHCP Relay configuration:
l Configure Relay mode.
l Enable Relay function in DHCP interface mode, configure Relay Agent to be the
IP address of Relay interface and configure Relay Server to be the IP address
of configured DHCP server. Make sure that the IP addresses of DHCP Server
interface and Relay interface are not in the same network segment but the IP
addresses of the allocated IP pool and Relay interface are in the same network
segment.
S1 configuration,
/*This configures Relay interface.*/
S1(config-swvlan)#vlan 1000
S1(config-swvlan-sub)#switchport pvid gei-0/1/1/1
S1(config-swvlan-sub)#exit
S1(config-if)#exit
/*Specify Server*/
S1(config)#ip dhcp relay server group 1
S1(config-dhcpr-server-group)#server 1 10.10.2.2 standard master
S1(config-dhcpr-server-group)#exit
4-25

/*This enables DHCP function.*/

S1(config)#dhcp
/*This configures DHCP mode and other attributes in interface./*

S1(config-dhcp-if)#mode relay
S1(config-dhcp-if)#relay agent 10.10.1.1
S1(config-dhcp-if)#relay server group 1
/* Configure the interface that connects to the DHCP Server/*

S1(config-if)#exit
S2 configuration,
/*This enables DHCP.*/
S2(config)#dhcp
/*This configures interface and the IP address of interface*/

S2(config-if)#exit
/*This configures IP pool.*/

/*This binds IP Pool with DHCP Pool.*/

4-26

S2(config-dhcp-pool)#default-router 10.0.1.1
/*This binds DHCP Pool with DHCP Policy.*/

S2(config-dhcp-policy)#relay-agent 10.0.1.1
S2(config)#dhcp
/*This configures DHCP mode of interface./*

S2(config)#ip route 10.10.1.0 255.255.255.0 10.10.2.1
Show IP Pool configuration on S2,
S2(config)#show ip local pool
pool1 10.10.1.3 10.10.1.254 24 252 0
TotalPool: 1
Show DHCP Pool configuration on S2,

S2(config)#show ip dhcp pool
policy1 pool1 0 1 0 0 1 0 0
Total: 1
Show DHCP Policy configuration on S2,

PolicyName Priority DhcpPool RelayAgent Vrf-instance
pool1 1 pool1 10.10.1.1
Total: 1
Show DHCP configuration on S2.

S2(config)#show running-config dhcp
!<DHCP>
ip dhcp pool pool1
ip-pool pool1
default-router 10.0.1.1
!
4-27

ip dhcp policy policy1 1

dhcp-pool pool1
relay-agent 10.0.1.1
!
dhcp
enable
interface vlan2000
mode server
policy policy1
!</DHCP>
This shows DHCP configuration of a specified interface on S1.
S1(config)#show running-config-interface vlan2000

!<Interface>
interface vlan2000
ip address 10.10.2.1 255.255.255.0
$
!</Interface>
!<ETHER_PORT>
interface vlan2000
!</ETHER_PORT>
!</DHCP>
dhcp
interface vlan2000
mode relay
$
$
!</DHCP>
4.3 DHCP Proxy Configuration

4.3.1 DHCP Proxy Overview
DHCP Proxy Overview
The DHCP proxy function is an extension based on the DHCP relay function. The
processing of the DHCP proxy function is more complex than that of the DHCP relay
function. A DHCP proxy needs to directly respond renewal requests from users. Seen
from a client, the DHCP proxy operates as a server. However, the DHCP proxy also
operates as a client at the specified time to send renewal requests to the server.
A short lease must be configured for the DHCP proxy. This short lease is shorter than
that configured for the DHCP server. The time-out interval of the binding state timer for
4-28

the DHCP proxy is shorter than that for the DHCP server, so the DHCP proxy can fast
detect user disconnection and notify the DHCP server to release IP addresses as soon
as possible. In case of a large number of renewal requests from users, the DHCP proxy
reduces the load of the DHCP server.
DHCP Proxy Characteristics

If the DHCP proxy function is configured, on a DHCP relay, there are two different leases
for each user. The lease between the relay and the server is the long lease (L1), and the
lease between the client and the relay is the short lease (L2). After receiving a response,
the server replaces L1 in the Lease Time field with L2 and sends packets to the client.
Therefore, the client uses the short lease, and the renew time and rebinding time
calculated based on the short lease.
If the client has retrieved an IP address, the DHCP relay proxy sets the state of the user
to BOUND, and sets the time-out interval of the state timer to L2. If the DHCP relay proxy
receives no request from the client when the timer expires, it is considered that the user
is disconnected. The DHCP relay proxy releases the data area of the user, and replaces
the client to send a DHCP Release message to the server, so that the server releases
the IP address of the user. The time-out interval of the binding state timer for the proxy is
shorter than that for the server, so the proxy can fast detect user disconnection and notify
the server to release the IP address as soon as possible.
The renewal interval and rebinding interval of the client are shorter than those returned
from the server, so the time when the client sends a renewal request or rebinding request
is earlier than the preset time, and requests are sent more frequently. To prevent the server
from being too busy due to frequent requests from the client, the proxy can use selectivity
determination.
When the DHCP relay proxy receives a renewal request from the client, if the state of the
user is BOUND, the proxy returns L2 to the client and resets the state timer. If the user
is in another state, the proxy returns no response. The proxy needs to check whether the
actual renewal time (calculated based on L1) of the client arrives. If yes, the proxy sends
a request to the server by using L1. If the server returns a DHCP ACK message, the L1
of the proxy is updated. If the server returns a DHCP NAK message, the data area of the
user is released.
4.3.2 Configuring a DHCP Proxy

To configure a DHCP proxy on the ZXR10 5900E, perform the following steps.
Enabling the DHCP Function
1 ZXR10(config)#dhcp Enters DHCP configuration mode.
2 ZXR10(config-dhcp)#enable Enables the DHCP function.
4-29

3 ZXR10(config-dhcp)#interface<interface-n Enters DHCP interface configuration mode.

ame>
4 ZXR10(config-dhcp-if-interface- Sets the operating mode of the DHCP

name)#mode proxy interface to proxy.
5 ZXR10(config-dhcp-if-interface- Sets the DHCP proxy IP address on the

name)#relay agent <ip-address> interface connected to the subnet of the
client.
Configuring DHCP Relay Parameters
1 ZXR10(config-dhcp)#relay option82 format Sets the format of Option82 inserted

{china-tel | dsl-forum | user-configuration | when the DHCP process performs relay
telenor} forwarding.
2 ZXR10(config-dhcp)#relay option82 option Inserts Option82 inserted when the DHCP

process performs relay forwarding.
3 ZXR10(config-dhcp)#relay option82 Sets the processing policy for the DHCP

policy{add | keep | replace} process if Option82 needs to be instered but
there is already Option82 when the DHCP
process performs relay forwarding.
4 ZXR10(config-dhcp)#relay option82 Sets the contents of the uniform circuit-id

uniform circuit-id <circuit-id string > sub-option in Option82.
5 ZXR10(config-dhcp)#relay option82 Sets the contents of the uniform remote-id

uniform remote-id <remote-id string > sub-option in Option82.
6 ZXR10(config-dhcp)#relay option82 Sets the uniform policy of selecting

user-configuration policy {uniform | user configuration in Option82. After
interface} agent-format is set to user-configuration
(namely, in user configuration mode), use
command to set the policy of selecting user
configuration.
china-tel China telecome format.
dsl-forum DSL forum format.
user-configuration User configuration format.
telenor Telenor format. The remote-id field is added on

the base of the China telecom format.
4-30

keep The original Option82 is kept, and transparent

transmission is performed.
replace The original Option82 is replaced.
add Relay Option82 is added.
uniform The contents of Option82 configured in uniform

mode are inserted to DHCP packets.
interface The contents of Option82 configured in interface

mode are inserted to DHCP packets.
Configuring a DHCP Relay Server Group
1 ZXR10(config)#ip dhcp relay server group Configures a group that the external DHCP
<group-number> server of an interface belongs to and enters
DHCP relay server group configuration
mode.
2 ZXR10(config-dhcpr-server-group)#ser Adds a server to the DHCP relay server

ver <server-number><ip-address>{security | group.
standard}[master][dscp]
3 ZXR10(config-dhcpr-server-group)#ma Sets the number of times that the DHCP

x-retry <retry-times> relay retries to request an address from an
external DHCP server.
Binding a Group to an Interface
1 ZXR10(config-dhcp)#interface<interface-n Enters DHCP interface configuration mode.

ame>
2 ZXR10(config-dhcp-if-interface- Binds a DHCP relay server group to the

name)#relay server group <group-number> interface.
3 ZXR10(config-dhcp-if-interface- Sets the contents of the interface-based

name)#relay option82 circuit-id <circuit-id circuit-id sub-option in Option82.
string >
4 ZXR10(config-dhcp-if-interface- Sets the contents of the interface-based

name)#relay option82 remote-id <remote-id remote-id sub-option in Option82.
string >
4.3.3 Maintaining a DHCP Proxy

To maintain a DHCP proxy on the ZXR10 5900E, run the following commands.
4-31

Command Function
ZXR10#show ip dhcp configuration Displays the configuration

information about the DHCP
module.
ZXR10#show ip dhcp relay user [interface<interface-name>[ Displays information about online

total-count]]|[ total-count] users on the DHCP relay.
ZXR10#show running-config-interface dhcp [<interface-name>] Displays the configuration

server or DHCP relay on the
specified interface.
The following shows the output of the show ip dhcp configuration command:
ZXR10#show ip dhcp configuration
process state :enable(running)
ramble state:disable
suppress_nak state:disable
max_hops: 4
server update arp: default(off)
relay option82 policy: default(replace)
relay option82 format: default(china-tel)
relay update arp: default(off)
For a description of the fields, refer to the following table.
Field Description
process state Indicates whether the DHCP process is enabled.
ramble state Indicates whether the roaming function is enabled.
max_hops Indicates the maximum number of hops, namely, the

maximum number of times that the relay forwards a packet.
server support max user Indicates the maximum number of users on the server.
server update arp Indicates whether ARP entries can be added on the server.
not insert relay option82 information Indicates that Option82 is not inserted.
in BOOTREQUEST
relay option82 policy Indicates the policy of selecting Option82.
4-32

Field Description
relay option82 format Indicates the format of Option82. The user-configuration

parameter indicates the user configuration format. The
default format is China telecom.
relay option82 user policy Indicates the selected policy of user-configured Option82.
There are two modes, uniform mode and interface mode.
relay support max user Indicates the maximum number of users on the relay.
relay update arp Indicates whether ARP entries can be added on the relay.
4.3.4 DHCP Proxy Configuration Example

If the DHCP client and the DHCP server are not in the same network, the router directly
connected to the client needs to operate as the DHCP proxy.
As shown in Figure 4-3, the DHCP proxy function is enabled. The independent server
whose IP address is 10.10.2.2 operates as the DHCP server.
Figure 4-3 DHCP Proxy Configuration Topology
On the interfaces of S1, the IP addresses, DHCP server address, and DHCP proxy mode
need to be configured. On the interfaces of S2, the IP addresses, and DHCP server mode
need to be configured, and a DHCP policy needs to be bound. On S2, DHCP needs to be
enabled. An IP pool, DHCP pool, DHCP policy, and route to the network segment of the
proxy interface on S1 need to be configured.
Configuration Flow
1. Configure proxy parameters on the DHCP interfaces. The IP address of the proxy
interface must be in the same network segment as the addresses in the IP pool
corresponding to the server.
2. Configure the proxy mode, and set the relay agent to the address of the proxy interface.
The relay server is set to the address of the server. The address of the server interface
and the address of the proxy interface are in different network segments. The address
of the proxy interface is in the same network segment as the addresses in the IP pool.
3. On the server, configure a route to the proxy interface.
4. Set the relay agent to the proxy interface when configuring a policy.
4-33

S1 configuration:
/*Configure a proxy interface*/
S1(config)#interface gei-0/1/1/1
S1(config-if)#exit
/*Specify a server*/
S1(config)#ip dhcp relay server group 1
S1(config-dhcpr-server-group)#server 1 10.10.2.2 standard master
S1(config-dhcpr-server-group)#exit
/*Enable DHCP*/
S1(config)#dhcp
/*Set the DHCP mode of an interface and other attributes/*
S1(config-dhcp)#interface gei-0/1/1/1
S1(config-dhcp-if)#mode proxy
S1(config-dhcp-if)#relay agent 10.10.1.1
S1(config-dhcp-if)#relay server group 1
S2 configuration:
/*Enable DHCP*/
S2(config)#dhcp
S2(config)#interface gei-0/1/1/3
S2(config-if)#exit
/*Configure an IP pool*/
/*Bind the IP pool to the DHCP pool*/
S2(config-dhcp-pool)default-router 10.10.1.1
/*Bind the DHCP pool to the DHCP policy*/
S2(config-dhcp-policy)#relay agent 10.10.1.1
S2(config)#dhcp
4-34

/*Set the DHCP mode of an interface/*

S2(config-dhcp)#interface gei-0/1/1/3
S2(config)#ip route 10.10.1.0 255.255.255.0 10.10.2.1
View the DHCP configuration of the specified interface on S1:
S1(config)#show running-config-interface
dhcp gei-0/1/1/1
!<DHCP>
dhcp
interface gei-0/1/1/1
mode proxy
!</DHCP>
View the configuration of the DHCP policy on S2.

PolicyName Priority DhcpPool RelayAgent Vrf-instance Option60
pool1 1 pool1 10.10.1.1
Total: 1
4.4 DHCP Snooping Configuration

4.4.1 DHCP Snooping Overview
Introduction to DHCP Snooping
DHCP is a Transfer Control Protocol/Internet Protocol (TCP/IP) standard that simplifies the
management of host IP address configuration. It provides an effective method for DHCP
server use, that is, it manages the dynamic assignment of IP addresses to clients on the
network and other related configuration information of DHCP clients on the network. By
installing and configuring a DHCP server on the network, DHCP clients can be used, and
the DHCP clients can obtain the IP addresses related parameter values that are needed
to get online when the DHCP clients joins the network. This reduces the configuration
management, and provides secure and reliable configuration.
However, with the wide applications of DHCP service, some problems appear.
4-35

l First, it is allowed to be several DHCP servers on a subnet, which means that

administrators cannot ensure that the IP addresses of clients are obtained from legal
DHCP servers instead of illegal servers created by some users privately.
l Second, on the subnets deployed DHCP service, hosts specified with legal IP
addresses, masks and gateways can access the network properly. However, the
DHCP server still may assign the addresses in use to other hosts. This will cause
address conflict and affect IP address assignment.
DHCP snooping and Dynamic ARP inspection can solve the above problems.
DHCP snooping is a technology used to snoop into the validity of DHCP packets. Dynamic
ARP inspection is used to validate the security of ARP packets on network, and it can
prevent, record and drop ARP packets in which illegal IP addresses are bound to Medium
Access Control (MAC) addresses. The topology of DHCP snooping is shown in Figure
4-4.
Figure 4-4 Network Topology of DHCP Snooping
DHCP Snooping Principle

As shown in Figure 4-5, R1 and R2 are two interconnected switches. The clients obtain IP
addresses through the DHCP server to set online. According to the requirement, the ports
on the switch connecting to the clients are set to be un-trusted, and the port on the switch
connecting to the DHCP server is set to be trusted.
4-36

Figure 4-5 DHCP Snooping Typical Application
When a DHCP server and a client are not on the same subnet and the client wants to obtain
an IP address from the DHCP server, it is necessary to use a DHCP relay agent to forward
the DHCP Request message. Before the DHCP relay agent forwards the DHCP message
of the client to the DHCP server, it can inserts some optional information so that the DHCP
server can know the client information more correctly. In this way, the IP address and other
parameter values can be assigned more flexibly according to the related policy.
The option is named DHCP relay agent information option, and the option number is 82.
Therefore, it is also called Option82. The related standard document is Request For
Comments (RFC) 3046.
Option82 is an extended application of DHCP options. It is only an extension. That whether
Option82 is contained does not affect the application of DHCP. In addition, it is necessary
to check whether the DHCP server supports Option82. If a DHCP server that does not
support Option82 receives packets containing Option82 information, or a DHCP server
that supports Option82 receives packets not containing Option82 information, the basic
DHCP service will not be affected.
To support the extended application brought by Option82, the DHCP server must support
Option82 and Option82 information must be inserted into the DHCP packets received.
When a DHCP Request message is received on an un-trusted port, no matter whether the
DHCP server and the client are in the same subnet, The switch on which DHCP snooping is
enabled can choose whether to insert Option82 information. By default, the switch inserts
Option82 information to the DHCP Request message received on the un-trusted port.
The message interaction procedure is shown in Figure 4-6.
4-37

Figure 4-6 DHCP Message Interaction
1. When a DHCP client begins DHCP initialization, it broadcasts a configuration Request

message on the local network.
2. If there is a DHCP server on the local network, DHCP configuration can be performed
without a DHCP relay.
3. If there is no DHCP server on the local network, when a network device with DHCP
relay function connecting to the local network receives the broadcast message, it
handles the message and then forwards the message to a DHCP server on other
networks.
4. The DHCP server performs the configuration according to the information provided by
the DHCP client, and then sends the configuration information to the client through the
DHCP relay. Dynamic configuration of the DHCP client is completed.
In fact, from the begin to the end, there are several interaction procedures such like this.
The DHCP relay modifies the related fields in the DHCP message to modify the DHCP
broadcast message to a unicast message. It is responsible for the conversion between
the server and the client.
4.4.2 Configuring DHCP Snooping

To configure the DHCP snooping function on the ZXR10 5900E, perform the following
steps:
1 ZXR10(config)#dhcp-snoop Enters DHCP snooping

configuration mode.
2 ZXR10(config-dhcp-snoop)#ip dhcp snooping {enable Enables the DHCP snooping

| disable} function globally.
4-38

3 ZXR10(config-dhcp-snoop)#ip dhcp snooping clear Clears the entities in the DHCP

snooping binding database
manually.
4 ZXR10(config)#dhcp-snoop Enters DHCP snooping VLAN

ZXR10(config-dhcp-snoop)#vlan2 configuration mode.
5 ZXR10(config-dhcp-snoop-vlan1)#ip dhcp snooping Adds a user binding entity

binding <mac-address><ipv4-address>[gateway-address>]<in to the DHCP snooping
terface-name> infinite binding database manually.
config-dhcp-snoop-vlan1
ZXR10(config-dhcp-snoop-vlan1)#no ip dhcp snooping
means that the VLAN ID is 1.
binding <mac-address>
6 ZXR10(config-dhcp-snoop)#ip dhcp snooping information Configures the format of

format {china-tel | dsl-forum} Option82 inserted in DHCP
packets during DHCP snooping
forwarding.
7 ZXR10(config-dhcp-snoop)#ip dhcp snooping information Configures whether to insert

option Option82 in DHCP packets
during DHCP snooping
forwarding.
8 ZXR10(config-dhcp-snoop)#ip dhcp snooping information Maintains or replaces the

policy {keep | replace} existing Option82 when
Option82 has been inserted in
DHCP packets.
9 ZXR10(config-dhcp-snoop)#ip dhcp snooping max-user Configures the maximum

<max-user> number of users supported by
DHCP snooping.
10 ZXR10(config-dhcp-snoop)#ip dhcp snooping ramble Configures the DHCP snooping

roaming function.
11 ZXR10(config-dhcp-snoop)#ip dhcp snooping trust Configures the interface

[<interface-name>] connected to the DHCP server
to a trusted interface.
12 ZXR10(config-dhcp-snoop)#vlan [<vlan-id>] Enters DHCP snooping VLAN

configuration mode.
13 ZXR10(config-dhcp-snoop-vlan1)#ip dhcp snooping Enables DHCP snooping

enable function in the specified VLAN
range.
14 ZXR10(config-dhcp-snoop-vlan1)#ip dhcp snooping Disables DHCP snooping

disable function in the specified VLAN
range.
4-39

15 ZXR10(config-dhcp-snoop)#ip dhcp snooping verify mac Configures the ether mac and
bootp mac verification function
for DHCP snooping.
16 ZXR10(config-dhcp-snoop)#ip dhcp snooping file Downloads the DHCP snooping

download database configured.
17 ZXR10(config-dhcp-snoop)#ip dhcp snooping file server Configures the address of the

{ftp|tftp}[ipv6][vrf<name>]<URL> FTP or TFTP server for the
DHCP snooping user table.
18 ZXR10(config-dhcp-snoop)#ip dhcp snooping file timeout Configures the time-out

<time> period of the DHCP snooping
database.
19 ZXR10(config-dhcp-snoop)#ip dhcp snooping file upload Configures the time when to

time <time> upload information.
20 ZXR10(config-dhcp-snoop)#ip dhcp snooping file localdir Configures the download

<directory-name> directory for the local server.
21 ZXR10(config-dhcp-snoop)#ip dhcp snooping file Downloads the DHCP snooping

localload database binding table. It is
necessary to configure the
download directory in advance.
22 ZXR10(config-dhcp-snoop-if)#ip dhcp snooping Configures the maximum

max-user <max-user> number of users supported by
DHCP snooping.
23 ZXR10(config-dhcp-snoop-if)#ip dhcp snooping trust Sets the interface to be trusted

by the DHCP server.
24 ZXR10(config-dhcp-snoop-if)#ip dhcp snooping Configures the maximum

packet-rate <rate> DHCP packet rate.
25 ZXR10(config-dhcp-snoop-if)#ip dhcp snooping sleep Configures the DHCP packet

<time> dampening time for the
interface.
26 ZXR10(config)#dhcpv6-snoop Enters DHCPv6 snooping

configuration mode from global
configuration mode.
27 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping enable Enables the DHCPv6 snooping

function globally.
28 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping clear Clears the DHCPv6 snooping

entries in the binding database
manually.
4-40

29 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping Adds binding entries to the

binding <mac>vlan <vlan>{<ipv6 address>|<ipv6 DHCPv6 snooping binding
addressprefix>}<interface-number>[infinite] database.
30 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping Configures the maximum

DHCPv6 snooping.
31 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping ramble Enables the DHCPv6 snooping

roaming function.
32 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping trust Sets the DHCPv6 server

[<interface-name>] interface to a trusted interface.
33 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping vlan Enables the DHCPv6 snooping

<vlan> function in the special VLAN
range.
34 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Downloads the DHCPv6

download snooping database configured.
35 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Configures the address of the

server {ftp|tftp}[ipv6][vrf<name>]<URL> FTP or TFTP server for the
DHCPv6 snooping user table.
36 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Configures the time-out period

timeout <time> of the DHCPv6 snooping
database.
37 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Configures the time when to

upload time <time> upload information.
38 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Configures the download

localdir <directory-name> directory for the local server.
39 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Downloads the DHCPv6

localload snooping database binding
table. It is necessary to
configure the download
directory in advance.
40 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Configures the maximum

DHCPv6 snooping
41 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Sets the interface to be trusted

trust by the DHCPv6 server.
42 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Configures the maximum

packet-rate <rate> DHCPv6 packet rate.
4-41

43 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Configures the user-defined

interface-id <interface-id> interface ID format for the
DHCPv6 snooping interface.
44 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping intfid-f Sets the interface ID format in

ormat {china-tel|dsl-forum|telenor|user-configuration} Option18/37 to the Option18/37
format.
45 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping Configures the enterprise ID in

remoteid-number <enterprise-number> Option18/37.
46 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping Configures the enterprise name

remoteid-string <enterprise-string> in Option18/37.
47 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Configures the DHCPv6

sleep <time> packet dampening time for the
interface.
48 ZXR10(config)#ip-source-guard Enters ip-source-guard

configuration mode from
global configuration mode.
49 ZXR10(config-ip-source-guard)#ip-source-guard Enables the ip-source-guard

<interface-name>{ip-base | mac-base | mac-ip-base }[vlan filtering function for an interface.
{<vlan_id>|default}]
ZXR10(config-ip-source-guard)#no ip-source-guard Disables the ip-source-guard

<interface-name> filtering function for an interface.
50 ZXR10(config-dhcp-snoop)#ip dhcp snooping logging [off Configures the DHCP snooping

| on] log function.
<mac> MAC address of the user.
<vlan> VLAN which the user belongs to.
<ip address> IP address bound to DHCP.
<gateway ip address> IP address of the gateway.
<interface-number> Serial number of a physical interface, such as fei, gei, and

smartgroup
china-tel Option82 format of China Telecom.
dsl-forum Option82 format of the DSL forum.
4-42

keep Maintains Option82, and transmits it transparently.
replace Replaces Option82.
<max-user> Maximum number of users supported by the DHCP snooping

board, range: 1–256000.
<interface-name> Serial number of a physical interface, such as gei, and

smartgroup
<vlan> VLAN which a user belongs to, range: 1-4094.
[ftp/tftp] Server type.
[ipv6] Whether to use the IPv6 service.
<name> VRF instance name.
<URL> URL address.
<time> Database time-out period, range: 1–2147483647.
4-43

<directory-name> Directory name, range: 1–32 characters. This command

creates a folder automatically.
The directory must not be null. The first character must be /,
and the last character must not be /. Only one-level directory
is supported.
<max-user> Maximum number of users supported by DHCP snooping,

range: 1–32000.
<rate> Maximum packet rate on the interface, range: 1–2048.
<time> Dampening time, range: 0–3600.
<mac> MAC address of the user.
<vlan> VLAN which the user belongs to.
<ipv6 address> IPv6 address bound to DHCP.
<interface-number> Serial number of a physical interface, such as fei, and

smartgroup.
infinite Permanent.

range: 1–256000.
<interface-name> Physical interface, for example, fei, gei, and smartgroup.
4-44

<vlan> VLAN which a user belongs to, range: 1–4094.
{ftp|tftp} Server type.
[ipv6] Whether to use the IPv6 service.
<name> VRF instance name.
<URL> URL address.
<directory-name> Directory name, range: 1–32 characters. This command

creates a folder automatically.
The directory must not be null. The first character must be /,
and the last character must not be /. Only one-level directory
is supported.

range: 1–32000.
<rate> Maximum packet rate for the interface, range: 1–2048.
4-45

<time> Dampening time, range: 0–3600.
<interface-name> Interface name.
mac-base Filters packets based on the MAC address.
ip-base Filters packets based on the source IP address.
mac-ip-base Filters packets based on the source IP address and MAC

address.
default Default VLAN ID (65535).
<vlan_id> VLAN ID, range: 1–4094.
4.4.3 Maintaining DHCP Snooping

To maintain the DHCP snooping function on the ZXR10 5900E, run the following
commands.
Command Function
ZXR10(config)#show ip dhcp snooping configure Displays the global configuration

information about DHCP snooping.
ZXR10(config)#show ip dhcp snooping database Displays the information about the

[<interface-name>] DHCP snooping database.
ZXR10(config)#show ip dhcp snooping ramble Displays the configuration

snooping roaming function.
ZXR10(config)#show ip dhcp snooping trust Displays the DHCP snooping

trusted interfaces.
ZXR10(config)#show ip dhcp snooping vlan [<vlan>] Displays the DHCP snooping state
of a VLAN.
ZXR10(config)#show ipv6 dhcp snooping configure Displays the global configuration

information about DHCPv6
snooping.
ZXR10(config)#show ipv6 dhcp snooping database Displays the information about the
[<interface-name>] DHCPv6 snooping database.
ZXR10(config)#show ipv6 dhcp snooping interface Displays the interface

configuration information about
DHCPv6 snooping.
4-46

Command Function
ZXR10(config)#show ipv6 dhcp snooping ramble Displays the configuration

information about the DHCPv6
snooping roaming function.
ZXR10(config)#show ipv6 dhcp snooping trust Displays the DHCPv6 snooping

trusted interfaces.
ZXR10(config)#show ipv6 dhcp snooping vlan [<vlan>] Displays the DHCPv6 snooping
state of a VLAN.
For a description of the parameters, refer to the following table:
interface-name Serial number of a physical interface , such as fei, gei, and

smartgroup
vlan VLAN which a user belongs to.
The following shows the output of the show ip dhcp snooping configure command:
ZXR10(config)#show ip dhcp snooping configure
DHCP snooping configure information
Global state :disable(stop)
Mac-verifying state :disable
Not insert relay information in BOOTREQUEST
Relay information policy :keep
Relay information format :china-tel
Support max user :2048
The following shows the output of the show ip dhcp snooping database command:
ZXR10(config)#show ip dhcp snooping database smartgroup1
Current bind users are: 1

Index : 1
MAC addr: 0000.1111.2222
Vpls :
Vlan : 1
Internal-vlan: 0
State : static
Interface : smartgroup1
IP addr : 1.1.1.1 expiration infinite
Option82 :
Gateway IP : 2.2.2.2
The following shows the output of the show ip dhcp snooping ramble command:
ZXR10(config)#ip dhcp snooping ramble
ZXR10(config)#show ip dhcp snooping ramble
4-47

Current DHCP snooping user ramble state : enable
The following shows the output of the show ip dhcp snooping trust command:
Interface State
-------------------------------------------
gei_0/1/1/1 Trusted
The following shows the output of the show ip dhcp snooping vlan command:
ZXR10(config)#show ip dhcp snooping vlan
DHCP snooping state on VLANs
VLAN State
-------------------------------------------
1 disable
2 disable
10 enable
The following shows the output of the show ipv6 dhcp snooping configure command:
ZXR10(config-dhcpv6-snoop)#show ipv6 dhcpsnooping configure
DHCPv6 snooping configure information
DHCPv6 snooping globally state : disable(stop)
snooping support max user : 2048
remote-id enterprise number : 0
remote-id string :
interface-id format
The following shows the output of the show ipv6 dhcp snooping database command:
ZXR10(config-dhcpv6-snoop)#show ipv6 dhcp snooping database
Current bind users are: 1
Index : 1
MAC addr: 0000.1111.2222
Vpls :
Vlan : 1
Internal-vlan: 0
State : static
Interface : smartgroup1
IPv6 addr : 2:3::2:3 expiration infinite
The following shows the output of the show ipv6 dhcp snooping interface command:
ZXR10(config)#show ipv6 dhcp snooping interface smartgroup1

Name : smartgroup1
Index : 13
Trust status : Untrusted
User quota : 2048
Packet speed : 2048(pps)
Sleep time : 3600(s)
Current bind users: 0
4-48

Interface-id :
The following shows the output of the show ipv6 dhcp snooping ramble command:
ZXR10(config-dhcpv6-snoop)#show ipv6 dhcp snooping ramble
Current DHCPv6 snooping user ramble state :disable
The following shows the output of the show ipv6 dhcp snooping trust command:
ZXR10(config)#show ipv6 dhcp snooping trust
Interface State
-------------------------------------------
gei_0/1/1/1 Trusted
The following shows the output of the show ipv6 dhcp snooping vlan command:
ZXR10(config)#show ipv6 dhcp snooping vlan
DHCPv6 snooping state on VLANs
VLAN State
-------------------------------------------
1 disable
2 disable
10 enable
4.4.4 DHCP Snooping Configuration Examples

4.4.4.1 Enabling DHCP Snooping Globally
The network topology is shown in Figure 4-7.
Figure 4-7 Enabling DHCP Snooping Globally
Note:
The network topology is suitable for all the configuration examples in this section
Configuration Flow
1. Enter DHCP snooping configuration mode.
2. Enable and disable the DHCP snooping function globally.
4-49

ZXR10(config)#dhcp-snoop
ZXR10(config-dhcp-snoop)#ip dhcp snooping enable
ZXR10(config-dhcp-snoop)#no ip dhcp snooping enable
ZXR10(config-dhcp-snoop)#exit
Check the DHCP snooping global configuration information as follows:
ZXR10(config-dhcp-snoop)#show ip dhcp snooping configure
Global state :enable(running)
4.4.4.2 Enabling DHCP Snooping in a VLAN
Figure 4-7 shows the network topology.
Configuration Flow
2. Enable the DHCP snooping function globally.
3. Enable and disable the DHCP snooping function in a specified VLAN.
ZXR10(config-dhcp-snoop)#ip dhcp snooping vlan 1
ZXR10(config-dhcp-snoop)#no ip dhcp snooping vlan 1
Check the DHCP snooping states in VLANs as follows:
ZXR10(config)#show
ip dhcp snooping vlan
DHCP snooping state on VLANs
VLAN State
-------------------------------
4-50

1 enable
2 enable
3 enable
4 enable
4.4.4.3 Configuring DHCP Snooping Option82
Configuration Flow
2. Enable the DHCP snooping function, and insert Option82 to DHCP packets. By
default, Option82 is not inserted.
ZXR10(config-dhcp-snoop)#ip dhcp snooping information option
ZXR10(config-dhcp-snoop)#no ip dhcp snooping information option
Check the DHCP snooping configuration information as follows:
DHCP snooping configure
information
4.4.4.4 Configuring DHCP Snooping Option82 Format
The network topology is shown in Figure 4-8.
4-51

Figure 4-8 Configuring DHCP Snooping Option82 Format
Configuration Flow
2. Configure the format of Option82 inserted to DHCP packets, including CHINA-TEL and
DSL-FORUM. The default format is CHINA-TEL. Run the corresponding no command
to restore the default format.
ZXR10(config-dhcp-snoop)#ip dhcp snooping information format
{china-tel | dsl-forum}
ZXR10(config-dhcp-snoop)#no ip dhcp snooping information format
information
4.4.4.5 Configuring DHCP Snooping Option82 Policy
Configuration Flow
2. Configure the policy to handle a DHCP packet when Option82 is has been inserted
to DHCP packets in which Option82 information exists. There are two policies,
maintaining Option82, or replacing Option82. Run the corresponding no command
to restore the default policy.
4-52

ZXR10(config-dhcp-snoop)#ip dhcp snooping information policy replace
ZXR10(config-dhcp-snoop)#no ip dhcp snooping information policy
information
4.4.4.6 Configuring DHCP Snooping Trusted and Untrusted Interfaces
Configuration Flow
2. Configure an interface on the DHCP server as a trusted interface. Configure other
interfaces as untrusted interfaces.
ZXR10(config-dhcp-snoop)#ip dhcp snooping trust gei-0/1/1/1
ZXR10(config-dhcp-snoop)#no ip dhcp snooping trust gei-0/1/1/1
Check the DHCP snooping interface state as follows:
ZXR10(config)#show ip dhcp snooping trust
Interface State
---------------------------------------------------
gei-0/1/1/1 Trusted
4-53

4.4.4.7 Configuring DHCP Snooping Binding
Configuration Flow
2. Add binding entities to the DHCP snooping database manually. Run the corresponding
no command to delete the binding entities from the database.
ZXR10config-dhcp-snoop)#vlan 2
ZXR10(config-dhcp-snoop-vlan2)#ip dhcp snooping binding
0010.9400.0001 1.2.3.4 gei-0/1/1/1 infinite
ZXR10(config-dhcp-snoop-vlan2)#no ip dhcp snooping binding 0010.9400.0001
Check the binding information in the DHCP Snooping database as follows:
ZXR10(config)#show ip dhcp snooping database
user total: 1
Index : 1
MAC addr: 0010.9400.0001
Vpls :
Vlan : 2
Internal-vlan: 0
State : static
Interface : gei-0/1/1/1
IP addr : 1.2.3.4 expiration 02:46:33
Option82
Gateway IP :
4.4.4.8 Clearing DHCP Snooping Binding Entities
Configuration Flow
2. Clear the entities in the DHCP snooping database manually.
4-54

ZXR10(config-dhcp-snoop)#ip dhcp snooping clear
ZXR10(config-dhcp-snoop)#ip dhcp snooping clear gei-0/1/1/1
Check the information in the DHCP Snooping database as follows:
ZXR10(config)#show ip dhcp snooping database
4.4.4.9 Configuring DHCP Snooping Ramble
Configuration Flow
2. Enable the DHCP snooping roaming function, so that users can be changed over on
different physical interfaces. By default, the roaming function is disabled.
ZXR10(config-dhcp-snoop)#ip dhcp snooping ramble
ZXR10(config-dhcp-snoop)#no ip dhcp snooping ramble
Check the configuration information of the DHCP snooping roaming function as follows:
ZXR10(config-dhcp-snoop)#show ip dhcp snooping ramble
Current DHCP snooping user ramble state :
ramble state: enable
4.4.4.10 Configuring the Maximum Number of DHCP Snooping Users
Configuration Flow
4-55

2. Configure the maximum number of DHCP snooping users. By default, the maximum
number of users supported on a board is 2048.
3. Enable the DHCP snooping function globally.
ZXR10(config-dhcp-snoop)#no ip dhcp snooping enable
ZXR10(config-dhcp-snoop)#ip dhcp snooping max-user 2
ZXR10(config-dhcp-snoop)#no ip dhcp snooping max-user
Check the DHCP Snooping configuration information as follows:
Support max user :2
4.4.4.11 Configuring DHCP Snooping Source MAC Authentication
Configuration Flow
2. Enable the ether mac and bootp mac verification function for DHCP snooping. If the
ether mac and bootp mac are not the same, the packet will be dropped.
ZXR10(config-dhcp-snoop)#ip dhcp snooping verify-mac
ZXR10(config-dhcp-snoop)#no ip dhcp snooping verify-mac
Check the DHCP Snooping configuration information as follows:
4-56


Support max user :2
4.4.4.12 Uploading, Downloading, and Restoring the User Binding Table
Figure 4-7 shows the network topology. An available FTP or TFTP server must be provided
on the network.
Configuration Flow
2. Configure the storage directory of the user binding table.
3. Start the write timer.
4. Configure the IP address of the FTP or TFTP server.
5. Configure the upload timer for the FTP or TFTP server.
6. Restore the use binding table through the local configuration if necessary after the
device is restarted.
7. Restore the user binding table through downloading the table if necessary after the
device is restarted.
ZXR10(config-dhcp-snoop)#ip dhcp snooping file localdir /flash
ZXR10(config-dhcp-snoop)#ip dhcp snooping file timeout 5
ZXR10(config-dhcp-snoop)#ip dhcp snooping file server ftp //2.1.1.101/
dhcp.xml@root:root
ZXR10(config-dhcp-snoop)#ip dhcp snooping file upload time 10
ZXR10(config-dhcp-snoop)#ip dhcp snooping file localload
ZXR10(config-dhcp-snoop)#ip dhcp snooping file download
ZXR10(config-dhcp-snoop)#show running-config dhcp-snoop
!<dhcp-snoop>
dhcp-snoop
ip dhcp snooping file localdir /flash
ip dhcp snooping file timeout 5
4-57

ip dhcp snooping file upload time 10

ip dhcp snooping file server ftp //2.1.1.101/dhcp.xml@root:root
vlan 2
ip dhcp snooping enable
$
$
!</dhcp-snoop>
4-58

Chapter 5
TCPv4 Configuration
Table of Contents
TCPv4 Overview ........................................................................................................5-1
Configuring TCPv4 .....................................................................................................5-1
Maintaining TCPv4 .....................................................................................................5-4
5.1 TCPv4 Overview

Transfer Control Protocol (TCP)v4 is a kind of IPv4 protocols, which is a
connection-oriented full-duplex data transmission control protocol. It is a service for
byte flow. By means of TCPv4, the reliable guarantee is provided for network data
transmission. TCPv4 usually applies to the applications concerning data transmission
quality and result.
TCPv4 uses a mechanism that is similar to virtual connection. Make sure that both of
two ends prepare well and the acknowledgement and retransmission methods can ensure
the transmission safety before starting data transmission. The acknowledgement that the
last packet is already received has to be received by the sender before it sends the new
packet. This is a transmission method more reliable than UDP. Windowing can improve
network throughput a lot. Congestion control, fast retransmission and so on can solve the
time delay and retransmission problems well. State machine and timer mechanism are
the key guarantee for TCP data transmission.
5.2 Configuring TCPv4

To configure the TCPv4 function on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#ip tcp synwait-time <seconds> Configures the waiting time for

establishing a TCP connection.
ZXR10(config)#no ip tcp synwait-time
Unit: seconds, range: 30–80,
default: 30 seconds.
The setting is invalid for the
current TCP connection.
Use the no command to restore
the default value.
5-1

2 ZXR10(config)#ip tcp window-size <bytes> Configures the TCP window

size. Unit: seconds, range:
ZXR10(config)#no ip tcp window-size
100–65535, default: 32678
bytes.
It is invalid for the TCP
connections that have been
established.
the default value.
3 ZXR10(config)#ip tcp finwait-time <seconds> Configures the time to wait to

close a TCP connection. Unit:
ZXR10(config)#no ip tcp finwait-time
seconds, range: 100–600,
default: 150 seconds.
the default value.
4 ZXR10(config)#ip tcp synflood-protect enable Enables the TCP protection

function. By default, the
ZXR10(config)#no ip tcp synflood-protect enable
function is disabled.
5 ZXR10(config)#ip tcp mss<bytes> Configures the TCP MSS.

Range: 68–10000, unit: bytes.
6 ZXR10(config)#ip tcp synflood-protect defence Configures a defence policy,

{<defence-parameter-0> waittime <wait-time> num the SYN wait time, and the
<half-connect-numbers>|<defence-parameter-1> num number of half-connections. In
<half-connect-numbers>|<defence-parameter-2> waittime the default configuration, the
<wait-time>} protection policy is that the
SYN wait time decrements, and
ZXR10(config)#no ip tcp synflood-protect defence
the old half-connections are
deleted. By default, the SYN
wait time is 30 seconds, the
number of half-connections is
1.
7 ZXR10(config)#ip tcp synflood-protect max-connect {[high Configures the threshold of total

<number>][low <number>]} connections for the system.
ZXR10(config)#no ip tcp synflood-protect max-connect
8 ZXR10(config)#ip tcp synflood-protect one-minute{[high Configures the threshold of

<number>][low <number>]} total connections in one minute
for the system.
ZXR10(config)#no ip tcp synflood-protect one-minute
9 ZXR10#clear tcp connect {<local-ip-address>|mng Deletes a TCP connection.

<local-ip-address>|vrf <vrf-name><local-ip-address>}<local-p
ort><remote-ip-address><remote-port>
5-2

Chapter 5 TCPv4 Configuration
10 ZXR10#clear tcp statistics Clears TCP statistics.
11 ZXR10#clear tcp tcb <tcb-index> Clears the information about

the TCB.
Tcb-index: TCB index, range:
1–4294967295.
<defence-parameter-0> Defence policy 0, meaning decrementing the SYN wait time

and deleting the old half-connections.
<wait-time> SYN wait time, unit: seconds, range: 1–80, default: 30

seconds.
<half-connect-numbers> Number of half-connection, range: 1–65535, default: 1.
<defence-parameter-1> Defence policy 1, meaning deleting the old half-connections.
<half-connect-numbers> Number of half-connection, range: 1–65535, default: 1.
<defence-parameter-2> Defence policy2, meaning decrementing the SYN wait time.
<wait-time> SYN wait time, unit: seconds, range: 1–80, default: 30

seconds.
high <number> Range: 1–100, default: 90.
low <number> Range: 1–100, default: 60.
high <number> Range: 1–100, default: 80.
low <number> Range: 1–100, default: 50.
mng Sets the local IP address as the management interface

address.
vrf <vrf-name> Name of the VRF instance which the IP address belongs to,
range: 1–16 characters.
5-3

<local-host-address> Local IP address, in dotted decimal notation.
<local-port> Local port number, range: 1–65535.
<remote-ip-address> Remote IP address, in dotted decimal notation.
<remote-port> Remote port number, range: 1–65535.
5.3 Maintaining TCPv4

To maintain the TCPv4 function on the ZXR10 5900E, run the following commands.
Command Function
ZXR10# show tcp Displays the information about TCP

connections.
ZXR10# show tcp brief Displays the brief information about all
TCP connections.
ZXR10# show tcp config Displays TCP configuration information.
ZXR10# show tcp statistics Displays statistics at the TCP layer.
ZXR10# show tcp tcb <tcb-index> Displays the information about the
corresponding of a specified TCB.
ZXR10# show tcp synflood-protect config Displays the configuration information

about the TCP SYN flood protection
function.
ZXR10# show tcp synflood-protect statistics Displays statistics of the TCP SYN flood
protection function.
ZXR10# show tcp synflood-protect all Displays all information about the TCP
SYN flood protection function in the
system.
ZXR10#show sockets Displays all sockets, including the

sockets based on TCP, UDP, and raw IP.
Run the show tcp command to display the information about TCP connections, including
local and remote IP address, port number, states of timers, and packets sent. The following
shows the output of the show tcp command:
ZXR10#show tcp
Stand-alone TCP connection from host 192.168.109.6
Connection state is ESTABLocal host: 192.168.5.1, Local port: 22
Foreign host: 192.168.109.6, Foreign port: 2335
Event Timers (Current time is 0x12a34e6):
5-4

Timer Starts Wakeups

Retrans 33 0
TimeWait 0 0
AckHold 16 0
KeepAlive 30 30
Persist 0 0
SynWait 1 0
FinWait 0 0
iss: 588787704 snduna: 588790029 sndnxt: 588790081 sndwnd: 15656

irs: 3358386391 rcvnxt: 3358388028 rcvwnd: 32768
SRTT: 555 ms, RTTO: 395 ms, KRTT: 395 ms
minRTT: 10 ms, maxRTT: 690 ms, ACK hold: 200 ms
Flags: Passive open
Datagrams (max data segment is 1460 bytes):

Rcvd: 34 (out of order: 0), with data: 21, total data bytes: 1636
Sent: 33 (retransmit: 0), with data: 29, total data bytes: 2376
Field Description
Local host: 192.168.5.1, Local port: Local address and port.

22
Foreign host: 192.168.109.6, Foreign Remote address and port.

port: 2335
Timer Starts Wakeups Timer state.
iss: 588787704 snduna: 588790029 Packet state of the sending window

sndnxt: 588790081 sndwnd: 15656
irs: 3358386391 rcvnxt: 3358388028 Packet state of the receiving window

rcvwnd: 32768
SRTT: 555 ms, RTTO: 395 ms, KRTT: Times used for sending or receiving packets, and
395 ms minRTT: 10 ms, maxRTT: retransmission time-out period of the connection.
690 ms, ACK hold: 200 ms
Flags: Passive open Mode of opening the connection.
Rcvd: 34 (out of order: 0), with data: Numbers of packets received and bytes.
21, total data bytes: 1636
Run the show tcp brief command to display the brief information about all TCP connections,
including TCB, and IP addresses of sender and receiver. The following shows the output
of the show tcp brief command:
ZXR10#show tcp brief

TCB Local Address Foreign Address State
5-5

9 192.168.5.4:23 192.168.109.6:2382 ESTAB

11 169.1.5.4 : 23 169.1.110.5:3183 ESTAB
10 192.168.5.4:23 192.168.110.5:3182 ESTAB
7 169.1.5.4:23 169.1.108.5:1380 ESTAB
Field Description
TCB Index of a TCB.
Local Address Local IP address and port.
Foreign Address Remote IP address and port.
State State of a TCP connection.
Run the show tcp config command to display TCP configuration information, including the
wait time for establishing and disconnecting a connection, the length of the wait queue,
and the window size. The following shows the output of the show tcp config command:
ZXR10#show tcp config
TCP SYNWAIT: 30
TCP FINWAIT: 150
TCP WINDOWSIZE: 32768
Field Description
TCP SYNWAIT: 30 Wait time of SYN packets for the TCP connection, unit:
seconds.
TCP FINWAIT: 150 Wait time of FIN packets for the TCP connection, unit:
seconds.
TCP WINDOWSIZE: 32768 Size of the receiving window for the TCP connection, unit:
bytes.
Run the show tcp statistics command to display statistics at the TCP layer, including the
number of packets received, the number of error packets, and the numbers of various
packets. The following shows the output of the show tcp statistics command:
ZXR10#show tcp statistics
Rcvd: 2966 Total, 0 no port
0 checksum error, 0 bad offset, 0 too short
2955 packets (12107 bytes) in sequence
0 out-of-order packets (0 bytes)
0 packets (0 bytes) with data after window
0 packets after close
0 window probe packets, 2058 window update packets
38 dup ack packets, 0 ack packets with unsend data
2960 ack packets (12123 bytes)
5-6

Sent: 2420 Total, 0 urgent packets

172 control packets (including 126 retransmitted)
2124 data packets (70207 bytes)
468 data packets (10748 bytes) retransmitte)
30 ack only packets (0 delayed)
0 window probe packets, 64 window update packets
42 Connections initiated, 4 connections accepted,
4 Connections established, 41 connections closed ,
594 Total rxmt timeout, 0 connections dropped in rxmt timeout
0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepalive
Field Description
Rcvd: 2966 Total, 0 no port 0 Total number of packets received, including the numbers of
checksum error, 0 bad offset, 0 too various packets, and error packets (for example, the packets
short,2955 packets (12107 bytes) in containing ports that do not exist, and packets containing
sequence,0 out-of-order packets (0 checksum errors or offset errors.)
bytes),0 packets (0 bytes) with data
after window,0 packets after close,0
window probe packets, 2058 window
update packets,38 dup ack packets,
0 ack packets with unsend data,2960
ack packets (12123 bytes)
Run the show tcp tcb <tcb-index> command to display the information about the
corresponding of a specified TCB. The following shows the output of the show tcp tcb
<tcb-index> command:
ZXR10#show tcp tcb 2
Stand-alone TCP connection from host 169.1.109.6
Connection state is ESTAB
Local host: 169.1.5.5, Local port: 23
Foreign host: 169.1.109.6, Foreign port: 4655
Event Timers (Current time is 0xa452ae):

Timer Starts Wakeups
Retrans 330 1
TimeWait 0 0
AckHold 55 6
KeepAlive 250 398
Persist 0 0
SynWait 1 0
FinWait 0 0
iss: 1573322500 snduna: 1573324458 sndnxt: 1573324460 sndwnd: 15932
5-7

irs: 927338897 rcvnxt: 927339017 rcvwnd: 32768

SRTT: 569 ms, RTTO: 466 ms, KRTT: 466 ms
minRTT: 9 ms, maxRTT: 1105 ms, ACK hold: 200 ms
Flags: Passive open
Field Description
show tcp tcb 2 Displays the information about the corresponding of TCB
2. For the field descriptions, refer to that of the show tcp
command.
Run the show tcp synflood-protect config command to display configuration information
about the TCP SYN flood protection function, including whether the protection function is
enabled, the connection wait time, the number of half-connections, and the threshold of
total connections. The following shows the output of the show tcp synflood-protect config
command:
ZXR10# show tcp synflood-protect config
synflood-prevnet is enable
prevent means is quickening the tcp connect aging
and deleting the old tcp half connect
syn-waittime is 600 (seconds)
old-half-connect is 500
max-connect high limit is 90%
max-connect low limit is 70%
one-minute high limit is 80%
one-minute low limit is 50%
Field Description
syn-flood-prevnet is enable The TCP SYN flood protection function is enabled.
prevent means is quickening the tcp Decrements the syn wait time, and deletes the old
connect aging and deleting the old half-connections.
tcp half connect
syn-waittime is 600 The connection wait time is 600 seconds.
max-connect high limit is 90% The high threshold of total connections is 90.
one-minute low limit is 50% The low threshold of connections in one minute is 50.
Run the show tcp synflood-protect statistics command to display statistics of the TCP SYN
flood protection function. The following shows the output of the show tcp synflood-protect
statistics command:
ZXR10#show tcp synflood-protect statistics
MPU:Main Processing Unit
5-8

maxcon:current total connect maxhcon:current total half connect

onecon:oneminute connect onehcon:oneminute half connect
maxper:maxcon/tolcon*100% oneper:onecon/tolcon*100%
tolcon:max connect of the cpu allowed
CPU status maxcon maxhcon onecon onehcon tolcon maxper oneper
MPU safety 1 0 0 0 3072 0.03% 0.00%
Run the show tcp synflood-protect all command to display all information about the TCP
SYN flood protection function in the system. The following shows the output of the show
tcp synflood-protect all command:
ZXR10# show tcp synflood-protect all
configuration infomation:
syn-flood-prevnet is enable
prevent means is quickening the tcp connect
aging and deleting the old tcp half connect
syn-waittime is 600 (seconds)
old-half-connect is 500
max-connect high limit is 90%
max-connect low limit is 70%
one-minute high limit is 80%
one-minute low limit is 50%
statistics infomation:
MP:Manage Processor RP:Routing Processor
maxcon:current total connect maxhcon:current total half connect
onecon:oneminute connect onehcon:oneminute half connect
maxper:maxcon*100/tolcon*100% oneper:onecon*100/tolcon*100%
tolcon:max connect of the cpu allowed
CPU status maxcon maxhcon onecon onehcon tolcon maxper oneper
MP safety 2 0 0 0 3072 0f 0f(null)
For a description of the fields, refer to those of the show tcp synflood-protect config and
show tcp synflood-protect statics commands.
Run the show sockets commands to display all sockets. The following shows the output of
the show sockets command:
ZXR10#show sockets
Proto Local Address Foreign Address In Out State
IPv4 TCP 0.0.0.0:23 *:* 0 0 LISTEN
IPv4 UDP 0.0.0.0:3503 *:* 0 0
IPv4 RAW(112) 0.0.0.0:* *:* 0 0
IPv6 TCP 0:0:0:0:0:0:0:0:23 *:* 0 0 LISTEN
IPv6 UDP 0:0:0:0:0:0:0:0:161 *:* 0 0
IPv6 RAW(58) 0:0:0:0:0:0:0:0:33024 *:* 0 0
5-9

5-10

Chapter 6
UDPv4 Configuration
UDPv4 is a kind of user data protocols. It is a simple data transmission protocol. Its
transmission mechanism is irresponsible that it sends the data out but can not ensure the
data is received by destination. Additionally, its retransmission, error correction and so on
functions are decided by the applications of upper layer.
UDPv4 establishes connection between two application programs by combining

source/destination ports and IP addresses. It is a connectionless data transmission
mechanism. That is to say, no echo information is provided when data is transmitted. The
sender does not care about the data transmission validity, and the receiver reassembles
the data packet according to the sequence number containing in data segments. The
upper layer program can retransmit the entity packet if a data segment is not received.
6-1

6-2

Chapter 7
Cluster Management
Configuration
Table of Contents
Cluster Management Overview ..................................................................................7-1
Configuring Cluster Management Configuration .........................................................7-1
Maintaining Cluster Management ...............................................................................7-3
Cluster Management Configuration Example..............................................................7-4
7.1 Cluster Management Overview

Cluster is a combination of a group of switches in a specific broadcast domain. This
group of switches forms a unified management domain which provides a public network
IP address and a management interface to the outside and provides the functions of
managing and accessing every member in the cluster.
Management switch is configured with public network IP address as a command switch
and other managed switches such as member switches. Public network IP address is not
configured for the member switch but a private address is assigned to the member switch
with similar DHCP function of the command switch. Command switch and member switch
form a cluster (private network).
It is recommended to isolate the broadcast domain of the public network and that of
the private network on the command switch, and shield the direct access to the private
address. The command switch provides a management and maintenance channel to the
outside to manage the cluster in a centralized and unified manner.
A broadcast domain is composed of four kinds of switches:
l Command switch
l Member switch
l Candidate switch
l Backup switch
7.2 Configuring Cluster Management Configuration

To configure Cluster Management, perform the following steps.
7-1

1 ZXR10(config)#group-management Enters cluster management

configuration mode
ZXR10(config-gm)#zdp enable This enables ZDP
ZXR10(config-gm)#zdp disable This disables ZDP
ZXR10(config-gm)#zdp holdtime This configures holdtime of

ZDP
ZXR10(config-gm)#zdp timer This configures time interval of

transmitting ZDP packets
2 ZXR10(config-gm)#ztp enable This enables ZTP
ZXR10(config-gm)#ztp disable This disables ZTP
ZXR10(config-gm)#ztp start This conducts once topology

collection
ZXR10(config-gm)#ztp hop This sets maximum hops of

ZTP topology collection
ZXR10(config-gm)#ztp hop-delay This sets each hop delay in

sending ZTP protocol packets
ZXR10(config-gm)#ztp port-delay This sets delay in sending ZTP

protocol packets on the port
ZXR10(config-gm)#ztp timer This sets ZTP timing topology

collection time
ZXR10(config-gm)#ztp vlan This conducts ZTP topology

collection on different VLANs
3 ZXR10(config-gm-if)#bind-ip-pool This binds pool of interface

addresses
ZXR10(config-gm)#group switch-type This configures type of a switch
ZXR10(config-gm)#group name This configures name of a

cluster
ZXR10(config-gm)#group handtime This configures the handshake

time
ZXR10(config-gm)#group holdtime This configures holdtime

between member switch
and command switch on a
commander switch
ZXR10(config-gm)#group member This adds a designated device

or MAC address as a member
on a commander switch
7-2

Chapter 7 Cluster Management Configuration
ZXR10(config-gm)#group tftp-server This configures the tftp server

on the cluster
ZXR10(config-gm)#group trap-host This configures the alarm

receiver of the cluster
ZXR10(config-gm)#group erase-member This deletes the member

configuration file from the
command switch
ZXR10(config-gm)#group save-member This saves the member

configuration on the command
switch
ZXR10(config-gm)#group refresh-member This refreshes the member on

the command switch
ZXR10(config-gm)#group reset-member This restarts the member on

the command switch
7.3 Maintaining Cluster Management

To maintain cluster management, perform the following steps.
Command Function
show zdp This shows configuration of ZDP
show zdp neighbour This shows detail of ZDP neighbors
show ztp This shows configuration of ZTP
show ztp device-list This shows device list of ZTP
show ztp device This shows designated device of ZTP
show ztp topology This shows topology of ZTP
show group This shows configuration of a cluster
show group candidate This shows candidate switch
show group member This shows members of a cluster
The following is a sample output from the show zdp neighbour command:
ZXR10(config)#show zdp neighbour
Peer-Mac Local-Port Hdtm Peer-Port Platform Hostname
-----------------------------------------------------------------------
0051.334E.5327 gei-0/1/1/1 162 gei-0/1/1/2 8900E ZXR10
7-3

7.4 Cluster Management Configuration Example

This example describes how to connect two devices to implement cluster management,
as shown inFigure 7-1.
Figure 7-1 Cluster Management Configuration Example
Configuration Flow
1. Create a ip pool of interface addresses.
2. Configure Switch1 as a command switch.
3. Configure Switch2 as a member switch.
Switch1 configuration:
ZXR10(config)#group-management
ZXR10(config-gm)#interface vlan1
ZXR10(config-gm-if-vlan1)#bind-ip-pool
ZXR10(config-gm-if-vlan1)#exit
ZXR10(config-gm)#group switch-type commander
ZXR10(config-gm)#group member device 1
ZXR10(config-gm)#show group members
Index MemID MacAddress IPAddr Mask Stat Hostname
----------------------------------------------------
1 1 0000.0205.0000 192.168.1.2 255.255.255.0 Up Mem1.ZXR10
7-4

Chapter 8
IPTV Configuration
Table of Contents
IPTV Overview ...........................................................................................................8-1
Configuring IPTV ........................................................................................................8-3
Maintaining IPTV ........................................................................................................8-9
IPTV Configuration Example ....................................................................................8-14
8.1 IPTV Overview

Internet Protocol Television (IPTV) is also called Interactive Network TV. IPTV is a
method of distributing television content over IP that enables a more customized and
interactive user experience. IPTV allows people who are separated geographically to
watch a movie together, while chatting and exchanging files simultaneously. IPTV uses
a two-way broadcast signal that is sent through the service provider's backbone network
and servers. It allows the viewers to select content on demand, and take advantage of
other interactive TV options. IPTV can be used through PC or "IP machine box + TV".
IPTV Service Architecture

For the IPTV service architecture, see Figure 8-1. The IPTV service mainly consists of
two layers: the service control layer and the service bearer layer. The service control layer
provides user management, service management, authentication, authorization, charging,
and program forecast functions and implements the control and management functions.
On the service bearer layer, the video source network provides the video coding function
and transmits the video service to the Metropolitan Area Network (MAN).
The IP MAN uses the IP unicast/broadcast function to transmit the video service to the
broadband access network. The broadband access network then operates with the
operation & management network to provide the access authentication management
function and the control function for joining in or leaving from a video broadcast group.
The video flow required by a user is granted. On the user side, when users watch TV
programs using the PC or TV+STB devices, the STB joins in the corresponding broadcast
group. The broadcast flow is transmitted to the STB through the xDSL or LAN cables.
The STB decode the flow and output the video to the PC or the TV set.
8-1

Figure 8-1 IPTV Service Architecture
IPTV access control

The IPTV access control mainly refers to user authentication. For an IPTV user, four rights
are available: view, preview, query, and deny. For a carrier, the access control means to
allow different users to view different programs. For example, if a user paid for a channel,
this user has the right to view the programs provided by the channel. If the user does not
pay for the channel, this user can only preview some programs provided by the channel
instead of viewing the programs.
For the convenience of managing the broadcast flow, a static channel list (or a package
list) needs to be created first, and then a static port rule table (CAC) needs to be created.
After they are created, channels or packages can be applied to the rule, which means that
some channels can be viewed, some can be previewed, and some can be queried.
The IPTV access and control process is as follows: A user client sends a report (join in) or
leave packet to the IPTV module. The IPTV module queries the corresponding CAC rule
according to the user port and the VLAN, and authenticates the channel rights requested
by the user. For the query packet received from a route port, the IPTV module queries the
corresponding CAC rule according to the route port and the VLAN, and authenticates the
query request. Authentication means to query the channel rights ( view, preview, query,
and deny) configured in a rule. After the rights is queried, the result is returned to the
IGMP Snooping for further processing. The following describes how the IGMP Snooping
processes different rights:
l For the view and preview rights: Add the port to which the user belongs to the
broadcast forwarding table.
l For the query rights: Broadcast the query packet to the VLAN to which the route port
belongs.
8-2

Chapter 8 IPTV Configuration
8.2 Configuring IPTV

Configuring IPTV Global Parameters
To configure IPTV global parameters on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#iptv Enters IPTV configuration

mode.
2 ZXR10(config-iptv)#control { enable | disable } Enables or disables the IPv4

IPTV function.
ZXR10(config-iptv)#ipv6 control { enable | disable } Enables or disables the IPv6

IPTV function.
3 ZXR10(config-iptv)#cac { enable | disable } Enables or disables the IPTV

CAC function.
4 ZXR10(config-iptv)#sms-server <server-ip> Configures the IP address of

the SMS server.
5 ZXR10(config-iptv)#sms-server-port < port-number> Configures the port of the SMS

server, Range: 1025–65535.
Configuring Global Parameters for IPTV Preview

To configure global parameters for IPTV preview on the ZXR10 5900E, perform the
following steps:
1 ZXR10(config-iptv)#prw { enable | disable } Enables or disables the IPTV

preview function.
2 ZXR10(config-iptv)#prw reset Resets the preview function.
3 ZXR10(config-iptv)#prw autoreset-time < HH:MM:SS> Configures the time when to

reset the IPTV preview function
automatically.
4 ZXR10(config-iptv)#prw recognition-time < recog-time> Configures preview recognition

time.
5 ZXR10(config-iptv)#prw overcout-cdr { enable | disable} Configures whether to generate

CDRs when the number of
preview times reaches the
maximum value.
<HH:MM:SS> Time when to reset the IPTV preview function automatically.
8-3

<recog-time> Range: 1–65535.
Configuring IPTV CDR Parameters

To configure IPTV CDR parameters on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#cdr { enable | disable } Enables or disables the CDR

function.
2 ZXR10(config-iptv)#cdr max-records < cdr-size> Configures the maximum

number of CDRs.
3 ZXR10(config-iptv)#cdr report Reports CDR manually.
4 ZXR10(config-iptv)#cdr report-interval < report-interval> Configures the interval of

reporting CDRs.
5 ZXR10(config-iptv)#cdr create-period < period> Configures the period to

generate CDRs for allowing
users to watch programs for
long time.
6 ZXR10(config-iptv)#cdr deny-right{ enable | disable} Configures whether to generate

CDRs when the access right is
set to deny.
7 ZXR10(config-iptv)#cdr prw-right { enable | disable} Configures whether to generate

CDRs when the access right is
set to preview.
8 ZXR10(config-iptv)#cdr warning-threshold < threshold Configures the alarm threshold

value> of the CDR buffer pool.
9 ZXR10(config-iptv)#cdr report-threshold < threshold Configures the threshold for

value> sending CDR. When the
number of CDRs reaches the
threshold, CDRs are sent.
<cdr-size> Range: 500–10000.
<report-interval> Range: 1–65535, unit: seconds.
8-4

<period> Range: 1–65535, unit: seconds.
<threshold value> Range: 1–100.
<threshold value> Range: 1–1000.
Configuring an IPTV Preview Profile

To configure an IPTV preview profile on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#view-profile name< viewfile-name> id Creates a preview profile.

<viewfile-id>
2 ZXR10(config-iptv)#view-profile name< viewfile-name> Configures the maximum

count <view-count> number of preview times.
3 ZXR10(config-iptv)#view-profile name< viewfile-name> Configures the maximum

duration <view-duration> duration for single preview.
4 ZXR10(config-iptv)#view-profile name< viewfile-name> Configures the minimum

blackout< view-interval> preview interval.
5 ZXR10(config-iptv)#no view-profile name <viewfile-name> Deletes a preview profile.

id <viewfile-id>
<viewfile-name> Name of a preview profile.
<viewfile-id> ID of a preview profile, range: 1–255.
<view-count> Range: 1–65535.
8-5

<view-duration> Range: 1–65535.
<view-interval> Range: 1–65535.
Configuring an IPTV Channels

To configure an IPTV channel on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#channel mvlan < vlan-id>{ group Creates an IPTV channel.

< group-ip>| ipv6-group < ipv6-group-ip >}[{ name <
channel-name >|[ id < channel-id>]}|{ count < count-value>[
prename < prename-str>]}]
2 ZXR10(config-iptv)#channel { name < channel-name>| Specifies a preview profile for

id <0-2047>}{viewfile-name < viewfile-name>| viewfile-id the channel.
< viewfile-id>}
3 ZXR10(config-iptv)#channel { id <0-2047>| name Enables or disables the log

<channel-name>} cdr{ enable | disable} function for the channel.
4 ZXR10(config-iptv)#no channel { id < channel-id>| name< Deletes a channel.

channel-name>}
5 ZXR10(config-iptv)#channel {name <channel-name>| id Configures bandwidth for the

<channel-id>} bandwidth <bandwidth value> channel. Default: 0, meaning
that the channel does not take
any bandwidth.
<vlan-id> MVLAN of the channel, range: 1–4094.
<group-ip> IPv4 multicast address.
<ipv6-group-ip> IPv6 multicast address.
<channel-name> Channel name.
<channel-id> Channel ID.
<count-value> Number of channels configured in batches.
<prename-str> Prefix name of the channel.
8-6

<viewfile-name> Name of the preview profile bound to the channel.
<viewfile-id> ID of the preview profile bound to the channel.
<channel-id> Channel ID, range: 0–2047.
<bandwidth value> Bandwidth for the channel, range: 0–256, unit: Mbps.
Configuring an IPTV Service Package

To configure an IPTV service package on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#package name < package-name> id Creates an IPTV service

<package-id> package.
2 ZXR10(config-iptv)#package name <package-name> Adds a channel to the service

channel { id <channel-id>| name<channel-name>}{deny | package, and sets the right of
permit | preview} the channel.
3 ZXR10(config-iptv)#no package name <package-name> Deletes the service package,

id <package-id> or a channel in the service
package.
<package-name> Service package name.
<package-id> Service package ID, range: 0–127.
<channel-id> Channel ID, range: 0–2047.
8-7

<package-id> Service package ID, range: 0–127.
Configuring a CAC Rule

To configure a CAC rule on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#interface < interface-name> Enters IPTV interface

configuration mode.
2 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Configures the current service

vlan-id>]service { start | pause | resume | remove} state of a user.
3 ZXR10(config-iptv-if-interface-name)#iptv [ vlan< Configures the multicast control

vlan-id>]control-mode { package | channel} mode for a user.
4 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Assigns a service package to a

vlan-id>]package { name < package-name>| id < package-id>} user.
5 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Configures the channel access

vlan-id>]channel{ name < channel-name>| id < channel-id>}{ right for a user interface.
deny | permit | preview | query}
6 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Configures whether to generate

vlan-id>] cdr{ enable | disable} CDRs.
7 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Configures the maximum

vlan-id>]max-bandwidth< max-bandwidth> bandwidth for the rule.
8 ZXR10(config-iptv-if-interface-name)#no iptv[ vlan < Deletes the service package

1-4094>] package{ name < package-name>| id <package-id>} allocated to the rule.
<vlan-id> Range: 1–4094.
<max-bandwidth> Range: 1–2048, unit: Mbps.
<package-id Range: 0–127.
Managing IPTV Users

To manage IPTV users on the ZXR10 5900E, run the following command:
8-8

Command Function
ZXR10(config-iptv)#clear client port < port-name> vlan-id < Deletes online IPTV users.
vlan-id> channel { id < channel-id>| id-list<channel-idlist>| name
< channel-name>}
<port-name> Name of the interface connected to users.
<vlan-id> VLAN which users belong to, range: 1–4094.
<channel-id> ID of the channel that users request.
<channel-idlist> Range of channels that users can request, range: 0–2047.
<channel-name> Name of the channel that users request.
8.3 Maintaining IPTV

To maintain the IPTV function on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show iptv control Displays the information about

global IPTV configuration.
ZXR10#show iptv prw Displays the information about

global IPTV preview configuration.
ZXR10#show iptv cdr [record id-list <cdr-idlist>] Displays the information about
CDR configuration.
ZXR10#show iptv channel { all | name < channel-name>| id-list< Displays the information about
channel-idlist>} IPTV channels.
ZXR10#show iptv package [{ name < package-name>|id < Displays the information about an
package-id>}] IPTV service package.
ZXR10#show iptv view-profile [< viewfile-name>] Displays the information about a

preview profile.
ZXR10#show iptv rule{all |{port < port-name>[ vlan-id Displays the information about a
<vlan-id>][channel][package]}} CAC rule.
ZXR10#show iptv client {all |{port <port-name>| NPC Displays online IPTV users
<slot-no>[vlan-id <vlan-id>]}}
ZXR10#show iptv channel statistics [ channel-id < channel-id>] Displays channel statistics.
The following shows the output of the show iptv control command:
ZXR10#show iptv control
8-9

Iptv control status :disable

Iptv v6-control status :disable
Cac status :disable
Sms-server IP :192.168.0.119
Sms-server port :5115
Field Description
Iptv control status Whether the IPv4 IPTV service is enabled.
Iptv v6-control status Whether the IPv6 IPTV service is enabled.
Cac status Whether the CAC function is enabled.
Sms-server IP IP address of the SMS server, default: 192.168.0.119.
Sms-server port Port number of the SMS server, default: 5115.
The following shows the output of the show iptv prw command:
ZXR10#show iptv prw
PrwEnable : disable
PrwOverCount-Cdr : disable
PrwRecognitionTime : 4
PrwAutoResetTime : 23:59:59
Field Description
PrwEnable Whether the global preview function is enabled.
PrwOverCount-Cdr Whether to generate CDRs when the number of preview

times reaches the maximum value.
PrwRecognitionTime Minimum preview recognition time. If the preview duration is

less than this value, the number of preview times does not
increment.
PrwAutoResetTime Time when to reset the IPTV preview function automatically.
The following shows the output of the show iptv cdr record id-list 2 command:
ZXR10#show iptv cdr record id-list 2
Index :2 Findex :54 Time_Stamp :2013/3/4 09:00:20
VlanId :100 Mvlan :4000 OnLine_Time(s):0
Sourceip :
Groupip :225.1.1.0
Validility :invalid
Cdrtype :preview
Leave reason :prw overcount leave
8-10

Field Description
Index Index of a CDR generated on a line card.
Findex Global user port number.
Time_Stamp Time when the user leaves.
VlanId VLAN which the user port belongs to.
Mvlan Multicast VLAN.
OnLine_Time(s) Time for how long the user is online.
Sourceip IP address of the multicast source.
Groupip Multicast address.
Validility Whether it is valid that the user watches programs on the port.
Cdrtype User access type, including deny, permit, and preview.
Leave reason Reason why the user leaves.
The following shows the output of the show iptv channel all command:
ZXR10#show iptv channel all
Id Name MVlan GroupIp
------ ------------------------------- --------- --
0 CHNAME0 1 225.0.0.0
1 CHNAME1 1 225.0.0.1
2 CHNAME2 1 225.0.0.2
3 CHNAME3 1 225.0.0.3
4 CHNAME4 1 225.0.0.4
5 CHNAME5 1 225.0.0.5
6 CHNAME6 1 225.0.0.6
7 CHNAME7 1 225.0.0.7
8 CHNAME8 1 225.0.0.8
9 CHNAME9 1 225.0.0.9
Field Description
Id Channel ID.
Name Channel name.
GroupIp Multicast address of the channel.
MVlan VLAN which the multicast address belongs to.
The following shows the output of the show iptv package command:
ZXR10#show iptv package
Pkgid Pkgname
----- ---------
8-11

0 ZTE
Field Description
Pkgid Service package ID.
Pkgname Service package name.
The following shows the output of the show iptv view-profile command:
ZXR10#show iptv view-profile
ViewprofileId ViewprofileName
------------- ---------------
0 DEFVAL
Field Description
ViewprofileId Profile ID.
ViewprofileName Profile name.
The following shows the output of the show iptv rule command:
ZXR10#show iptv rule
MaxRuleNum: 2048
CurrentConfigTotal: 1 HistoryConfigTotal: 1
Id Port Vlan Mode Service Cdr ViewNum PrwNum QryNum PkgNum
---- -------- ----- ------- ------- ----- ------- ------ ------ ------
1 gei-0/1/1/22 package IN FALSE 0 0 0 0
Field Description
MaxRuleNum Maximum number of rules.
CurrentConfigTotal Number of rules configured.
HistoryConfigTotal Number of historical rules.
Id Rule ID.
Port Interface name.
Vlan VlAN ID.
Mode Multicast control mode, package or channel.
Service Rule state. “IN” means that the rule is applied.
Cdr CDR state of the rule.
ViewNum Number of view channels in the rule.
PrwNum Number of preview channels in the rule.
8-12

Field Description
QryNum Number of query rights in the rule.
PkgNum Number of service packages in the rule.
The following shows the output of the show iptv channel statistics command:
ZXR10#show iptv channel statistics
ChannelNo CurPrwUser CurViewUser hisPrwUser hisViewUser
--------- ---------- ----------- ---------- -----------
0 0 0 0 0
1 0 0 0 0
2 0 0 0 0
3 0 0 0 0
4 2 0 0 0
5 0 0 0 1
6 0 4 0 0
7 0 0 0 0
8 0 0 0 0
9 0 0 0 0
Field Description
ChannelNo Channel ID.
CurPrwUser Number of current online preview users.
CurViewUser Number of current online subscribers.
HisPrwUser Number of historical online preview users.
HisViewUser Number of historical online subscribers.
The following shows the output of the show iptv client command:
ZXR10#show iptv client all
Client View Channel Count: 1
ChanId GroupIp Port Vlan Rule Record TimeStamp
------ -------- ------------- ---------- ------ ------------ --
0 225.0.0.1 gei-0/1/1/2 200 5 2 2013/06/9 19:34:54
Field Description
ChanId ID of the channel that the user previews.
GroupIp Multicast address that the user previews.
Port Name of the user port.
Vlan VLAN which the user belongs to.
8-13

Field Description
Rule Rule number of the user.
Record CDR flag.
TimeStamp Time when the user gets online.
8.4 IPTV Configuration Example

As shown in Figure 8-2, it is required to configure IPTV on switch A. One interface
connected to users is gei-0/1/1/1 and another interface connected to network is
gei-0/1/1/2.
Figure 8-2 IPTV Configuration Example
Configuration Flow
1. Configure a traffic flow of IPTV channel
2. Enable IPTV
3. Configure inquiry permissions on a interface connected to network
4. Configure rules of users on a interface connected to users
SwitchA configuration:
ZXR10(config)#igmpsnoop
ZXR10(config-igmpsnoop)#vlan 22
ZXR10(config-igmpsnoop-vlan22)#igmp snooping enable
ZXR10(config-igmpsnoop-vlan22)#exit
ZXR10(config-igmpsnoop)#exit
ZXR10(config)#iptv
8-14

ZXR10(config-iptv)#channel mvlan 100 group 225.0.0.1 name cctv1

ZXR10(config-iptv)#control enable
ZXR10(config-iptv)#cac enable
ZXR10(config-iptv)#interface gei-0/1/1/2
ZXR10(config-iptv-if-gei-0/1/1/2)#iptv vlan 100 service start
ZXR10(config-iptv-if-gei-0/1/1/2)#iptv vlan 100 control-mode channel
ZXR10(config-iptv-if-gei-0/1/1/2)#iptv vlan 100 channel name cctv1 query
ZXR10(config-iptv-if-gei-0/1/1/2)#exit
ZXR10(config-iptv)#interface gei-0/1/1/1
ZXR10(config-iptv-if-gei-0/1/1/1)#iptv vlan 20 channel name cctv1 permit
ZXR10(config-iptv-if-gei-0/1/1/1)#iptv vlan 22 channel name cctv1 permit
Check configuration of SwitchA.
ZXR10#show iptv channel all
Id Name MVlan GroupIp
------ -------- --------------- ------------
0 cctv1 100 225.0.0.1
ZXR10#show iptv rule
MaxRuleNum: 2048
CurrentConfigTotal: 2 HistoryConfigTotal: 2
Id Port Vlan Mode Service Cdr ViewNum PrwNum QryNum PkgNum
---- ------ ---- ------- ------- ----- ------- ------ ------ ------
1 gei-0/1/1/1 20 channel IN FALSE 1 0 0 0
2 gei-0/1/1/2 100 channel IN FALSE 0 0 1 0
ZXR10#show iptv control

Iptv control status :enable
Iptv v6-control status :disable
Cac status :enable
Sms-server IP :192.168.0.119
Sms-server port :5115
8-15

8-16

Figures
Figure 1-1 IP Address Configuration Example Topology........................................... 1-4
Figure 2-1 ICMP Response Configuration Example Topology ................................... 2-1
Figure 3-1 MTU Configuration Example Topology ..................................................... 3-3
Figure 4-1 DHCP Server Configuration Example Topology ..................................... 4-11
Figure 4-2 DHCP Relay Configuration Example Topology ....................................... 4-25
Figure 4-3 DHCP Proxy Configuration Topology ..................................................... 4-33
Figure 4-4 Network Topology of DHCP Snooping.................................................... 4-36
Figure 4-5 DHCP Snooping Typical Application ...................................................... 4-37
Figure 4-6 DHCP Message Interaction.................................................................... 4-38
Figure 4-7 Enabling DHCP Snooping Globally ........................................................ 4-49
Figure 4-8 Configuring DHCP Snooping Option82 Format ...................................... 4-52
Figure 7-1 Cluster Management Configuration Example ........................................... 7-4
Figure 8-1 IPTV Service Architecture ........................................................................ 8-2
Figure 8-2 IPTV Configuration Example .................................................................. 8-14

Figures
II

Glossary
ARP
- Address Resolution Protocol
BOOTP
- Bootstrap Protocol
CAC
- Channel Access Control
CAC
- Connection Admission Control
CDR
- Call Detail Record
DHCP
- Dynamic Host Configuration Protocol
DNS
- Domain Name System
DNS
- Domain Name Server
DSCP
- Differentiated Services Code Point
FTP
- File Transfer Protocol
ICMP
- Internet Control Message Protocol
IP
- Internet Protocol
IPTV
- Internet Protocol Television
MAC
- Media Access Control
MAN
- Metropolitan Area Network
MTU
- Maximum Transmission Unit
MVLAN
- Multicast Virtual Local Area Network
III

RARP
- Reverse Address Resolution Protocol
RFC
- Request For Comments
SMS
- Service Management System
STB
- Set-top Box
TCB
- Transmission Control Block
TCP
- Transmission Control Protocol
TCP/IP
- Transmission Control Protocol/Internet Protocol
TFTP
- Trivial File Transfer Protocol
UDP
- User Datagram Protocol
URL
- Uniform Resource Locator
VLAN
- Virtual Local Area Network
VPN
- Virtual Private Network
VRF
- Virtual Route Forwarding
IV

ZTE OLT ZXR10 5900E Series (V3.00.11) Configuration Guide (IP Service)

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

ZTE OLT ZXR10 5900E Series (V3.00.11) Configuration Guide (IP Service)

Încărcat de

Drepturi de autor:

Formate disponibile

ZXR10 5900E Series

Easy-Maintenance MPLS Routing Switch

Revision No. Revision Date Revision Reason

R1.0 2015–01–15 First edition

Serial Number: SJ-20150114102049-004

Publishing Date: 2015-01-15 (R1.0)

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

Chapter 2 IP Performance.......................................................................... 2-1

Chapter 3 IP MTU Configuration ............................................................... 3-1

Chapter 4 DHCP Configuration ................................................................. 4-1

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

Chapter 5 TCPv4 Configuration ................................................................ 5-1

Chapter 6 UDPv4 Configuration................................................................ 6-1

Chapter 8 IPTV Configuration ................................................................... 8-1

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

l Network planning engineers

What Is in This Manual

Chapter 1, IP Address Describes the overview and principles of IP address configuration,

Chapter 2, IP Performance Describes the overview and principles of IP performance configuration,

Chapter 7, Cluster Describes the overview and principles of cluster management

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

| Separates individual parameters in a series of parameters.

Danger: indicates an imminently hazardous situation. Failure to comply can result in

Warning: indicates a potentially hazardous situation. Failure to comply can result in

Caution: indicates a potentially hazardous situation. Failure to comply can result in

Note: provides additional information about a certain topic.

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

1.1 IP Address Overview

Address division is originally intended to facilitate design of routing protocols, so that

Regulations on IP addresses are shown below.

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

l (0.0.0.0) is used when a host without an IP address is started. Reverse Address

1.2 Configuring IP Address

Step Command Function

ZXR10(config)#interface < interface-name> This enters layer 3 vlan

ZXR10(config-if-interface-name)#ip address This configures IP address.

Descriptions of the parameters are shown below.

<ip-address> IP address, in decimal dotted notation

<net-mask> IP subnetwork mask, in decimal dotted notation

<broadcast-address> The broadcast address connecting to the interface, in decimal

secondary Interface secondary address

1.3 Maintaining IP Address

Descriptions of the parameters are shown below.

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

brief This shows the brief information of interface.

<interface-name > Interface name

phy This shows the state of physical interface

{ exclude | include}<line>] <line> is regular expression.

This example describes how to show the information of vlan1.

Descriptions of command output are shown below.

show Command Output Description

AdminStatus is up It indicates whether the administrator state of interface is

PhyStatus is down It indicates whether the physical state of interface is available.

Internet address IP address of interface. An interface can have many IP

Broadcast address Broadcast address. It is decided by IP address. The default

IP MTU MTU value of IP packet

1.4 IP Address Configuration Example

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

Figure 1-1 IP Address Configuration Example Topology

Validate the configuration on S2,

SJ-20150114102049-004|2015-01-15 (R1.0) ZTE Proprietary and Confidential

2.1 ICMP Response

ICMP Response Configuration Example