Professional Documents
Culture Documents
com
Legal Notices
Raisecom Technology Co., Ltd makes no w arranty of a ny ki nd w ith r egard t o t his manual, including, but not l imited t o, t he i mplied w arranties of merchantability and fitness for a pa rticular purpose. Raisecom Technology Co., Ltd shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Warranty.
A copy of the s pecific warranty terms applicable to your Raisecom product and replacement pa rts can be obtained from Service Office.
Copyright Notices.
Copyright 2007 Raisecom. All rights reserved. No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means, e lectronic or m echanical, i ncluding phot ocopying a nd m icrofilm, w ithout pe rmission i n Writing from Raisecom Technology Co., Ltd.
Trademark Notices
is the trademark of Raisecom Technology Co., Ltd. Java is a U.S. trademark of Sun Microsystems, Inc. Microsoft is a U.S. registered trademark of Microsoft Corporation. Windows NT is a U.S. registered trademark of Microsoft Corporation. Windows 2000 is a U.S. registered trademark of Microsoft Corporation. Windows XP is a U.S. registered trademark of Microsoft Corporation. Windows and MS Windows are U.S. registered trademarks of Microsoft Corporation.
Contact Information
Technical Assistance Center
The Raisecom TAC i s av ailable t o all cus tomers w ho need technical as sistance w ith a R aisecom product, technology, or, solution. You can communicate with us through the following methods:
Address: Building 2, No. 28 of the Shangdi 6th Street, Haidian District, Beijing 100085 Tel: Fax:
+86-10-82883305 +86-10-82883056
Feedback
Comments a nd que stions a bout how t he ISCOM2924GF-4GE/4C system sof tware w orks a re welcomed. Please review the FAQ in the related manual, and if your question is not covered, send email by using the following web page: http://www.raisecom.com/en/contact-us.html. If you have comments on the ISCOM2924GF-4GE/4C specification, instead of the web page above, please send comments to: export@raisecom.com
CONTENTS
Chapter 1 Chapter 2
2.1
2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6
2.2
2.3
2.4
2.5
2.6
Configure basic information for device ----------------------------------------------------------------------- 27 Configure task calling function ---------------------------------------------------------------------------------- 28 Configure watchdog ------------------------------------------------------------------------------------------------- 29 Configuration examples-------------------------------------------------------------------------------------------- 29
2.10.1 Configure TFTP auto-loading example----------------------------------------------------------------------------------------- 29
Chapter 3
3.1
3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.1.6 3.1.7 3.1.8 3.1.9 3.1.10
Ethernet -------------------------------------------------------------------------------------- 31
Overview----------------------------------------------------------------------------------------------------------------- 31
Ethernet interface-------------------------------------------------------------------------------------------------------------------- 31 MAC address forwarding table --------------------------------------------------------------------------------------------------- 32 VLAN ----------------------------------------------------------------------------------------------------------------------------------- 35 QinQ ------------------------------------------------------------------------------------------------------------------------------------ 36 VLAN mapping ----------------------------------------------------------------------------------------------------------------------- 37 STP/RSTP/MSTP ------------------------------------------------------------------------------------------------------------------- 38 Loopback detection ----------------------------------------------------------------------------------------------------------------- 42 Interface protection ------------------------------------------------------------------------------------------------------------------ 43 Interface mirror ----------------------------------------------------------------------------------------------------------------------- 43 Layer-2 protocol transparent transmission ------------------------------------------------------------------------------------ 44
3.2
Preparation for configuration ----------------------------------------------------------------------------------------------------- 44 Default configuration of MAC address forwarding table ------------------------------------------------------------------- 45 Configure static MAC address --------------------------------------------------------------------------------------------------- 45 Configure MAC address learning ------------------------------------------------------------------------------------------------ 45 Configure MAC address learning amount limit ------------------------------------------------------------------------------- 46 Configure MAC address aging time--------------------------------------------------------------------------------------------- 46 Checking configuration ------------------------------------------------------------------------------------------------------------- 46 Preparation for configuration ----------------------------------------------------------------------------------------------------- 47 Default configuration of VLAN ---------------------------------------------------------------------------------------------------- 47 Configure VLAN attributes -------------------------------------------------------------------------------------------------------- 48 Configure interface mode ---------------------------------------------------------------------------------------------------------- 48 Configure VLAN over Access interface ---------------------------------------------------------------------------------------- 48 Configure VLAN over Trunk interface ------------------------------------------------------------------------------------------ 49 Checking configuration ------------------------------------------------------------------------------------------------------------- 50 Preparation for configuration ----------------------------------------------------------------------------------------------------- 50 Default configuration of QinQ----------------------------------------------------------------------------------------------------- 50 Configure basic QinQ--------------------------------------------------------------------------------------------------------------- 51 Configure flexible QinQ ------------------------------------------------------------------------------------------------------------ 51 Configure egress interface in Trunk mode ------------------------------------------------------------------------------------ 51 Checking configuration ------------------------------------------------------------------------------------------------------------- 52 Preparation for configuration ----------------------------------------------------------------------------------------------------- 52 Configure 1:1 VLAN mapping ---------------------------------------------------------------------------------------------------- 52 Checking configuration ------------------------------------------------------------------------------------------------------------- 52 Preparation for configuration ----------------------------------------------------------------------------------------------------- 53 Default configuration of STP ------------------------------------------------------------------------------------------------------ 53 Enable STP function ---------------------------------------------------------------------------------------------------------------- 53 Configure STP parameter --------------------------------------------------------------------------------------------------------- 54 Checking configuration ------------------------------------------------------------------------------------------------------------- 54 Preparation for configuration ----------------------------------------------------------------------------------------------------- 55 Default configuration of MSTP --------------------------------------------------------------------------------------------------- 55 Enable MSTP function-------------------------------------------------------------------------------------------------------------- 55 Configure MST domain and its maximum hop count ----------------------------------------------------------------------- 56 Configure root bridge/backup bridge ------------------------------------------------------------------------------------------- 56 Configure device interface and system priority ------------------------------------------------------------------------------ 57 Configure network diameter for switch network------------------------------------------------------------------------------ 58 Configure inner path overhead for interface ---------------------------------------------------------------------------------- 58 Configure external path cost for interface ------------------------------------------------------------------------------------- 59 Configure maximum transmitting speed for interface ---------------------------------------------------------------------- 59 Configure MSTP timer -------------------------------------------------------------------------------------------------------------- 59 Configure edge port ----------------------------------------------------------------------------------------------------------------- 60 Configure link type ------------------------------------------------------------------------------------------------------------------ 60 Configure root interface protection ---------------------------------------------------------------------------------------------- 61 Configure loopguard for interface ----------------------------------------------------------------------------------------------- 61 Execute mcheck operation -------------------------------------------------------------------------------------------------------- 62 Checking configuration ------------------------------------------------------------------------------------------------------------- 62 Preparation for configuration ----------------------------------------------------------------------------------------------------- 62 Default configuration of loopback detection----------------------------------------------------------------------------------- 63 Configure loopback detection function ----------------------------------------------------------------------------------------- 63 Checking configuration ------------------------------------------------------------------------------------------------------------- 64 Preparation for configuration ----------------------------------------------------------------------------------------------------- 64 Default configuration for interface protection --------------------------------------------------------------------------------- 64 Configure interface protection ---------------------------------------------------------------------------------------------------- 64 Checking configuration ------------------------------------------------------------------------------------------------------------- 65 Preparation for configuration ----------------------------------------------------------------------------------------------------- 65 Default configuration for interface mirror -------------------------------------------------------------------------------------- 65 Configure mirror function for local interface----------------------------------------------------------------------------------- 66 Checking configuration ------------------------------------------------------------------------------------------------------------- 66 Preparation for configuration ----------------------------------------------------------------------------------------------------- 66 Default configuration of layer-2 protocol transparent transmission ----------------------------------------------------- 67 Configure transparent transmission parameter ------------------------------------------------------------------------------ 67
3.3
3.4
Configure QinQ-------------------------------------------------------------------------------------------------------- 50
3.4.1 3.4.2 3.4.3 3.4.4 3.4.5 3.4.6
3.5
3.6
3.7
Configure MSTP------------------------------------------------------------------------------------------------------- 55
3.7.1 3.7.2 3.7.3 3.7.4 3.7.5 3.7.6 3.7.7 3.7.8 3.7.9 3.7.10 3.7.11 3.7.12 3.7.13 3.7.14 3.7.15 3.7.16 3.7.17
3.8
3.9
3.10
3.11
3.11.4 3.11.5
(Optional) Configure transparent transmission speed for message ---------------------------------------------------- 68 Checking configuration ------------------------------------------------------------------------------------------------------------- 68
3.12 3.13
Chapter 4
4.1
4.1.1 4.1.2 4.1.3
Routing --------------------------------------------------------------------------------------- 94
Overview----------------------------------------------------------------------------------------------------------------- 94
ARP ------------------------------------------------------------------------------------------------------------------------------------- 94 Layer-3 interface --------------------------------------------------------------------------------------------------------------------- 95 Routing --------------------------------------------------------------------------------------------------------------------------------- 95 Preparation for configuration ----------------------------------------------------------------------------------------------------- 96 Default configuration of ARP------------------------------------------------------------------------------------------------------ 96 Configure static ARP table entry ------------------------------------------------------------------------------------------------- 96 Configure dynamic ARP table entry --------------------------------------------------------------------------------------------- 96 Checking configuration ------------------------------------------------------------------------------------------------------------- 97 Preparation for configuration ----------------------------------------------------------------------------------------------------- 97 Configure layer-3 interface -------------------------------------------------------------------------------------------------------- 97 Checking configuration ------------------------------------------------------------------------------------------------------------- 98 Preparation for configuration ----------------------------------------------------------------------------------------------------- 98 Configure default gateway -------------------------------------------------------------------------------------------------------- 98 Configure static routing ------------------------------------------------------------------------------------------------------------ 99 Checking configuration ------------------------------------------------------------------------------------------------------------- 99
4.2
4.3
4.4
4.5 4.6
Chapter 5
5.1
5.1.1 5.1.2 5.1.3 5.1.4 5.1.5
5.2
5.3
5.4
5.5
Chapter 6
6.1
Service model ----------------------------------------------------------------------------------------------------------------------- 120 Priority trust -------------------------------------------------------------------------------------------------------------------------- 122 Traffic classification ---------------------------------------------------------------------------------------------------------------- 122 Traffic policy -------------------------------------------------------------------------------------------------------------------------- 124 Priority mapping --------------------------------------------------------------------------------------------------------------------- 125 Queue schedule -------------------------------------------------------------------------------------------------------------------- 125 Rate limit over interface and VLAN -------------------------------------------------------------------------------------------- 126 Preparation for configuration ---------------------------------------------------------------------------------------------------- 127 Default configuration of priority trust ------------------------------------------------------------------------------------------- 127 Configure interface priority trust ------------------------------------------------------------------------------------------------ 127 Checking configuration ------------------------------------------------------------------------------------------------------------ 127 Preparation for configuration ---------------------------------------------------------------------------------------------------- 128 Default configuration of traffic classification and traffic policy ----------------------------------------------------------- 128 Create and configure traffic classification ------------------------------------------------------------------------------------ 128 Create traffic rate limit rule ------------------------------------------------------------------------------------------------------- 129 Create and configure traffic policy ---------------------------------------------------------------------------------------------- 129 Checking configuration ------------------------------------------------------------------------------------------------------------ 130 Preparation for configuration ---------------------------------------------------------------------------------------------------- 131 Configure mapping relationship between DSCP priority and local priority ------------------------------------------- 131 Configure mapping relationship between CoS priority and local priority --------------------------------------------- 131 Configure internal priority over interface -------------------------------------------------------------------------------------- 132 Configure SP queue schedule--------------------------------------------------------------------------------------------------- 132 Configure WRR or SP+WRR queue schedule ------------------------------------------------------------------------------ 132 Configure DRR or SP+DRR queue schedule ------------------------------------------------------------------------------- 133 Checking configuration ------------------------------------------------------------------------------------------------------------ 133 Preparation for configuration ---------------------------------------------------------------------------------------------------- 133 Configure traffic rate limit over interface -------------------------------------------------------------------------------------- 133 Configure traffic rate limit over VLAN or QinQ ------------------------------------------------------------------------------ 134 Checking configuration ------------------------------------------------------------------------------------------------------------ 134
6.2
6.3
6.4
6.5
Configure traffic rate limit over interface and VLAN --------------------------------------------------- 133
6.5.1 6.5.2 6.5.3 6.5.4
6.6 6.7
Chapter 7
7.1
7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.1.6
7.2 7.3
7.4
7.5
7.6
Configure IGMP filtering template ---------------------------------------------------------------------------------------------- 155 Configure the maximum multicast group number restriction ------------------------------------------------------------ 155 Check configuration ---------------------------------------------------------------------------------------------------------------- 156
7.7 7.8
Chapter 8
8.1
8.1.1 8.1.2 8.1.3 8.1.4
8.2
8.3
8.4
8.5
8.6 8.7
Chapter 9
9.1
9.1.1 9.1.2 9.1.3 9.1.4 9.1.5
9.2
9.3
9.4
Default configuration of ELPS --------------------------------------------------------------------------------------------------- 194 Create protection line -------------------------------------------------------------------------------------------------------------- 195 Configure ELPS fault detection mode ----------------------------------------------------------------------------------------- 196 (Optional) Configure ELPS switching control -------------------------------------------------------------------------------- 196 Check configuration ---------------------------------------------------------------------------------------------------------------- 197 Preparation for configuration ---------------------------------------------------------------------------------------------------- 197 Default configuration of ERPS -------------------------------------------------------------------------------------------------- 197 Create ERPS protection ring ---------------------------------------------------------------------------------------------------- 198 (Optional) Create ERPS protection sub-ring--------------------------------------------------------------------------------- 200 Configure ERPS fault detection mode ---------------------------------------------------------------------------------------- 201 (Optional) Configure ERPS switching control ------------------------------------------------------------------------------- 201 Checking configuration ------------------------------------------------------------------------------------------------------------ 202 Preparation for configuration ---------------------------------------------------------------------------------------------------- 202 Default configuration of Ethernet ring ----------------------------------------------------------------------------------------- 203 Create Ethernet ring --------------------------------------------------------------------------------------------------------------- 203 Configure basic function of ring ------------------------------------------------------------------------------------------------- 203 Check configuration ---------------------------------------------------------------------------------------------------------------- 204
9.5
9.6
9.7 9.8
10.2
10.3
10.4
10.5
10.6 10.7
Application of EFM ----------------------------------------------------------------------------------------------------------------- 249 Application of CFM ----------------------------------------------------------------------------------------------------------------- 251 Application of SLA ------------------------------------------------------------------------------------------------------------------ 254 Configure E-LMI application ----------------------------------------------------------------------------------------------------- 255
Chapter 11
11.1
11.1.1 11.1.2 11.1.3 11.1.4 11.1.5 11.1.6 11.1.7 11.1.8 11.1.9 11.1.10 11.1.11 11.1.12 11.1.13
Overview--------------------------------------------------------------------------------------------------------------- 259
11.2
11.3
11.4
11.5
11.6
11.7
11.8
11.9
11.9.2 11.9.3 11.9.4 11.10.1 11.10.2 11.10.3 11.10.4 11.10.5 11.10.6 11.10.7 11.10.8 11.10.9
Default configuration of alarm management --------------------------------------------------------------------------------- 295 Configure basic alarm function -------------------------------------------------------------------------------------------------- 296 Check configuration ---------------------------------------------------------------------------------------------------------------- 297 Preparation for configuration ---------------------------------------------------------------------------------------------------- 297 Default configuration of hardware environment monitoring -------------------------------------------------------------- 298 Configure to enable global hardware environment monitoring ---------------------------------------------------------- 298 Configure power monitoring alarm --------------------------------------------------------------------------------------------- 298 Configure temperature monitoring alarm ------------------------------------------------------------------------------------- 299 Configure voltage monitoring alarm-------------------------------------------------------------------------------------------- 299 Configure interface status monitoring alarm --------------------------------------------------------------------------------- 299 Clear all hareware environments monitoring alarm event manually --------------------------------------------------- 300 Check configuration ---------------------------------------------------------------------------------------------------------------- 300
Check device information --------------------------------------------------------------------------------------- 303 Ping --------------------------------------------------------------------------------------------------------------------- 303 Traceroute------------------------------------------------------------------------------------------------------------- 303 Maintenance ---------------------------------------------------------------------------------------------------------- 304 Configuring applications ---------------------------------------------------------------------------------------- 304
Configure SNMP v1/v2c and Trap application ------------------------------------------------------------------------------ 304 Configure SNMP v3 and Trap application ------------------------------------------------------------------------------------ 306 Configure KeepAlive application ------------------------------------------------------------------------------------------------ 307 Configure RMON alarm group application ----------------------------------------------------------------------------------- 308 Configure cluster management and realize remote access ------------------------------------------------------------- 310 Configure LLDP function application------------------------------------------------------------------------------------------- 312 Configure system log output to log host application ----------------------------------------------------------------------- 315 Configure hardware environment monitoring application----------------------------------------------------------------- 316
Preface
Organization
This manual is an introduction of the main functions of ISCOM2924GF-4GE/4C. To ha ve a qui ck grasp of the using of the ISCOM2924GF-4GE/4C, please read this manual carefully. The manual is composed of the following chapters:
Chapter 1 Overview Chapter 2 Basic Configuration Chapter 3 Ethernet Chapter 4 Routing Chapter 5 DHCP Chapter 6 QoS Chapter 7 Multicast Chapter 8 Security Chapter 9 Reliability Chapter 10 OAM Chapter 11 System Management Appendix A Glossary Table Appendix B Acronym
Compliance
The RC series products developed by Raisecom are strictly complied with the following standards as well a s ITU-T, IEEE, IETF and related standards from other international telecommunication standard organizations: YD/T900-1997 SDH Equipment Technical Requirements - Clock YD/T973-1998 SDH 155Mb/s and 622Mb/s Technical conditions of optical transmitter module and receiver module YD/T1017-1999 Network node interface for the Synchronous Digital Hierarchy (SDH) YD/T1022-1999 Requirement of synchronous digital hierarchy (SDH) equipment function YD/T1078-2000 S DH Transmission N etwork Technique R equirements-Interworking of N etwork Protection Architectures YD/T1111.1-2001 Technical R equirements of S DH Optical Transmitter/Optical R eceiver Modules2.488320 Gb/s Optical Receiver Modules YD/T1111.2- 2001 Technical Requirements of S HD Optical Transmitter/Optical R eceiver Modules2.488320 Gb/s Optical Transmitter Modules YD/T1179- 2002 Technical Specification of Ethernet over SDH G.703 Physical/electrical characteristics of hierarchical digital interfaces G.704 Synchronous frame structures used at 1544, 6312, 2048, 84 48 and 44 73 6 kbit/s hierarchical levels G.707 Network node interface for the synchronous digital hierarchy (SDH) G.774 Synchronous di gital hi erarchy ( SDH) - Management i nformation m odel f or t he n etwork element view G.781 Synchronization layer functions G.783 Characteristics of synchronous digital hierarchy (SDH) equipment functional blocks G.784 Synchronous digital hierarchy (SDH) management G.803 Architecture of transport networks based on the synchronous digital hierarchy (SDH) G.813 Timing characteristics of SDH equipment slave clocks (SEC) G.823 The control of jitter and wander within digital networks which are based on the 2048 kbit/s hierarchy G.825 The control of jitter and wander within digital networks which are based on the synchronous digital hierarchy (SDH) G.826 E nd-to-end e rror pe rformance pa rameters a nd o bjectives f or i nternational, c onstant bi t-rate digital paths and connections G.828 Error performance parameters and objectives for international, constant bit-rate synchronous digital paths G.829 Error performance events for SDH multiplex and regenerator sections G.831 M anagement c apabilities of t ransport ne tworks ba sed on t he s ynchronous di gital hi erarchy (SDH)
G.841 Types and characteristics of SDH network protection architectures G.842 Interworking of SDH network protection architectures G.957 Optical interfaces for equipments and systems relating to the synchronous digital hierarchy G.691 Optical interfaces for single channel STM-64 and other SDH systems with optical amplifiers G.664 Optical safety procedures and requirements for optical transport systems I.731 ATM Types and general characteristics of ATM equipment I.732 ATM Functional characteristics of ATM equipment IEEE 802.1Q Virtual Local Area Networks (LANs) IEEE 802.1p Traffic Class Expediting and Dynamic Multicast Filtering IEEE 802.3 CSMA/CD Access Method and Physical Layer Instruction
www.raisecom.com
User Manual
The f eatures, s tandards a nd s pecifications s upported by aggregation Ethernet switch are shown in the following table: Table 1-1 features, standards and specifications Features Basic features Descriptions Ethernet Route DHCP
ISCOM2924GF-4GE/4C e nhanced
Login device (RJ45 Console/USB Console/Telnet/SHHv2) Command line Management files (BootROM/system files/configuration files) Load and upgrade (TFTP autoloading, BootROM upgrade, FTP/TFTP upgrade) Time management Interface management Basic information (device name, switchover language mode, save/delete configuration, device restart) Task scheduling MAC address (321024) Jumbo frame (9250 bytes) VLAN (4094) QinQ (3000 flexible QinQ) 1:1 VLAN switch STP/RSTP/MSTP Loopback detection Interface protection Interface image Layer-2 protocol transparent transmission (Dot1x message, GVRP message, LACP message, STP message) ARP Layer-3 interface Static route and default gateway DHCP client DHCP Snooping DHCP Option82 / DHCP Option61
User Manual
Flow classification (ToS priority, DSCP priority, CoS priority) and Flow policy (Flow speed limit based on flow policy, redirection, heavy label) Internal priority and queue scheduling Flow speed limit based on interface and VLAN (The maximum speed:10Gbps, the minimum step: 8Kbps) Multicast forwarding entries (1024) IGMP Snooping IGMP MVR IGMP Proxy IGMP filter ACL (999) RADIUS authentication TACACS+ Storm suppression Link aggregation (8 aggregation groups) Ethernet loop Ethernet linear protection switching ELPS (ITU-T G.8031) Ethernet ring protection switching ERPS (ITU-T G.8032) EFM (IEEE 802.3ah) CFM (IEEE802.1ag/ITU-Y.1731) E-LMI SLA SNMP KeepAlive RMON Cluster management LLDP Extended OAM Optical module digital diagnosis System log Alarm management Hardware environment monitoring Fan monitoring CPU monitoring Ping and Traceroute
Note: The four functions of STP, loopback detection, interface backup and Ethernet ring on device may influence each other; it is recommended not to enable them simultaneously.
2
www.raisecom.com
User Manual
This chapter i ntroduces t he ba sic c onfiguration and configuration process about I SCOM2924GF device and provides the related configuration cases. Login device Command line Manage files Upload and upgrade Configure clock management Configure interface management Configure basic information for device Configure task calling function Configure watchdog Configuration cases
When c onfiguring the device i n network management mode, you must f irst configure Layer-3 interface IP address by the command line mode, and then configure the device through NView NNM network management platform. Note: The manual configuration steps uses command line mode.
www.raisecom.com Device power on and startup for the first time Unable to login device by Telnet
User Manual
The device is in support of RJ-45 Console port and USB Console port. The RJ45 Console port on the device is marked as Console, USB Console port is shown as USB. Note: R J45 C onsole por t a nd U SB Console port are mutually exclusive and cannot be us ed simultaneously.
2.1.2.1
Login from RJ45 Console port If user wants to login device through PC via RJ45 Console port, firstly need to connect Console port and P C R S-232 s erial por t, a s below Figure 2-1 s hows; t hen ope rate t erminal e mulation pr ogram such a s W indows X P hy per-terminal pr ogram in PC to configure communication parameters as shown in Figure 2-2, and then login device.
Figure 2-1 Login the device through PC connected with RJ45 Console port
Figure 2-2 Communication parameters configuration in HyperTerminal Note: Microsoft Company is not i n s upport of hyper-terminal s ince Windows Vista s ystem, users operate Windows Vista or Windows 7 system please download HyperTerminal program from internet. It is free to download HyperTerminal program.
4
www.raisecom.com
User Manual
2.1.2.2
Login from USB Console port When users want to login the device by connecting PC to USB Console port, they need to install a driver program on PC to switch USB port to serial port, and then connect the device USB port to PC USB port by USB line, as shown in Figure 2-3.
Figure 2-3 Login the device by connecting PC to USB Console port Note: t he de vice doe snt pr ovide dr iver pr ogram t o s witch U SB p ort t o s erial por t, us ers ne ed t o prepare it on their own. Run terminal emulation pr ogram on PC, such a s "HyperTerminal" pr ogram, a nd t hen configure communication parameters on HyperTerminal to login the device. The communication parameters configuration is shown as below:
Figure 2-4 Communication parameters configuration diagram on HyperTerminal Note: When configuring communication parameters for "HyperTerminal", users need to choose the COM port. They can determine the COM port information used in the connection from USB port to serial port through the "Ports (COM & LPT)" information in PC Device Manager.
2.1.3
www.raisecom.com
User Manual
configuration and management. Shown in Figure 2-5, I SCOM2924GF is providing Telnet Server service at this time.
Figure 2-5 ISCOM2924GF as Telnet server networking diagram Before logging on the device by Telnet, users need to login the device through Console port and start Telnet service. Please take the following configurations on the devices needed to start Telnet service. Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface ip if-number Raisecom(config-ip)#ip address ip-address [ ip-mask ] [ vlan-id ] Raisecom(config-ip)#quit 4 5 6 Raisecom(config)#telnet-server accept port { all | port-list } Raisecom(config)#telnet-server close terminal-telnet session-number Raisecom(config)#telnet-server max-session session-number Description Enter global configuration mode Enter layer-3 interface configuration mode Configure the IP address for the device and bind the VLAN of specified ID, this VLAN is used to open Telnet service interface. (optional) Configure device interface in support of Telnet function. (optional) Disconnect the specified Telnet connection (optional) Configure device supports maximal Telnet sessions.
Telnet Client: When user connects PC terminal emulation program or Telnet client program with the de vice, then telnet ot her device and configure/manage it. As Figure 2-6 shows, Switch A is not only performed as Telnet Server but also provides Telnet Client.
Figure 2-6 ISCOM2924GF as Telnet Client device networking diagram Please configure Telnet Client device as below:
6
www.raisecom.com Step 1 Configuration Raisecom#telnet ip-address [ port port-id ] Description Login other devices from Telnet
User Manual
2.1.4
Please configure SSHv2 service for the device as below: Step 1 2 3 Configuration Raisecom#config Raisecom(config)#generate ssh-key length Raisecom(config)#ssh2 server Description Enter global configuration mode Generate local SSHv2 key pair and designate its length Start SSHv2 server SSHv2 server can be shut down by command of no ssh2 server.
7
www.raisecom.com Step 4 5 6 Configuration Raisecom(config)#ssh2 server authentication {password|rsa-key} Raisecom(config)#ssh2 server authentication public-key Raisecom(config)#ssh2 server authentication-timeout period Description
User Manual
(optional) configure SSHv2 authentication method (optional) Use rsa-key authentication method to type the public key of clients to the device (optional) Configure SSHv2 authentication timeout. The device refuses to authenticate and open the connection when client authentication time exceeds this upper limit. (optional) Configure the allowable failure number for SSHv2 authentication. The device refuses to authenticate and open the connection when client authentication failure numbers exceeds this upper limit. (optional) Configure SSHv2 snooping port number Note: When configuring SSHv2 snooping port number, the input parameter cannot take effect immediately without restart. (optional) Enable SSHv2 session function This function can be disabled by command of ssh2 server session session-id disable.
2.1.5
www.raisecom.com Step 3 Configuration Raisecom#user user-name { allow-exec | disallow-exec } first-keyword [ second-keyword ] Description
User Manual
Configure the priority rule for login user to perform the command line. Specified allow-exec parameters will allow the user to perform commands higher than the current priority. Specified disallow-exec parameters only allow the user to perform commands lower than the current priority.
2.1.6
www.raisecom.com
User Manual
0~4: visitor, users can execute the commands of ping, clear, and history, etc. in this level; 5~10: monitor, users can execute the command of show and so on; 11~14: operator, users can execute commands for different services like VLAN, IP, etc.; 15: administrator, used for system basic running commands.
Input enable command and correct password, then enter to privileged EXEC mode. The default password is Raisecom.
Raisecom>enable Password: Raisecom#
In privileged E XEC m ode, i nput t he c ommand of config terminal to e nter gl obal c onfiguration mode.
Raisecom#config terminal Raisecom(config)#
Note: Command line prompt "Raisecom" is the default host name. Users can use the command of hostname string to modify the host name in privileged EXEC mode. Some commands can be achieved both in global configuration mode and other modes, but the accomplished functions are closely related to command line modes. Generally, i n a c ommand line m ode, y ou c an go ba ck to t he pr evious l evel command line mode by the com mand of quit or exit, but i n t he privileged EXEC mode, you need to use disable command to go back to user EXEC mode. Users can go back to privileged EXEC mode through end command from any command line mode except the user EXEC mode or privileged EXEC mode.
ISCOM2924GF device is in support of the following command line modes: Mode User EXEC mode Privileged EXEC mode Global configuration mode Physical layer interface configuration mode Enter method Log in the device, input correct username and password In user EXEC mode, input enable command and correct password. In privileged EXEC mode, input config terminal command. In global configuration mode, input interface port port-id command. Description Raisecom> Raisecom# Raisecom(config)# Raisecom(config-port)#
10
www.raisecom.com Mode Layer-3 interface configuration mode VLAN configuration mode Traffic classification configuration mode Traffic policy configuration mode Traffic policy configuration mode binding with traffic classification Access control list configuration mode Aggregation group configuration mode Service instance configuration mode EVC configuration mode MST region configuration mode Profile configuration mode Cluster configuration mode Chinese alert mode Enter method In global configuration mode, input interface ip if-number command. In global configuration mode, input vlan vlan-id command. In global configuration mode, input class-map class-map-name command. In global configuration mode, input policy-map policy-map-name command. In floe policy configuration mode, input class-map class-map-name command. Description
User Manual
Raisecom(config-pmap)# Raisecom(config-pmap-c)#
In global configuration mode, input access-list-map acl-number {deny|permit} command. In global configuration mode, input interface port-channel port-channel-number command. In global configuration mode, input service cisid level level command. In global configuration mode, input ethernet evc evc-number evc-name command. In global configuration mode, input spanning-tree region-configuration command. In global configuration mode, input igmp filter profile profile-number command. In global configuration mode, input cluster command. In any configuration mode, input language chinese command.
Raisecom(config-aclmap)#
Raisecom(config-aggregator)#
Raisecom(config-service)# Raisecom(config-evc)#
Raisecom(config-region)#
www.raisecom.com Shortcut Left cursor key () Right cursor key () Backspace Tab Description
User Manual
Move t he cur sor one character t o left; t he di splay ha s no change if the cursor is at the beginning of command. Move t he cur sor o ne cha racter t o right; the d isplay h as no change if the cursor is at the end of command. Delete t he cha racter be fore t he cur sor; t he di splay h as no change if the cursor is at the beginning of command. Click <Tab> after input ting a complete ke yword, c ursor w ill automatically appe ar a s pace t o the end; cl ick <Tab> again, the system will show the follow-up inputting keywords. Click <Tab > after i nputting a n i ncomplete ke yword, s ystem automatically executes partial helps:
System take the complete keyword to replace input if the matched keyword is the one and only, and leave one word space between the cursor and end of keyword; In case of mismatch or matched keyword is not the one and only, display prefix at first, then click <Tab> key to check words circularly, no space from cursor to the end of keyword, click <Space> key to input the next word; If input incorrect keyword, click <Tab> key will change to the next line and prompt error, the input keyword will not change.
Ctrl+A Ctrl+C Ctrl+D or Delete Ctrl+E Ctrl+K Ctrl+X Ctrl+Z Space or y Enter
Move the cursor to the head of line Break off some running operation, such as ping, traceroute and so on. Delete the cursor location characters Move the cursor to the end of line Delete all characters behind the cursor (including cursor location) Delete all characters before the cursor (except cursor location) Return to privileged EXEC mode from other modes (except user EXEC mode) When the terminal printing command line information exceeds the screen, continue to show the information in next screen. When the terminal printing command line information exceeds the screen, continue to show the information in next line.
Raisecom>?
User Manual
language Language of help message list quit terminal test List command Exit current mode and down to previous mode Configure terminal Test command
Input a c ommand and followed by a ? after one cha racter space, if the position of ? is keyword, list all keyword and brief description.
Input a c ommand a nd followed by a ? after one cha racter space, if the position of ? is parameter, list the range and brief description.
2.2.5.2
Partial help User can get partial help in the below three conditions: Input a character string and followed by a ?, the device will list all keywords start with the character string under current mode.
Input a c ommand a nd f ollowed by a c haracter s tring w ith ?, the de vice w ill lis t a ll keywords start with the character string in the command of current mode.
Input t he f irst f ew l etters of a c ommand ke yword a nd c lick <Tab> key to s how c omplete
www.raisecom.com
User Manual
keyword. The precondition i s the input letters can identify the ke yword clearly, otherwise, different ke ywords w ill be s hown c ircularly af ter cl ick <Tab> key c ontinued, user c an choose the right keyword from them.
2.2.5.3
Error prompt message description The de vice pr ints out t he f ollowing error pr ompt a ccording t o e rror t ype w hen i nput i ncorrect commands: Shortcut % * Incomplete command. % Invalid input at ^ marked. % Ambiguous input at ^ marked, follow keywords match it. % Unconfirmed command. % Unknown command. % You Need higher priority! Description User inputs incomplete command. ^ denotes illegal or unknown keyword. ^ denotes unclear keyword. User inputs unconfirmed command. User inputs unknown command. The current user doesnt have priority to execute the command.
Note: If there is error prompt message mentioned above, please use the command line help message to solve the problem.
Table 2-1 Function keys description for command line message display characteristics Function key Input Space or y Input Enter Input any letter key(except y) Description Continue to display next screen message Continue to display next line message Stop the display and command execution
2.2.6.2
Display message filter ISCOM2924GF device is in support of a series commands starting with show, for checking device configuration, operation and diagnostic information. Generally speaking, these commands can output more information, and then user needs to add filter rules to filter out unnecessary information.
14
www.raisecom.com
User Manual
show commands of ISCOM2924GF device is in support of three kinds of filter modes: | begin string: show all lines starting from the assigned string; | exclude string: show all lines mismatch with the assigned string; | include string: show all lines only match with the assigned string.
2.2.6.3
Display message page-break Display message page-break function refers t o provide pa use function when one t ime display message exceeds one screen, users can use the display c haracteristics function ke ys in table 2 -1 to control message display. If suppr essing message page-break function, it w ill not pr ovide pa use function when display message exceeds one screen; all the messages will be displayed circularly at one time. By default, the system display information page-break function is enabled. Please make the following configuration on the device. Step 1 Configuration Raisecom#terminal page-break enable Description Enable display message page-break function
For example:
www.raisecom.com
User Manual
Perform description text c ommand in physical layer interface mode to modify the i nterface description; perform no de scription command to delete the interface description and restore the default values. Perform shutdown command in physical layer interface mode to disable an i nterface; perform no shutdown command to enable an interface. Perform vlan vlan-id command in global configuration mode to create a VLAN; perform no vlan vlan-id command to delete a specified VLAN. Perform terminal page-break enable command i n global c onfiguration m ode t o e nable terminal page-break display message function; perform terminal page-break disable command to prohibit terminal page-break display message function.
Note: Most configuration commands have default values, which often are stored by no option.
ram size:128M
testing...done
Bootstrap_5.0.1. ISCOM2924GF.1.20110825, Raisecom Compiled Aug 25 2011,11:51:11 Base Ethernet MAC address: 00:0e:5e:00:00:00
Users can perform below operations in this menu: Operation ? b h L N Description List all executable operations. Quick execution for system bootrom software. List all executable operations. List all system startup software name and related information in the device. Set MAC (Medium Access Control) address.
16
www.raisecom.com Operation R S Description Reboot the device. List all system startup software name and related information in the device and assign system startup software name loaded at the time of startup device. Download and replace system startup software by TFTP.
User Manual
ISCOM2924GF device s tarts initialization by r eading configuration files f rom m emory a fter powering on. Thus, the configuration in configuration files are called as initialization configuration,
17
www.raisecom.com
User Manual
if there is no configuration files in memory, the device take the default parameters for initialization. The device running configuration is called as current configuration. User can modify device current configuration through command line. The current configuration can be us ed as ini tial configuration when ne xt t ime pow er on, us er m ust us e c ommand write to save current configuration into memory and form configuration file. Please configure the configuration files management for device as below: (All the following steps are optional and no sequencing.) Step 1 Configuration Raisecom#download startup-config { ftp ip-address user-name password file-name [ reservedevcfg ] | tftp ip-address file-name [ reservedevcfg ] } Raisecom#erase [ file-name ] Raisecom#upload startup-config { ftp [ ip-address user-name password file-name ] | tftp [ ip-address file-name ] } Raisecom#write Description (Optional) Download system startup configuration files through FTP or TFTP. (Optional) Delete the files from memory. (Optional) Upload system startup configuration files by FTP or TFTP. (Optional) Write the configured file into memory.
2 3
Overview
Uploading In traditional, c onfiguration files a re loaded by serial port, it takes a long time to load for the low speed and remote loading is unavailable. FTP and TFTP loading modes can solve those problems and make operation more convenient. ISCOM2924GF device is in support of TFTP auto-loading mode. TFTP auto-loading means users get the device configuration files from server and then configure the device. Auto-loading function allows configuration f iles to contain loading r elated c ommands f or multiple c onfigurations l oading s o a s t o m eet file auto-loading r equirements i n c omplex ne twork environment.
18
www.raisecom.com
User Manual
ISCOM2924GF provides several methods to confirm configuration file name in TFTP server, such as input by manual, obtain by DHCP Client, use default configuration file name, etc. Besides, users can assign certain denomination r ule f or configuration files and then, t he device confirms t he na me according t o t he r ules a nd combines w ith i tself a ttribution ( device t ype, M AC a ddress, s oftware version, etc.).
2.4.1.2
Upgrading The device needs to u pgrade if user needs to i ncrease new features, opt imize functions or solve current software version BUGs. ISCOM2924GF device supports the following two upgrade modes: Upgraded by BootROM Upgraded by FTP/TFTP
2.4.2
Please configure TFTP auto-loading for the device as below: No. 1 2 3 Item Raisecom#config Raisecom(config)#service config tftp-server ip-address Raisecom(config)#service config filename rule [ rule-number ] Raisecom(config)#service config filename file-name Raisecom(config)#service config version { system-boot | bootstrap | startup-config } version Raisecom(config)#service config overwrite enable Raisecom(config)#service config Description Enter global configuration mode. Configure TFTP server IP address. By default, this address is unavailable. Set denomination rule for file name. By default, there is no denomination rule, system uses default file name as strartup_config.conf. Assign configuration file name to upload. Configuration file version number.
4 5
Enable local configuration file overwrite function. Use the command service config overwrite disable to disable overwrite function. Enable configuration auto-loading function.
19
User Manual
Enable Trap function. Use the command service config trap disable to prohibit this function.
2.4.3
Before upgrading system software b y BootROM, user should build TFTP environment, take PC as TFTP server, ISCOM2924GF device as client, basic requirements are as below: ISCOM2924GF connects TFTP server by SNMP interface. Configure TFTP server, make sure the server is available; Configure IP a ddress for T FTP server; keep i t i n t he s ame ne twork s egment w ith ISCOM2924GF IP address.
Steps for upgrading system software by BootROM: Step 1 Operation Log in device through serial port as administrator and enter Privileged EXEC mode, reboot device by the command of reboot. Raisecom#reboot
Please input 'yes' to confirm:yes Rebooting ...
Raisecom#
begin... ram size:128M Init flash ...Done Bootstrap_5.0.1.ISCOM2924GF.1.20110825, Raisecom Compiled Aug 25 2011,11:51:11 Base Ethernet MAC address: 00:0e:5e:00:00:00 Press space into Bootstrap menu... 0 testing...done
Click <Space> key t o enter i nterface of [ raisecom] w hen the di splay s hows Press space into Bootstrap menu..., then input ? to display command list: [Raisecom]:?
? h b T N R - List all available commands - List all available commands - Boot an executable image - Download both DOS file system - set ethernet address - Reboot
20
www.raisecom.com Step 3 Operation Input T to download through TFTP and replace system boot file, the display information shows as below: [Raisecom]:T
Index Name Size ---------------------------------------------------------1 2 ROS_5.0.0_ISCOM2924GF.1.20110825 ----------0 Select system for upgrading. 5512f5
User Manual
Current selected version is 0 Please select a version to overwrite: 1 dev name:ISCOM2924GF unit num:1
file name: ROS_5.0.0_ISCOM2924GF.1.20110825 local ip: 192.168.18.250 server ip:192.168.18.16 Loading... Done
Note: Make sure the input file name here is correct, the file name shouldnt be longer than 80 characters. 4 Input b to qui ck e xecute boot strap f ile, de vice r eboot a nd l oads t he downloaded system boot file.
2.4.4
Steps for upgrading system software by FTP/TFTP: No. 1 Item Raisecom#download system-boot { ftp [ ip-address user-name password file-name - ] | tftp [ ip-address file-name ] } Raisecom#write Raisecom#reboot [ now ] Description Download system boot software through FTP or TFTP
2 3
Write the configured file into memory. Reboot device, and it will auto-loading the downloaded system boot file.
21
www.raisecom.com
User Manual
2.4.5
Checking configuration
Check the result by the commands below after configuration: No. 1 2 3 Item Raisecom#show service config Raisecom#show service config filename rule rule-number Raisecom#show version Description Show auto-configured loading information. Show denomination rule for configuration files. Show system version.
Please configure time and time zone for the device as below:
Step 1 2 3
Configuration Raisecom#clock mode {auxiliary|default|timestamp} Raisecom#clock set hour minute second year month day Raisecom#clock timezone { + | - } hour minute timezone-name
Description Configure system time mode. Configure system time. Configure system belonged time zone.
22
www.raisecom.com
User Manual
2.5.2
2.5.3
Configure NTP
NTP (Network T ime P rotocol) i s a t ime s ynchronization pr otocol de fined by RFC1305, us ed t o synchronize time between distributed time servers and clients. NTP transportation is based on UDP, using port 123. The pur pose of N TP i s t o synchronize a ll c locks i n a ne twork qui ckly a nd t hen the de vice c an provide different a pplication over a unified time. Meanwhile, NTP can ensure very high accuracy, with accuracy of 10ms around. The device in support of NTP can not only accept synchronization from other clock source, but also to synchronize other devices as a clock source. ISCOM2924GF device adopts multiple NTP working mode for time synchronization: Server/Client mode In this mode, c lient sends c lock synchronization message to different servers. The server works in server m ode b y a utomation a fter r eceiving s ynchronization m essage a nd s end answering m essage. The client received answering message and perform clock filer and selection, then synchronize it to privileged server. In this mode, client can synchronize to server but the server cannot synchronize to client. Equity mode
23
www.raisecom.com
User Manual
In this mode, active equity send clock synchronization message to passive equity. The passive equity works in passive mode by automation after receiving message and send answering message back. By exchange message, the two sides build up equity mode. The active and passive equities in this mode can synchronize each other. The NTP default configuration is as below: Function Whether the device is NTP master clock Global NTP server Global NTP equity Reference clock source Default value no inexistent inexistent 0.0.0.0
Please configure NTP for the device as below: Step 1 2 3 4 Configuration Raisecom#config Raisecom(config)#ntp server ip-address [ version [ v1 | v2 | v3 ] ] Description Enter global configuration mode. (Optional) Configure NTP server address for client device working in server/client mode.
Raisecom(config)#ntp peer ip-address (Optional) Configure NTP equity address for [ version [ v1 | v2 | v3 ] ] ISCOM2924GF device working in equity mode. Raisecom(config)#ntp reclock-master Configure clock of this device as NTP reference ip-address [ stratum ] clock source for ISCOM2924GF device. Note: If the device is configured as NTP reference clock source, NTP server or NTP equity are not configurable; and vice versa, the device cannot be configured as NTP reference clock if NTP server or equity are configured.
2.5.4
Configure SNTP
SNTP (Simple Network Time Protocol) is mainly used to synchronize switch system time with the SNTP device tim e in the n etwork. The t ime s ynchronized by S NTP protocol i s Greenwich Mean Time, which can be changed to local time according to system setting of time zone. The SNTP default configuration is as below: Function SNTP server address Default value inexistent
Please configure SNTP for the device as below: Step Configuration Description
24
www.raisecom.com Step 1 2 Configuration Raisecom#config Raisecom(config)#sntp server ip-address Description Enter global configuration mode. (Optional) Configure SNTP server address for client device working in server/client mode.
User Manual
Note: After configuring SNTP server address, the device will try to get clock information from SNTP server every three seconds, and the maximum timeout for clock information is 10 seconds.
2.5.5
Checking configuration
Check the result by the commands below after configuration: No. 1 Item Raisecom#show clock [ summer-time recurring ] Raisecom#show sntp Raisecom#show ntp status Raisecom#show ntp associations Description Check whether the device system time, time zone and summer time configuration is correct. Show SNTP configuration. Show NTP configuration. Show NTP connection information.
2 3 4
2.6.2
www.raisecom.com Please configure the basic attributes for interface of device: Step 1 2 Configuration Raisecom#config Raisecom(config)#system mtu size Description Enter global configuration mode.
User Manual
Configure the maximum transmission unit (MTU) for all interfaces, MTU is the maximum bytes quantity allowed to pass at the interface (dont fragment). When the forward message length exceeds the maximum value, the device will discard this message automatically.
3 4
Enter physical layer interface configuration mode. Configure interface duplex mode. Ethernet physical layer has half-duplex, full-duplex and auto-negotiation modes. In half-duplex mode, the interface can only receive or transmit message at any time; in full-duplex mode, the interface can both receive and transmit message at any time; auto-negotiation means the two devices in link can exchange message and select duplex mode by automation, once negotiation successful, the two devices can transmit message in the same duplex mode. By default, the interface duplex mode is auto-negotiation.
Raisecom(config-port)#speed {auto|10|100|1000}
Configure interface speed. For optical interface, the interface speed depends on optical module specification. Note: Ten Gigabit Ethernet interface is in support of speed 10000.
2.6.3
26
www.raisecom.com
User Manual
2.6.4
2.6.5
2.6.6
Checking configuration
Check the result by the commands below after configuration: No. 1 2 3 4 Item Raisecom#show interface port port-id Raisecom#show interface port port-id statistics dynamic [ detail ] Raisecom#show interface port port-id flowcontrol Raisecom#show system mtu Description Show interface status. Show interface statistics. Show interface flow control. Show system MTU.
www.raisecom.com Step 1 Configuration Raisecom#hostname name Description (Optional) Configure device name. By default, the device name is Raisecom.
User Manual
The system is in support of changing device name to make users distinguish different devices in the network. Device name become effective immediately, which can be seen in terminal prompt. 2 Raisecom#language { chinese | english } (Optional) Configure switchover language mode. By default, the language is English. The system is in support of both Chinese and English display in help message and prompt message of command line. 3 Raisecom#write Save configuration. Save configuration information to device after configuration, and the new saved configuration information will cover the original configuration information. Without saving, the new configuration information will lose after rebooting, and the device will continue working with the original configuration. Note: Use the command erase file-name to delete configuration files, which cannot be restored, so please take careful operation. 4 Raisecom#reboot [ now ] Note: Rebooting the device will interrupt the service, please take careful operation. Please save the configuration before rebootingin order to avoid configuration loss. (Optional) Configure device reboot. When the device is in failure, please reboot it to solve the problem according to actual condition.
28
www.raisecom.com Step 2 Configuration Raisecom(config)#schedule-list list-number start { date-time month-day-year hour:minute:second [ every { day | week | period hour:minute:second } ] stop month-day-year hour:minute:second | up-time period hour:minute:second [ every period hour:minute:second ] [ stop period hour:minute:second ] } Raisecom(config)#command-string schedule-list list-number Raisecom#show schedule-list [ list-number ] Description
User Manual
Bind the command line which needs periodic execution and is in support of schedule list to the schedule list. Check whether the schedule list configuration is correct.
2.10.1.1
www.raisecom.com
User Manual
2.10.1.2
Configure denomination rule for file name: Configure file name: Enable local configuration file overwrite function: Enable auto-loading configuration function:
Raisecom(config)#service config
2.10.1.3
Show result To view auto-loading configuration by the command of show service config:
Raisecom(config)#show service config Auto upgrade : Config server IP address: Config filename rule: Config file name: System boot file version: Bootstrap flie version : Startup-config file version: Overwrite local configuration file: Send Completion trap: Current File Type: Operation states: Result: enable 192.168.1.1 81650 ABC 1107290 :48:050 0000000 enable disable none done none
30
www.raisecom.com
User Manual
Chapter 3 Ethernet
This c hapter i ntroduces pr inciple a nd configuration procedure of E thernet f eatures, a lso pr oviding related configuration applications: Overview Configure MAC address forwarding table Configure VLAN Configure QinQ Configure VLNA conversion Configure STP Configure MSTP Configure loopback detection Configure interface protection Configure interface mirror Configure layer-2 protocol transparent transmission Maintenance Configuration Applications
3.1 Overview
3.1.1 Ethernet interface
With the highly f lexible, relatively s imple, easy t o i mplement f eatures, Ethernet has be come an important LAN networking technology. Ethernet int erface is di vided into: E thernet e lectrical interface and Ethernet optical interface. ISCOM2924GF device i s n s upport of Ethernet electrical interface and Ethernet o ptical i nterface. The s pecific interface mode depends on t he de vice, support s ituation of chip and achievement situation of drive.
3.1.1.1
Auto-negotiation function The m ain f unction of a uto-negotiation i s t o m ake t he devices i n both e nds of physical link to automatically s elect the s ame working parameters through i nteraction information. The c ontent of auto-negotiation mainly i ncludes dupl ex m ode, operating speed and flow cont rol p arameters, etc. Once the negotiation is passed, the devices in both ends of link will be locked in the same duplex mode and operating speed. ISCOM2924GF-4C 10GE interface is only in support of full-duplex mode; ISCOM2924GF Combo electrical interface and 10/100/1000BASE-T photoelectric conversion module auto-negotiation is in support of 10M/100M/1000M operating s peeds, f ull-duplex a nd ha lf-duplex working mode configuration.
31
User Manual
General standard Ethernet cabl e is di vided into direct-through cable MDI ( Medium D ependent Interface) and cross-over cable MDI-X (Medium Dependent Interface cross-over). MDI provides physic a nd c ircuit connections from terminal end to network trunk device. MDI-X offers the sa me device (terminal to terminal) connection. The interface type of host and router is MDI, the port type of hub a nd s witch is MDI-X. Generally, heterogeneous de vices i nterconnect with direct-through cable, while similar devices interconnect with cr oss-over cable. Adaptive connection need not to consider direct-through cable or cross-over cable. ISCOM2924GF Ethernet connection is in support of adaptive MDI / MDI-X.
3.1.2
3.1.2.1
ISCOM2924GF de vice can check MAC addres s t able i nformation based on device, interface and VLAN.
3.1.2.2
MAC address forwarding mode Ethernet device adopts following forwarding modes according to MAC address table items: Unicast m ode: If the M AC a ddress f orwarding t able c ontains i tem r elated t o message destination M AC a ddress, t he de vice di rect transmits fr om t he f orwarding egress i nterface. As shown in Figure 3-1:
32
www.raisecom.com
1
Message purpose MAC D Local MACMAC A Local portPort 1
User Manual
2
Search MAC address table MAC D
Interface
Port 4
VLAN 1
PC A
PC C
Switch
PC B 3
PC D
Forward message according to the interface in MAC address forwarding table
Figure 3-1 Sketch map of MAC address forwarding table Multicast mode: when device receives message with multicast MAC address as destination, forwarding the message from the outer interface if there is item related to destination address in the MAC address forwarding table; or else, discard the message. Broadcast mode: If device receives message with destination address is all F, or there is no destination MAC a ddress i n t he M AC a ddress f orwarding t able, t he de vice w ill br oadcast message to all interfaces except the receiving interface. As shown in Figure 3-2:
1
Message purpose MAC C Local MACMAC A Local portPort 1
2
Search MAC address table, finding no MAC C record, then send broadcast to the whole broadcast demain.
3
Receive message correctly
PC A PC C
Switch PC D
3.1.2.3
Classification of MAC address table entry MAC address forwarding table is divided into static address table entry and d ynamic address table
33
www.raisecom.com entry.
User Manual
Static MAC address table entry: also called permanent address, added and removed by the user manually, does not age with time. For a network with small device change, adding static address table entry manually can reduce the network broadcast traffic, improve the security of the i nterface a nd prevent ta ble e ntry f rom losing after the system re set, interface b oard hot swapping or interface board reset. Dynamic M AC addres s t able entry: the switch can add dynamic M AC address t able ent ry through MAC address learning mechanism or manual establishment by users. The table entry will be aged according to the aging time configuration, and be empty after he system reset, interface board hot swapping or interface board reset.
3.1.2.4
Aging time of MAC address There i s capa city r estriction to the MAC a ddress forwarding table of Ethernet s witch. I n or der t o maximize the use of address forwarding table resources, Ethernet switch uses the aging mechanism to update M AC a ddress f orwarding table, i.e. in the meantime of cr eating a cer tain dynamic table entry, ope n the aging timer, if the re is n o MAC a ddress m essage from t he t able e ntry dur ing t he aging time, the switch will delete the MAC address table entry. ISCOM2924GF device is in support of MAC address auto-aging. The range of aging time is 10s~1 000000s. Note: When opening the "destination MAC address update" function, if the switch has transmitted some destination MAC address message during aging time, the MAC table entry will also be triggered update and restarted aging. MAC address aging mechanism is only valid to dynamic MAC address table entry.
3.1.2.5
MAC address forwarding strategy MAC address forwarding table has two kinds of forwarding strategies: When message e nters de vice i nterface, the device w ill s earch interface associated with destination M AC a ddress i n t he M AC a ddress ta ble, if the re is de stination MAC in M AC address table, and forwarding the message from it; the source MAC address of message will be r ecorded and save i n MAC addr ess t able related to i ngress m essage i nterface I D an d VLAN ID. When ot her i nterface ha s message t o t he M AC ad dress, the i nformation can be forwarded to associated interface directly. If there i s no de stination M AC f or t he message i n MAC a ddress t able, a ddress a ssociation relationship will f orward data pa ckets to all int erfaces w ith same br oadcast do main and record source MAC address to device MAC address table.
3.1.2.6
MAC address learning amount limit MAC address learning amount limit function is mainly to restrict the number of MAC address entries, avoid extending the checking time of forwarding table entry caused by too large MAC address table and degrading the forwarding performance of Ethernet switch, and it is an effective way to manage MAC address table.
34
www.raisecom.com
User Manual
MAC address learning amount limit is mainly used to restrict the size of MAC address forwarding table and improve the forwarding speed of switch chip. You can control the MAC address forwarding table entry number maintained by Ethernet switch by setting the maximum nu mber of MAC address learnt in the Ethernet interface or sp ecified VLAN. When the number of MAC address learnt in interface or specified VLAN reaches the threshold set by the user, the interface will no longer take the restriction to the MAC address learning or other VLAN messages.
3.1.3
3.1.3.1
VLAN
VLAN overview VLAN (Virtual Local Area Network) is a protocol to solve Ethernet broadcast and security problem. It is a layer-2 isolation technique that divides a LAN into different broadcast domains by logic but not by ph ysics, t hen t he different br oadcast dom ains can w ork a s v irtual gr oups w ithout a ny influence from one another. Looking from the function, VLAN has the same features as LAN, but members in one VLAN can access one another without restriction by physical location. As shown in Figure 3-3:
Figure 3-3 VLAN division sketch map VLAN technique can divides a physical LAN i nto different br oadcast dom ain b y logic. Hosts without intercommunication requirements can be isolated by VLAN and then, i mprove ne twork security, reduce broadcast flow and broadcast storm. ISCOM2924GF is in support of VLAN division based on interface. ISCOM2924GF de vice i s c ompliance w ith IEEE 802 .1Q standard VLAN a nd i s s upport of 4094 concurrent VLAN.
35
User Manual
ISCOM2924GF has two interface modes: Access mode and Trunk mode. The method of dealing with message for the two modes shows as below. Table 3-1 Interface mode and message transportation Interface type Access Deal with Ingress message Untag message Add default VLAN Tag for message
Tag message VLAN IDdefault VLAN ID, receive the message VLAN IDdefault VLAN ID, discard the message
VLAN IDdefault VLAN ID, remove Tag and transmit the message.
Trunk
Default VLAN ID is included in interface permit passing VLAN ID list, receiving the message and adding default VLAN Tag.
Receive the message if the message VLAN ID is included in the permit passing VLAN ID list.
VLAN IDdefault VLAN ID, permit passing from interface, remove Tag and transmit the message
Discard the message if the message VLAN ID is not included in the permit passing VLAN ID list.
VLAN IDdefault VLAN ID, permit passing from interface, transmit the message with Tag
3.1.4
QinQ
QinQ ( also know n a s Stacked VLAN or Double V LAN) technique is a n e xtension f or 802. 1Q defined in IEEE 802.1ad standard.
3.1.4.1
Basic QinQ Basic QinQ is a simple layer-2 VPN tunnel technique, which encapsulate outer VLAN Tag for user private network message at carrier access end, then the message takes double VLAN Tag to transmit through ba ckbone ne twork ( public ne twork) of c arrier. In publ ic ne twork, m essage j ust be transmitted in accordance with outer VLAN Tag (namely the public network VLAN Tag), the user private network VALN Tag is transmitted as data in message.
www.raisecom.com
User Manual
Typical networking of basic QinQ is shown as Figure 3-4, ISCOM2924GF is PE (Provider Edge). The message is transmitted to PE device from user device, and the VLAN ID of message tag is 100. The message will be printed outer tag with V LAN 200 when pa ssing through PE device user side interface and then enter PE network. The VLAN 200message is transmitted to PE device on the other end by PE, and then the other PE will strip the outer tag VLAN 200 and send it to user device. So the message returns to VLAN 100 tag. This technique can s ave pu blic ne twork V LAN I D r esource. Users can m ark out pr ivate ne twork VLAN ID to avoid conflict with public network VLAN ID.
3.1.4.2
Flexible QinQ Flexible Q inQ i s an enhancement of ba sic Q inQ, which classifies f low accor ding to user da ta features, then encapsulate d ifferent t ypes f low into different outer V LAN t ag. This technique is realized by combination of interface and VLAN. Besides the functions of basic QinQ, flexible QinQ can perform different action on different VLAN Tag received by one interface and add different outer VLAN ID for different inner VLAN ID. According to configure mapping rule for inner and outer Tag, users can encapsulate different outer Tag for different inner Tag message. Flexible QinQ function makes c arrier ne twork structure m ore f lexible. Customers can classify different t erminal us ers at a ccess de vice i nterface accor ding to VLAN Tag and then, encapsulate different outer Tag for different class users. In public network, customer can configure QoS pol icy according t o out er T ag a nd configure data t ransmission priority f lexibly so as to m ake us ers i n different class receive the corresponding services.
3.1.5
VLAN mapping
The main function of VLAN mapping is to replace private network VLAN Tag in Ethernet service message b y car rier V LAN Tag, m ake t he m essage be t ransmitted i n c arrier V LAN m apping r ule. When the message is mapped from carrier network to peer customer private network, restore VLAN mapping to original pr ivate network VLAN Tag by t he s ame r ule so t hat the m essage can ar rive destination correctly. The VLAN mapping principle is shown in Figure 3-5:
Figure 3-5 Sketch map of VLAN mapping principle After receiving VLAN Tag with user private ne twork message, the s witch will match VLAN Tag according to the VLAN m apping configuration rule and replace i t i f matching successfully.
37
www.raisecom.com
User Manual
ISCOM2924GF i s i n s upport of 1: 1 VLAN m apping t o r eplace VLAN T ag c arried by a c ertain VLAN message to new VLAN Tag. Different from QinQ function, VLAN mapping neednt to take multi-layer VLAN Tag encapsulation to message, but change VLAN Tag to make it transmit according to VLAN mapping forward rule.
3.1.6
3.1.6.1
STP/RSTP/MSTP
STP With the increasing complexity of network structure and growing number of switches in the network, the E thernet ne twork l oops become t he most prominent pr oblem. Because of the packet broadcast mechanism, network loop will make the network generate network storm, exhaust network resources, and have serious impact to the normal data forwarding. The network storm caused by network loops is shown in Figure 3-6.
Figure 3-6 Sketch map of network storm caused by network loops circuit STP (Spanning Tree P rotocol) is c ompliant to IEEE 802.1d s tandard and us ed t o r emove da ta physical loop in data link layer in LAN. STP running device can interact BPDU (Bridge Protocol Data Unit) packet with each other for the election of root switch and selection of root port and designated port. It also can block loop interface in the de vice logically according to the selection results, eventually trimming the loop ne twork structure to t ree ne twork s tructure without l oop w hich t akes a de vice a s r oot, s o a s t o pr event the continuous proliferation and limitless circulation of packet in loop network from causing broadcast storm a nd a void declining packet pr ocessing capacity caused by ceceiving the s ame packets repeatedly. The loop network diagram running STP is shown in Figure 3-7.
38
www.raisecom.com
User Manual
Figure 3-7 Loop network diagram running STP protocol Although S TP can eliminate loop ne twork a nd pr event br oadcast s torm w ell, i ts shortcomings a re still gradually exposed with thorough application and development of network technology. The major disadvantage of STP is the slow convergence speed.
3.1.6.2
RSTP For i mproving the low c onvergent speed of STP, IEEE 802.1w e stablishes RSTP (Rapid Spanning Tree Protocol), which increase the mechanism to change interface blocking state to forwarding state, speed up the topology convergence rate. The purpose of S TP/RSTP is t o s implify a br idge c onnection L AN t o a uni tary s panning t ree i n logical topology and so as to avoid broadcast storm. The di sadvantages of S TP/RSTP e xposed w ith t he r apid de velopment of V LAN t echnology. The unitary spanning tree simplified from STP/RSTP leads the below problems: The w hole s witched network ha s onl y one s panning t ree, w hich w ill le ad to longer convergence time in a larger network. Waste of bandwidth since a link doesnt carry any flow after it is blocked; Message of partial VLAN cannot be forwarded when network structure is unsymmetrical. As shown in Figure 3-8, Switch B is root switch, RSTP protocol blocks the link between Switch A and Switch C logically and make that the VLAN 100 message cannot be transmitted and Switch A and Switch C cannot communicate.
39
www.raisecom.com
User Manual
3.1.6.3
MSTP MSTP (Multiple Spanning Tree Protocol) is defined by IEEE 802.1s. Recovering the disadvantages of S TP a nd RSTP, t he M STP realizes fa st convergence and distributes different VLAN flow following its own path to provide an excellent load sharing mechanism. MSTP di vides a s witch ne twork i nto m ultiple dom ains, c alled MST dom ain. Each M ST dom ain contains s everal s panning t rees but t he t rees ar e i ndependent o ne an other. Each s panning t ree i s called a MSTI (Multiple Spanning Tree Instance). MSTP protocol introduces CST (Conmon Spanning Tree) and IST (Internal Spanning Tree) concepts. CST refers to take MST domain as a w hole to calculate and generate a spanning tree. IST means to generate spanning tree in internal MST domain. Compared with STP and RSTP, MSTP also introduces total root (CIST Root) and domain root (MST Region Root) concepts. The total root is a global concept; all switches running STP/RSTP/MSTP can only ha ve one total r oot, which is the CIST R oot. T he domain root i s a l ocal c oncept, which is relative to an instance in a domain. As Figure 3-9, all connected devices only have one total root, and the number of domain root contained in each domain is associated with the number of instances.
40
www.raisecom.com
User Manual
Figure 3-9 Basic concept sketch map of MSTI network There can be different M ST instance in each MST de main, which associates VLAN and MSTI b y setting V LAN mapping table (relationship table of VLAN a nd MSTI). The concept sketch map of MSTI is shown in the Figure 3-10.
Figure 3-10 Concept sketch map of MSTI Note: Each VLAN can only corresponding to one MSTI; that is to say, data of one VLAN can only be transmitted in one MSTI; while one MSTI may correspond to several VLAN.
41
www.raisecom.com
User Manual
Compared with the previous STP and RSTP, MSTP has obvious advantages, including cognitive ability of VLAN, load balance sharing ability, similar RSTP port status switching ability as well as binding multiple VLAN to one MST instance to reduce resource occupancy rate. In addition, MSTP running devices in network are also compatible with the STP and RSTP running devices.
Figure 3-11 Networking of multiple spanning trees instances in MST domain Applying MSTP in the network as Figure 3-11 above, after calculation, there are two spanning trees generated at last (two MST instances): MSTI1 takes B as root switch, forwarding message of VLAN100; MSTI2 takes F as root switch, forwarding message of VLAN200. By this w ay, all V LAN can com municate at i nternal, different V LAN m essages are f orwarded in different path to share loading.
3.1.7
Loopback detection
The i nterface l oopback de tection f unction s olves i nfluence o n ne twork caused by s elf-loop or external loop, and then improves network error-detection, error tolerance and stability. Procedure of loopback detection: Each i nterface of device sends loopback-detection message by interval (the interval is configurable, by default is 4 seconds); The device check source MAC field for interface received loopback detection packets, if the source M AC i s i dentical t o device M AC, some i nterfaces of t he de vice form a l oop; otherwise, discard the message; It is self-loop if the sending interface ID is identical to receiving interface ID, shutdown the interface; It is external loop if the sending interface ID is identical to receiving interface ID, shutdown
42
www.raisecom.com the interface with bigger ID, and leave the smaller interface ID in UP status.
User Manual
3.1.8
Interface protection
User needs to take layer-2 data isolation among different interface and add the interface to different VLAN. S ometimes i nterfaces i n the s ame VLAN al so n eed to be t aken data is olation by interface protection feature, which can isolate interfaces in one VLAN. Through interface protection festure, user can enable the protection feature to interfaces needed to be controlled to achieve the layer-2 data isolation and reach physical isolation effect among interfaces, which improve network security and provide flexible networking solution to cutomer. The packets among interfaces in a protection group cannot communicate after configuring interface protection, but the communication between i nterfaces enabling interface protection and disabling interface protection wont be influenced.
3.1.9
Interface mirror
Interface mirror func tion refers t o assign some packets m irror of s ource i nterface t o de stination interface, i.e. the m onitoring i nterface without a ffecting t he nor mal pa cket f orwarding f unction. Switch user can monitor the pa ckets s ending a nd r eceiving of one interface by t his f unction a nd analyze the relevant network conditions.
Figure 3-12 Sketch map of interface mirror function priciple The basic principle of interface mirror is shown in Figure 3-12. PC 1 connects outside network via the Port 1; PC 3 is monitoring PC, connecting outside network through the Port 12. When m onitoring packets from t he PC 1, user ne eds to assign Port 1 co nnected to PC1 as mirror source i nterface, enable m irror f unction of ingress i nterface and a ssign Port 12 as m oniroring interface, i.e. mirror destination interface. When the service pa ckets f rom PC 1 enter switch, the s witch will forward the pa cket an d c opy to monitoring interface (Port 12). The monitoring device connected to mirror monitoring interface can
43
User Manual
ISCOM2924GF is in support of the da ta stream mirror over ingress interface and egress interface. The packets in ingress/egress mirror interface will be copied to the monitor interface after enabling the mirror function. Monitoring interface and mirror interface cannot be the same one.
3.1.10
Layer-2 protocol transparent transmission function can be ope rated a t the s ame time w ith QinQ or operated i ndependently. In practice a pplication, a fter m odifying pr otocol message M AC a ddress, need to add outer Tag for transmit through carrier network. ISCOM2924GF de vice is i n support of transparent transmission of BPDU m essage, DOT1X message, LACP message, CDP message, VTP message and PVST message.
44
User Manual
3.2.2
3.2.3
Configure black hole MAC address. (Optional) Set multicast filter mode for MAC address table.
3.2.4
www.raisecom.com
User Manual
3.2.5
3.2.6
Raisecom(config)#mac-address-table Set MAC address aging time. The time aging-time { 0 | period } range: 10~1000000, unit: second. Set the aging time 0 for non-aging.
3.2.7
Checking configuration
Check the result by the commands below after configuration: No. 1 2 3 4 5 6 Item Raisecom#show mac-address-table static [ port port-id | vlan vlan-id ] Raisecom#show mac-address-table multicast [ vlan vlan-id ] [ count ] Raisecom#show mac-address-table blackhole Raisecom#show mac-address-table l2-address [ count ] [ vlan vlan-id | port port-id ] Raisecom#show mac-address-table threshold [ port-list { all | port-list } ] Raisecom#show mac aging-time Description Show static unicast MAC address. Show layer-2 multicast address. Show black hole MAC address. Show all layer-2 unicast addresses and the learning MAC address amount. Show MAC address learning amount limit value. Show MAC address aging time.
46
www.raisecom.com
User Manual
When configuring IP address for V LAN, user can associate a l ayer-3 interface for it. Each layer-3 interface is corresponding to one IP address and one VLAN.
3.3.1.2
Preconditions Before configuring VLAN, users need to configure physical parameter for the interface to make the status Up.
3.3.2
47
www.raisecom.com
User Manual
3.3.3
3 4 5
3.3.4
3.3.5
www.raisecom.com Step 2 3 Configuration Raisecom(config)#interface port port-id Raisecom(config-port)#switchport mode access Raisecom(config-port)#switchport access vlan vlan-id 4 Raisecom(config-port)#switchport access egress-allowed vlan { all | [ add | remove ] vlan-list } Note: Description
User Manual
Enter physical layer interface configuration mode. Configure interface in Access mode and add Access interface into VLAN. (Optional) Configure Access interface permitted VLAN.
The interface permits Access VLAN packets passing regardless of configuration for VLAN permitted by Access interface, the forwarded packets dont take with VLAN TAG. When s etting Access VLAN, system w ill cr eate an d activate VLAN by a utomation if us er hasnt created and activated VLAN in advance. If us er de letes or s uspends Access VLAN by manual, system w ill s et t he i nterface A ccess VLAN as default VLAN by automation. When c onfiguring interface Access VL AN as no n-default Access V LAN, default Access VLAN 1 is Access egress interface permitted VLAN, user can delete Access VLAN 1 from permitted VLAN list of Access egress interface by deleting this VLAN. If the configured Access V LAN is not default VLAN and there i s n o default V LAN in permitted VLAN list of Access interface, the interface doesnt permit default VLAN packets passing. Permitted VLAN list of Access interface is only effective to static VLAN, and inefficient to cluster VLAN, GVRP dynamic VLAN, etc.
3.3.6
Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure interface in Trunk mode. Configure interface Native VLAN. (Optional) Configure Trunk interface permitted VLAN. (Optional) Configure Trunk interface unTag VLAN.
www.raisecom.com
User Manual
Interface pe rmits in a nd out of T runk A llowed VLAN m essage, i f t he V LAN i s T runk Untagged V LAN, the packets r emove V LAN T AG at egr ess i nterface, otherwise, dont modify the packets. If the configured Native VLAN is not default VLAN, and there is no default VLAN in Trunk interface permitted VLAN list, the interface wont permit default VLAN packets passing. When s etting T runk Untagged V LAN l ist, s ystem a utomatically a dds a ll U ntagged V LAN into Trunk permitted VLAN. Trunk permitted VLAN list and Trunk Untagged VLAN list are only effective to static VLAN, and ineffective for cluster VLAN, GVRP dynamic VLAN, etc.
3.3.7
Checking configuration
Check the result by the commands below after configuration: No. 1 2 Item Raisecom#show vlan [ vlan-list | static ] Raisecom#show interface port [ port-id ] switchport Description Show VLAN configuration. Show interface VLAN configuration.
3.4.1.2
Preconditions Users must finish below operations before configuring QinQ. Connect interface and configure interface physical parameters to make the physical layer Up. Create VLAN
3.4.2
www.raisecom.com Function Outer TAG TPID value Basic QinQ function status Flexible QinQ function status Default value 0x8100 Disable Disable
User Manual
3.4.3
3.4.4
3.4.5
www.raisecom.com
User Manual
3.4.6
Checking configuration
Check the result by the commands below after configuration: No. 1 2 Item Raisecom#show switchport qinq Description Show configuration of basic QinQ.
Raisecom#show interface port Show configuration of flexible QinQ. [ port-id ] vlan-mapping add-outer
3.5.1.2
Preconditions Users must finish below operations before configuring VLAN mapping. Connect interface and configure interface physical parameters to make the physical layer Up. Create VLAN
3.5.2
3.5.3
Checking configuration
Check the result by the commands below after configuration:
52
www.raisecom.com No. 1 Item Raisecom#show interface port port-id vlan-mapping { ingress | egress } translate Description Show configuration information of 1:1 VLAN mapping.
User Manual
3.6.1.2
3.6.2
3.6.3
53
User Manual
Raisecom(config)#spanning-tree mode stp Configure spanning tree for STP mode. Raisecom(config)#spanning-tree enable Enable spanning tree protocol.
3.6.4
Raisecom(config)#spanning-tree priority (Optional) Configure device priority. priority-value Raisecom(config)#spanning-tree root { primary | secondary } Raisecom(config)#interface port port-id Raisecom(config-port)#spanning-tree priority priority-value Raisecom(config-port)#spanning-tree inner-path-cost cost-value Raisecom(config)#spanning-tree hello-time value Raisecom(config)#spanning-tree transit-limit value Raisecom(config)#spanning-tree forward-delay value Raisecom(config)#spanning-tree max-age value (Optional) Configure the device as root or backup device. (Optional) Configure device interface priority. (Optional) Configure path cost for device interface. (Optional) Configure Hello Time. (Optional) Configure maximum transmitting speed of interface. (Optional) Configure Forward Delay. (Optional) Configure Max Age.
5 6 7 8 9
3.6.5
Checking configuration
Check the result by the commands below after configuration: No. 1 2 Item Raisecom#show spanning-tree Raisecom#show spanning-tree port-list port-list Description Show basic configuration information of S TP. Show STP configuration under interface.
54
www.raisecom.com
User Manual
3.7.1.2
3.7.2
3.7.3
www.raisecom.com Step 3 Configuration Raisecom(config)#spanning-tree enable Description Enable spanning tree protocol.
User Manual
3.7.4
Please configure MSTP domain and its maximum hop count for the device as below: Step 1 2 3 4 5 Configuration Raisecom#config Raisecom(config)#spanning-tree region-configuration Raisecom(config-region)#name name Description Enter global configuration mode. Enter MST domain configuration mode. Configure MST domain name.
Raisecom(config-region)#revision-level Set revision level for MST domain, it is 0 level-value by default. Raisecom(config-region)#instance instance-id vlan vlan-id Raisecom(config-region)#exit Raisecom(config)#spanning-tree max-hops hops-value Set mapping relationship from MST domain VLAN to instance. Configure the maximum hop count for MST domain.
Note: The maximum hop count is M ST domain maximum hop count if and onl y if the configured device is root of the domain; other roots cannot configure this item effectively.
3.7.5
www.raisecom.com
User Manual
assigning root bridge method, otherwise, the assigned root bridge or backup bridge may be invalid. Please configure root bridge or backup bridge for the device as below: Step 1 2 Configuration Raisecom#config Raisecom(config)#spanning-tree [instance instance-id] root {primary|secondary} Note: User can confirm the effective instance of root bridge or backup bridge through the parameter instance instance-id. The current device will be assigned as root bridge or backup bridge of CIST if instance-id is 0 or parameter instance instance-id is omitted. The roots in device instances are independent mutually, that is to say, they can not only be the root bridge or ba ckup bridge of on e i nstance, but also the root bridge or ba ckup bridge of other spanning tree instances. However, in the same spanning tree instance, the same device cannot be used as root bridge and backup bridge at the same time. User cannot assign two or more root bridges for one spanning tree instance, but can assign several backup bridges for one spanning tree. Generally speaking, users had better assign one root bridge and several backup bridges for a spanning tree. Description Enter global configuration mode. Set device as root bridge or backup bridge for a STP instance.
3.7.6
Note: Value of priority must be multiples of 4096, like 0, 4096, 8192, etc. it is 32768 by default.
57
www.raisecom.com
User Manual
3.7.7
3.7.8
Please configure inner path cost for the device as below: Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface port port-id Raisecom(config-port)#spanning-tree [ instance instance-id ] inter-path-cost cost-value Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure inner path cost for interface.
58
www.raisecom.com
User Manual
3.7.9
3.7.10
3.7.11
All de vices i n t he w hole s witch ne twork a dopt t he t hree t ime pa rameters on C IST r oot de vice, s o
59
www.raisecom.com only the root device configuration is valid. Please configure timer for the device as below: Step 1 2 3 4 Configuration Raisecom#config Raisecom(config)#spanning-tree hello-time value Raisecom(config)#spanning-tree forward-delay value Raisecom(config)#spanning-tree max-age value Description Enter global configuration mode. Set Hello Time. Set Forward Delay. Set Max Age.
User Manual
3.7.12
3.7.13
www.raisecom.com Please configure link type for the device as below: Step 1 Configuration Raisecom#config Raisecom(config)#interface port port-id 2 Raisecom(config-port)#spanning-tree link-type { auto | point-to-point | shared } Description Enter global configuration mode. Enter physical layer interface configuration mode.
User Manual
3.7.14
Raisecom(config-port)#spanning-tree Configure root interface protection rootguard { enable | disable } attributes for interface.
3.7.15
www.raisecom.com Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface port port-id Raisecom(config-port)#spanning-tree loopguard { enable | disable } Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure interface loopguard attributes.
User Manual
3.7.16
Raisecom(config-port)#spanning-tree mcheck Execute mcheck operation, force to remove interface to MSTP mode.
3.7.17
Checking configuration
Check the result by the commands below after configuration: No. 1 2 Item Raisecom#show spanning-tree Raisecom#show spanning-tree [ instance instance-id ] port port-list [ detail ] Raisecom#show spanning-tree region-operation Description Show basic configuration information of STP. Show configuration of spanning tree under interface. Show MST domain configuration information.
www.raisecom.com
User Manual
intentionally or i nvoluntary. Enable loopback de tection function at dow nlink i nterface of access device to av oid the network jam formed by unlimited copies of data traffic caused by downlink interface loop. Block the loop interface once there is a loop.
3.8.1.2
Preconditions Configure interface physical parameters to make it Up before configuring loopback detection.
3.8.2
3.8.3
Step 1 2 3 4 5
www.raisecom.com Step 6 Configuration Raisecom(config)#loopback-detection down-time { time-value | infinite } Raisecom(config)#no loopback-detection discarding port-list port-list Description
User Manual
(Optional) Configure the automatic open blocked interface time for loopback detection Enable the port blocked by loopback detection.
3.8.4
Checking configuration
Check the result by the commands below after configuration: No. 1 Item Raisecom#show loopback-detection [ port-list port-list ] Raisecom#show loopback-detection block-vlan [ port-list port-list ] Description Show interface loopback detection configuration. Show the VLAN information blocked by loopback detection.
3.9.1.2
Preconditions N/A
3.9.2
3.9.3
www.raisecom.com Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface port port-id Raisecom(config-port)#switchport protect Description Enter global configuration mode. Enter physical layer interface configuration mode. Enable interface protection.
User Manual
3.9.4
Checking configuration
Check the result by the commands below after configuration: No. 1 Item Raisecom#show switchport protect Description Show interface protection configuration.
3.10.2
65
www.raisecom.com Function Mirror source interface ingress/egress message filter destination MAC address Default value 0000.0000.0000
User Manual
Note: The mirror monitoring interface displays empty when configuring message mirror to CPU.
3.10.3
Please configure local interface mirror for the device as below: Step 1 2 Configure Raisecom#config Raisecom(config)#mirror { monitor-cpu | monitor-port port-id } Raisecom(config)#mirror source-port-list { both port-list | egress port-list | ingress port-list [ egress port-list ] } Raisecom(config)#mirror enable Description Enter global configuration mode. Configure the message mirror of interface mirror to CPU or specified monitoring interface. Configure the mirror source interface of interface mirror function and designate the mirror rule for interface mirror. Enable interface mirror function.
3.10.4
Checking configuration
Check the result by the commands below after configuration: No. 1 Item Raisecom#show mirror Description Show interface mirror configuration.
66
User Manual
Configure physical pa rameters f or t he i nterface to set it in Up status be fore configuring layer-2 protocol transparent transmission function.
3.11.2
3.11.3
3 4 5
67
www.raisecom.com
User Manual
3.11.4
Note: The range packet loss threshold and interface shutdown threshold of transparent transmission message are bot h 1 -4096. G enerally, please configure packet l oss threshold smaller tha n interface shutdown threshold.
3.11.5
Checking configuration
Check the result by the commands below after configuration: No. 1 2 Item Raisecom#show relay [ port-list port-list ] Raisecom#show relay statistics [ port-list port-list ] Description Show configuration and status of transparent transmission. Show the statistics of transparent transmission packets.
3.12 Maintenance
Users can maintain Ethernet features by the following commands: Commands Raisecom(config)#clear mac-address-table { all | blackhole | dynamic | static } Raisecom(config)#search mac-address mac-address { all | dynamic | static } [ port port-id ] [ vlan vlan-id ] Raisecom(config-port)#spanning-tree clear statistics Raisecom(config-port)#clear loopback-detection statistic Raisecom(config)#clear relay statistics [ port-list port-list ] Description Clear MAC address. Search MAC address.
Clear interface spanning tree statistics information. Clear loopback detection statistics information. Clear statistics information of transparent transmission message.
68
www.raisecom.com
User Manual
3.13.1.2 Configuration steps Step 1 Create VLAN 10 and active it, add Port 2 into VLAN 10:
Raisecom#config Raisecom(config)#create vlan 10 active Raisecom(config)#interface port 2 Raisecom(config-port)#switchport mode access Raisecom(config-port)#switchport access vlan 10 Raisecom(config-port)#exit
Step 2 Step 3
Configure a static unicast MAC address 0001.0203.0405 at Port 2, belonged to VLAN10: Configure MAC address aging time as 500 seconds:
3.13.1.3 Show result Show M AC a ddress c onfiguration by t he c ommand of show mac-address-table l2-address port port-id:
Raisecom#show mac-address-table l2-address port 2 69
www.raisecom.com
Aging time: 500 seconds Mac Address Port Vlan Flags
User Manual
3.13.2
3.13.2.1 Networking requirement As the Figure 3-14 shows below, PC1, PC2, and PC5 belong to VLAN 10, PC3 and PC4 belong to VLAN 20; t he t wo de vices a re c onnected by T runk i nterface, PC3 a nd PC4 cannot c ommunicate because VLAN20 is not permitted passing in the link; PC1 and PC2 under the same Switch B enable interface protection function so that they cannot communicate with each other, but can respectively communicate with PC5.
3.13.2.2 Configuration steps Step 1 Create VLAN10 and VLAN20 on the two devices respectively and activate them.
Configure Switch A:
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#create vlan 10,20 active
Configure Switch B:
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#create vlan 10,20 active
Step 2
Add Access mode interface Port 2 and Port 3 of Switch B into VLAN 10, add Access mode
70
www.raisecom.com
User Manual
interface Port 4 into VLAN20, interface Port 1 is in Trunk mode and permits VLAN 10 passing.
SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode access SwitchB(config-port)#switchport access vlan 10 SwitchB(config-port)#exit SwitchB(config)#interface port 3 SwitchB(config-port)#switchport mode access SwitchB(config-port)#switchport access vlan 10 SwitchB(config-port)#exit SwitchB(config)#interface port 4 SwitchB(config-port)#switchport mode access SwitchB(config-port)#switchport access vlan 20 SwitchB(config-port)#exit SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk allowed vlan 10 confirm SwitchB(config-port)#exit
Step 3 Add Access mode interface Port 2 of Switch A into VLAN 10, add Trunk mode interface Port 3 into VLAN20, interfacePort1 is in Trunk mode and permits VLAN 10 passing.
SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode access SwitchA(config-port)#switchport access vlan 10 SwitchA(config-port)#exit SwitchA(config)#interface port 3 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk native vlan 20 SwitchA(config-port)#exit SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 10 confirm
Step 4
Enable interface protection function for interface Port 2 and Port 3 of Switch B:
3.13.2.3 Show result Check whether the VLAN configuration information is correct by the command of show vlan.
71
User Manual
------------------------------------------------------------------------------1 10 20 Default VLAN0010 VLAN0020 active static -active active static -static -1-6 1,3-4 5
Check whether the interface VLAN configuration is correct by the command of show interface port port-id switchport. Take Switch B for example:
SwitchB#show interface port 2 switchport Interface: port2 Administrative Mode: access Operational Mode: access Access Mode VLAN: 10 Administrative Access Egress VLANs: 1 Operational Access Egress VLANs: 1,10 Trunk Native Mode VLAN: 1 Administrative Trunk Allowed VLANs: 1-4094 Operational Trunk Allowed VLANs: 1,10,20 Administrative Trunk Untagged VLANs: 1 Operational Trunk Untagged VLANs: 1
Check whether the interface protection configuration is correct by the command of show switchport protect
SwitchB#show switchport protect Port Protected State
Check whether Trunk interface permitting VLAN passing is correct by operating PC1 ping PC5, PC2 ping PC5, PC3 ping PC4: PC1 ping PC5, ping successfully, VLAN 10 communication is normal; PC2 ping PC5, ping successfully, VLAN 10 communication is normal; PC3 ping PC4, ping unsuccessfully, VLAN 20 communication is abnormal.
72
www.raisecom.com
User Manual
Check whether the interface protection function is correct by operating PC1 ping PC2: PC1 ping PC2, ping unsuccessfully, interface protection function takes effect.
3.13.3
3.13.3.1 Networking requirement As the Figure 3-15 shows below, Switch A and Switch B are connected to VLAN 100 and VLAN 200 r espectively. If de partment E a nd de partment C , de partment F a nd de partment D w ant t o communicate through carrier network, they must set outer Tag as VLAN 1000. Configure interface Port 2 a nd Port 3 i n d ot1q-tunnel m ode on S witch A a nd S witch B, r espectively c onnect t o t wo different VLAN. Interface Port 1 is uplink carrier network interface, set it in Trunk mode and permit double Tag message passing, carrier TPID is 9100.
3.13.3.2 Configuration steps Step 1 Create VLAN 100, VLAN 200, and VLAN 1000 and activate them, TPID is 9100.
Configure Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#mls double-tagging tpid 9100 SwitchA(config)#create vlan 100,200,1000 active 73
User Manual
Step 2
Configure Switch A.
SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk native vlan 1000 SwitchA(config-port)#switchport qinq dot1q-tunnel SwitchA(config-port)#exit SwitchA(config)#interface port 3 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk native vlan 1000 SwitchA(config-port)#switchport qinq dot1q-tunnel SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk native vlan 1000 SwitchB(config-port)#switchport qinq dot1q-tunnel SwitchB(config-port)#exit SwitchB(config)#interface port 3 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk native vlan 1000 SwitchB(config-port)#switchport qinq dot1q-tunnel SwitchB(config-port)#exit
Step 3
Configure Switch A.
SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 1000 confirm
Configure Switch B.
SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk allowed vlan 1000 confirm
74
www.raisecom.com 3.13.3.3 Show result Check QinQ configuration by the command of show switchport qinq. Take Switch A for example:
SwitchA#show switchport qinq Outer TPID: 0x9100 Interface QinQ Status
User Manual
3.13.4
3.13.4.1 Networking requirement As the Figure 3-16 shows below, carrier network contains common PC Internet service and IP phone service, PC Internet service is assigned to VLAN 1000, IP phone service is assigned to VLAN 2000. Configure Switch A a nd Switch B l ike t his: a dd outer T ag V LAN 10 00 f or PC Internet s ervice VLAN 100-VLAN 150, a dd out er Tag 2000 f or V LAN 300 -Vlan 400 f or IP phone s ervice, make client and server communicate in order through carrier network. The carrier TPID is 9100.
Port 3
Port 1
Switch B
Port 1
Port 2
Switch A
Port 3
Port 2
Switch C
IP
IP
www.raisecom.com
User Manual
3.13.4.2 Configuration steps Step 1 Create VLAN 100, VLAN 200, and VLAN 1000 and activate them, TPID is 9100.
Configure Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#mls double-tagging tpid 9100 SwitchA(config)#create vlan 100-150, 300-400, 1000, 2000 active
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#mls double-tagging tpid 9100 SwitchB(config)#create vlan 100-150, 300-400, 1000, 2000 active
Step 2
Configure Switch A.
SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000 SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm SwitchA(config-port)#exit SwitchA(config)#interface port 3 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000 SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000 SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm SwitchB(config-port)#exit SwitchB(config)#interface port 3 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000 SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm SwitchB(config-port)#exit
Step 3
Configure Switch A.
76
www.raisecom.com
SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 1000,2000 confirm
User Manual
Configure Switch B.
SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk allowed vlan 1000,2000 confirm
3.13.4.3 Show result Check QinQ c onfiguration b y t he c ommand of show interface port port-id vlan-mapping add-outer. Take Switch A for example:
SwitchA#show interface port 2 vlan-mapping add-outer Based outer VLAN QinQ mapping rule: Original Port Outer VLAN Original Add-outer Add-outer Hardware Hardware COS VLAN COS Status ID
SwitchA#show interface port 3 vlan-mapping add-outer Based outer VLAN QinQ mapping rule: Original Port Outer VLAN Original Add-outer Add-outer Hardware Hardware COS VLAN COS Status ID
3.13.5
3.13.5.1 Networking requirement As the Figure 3-17 shows below, Port 2 and Port 3 of Switch A respectively connect to department E by VLAN 100 and to department F by VLAN 200, Port 2 and Port 3 of Switch B respectively connect to department C by VLAN 100 and to department D by VLAN 200. Assigning VLAN 1000 for department E and C transmission in carrier network, assign VLAN 2008 for department F and D transmission. Configure 1:1 VLAN mapping for Switch A and Switch B to realize normal communication between PC user and terminal user with servers.
77
www.raisecom.com
User Manual
3.13.5.2 Configuration steps Configuration of Switch A is identical to Switch B, here just describe Switch A configuration. Step 1 Create VLAN and activate it.
Step 2
Configure interface Port 1 in trunk mode, permit VLAN 1000 and VLAN 2008 passing.
SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 1000,2008 confirm SwitchA(config-port)#exit
Step 3 Configure interface Port 2 in Access mode, permit VLAN 100 passing and enable VLAN mapping.
SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode access SwitchA(config-port)#switchport access vlan 100 SwitchA(config-port)#switchport vlan-mapping ingress 100 translate 1000 SwitchA(config-port)#switchport vlan-mapping egress 1000 translate 100 SwitchA(config-port)#exit 78
www.raisecom.com
User Manual
Step 4 Configure interface Port 3 in t runk mode, pe rmit VLAN 200 pa ssing a nd e nable VLAN mapping.
SwitchA(config)#interface port 3 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 200 confirm SwitchA(config-port)#switchport vlan-mapping ingress 200 translate 2008 SwitchA(config-port)#switchport vlan-mapping egress 2008 translate 200
3.13.5.3 Show result Check 1:1 V LAN m apping c onfiguration by t he c ommand of show interface port port-id vlan-mapping {ingress | egress} translate.
SwitchA(config)#show interface port 2 vlan-mapping ingress translate
Outer-VID Mode
Inner-VID Hw-ID
3.13.6
Configure STP
3.13.6.1 Networking requirement As the Figure 3-18 shows below, the three devices Switch A, Switch B and Switch C make up a ring, user has to solve loop in ring network link. Enable STP on the three devices, set Switch A priority as 0, change overhead from Switch B to Switch A to 10.
3.13.6.2 Configuration steps Step 1 Enable STP function on the three devices.
Configure Switch A.
79
www.raisecom.com
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#spanning-tree enable SwitchA(config)#spanning-tree mode stp
User Manual
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#spanning-tree enable SwitchB(config)#spanning-tree mode stp
Configure Switch C.
Raisecom#hostname SwitchC SwitchC#config SwitchC(config)#spanning-tree enable SwitchC(config)#spanning-tree mode stp
Step 2
Configure Switch A.
SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit
Configure Switch C.
SwitchC(config)#interface port 1 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit SwitchC(config)#interface port 2 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit
Step 3
Configure Switch A.
SwitchA(config)#spanning-tree priority 0 SwitchA(config)#interface port 2 SwitchA(config-port)#spanning-tree inter-path-cost 10
Configure Switch B.
80
www.raisecom.com
SwitchB(config)#interface port 1 SwitchB(config-port)#spanning-tree inter-path-cost 10
User Manual
3.13.6.3 Show result Show bridge status by the command of show spanning-tree. Switch A:
Raisecom#show spanning-tree MSTP Admin State: Enable Protocol Mode: STP BridgeId: Root: Operational: Configured: Mac 000E.5E7B.C557 Priority 0 Mac 000E.5E7B.C557 Priority 0 RootCost 0
Switch B:
Raisecom#show spanning-tree MSTP Admin State: Enable Protocol Mode: STP BridgeId: Root: Operational: Configured: Mac 000E.5E83.ABD1 Priority 32768 RootCost 10
Switch C:
Raisecom#show spanning-tree MSTP Admin State: Enable Protocol Mode: STP BridgeId: Root: Operational: Configured: Mac 000E.5E83.ABD5 Priority 32768 RootCost 200000
Show interface status by the command of show spanning-tree port port-list. Switch A:
Raisecom#show spanning-tree port 1, 2 Port ID:1 PortEnable: admin: enable Rootguard: disable oper: enable
Loopguard: disable ExternPathCost:10 Partner MSTP Mode: stp Bpdus send: 279 (TCN<0> (TCN<13> Role:designated Config<279> Config<0> RST<0> MST<0>) MST<0>) Cost: 200000 81
RST<0>
Priority:128
www.raisecom.com
Root: Mac 000E.5E7B.C557 Priority 0 RootCost 0 DesignatedPort 32777
User Manual
Loopguard: disable ExternPathCost:200000 Partner MSTP Mode: stp Bpdus send: 279 (TCN<0> Config<279> Config<0> RST<0> MST<0>) MST<0>) Cost: 200000 RootCost 0 DesignatedPort 32778
(TCN<6>
RST<0>
Role:designated
Priority:128
Switch B:
Raisecom#show spanning-tree port 1, 2 Port ID:1 PortEnable: admin: enable Rootguard: disable oper: enable
Loopguard: disable ExternPathCost:10 Partner MSTP Mode: stp Bpdus send: 279 (TCN<0> (TCN<13> Role:designated Config<279> Config<0> RST<0> MST<0>) MST<0>) Cost: 200000 RootCost 0 DesignatedPort 32777
RST<0>
Priority:128
Loopguard: disable ExternPathCost:200000 Partner MSTP Mode: stp Bpdus send: 279 (TCN<0> Config<279> Config<0> RST<0> MST<0>) MST<0>) Cost: 200000 RootCost 0 DesignatedPort 32778
(TCN<6>
RST<0>
Role:designated
Priority:128
Switch C:
www.raisecom.com
Port ID:1 PortEnable: admin: enable Rootguard: disable oper: enable
User Manual
Loopguard: disable ExternPathCost:200000 Partner MSTP Mode: stp Bpdus send: 22 (TCN<12> (TCN<0> Config<10> Config<390> RST<0> RST<0> MST<0>) MST<0>) Cost: 200000
Role:non-designated
Priority:128
Priority 32768
Loopguard: disable ExternPathCost:200000 Partner MSTP Mode: stp Bpdus send: 38 (TCN<6> (TCN<0> Config<32> Config<368> Priority:128 RST<0> RST<0> MST<0>) MST<0>)
Role:root
3.13.7
Configure MSTP
3.13.7.1 Networking requirement As the Figure 3-19 shows below, three ISCOM2924GF devices make up a ring network, run MSTP protocol, domain name is aaa. Switch B and Switch C respectively connect to two PC, which belong to VLAN 3 a nd VLAN 4 r espectively. Instance 3 associates with VLAN3 and instance 4 associates with VLAN4. Configure Switch B instance 3 path cost, make message of the two VLAN forward at the two paths, and then remove the loop and realize load sharing.
83
www.raisecom.com
User Manual
3.13.7.2 Configuration steps Step 1 Create VLAN 3 and VLAN 4 on the three switches respectively and activate them.
Configure Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#create vlan 3-4 active
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#create vlan 3-4 active
Configure Switch C.
Raisecom#hostname SwitchC SwitchC#config SwitchC(config)#create vlan 3-4 active
Step 2 Set Switch A interface Port 1, Port 2 in trunk mode and permit all VLAN passing, Switch B interface Port 1, Port 2 in trunk mode and permit all VLAN passing, Switch C interface Port 1, Port 2 in trunk mode and permit all VLAN passing. Interface Port 3 and Port4 of Switch B and Switch C are in Access mode and permit VLAN3 and VLAN4 passing respectively. Configure Switch A.
SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit SwitchA(config)#interface port 2 84
www.raisecom.com
SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit
User Manual
Configure Switch B.
SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit SwitchB(config)#interface port 3 SwitchB(config-port)#switchport access vlan 3 SwitchB(config-port)#exit SwitchB(config)#interface port 4 SwitchB(config-port)#switchport access vlan 4 SwitchB(config-port)#exit
Configure Switch C.
SwitchC(config)#interface port 1 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit SwitchC(config)#interface port 2 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit SwitchC(config)#interface port 3 SwitchC(config-port)#switchport access vlan 3 SwitchC(config-port)#exit SwitchC(config)#interface port 4 SwitchC(config-port)#switchport access vlan 4 SwitchC(config-port)#exit
Step 3 Set MSTP mode for Switch A , Switch B, Switch C, enable spanning tree protocol. Enter MSTP configuration m ode a nd s et dom ain na me as aaa, revision version is 0, instance 3 mapping to VLAN 3, instance 4 mapping to VLAN 4, exit mst configuration mode. Configure Switch A.
SwitchA(config)#spanning-tree mode mstp SwitchA(config)#spanning-tree enable SwitchA(config)#spanning-tree region-configuration SwitchA(config-region)#name aaa SwitchA(config-region)#revision-level 0 SwitchA(config-region)#instance 3 vlan 3 SwitchA(config-region)#instance 4 vlan 4
Configure Switch B.
SwitchB(config)#spanning-tree mode mstp 85
www.raisecom.com
SwitchB(config)#spanning-tree enable SwitchB(config)#spanning-tree region-configuration SwitchB(config-region)#name aaa SwitchB(config-region)#revision-level 0 SwitchB(config-region)#instance 3 vlan 3 SwitchB(config-region)#instance 4 vlan 4 SwitchB(config-region)#exit
User Manual
Configure Switch C.
SwitchC(config)#spanning-tree mode mstp SwitchC(config)#spanning-tree enable SwitchC(config)#spanning-tree region-configuration SwitchC(config-region)#name aaa SwitchC(config-region)#revision-level 0 SwitchC(config-region)#instance 3 vlan 3 SwitchC(config-region)#instance 4 vlan 4
Step 4 The inner path cost of spanning tree instance 3 interface Port 1 modified from Switch B is 500000.
SwitchB(config)#interface port 1 SwitchB(config-port)#spanning-tree instance 3 inter-path-cost 500000
3.13.7.3 Show result Show MST domain configuration by the command of show spanning-tree region-configuration.
Raisecom#show spanning-tree region-operation Operational Information: ----------------------------------------------Name: aaa Revision level: 0 Instances running: 3 Digest: 0X7D28E66FDC1C693C1CC1F6B61C1431C4 Instance -------0 3 4 Vlans Mapped ---------------------1,2,5-4094 3 4
Check whether the basic information of spanning tree instance 3 is correct by the command of show spanning-tree instance 3. Switch A:
www.raisecom.com
Protocol Mode: MSTP MST ID: 3 ----------------------------------------------------------BridgeId: Mac 0000.0000.0001 Priority 32768 Priority 32768 InternalRootCost 0 TrunkPort
User Manual
PathCost
PortPriority LinkType
------------------------------------------------------------------------1 2 forwarding designated 200000 forwarding designated 200000 128 128 point-to-point point-to-point no no
Switch B:
SwitchB#show spanning-tree instance 3 MSTP Admin State: Enable Protocol Mode: MSTP MST ID: 3 ----------------------------------------------------------BridgeId: Mac 0000.0000.0002 Priority 32768 Priority 32768 InternalRootCost 400000 TrunkPort
PathCost
PortPriority LinkType
------------------------------------------------------------------------1 3 7 discarding forwarding alternate 500000 root 200000 128 128 128 point-to-point no point-to-point no point-to-point no
Switch C:
Switch C#show spanning-tree instance 3 MSTP Admin State: Enable Protocol Mode: MSTP MST ID: 3 ----------------------------------------------------------BridgeId: Mac 0000.0000.0003 Priority 32768 Priority 32768 InternalRootCost 200000 TrunkPort
PathCost
PortPriority LinkType
------------------------------------------------------------------------2 3 7 forwarding root 200000 128 128 128 point-to-point no point-to-point point-to-point no no
Check whether the basic information of spanning tree instance 4 is correct by the command of show spanning-tree instance 4. Switch A:
www.raisecom.com
Spanning-tree protocol mode: MSTP MST ID: 4 ----------------------------------------------------------BridgeId: Mac 000E.5E00.0000 Priority 32768 InternalRootCost 0 TrunkPort
User Manual
PortPriority LinkType
-------------------------------------------------------------------------------P1 P2 discarding disabled disabled disabled 200000 200000 128 128 point-to-point point-to-point yes yes
Switch B:
SwitchB#show spanning-tree instance 4 MSTP Admin State: Enable Protocol Mode: MSTP MST ID: 4 ----------------------------------------------------------BridgeId: Mac 0000.0000.0002 Priority 32768 Priority 32768 InternalRootCost 200000 TrunkPort
PathCost
PortPriority LinkType
------------------------------------------------------------------------1 3 8 forwarding root 200000 128 128 128 point-to-point point-to-point no point-to-point no no
Switch C:
SwitchC#show spanning-tree instance 4 MSTP Admin State: Enable Protocol Mode: MSTP MST ID: 4 ----------------------------------------------------------BridgeId: Mac 0000.0000.0003 Priority 32768 Priority 32768 InternalRootCost 200000 TrunkPort
PathCost
PortPriority LinkType
------------------------------------------------------------------------2 3 8 forwarding discarding discarding root 200000 128 128 128 point-to-point point-to-point no point-to-point no no
3.13.8
3.13.8.1 Networking requirement As the Figure 3-20 s hows be low, S witch A Port 1 c onnects t o c ore ne twork, Port 2 a nd Port 3 of Switch A connect to user network. There is loop in user network. Enable loopback detection function
88
www.raisecom.com in Switch A to detect loop in user network and block related interface.
User Manual
3.13.8.2 Configuration steps Create VLAN 3 and add interface Port 1 and Port 2 into VLAN 3.
Raisecom#config Raisecom(config)#create vlan 3 active Raisecom(config)#interface port 2 Raisecom(config-port)#switchport access vlan 3 Raisecom(config-port)#exit Raisecom(config)#interface port 3 Raisecom(config-port)#switchport access vlan 3 Raisecom(config-port)#exit
3.13.8.3 Show result Show interface loopback detection status by the command of show loopback-detection.
Raisecom#show loopback-detection port-list 2 Destination address: ffff.ffff.ffff Mode:Vlan-based Period of loopback-detection:3s Restore time:infinite Port State Status loop vlanlist 89
--------------------------------------------------------------
www.raisecom.com
port2 Ena no trap-only --
User Manual
3.13.9
3.13.9.1 Networking requirement As the Figure 3-21 shows below, network administrator hope to monitor the message of user network 1 onl y through da ta m onitoring de vice s o a s t o obt ain t he da ta t raffic f or f ailure a nd a bnormal t o analyze, find root cause and solve it timely. Switch prohibits all the spontaneous packet function and storm suppression function. User network 1 connects switch via Port 1; user network 2 connects switch via Port 2; the data monitoring device is connected to Port 3 on switch.
3.13.9.3 Show result Show whether the interface mirror configuration is correct by the command of show mirror.
Raisecom#show mirror Mirror: Enable Monitor port: port3 -----------the ingress mirror rule----------Mirrored ports: port-list 1 -----------the egress mirror rule----------90
www.raisecom.com
Mirrored ports: --
User Manual
3.13.10
3.13.10.1 Networking requirement As the Figure 3-22 shows below, Switch A a nd Switch B connect to two user networks VLAN 100 and VLAN 2 00 respectively. User needs to configure layer-2 pr otocol t ransparent t ransmission function on Switch A and Switch B in order to make the same user network in different regions run STP entirely.
3.13.10.2 Configuration steps Step 1 Create VLAN 100, 200 and activate them.
Configure Switch A.
Raisecom#hostname SwitchASwitchA#config SwitchA(config)#create vlan 100,200 active
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#create vlan 100,200 active
Step 2 Configure interface port 2 in Access mode, Access VLAN is 100, enable STP transparent transmission, and set STP message transparent transmission threshold as 1500. Configure Switch A.
SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode access SwitchA(config-port)#switchport access vlan 100 SwitchA(config-port)#relay stp SwitchA(config-port)#relay port 1 SwitchA(config-port)#relay drop-threshold stp 1500 SwitchA(config-port)#exit 91
User Manual
Step 3 Set i nterface por t 2 in Access m ode, Access VLAN is 200, enable STP transparent transmission, and set STP message transparent transmission threshold as 1000. Configure Switch A.
SwitchA(config)#interface port 3 SwitchA(config-port)#switchport mode access SwitchA(config-port)#switchport access vlan 200 SwitchA(config-port)#relay stp SwitchA(config-port)#relay port 1 SwitchA(config-port)#relay drop-threshold stp 1000 SwitchA(config-port)#exit
Configure Switch B.
SwitchB(config)#interface port 3 SwitchB(config-port)#switchport mode access SwitchB(config-port)#switchport access vlan 200 SwitchB(config-port)#relay stp SwitchB(config-port)#relay port 1 SwitchB(config-port)#relay drop-threshold stp 1000 SwitchB(config-port)#exit
Step 4
Configure Switch A.
SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk
Configure Switch B.
SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk
3.13.10.3 Show result Check whether the l ayer-2 pr otocol t ransparent t ransmission c onfiguration i s c orrect by the command of show relay: Take Switch A for example:
92
www.raisecom.com
SwitchA#show relay port-list 1-3 COS for Encapsulated Packets: 5 Destination MAC Address for Encapsulated Packets: 010E.5E00.0003 Port vlan Egress-Port Protocol Drop-Threshold Shutdown-Threshold
User Manual
port2(up)
--
port1
1500 -------
--------
port3(up)
--
port1
1000 -------
--------
93
www.raisecom.com
User Manual
Chapter 4 Routing
This chapter introduces basic principle and configuration of routing features, and provides the related configuration examples. Overview Configuring ARP Configuring layer-3 interface Configuring static routing Maintenance Configuration examples
4.1 Overview
4.1.1 ARP
In TCP/IP network e nvironment, e ach h ost w as assigned with a 32 -bit I P a ddress that is a lo gical address us ed t o i dentify ho st be tween ne tworks. To t ransmit message i n ph ysical l ink, us er m ust know the physical address of destination host, which requires mapping IP address to physical address. In Ethernet environment, physical address is 48-bit MAC address. Users have to transfer the 32-bit destination hos t I P a ddress to 48 -bit E thernet a ddress for t ransmitting message t o destination hos t correctly. Then ARP (Address Resolution Protocol) is applied to analyze IP address to MAC address and set mapping relationship between IP address and MAC address. ARP address mapping table includes the following two types: Static table entry: bi nd I P a ddress and MAC address to avoid A RP dy namic learning cheating. Static ARP address table entry needs to be added / deleted manually. No aging to static ARP address. Dynamic table entry: MAC address automatically learned through ARP. This dynamic ta ble e ntry is a utomatically generated by switch. User can adjust pa rtial parameters of it manually. The dynamic ARP address table entry will age at the aging time if no use.
The d evice i s i n s upport of two ki nds of dynamic l earning modes f or ARP a ddress mapping t able entry: learn-all and learn-reply-only. ARP request packets and answer packets both learning when in learn-all mode. When device A s ends ARP r equest f or g rouping, it writes the mapping relationship of IP address and physical address into ARP request packets. After receiving ARP request packets from device A, Device B w ill le arn the address mapping relationship to its own a ddress mapping table. Then the device B can send packets to device A later without ARP request. Only learn A RP a nswering packets w hen d evice is in learn-reply-only mode. Just answer ARP pa ckets f or t he A RP r equest f rom ot her de vices without ARP a ddress m apping t able learning. This m ode i ncreases network l oad but a voids some ne twork a ttack ove r ARP request packet.
94
www.raisecom.com
User Manual
4.1.2
Layer-3 interface
Layer-3 interface refers t o IP i nterface, is the v irtual int erface c onfiguration based on V LAN. Configuring L ayer-3 interface is generally us ed in the need for device network management or routing link c onnection of multiple de vices. Associate a l ayer-3 interface to VLAN r equired configuring IP address; each layer-3 interface will correspond to an IP address and associate with one VLAN at least.
4.1.3
Routing
Routing function is required for communication among different devices in one VLAN, or different VLAN. Routing is to transmit packets through network to destination, which adopts routing table for packets forwarding. There are three modes to execute routing function: Default routing: f orwarding t he packets w ithout destination address to a n assigned de fault router. Static routing: configure routing manually to f orward packets f rom t he a ssigned i nterface. This is suitable to simple network topology. Dynamic routing: learning routing dynamically through routing protocol which can calculate the best route for packets forwarding. This mode will take up more bandwidth and network resource. Now, there are two dynamic routing protocols available: Distance v ector pr otocol: ea ch device m aintains a vector t able, which lists the known best di stance and pa th to other de stination devices. By e xchanging i nformation w ith neighbor devices, the device can update internal vector table continuously. Link s tatus pr otocol: the devices bui ld l ink s tatus da tabase t hrough ne twork i nterface status notification; the database contains all links status straight-connected to all devices. All devices share the same network topology, but each device can judge the best path to each node in network topology. Link status protocol can response on topology changes quickly, but ne ed more b andwidth a nd r esources c ompared w ith di stance vector protocol.
The ISCOM2924GF device is only in support of default routing and static routing, dynamic routing function is unavailable at present.
4.1.3.1
Default routing Default Routing is a special routing that only be used when there is no matched item searched from routing t able. Default r outing a ppears a s a r oute t o n etwork 0.0.0. 0 ( with mask 0.0.0.0) i n r outing table. User can show default routing configuration by the command of show ip route. If destination address of pa cket c annot m atch w ith a ny i tem i n t he r outing t able, t he pa cket w ill c hoose d efault routing. If t he de vice ha snt configured de fault r outing a nd the destination I P of pa cket i s not i n routing t able, t he de vice w ill di scard t he p acket a nd r eturn an IC MP p acket t o transmitting end to inform that the destination address or network is unavailable.
4.1.3.2
Static routing Static routing is routing configured manually. It is available to simple, small and stable network. The disadvantage is it cannot a dapt t o n etwork t opology c hanges a utomatically and ne eds m anual intervention.
95
www.raisecom.com
User Manual
4.2.1.2
Preconditions N/A
4.2.2
4.2.3
Please configure static ARP table entry for the device as below: Step 1 2 Configuration Raisecom#config Raisecom(config)#arp ip-address mac-address Description Enter global configuration mode. Configure static ARP table entry.
4.2.4
www.raisecom.com Step 1 2 Configuration Raisecom#config Raisecom(config)#arp aging-time second Description Enter global configuration mode. (Optional) Configure aging time for ARP dynamic table entry. The entries over aging time will be deleted by device.
User Manual
Note: The ARP dynamic table entry wont be aged if setting the aging time as 0s.
4.2.5
Checking configuration
Check the result by the commands below after configuration: No. 1 2 3 4 Item Raisecom#show arp Raisecom#show arp ip-address Raisecom#show arp ip if-number Raisecom#show arp static Description Check whether all information in ARP address mapping table is correct. Check whether the ARP table information related to specified IP address is correct. Check whether the ARP table information related to layer-3 interface is correct. Check whether the static ARP table information is correct.
4.3.1.2
Preconditions Configure VLAN associated with interface and activate it before configuring layer-3 interface.
4.3.2
97
www.raisecom.com Step 3 Configuration Raisecom(config-ip)#ip address ip-address [ ip-mask ] [ sub ] [ vlan-list ] Note: Description
User Manual
Configure VLAN associated with layer-3 interface and activate it. User can use the command state {active | suspend} to activate the suspending VLAN before configuring it. Configure VLAN a ssociated with layer-3 interface, and user can specify m ore t han on e VLAN. I f configuring f or m any t imes, t he ne w configuration w ill cover the or iginal configuration, not to accumulate. ISCOM2924GF device can be configured 15 Layer-3 interfaces with range from 0 to 14.
4.3.3
Checking configuration
Check the result by the commands below after configuration: No. 1 2 Item Raisecom#show interface ip Raisecom#show interface ip vlan Description Check IP address configuration for layer-3 interface. Check the binding relation of layer-3 interface and VLAN.
4.4.1.2
98
www.raisecom.com Step 2 Configuration Raisecom(config)#ip default-gateway ip-address Description Configure IP address for default gateway.
User Manual
Note: W hen message required to forward doesnt ha ve related r outing i n t he d evice, t he c ommand of ip default-gateway can configure default ga teway, and forward this message to default gateway. The IP address of default ga teway must i n the s ame ne twork segment w ith the IP address of any local IP interface..
4.5 Maintenance
Use the following command to maintain IP feature: Command Raisecom(config)#clear arp Description Clear all table entries in ARP address mapping table.
Configure ARP
Networking requirement As t he Figure 4-1 shows below, ISCOM2924GF connects to host, connects to upstream R outer by interface Port 1. IP address of Router is 192.168.1.10/24, MAC address is 0050-8d4b-fd1e. User ne eds t o configure dynamic A RP ta ble entry aging t ime a s 600 s econds. To i mprove communication security between ISCOM2924GF and Router, user needs to configure related static ARP table entry on ISCOM2924GF device.
99
www.raisecom.com
User Manual
4.6.1.2
Configuration steps Configure device dynamic ARP table entry aging time as 600 seconds:
Raisecom#config Raisecom(config)#arp aging-time 600
4.6.1.3
Show result Check whether al l the table e ntry information i n A RP a ddress m apping t able i s correct by t he command of show arp:
Raisecom#show arp ARP table aging-time: 600 seconds(default: 1200s) Ip Address Mac Address Type Interface ip
100
www.raisecom.com
User Manual
4.6.2
4.6.2.1
4.6.2.2
Configuration steps Create VLAN and add the interface into VLAN.
Raisecom#config Raisecom(config)#create vlan 10 active Raisecom(config)#interface port 2 Raisecom(config-port)#switchport access vlan 10
Configure layer-3 interface on ISCOM2924GF device, and make the IP address interconnect VLAN.
Raisecom(config)#interface ip 10 Raisecom(config-ip)#ip address 192.168.1.2 255.255.255.0 10 Raisecom(config-ip)#exit
4.6.2.3
Show result Check whether the binding relation of VLAN and physical interface is correct b y the command of show vlan:
Raisecom(config-port)#show vlan 10 Switch Mode: -VLAN Name State Status Priority Member-Ports
Check whether the layer-3 interface configuration is correct by the command of show interface ip.
Raisecom(config-ip)#show interface ip IF Address NetMask Source Catagory
101
www.raisecom.com
User Manual
Check w hether t he bi nding relation of l ayer-3 i nterface a nd V LAN i s c orrect by t he c ommand of show interface ip vlan:
Raisecom#show interface ip vlan Ip Interface Vlan list
---------------------------0 10 10 1
Check whether the device and PC can ping each other by the command of ping:
Raisecom#ping 192.168.1.3 Type CTRL+C to abort Sending 5, 8-byte ICMP Echos to 192.168.18.119, timeout is 3 seconds: Reply from 192.168.1.3: time<1ms Reply from 192.168.1.3: time<1ms Reply from 192.168.1.3: time<1ms Reply from 192.168.1.3: time<1ms Reply from 192.168.1.3: time<1ms
---- PING Statistics---5 packets transmitted, 5 packets received, Success rate is 100 percent(5/5), round-trip (ms) min/avg/max = 0/0/0.
4.6.3
4.6.3.1
102
www.raisecom.com
User Manual
4.6.3.2
Configuration steps Configure IP address for each device. Enable routing function and configure static routing on Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#ip routing SwitchA(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.4 SwitchA(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.4
103
User Manual
Check whether all the devices can ping successfully with one another by the command of ping:
SwitchA#ping 10.1.1.3 Type CTRL+C to abort Sending 5, 8-byte ICMP Echos to 192.168.18.119, timeout is 3 seconds: Reply from 192.168.18.119: time<1ms Reply from 192.168.18.119: time<1ms Reply from 192.168.18.119: time<1ms Reply from 192.168.18.119: time<1ms Reply from 192.168.18.119: time<1ms
---- PING Statistics---5 packets transmitted, 5 packets received, Success rate is 100 percent(5/5), round-trip (ms) min/avg/max = 0/0/0.
104
www.raisecom.com
User Manual
Chapter 5 DHCP
This c hapter i ntroduces b asic pr inciple a nd c onfiguration of D HCP and pr ovides r elated configuration applications. Overview Configure DHCP Client Configure DHCP Snooping Configure DHCP Option Configuring Applications
5.1 Overview
5.1.1 DHCP overview
DHCP (Dynamic Host Configuration Protocol) refers to assign IP address configuration information dynamically for user in TCP/IP network. It is based on BOOTP (Bootstrap Protocol) protocol, and adds automatically specified available network address, network address re-use, and other extended configuration options over BOOTP protocol. With enlargement of ne twork s cale a nd de velopment of ne twork c omplexity, qua ntity of PC i n network usually exceeds available distributing IP address amount. Meanwhile, the widely use of notebook and wireless network lead PC position changes frequently and also the related IP address must update frequently. As a result of that, network configuration becomes more and more complex. DHCP is developed to solve these problems. DHCP adopts client/server communication mode. Client applies configuration to server (including IP address, Subnet mask, default gateway etc.) and server replies IP address for client and other related configuration information to realize dynamic configuration of IP address, etc. It us ually includes a s et of DHCP s erver and s everal c lients in typical a pplication of DHCP (for example PC or Notebook), as the Figure 5-1 shows below.
Figure 5-1 DHCP typical application networking Under n ormal ci rcumstances, use DHCP se rver to f inish IP a ddress distribution in following
105
www.raisecom.com situations:
User Manual
Network is large. It requires a lot of work for manual configuration, and is difficult to manage the entire network intensively. The number of hosts in ne twork is greater than the number of IP a ddresses, which make it unable t o a ssign a fixed IP a ddress, and restrict t he nu mber of us ers c onnected t o network simultaneously (Such as Internet access s ervice pr oviders). A large num ber of users must obtain their own IP address dynamically through DHCP service. Only the minority of hosts in ne twork need fixed I P addresses, most of hosts have no requirement for fixed IP address.
DHCP technology ensures the rational allocation, avoid the waste and improve the utilization rate of IP addresses in the entire network.
5.1.2
DHCP packet
DHCP packets format shows in the Figure 5-2. DHCP packets are encapsulated in UDP data packet.
Figure 5-2 Structure of DHCP Packet Meaning of different fields in DHCP packets shows as below Table: Tablev5-1 Fields definition of DHCP packet Field name OP 1 Length Packet type.
1 1 1
Hardware address type of DHCP client. Hardware address size of DHCP client. DHCP hops number passed from DHCP packet. This field increases 1 every time DHCP request packet passes a DHCP hop.
Transaction ID
Client chooses number at random when starts a request, used to mark process of address request.
106
User Manual
DHCP client passed time after starting DHCP request. It is unused now, fixed as 0. Bit 1 is broadcast reply flag, used to mark DHCP server reply packet is transmitted in unicast or broadcast mode.
0: unicast; 1: broadcast.
Bit 2 is reserved. Client IP address 4 DHCP client IP address, only be filled when client is bound, updated or re-bind status, can be used to reply ARP request. Client IP address distributed by DHCP server.
Your(client) IP address Server IP address Relay agent IP address Client hardware address Server host name File Options
4 4
IP address of DHCP server The first DHCP hop IP address after DHCP client sends request packet. Hardware address of DHCP client
16
64 128 Modifiable
DHCP server name DHCP client start up configuration file name and path assigned by DHCP server. A modifiable option field, including packet type, available leased period, DNS (Domain Name System) server IP address, WINS (Windows Internet Name Server) IP address, etc. information.
5.1.3
DHCP Option
DHCP transmits control information and network configuration parameters through Option field in packet t o r ealize a ddress dy namical di stribution s o a s t o pr ovide a bundant network c onfiguration information for c lient. DHCP protocol ha s 2 55 ki nds of opt ions, t he f inal opt ion i s 255. Common used DHCP options are: Options 3 6 18 51 Description Router option, to assign gateway for DHCP client. DNS server option, to assign DNS server address distributed by DHCP client. DHCP client flag option over IPv6, to assign interface information for DHCP client. IP address lease option
107
www.raisecom.com Options 53 55 Description DHCP packet type, to mark type for DHCP packets
User Manual
Request parameter lis t option. Client uses this optical to indicate ne twork configuration pa rameters ne ed t o obt ain f rom s erver. The c ontent of t his opt ion i s values corresponding to client requested parameters. DHCP client flag option over IPv6, to assign device information for DHCP client. TFTP server na me, t o a ssign dom ain na me f or T FTP s erver di stributed b y D HCP client. Start up file name, to assign start up file name distributed by DHCP client. DHCP client flag option over IPv4, user-defined, mainly used to mark position o f DHCP client. TFTP server address, to assign TFTP server address distributed by DHCP client. DHCP reserved opt ion, a t present Option184 is m ainly used t o carry i nformation required by voice calling. Through Option184 it can distribute IP address for DHCP client with voice function and meanwhile provide voice calling related information. Complete option Fields 18, 37, 61 a nd 82 i n DHCP Option are r elay age nt information options i n DHCP packets. When r equest pa ckets f rom DHCP client a rrive D HCP s erver, if ne ed DHCP relay or DHCP Snooping, DHCP relay or DHCP Snooping increase Option field into request packets. Fields Option18, 37, 61 and 82 implement r ecord DHCP client i nformation on DHCP server. By cooperating with other software, it can realize IP address distribution restriction and accounting, etc. functions. Such as cooperate with IP Source Guard to defend deceive of IP address+MAC address. Field Option82 can i nclude a t m ost 255 s ub-options. If de fined f ield Option82, at l east one sub-option m ust be de fined. The d evice supports two s ub-option t ypes c urrently: Sub-Option 1 (Circuit ID) and Sub-Option 2 (Remote ID). Sub-Option 1 contains interface ID of DHCP client request packet, interface VLAN and the additional information. Sub-Option 2 is interface MAC address (DHCP relay) or device bridge MAC address (DHCP Snooping device) for receiving DHCP client request packets.
61 66 67 82 150 184
255
5.1.4
DHCP client
ISCOM2924GF de vice can be us ed as DHCP cl ient t o get I P addr ess f rom D HCP s erver and management in future, as the Figure 5-3 shows below.
108
www.raisecom.com
User Manual
5.1.5
5.1.5.1
DHCP Snooping
DHCP Snooping overview DHCP Snooping is a security feature of DHCP with the below functions: Guarantee DHCP client gets IP address from legal DHCP server; If there is false DHCP server existing in network, DHCP client may get error IP address and network configuration pa rameters, b ut c annot c ommunicate nor mally. As the Figure 5-4 shows be low, i n order to make DHCP client get IP address from legal DHCP server, DHCP Snooping security system permits to set interface as trust interface and untrust interface: trust interface forwards DHCP packets normally; untrust interface discard the reply packets from DHCP server.
Record corresponding relationship between DHCP client IP address and MAC address.
DHCP S nooping records e ntries t hrough m onitor r equest a nd r eply pa ckets r eceived b y t rust interface, including client MAC address, obtained IP address, DHCP client connected interface and VLAN of the interface, etc. Then implement following by the record information:
109
www.raisecom.com
User Manual
ARP Detection: judge legality of user that sends ARP packet and avoid ARP attack from illegal user. IP Source G uard: filter i nterface f orwarded packets b y d ynamically ge tting DHCP Snooping entry to avoid illegal packets pass the interface. VLAN mapping: packets s ent to user modify mapped V LAN to original VLAN b y searching m apped V LAN r elated D HCP c lient I P a ddress, M AC a ddress a nd or iginal VLAN information in DHCP Snooping entry.
5.1.5.2
DHCP Snooping supporting Option function Option f ield in DHCP packet r ecords pos ition information of D HCP client. Administrator c an us e this option to locate DHCP client and control client security and accounting. If the device configured DHCP Snooping to support Option function: When device r eceives D HCP r equest p ackets, deal w ith packets acc ording to Option field included or not a nd f illing m ode a s w ell a s pr ocessing pol icy configured by us er, t hen forwards the processed packet to DHCP server; When device receives DHCP reply packets, if the packet doesnt contain Option field, delete the field and forward to DHCP client; if the packet doesnt contain Option field, forwarded directly.
5.2.1.2
Preconditions Finish the following tasks before configuring DHCP client: Create VLAN and add layer-3 interface to it. The DHCP Snooping function is disabled.
www.raisecom.com Function hostname class-id client-id Default value raisecom raisecom-ROS raisecom-SYSMAC- IF0
User Manual
Please configure DHCP client on the device as below. Step 1 2 3 4 Configuration Raisecom#config Raisecom(config)#interface ip 0 Raisecom(config-ip)#ip address dhcp [ server-ip ip-address] Raisecom(config-ip)#ip dhcp client { class-id class-id | client-id client-id | hostname hostname } Raisecom(config-ip)#ip dhcp client renew Description Enter global configuration mode. Enter layer-3 interface configuration mode. Apply for IP address by DHCP. (Optional) Configure DHCP client information, including class ID, client ID and host name. (Optional) Relet IP address. If the layer-3 interface of device has obtained IP address by DHCP, the IP address will automatically renew when the lease expires. (Optional) Release IP address.
111
www.raisecom.com No. 1 Item Raisecom#show ip dhcp client Description Show DHCP client configuration.
User Manual
5.3.1.2
Preconditions N/A
www.raisecom.com
User Manual
5.3.3.1
Configure DHCP Snooping over IPv4 Please configure DHCP Snooping function on the device as below: Step 1 2 Configuration Raisecom#config Raisecom(config)#ip dhcp snooping Description Enter global configuration mode. Configure to enable global DHCP Snooping function over IPv4. By default, the device hasnt be configured to enable global DHCP Snooping function over IPv4. 3 Raisecom(config)#ip dhcp snooping port-list { all | port-list } Raisecom(config)#interface port port-id Raisecom(config-port)#ip dhcp snooping trust (Optional ) Configure to enable interface DHCP Snooping function over IPv4. By default, the device has enabled interface DHCP Snooping function over IPv4. Enter physical layer interface configuration mode. Configure trust interface over IPv4. By default, the device distrusts the DHCP packet over IPv4 received by interface. (Optional ) Configure DHCP Snooping to support Option function defined by IPv4. By default, the DHCP Snooping is not in support of Option function defined by IPv4. 7 Raisecom(config-port)#exit Raisecom(config)#ip dhcp snooping option client-id 8 Raisecom(config)#ip dhcp snooping information option (Optional ) Configure DHCP Snooping to support Option61 function. (Optional ) Configure DHCP Snooping to support Option82 function.
4 5
5.3.3.2
Configure DHCP Snooping over IPv6 Please configure DHCP Snooping function on the device as below: Step 1 2 Configuration Raisecom#config Raisecom(config)#ipv6 dhcp snooping Description Enter global configuration mode. Configure to enable global DHCP Snooping function over IPv6. By default, the device hasnt be configured to enable global DHCP Snooping function over IPv6.
113
www.raisecom.com Step 3 Configuration Raisecom(config)#ipv6 dhcp snooping port-list { all | port-list } Raisecom(config)#interface port port-id Raisecom(config-port)#ipv6 dhcp snooping trust Description (Optional ) Configure to enable interface DHCP Snooping function over IPv6.
User Manual
By default, the device has enabled interface DHCP Snooping function over IPv6. Enter physical layer interface configuration mode. Configure trust interface over IPv6. By default, the device distrusts the DHCP packet over IPv6 received by interface. (Optional ) Configure DHCP Snooping to support Option18 function. (Optional ) Configure DHCP Snooping to support Option37 function.
4 5
Raisecom(config)#ipv6 dhcp snooping option interface-id Raisecom(config)#ipv6 dhcp snooping option remote-id
5.4.1.2
Preconditions N/A
114
www.raisecom.com
User Manual
(Optional) Create Option field information defined by IPv4. (Optional) Create Option field information defined by IPv4 in interface.
115
www.raisecom.com
User Manual
(Optional) Create Option field information defined by IPv6. (Optional) Create Option field information defined by IPv6 in interface.
116
www.raisecom.com
User Manual
5.5.1.2
5.5.1.3
Show result Check whether DHCP client configuration is correct by the command of show ip dhcp client.
Raisecom#show ip dhcp client Hostname: Class-ID: Client-ID: raisecom Raisecom-ROS Raisecom-000e5e000000-IF0
DHCP Client is requesting for a lease. Assigned IP Addr: Subnet mask: Default Gateway: Client lease Starts: Client lease Ends: Client lease duration: DHCP Server: Tftp server name: Tftp server IP Addr: Startup_config filename: NTP server IP Addr: Root path: -----0.0.0.0 0.0.0.0 -Jan-01-1970 08:00:00 Jan-01-1970 08:00:00 0(sec) 0.0.0.0
117
www.raisecom.com
User Manual
5.5.2.2
Configure DHCP relay in support of Option82 function and configure field Option82.
Raisecom(config)#ip dhcp snooping information option Raisecom(config)#ip dhcp information option remote-id string user01 Raisecom(config)#interface port 3 Raisecom(config-port)#ip dhcp information option circuit-id raisecom
5.5.2.3
Show result Check whether DHCP client configuration is correct by the command of show ip dhcp information option.
Raisecom#show ip dhcp information option DHCP Option Config Information 118
www.raisecom.com
Circuit-ID : default Remote-ID Mode: Remote-ID String: P3 Circuit ID: string user01 raisecom
User Manual
ipv4Global ipv4Port P1: P2: P3: P27: P28:ipv6Global ipv6Port P1: P2: P3: P27: P28
119
www.raisecom.com
User Manual
Chapter 6 QoS
This chapter introduces basic principle and configuration of QoS and provides related configuration applications. Overview Priority trust Traffic classification and traffic policy Priority mapping and queue schedule Traffic rate limit over interface and VLAN Maintenance Configuring applications
6.1 Overview
User br ings f orce di fferent service qua lity de mands f or ne twork a pplication, t hen network s hould distribute a nd schedule resource for different ne twork application a ccording to user de mands. QoS (Quality of Service) can ensure s ervice i n real-time and i ntegrity w hen network overload or congested and guarantee the whole network runs high-efficiently. QoS is composed by a group of traffic management technology: Service model Priority trust Traffic classification Traffic policy Priority mapping Queue schedule Rate limit over interface and VLAN
6.1.1
Service model
QoS technical service contains three models: Best-effort Service Integrated Services (IntServ) Differentiated Services (DiffServ)
6.1.1.1
Best-effort Best-effort service is the most basic and simplest service model over store and forward mechanism Internet (IPv4 standard). In Best-effort service model, the application program can send any number of pa ckets at any time without permitting in advance and notifying the ne twork. F or B est-effort service, the network will send packets as possible as it can, but cannot guarantee the delay time and reliability. Best-effort is the default Internet service model now, applying to most network applications, such as
120
www.raisecom.com FTP, E -mail, etc. which is achieved by first in first out (FIFO) queue.
User Manual
6.1.1.2
IntServ IntServ model is a comprehensive service model, which can meet a variety of QoS requirements and needs t o s end specific s ervice r equest to ne twork b efore s ending m essages. This r equest is accomplished through signaling. Firstly, the application program need to apply for service quality it required f rom ne twork by s ignaling, s uch a s bandwidth, de lay time, pr iority, e tc. The a pplication program w ill s end messages onc e r eceiving t he c onfirmation f rom ne twork, w hich m eans t he network has already pr eset i ts corresponding s ervice qua lity r esource. At t he same t ime, the messages se nt b y program s hould be c ontrolled w ithin t he range described i n t he application parameters. After r eceiving service qua lity application messages f rom a pplication pr ogram, t he ne twork w ill check r esource di stribution, i .e. w hether t he current network resource can m eet appl ication from application pr ogram, once m eeting the a pplication, network will return a ne twork r esource confirmation and allocate corresponding network resource for application program. In the process of sending messages, as l ong a s t he a pplication pa cket traffics a re controlled within the range of application parameters, the network will undertake to meet QoS requirements. In order to fulfill the commitment f or t ransmitting traffics, the ne twork will maintain a s tate for t hem, classifying messages, monitoring traffics and taking queue scheduling over the state. In the IntServ service model, the signaling transmitting QoS request is RSVP (Resource Reservation Protocol), w hich i s r esponsible f or not ifying t he Q oS r equirements of application program to network. RSVP applies for network resource before the application program sending messages, so it is out of band signaling. Intserv service model diagram is shown in Figure 6-1.
Figure 6-1 Sketch map of IntServ service model The b iggest adv antage of IntServ model is to pr ovide end-to-end QoS service, while the bi ggest disadvantage is its poor scalability. Network node must maintain all reserved resource information. These m aintenance ope rations w ill consum e more pr ocessing time and memory requirements of
121
www.raisecom.com
User Manual
network nodes. A fter expanding network scale, there will be a substantial increasing in the maintenance cost, which will have a serious impact to the packet wire-speed processing performance of the network nodes, especially the core nodes.
6.1.1.3
DiffServ DiffServ model is a multi-service model, which can satisfy different QoS requirements. The largest difference from Intserv model is tha t it does not require R SVP signaling. In other words, DiffServ model doesnt need to notify the network to reserve resources before sending messages. DiffServ model does not need t o maintain state for each f low. I t provides differentiated s ervices according t o the QoS cl assification of each packet. Many different methods can be used for Q oS packet cl assification, such as I P pa cket pr iority ( IP precedence), t he pa cket s ource addres s or destination address and so on. Generally, DiffServ i s us ed to pr ovide end t o e nd Q oS s ervices for a num ber of i mportant applications, which is achieved mainly through the following techniques: CAR (Committed Access Rate): CAR refers to classify the messages according to the pre-set messages m atching rules, s uch a s IP m essages pr iority ( IP pr ecedence), t he pa cket s ource address or destination address, etc. Continue to send the messages if the flow is in line with the rules of token bucket. If it is beyond the specified flow, discard the messages or remark IP precedence, DSCP, EXP, etc. CAR not only can control the traffics, but also mark and remark the messages. Queue t echnology: the queuing t echnologies of SP, WRR, DRR, SP + WRR, SP + DRR cache and schedule the congestion messages to achieve congestion management.
6.1.2
Priority trust
Priority trust re fers to the de vice us es pr iority of pa ckets f or classification and pe rforms Q oS management. Generally speaking, the bigger the packet priority field is, the higher the priority is. ISCOM2924GF device is in support of packet priority trust over interface, including: DSCP (Differentiated Services Code Point) priority over IP packets. CoS (Class of Service) priority over VLAN packets.
6.1.3
Traffic classification
Traffic classification denotes recognizing packets of certain cl ass by setting rules, pe rforming different Q oS pol icy f or the pa ckets m atch w ith di fferent r ules. It i s pr emise a nd base of di verse service. ISCOM2924GF device is in support of traffic classification of ToS (Type of Service) priority over IP packets, DSCP priority and CoS priority over VLAN packets, as well as the classification over ACL rule. The traffic classification procedure is shown as the following Figure 6-2:
122
www.raisecom.com
User Manual
6.1.3.1
ToS priority and DSCP priority Structure of IP packet head shows as Figure 6-3 below, the head contains 8bit ToS field. RFC1349 defines the f irst 3 bits of ToS f ield, indicating ToS pr iority with value r ange of 0~7; R FC2474 defines ToS again, the first 6 bits (0~5) indicates priority of IP packet, named DSCP priority, value range i s 0 ~63, t he l ast 2 bi ts ( bit-6 a nd bi t-7) a re re served. The st ructure of t wo priority t ypes is shown as the following Figure 6-4:
6.1.3.2
CoS priority VLAN pa cket ov er IEEE 802.1 Q standard m akes m odification on E thernet pa cket, i ncrease 4 bytes802.1Q t ag between s ource a ddress f ield a nd pr otocol t ype f ield, a s Figure 6-5 shows be low. The tag includes field of 2 bytes TPID (Tag Protocol Identifier, value at 0x8100) and field of 2 bytes TCI (Tag Control Information).
123
User Manual
CoS priority locates at the first 3 bits of TCI field, value range is 0~7, as Figure 6-6 shows below. It is available to guarantee service quality in layer-2 network.
6.1.4
Traffic policy
Perform di fferent ope ration for di fferent pa ckets a fter classifying packets t raffic, the t raffic classification and operation binding form the traffic policy.
6.1.4.1
Rate limit Rate limit is to control network traffic, by monitoring traffic rate enters network to discard overflow part a nd c ontrol t he e ntering t raffic in a r easonable r ange, t hus t o pr otect ne twork r esource a nd carrier interest. ISCOM2924GF device is in support of rate limit at packet ingress direction over traffic policy.
6.1.4.2
Re-direction Re-direction means to forward packets in the original corresponding relation between destination and interface, it forwards packet to assigned interface to implement policy routing. ISCOM2924GF device supports forwarding ingress packets to assigned interface.
6.1.4.3
Re-mark Re-mark means to set some priority fields in packet again and then classify packets according to self standard. Besides, downstream node i n ne twork c an pr ovide di verse Q oS s ervice a ccording t o re-marked information. ISCOM2924GF device is in support of re-mark for below priority fields: IP packets ToS priority IP packets DSCP priority VLAN packets CoS priority
6.1.4.4
Traffic statistics Traffic statistics is used for data messages statistics of specified service traffic, which is the number of messages and bytes passed through matching traffic classification or discarded. Traffic statistics itself is not QoS control measure, but can be used in combination with other QoS
124
User Manual
6.1.5
Priority mapping
When packets enter device, priority mapping function sends them to queues with different internal priority i n a ccordance w ith m apping r elationship f rom e xternal t o i nternal, t hus t he pa ckets c an perform queue schedule at packets egress direction. Note: I nternal pr iority is a ki nd of i nternal pr iority de vice di stributed t o pa ckets, corresponding to interface queue No. Packets with bigger internal priority value will be processed precedent. ISCOM2924GF device supports DSCP priority over IP packets or CoS priority over VLAN packets to perform priority mapping. By default, the mapping relationship among ISCOM2924GF device internal priority, DSCP priority and CoS priority is shown in the table 6-1 below: Table 6-1 Mapping relationship of internal priority, DSCP priority, CoS priority Internal DSCP CoS 0 0~7 0 1 8~15 1 2 16~23 2 3 4 5 6 7
24~31 32~39 3 4
6.1.6
Queue schedule
Queue s chedule i s necessary when t here i s i ntermittent c ongestion i n ne twork a nd de lay s ensitive services require higher QoS service than non-sensitive services. Queue s chedule adopts different s chedule a lgorithm t o t ransport pa ckets f low i n que ue. ISCOM2924GF de vice is in s upport of SP ( Strict-Priority), W RR (Weight R ound R obin), DRR (Deficit Round Robin), SP+WRR and SP+DRR algorithm to solve network flow problem and have different influences on distribution, delay, and jitter of bandwidth resource: SP: t o s chedule s trictly a ccording t o que ue pr iority order. Lower pr iority queue cannot perform s chedule unt il t he packets i n higher priority que ue a ll f inished s chedule, as Figure 6-7 shows below.
www.raisecom.com
User Manual
WRR: on basis of round schedule each queue according to queue priority, schedule packets in various queues according to weight of each queue, as Figure 6-8 shows below.
Figure 6-8 Sketch map of WRR schedule DRR: on basis of round schedule each queue according to queue priority, schedule packets in each queue according to weight of each queue. Besides, lending the redundant bandwidth of a queue in one schedule to other queue, in the later schedule, the queue borrowed bandwidth will return it back, as Figure 6-9 shows below.
Figure 6-9 Sketch map of DRR schedule SP+WRR: di viding que ues on i nterface i nto t wo gr oups, us er c an assign some que ues perform SP schedule and other queues perform WRR schedule. SP+DRR: dividing queues on interface into two groups, user can assign some queues perform SP schedule and other queues perform DRR schedule.
6.1.7
126
www.raisecom.com
User Manual
6.2.1.2
Preconditions N/A
www.raisecom.com No. 1 Item Raisecom(config)#show mls qos priority [ port port-id ] Description Show priority trust rule configuration under interface.
User Manual
6.3.1.2
Preconditions N/A
128
www.raisecom.com Step 4 Configuration Raisecom(config-cmap)#match { access-list-map | ip-access-list | ipv6-access-list | mac-access-list } acl-number Raisecom(config-cmap)#match class-map class-map-name Raisecom(config-cmap)#match ip dscp dscp-value Raisecom(config-cmap)#match ip precedence ip-precedence-value Raisecom(config-cmap)#match vlan vlan-id [ double-tagging inner ] Description
User Manual
5 6 7 8
(Optional) Configure traffic classification over traffic classification rule. (Optional) Configure traffic classification over DSCP priority of IP packet. (Optional) Configure traffic classification over ToS priority of IP packet. (Optional) Configure traffic classification over VLAN ID rule of VLAN packet.
(Optional) Create traffic rate limit rule in type of class. This rule is used together with traffic classification for restrict speed of matched traffic classification packets.
(Optional) Create traffic rate limit rule in type of single. This rule is used together with a type of packet for restrict speed of it.
www.raisecom.com Step 1 2 3 4 Configuration Raisecom#config Raisecom(config)#policy-map policy-map-name Raisecom(config-pmap)#description string Raisecom(config-pmap)#class-map class-map-name Description Enter global configuration mode.
User Manual
Create traffic policy and enter traffic policy configuration mode. (Optional) Configure description for traffic policy. Bind traffic classification into traffic policy; only apply policy for packets match with traffic class. Note: At least one rule type is necessary for binding traffic class for policy, otherwise cannot bind successfully.
5 6
Raisecom(config-pmap-c)#police policer-name Raisecom(config-pmap-c)#redirect-to port port-id Raisecom(config-pmap-c)#set { cos cos-value | ip dscp ip-dscp-value | ip precedence ip-precedence-value | vlan vlan-id } Raisecom(config-pmap-c)#statistics enable Raisecom(config-pmap-c)#quit Raisecom(config-pmap)#quit Raisecom(config)#service-policy policy-name { egress port-id | ingress port-id [ egress port-id ]}
(Optional) Configure rate limit rule under traffic class to form rate limit policy. (Optional) Configure re-direct rule under traffic class, forwarding classified packets from assigned interface. (Optional) Configure re-mark rule under traffic class, modify packet ToS, DSCP, CoS or VLAN ID of matched traffic class. (Optional) Configure traffic statistic rule under traffic class, statistic packets for matched traffic class.
130
www.raisecom.com No. 5 Item Raisecom(config)#show service-policy statistics [ port port-id ] Description Show the applied policy statistic information.
User Manual
6.4.1.2
Preconditions N/A
6.4.2 Configure mapping relationship between DSCP priority and local priority
Please configure mapping r elationship be tween DSCP priority a nd l ocal pr iority o n t he d evice a s below. Step 1 2 Configuration Raisecom#config Raisecom(config)#mls qos enable Description Enter global configuration mode. Global enable QoS function. By default, the device enables global QoS function. The command of mls qos disable can disable it. 3 Raisecom(config)#mls qos mapping dscp dscp-value to localpriority local-priority Configure mapping relationship between DSCP priority and local priority.
6.4.3 Configure mapping relationship between CoS priority and local priority
Please configure mapping relationship be tween CoS pr iority a nd local pr iority on t he device a s below.
131
www.raisecom.com Step 1 2 Configuration Raisecom#config Raisecom(config)#mls qos enable Description Enter global configuration mode. Global enable QoS function.
User Manual
By default, the device enables global QoS function. The command of mls qos disable can disable it. Configure mapping relationship between CoS priority and local priority.
132
www.raisecom.com
User Manual
6.5.1.2
Preconditions Related VLAN must be created before configuring rate limit over VLAN or QinQ.
133
User Manual
Raisecom(config)#rate-limit port-list { all | Configure rate limit over interface. port-list }{ both rate-value | egress rate-value [ burst-value ]| ingress rate-value [ burst-value ]}
6.6 Maintenance
User can maintain QoS feature by the following commands. Command Raisecom(config)#clear service-policy statistics [ egress | ingress | port ] port-list [ class-map class-map-name ] Raisecom(config)#clear rate-limit statistics vlan [ vlan-id ] Description Clear statistics information of QoS packets. Clear statistics information of VLAN rate limit packet loss.
134
www.raisecom.com
User Manual
6.7.1.2
Configuration steps Create and configure traffic classification, classify different users according to VLAN ID.
Raisecom#config Raisecom(config)#mls qos enable Raisecom(config)#class-map usera match-any Raisecom(config-cmap)#match vlan 1 Raisecom(config-cmap)#quit Raisecom(config)#class-map userb match-any Raisecom(config-cmap)#match vlan 2 135
www.raisecom.com
Raisecom(config-cmap)#quit Raisecom(config)#class-map userc match-any Raisecom(config-cmap)#match vlan 3 Raisecom(config-cmap)#quit
User Manual
6.7.1.3
Show result Show traffic classification configuration by the command of show class-map.
Raisecom#show class-map usera Class Map match-any usera (id 0) Match vlan 1 Raisecom#show class-map userb Class Map match-any userb (id 1) Match vlan 2 Raisecom#show class-map userc Class Map match-any userb (id 2) Match vlan 3
Show rate limit rule configuration by the command of show mls qos policer.
Raisecom(config)#show mls qos policer single-policer usera 25000 136
www.raisecom.com
100 exceed-action drop Used by policy map usera single-policer userb 100 exceed-action drop Used by policy map userb single-policer userc 100 exceed-action drop Used by policy map userc 30000 35000
User Manual
137
www.raisecom.com
User Manual
6.7.2.2
Raisecom(config-port)#quit
6.7.2.3
Show result Show m apping r elationship c onfiguration of a ssigned priority b y t he c ommand of show mls qos
138
www.raisecom.com mapping
Raisecom(config)#show mls qos mapping cos
User Manual
CoS-LocalPriority Mapping:
CoS:
-------------------------------------------------LocalPriority: 0 1 2 3 5 6 6 7
Show queue schedule configuration by the command of show mls qos queue.
Raisecom(config)#show mls qos queue Queue Weight(WRR)
------------------------1 2 3 4 5 6 7 8 1 1 1 1 1 1 1 1
www.raisecom.com
User Manual
For U ser B , m ust pr ovide 35M ba ndwidth, bur st t raffic f low pe rmit 100 KB, di scarding r edundant traffic; For U ser C , m ust pr ovide 30M ba ndwidth, bur st t raffic f low pe rmit 100KB, di scarding r edundant traffic.
Figure 6-12 Networking sketch map of traffic rate limit over interface
6.7.3.2
6.7.3.3
Show result Show rate limit configuration over interface by the command of show rate-limit port-list.
Raisecom(config)#show rate-limit port-list 2-4 I-Rate: Ingress Rate I-Burst: Ingress Burst E-Rate: Egress Rate E-Burst: Egress Burst Port I-Rate(kbps) I-Burst(kB) E-Rate(kbps) E-Burst(kB)
---------------------------------------------------------------------P2 P3 P4 25000 35000 30000 100 100 100 3448 3448 1048576 34 34 512
140
www.raisecom.com
User Manual
Chapter 7 Multicast
This c hapter i ntroduces b asic pr inciple a nd c onfiguration of m ulticast a nd provides r elated configuration applications. Overview Configure IGMP foundation Configure IGMP Snooping Configure IGMP MVR Configure IGMP Proxy Maintenance Configuring applications
7.1 Overview
7.1.1 Multicast overview
With t he c ontinuous d evelopment of I nternet ne twork, the various interacting network data, v oice and video will become more and more; the other hand, the emerging e-commerce, online meetings, online a uctions, v ideo on d emand, di stance l earning a nd ot her s ervices also rise gradually. These services come up w ith higher r equirements for ne twork ba ndwidth, i nformation security and pa id. Traditional unicast and broadcast cannot meet these requirements well, while multicast has met them timely. Multicast is a poi nt to m ultipoint data transmission m ethod. The m ethod can effectively s olve t he single point sending and multipoint receiving problems. During the network packet transmission, it can save network resources and improve information security.
7.1.1.1
Comparison among unicast, broadcast and multicast Multicast is a kind of packets transmission which is parallel with unicast and broadcast. Unicast: T he s ystem e stablished a data transmission path f or e ach us er w ho ne eds t he information, a nd s ent s eparate c opy i nformation f or them. Through unicast, t he a mount o f information transmitted over the network is proportional to the number of user, so when the number of users becomes huge, there will be more identical information in network. At this point, bandwidth will become an important bottleneck, and unicast will not be conducive to large-scale information transmission. Broadcast: The system sends information to all users, whether they need or not, any user will receive it. Through broadcast, the information source delivers information to all users in the network s egment, w hich m ade t he i nformation s ecurity a nd paid s ervice l ose gua rantee. In addition, w hen the num ber of us ers w ho re quires this kind of information decreases, the utilization of network resources will be very low, the bandwidth will be wasted seriously. Multicast: When some users in the network need specific information, the sender only sends one piece of information, then the transmitted information can be reproduced and distributed in fork junction as far as possible.
As shown in the Figure 7-1, assume that User B and User C need information, you can use multicast
141
www.raisecom.com
User Manual
transmission to combine User B and User C to a receiver set, then the information source just needs to s end one piece of information. E ach switch in t he network will establish their m ulticast forwarding t able a ccording t o IGMP pa ckets, a nd f inally transmit the information to the a ctual recipient B and C.
Figure 7-1 Multicast transmission networking In summary, the unicast is for sparse network users and broadcast is for dense network users. When the number of users in the network is uncertain, unicast and broadcast will present a low efficiency. When t he num ber of us ers are doubl ed a nd r edoubled, the m ulticast mode ne eds not t o increase backbone bandwidth, but sends information to the user in need. These advantages of multicast make itself become a hotspot in the current network technology study.
7.1.1.2
The advantages and application of multicast Comparing with unicast and broadcast, the advantages of multicast are as below: Improve efficiency: reduce network traffic, relieve server and CPU load. Optimize performance: reduce redundant traffic and guarantee the information security. Distributed applications: solve the problem of point-point data transmission. multimedia, s treaming media a pplications, s uch a s: n etwork t elevision, ne twork r adio, real-time video / audio conferencing; training, cooperative operations communications, such as: distance education, telemedicine; data warehousing, financial applications (stock); any other "point-to-multipoint" applications
7.1.1.3
Basic concept in multicast Multicast group Multicast gr oup refers t o the recipient s et using the s ame IP m ulticast addres s identification. Any user host (or other receiving device) will become a member of the group after joining the multicast group. They can identify and receive multicast da ta with t he de stination a ddress of IP m ulticast address.
142
User Manual
All hos ts joi ned a multicast gr oup will be come a member of t he multicast gr oup. M ulticast gr oup members are dynamic, hosts can join or leave multicast group at any time. Group members may be widely distributed in any part of the network. Multicast source Multicast source refers to a server which regards multicast group address as the destination address to send IP packet. A multicast source can send data to multiple multicast groups; multiple multicast sources can send to a multicast group. Multicast router Router in the network that supports layer-3 multicast function is called the multicast router. Multicast router can achieve multicast routing, guide multicast packet forwarding and provide multicast group management function to distal network segment connecting with users. Router interface Router interface refers to the interface toward multicast router between multicast router and the host. The device receives multicast packets from this interface. Member interface Known as the receiving interface, member interface is the interface toward host be tween multicast router and the host. The device sends multicast packets from this interface. The locations of multicast router interface and the receiving interface are shown in Figure 7-2.
7.1.1.4
Multicast address In or der to make multicast s ource and multicast group members communicate across the I nternet, you ne ed t o pr ovide network-layer m ulticast address a nd l ink-layer multicast a ddress, i.e. IP multicast a ddress a nd m ulticast M AC a ddress. Note: m ulticast a ddress onl y can be de stination address, but not source address. IP multicast address
143
www.raisecom.com
User Manual
IANA (Internet Assigned Numbers Authority) assigns Class D address space to IPv4 multicast; the range of IPv4 multicast address is from 224.0.0.0 to 239.255.255.255. Multicast MAC address When Ethernet transmits unicast IP packet, the destination MAC address will use the recipient MAC address. However, when multicast packets are in transmission, the destination is no longer a specific receiver, but a group with uncertain member, so it needs to use multicast MAC address. Multicast MAC address for link layer identifies the receiver of the same multicast group. According to IANA, the high 24-bit of multicast MAC address are 0x01005E, the 25-bit is fixed 0, the 23-bit corresponds to the low 23-bit of IPv4 multicast address. The mapping relation between IP multicast address and MAC address is shown in Figure7-3
Figure 7-3 Mapping relation between IPv4 multicast address and multicast MAC address Since the first 4 bits of IP multicast address are 1110, indicating multicast identification. In the last 28bits, only 23 bits are mapped to the multicast MAC address. And the missing 5 bits information will make 32 IP multicast addresses map to the same multicast MAC address. Therefore, in Layer 2, the device may receive some other data out of IP v4 multicast group, and these extra multicast data need to be filtered by the upper device.
7.1.1.5
Basis of multicast protocol It needs to deploy a variety of multicast protocols for interworking and operating in various positions of network to achieve a complete set of multicast services. Typically, IP m ulticast w orking at n etwork layer is c alled "Layer-3 multicast", t he c orresponding multicast pr otocol is called " Layer-3 multicast pr otocol," i ncluding I GMP ( Internet G roup Management Protocol), etc.; IP multicast working at data link layer is called "layer 2 multicast", the corresponding m ulticast f eature is called "layer-2 multicast protocol", i ncluding IGMP S nooping (Internet Group Management Protocol Snooping) and so on. The operating positions of IGMP and Layer-2 multicast features are shown in Figure 7-4.
144
www.raisecom.com
User Manual
Figure 7-4 The operating positions of IGMP and Layer-2 multicast features IGMP i s t he pr otocol r esponsible f or I Pv4 multicast member management in TCP / IP protocol family. IGMP r uns b etween m ulticast r outer a nd hos t, de fines t he establishment a nd maintenance mechanism of multicast gr oup m embership be tween host and multicast r outer. IGMP d oes not contain the transmission and maintenance of group membership between multicast routers, which is completed by multicast routing protocol. IGMP manages group members by I GMP messages interaction be tween host and multicast router. IGMP messages are encapsulated in IP messages, including Query messages, Report messages and Leave messages. The basic functions of IGMP are: Host sends Report messages joining multicast group, sends Leave messages leaving multicast group, and automatically decides which multicast group messages to receive. The multicast rout er se nds Query messages periodically and receives Report messages and Leave messages from hosts to understand the multicast group members in connected network segment. The multicast data will be forwarded to the network segment if there are multicast group members; not forward if no multicast group members. Up to now, IGMP has three versions: IGMPv1 version, IGMPv2 version and IGMPv3 version, the new version is fully compatible with old version. Currently the most widely used version is IGMPv2, while Leave messages only apply to IGMPv2 and IGMPv3. Layer-2 multicast manages a nd c ontrols multicast gr oups by monitoring a nd a nalyzing IGMP messages be tween hosts a nd multicast r outers as s o to achieve multicast data f orwarding a nd suppress multicast data diffusion in layer-2 network.
7.1.1.6
The supported multicast performance The device is in support of the following multicast features:
Basic function of IGMP
IGMP Snooping IGMP MVR IGMP Proxy (IGMP Proxy) IGMP filtering
Note: The functions of IGMP Snooping and IGMP MVR on ISCOM2924GF device can be enabled simultaneously. ISCOM2924GF device is in support of IGMPv1and IGMPv2 simultaneously.
145
www.raisecom.com
User Manual
The basic function of IGMP provides Layer-2 multicast common features, which can be used when the device enables IGMP Snooping or IGMP MVR function. Note: The basic function configuration is valid to IGMP Snooping or IGMP MVR simultaneously. The concepts description related to IGMP basic functions is as below: Multicast router interface The r outer i nterface can be l earnt dynamically (need t o e nable multicast routing protocol on multicast routers, learn by IGMP query messages) on layer-2 multicast switch, or set manually so as to forward downstream multicast report and leave messages to the router interface. Router interface learnt dynamically has aging time, while the router interface c onfigured manually will not be aged. Aging time Set the aging time applying to both of multicast forwarding entry and router interface. On layer-2 switch running multicast function, every router interface learnt dynamically will enable a timer; the timer timeout is "IGMP Snooping aging time." The router interface will be deleted without receiving IGMP Query messages at aging time; Update timeout for router interface when receiving IGMP Query messages. Each multicast forwarding entry will enable a timer, that is, the aging time of multicast member; the timer tim eout is "IGMP S nooping a ging t ime". The m ulticast member w ill be deleted without receiving IGMP Report messages at aging time; Update timeout for multicast forwarding entry when receiving IGMP Report messages. Instant-leaving function On layer-2 s witch r unning m ulticast function, us er w ill not de lete t he c orresponding multicast forwarding entry immediately, but wait until the entry is aged when sending Leave messages. Enable this function to delete the corresponding multicast forwarding entry quickly when there are a large number of downstream users and adding leaving is more frequent. Note: Instant-leaving function only applies to IGMP v2/v3 versions. IGMP ring network forwarding function On layer-2 s witch r unning multicast f unction, t he IGMP r ing ne twork f orwarding function c an be enabled to any type of interfaces. Enabling IGMP ring ne twork forwarding can achieve multicast ba ckup protection in ring ne twork, make the m ulticast service m ore stable, and prevent l ink failure from causing multicast s ervice failure. IGMP ring network forwarding function applies to Ethernet ring, STP / RSTP / MSTP ring and G.8032 ring, etc.
146
www.raisecom.com
User Manual
The proxy mechanism can control and access user information effectively, at the same time, reducing
www.raisecom.com
User Manual
the ne twork s ide pr otocol packet a nd n etwork l oad. IGMP Proxy e stablishes multicast pa cket forwarding list by intercepting IGMP packet between the user and the multicast routers.
www.raisecom.com Step 5 6 Configuration Raisecom(config)#igmp ring interface-type interface-number Raisecom(config)#mac-address-table static multicast mac-address vlan vlan-id interface-type interface-number-list Description
User Manual
(Optional) Enable IGMP ring network forwarding function of the interface. (Optional) Configure to add interface to static multicast group. Interface joins the multicast group usually through the IGMP Report message transmitted by host. User also can add an interface to a multicast group manually.
www.raisecom.com
User Manual
7.3.1.2
Precondition Before c onfiguring I GMP Snooping, you s hould create t he V LAN a nd j oin t he c orresponding interface to VLAN.
Raisecom(config)#mac-address-table (Optional) Configure static multicast static multicast mac-address vlan forwarding table. vlan-id interface-type Interface joins the multicast group usually interface-number-list through the IGMP Report message transmitted by host. User also can add an interface to a multicast group manually.
150
www.raisecom.com
User Manual
7.4.1.2
Precondition Before configuring IGMP MVR, you should create a VLAN and join the corresponding interface to the VLAN.
151
www.raisecom.com
User Manual
www.raisecom.com IGMP Proxy function is generally used with IGMP Snooping or IGMP MVR.
User Manual
7.5.1.2
Precondition Before c onfiguring IGMP Proxy, you should c reate V LAN a nd join the c orresponding interface to the VLAN.
Description Enter global configuration mode Enable IGMP Proxy function Enable IGMP packet suppression function. Enable IGMP querier function (Optional) Configure source IP address of query packet sent by IGMP Proxy querier. (Optional) Configure IGMP query interval. (Optional) Configure the maximum response time of Query packet. (Optional) Configure the Query transmission interval of final member.
www.raisecom.com
User Manual
Configure IGMP P roxy if it isnt ena bled: set source I P address, t he que ry interval, the maximum response time of Query packet transmission, Query transmission interval of final member, once MVR Proxy is started, the configuration takes effect immediately. IGMP Proxy function can be started when enabling IGMP Snooping or IGMP MVR.
7.6.1.2
Precondition Before configuring IGMP filtering, you should create VLAN and join the corresponding interface to the VLAN.
www.raisecom.com Step 1 2 Configuration Raisecom#config Raisecom(config)#igmp filter Description Enter global configuration mode Enable global IGMP filtering
User Manual
Note: When configuring IGMP filtering template or the maximum group limitation, please use the command igmp filter to enable global IGMP filtering at first.
Note: Perform the command of igmp filter profile profile-number in interface configuration mode to make the created IGMP Profile apply to the specified interface. One IGMP Profile can be applied to multiple interfaces, but each interface can have only one IGMP Profile.
www.raisecom.com Step Configuration Raisecom(config-aggregator)#igmp filter max-groups group-number [ vlan vlan-list ] 4 Raisecom(config-port)#igmp filter max-groups action { drop | replace } [ vlan vlan-list ] Raisecom(config-aggregator)#igmp filter max-groups action { drop | replace } [ vlan vlan-list ] Description
User Manual
Configure the maximum multicast group number restriction to aggregation group interface or interface + VLAN. (Optional) Configure the action over maximum multicast group number restriction in physical interface or interface + VLAN. (Optional) Configure the action over maximum multicast group number restriction in aggregation group interface or interface + VLAN.
7.7 Maintenance
Users can maintain multicast features operation and configuration by the following command. Command Raisecom(config)#clear igmp statistics [ interface-type interface-number ] Raisecom(config)#no igmp member [ interface-type interface-number ] Description Clear IGMP statistic information Delete specified multicast forwarding table entry.
7.8
7.8.1
Configuration application
Configure IGMP Snooping and IGMP Proxy application
Network requirements As Shown in Figure 7-7, the switch interface Port 1 connects with multicast router; interface Port 2 and Port 3 connects users. All multicast users belong to the same VLAN10; It is needed to configure IGMP Snooping on the switch to receive multicast data with the address 234.5.6.7. Enable the IGMP P roxy function on switch to r educe communication between the hosts and multicast routers and achieve multicast function. When the P C and set-top box a dd i nto t he s ame m ulticast gr oup, t he s witch r eceives t wo I GMP Report messages and only sends one of them to multicast router. The IGMP Query message sent by multicast will no longer forward downstream, but transmit IGMP Query message
156
7.8.1.1
www.raisecom.com
User Manual
7.8.1.2
157
www.raisecom.com 7.8.1.3 Show result Check whether IGMP Snooping configuration is correct.
Raisecom#show igmp snooping igmp snooping igmp snooping active vlan igmp router alert examine igmp aging time(s) igmp ring :10 :Disable :300 :-:Enable
User Manual
7.8.2
7.8.2.1
158
www.raisecom.com
User Manual
7.8.2.2
Configuration steps Create VLAN on Switch A and add the interface into it.
Raisecom(config)#config Raisecom(config)#creat vlan 3,12,13 active Raisecom(config)#interface port 1 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk native vlan 3 Raisecom(config-port)#switchport trunk untagged vlan 12,13 Raisecom(config-port)#exit Raisecom(config)#interface port 2 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk native vlan 12 Raisecom(config-port)#switchport trunk untagged vlan 3 Raisecom(config-port)#exit Raisecom(config)#interface port 3 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk native vlan 13 Raisecom(config-port)#switchport trunk untagged vlan 3 Raisecom(config-port)#exit
www.raisecom.com 7.8.2.3 Show result Check whether the IGMP MVR configuration configuration is correct.
Raisecom#show igmp mvr igmp mvr running igmp mvr port igmp mvr multicast vlan(ref) igmp router alert examine igmp aging time(s) igmp ring :3(2) :Disable :300 :-:Enable :port-list 2-3
User Manual
Check whether the multicast VLAN and group address information are correct.
Raisecom#show igmp mvr vlan-group mcast-vlan start-group end-group
7.8.3
7.8.3.1
www.raisecom.com
User Manual
7.8.3.2
Configuration steps Create VLAN and add the interface into it.
Raisecom#config Raisecom(config)#creat vlan 3,12,13 active Raisecom(config)#interface port 1 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk native vlan 3 Raisecom(config-port)#switchport trunk untagged vlan 12,13 Raisecom(config-port)#exit Raisecom(config)#interface port 2 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk native vlan 12 Raisecom(config-port)#switchport trunk untagged vlan 3 Raisecom(config-port)#exit Raisecom(config)#interface port 3 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk native vlan 13 Raisecom(config-port)#switchport trunk untagged vlan 3 Raisecom(config-port)#exit
Configure the maximum group number limitation for set-top box interface.
Raisecom(config-port)#igmp filter max-groups 1 Raisecom(config-port)#igmp filter max-groups action replace
7.8.3.3
www.raisecom.com
IGMP profile: MaxGroup: Currentgroup: action: 0 replace 1 1
User Manual
7.8.4
7.8.4.1
7.8.4.2
Configuration steps Enable STP function, create VLAN and add interface into the VLAN. Configure Switch A
162
www.raisecom.com
SwitchA#config SwitchA(config)#spanning-tree enable SwitchA(config)#spanning-tree mode stp SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk native vlan 200 SwitchA(config)#exit SwitchA(config-port)#interface port 2 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk native vlan 200
User Manual
Configura Switch B
SwitchB#config SwitchB(config)#spanning-tree enable SwitchB(config)#spanning-tree mode stp SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk native vlan 200 SwitchB(config-port)#exit SwitchB(config)#interface port 3 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk native vlan 200
Configura Switch C
SwitchC#config SwitchC(config)#spanning-tree enable SwitchC(config)#spanning-tree mode stp SwitchC(config)#interface port 2 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#switchport trunk native vlan 200 SwitchC(config-port)#exit SwitchC(config)#interface port 4 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#switchport trunk native vlan 200
Enable IGMP Snooping and IGMP ring network forwarding function. Configure Switch A
SwitchA(config)#igmp ring port 1,2 SwitchA(config)#igmp snooping SwitchA(config)#igmp snooping vlan 200
Configura Switch B
SwitchB(config)#igmp ring port 2,3 SwitchB(config)#igmp snooping SwitchB(config)#igmp snooping vlan 200
Configura Switch C
163
www.raisecom.com
SwitchC(config)#igmp ring port 2,4 SwitchC(config)#igmp snooping SwitchC(config)#igmp snooping vlan 200
User Manual
7.8.4.3
Show result Disconnect any one link in ring link to check whether the multicast traffic can be reveived normally.
164
www.raisecom.com
User Manual
Chapter 8 Security
This c hapter i ntroduces b asic pr inciple a nd c onfiguration of s ecurity a nd pr ovides r elated configuration applications. Overview ACL RADIUS TACACS+ Storm Control Maintenance Configuring applications
8.1 Overview
Network application is getting more and more popular with the continuous development of Internet. More and more enterprises speed up its development by using network. To ensure data and resource security in open network environemtn become more and more important. Besides, some user access network unconsciously but cause damage to network also lead device performance degrade or even cause abnormal. To d eploy a ccess c ontrol, user a uthentication, e tc. s ecurity t echnology c an effectively i mprove network and device security.
8.1.1 ACL
ACL (Access Control List) is a set of ordered rules, which can control the device to receive or refuse to some data message. User needs to configure rules in network to control illegal packets influent network perofmrnace and decide packets allowed passing. These rules are defined by ACL. ACL is a series of rule composed by permit | deny sentences. The rules are described according to source a ddress, destination a ddress, por t I D of da ta pa ckets. Device j udges r eceiving or r ejecting packets according to the rules.
8.1.2 RADIUS
RADIUS (Remote Authentication Dial I n User S ervice) i s a kind of s tandard communication protocol t hat a uthenticate r emote acces s us ers intensively. RADIUS uses UDP a s t he t ransmission protocol (port 1812 and port 1813) which has a good instantaneity; at the same time, RADIUS is in support of retransmission mechanism and standby server mechanism which has a good reliability.
165
User Manual
RADIUS adopts c lient/server m ode, network access de vice i s us ed as cl ient of RADIUS server. RADIUS server receives user connecting requests and authenticates users, then reply configuration information to all clients for providing services. Control user access device and network and improve network security. Communication between client and RADIUS server is authenticated by sharing key, which wont be transmitted on network. Besides, all user directions need to be encrypted when transmitting between client device and RADIUS server to ensure security. 8.1.2.2 RADIUS accounting function RADIUS accounting f unction i s us ed t o a uthenticate us er t hrough RADIUS. User s ends a st arting account packets to RADIUS accrounting server when log in, according to the accounting policy to send update packet to RADIUS server; when log off, send stopping account packet to RADIUS accounting server, the packet includes user online time. RADIUS accounting server can record the access time and operations for each user by the packets.
8.1.3 TACACS+
TACACS+ (Terminal Access Controller Access Control System) i s a ki nd of ne twork a ccess authentication protocol similar to RADIUS. The differences between them are: TACACS+ uses TCP port, which has higher transmission reliability compared with UPD port used by RADIUS. TACACS+ encrypts the holistic of packets except the standard head of TACACS+, and there is an area to show whether the data packets are encrypted in the head of packet. Compared to RADIUS user password encryption, the TACACS+ is much safer. TACACS+ authentication function is separated from authorization and accounting functions; it is more flexible in deployment.
In a w ord, TACACS+ is s afer a nd more r eliable than R ADIUS, but RADIUS is used w ider i n network as an open protocol.
166
www.raisecom.com
User Manual
There are 4 kinds of ACL application according to difference of application environment: ACL over the whole device, over interface, over flow from ingress port to egress port and over VLAN.
8.2.1.2
Preconditions N/A
167
User Manual
168
www.raisecom.com
User Manual
4 5
Raisecom(config-aclmap)#match { arp | eapol | flowcontrol | icmpv6 | ip | ipv6 | loopback | mpls | mpls-mcast | pppoe | pppoedisc | slowprotocol | x25 | x75 } Raisecom(config-aclmap)#match arp opcode { request | reply } Raisecom(config-aclmap)#match arp { sender-mac | target-mac } mac-address Raisecom(config-aclmap)#match arp { sender-ip | target-ip } ip-address [ ip-mask ] Raisecom(config-aclmap)#match ip { destination-address | source-address } ip-address [ ip-mask ] Raisecom(config-aclmap)#match ip precedence { precedence-value | routine | priority | immediate | flash | flash-override | critical | internet | network } Raisecom(config-aclmap)#match ip tos { tos-value | normal | min-monetary-cost | min-delay | max-reliability | max-throughput } Raisecom(config-aclmap)#match ip dscp { dscp-value | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | ef | default } Raisecom(config-aclmap)#match ip protocol { protocol-id | ahp | esp | gre | icmp | igmp | igrp | ipinip | ospf | pcp | pim | tcp | udp }
10
11
12
13
14
169
www.raisecom.com Step 15 Configuration Raisecom(config-aclmap)#match ip tcp {destination-port|source-port} {port-id |bgp|domain|echo|exec|finger|ftp| ftp-data| gopher|hostname|ident|irc|klogin| kshell| login| lpd|nntp|pim-auto-rp|pop2|pop3|smtp |sunrpc| syslog|tacacs|talk|telnet|time|uucp|whois|www} Raisecom(config-aclmap)#match ip tcp { ack | fin | psh | rst | syn | urg } Raisecom(config-aclmap)#match ip udp {destination-port | source-port} {port-id|biff|bootpc|bootps|domain | echo|mobile-ip|netbios-dgm|netbios-ns | netbios-ss|ntp|pim-auto-rp|rip|snmp|snmptrap |sunrpc|syslog|tacacs|talk|tftp|time|who} Raisecom(config-aclmap)#match ip icmp icmp-type-id [ icmp-code ] Raisecom(config-aclmap)#match ip igmp {igmp-type-id|dvmrp| query|leave-v2| report-v1|report-v2|report-v3 | pim-v1} Raisecom(config-aclmap)#match ipv6 { destination-address | source-address } ipv6-address/mask Raisecom(config-aclmap)#match ipv6 flow-label label-id Raisecom(config-aclmap)#match ipv6 protocol protocol-id Raisecom(config-aclmap)#match ipv6 traffic-class class-id Description
User Manual
(Optional) Define m atch r ule f or por t ID o f TCP packet. By default, dont match port ID of TCP packet. (Optional) Define m atch rule f or TCP protocol t ag. By de fault, don t m atch TCP protocol tag. (Optional) Define m atch rule f or po rt ID o f UDP packet. By default, dont match port ID of UDP packet. (Optional) Define m atch rule for m essage type of ICMP packet. By default, dont match message type of ICMP packet. (Optional) Define m atch rule for m essage type of IGMP packet. By de fault, don t match message type of IGMP packet. (Optional) Define m atch rule f or sour ce or destination a ddress of IPv6 packet. By default, dont match source or destination address of IPv6 packet. (Optional) Define match rule for flow tag of IPv6 packet. By default, dont match flow tag of IPv6 packet. (Optional) Define m atch r ule f or pr otocol value of IPv6 packet. By default, dont match protocol value of IPv6 packet. (Optional) Define m atch rule for f low classification of IPv6 packet. By de fault, dont m atch flow c lassification of IPv6 packet. (Optional) Confiugre m atch r ule f or user-defined field, that is, two pa rameters of rule mask and offset take an y b yte f rom the former 64 b ytes of da ta f rame, t hen comparing with user-defined rule to filter out matched data frame for processing. For e xample, if w ant to f ilter a ll T CP packets, user can defines t he r ule as 06, rule mask is EF, offset is 27, the rule mask and of fset v alue w ork t ogether t o f ilter out content of T CP pr otocol I D f ield, then comparing with rule and match with all TCP packets. Note: Rule must be even number of he x digital, offset inc ludes f ield 802.1q V LAN Tag, make the device receives untag packets.
170
16
17
18
19
20
21
22
23
24
www.raisecom.com
User Manual
Step 1 2
ACL application over whole device Configuration Raisecom#config Description Enter Global Configuration mode. Configure filter for the whole device. If configure parameter of statistics system will statistic accounts according to filter rule. Enable filter and the rules becom effective. Enable filter can not only active the fitler rules, but also make the filter rules set later become effective. By default, system doesnt enable filter, the command of filter disable can disable filter.
Raisecom(config)#filter { access-list-map | ip-access-list | ipv6-access-list | mac-access-list } { all | acl-list } [ statistics ] Raisecom(config)#filter enable
Step 1 2
ACL application over interface Configuration Raisecom#config Description Enter Global Configuration mode. Configure filter on interface. If configure parameter of statistics system will statistic accounts according to filter rule. Enable filter and the rules becom effective. Enable filter can not only active the fitler rules, but also make the filter rules set later become effective. By default, system doesnt enable filter, the command of filter disable can disable filter.
Raisecom(config)#filter { access-list-map | ip-access-list | ipv6-access-list | mac-access-list } { all | acl-list } { ingress | egress } port-list port-list [ statistics ] Raisecom(config)#filter enable
Step 1
ACL application over traffic flow from ingress port to egress port Configuration Raisecom#config Description Enter Global Configuration mode.
171
www.raisecom.com Step 2 Configuration Raisecom(config)#filter { access-list-map | ip-access-list | ipv6-access-list | mac-access-list } { all | acl-list } from port-id to port-id [ statistics ] Raisecom(config)#filter enable Description
User Manual
Configure flow filter from ingress port to egress port. If configure parameter of statistics system will statistic accounts according to filter rule. Enable filter and the rules becom effective. Enable filter can not only active the fitler rules, but also make the filter rules set later become effective. By default, system doesnt enable filter, the command of filter disable can disable filter.
Step 1 2
ACL application over VLAN Configuration Raisecom#config Description Enter Global Configuration mode. Configure VLAN filter. If configure parameter of statistics system will statistic accounts according to filter rule.
Raisecom(config)#filter { access-list-map | ip-access-list | ipv6-access-list | mac-access-list } { all | acl-list } vlan vlan-id [ double-tagging inner | statistics ] Raisecom(config)#filter enable
Enable filter and the rules becom effective. Enable filter can not only active the fitler rules, but also make the filter rules set later become effective. By default, system doesnt enable filter, the command of filter disable can disable filter.
172
www.raisecom.com
User Manual
8.3.1.2
Preconditions N/A
173
User Manual
Assign IP address and port ID for RADIUS authentication server. Configure backup parameter to assign RADIUS authentication server for backup. Configure shared key for RADIUS authentication. Configure use login authentication by RADIUS.
6 7
Raisecom#radius-key string Raisecom#user login { local-radius | local-user | radius-local [ server-no-response ] | radius-user } Raisecom#enable login { local-radius | local-user | radius-local [ server-no-response ] | radius-user }
Configure RADIUS authentication mode for user entering privileged EXEC mode.
Raisecom#radius [ backup ] accounting-server ip-address [ account-port ] Raisecom#radius accounting-server key string Raisecom#aaa accounting fail { offline | online } Raisecom#aaa accounting update update-time
174
www.raisecom.com
User Manual
8.4.1.2
Preconditions N/A
www.raisecom.com Step 1 2 3 4 5 Configuration Raisecom#config Raisecom(config)#interface ip if-number Raisecom(config-ip)#ip address ip-address ip-mask vlan-id Raisecom(config-ip)#end Raisecom#tacacs-server [ backup ] ip-address Description Enter global configuration mode. Enter layer-3 interface configuration mode. Configure IPv4 address. Return privileged EXEC mode.
User Manual
Assign IP address for TACACS+ authentication server. Configure parameter of backup to assign backup TACACS+ authentication server. Configure sharing key for TACACS+ authentication. Confiugre user login to be authenticated by TACACS+.
6 7
Raisecom#tacacs-server key string Raisecom#user login { local-tacacs | local-user | tacacs-local [ server-no-response ] | tacacs-user } Raisecom#enable login { | local-tacacs | local-user | tacacs-local [ server-no-response ] | tacacs-user }
Configure TACACS+ authentication mode for user entering privileged EXEC mode.
Raisecom#tacacs [ backup ] accounting-server ip-address Raisecom#tacacs-server key string Raisecom#aaa accounting fail { offline | online }
7 8
User Manual
Configure to update accounting packets transmission period. If configured as 0, never send accounting update packet. By default, the period is 0.
8.5.1.2
Preconditions Connect interfaces and configure physical pa rameters f or i nterface be fore con figuring s torm suppression and make physical interface is Up.
www.raisecom.com Function Storm suppression status of multicast flow and unicast flow Storm suppression threshold Default value Disable 1024pps
User Manual
8.6 Maintenance
User can maintain system security through below command. Command Raisecom(config)#clear filter statistics [ filter-number-list ] Raisecom#clear tacacs statistics Description Clear statistic result of filter. Clear TACACS+ statistics.
www.raisecom.com
User Manual
8.7.1.2
8.7.1.3
Show result Check whether IP ACL configuration is correct by the command of show ip-access-list.
Raisecom#show ip-access-list Src Ip: Source Ip Address Dest Ip: Destination Ip Address List Access Protocol Ref. Src Ip:Port Dest Ip:Port
Check whether the filter configuration is valid by the command of show filter.
Raisecom#show filter Rule filter: Enable Filter list(Larger order number, Higher priority): Order ACL-Index IPort EPort VLAN VLANType Hardware StatHw Pkts
www.raisecom.com update transmitting interval is 2 minutes. User will be offline if the accounting fails.
User Manual
8.7.2.2
8.7.2.3
Backup authentication server IP:0.0.0.0 port:1812 Authentication server key: Accounting server IP: Backup accounting server IP: Accounting server key: Accounting login: Update interval: Accounting fail policy: raisecom 192.168.1.1 port:1813 0.0.0.0 port:1813 raisecom enable 2 offline 180
www.raisecom.com
User Manual
8.7.3.2
8.7.3.3
Backup Accounting server Address: -Total Packet Sent: Total Packet Recv: 0 0
www.raisecom.com
User Manual
8.7.4.2
8.7.4.3
Show result Show storm control configuration by the command of show storm-control.
Raisecom#show storm-control Threshold: 2000 pps Interface Broadcast Multicast Unicast
----------------------------------------------------------port1 port2 port3 port4 port5 port6 Enable Enable Enable Enable Enable Enable Disable Enable Disable Enable Disable Disable Disable Disable Disable Disable Disable Disable
182
www.raisecom.com
User Manual
Chapter 9 Reliability
This chapter introduces basic principle and configuration of network reliability and provides related configuration applications. Overview Configure link aggregation Configure interface backup ELPS ERPS Configure Ethernet ring Maintenance Configuring applications
9.1 Overview
Ethernet is becoming more and more widely used for its simple structure, high-efficient and cost-effective f eatures. One of t he i mportant reasons to restrict Ethernet ap plication in telecommunication is the tr aditional E thernet r eliability. Packeting services ar e pr esented in burst mode usually; it is difficult to ensure invariable traffic. As two features of Ethernet, statistic TDM and a ddress l earning s ystem pr ovide e fficient a nd f lexible ba ndwidth a nd m eanwhile i mport incertitude for service bandwidth and path. In order to improve Ethernet reliability and meet demands of telecommunication network, customer can deploy special reliability technology in Ethernet.
www.raisecom.com
User Manual
The pe er r eceives L ACPDU and com pares i nformation with other interfaces received, c hoosing interface i n Selected status. The i nterfaces at bot h ends be come consi stent i n Selected status. The operation Key pe rforms a ggregation a nd c ontrol on t he a utomatical ge nerated c onfiguration gr oup according to the interface configuration (speed, duplex mode, Up/Down status, basic configuration information, etc.). The m ain difference be tween static LACP aggregation a nd m anual a ggregation is: s tatic LACP aggregation m ode ha s standby l ink, w hile a ll t he member i nterfaces of m anual a ggregation a re i n forwarding status and share loading flow. Link aggregation is the most widely used and simplest function in Ethernet reliability technology.
184
www.raisecom.com
User Manual
Figure 9-1 Interface backup networking Interface backup principle is shown in Figure 9-1. Port 1 and Port 2 on Switch A are connected with the upstream switches respectively, the interface forwarding state is as follows: In normal state, Port 1 on Switch A is master interface, Port 2 is standby interface, Port 1 and upstream switch forward messages, while Port 2 and the upstream switch not. When there is link failure between Port 1 and upstream switch, the standby interface Port 2 and upstream switch forward messages. When the Port 1 link failure is recovered and kept for a period of time (restore delay), Port 1 will change to forwarding state, Port 2 becomes standby state.
The s witch will s end a Trap to report ne twork management s ystem when the master i nterface a nd standby interface switch with each other. 9.1.2.1 Interface backup over VLAN Interface backup can be used on VLAN to make the two interfaces forward concurrently on different VLAN. In Figure 9 -2, interface ba ckup function over V LAN i s achi eved by cr eating VLAN and adding interface to it. Figure 9-2 Sketch map of Interface backup over VLAN
Figure 9-2 Sketch map of Interface backup over VLAN In different VLAN, the interface forwarding state is as follows:
185
www.raisecom.com
User Manual
Under norm al circumstances, configure S witch A i n VLAN 10 0~VLAN 150, P ort 1 as master interface, Port 2 as standby interface; in VLAN 151 ~VLAN 200, P ort 2 is m aster interface, Port 1 is standby interface. Then, Port 1 forwards traffic in VLAN 100~VLAN 150, Port 2 forwards traffic in VLAN 151~VLAN 200. When Port 1 has link failure, Port 2 is re sponsible for for warding traffic in VLAN 100~VLAN 200. When Port 1 recovers normal and keeps for a period of time (restore delay), Port 1 forwards traffic in VLAN 100~VLAN 150, Port 2 forwards traffic in VLAN 151~VLAN 200.
Using this method, interface backup over VLAN can be used for load balancing. At the same time, this application doesnt depend on the uplink switch configuration and is easy for user to operate.
9.1.3 ELPS
ELPS (Ethernet Linear Protection Switching) is an APS (Automatic Protection Switching) protocol over IT U-T G.8031 r ecommendation. It is a n end-to-end pr otection t echnology us ed t o pr otect a n Ethernet connection. ELPS de ploys pr otection r esources f or w orking r esources, l ike pa th a nd ba ndwidth, e tc. E LPS technology takes a simple and fast predictable mode to realize network resource switching, easier for carrier to program network more efficiently and know network active status.
9.1.4 ERPS
ERPS (Ethernet Ring Protection Switching) is an APS protocol over ITU-T G.8032 recommendation. It is special used in Ethernet ring link protocol. Generally, ERPS can avoid broadcast storm caused by data loopback. When Ethernet has loop or device malfault, ERPS can switch the link to backup link and ensure service restore quickly. ERPS t akes t he s pcial VLAN i n r ing ne twork t o t ransmit r ing ne twork c ontrol i nformation a nd meanwhile, combining with the topology feature of ring network to discover network fault quickly and enable backup link to restore service fast.
www.raisecom.com
User Manual
nodes on t he Ethernet ring, the first interface No. and the second interface No. play the same role basically. Ethernet ring generates master node by the election, so each node needs to collect device information on Ethernet ring, only the right collection leads to correct election. Topology collection is completed by Hello messages, which contain all nodes information the node collected from the other interface. The normal state of Ethernet ring is shown in Figure 9-3.
Figure 9-3 Sketch map of Ethernet ring in normal status According to the interface state of node ring, the ring node state can be divided into three types: Down: At least one of the two Ethernet ring interfaces is Down; Block: At least one of the two Ethernet ring interfaces is Block; Two-Forwarding: Both Ethernet ring interfaces are Forwarding. In all nodes on t he ring, node with Down state is prior for master node, followed by Block and Two-Forward. If the nodes are in the same state, the node with high-priority Bridge is master node. If the nodes have the same state and priority, the node with large Mac is master node. If the node is not master node, the two interfaces are Forwarding. If the node is master node, then one of two interfaces is Block, the other is Forwarding. Rules are as follows: Interface with Down link is prior for Block; Both interfaces are Down, the Block is the first interface; Both interfaces are Up, the Block is the first interface;
187
www.raisecom.com
User Manual
Figure 9-4 Sketch map of Ethernet ring in switching status Once there is link failure (such as link break), the failure adjacent node or interface will check the fault i mmediately and send link failure messages to master node . T he master node will e nable the first interface onc e r eceiving the m essages, in the meantime, send messages t o notify other transmission nodes about the link failure and inform them to change transmission direction. The data traffic will be switched to normal link after the transmission nodes updating forwarding entry. When the failed link is restored, the failed node does not enable the blocked port immediately until the ne w t opology c ollection i s s table. The origin node will f ind itself the m aster node, after som e time de lay, it w ill block hi s f irst i nterface, a nd send Change m essages t o notify t he failed node enabling the blocked interface.
9.2.1.2
Preconditions Please configure interface physical pa rameters be fore c onfiguring l ink a ggregation a nd m ake interface physical layer in Up status.
www.raisecom.com Function Link aggregation function status Load balancing mode Link aggregation group LACP system priority LACP interface priority LACP interface mode LACP timeout mode Default value Enable Sxordmac mode Existence, and for manual mode 32768 32768 active fast
User Manual
Note: In one link aggregation group, the member interfaces take part in load sharing must have identical c onfiguration, or e lse, t he da ta f orwarding w ill be a pr oblem. The c onfiguration i ncludes STP, QoS, QinQ, VLAN, interface attributes, MAC address learning: STP c onfiguration: int erface S TP e nable/disable s tatus, link attributes c onnects to the interface (point-to-point or not), interface path overhead, STP priority, packets sending rate limit, loopback protection, root protection, edge port or not. QoS c onfiguration: f low m onitor, f low r eshaping, j am a voidance, i nterface r ate l imit, S P queue, WRR queue, interface priority, interface trust mode.
189
www.raisecom.com
User Manual
QinQ configuration: interface QinQ enable/disable status, added outer VLAN Tag, policy for adding outer VLAN Tag by different inner VLANID. VLAN c onfiguration: i nterface pe rmitting V LAN, de fault V LAN I D, i nterface l ink t ype (Trunk, Hybrid, A ccess), s ub-net VL AN configuration, V LAN packets w ith T ag configuration or not. Interface at tributes conf iguration: i nterface i s adde d into i solation gr oup or not , i nterface speed, duplex mode, link up.down status. MAC a ddress l earning c onfiguration: M AC a ddress l earning e nable/disable, i nterface w ith max. Learning MAC address number limit or not, MAC address table can control forwarding when it is full.
3 4 5 6 7 8 9 10
Raisecom(config)#lacp timeout { fast | slow } Raisecom(config)#interface port-channel port-channel-number Raisecom(config-aggregator)#mode lacp-static Raisecom(config-aggregator)#{ max-active | min-active } links number Raisecom(config-aggregator)#exit Raisecom(config)#interface port port-id Raisecom(config-port)#channel group group-id Raisecom(config-port)#lacp port-priority port-priority Raisecom(config-port)#lacp mode { active | passive }
11
12 13
www.raisecom.com Note:
User Manual
Interface in s tatic LACP l ink a ggregation gr oup can b e i n a ctive or s tandby s tatus. Both active interface and standby i nterface can receive/transmit LACP p ackets, but s tandby interface cannot forward client packets. System chooses default interface in the order of neighbor discover, interface maximum speed, interface hi ghest LACP pr iority, interface minimum ID. The int erface is in active s tatus by default, the interface with identical speed, identical peer and identical device operation key is also in active status; other interfaces are in standby status.
4 5
191
www.raisecom.com 9.3.1.2 Preconditions Finish the following tasks before configuring interface backup: Create VLAN Add interface to VLAN Disable STP function
User Manual
9.3.2
9.3.3
Description Enter global configuration mode. Enter physical layer interface configuration mode or aggregation group configuration mode. Configure interface backup group. Configure interface backup-interface-number as standby interface, while primary-interface-number as master interface on VLAN list. If configure interface backup group not assigningVLAN list, the default VLAN range is 1~4049. Return global configuration mode.
(Optional) Configure fault recovery delay time. (Optional) Configure recovery mode.
www.raisecom.com
User Manual
interface standby group simultaneously. If configuring one link aggregation group as a member of interface backup group, it needs to configure the member interface with the minimum interface No. in link aggregation group as interface ba ckup member. The Up s tate m ember i nterface s hows that s ome i nterfaces i n member interface aggregation group are in Up state; the Down state member interface shoes that some interfaces in member interface aggregation group are in Down state.
9.3.4
Step 1 2 3
9.3.5
Check configuration
Check the result by the commands below after configuration: No. 1 Item Raisecom#show switchport backup Description Check interface backup state information, including recovery delay time, recovery mode and interface backup group information. The interface backup group information contains master interface, standby interface, master and standby interface states (Up/Down/Standby) and VLAN list.
193
www.raisecom.com
User Manual
One-way s witching a nd bi -directional s witching c an b e c hosen a ccording t o w hether bot h e nds switches at the same time when link error. One-way s witching: t he f ault of w hen one di rection at a l ink causes one end can r eceive traffic, but t he ot her end cannot r eceive. In this cas e, the end cannot r eceive t raffic de tects link error and performs switching, while the normal end doesnt detect and switch. The result of switching is that two ends of ELPS may choose different link to receive traffic. Bi-directional switching: when link is error, even only one direction has fault, both ends of the link require APS protocol to negotiate and switch to backup link at the same time. The result of s witching i s t hat t wo e nds of ELPS s hould c hoose one l ink f or t ransmitting and receiving.
This de vice doe snt di fferenciate one -way a nd bi -directional s witching unt il i n 1 +1 m ode, onl y bi-directional switching is available in 1:1 mode. ELPS provides two modes for fault detection: Detecting fault over physical interface status: to get link fault quickly and switching in time, available to neighbor devices. Detecting fault ov er C FM: a vailable to one-way de tection or m ulti-devices ac crossing detection.
9.4.1.2
Preconditions Finish the below tasks before configuring ELPS: Connect i nterface a nd configure physical pa rameters f or i t, the i nterface i s Up at physical layer Create VLAN Add interface into VLAN Configure CFP detection among devices (prepairing when adopting CFP detection mode)
www.raisecom.com Function Protection group mode WTR timer HOLDOFF timer ELPS failure information reports to network management system status Failure detection method Default value revertive mode 5min 0 Enable Physical link
User Manual
3 4
www.raisecom.com
User Manual
Note: The working path a nd protection pa th c an configure different f ault de tection mode, but it is better to keep their configuration consistent.
Note: By de fault, traffic will s witch t o pr otection l ink when w orking l ink i s f ault. Thus E LPS is needed in some special conditions.
196
www.raisecom.com
User Manual
Raisecom#show ethernet Show protection line statistic information. line-protection [ line-id ] statistics Raisecom#show ethernet line-protection [ line-id ] aps Show aps protocol information.
9.5.1.2
Preconditions Finish the below tasks before configuring ERPS: Connect i nterface a nd configure physical pa rameters f or i t, the i nterface i s Up at physical layer Create VLAN Add interface into VLAN Configure CFP detection among devices (prepairing when adopting CFP detection mode)
www.raisecom.com Function Protection ring Ring WTR timer Guard timer Ring HOLDOFF timer ERPS fault information reported to network management system Subring virtual path mode in crossiong node Ring Propagate switch in crossiong node Fault detection method WTB timer Default value Revertive mode 5min 500ms 0 Disable with mode Disable Physical interface 5s
User Manual
Step 1 2
198
www.raisecom.com Step Configuration Raisecom(config)#ethernet ring-protection ring-id east { port port-id | port-channel port-channel-number } west { port port-id | port-channel port-channel-number } node-type rpl-neighbour rpl { east| west } [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] Raisecom(config)#ethernet ring-protection ring-id east { port port-id | port-channel port-channel-number } west { port port-id | port-channel port-channel-number } [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] 3 Raisecom(config)#ethernet ring-protection ring-id name string Raisecom(config)#ethernet ring-protection ring-id version { 1 | 2 } Description
User Manual
(Optional) Configure ring name. The length of name cannot exceed 32 strings. (Optional) Configure protocol version. All nodes in one r ing m ust be c onsistent, v ersion 1 differenciate r ing v ia pr otocol VLAN, s o different r ings ne ed configure different pr otocol VLAN, and so do version 2. By default, using protocol version 1. (Optional) D uring f ault nod e r estore t ime, a fter configuring Guard timer it doesnt deal with APS protocol pa ckets. In s ome bi g r ing ne twork, restore node fault immediately may receive fault notice from neighbor node and cause link Down. Configure ring Guard timer can solve t his problem. (Optional) Configure ring WTR tim er. In revertive mode, waiting WTR tim er ti meout to switch ba ck w orking l ink when w orking l ink restore from fault. By default, WTR timer values 5 minutes. (Optional) System delays fault report time when working l ink f aults a fter c onfiguring r ing HOLDOFF t imer. It c an a void w orking l ink switching f requently. By default, H OLDOFF timer is 0. Note: 50ms s witching pe rformance w ill be affected by HOLDOFF timer v alue if i t is too bigger, so it is 0 by default 0.
(Optional) Enable ERPS fault information report to NMS. Disable by default. Us the command of ethernet ring-protection trap disable to disable this function.
199
www.raisecom.com
User Manual
Please configure ERPS crossover rings for devices as below. Step 1 2 Configuration Raisecom#config Raisecom(config)#ethernet ring-protection ring-id { east | west } { port port-id | port-channel port-channel-number } node-type rpl-owner [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] Description Enter global configuration mode. Create sub-ring a nd configure node as RPLOwner on crossover node. By default, protocol VLAN is 1, blocked VLAN range is 1-4094. Protection r ing c hanges t o no n-revertive mode if configured parameter of not-revertive. Traffic switches ba ck t o w orking l ink f rom pr otection l ink after working link fault restore but it doesnt switch if in non -revertive mode. P rotection r ing i s i n r evertive mode by default. Note: T he link be tween t wo crossover nodes i n crossover r ings be longs to m aster r ing, so either east-bound or w ester-bound i nterface c an be configured for sub-ring. Raisecom(config)#ethernet ring-protection ring-id { east | west } { port port-id | port-channel port-channel-number } node-type rpl-neighbour [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] Raisecom(config)#ethernet ring-protection ring-id { east | west } { port port-id | port-channel port-channel-number } [ not-revertive ] [ protocol-vlan vlan-id ] [ block-vlanlist vlan-list ] 3 Raisecom(config)#ethernet ring-protection ring-id raps-vc { with | without } Create sub-ring and configure node as RPL Neighbour on crossover nodes.
Create sub-ring and configure node as ring forwarding node on crossover nodes.
(Optional) Configure sub-ring virtual path mode on crossover node. Protocol packets transmitting in sub-ring is different from master ring, including with mode and without mode:
without: sub-ring protocol packets transmitted by sub-ring protocol VLAN, so the blocked VLAN list should not include protocol VLAN.
By default, sub-ring virtual path uses with. Configuration mode of two crossover nodes must be consistent.
200
User Manual
Enable ring Propagate switch on crossover node. Sub-ring data needs to be forwarded by master ring, so the sub-ring MAC address table also exists in master ring device. When sub-ring has fault, Propagate switch notifies master ring to refresh MAC address table in time and avoid traffic lost. By default, Propagate switch disable. The commandof ethernet ring-protection ring-id propagate disable can disable this function. It is suggested to enable Propagate switch.
201
User Manual
Available to RPLOwner node, in revertive mode, after configuring WTB timer, delay blocking RPL interface when clearing manual command to avoid several force-switch or manual-switch on a ring to block RPL interface. It is 5 seconds by default. Clear switch control command, including force-switch and manual-switch.
Note: By de fault, traffic will s witch t o pr otection l ink w hen w orking l ink i s f ault. Thus E RPS i s needed in some special conditions.
9.6.1.2
Preconditions Before configuring Ethernet ring, configure interface physical parameters to make interface physical layer state Up.
202
www.raisecom.com
User Manual
9.6.2
9.6.3
9.6.4
Please configure the basic function of ring on the device as below: 1 2 Raisecom#config Raisecom(config)#ethernet ring ring-id hello-time hello-time Enter global configuration mode. (Optional) Configure Hello messages transmitting time for Ethernet ring. By default, the messages sending interval is 1s.
203
www.raisecom.com 3 Raisecom(config)#ethernet ring ring-id restore-delay delay-time Raisecom(config)#ethernet ring ring-id priority priority Raisecom(config)#ethernet ring ring-id description string Raisecom(config)#ethernet ring ring-id hold-time hold-time
User Manual
(Optional) Configure fault recovery delay time for Ethernet ring. The link can be restored to the original working link until the recovery delay time timeout. (Optional) Configure bridege priority for Ethernet ring. (Optional) Configure ring description information. The description infortion cannot exceed 32 bytes. (Optional) Configure interface aging time for Ethernet ring. If Ethernet ring interface hasnt received Hello messages in aging time, age this interface and consider that the link circuit on link ring has fault. If the node interface is in Block state, it will enable the blocked interface temporarily to ensure the normal communication of all nodes on Ethernet ring. (Optional) Configure protocol VLAN for Ethernet ring.
4 5 6
Note: master node election: at the beginning, all nodes consider themselves the master node, one of two interfaces is Block, so no data loop on the ring; when two interfaces on the ring node receive the same Hello packets for many times, the node considers that the ring topology is stable and can elect master node. Other nodes will not enable the blocked interface, usually only one master node, which ensures only one blocked interface, and ensures the connectivity of the nodes on the ring.
9.6.5
Check configuration
Check the result by the commands below after configuration: No. 1 2 3 Item Raisecom#show ethernet ring [ ring-id ] Raisecom#show ethernet ring port Raisecom#show ethernet ring port statistic Description Check Ethernet ring information. Check Ethernet ring interface information. Check Ethernet ring interface messages statistics information.
9.7 Maintenance
User can maintain network reliability by the below commands: Command Raisecom(config)#clear ethernet line-protection [ line-id ] statistics Raisecom(config)#clear ethernet ring-protection ring-id statistics Raisecom(config)#clear ethernet ring ring-id statistics Description Clear protection line statistic information, including Tx APS packets, Rx APS packets, latest switching time, latest status switching time, etc. Clear protection ring statistic information. Clear ring interface statistic information, including Ethernet rong No., ring interface No., Hello, Change and Flush message, etc.
204
www.raisecom.com
User Manual
9.8.1.2
Configure Switch B.
Raisecom#hostname SwitchB SwitchA#config SwitchB(config)#interface port-channel 1 SwitchB(config-aggregator)#mode manual SwitchB(config-aggregator)#exit
www.raisecom.com
SwitchA(config-port)#exit SwitchA(config)#interface port 2 SwitchA(config-port)#channel group 1 SwitchA(config-port)#exit
User Manual
Configure Switch B.
SwitchB(config)#interface port 1 SwitchB(config-port)#channel group 1 SwitchB(config-port)#exit SwitchB(config)#interface port 2 SwitchB(config-port)#channel group 1 SwitchB(config-port)#exit
Configure Switch B.
SwitchB(config)#link-aggregation load-sharing mode smac
Configure Switch B.
SwitchB(config)#link-aggregation enable
9.8.1.3
Show result Show global configuration of manual link aggregation by the command of show link-aggregation:
SwitchA#show link-aggregation Link aggregation status:Enable Load sharing mode:SMAC Load sharing ticket generation algorithm:Direct-map M - Manual L - Lacp-static Efficient Port List
GroupID Mode MinLinks MaxLinks UpLinks Member Port List --------------------------------------------------------------------1 2 3 M M M 1 1 1 8 8 8 0 0 0 1-2
206
www.raisecom.com
User Manual
9.8.2.2
Configuration steps Configure static LACP link aggregation group on Switch A and set Switch A as active end.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#lacp system-priority 1000 SwitchA(config)#interface port-channel 1 SwitchA(config-aggregator)#mode lacp-static SwitchA(config-aggregator)#exit SwitchA(config)#interface port 1 SwitchA(config-port)#channel group 1 SwitchA(config-port)#lacp port-priority 1000 SwitchA(config-port)#exit SwitchA(config)#interface port 2 SwitchA(config-port)#channel group 1 SwitchA(config-port)#exit SwitchA(config)#link-aggregation enable
www.raisecom.com
SwitchB(config-port)#channel group 1 SwitchB(config-port)#exit SwitchB(config)#interface port 2 SwitchB(config-port)#channel group 1 SwitchB(config-port)#exit SwitchB(config)#link-aggregation enable
User Manual
9.8.2.3
Show result Show static LACP link aggregation global configuration on Switch A by the command of show link-aggregation:
Raisecom#show link-aggregation Link aggregation status:Enable Load sharing mode:SXORDMAC Load sharing ticket generation algorithm:Direct-map M - Manual L - Lacp-static Efficient Port List
GroupID Mode MinLinks MaxLinks UpLinks Member Port List --------------------------------------------------------------------1 2 3 4 5 6 7 8 L M M M M M M M 1 1 1 1 1 1 1 1 8 8 8 8 8 8 8 8 0 0 0 0 0 0 0 0 1-2
Show pe er s ystem LACP i nterface s tatus, mark, i nterface pr iority, management ke y, ope ration key and status of interface status machine on Switch A by the command of show lacp internal:
Raisecom(config)#show lacp internal Flags: S - Device is requesting Slow LACPDUs A - Device in Active mode F - Device is requesting Fast LACPDUs P - Device in Passive mode
Interface State
Flag
Port-Priority
Admin-key
Oper-key
Port-State
Show pe er system LACP interface s tatus, mark, interface pr iority, management ke y, ope ration key and status of interface status machine on Switch A by the command of show lacp neighbor.
208
www.raisecom.com
User Manual
Port 1 can be switched to Port 2 to keep link normal when it has link fault. Switch A needs to support interface backup function, but Switch B, Switch C, Switch D need not.
9.8.3.2
Configuration steps Create VLAN 100VLAN 200 and add Port 1 and Port 2 into it.
Raisecom#config Raisecom(config)#create vlan 100-200 active Raisecom(config)#interface port 1 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm Raisecom(config-port)#exit Raisecom(config)#interface port 2 Raisecom(config-port)#switchport mode trunk Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm Raisecom(config-port)#exit
Configure Port 1 as master interface and Port 2 as standby interface on VLAN 100VALN 150.
Raisecom(config)#interface port 1 Raisecom(config-port)#switchport backup port 2 vlanlist 100-150 209
www.raisecom.com
Raisecom(config-port)#exit
User Manual
Configure Port 2 as master interface and Port 1 as standby interface on VLAN 151VALN 200.
Raisecom(config)#interface port 2 Raisecom(config-port)#switchport backup port 1 vlanlist 151-200
9.8.3.3
Show result Check i nterface ba ckup s tatus i nformation i n c onditions of normal l ink s tatus a nd l ink fault separately by the command of show switchport backup. When the link of Port 1 and Port 2 is Up, Port 1 forwards traffics on VLAN 100VALN 1 50, while Port 2 forwards traffics on VLAN 151VALN 200.
Raisecom#show switchport backup Restore delay: 15s. Restore mode: port-up. Active Port(State) Backup Port(State) Vlanlist
--------------------------------------------------------port1 port2 (Up) (Up) port2 port1 (Standby) (Standby) 100-150 151-200
Break the link simulation fault between Switch A and Switch B manually, then the status of Port 1 will become Down, Port 2 will forward traffics on VLAN 100VALN 200.
Raisecom#show switchport backup Restore delay: 15s Restore mode: port-up Active Port(State) Backup Port(State) Vlanlist
----------------------------------------------------------------port1 (Down) port2 (Up) port2 port1 (Up) (Down) 100-150 150-200
When Port1 recovers t o Up st atus for 15s (re cover de lay), Port 1 will forward traffics on VLAN 100VALN 150, and Port 2 on VLAN 151VALN 200.
www.raisecom.com
User Manual
9.8.4.2
Configuration steps Create VLAN 100~VLAN 200 and add interface into VLAN 100~VLAN 200. Configure Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#create vlan 100-200 active SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm SwitchA(config-port)#exit SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm SwitchA(config-port)#exit
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#create vlan 100-200 active SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm SwitchB(config-port)#exit SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm SwitchB(config-port)#exit
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working port 1 100-200 protection port 2 100-200 one-to-one
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working failure-detect physical-link 211
www.raisecom.com
SwitchB(config)#ethernet line-protection 1 protection failure-detect physical-link
User Manual
9.8.4.3
Show result Show 1: 1 m ode E LPS c onfiguration on t he de vice by t he c ommand of line-protection. Take Switch A for example:
SwitchA#show ethernet line-protection 1 Id:1 Name: MEL:0 ProtocolVlan:100-200 Working(Port-Vlanlist-FaiureDetect-MAID-LocalMep-RemoteMep)(State/LCK): P1-100-200-physical--0-0-0(Active/N) Protection(Port-Vlanlist-FaiureDetect-MAID-LocalMep-RemoteMep)(State/F/M): P2-100-200-physical--0-0-0(Standby/N/N) Wtr(m):5 Holdoff(100ms):0
show ethernet
Show 1:1 mode ELPS APS protocol information on t he device by the command of show ethernet line-protection aps. Take Switch A for example:
SwitchA#show ethernet line-protection 1 aps Id Type Direction Revert Aps State Signal(Requested/Bridged)
-------------------------------------------------------------------1-Local 1:1 bi bi yes yes yes NR-W null/null yes NR-W null/null
1-Remote 1:1
212
www.raisecom.com 9.8.5.2 Configuration steps Create VLAN 100~VLAN 200 and add interface into VLAN 100~VLAN 200. Configure Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#create vlan 100-200 active SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm SwitchA(config-port)#exit SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#switchport trunk allowed vlan 100-200 confirm SwitchA(config-port)#exit
User Manual
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#create vlan 100-200 active SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm SwitchB(config-port)#exit SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#switchport trunk allowed vlan 100-200 confirm SwitchB(config-port)#exit
Configure Switch B.
213
www.raisecom.com
SwitchB(config)#ethernet cfm domain md-name md1 level 7 SwitchB(config)#service ma1 level 7 SwitchB(config-service)#service vlan-list 100 SwitchB(config-service)#service mep down mpid 3 port 1 SwitchB(config-service)#service mep down mpid 4 port 2 SwitchB(config-service)#service remote-mep 1 SwitchB(config-service)#service remote-mep 2 SwitchB(config-service)#service cc enable mep 3 SwitchB(config-service)#service cc enable mep 4 SwitchB(config-service)#exit SwitchB(config)#ethernet cfm enable
User Manual
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working port 1 100-200 protection port 2 100-200 one-plus-one-uni
Configure Switch B.
SwitchB(config)#ethernet line-protection 1 working failure-detect cc md md1 ma ma1 level 7 mep 3 1 SwitchB(config)#ethernet line-protection 1 protection failure-detect cc md md1 ma ma1 level 7 mep 4 2
9.8.5.3
Show result Show 1+ 1 m ode E LPS configuration on line-protection. Take Switch A for example:
SwitchA#show ethernet line-protection 1 Id:1 Name: ProtocolVlan:100-200 Working(Port-Vlanlist-FaiureDetect-MAID-LocalMep-RemoteMep)(State/LCK): Port1-100-200-cc-md1ma1-7-1-3(Active/N) Protection(Port-Vlanlist-FaiureDetect-MAID-LocalMep-RemoteMep)(State/F/M): Port2-100-200-cc-md1ma1-7-2-4(Standby/N/N) Wtr(m):5 Holdoff(100ms):0 214
www.raisecom.com
User Manual
Show 1+1 mode ELPS APS protocol information on t he device by the command of show ethernet line-protection aps. Take Switch A for example:
SwitchA#show ethernet line-protection 1 aps Id Type Direction Revert Aps State Signal(Requested/Bridged)
9.8.6.2
Configuration steps Add interface into VLAN 1~VLAN 4094. Configure Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit SwitchA(config)#interface port 2 215
www.raisecom.com
SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit
User Manual
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit
Configure Switch C.
Raisecom#hostname SwitchC SwitchC#config SwitchC(config)#interface port 1 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit SwitchC(config)#interface port 2 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit
Configure Switch D.
Raisecom#hostname SwitchD SwitchD#config SwitchD(config)#interface port 1 SwitchD(config-port)#switchport mode trunk SwitchD(config-port)#exit SwitchD(config)#interface port 2 SwitchD(config-port)#switchport mode trunk SwitchD(config-port)#exit
Configure Switch D.
SwitchD(config)#ethernet cfm domain md-name md1 level 7 216
www.raisecom.com
SwitchD(config)#service ma1 level 7 SwitchD(config-service)#service vlan-list 1 SwitchD(config-service)#service mep down mpid 2 port 1 SwitchD(config-service)#service remote-mep 1 SwitchD(config-service)#service cc enable mep 2 SwitchD(config-service)#exit SwitchD(config)#ethernet cfm enable
User Manual
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-neighbour rpl west
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 2 1
9.8.6.3
Show result Check i f E RPS protection ring is ef fective on the de vice b y t he command of show ethernet ring-protection status. Take Switch A for example, RPL link is congested to avoid loopback:
SwitchA#show ethernet ring-protection status Id/Name Status Last Occur(ago) East-State West-State sc Traffic-vlanlist
Cut off link between Switch B and Switch C by manual to simulate fault, execute command to show ERPS protection ring status on Switch A again, RPL link switches to forwarding status.
SwitchA#show ethernet ring-protection status Id/Name Status Last Occur(ago) East-State West-State sc Traffic-vlanlist
www.raisecom.com
User Manual
9.8.7.2
Configuration steps Add interface into VLAN 1~VLAN 4094. Configure Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#interface port 1 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit SwitchA(config)#interface port 2 SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit SwitchA(config)#interface port 3 218
www.raisecom.com
SwitchA(config-port)#switchport mode trunk SwitchA(config-port)#exit
User Manual
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit SwitchB(config)#interface port 3 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit
Configure Switch C.
Raisecom#hostname SwitchC SwitchC#config SwitchC(config)#interface port 1 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit SwitchC(config)#interface port 2 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit
Configure Switch D.
Raisecom#hostname SwitchD SwitchD#config SwitchD(config)#interface port 1 SwitchD(config-port)#switchport mode trunk SwitchD(config-port)#exit SwitchD(config)#interface port 2 SwitchD(config-port)#switchport mode trunk SwitchD(config-port)#exit
Configure Switch E.
Raisecom#hostname SwitchE SwitchE#config SwitchE(config)#interface port 1 SwitchE(config-port)#switchport mode trunk SwitchE(config-port)#exit SwitchE(config)#interface port 2 SwitchE(config-port)#switchport mode trunk SwitchE(config-port)#exit
Configure Switch F.
Raisecom#hostname SwitchF 219
www.raisecom.com
SwitchF#config SwitchF(config)#interface port 1 SwitchF(config-port)#switchport mode trunk SwitchF(config-port)#exit SwitchF(config)#interface port 2 SwitchF(config-port)#switchport mode trunk SwitchF(config-port)#exit
User Manual
Configure Switch B.
SwitchB(config)#ethernet cfm domain md-name md1 level 7 SwitchB(config)#service ma1 level 7 SwitchB(config-service)#service vlan-list 1 SwitchB(config-service)#service mep down mpid 3 port 1 SwitchB(config-service)#service mep down mpid 4 port 2 SwitchB(config-service)#service cc enable mep 3 SwitchB(config-service)#service cc enable mep 4 SwitchB(config-service)#exit SwitchB(config)#ethernet cfm enable
Configure Switch C.
SwitchC(config)#ethernet cfm domain md-name md1 level 7 SwitchC(config)#service ma1 level 7 SwitchC(config-service)#service vlan-list 1 SwitchC(config-service)#service mep down mpid 5 port 1 SwitchC(config-service)#service mep down mpid 6 port 2 SwitchC(config-service)#service cc enable mep 5 SwitchC(config-service)#service cc enable mep 6 SwitchC(config-service)#exit SwitchC(config)#ethernet cfm enable
Configure Switch D.
SwitchD(config)#ethernet cfm domain md-name md1 level 7 SwitchD(config)#service ma1 level 7 220
www.raisecom.com
SwitchD(config-service)#service vlan-list 1 SwitchD(config-service)#service mep down mpid 7 port 1 SwitchD(config-service)#service mep down mpid 8 port 2 SwitchD(config-service)#service cc enable mep 7 SwitchD(config-service)#service cc enable mep 8 SwitchD(config-service)#exit SwitchD(config)#ethernet cfm enable
User Manual
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east port 1 west port 2
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-neighbour rpl west
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east port 1 west port 2 node-type rpl-owner rpl east
Configure Switch B.
SwitchB(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 3 2 SwitchB(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 4 5
Configure Switch C.
SwitchC(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 5 4 SwitchC(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 6 7
Configure Switch D.
SwitchD(config)#ethernet ring-protection 1 east failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 7 6 SwitchD(config)#ethernet ring-protection 1 west failure-detect physical-link-or-cc md md1 ma ma1 level 7 mep 8 1
www.raisecom.com
SwitchA(config)#ethernet ring-protection 2 propagate enable
User Manual
Configure Switch B.
SwitchB(config)#ethernet ring-protection 2 east port 3 protocol-vlan 4094 SwitchB(config)#ethernet ring-protection 2 propagate enable
Configure Switch E.
SwitchE(config)#ethernet ring-protection 2 east port 1 west port 2 protocol-vlan 4094
Configure Switch F.
SwitchF(config)#ethernet ring-protection 2 east port 1 west port 2 node-type rpl-owner rpl east protocol-vlan 4094
9.8.7.3
Show result Check i f E RPS protection ring i s e ffective on t he de vice b y t he c ommand of show ethernet ring-protection status. Execute the c ommand on Switch A, Switch D and Switch F r espectively, the r esult w ill s how a s below if configure successfully.
SwitchA#show ethernet ring-protection status Id/Name Status Last Occur(ago) East-State West-State sc Traffic-vlanlist
Traffic-vlanlist
SwitchD#show ethernet ring-protection status Id/Name Status Last Occur(ago) East-State West-State sc Traffic-vlanlist
SwitchF#show ethernet ring-protection status Id/Name Status Last Occur(ago) East-State West-State sc Traffic-vlanlist
www.raisecom.com
User Manual
The status and priority of four nodes are the same, Mac address of Switch D is biggest, and therefore, Switch D is the master node of Ethernet ring.
9.8.8.2
Switch Switch B, Switch C, and Swtch C, please take Switch A configuration for reference.
9.8.8.3
Show result Check Ethernet ring configuration by the command of show ethernet ring. Take Switch D for example, when the loop is normal, the first ring interface of master node Switch D: Port 1 Block clears data loop.
SwitchD#show ethernet ring Ethernet Ring Upstream PortList:-Ethernet Ring 1: Ring Admin: Ring State: Bridge State: Enable Enclosed Block
Ring state duration: 0 days, 3 hours, 30 minutes, 15 seconds Bridge Priority: Bridge MAC: Ring DB State: Ring DB Priority: Ring DB: 1 000E.5E00.000D Block 1 000E.5E00.000D 223
www.raisecom.com
Hello Time: Restore delay: Hold Time Protocol Vlan 1 5 15 2
User Manual
Break l ink s imulation f ault be tween S witch A a nd S witch B m anually, P ort 1 of S witch D w ill change i ts s tatus f rom B lock t o F orwarding, Port 1 of S witch B w ill c hange i ts status fr om Forwarding to Block. Check Ethernet ring status again.
SwitchD#show ethernet ring Ethernet Ring Upstream-Group:1 Ethernet Ring 1: Ring Admin: Ring State: Bridge State: Enable Unenclosed Two-Forward
Ring state duration: 0 days, 3 hours, 30 minutes, 15 seconds Bridge Priority: Bridge MAC: Ring DB State: Ring DB Priority: Ring DB: Hello Time: Restore delay: Hold Time Protocol Vlan 1 000E.5E00.000D Block 1 000E.5E00.000B 1 15 15 2
224
www.raisecom.com
User Manual
Chapter 10 OAM
This chapter introduces basic principle and configuration of OAM and provides related configuration applications. Overview EFM CFM SLA E-LMI Maintenance Configuring applications
10.1
10.1.1
Overview
OAM overview
Ethernet i s de signed f or LAN initially; the OAM ( Operation, Administration and Management) i s weak for its small scale and possesses administrative system of NE level. With the wider application of E thernet i n t elecom ne twork, t he l ink l ength a nd network s cal become bi gger a nd bi gger, i t demands an efficient management and maintenance system in telecom network. To confirm connectivity of Ethernet virtual connection, detecting, confirming and locating fault from Ethernet layer, as well as balance network utility and network performance, then providing service according S LA (Service Level Agreement) i mplementing OAM o n E thernet has becoming a inevitable developing trend. Ethernet OAM is graded to achieve, as shown in Figure 10-1, it is generally divided into two levels: Link level Ethernet OAM: mostly used to the Ethernet physical link between PE (P rovider Edge) and CE (Customer Edge) (i.e.: the last mile) to monitor the link status between users network and and operators network. The typical protocol is EFM (Ethernet in the First Mile) OAM protocol. Service-class Ethernet OAM: mostly us ed t o network access conv ergence l ayer to monitor the e ntire ne twork connectivity, position network connectivity fault, and monitor link performance. The typical protocol is CFM (Connectivity Fault Management) OAM protocol.
225
www.raisecom.com
User Manual
10.1.2
EFM
Complied with IEEE 8802.3ah protocol, EFM is a kind of Ethernet OAM technology in link level, which provides link connectivity detection function, link fault monitoring function, and remote fault notification function, etc to the link between two straight-connection devices. "The last mile" in EFM r efers t o the c onnection f rom telecommunications carrier t o the users. Its goal is to promote the widely used E thernet technology to the telecommunications access ne twork market, which can significantly improve network performance and reduce device and operating costs. EFM is mainly used for user access network edge Ethernet link. Switch device provides the IEEE 802.3ah standard EFM function.
10.1.3
CFM
CFM is a kind of Ethernet OAM technology in network level, implementing end-to-end connectivity fault de tection, f ault n otification, j udgement a nd l ocation f unctions. It is us ed t o diagnose f ault actively for EVC (Ethernet Virtual Connection) and provide c ost-effective ne twork maintenance solution via fault management function and improve network maintenance. The s witch provides CFM function which is compatible w ith IEEE 802.1ag and ITU-T Y.1731 recommendations.
226
User Manual
MD (Maintenance D omain, al so cal led MEG, Maintenance E ntity Group) is a network that runs CFM f unction. It de fines ne twork r ange f or OAM m anagement. M D ha s l evel pr operty w ith 8 different levels (level 0 to level 7), the bigger the number is, the higher the level is, and the larger the corresponding range is. Protocol packets of lower level MD will be discarded after entering higher level MD; while higher level MD packets can transmit through lower level MD. In one VLAN range, different MD can be adjacent, embedded, but not crossed. As the Figure 10-2 shows below, MD2 is contained in MD1. MD1 packets need to transmit through MD2. Confiure MD1 level as 6, and MD2 l evel a s 3. Then MD1 pa ckets c an t ravel through MD2 and i mplement c onnectivity fault m anagement to the whole MD1, b ut M D2 pa ckets w ont di ffuse into MD1. MD2 is server layer and MD1 is client layer.
Service instance
Service Instance also called MA (Maintenance Association) is part of MD. One MD can be divided into one or multiple service instances. One service instance corresponds to one service, mapping to one V LAN group; VLAN of different service instances cannot cross. Though service instance can map to multiple VLAN, one instance can use one VLAN for transmitting or receiving OAM packets. This VLAN is master VLAN of the intance. MEP As the Figure 10-3 shows below, MEP (Maintenance associations End Point) is edge node of service intance. MEP can transmit a nd deal with CFM packets, instance that MEP located and MD decide the VLAN and level for MEP packets transmission and reception MEP o n a ny de vice r unning C FM i n ne twork i s c alled l ocal MEP; MEP on ot her de vices i n t his instance is called RMEP (Remote Maintenance association End Point). One i nstance can configure multiple MEP; packets s ent by M EP i n one i nstance t ake i dentical S-VLAN TAG, priority and C-VLAN TAG. MEP can receive OAM packets sent by other MEP in the instance, stop packets with the same level or lower than its own level and transmit packets higher than its own level.
227
www.raisecom.com
User Manual
MIP
As the Figure 10-3 shows above, MIP (Maintenance association Intermediate Point) is inner node of service instance, which is created by device automatically. MIP cannot send CFM p ackets actively but can manage and answer LTM (LinkTrace Message) and LBM (LoopBack Message) packets. MP MEP and MIP are both called MP (Maintenance Point).
10.1.4
SLA
SLA is a telecommunication service evaluating standard negotiated by service provider and users to provide agreement to service quality, priority and responsibility, etc. In technology, S LA is real-time ne twork performance de tection and statistic technology which c an give s tatistics to responding t ime, ne twork j itter, delay, packet loss rate, etc. SLA can choose different task for different application and monitor related measurement value. Basic concepts related to SLA: Operation Static conc ept: it is a SLA ne twork performance t esting t ask f rom e nd-to-end, i ncluding layer-2 network delay/jitter te st ( y1731-echo/y1731-jitter) and layer-3 network delay/jitter te st (icmp-echo/icmp-jitter). Test Detection Dynamic concept: it is used to describe an execution of one operation. Dynamic concept: it is used to describe a procedure of transmitting-receiving packet in operation test. According to definition of operation, one operation test can contain multiple detections (one test only contains one time of detection for Echo operation). Schedule Dynamic concept: it is used to describe a schedule of one operation; one schedule contains multiple periodical tests executions.
228
www.raisecom.com
User Manual
10.1.5
E-LMI
Refering to Frame Relay Local Management Interface Specification, MEF (Metro Ethernet Forum) defines t he E thernet L ocal M anagement I nterface. E -LMI i s the O AM pr otocol to locate in UNI (User-Network Interface), mainly used between CE and PE devices. E-LMI enables service providers to configure CE automatically according to purchased services. By E-LMI, CE can automatically r eceive mapping information from us er VLAN t o EVC and the corresponding bandwidth and QoS settings. E-LMI CE device auto-configuration function not only reduces the w ork of the services establishment, but also the coordination work between service providers and enterprises users. As a result, enterprise users neednt to know the configuration of CE devices; service pr ovider w ill t ake t he i ntegrateconfiguration a nd m anagement w hich r educes the risk of human errors. In addition, E-LMI also provides the EVC status information to CE device. Once the EVC fails (such as PE uses CFM to provide fault detection function for EVC), PE will notify the CE device to access side route for switching. The deployment location of E-LMI in the network is shown in Figure 10-4:
10.2
10.2.1
EFM
Preparation for configuration
Networking situation Deploy E FM f eature be tween s traight t hrough c onnected de vices c an efficiently improve E thernet link management and maintenance capability and ensure network running stable.
10.2.1.1
10.2.1.2
Preconditions Before c onfiguring E FM, users ha ve to c onnect interface a nd configure physical pa rameters f or it, the interface is Up at physical layer.
10.2.2
www.raisecom.com Function Working mode of EFM Message transmission interval Link timeout time OAM function status Alarm function statusof peer OAM event Remote loopback status of EFM Monitoring window of error frame event Monitoring threshold of error frame event Monitoring window for statistic event of link error frame seconds Monitoring threshold for statistic event of link error frame seconds Monitoring window for statistic event of error code Monitoring threshold for statistic event of error code Fault indication function status Alarm function for Local OAM event Default value Passive 10100ms 5s Disable Disable Respond 1s 1 error frame 60s 1s 100ms 1s Enable Disable
User Manual
10.2.3
230
www.raisecom.com Step 4 Configuration Raisecom(config-port)#exit Raisecom(config)#oam send-period period-number 5 Raisecom(config)#oam timeout period-number Description
User Manual
(Optional) OAM link sends INFO packets to each other timing, use this command to set packets sending interval and control link communication period. The unit is 100ms. By default, sending interval is 10 (10100ms). (Optional) Configure OAM link timeout time. OAM link is broken if both ends devices of OAM link havent receive OAM packets over timeout time. By default, time for link timeout is 5s. Enter physical layer interface configuration mode. Enable interface OAM function. By default, OAM disable. The command of oam disable can disable interface OAM.
6 7
10.2.4
10.2.4.1
(Optional) Startup EFM remote loop function Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface port port-id Raisecom(config-port)#oam remote-loopback Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure interface to start EFM remote loopback function. Remote loopback function can only be started after EFM connection and must be configured in active mode device. (Optional) Disable remote loopback function. Disable remote loopback function in time after finish detection.
Perform loopback detection periodically can discover network fault in time. By loopback detection in network sections can locate exact fault area and help users remove fault. In link loopback status, the device loopback all packets except OAM packets received by link to peer device, user data packets cannot forwarded normally. Please disable this function in time when doesnt need detection.
10.2.4.2
(Optional) Configure peer OAM event trap function Step 1 Configuration Raisecom#config Description Enter global configuration mode.
231
www.raisecom.com Step 2 3 Configuration Raisecom(config)#interface port port-id Raisecom(config-port)#oam peer event trap enable Description
User Manual
Enter physical layer interface configuration mode. Enable peer OAM event trap function, link monitor event can be reported to NMS center in time. By default, device doesnt report trap to NMS center through SNMP TRAP when receiving peer link monitor event. User can use the command of oam peer event trap disable to disable this function.
10.2.4.3
(Optional) Check current variable value of peer Please configure OAM link monitor for the device as below. Step 1 Configuration Raisecom#show oam peer [link-statistic | oam-info ] port-list port-list Description Get peer device OAM information or interface statistic variable value.
Note: By ge tting c urrent variable value of pe er de vice to get s tatus of c urrent l ink. IEEE802.3 Clause30 defines a nd e xplains s upporting O AM ge tting v ariable a nd i ts denotation in details. The variable t akes Object as t he m aximum di vision, e ach obj ect c ontains Package a nd Attribute. A package contains several attributes. Attribute is the minimum unit of variable. When OAM variable getting, it de fines object, package, brach and leaf description of a ttributes by C lause30 to describe requesting object, and the branch and leaf are followed by variable value to denote object responds variable r equest. The de vice i s i n s upport of OAM inf ormation and interface s tatistics f or obj ect variable getting. Peer variable getting cannot realize until building up EFM connection.
10.2.5
10.2.5.1
(Optional) Configure device related EFM remote loopback Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface port port-id Raisecom(config-port)#oam loopback { ignore | process } Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure ignore or process EFM remote loopback. By default, the device processes EFM remote loopback.
Note: Peer EFM remote loopback function wont take effect until remote loopback process function
232
User Manual
10.2.5.2
(Optional) Configure OAM link monitor function Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface port port-id Raisecom(config-port)#oam errored-frame window window threshold threshold Raisecom(config-port)#oam errored-frame-period window window threshold threshold Raisecom(config-port)#oam errored-frame-seconds window window threshold threshold Raisecom(config-port)#oam errored-symbol-period window window threshold threshold Note: OAM link m onitor is us ed t o de tect a nd r eport l ink error i n di fferent c ondition. When detection link has fault, device notifies peer the error generated time, windown and threshold setting, etc. by OAM event, the peer receives event notification and report NMS center via SNMP Trap. Besides, local device can direct report event to NMS center via SNMP Trap. By default, system has default value for error generated time, windown and threshold setting. Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure error frame monitor window and threshold. By default, monitor window is 1 second, threshold is 1 error frame. Configure error frame period event monitor window and threshold. By default, monitor window is 100 ms, threshold is 1 error frame. Configure link error frame seconds windown and threshold. By default, monitor window is 60 seconds, threshold is 1 second. Configure error code window and threshold. By default, monitor window is 100ms, threshold is 1 second.
10.2.5.3 Step 1 2 3
(Optional) Configure OAM fault indication function Configuration Raisecom#config Raisecom(config)#interface port port-id Raisecom(config-port)#oam notify { critical-event | dying-gasp | errored-frame | errored-frame-period | errored-frame-seconds | errored-symbol-period } { disable | enable } Description Enter global configuration mode. Enter physical layer interface configuration mode. Configure OAM fault indication system, used to notify peer device that local device is abnormal. The device can notify peer faults of link-fault, dying-gasp and critical-event. By default, device fault indication is enabled. When fault happens, device notifies peer through OAM immediately. Except link-fault must notify peer, dying-gasp and critical-event can be disabled by this command.
10.2.5.4
(Optional) Configure local OAM event trap function Step Configuration Description
233
www.raisecom.com Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface port port-id Raisecom(config-port)#oam event trap enable Description Enter global configuration mode.
User Manual
Enter physical layer interface configuration mode. Enable local OAM event trap function, link monitor event can be reported to NMS center in time. By default, device wont report NMS center by SNMP Trap. The command of oam event trap disable can disable it.
10.2.6
Checking configuration
Check the result by the commands below after configuration: No. 1 2 3 4 5 6 7 Item Raisecom#show oam [ port-list port-list ] Description Show basic configuration of EFM.
Raisecom#show oam loopback Show EFM remote loopback configuration. [ port-list port-list ] Raisecom#show oam notify [ port-list port-list ] Raisecom#show oam statistics [ port-list port-list ] Raisecom#show oam trap [ port-list port-list ] Raisecom#show oam event [ port-list port-list ] [ critical ] Raisecom#show oam peer event [ port-list port-list ] [ critical ] Show OAM link monitor and fault indication configuration. Show OAM statistic information. Show OAM event trap configuration. Shoe serious interface detection fault information of local device. Show serious peer transmission fault information to the interface.
10.3
10.3.1
CFM
Preparation for configuration
Networking situation To develop Ethernet technology application in telecommunication network, Ethernet needs to realize service level identical to telecommunication transmission network. CFM provides full OAM tool to telecommunication Ethernet to solve this problem. CFM provides the below OAM functions: Fault detection function Fault detection function refers to use CC (Continuity Check) protocol to detect the connectivity of Ethernrt v irtual ne twork a nd c onfirm the M P c onnection s tatus. This f unction i s r ealized by MEP sending CCM (Continuity Check Message) periodically, other MEP in one service instance receives
234
10.3.1.1
www.raisecom.com
User Manual
packet to confirm the status of RMEP. The device fault or link configuration error may make MEP cannot fail to receive and process CCM from RMEP. If MEP hasnt recived remote CCM packet in 3.5 CCM intervals, the link is considered to be fault, system will send fault trap according to alarm priority configuration. Fault acknowledgement function Using L B ( LoopBack), this f unction c onfirms connectivity be tween t wo M P by s ending L BM (LoopBack Message) from source MEP and answering LBR (LoopBack Reply) by destination MP. Source MEP sends LBM to MP for fault acknowledgement; the MP receives LBR and sends a LBR to source ME P. I f the source ME P can receive LBR, the pa th is connective; if sou rce ME P cant receive LBR, the path is not connective. Fault location function Using LT, this function sends LTM (LinkTrace Message) to destination MP by source MEP, each MP device on LTM transmitting path will answer LTR ( LinkTrace Reply) to source MEP, and then the efficient LTR and LTM fault location point can be recorded. Alarm indication signal function (AIS, Alarm Indication Signal) This function is used to stop alarm when detected fault at server layer (sub-layer). MEP (including server MEP) sends AIS frame to client MD when detected fault. ETH-AIS frame is transmitted on MEP (or server MEP). When receiving AIS frame, it doesnt contain peer MEP information of fault, the M EP m ust inhi bit a ll pe er M EP tr ap regardless of the c onnectivity s tatus. It can inhibit c lient alarm information through AIS function to make the network easier to manage and maintain when server layer has fault. Ethernet signal lock function (LCK, Lock) This function is used to notify management lock for server layer (sub-layer) MEP and the followed data s ervice traffic ha lt. The s ervice traffic is sent for MEP expected to receive traffic. Then MEP receives ETH-LCK frame can identify it is fault or management lock of server layer MEP. Lock is OAM f unction a ccording t o r equirement, a t ypical a pplication of M EP l ock i s w hen pe rforming diagnostic test when service halts. Anyway, CFM implements end-to-end service OAM technology, reducing service provider operation cost and improve competion.
10.3.1.2
Preconditions Finish below tasks before configuring CFM: Connect i nterface a nd configure physical pa rameters f or i t, the i nterface i s Up at physical layer Create VLAN Add interface into VLAN
10.3.2
www.raisecom.com Function Global CFM function status CFM function status on interface MD status MEP status overservice instance Aging time of remote MEP Hold time of error CCM message MEP transmitting CCM message status MEP transmitting CCM message mode CCM message transmitting interval Dynamic import function leart by service instance romote MEP cc check function of remote MEP CFM OAM message priority Layer-2 ping function status Switch status of fault location database Hold time of data in fault location database AIS transmitting function status AIS transmission period Alarm suppression function status LCK message transmitting function statis Default value Disable Enable Not exist Up 100min 100min Not transmit Passive 10s Ineffective Disable 6 Five LBM messages are transmitted; the length of TLV message is 64. Disable 100min Disable 1s Enable Disable
User Manual
10.3.3
Enable CFM
Please configure CFM for the device as below. Note: CFM fault detection and location function cannot take effect unless enabling CFM function on the device. Step 1 Configuration Raisecom#config Description Enter global configuration mode.
236
www.raisecom.com Step 2 Configuration Raisecom(config)#ethernet cfm enable Raisecom(config)#interface port port-id Raisecom(config-port)#ethernet cfm enable Description
User Manual
Enable global CFM function. By default, CFM is not enabled globally; the command of ethernet cfm disable can disable it. Enter physical layer interface configuration mode. Enable CFM function on interface. By default, interface enables CFM function. The command of ethernet cfm disable can disable it. The interface cannot receive/transmit CFM packets after disabled.
3 4
10.3.4
Raisecom(config-service)#service Configure service application VLAN map. vlan-list vlan-list [ primary-vlan VLAN list pe rmits a t most 32 VLAN. The smallest vlan-id ] VLAN w ill be t aken as pr imary V LAN of s ervice instance. All M EP in service ins tance tr ansmit a nd receive packets through primary VLAN. Note: Since using primary V LAN t o t ransmit a nd receive pa ckets, all of ot her V LAN i n the l ist ar e mapped t o pr imary V LAN. This logical V LAN mapping r elationship i s globally; VLAN m apping relationship of di fferent le vel c an be ide ntical but cannot c ross. For e xample: i nstance 1 m apping t o VLAN 10-20, instance 2 mapping to VLAN 15-30, the configuration i s i llegal b ecause V LAN 15 -20 is overlopped.
Raisecom(config-service)#service Configure MEP over service instance. Service instance mep [ up | down ] mpid mep-id must map t o V LAN w hen c onfiguring t his ki nd MEP. port port-id By de fault, M EP i s Up, that is to detect the f ault in interface uplink direction.
237
www.raisecom.com
User Manual
10.3.5
Raisecom(config)#ethernet cfm errors (Optional) Configure hold time for e rror C CM p ackets. archive-hold-time minutes The device saves all fault information of MEP. By de fault, hol d t ime f or error C CM packets i s 100 minutes. New h old time configured by the s ystem w ill check data i n database once; the data will be cl eared immediately if it is over time.
4 5
Raisecom(config)#service cisid level level Raisecom(config-service)#service cc interval { 1 | 10 | 60 | 600 | 3ms | 10ms | 100ms }
Enter service instance configuration mode. (Optional) Configure service i nstance C CM pa ckets sending time interval. By de fault, C CM pa ckets s ending time interval is 10 seconds. C CM pa ckets sending interval cannot be modified when the function is enabled. Enable MEP transmitting CCM packets. By de fault, M EP do esnt s end C CM pa ckets. U se t he command service cc disable mep {mepid-list | all} to disable CCM packets transmission. (Optional) Configure static r emote M EP. Use by cooperating with cc check function. (Optional) Configure remote M EP l earning dy namic import f unction. Service i nstance t ransfers dynamic remote ME P learnt to static r emote M EP automatically once receiving CCM packets. By default, disable this function. (Optional) Configure remote MEP cc check function. After en abling this function, s ystem will check whether the dynamic r emote M EP I D learned is consistent w ith static r emote M EP I D once receiving CCM pa ckets. If they are not consistent, the CCM packets are considered as incorrect. By default, disable this function. (Optional) Configure client V LAN for CFM OAM packets, j ust ne ed to configure in Q inQ ne tworking environment. By default, CFM OAM packets dont take C-TAG. After configuring client VLAN for service instance, all CCM, LTM, LBM, DMM sent by MEP under the instance will carry double TAG. Hereinto, C-TAG uses this command to configure client VLAN.
238
7 8
10
User Manual
(Optional) Configure CFM OAM packets priority. After configuring packets priority, all CCM, LBM, LTM, DMM sent by MEP use assigned priority. By default, packet priority is 6. (Optional) Configure CFM permitting sending fault trap type. C C f unction of CFM can detect f ault i n 5 l evels, they are from high to low: level 5-cross connection, level 4-CCM error, level 3-remote MEP loss, level 2-interface status fault, level 1-RDI. By default, it is macremerr, namely permiting fault trap on level 2-5. Note: When CFM detected fault, identical level or lower level fault wont generate trap again before removing fault; Wait f or 10s unt il the f ault s tatus is c leared a fter removing CFM fault.
12
Raisecom(config-service)#snmp-server trap cfm { all | ccmerr | macremerr | none | remerr | xcon } mep { all | mep-list }
10.3.6
www.raisecom.com
User Manual
10.3.7
5 6
Raisecom(config)#service cisid level level Raisecom(config-service)#traceroute { mac-address | mep mep-id } [ ttl ttl ] [ source mep-id ]
240
www.raisecom.com
User Manual
10.3.8
4 5
Step 1 2 3
Configure client layer devices as below: Configuration Raisecom#config Description Enter Global Configuration mode. Enter service instance configuration mode. Enable alarm control function. By default, this function is enabled. The command of service suppress-alarms disable mep mep-list can disable it.
Raisecom(config)#service cisid level level Raisecom(config-service)#service suppress-alarms enable mep { all | mep-list }
10.3.9
4 5
241
www.raisecom.com
User Manual
Step 1 2 3
Configure client layer devices as below: Configuration Raisecom#config Description Enter global configuration mode. Enter service instance configuration mode. Enable alarm control function. By default, this function is enabled. The command of service suppress-alarms disable mep mep-list can disable it.
Raisecom(config)#service cisid level level Raisecom(config-service)#service suppress-alarms enable mep { all | mep-list }
10.4
10.4.1
SLA
Preparation for configuration
Networking situation Carrier and customer sign SLA protocol to guarantee users can enjoy certain quality network service. To perform SLA protocol effectively, carrier needs to deploy SLA feature test performance on device and the test result is evidence to ensure users performance. SLA feature chooses two testing node, configure SLA operation on one node and schedule executing
242
10.4.1.1
User Manual
SLA f eature s tatistics t he s huttle pa ckets dr opping r ate, s huttle or one -way ( SD/DS) de lay, jitter, variance of jitter, distribution of jitter, etc. data and notify data to upper layer monitor software (like NMS), then analyze network performance and get users wanted data.
10.4.1.2
Preconditions Finish the below task before configuring SLA: Deploy CFM between the tested devices.
10.4.2
10.4.3
243
www.raisecom.com Step 5 Configuration Raisecom(config)#sla oper-num y1731-jitter remote-mac mac-address level level svlan vlan-id [ cvlan vlan-id ] [ cos cos-value ] [ interval period ] [ packets packets-num ] [ dm ] Raisecom(config)#sla oper-num icmp-echo dest-ipaddr ip-address [ dscp dscp-value ] Raisecom(config)#sla oper-num icmp-jitter dest-ipaddr ip-address [ dscp dscp-value ] [ interval period ] [ packets packets-num ] Raisecom(config)#sla y1731-echo quick-input [ level level ] [ svlan vlan-id ] [ dm ] Raisecom(config)#sla y1731-jitter quick-input [ level level] [ svlan vlan-id ] [ dm ] Note: Description
User Manual
6 7
Configure basic information for SLA icmp-echo. Configure basic information for SLA icmp-jitter. Create y1731-echo quickly. Create y1731-jitter quickly.
8 9
After c onfiguring basic information for on e o peration ( differed by ope ration I D), i t i s no t allowed to modify or configure again. That is to say, delete the operation at first if user wants to configure it again. SLA supports a t m ost 100 operations s chedule a t one time up t o 100 pi eces, b ut w ait a schedule to finish (reach schedule life time or stop schedule) before schedule again or modify schedule information.
10.4.4
10.4.5
Check configuration
Check the result by the commands below after configuration: No. 1 2 3 Item Raisecom#show sla { all | oper-num } configuration Raisecom#show sla { all | oper-num } result Raisecom#show sla { all | oper-num } statistic Description Show SLA configuration. Show the latest operation test information. Show operation schedule statistics. One operation (differed by operation ID) possesses 5 groups of statistics at most, if over 5, the oldest statistics (from the schedule starting time) will get aged if over 5 groups.
244
www.raisecom.com
User Manual
10.5
10.5.1
E-LMI
Preparation for configuration
Networking situation By E -LMI, PE can s end t he m apping i nformation from VLAN to EVC to CE and achieve t he automatic configuration function of CE d evice. This not onl y reduces the work of t he business establishment, but also the coordination work between service providers and enterprise users. As a result, enterprise users neednt to know the configuration of CE devices; service provider will take the integrateconfiguration and management which reduces the risk of human errors. Cooperating w ith O AM pr otocol ( such a s C FM pr otocol), E -LMI can give f eedback of the EV C status inf ormation in service pr ovider ne twork t o C E de vice timely. Once the E VC f ails, PE will notify the CE device to access side route for switching.
10.5.1.1
10.5.1.2
Preconditions Finish the following tasks before configuring E-LMI: Connect interface and configure the interface physical pa rameters, make the physical l ayer status of interface Up; Configure the physical layrer interface between PE and CE for Trunk mode. Configure CFM between PE devices.
10.5.2
245
www.raisecom.com
User Manual
10.5.3
Step 1 2 3
Configure EVC Configuration Raisecom#config Description Enter global configuration mode. Create EVC and enter EVC configuration mode. Bind EVC and CFM. The binding CFM service instance must be existed and MEP is Up.
Raisecom(config)#ethernet lmi evc evc-number evc-name Raisecom(config-evc)#oam-protoco l cfm svlan vlan-id level level
246
User Manual
Configure the UNI number bound by EVC. The UNI bound by EVC contains local UNI and remote UNI. If the UNI number is 2, the attribute of EVC is point-to-point; if the number is more than 2, EVC will be point-to-multiple. Note: the configured UNI number must be consistent to MEP number bound by CFM. If number of UNI is greater than MEP, the UNI status is still partially active, even all UNI are Up. If number of UNI is less than MEP, the UNI status may shows as active while part of UNI are Down.
Step 1 2 3 4
Configure UNI Configuration Raisecom#config Description Enter global configuration mode. Enter physical layer interface configuration mode. Create UNI. It only can create one UNI for each interface and uni-id should be unique globally. Configure binding type for UNI. Bundling: UNI can bind one or more EVC and one or more CE-VLAN can be mapped to one EVC; all-to-one-bundling: UNI only can bind one EVC and all CE-VLAN can be mapped to this EVC service-multiplexing: UNI can bind one or more EVC, but each EVC only has one CE-VLAN mapping.
Raisecom(config)#interface port port-id Raisecom(config-port)#ethernet lmi uni uni-id Raisecom(config-port)#ethernet lmi uni { bundling | all-to-one-bundling | service-multiplexing }
5 6
Raisecom(config-port)#ethernet lmi evc evc-number Raisecom(config-port)#ethernet lmi ce-vlan map { vlan-list | untagged | all } evc evc-number
Bind UNI and EVC. Configure the mapping relation between EVC and CE-VLAN. If the mapping type of UNI is all-to-one-bundling, then all CE-VLAN are mapped to the bound EVC by default, and at this time, not configure the command.
247
User Manual
(Optional) Configure some EVC as default EVC. All other unspecified CE-VLAN will be mapped to default EVC. For example: After configuring the command of ethernet lmi ce-vlan-map 100-4094 evc evc1, VLAN 100VLAN 4094 is mapped to evc1, then configure evc2 as default EVC, the remained VLAN 1VLAN 99 and Untagged VLAN will be mapped to evc2. If this command is configured in advance, the system will map all VLAN to default EVC, then the command of ethernet lmi ce-vlan-map {vlan-list | untagged | all} evc evc-number will not be configured. Note: This command can be configured only when the binding type of UNI is bundling.
(Optional) Configure EVC message notification mode for PE device. When EVC notification mode is asyn, PE will send message to CE immediately with the change of EVC to make CE device take EVC update. When EVC notification mode is full, PE will not send message to CE immediately with the change of EVC, but wait until receiving the efficient Full Status Enquiry message from CE device, it will respond the Full or Full Continuous message.
10.5.4
Step 1 2 3
Description Enter global configuration mode. Globally enable E-LMIfunction. The command of ethernet lmi disable can disable this function. Configure the device as CE. Note: The system will give a tip to clear the existing E-LMI configuration when configuring role switching for the device.
4 5
Enter physical layer interface configuration mode. (Optional) Enable E-LMI function on interface. The command of ethernet lmi disable can disable this function. (Optional) Configure the value for T391 timer. (Optional) Configure the value for N391 counter. (Optional) Configure the value for N393 counter of CE device.
248
6 7 8
Raisecom(config-port)#ethernet lmi t391 value Raisecom(config-port)#ethernet lmi n391 value Raisecom(config-port)#ethernet lmi n393 value
www.raisecom.com
User Manual
10.5.5
Check configuration
Check the result by the commands below after configuration: No. 1 2 3 4 5 6 Item Raisecom#show ethernet lmi config port-list { all | port-list } Raisecom#show ethernet lmi statistics port-list { all | port-list } Raisecom#show ethernet lmi uni port-list { all | port-list } Raisecom#show ethernet lmi evc evc-number Raisecom#show ethernet lmi evc map port-list { all | port-list } Raisecom#show ethernet lmi evc map oam Description Show E-LMI configuration of interface. Show E-LMI statistics of interface. Show UNI configuration. Show EVC status. Show the mapping information between EVC and CE-VLAN. Show OAM protocol information mapped by EVC.
10.6
Maintenance
User can maintain OAM features by the below commands. Command Raisecom(config-port)#clear oam statistics Raisecom(config)#clear ethernet cfm errors [ level level ] Raisecom(config)#clear ethernet cfm remote-mep [ level level ] Raisecom(config)#clear ethernet cfm traceroute-cache Raisecom(config)#clear ethernet lmi statistics port-list { all | port-list } Description Clear EFM OAM interface link statistics. Clear CCM error database information. Clear remote MEP. Clear traceroute cache database. Clear interface E-LMI statistics.
10.7
10.7.1
Configuring applications
Application of EFM
Networking requirement As the Figure 10-5 s hows be low, de ploy E FM f eature on de vice t o i mprove E thernet l ink management and maintenance capa bility be tween Switch A and Switch B. Switch A is active end, Switch B is passive end. Deploy OAM event trap function on Switch A.
10.7.1.1
249
www.raisecom.com
User Manual
10.7.1.2
10.7.1.3
Show result Show EFM configuration on Switch A by the command of show oam.
SwitchA#show oam port-list 1 Port:port1 Mode:Active Administrate state: Operation state: Max OAMPDU size: Send period: Link timeout : Config revision: Supported functions: Enable Disable 1518 1000 ms 5s 1 Loopback, Event, Variable
Show OAM event larm configuration on Switch A by the command of show oam trap.
SwitchA#show oam trap port-list 1 Port: Event trap: Peer event trap: Discovery trap total: Discovery trap timestamp: Lost trap total: 0 0 days, 0 hours, 0 minutes 0 250 port1 Enable Enable
www.raisecom.com
Lost trap timestamp: 0 days, 0 hours, 0 minutes
User Manual
10.7.2
10.7.2.1
Application of CFM
Networking requirement As t he Figure 10-6 shows b elow, users communicate w ith server through t he ne twork bui ldup by Switch A, Switch B a nd Switch C. To make E thernet l ink between server and user ge t telecommunication service l evel, user can deploy C FM f eature on Switch device t o realize act ive fault detection, acknowledgement and location. Switch A and Switch C are MEP, Switch B is M IP, detecting Ethernet fault from Switch A Port 1 to Switch C Port 2, maintenance domain level is 3.
10.7.2.2
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#interface port 1 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit 251
www.raisecom.com
SwitchB(config)#interface port 2 SwitchB(config-port)#switchport mode trunk SwitchB(config-port)#exit
User Manual
Configure Switch C.
Raisecom#hostname SwitchC SwitchC#config SwitchC(config)#create vlan 100 active SwitchC(config)#interface port 2 SwitchC(config-port)#switch access vlan 100 SwitchC(config-port)#exit SwitchC(config)#interface port 1 SwitchC(config-port)#switchport mode trunk SwitchC(config-port)#exit
Configure Switch B.
SwitchB(config)#ethernet cfm domain level 3 SwitchB(config)#service ma1 level 3 SwitchB(config-service)#service vlan-list 100 SwitchB(config-service)#exit SwitchB(config)#ethernet cfm enable
Configure Switch C.
SwitchC(config)#ethernet cfm domain level 3 SwitchC(config)#service ma1 level 3 SwitchC(config-service)#service vlan-list 100 SwitchC(config-service)#service mep up mpid 302 port 2 SwitchC(config-service)#service remote mep 301 SwitchC(config-service)#service cc enable mep all SwitchC(config-service)#exit 252
www.raisecom.com
SwitchC(config)#ethernet cfm enable
User Manual
---------------------------------------------------------------------------------1 2 !3 000E.5E00.0003 000E.5E00.0003 000E.5E00.0001 2/1 1/2 1/Yes Yes No rlyFdb rlyFdb rlyHit 000E.5E00.0003 000E.5E00.0001 000E.5E00.0002
10.7.2.3
Show result Show CFM configuration on Switch by the command of show ethernet cfm. Take Switch A for example:
SwitchA#show ethernet cfm Global CFM Admin Status: enable Port CFM Enabled Portlist: P:1-28 PC:1-3
Archive hold time of error CCMs: 100(Min) Remote mep aging time: 100(Min) Device mode: Slave
253
www.raisecom.com
User Manual
10.7.3
10.7.3.1
Application of SLA
Networking requirement As the Figure 10-7 shows b elow, users com municate with server through t he ne twork bui ldup by Switch A, Switch B and Switch C, deploying CFM on Switch to make Ethernet link between server and user get telecommunication service level. C arrier deploys SLA feature on Switch A and schedules execution periodically, then it is able to detect network performance between Switch A and Switch C. Switch A performs layer-2 delay test to Switch C. Configure y1731-echo on Switch A, operation ID is 2, remote MEP is 2, MD level is 3, VLAN-ID is 100, service level is 0. Schedule life period is 20 seconds, testing period is 10 seconds.
10.7.3.2
Configuration steps Configure CFM on Switch device. Refer to Configure CFM Application for details. Configure y1731-echo on Switch A and enable the operation schedule.
SwitchA#config SwitchA(config)#sla 2 y1731-echo remote-mep 302 level 3 svlan 100 cos 0 SwitchA(config)#sla schedule 2 life 20 period 10
10.7.3.3
Show result Show SLA configuration on Switch A by the command of show sla configuration.
Raisecom(config)#show sla 2 configuration -----------------------------------------------------------------------Operation <2>: Type: Frame type: Schedule Starttime: Y1731-ECHO Loopback 0 days, 00:00:00
-----------------------------------------------------------------------254
www.raisecom.com
Cos: Service Vlan ID: Customer Vlan ID: MD Level: Remote MEP ID: Timeout(sec): Schedule Life(sec): Schedule Period(sec): Schedule Status: 5 20 10 Completed! 0 100 0 3 302
User Manual
10.7.4
10.7.4.1
10.7.4.2
Configure PE B.
Raisecom#hostname PEB PEB#config PEB(config)#create vlan 100 active 255
www.raisecom.com
PEB(config)#interface port 1 PEB(config-port)#switchport mode trunk PEB(config-port)#exit PEB(config)#interface port 2 PEB(config-port)#switchport mode trunk PEB(config-port)#exit
User Manual
Configure PE B.
PEB(config)#ethernet cfm domain level 3 PEB(config)#service ma1 level 3 PEB(config-service)#service vlan-list 100 PEB(config-service)#service mep up mpid 302 port 2 PEB(config-service)#service remote-mep 301 PEB(config-service)#service cc enable mep all PEB(config-service)#exit PEB(config)#ethernet cfm enable
Configure PE B.
PEB(config)#ethernet lmi enable 256
www.raisecom.com
PEB(config)#ethernet lmi pe PEB(config)#ethernet lmi evc 1 evc1 PEB(config-evc)#oam-protocol cfm svlan 100 level 3 PEB(config-evc)#exit PEB(config)#interface port 2 PEB(config-port)#ethernet lmi uni uni1 PEB(config-port)#ethernet lmi uni bundling PEB(config-port)#ethernet lmi evc 1 PEB(config-port)#ethernet lmi ce-vlan map 100 evc 1 PEB(config-port)#exit
User Manual
Configure CE B.
Raisecom#hostname CEB CEB#config CEB(config)#ethernet lmi enable CEB(config)#ethernet lmi ce
10.7.4.3
Show result Check whether E-LMI configuration is correct on PE device by the command of show ethernet lmi config port-list port-list. Take PE A as example.
PEA#show ethernet lmi config port-list 1 E-LMI Global Enable Status: TrapEnable: Mode: Enable (default is disabled) (default is enabled) (default is PE)
Enable PE
------------------------------------------------------------------------E-LMI Interface client1 configuration: E-LMI Interface Enable status: Enable Max EVC number: N393: Notify Type: T392 Enable Status: T392: Aysn Enable 15s (default is enabled) 64 4 (default is 4) (default is Aysn) (default is enabled) (default is 15s)
Check whether the VLAN configuration is learnt correctly on CE device by the command of show
257
User Manual
258
www.raisecom.com
User Manual
This c hapter i ntroduces basic pr inciple a nd c onfiguration of s ystem management a nd pr ovides related configuration applications. Overview SNMP KeepAlive RMON Cluster management LLDP Expanded OAM SFP digital diagnostics System LOG Alarm management Hardware environment detection Fan monitor CPU monitor Check device information Ping Traceroute Maintenance Configuring applications
11.1
11.1.1
Overview
SNMP
SNMP ( Simple N etwork Management P rotocol) i s a dvanced by IETF (Internet E ngineering Task Force) f or s olving m anagement pr oblem of ne twork de vices i n I nternet. S NMP l ets r emote management for network devices supporting this protocol through one NMS (Network Management System) possible, including monitor network status, modify network device configuration, receiving network event alarm, etc. It is the widest applied network management protocol in TCP/IP network.
11.1.1.1 Working system SNMP is separated into two parts: Agent and NMS. The Agent and NMS communicate b y SNMP packets being sent through UDP. The working system of SNMP is shown in the Figure 11-1:
259
www.raisecom.com
User Manual
Figure 11-1 SNMP working system networking Raisecom NView NNM system can provide friendly H MI ( Human Machine Interface) to facilitate network management. The below functions can be realized through it: Send request packets to the managed device. Receive reply packets and Trap packets from the managed device, and show result. Receive/reply request packets from NView NNM system To read/write packets and generate replay packets according to the packets type, then return the result to NView NNM system Define t rigger c ondition a ccording t o pr otocol m odules, e nter/exit s ystem or r eboot de vice when c onditions a re s atisfied; r eplying module s ends Trap pa ckets t o N View NNM system via agent to report current status of device.
Agent is a program stays in the managed device, realizing the below functions:
Note: Agent can configure several versions, and different version communicates with different NMS. But SNMP version of NMS must be consistent with agent when they are communicating so that they can intercommunicate.
11.1.1.2 Protocol version Now SNMP has three versions: v1, v2c and v3. SNMP v 1 uses a uthentication s ystem of C ommunity Name. C ommunity na me i s us ed t o define r elationship between S NMP NMS an d Agent, performing as a pa ssword to restrict NMS accesses SNMP agent. The packets will be discarded if the community name taken by SNMP packets failed to pass device authentication. SNMP v2c also uses authentication system of Community Name. It expands functions of SNMP v1 besides compatibility: supporting more operation types, data type and error codes, able to differenciate errors more detailed. SNMP v 3 uses a uthentication s ystem of USM (User-Based Security M odel). User can s et functions of authentication and encryption for it. The function combination of authentication and encryption can provide a higher security to the communication between NMS and Agent. Authentication is used to authenticate legacy of packets transmitting end, prevent illegal users from accessing; encryption is to encrypt the transmission packets between NMS and Agent, to avoid wiretapping.
11.1.1.3 MIB MIB ( Management Information B ase) i s t he c ollection of a ll obj ects managed by N MS. It de fines attributes for the managed objects:
260
User Manual
The device-related statistic contents can be reached by accessing data items. Each proxy has its own MIB. MIB can be taken as an interface between NMS and Agent, through which NMS can read/write every managed object in Agent to manage and monitor the device. MIB store information in a tree structure, its root is on the top, without name. Nodes of the tree are the managed obj ects, which take a u niquely pa th s tarting f rom r oot ( OID) f or i dentication. S NMP protocol packets can access network devices by checking the nodes in MIB tree directory. ISCOM2924GF is in support of standard MIB and Raisecom customized MIB.
11.1.2
KeepAlive
KeepAlive packet is a ki nd of keepAlive mechanism running i n HDLC ( High-Level D ata Link Control) l ink l ayer pr otocol. The de vice w ill s end a KeepAlive pa cket to c onfirm w hether the opposite side is online every several seconds so as to realize neighbor detection mechanism. Trap is the unrequested information sent by the device actively to NMS, used to report some urgent and important events. Switch s ends K eepAlive Trap pockers act ively which includes the basic inf ormation of s witch (device name, device OID, MAC address and IP address). Network management synchronizes device information by IP t o m ake t he NMS di scover ne twork s egment i n a s hour t ime, i mprove w orking efficiency and reduce working load of administrators.
11.1.3
RMON
RMON ( Remote Network Monitoring) is a standard stipulated by IETF (Internet Engineering Task Force) for network data monitoring through different network Agent and NMS. RMON is achieved based on SNMP architecture, including the network management center and the Agent running on network devices. On the foundation of SNMP, increase the subnet traffic, statistics, and analysis to achieve the monitoring to one network segment and the whole network, while SNMP only c an monitor t he partial inf ormation of a s ingle de vice and it is difficult for i t t o monitor one network segment. RMON Ag ent is c ommonly r eferred t o a s the pr obe pr ogram; R MON Probe can take the communication s ubnet s tatistics a nd pe rformance a nalysis. W henever it finds network f ailure, RMON Probe can report network management center, and describes the capture information under unusual ci rcumstances so t hat the ne twork management cent er doesnt ne ed t o pol l the de vice constantly. Compared with SNMP, RMON can monitor remote de vices more act ively and more effectively, ne twork a dministrators c an t rack t he ne twork, network segment or de vice m alfunction more quickly. T his a pproach r educes t he data traffics be tween network m anagement cent er and Agent, makes it pos sible to manage l arge ne tworks simply and pow erfully, and m akes up the limitations of SNMP in growing distributed Internet. RMON Probe data collection methods: Distributed RMON. N etwork management center obtains ne twork management information and controls network resources directly from RMON Probe through dedicated RMON Probe collection data.
261
www.raisecom.com
User Manual
Embedded RMON. Embed RMON Agent directly to network devices (such as switches) to make the m w ith RMON Probe f unction. N etwork m anagement c enter will collect network management i nformation through the basic operation of SNMP and the exchange data information of RMON Agent.
Our d evices a re e mbedded RMON. S hown i n F igure 1 1-2, t he de vice i mplements R MON Agent function. Through this function, the management station can obtain the overall traffic, error statistics and performance statistics information of this network segment connected to the managed network device interface so as to achieve the monitoring to one segment.
Figure 11-2 RMON application networking RMON MIB can be divided into nine groups according to function. Currently, there are four function groups achieved: statistics group, history group, alarm group, and event group. Statistics group, responsible f or c ollecting statistics on an interface, including the r eceived packet count and size distribution statistics; History gr oup, s imilar t o t he s tatistics gr oup, but i t c ollects statistics information i n a de signated testing period; Alarm gr oup, w ithin t he s pecified t ime i nterval, monitor a s pecific m anagement i nformation base (MIB) objects, and set the rising threshold and falling threshold; if the monitored object reaches the threshold, an event is triggered; Event group, coordinating with the alarm group, when the alarm triggers an event, it will be used to record the c orresponding e vent information, s uch a s s end Trap i nformation, w rite into t he l og a nd etc.
11.1.4
Cluster management
Cluster management protocol is used to manage a set of switch e quipment to provide users a ne w management method. Users can set up a cl uster by master s witch so as to achieve the centralized management and configuration to multiple devices added to the cluster. The main switch is called command device, the other managed switches are member devices. Command device has a public IP address, while the member devices do not set the IP address; the management and maintenance of member devices are often achieved by command device redirection. The c luster m anagement c an r educe t he w orkload of e ngineering a nd m aintenance, and also save public IP address resources. Administrators only need to configure public IP address on one device to achieve the management and maintenance of all cluster equipment without logging into each device for configuration. The benefits of c luster management are beyond doubt. H owever, when using cluster management, different manufacturers ha ve di fferent i mplementations on t he c luster pr ogram, g enerally us ing
262
www.raisecom.com
User Manual
proprietary pr otocols, c luster, w hich shows t hat the c luster m anagement t echnology ha s i ts limitations
11.1.4.1
Cluster role According to the different position and function of switches, the cluster has different roles. User can configure to specify the role of switch. The cluster role can be command device, member device and candidate device. Command device (Commander): also known as management device, used to assign public IP address t o provide m anagement i nterface f or al l s witch in the c luster. C ommand de vice manages m ember de vice by command redirection: n etwork m anagement s ystem s ends commands t o t he c ommand de vice for pr ocessing via t he publ ic ne twork. The c ommand device will f orward c ommands t o m ember de vice i f i t f inds t he c ommands s hould b e executed on member device. Command device can discover neighbor information, collect the entire network topology, manage cluster, maintain cluster state, and support a variety of agent functions. Member device (Member): members in cluster, generally do not configure public IP address. User manages member devices by commands redirection via the command device. Member device can discover neighbor information, accept command device management, equipment, execute t he c ommands from command device, and report fault/log. M ember device can b e managed through network management system or Telnet mode directly on c ommand device after activating. Candidate device (Candidate): ha s not joi ned any c lusters but s till ha s c luster a bility to become a cl uster m ember s witch. The di fference from member de vice i s the t opology information of candidate device has already collected by command device but not yet joined the c luster. When adding a candidate device to the cluster, the de vice will be come member device; w hen r emoving a member device from the cluster, t he device will recover to candidate device again.
Figure 11-3 Sketch map of cluster management As s hown i n Figure 1 1-3, the s witch c onfigured I P a ddress i s c ommand de vice, while the de vice managed by command device redirection is member de vice. T he command device and member
263
www.raisecom.com
User Manual
device can form a cluster. The device not joined cluster but still had cluster ability is candidate device.
11.1.4.2
Working principle of cluster Cluster management mainly contains three protocols: RNDP (Raisecom Neighbor Discover Protocol) is responsible for the neighbor discovery and information gathering of devices. RTDP (Raisecom Topology Discover Protocol) is responsible for the entire network topology information collection and processing. RCMP ( Raisecom C luster M anagement P rotocol) m ainly configures t o add, activate, and delete cluster members.
RTDP and RCMP protocols take communication in the cluster V LAN. S o, if there are devices not supporting RAISECOM cl uster m anagement function between the t wo devices f or cl uster management, you ne ed t o c onfigure t he c luster VLAN to e nsure t he nor mal c ommunication of RCMP and RTDP protocols. Each cluster must specify a com mand device. After command device is specified, command device can di scover and determine candidate de vice through neighbor discovery and topology gathering protocol. Users can add candidate device to the cluster by corresponding configuration. Candidate de vice will become m ember device af ter addi ng to cluster. If you w ant to m anage t he device through cluster management function, you must activate the switch, or configure auto-active function on switch.
11.1.5
LLDP
As the growing of network scale and the i ncreasing of network devices, ne twork t opology is becoming m ore c omplex a nd network m anagement is become pa rticularly i mportant. T o t rack changes i n network t opology information, m any ne twork management s oftware has a dopted the "automatic di scovery" f unction, but m ost ne twork m anagement s oftware only can analyze t he network layer topology without determining by which i nterface other devices connected t o other devices. LLDP ( Link Layer D iscovery P rotocol) is a link la yer di scovery pr otocol de fined by t he I EEE 802.1AB. Network m anagement s ystem c an m aster l ayer-2 network t opology a nd t he c hanges quickly by the protocol. LLDP or ganizes the l ocal device i nformation to di fferent T LV ( Type Length V alue uni t), a nd encapsulates t hem in LLDPDU ( Link Layer D iscovery P rotocol Data U nit) to s end to directconnected neighbors. Meanwhile, LLDP will save the information from neighbors with the standard MIB ( Management Information Base) f or m anagement s ystem to inquiry and judge links communication status.
11.1.5.1
Basic concept LLDP messages: Ethernet messages encapsulated LLDPDU in data unit. LLDPDU: da ta uni t of LLDP message. Before the c omposition of L LDPDU, the de vice w ill
264
www.raisecom.com
User Manual
encapsulate local information to TLV, and a number of TLV will combine into one LLDPDU, which encapsulated in the Ethernet data part will be transmitted. Shown in Figure 11-4, LLDPDU is formed by a number of TLV, which contains four mandatory TLV and a number of optional TLV.
Figure 11-4 LLDPDU structure chart TLV: uni t c ombining LLDPDU, which r efers t o t he unit de scribing t he object type, l ength a nd information. TLV st ructure is shown i n F igure 1 1-5: each TLV r epresents a piece of local i nformation. For example, t he device ID and interface ID are corresponded to Chassis ID TLV and Por t ID TLV separately.
Figure 11-5 Basic TLV structure chart TLV types are shown in Table 11-1, currently, it only uses the type of 0~8. Table 11-1 TLV types: TLV type 0 1 2 3 4 5 6 7 8 Description End Of LLDPDU: means LLDP messages end. Chassis Id: MAC address of sending device. Port Id: sending side interface of LLDP messages Time To Live: aging time of local device information on neighbour device. Port Description: description of Ethernet interface System Name System Description System Capabilities: main function of system and the used function Management Address Compulsory or not Compulsory Compulsory Compulsory Compulsory Optional Optional Optional Optional Optional
11.1.5.2
Working principle of LLDP LLDP i s a poi nt-to-point one -way di stribution protocol, which sends L LDP m essages periodically
265
www.raisecom.com
User Manual
from l ocal de vice t o oppo site de vice (or se nd LLDP messages w hen there i s cha nge in local information) to notify the link state to opposite device. The data traffic is as follows: When sending, the de vice obtains system information r equired by the selected TLV, and obtains configuration information from LLDP MIB, generates TLV, constitutes LLDPDU, encapsulates to LLDP messages and sends them to opposite device. After r eceiving LLDP messages, oppos ite de vice w ill a nalyze a ll the T LV information. If there i s c hange, t he oppos ite de vice w ill upda te t he i nformation to LLDP neighbors M IB table and inform NMS.
The aging time TTL (Time to live) of local device information in the neighbor node can be adjusted by modifying t he pa rameter v alues of aging coefficient, s ends LLDP m essages t o ne ighbor node , after r eceiving LLDP messages, ne ighbor no de will adjust the a ging time of its neighbor n odes (sending side) information. Aging time formula, TTL = Min {65535, (interval hold-multiplier)}: Interval indicates the time period to send LLDP messages from neighbor node. Hold-multiplier refers to the aging coefficient of device information in neighbor node.
11.1.6
When the pe rformance parameters r each alarm t hreshold or s tatus i nformation changes, the corresponding Trap alarm will be generated.
11.1.7
System Log
System Log means the device records system information and debug information, etc. in the form of log and outputs them to assigned destination. When the device has fault, the system log will take it easy for user to check and locate fault. System information and some debug outputs of ISCOM2924GF will be sent to system log. System log s ends the i nformation t o di fferent de stination a ccording t o us er c onfiguration. The system log destinations are as below: Console: output log information to local Console through Console interface Log host: output log information to log host in log file format Monitor: output log information to monitor, such as Telnet terminal File: output log information to device Flash in log file format Buffer: output log information to buffer
266
www.raisecom.com
timestamp module-level- Message content
User Manual
07-01-2008 11:27:41 Local0.Debug 20.0.0.6 JAN 01 10:18:30 CONFIG-7-CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 "
The system log information can be divided into eight levels according to the order of severity, as the Table 11-2 shows: Information levels: Severity level emergencies alerts critical errors warnings notifications informational debugging Level 0 1 2 3 4 5 6 7 Description The system is unavailable Need to process immediately criticalstatus Error status Alarm status Normal but very important status Notification event Debug information
Note: The severity level of output information can be set manually. According to the severity level, it only outputs low level or the same level configuration information with severity level. For example, configure i nformation out put f or s pecified level 3 (or a ssign the severity l evel e rrors di rectly); t he level is 0 to 3, i.e. the information with severity level of emergencies ~ errors can be output.
11.1.8
Alarm management
Alarm means when the device has fault or some working condition changes, the system will generate alarm information according to different fault types and different alarm sources. Alarm information is used to report some of the urgent and important event and notify them to the network administrator promptly, which provides strong support for monitoring device operation and fault diagnosis. Alarm information is stored in the alarm buffer, and at the same time generated to log information. If configuring network management system, the alarm information will be sent to network management
267
www.raisecom.com
User Manual
system through SNMP (Simple Network Management Protocol). The information sent to the network management system is called Trap information.
11.1.8.1
Classification of alarm information The alarm information can be divided into three types according to alarm natures: Fault alarm: refers t o the alarm for so me hardware fault or some abnormal important functions, such as interface status down alarm; Recovery alarm: re fers to the al arm for de vice failure or a bnormal function r eturning to normal, such as interface status up alarm; Event alarm: refers to the alarm indicating the prompted fault and recovery unmatched, such as Ping probe failure alarm. Communication alarm: refers t o the alarms r elated to the processing of i nformation transmission, i ncluding the c ommunication f ault between ne twork e lements, network elements and network management systems or NMS and NMS. Service quality alarm: refers to the alarms caus ed by service qua lity de gradation, including congestion, performance decline, high resource utilization rate, and the bandwidth reducing. Processing error alarm: refers t o the al arms caused by software or pr ocessing errors, including s oftware e rrors, m emory ov erflow, v ersion mismatching, and t he a bnormal program aborts. Environmental a larm: refers t o the al arms caus ed by equipment l ocation-related pr oblems, including the environment temperature, humidity, ventilation and other abnormal working conditions. Device alarm: refers to the alarms caused by physical resource failure, including power, fan, processor, clock, input / output interfaces and other hardware devices.
The alarm information can be divided into five types according to alarm functions:
11.1.8.2
Output of alarm information There are three alarm information output modes: Alarm buffer: record in tabular form, including the current alarm table and history alarm table. Current alarm table, recording alarm information which doesnt be cleared or restored. History alarm table, recording the cleared and auto-restored alarm information. Log: alarm information is generated to system log when recorded in alarm buffer, and stored in t he a larm l og buf fer. By de fault, a larm inf ormation will generate to system l og automatically. User can suppress the generation of the system log manually. Trap Information: alarm information sent to network management system when configuring network management system.
Alarm will be broadcast a ccording t o t he v arious t erminals of t he de vice c onfiguration, i ncluding command-line terminal and network management system. Alarm information log output with the beginning of symbol "#", the output format is:
# Index TimeStamp HostName ModuleName / Severity / name: Arise From Description
The field description is shown in Table 11-3. Table 11-3 Alarm information field description Field Index Description Alarm index
268
www.raisecom.com Field TimeStamp HostName ModuleName Severity name Arise From Description Description Alarm time Alarm host name Alarm module name Alarm severity level Alarm name Alarm description
User Manual
11.1.8.3
Level of alarm information The alarm level is used to identify the severity degree of an alarm. The level is defined in Table 11-4. Table 11-4 Alarm level definition Level Critical (3) Description This alarm has affected system services and requires immediate troubleshooting. Restore the device or source immediately if they are completely unavailable, even it is not during working time. This alarm has affected the service quality and requires immediate troubleshooting. Restore the device or source service quality if they decline; or take measures immediately during working hours to restore all performances. This alarm hasnt influenced the existing service yet, which needs further observation and take measures at appropriate time so as to avoid more serious fault. This alarm will not affect the current service, but maybe the potential error will affect the service, so it can be considered as needing to take measures. Uncertain alarm level, usually the event alarm. This alarm shows to clear one or more reported alarms. 2 Corresponding Syslog 1 (Alert)
Major (4)
(Critical)
Minor (5)
3 (Error)
Warning (6)
4 (Warning)
5 (Notice) 5 (Notice)
11.1.8.4
Alarm-related concepts Introduction of alarm related concepts: Alarm suppression The device only records root-cause alarm, but not incidental alarm when enabling alarm suppression. For example, the generation of alarm A will inevitably produce alarm B, then alarm B is suppressed and doe snt appe ar i n alarm buffer and r ecord l og information when e nabling a larm s uppression. Enabling alarm suppression can reduce the number of alarms effectively.
269
www.raisecom.com
User Manual
The root-cause alarm and all other incidental alarms will be recorded on device when disabling alarm suppression. Alarm Auto-reporting Auto-reporting refers to the a larm w ill be r eported t o network m anagement s ystem automatically with i ts ge neration a nd ne ednt initiate inqui ries or s ynchronization. User can set auto-reporting function to a larms generated f rom s ome property module ( alarm source), s ome interface ( alarm source), and the specified property module in the specified interface. Note: Alarm S ource: refers t o the alarm entities ge nerated related alarms, such as i nterface, alarm module (in support of alarm features) and so on. Alarm monitoring The alarm module will receive alarms generated by each module when enabling alarm monitoring function, and deal with them according to the configuration of alarm module, such as record alarm in alarm buffer, and record system logs, etc; The a larm m odule w ill di scard t he a larm ge nerated by t he m odule without follow-up treatment when disabling alarm monitoring function and the alarms will not be recorded on the device. Alarm monitoring is used to deal with each module alarms:
User can take alarm monitoring to some property module, some interface or the specified property module in the specified interface. Alarm reverse mode Alarm reverse refers t o the de vice will r eport t he i nformation oppos ite t o a ctual s tatus w hen recording alarm information, or report the a larm when there is no alarm inf ormation. Not r eport if there is alarm information. Currently, t he de vice is only in support of reverse mode configuration of the i nterface. There a re three reverse modes to be set; the specific definitions are as follows: No reverse mode Manual reverse mode Device alarm is reported normally. Set the alarm reverse mode of an interface as manual reverse mode, then no matter what the current alarm state is, the reported alarm state of the interface will be changed opposite to the actual alarm state i mmediately, that is to say, not report when there are alarms, report when there arent alarms actually. The interface will maintain the oppos ite alarm state regardless of the alarm state cha nges before the alarm reverse state being restored to non-reverse mode. Auto-reverse mode Set the alarm re verse mode as aut o-reverse m ode. If t he i nterface hasnt actual r everse al arm currently, the setting will return fail; if the interface has actual reverse alarm, the setting is success and enter reverse m ode, i.e. t he i nterface r eported alarm s tatus is changed oppos ite t o t he actual alarm s tatus immediately. After t he al arm is f inished, t he e nabling s tate of interface alarm reverse will e nds automatically and cha nges to no n-reverse al arm mode so that t he al arm s tate can be reported normally in next alarm. Alarm delay Alarm delay refers to the device will record alarms and report alarms to NMS after a delay time but not immediately when alarms generate. Both recording delay time and reporting delay time are the
270
www.raisecom.com same.
User Manual
By default, the device alarm is reported once generating (0s), which is instant reporting; clear alarm once it ends (0s), which is instant clearing. Alarm storage mode Alarm storage mode refers t o how t o record new ge nerated alarms w hen the a larm buf fer i s f ull. There are two ways: Stop: stop mode, when the alarm buffer is full, new generated alarms will be discarded without recording. Loop: wrapping mode, when the alarm buffer is full, the new generated al arms will replace old alarm information and take rolling records.
Use configured storage m ode t o deal with new generated alarm information w hen the al arm information in device alarm table is full. Alarm clear Clear the current alarm, which i s delete the current alarm from current alarm table. T he cleared alarms will enter history alarm table. Check alarm Administrators can check alarms directly on t he device, monitor alarm information. If the device is configured network management system, they can monitor on the network management system.
11.1.9
There are s everal w ays to notify the us er when an al arm is generated. The alarm event out put methods are as follows: Record device hardware environmental monitoring alarm buffer; Output Syslog system log; Send Trap to network management center.
User can take appropriate measures to prevent failure when alarm events happen.
11.1.9.1
Alarm event Power monitoring alarm Abnormal supply voltage alarm There are two power status alarms specifically: The al arm ge nerates w hen the p ower v oltage is ov er or be low 20% of t he predetermined v oltage value 12V , on the contrary, alarm will also generates when voltage restore the no rmal value. This alarm event is in support of recording hardware monitoring alarm table, Trap and Syslog output. Power state change alarm
271
www.raisecom.com
User Manual
Power state change refers to the power present changes to power absent, or power absent changes to power present state. ISCOM2924GF device is in support of dual power supplies, so the power state change alarm can be divides into one power state of two powers changes and device power-down. One power state of dual powers changes: the alarm e vent will inform user the state of power 1/2 changes, which is in support of recording hardware monitoring alarm table, Trap and Syslog output. Device power-down: Both powers are down, that is to say, both powers are changed to absent state, which is only support of Syslog output. Temperature beyond threshold alarm
The device is in support of temperature beyond threshold alarm event, when the current temperature is lower than low temperature threshold, the low temperature alarm event will generate, which is in support of recording hardware monitoring alarm table, Trap and Syslog output. When the device current temperature is higher than high temperature threshold, the high temperature alarm e vent w ill ge nerate, w hich i s a lso i n support of recording ha rdware monitoring a larm t able, Trap and Syslog output. Voltage beyond threshold alarm The device is in support of voltage beyond threshold alarm event, when the current voltage is lower than low v oltage threshold, the low v oltage a larm e vent w ill ge nerate, w hich is in support of recording hardware monitoring alarm table, Trap and Syslog output. When the device current voltage is higher than high voltage threshold, the high voltage alarm event will ge nerate, w hich i s a lso i n support of r ecording h ardware m onitoring a larm t able, T rap a nd Syslog output. Note: the device only monitor 3.3V master chip voltage. Interface status alarm Interface link-fault alarm: link failure alarm refers to the peer link signal loss. The alarm event only aims at optical port, but not power port. Interface link-down alarm: interface status Down alarm. Interface not-forwarding alarm: The interface will change to non-forwarding state under all VLAN. Each interface has three alarm events:
All three alarm events are in support of recording hardware monitoring alarm table, Trap and Syslog output.
11.1.9.2
Alarm output mode Hardware environment monitoring alarm output modes are as below: Hardware environment monitoring a larm buf fer out put, which is r ecorded to the ha rdware environment monitoring alarm table The hardware environment monitoring alarm table, recording current alarm information which hasnt been cleared and restored. The hardware e nvironment m onitoring history a larm table, r ecording c urrent, restored and manually cleared alarm information.
Hardware e nvironmental monitoring alarm information can be recorded in the cu rrent hardware environment monitoring a larm table and ha rdware environment m onitoring history alarm t able automatically without configuring manually.
272
User Manual
Alarm information is output to network management center in Trap mode. Trap output has global switch and all monitored alarm events still have their own Trap alarm output switches. When enabling the global switch and monitored alarm events switches simultaneously, the alarm will generate Trap output. The contents of Trap information are shown in Table 11-5. Table 11-5 Trap description Field Alarm status Description Asserted (current alarm) Cleared (alarm recovery) Clearall (clear all alarm information) Alarm source Timestamp Alarm event type Device (global alarm) Interface number (interface status alarm) Alarm time, in the form of absolute time dev-power-down (power-down alarm) power-abnormal (power-abnormal alarm, one of two powers is power down.) high-temperature (high-temperature alarm) low-temperature (low-temperature alarm) high-volt (high-voltage alarm) low-volt (low-voltage alarm) link-down (interface LinkDown alarm) not-forwarding (interface Not-Forwarding alarm) link-falut (interface LinkFault alarm) Syslog output all-alarm (clear all alarm information)
Record alarm information to Syslog. Syslog output ha s global s witch and all monitored alarm e vents still ha ve the ir o wn Syslog alarm output s witches. When e nabling t he gl obal s witch a nd monitored alarm ev ents s witches simultaneously, the alarm will generate Syslog output. Syslog contents are shown in Table 11-6. Table 11-6 Syslog information description Field Facility Severity Mnemonics Description The module name generating alarm, the hardware environment monitoring module is fixed as alarm. Level, Please see table 11-2 for the same system log difined levels. Alarm event type, please see table 11-5 for the detailed type deacription.
273
www.raisecom.com Field Msg-body Description Main body, describing alarm event contents.
User Manual
In auto-monitor mode, the device divides rotating speed into four levels; every level corresponds to a group of t emperature r ange r espectively. The device can adjust r otating speed according t o t he environment temperature.
11.1.12 Ping
The na me of P ing comes from sonar location operation, us ed t o detect whether the ne twork connection is normal. Generally, Ping function is achieved with ICMP echo messages. Firstly, send echo request message to an address, then the address corresponding device will respond to echo reply message. When echo request reaches the de stination a ddress, the de vice w ill r eturn echo reply message to t he s ource
274
www.raisecom.com
User Manual
address in an effective time to show the destination is reachable. If not receiving echo reply within the effective time, the sending end will display timeout, which means the destination is unreachable. Ping function principle is shown in Figure 11-6.
11.1.13 Traceroute
Same to P ing, Traceroute i s a commonly used maintenance method in network m anagement. Traceroute function is often used to test the network nodes of messages from sender to destination, detect whether the network connection is reachable and analyze network fault. The implementation process of Traceroute is as follows: First, send a piece of TTL1 sniffer message (UDP port number of message is unavailable to any application programs in destination side). TTL deducts 1 when reaching the first hop; because the TTL value is 0, in the first hop, the device returns an ICMP timeout message, indicating that this message cannot be sent. The sending host will add 1 to TTL and resend this message. Because TTL value was reduced to 0 in the second hop, the device will return an ICMP timeout message, indicating that this message cannot be sent.
The above steps will continue until the messages reach destination host, which will not return ICMP timeout message. Because the port number of destination host hasnt be used, destination host will send port unreachable message and finish the test. Thus, the sending host can record the source address of each ICMP T TL t imeout message, and a nalyze t he pa th t o de stination a ccording t o t he response message. Traceroute function principle is shown in Figure 11-7.
275
www.raisecom.com
User Manual
11.2
11.2.1
11.2.1.1
SNMP
Preparation for configuration
Networking situation When us er needs t o l og o n ISCOM2924GF device t hrough N MS, pl ease configure SNMP basic functions for ISCOM2924GF in advance.
11.2.1.2
Preconditions Finish below tasks before configuring SNMP: Configure SNMP interface IP address. Configure routing pr otocol, a nd m ake s ure r outing be tween ISCOM2924GF and N MS is available.
11.2.2
www.raisecom.com Function SNMP user Mapping relation between SNMP user and access group Default value
User Manual
By default: raisecomnone, raisecommd5nopriv, raisecomshanopriv user Index -0 1 i GroupName initialnone UserName S ecModel raisecomnone us m
Logo and the contact method of administrator Device physical location Trap status SNMP target host address
2 i nitial r aisecomshanopriv us m
11.2.3
Step 1 2
Description Enter global configuration mode. (Optional) Create SNMP view and configure MIB variable range. The default view is internet, which includes all MIB variables below 1.3.6 node of MIB tree.
Create community name and configure the corresponding view and access permission. Use default view internet if view view-name option is empty. (Optional) Create and configure SNMP v1/v2c access group.
Raisecom(config)#snmp-server access group-name [ read view-name ] [ write view-name ] [ notify view-name ] { v1sm | v2csm }
277
www.raisecom.com Step 5 Configuration Raisecom(config)#snmp-server group group-name user user-name { v1sm | v2csm | usm } Description
User Manual
(Optional) Configure the mapping relation between user and access group. SNMP v1/v2c can assign the corresponding community group and configure secure model for group. When the secure model is v1sm or v2csm, the secure level is noauthnopriv automatically.
11.2.4
Figure 11-8 Sketch map of SNMP v3 authentication mechanism Please configure SNMP v3 on the device as below. Step 1 2 Configuration Raisecom#config Raisecom(config)#snmp-server view view-name oid-tree [ mask ] { included | excluded } Description Enter global configuration mode. Create SNMP view and configure MIB variable range.
278
www.raisecom.com Step 3 Configuration Raisecom(config)#snmp-server user user-name [ remote engine-id ] authentication { md5 | sha } authpassword Raisecom(config)#snmp-server access group-name [ read view-name ] [ write view-name ] [ notify view-name ] [ context context-name { exact | prefix } ] usm { noauthnopriv | authnopriv } Raisecom(config)#snmp-server group group-name user user-name { v1sm | v2csm | usm } Description
User Manual
Create user and configure authentication mode. Create and configure SNMP v3 access group.
11.2.5
All SNMP v1, v2c and v3 are in support of the above configuration. Please configure other information of SNMP on the device as below. Step 1 2 Configuration Raisecom#config Description Enter global configuration mode.
Raisecom(config)#snmp-server (Optional) Configure logo and contact method of contact contact administrators. Note: Foe example: use E-mail as logo and contact method of administrators.
11.2.6
Configure Trap
Note: Except for target host configuration, Trap configuration of SNMP v1, v2c and v3 are identical. Trap means the device sends unrequested information to NMS automatically, which is used to report some critical events. Finish the following tasks befoce configuring Trap function: Configure SNMP ba sic function. SNMP v 1 and v2c versions need to configure community name; SNMP v3 needs to configure username and SNMP view. Configure routing pr otocol, a nd m ake s ure r outing be tween ISCOM2924GF and N MS is available.
Please configure SNMP Trap on the device as below. Step 1 Configuration Raisecom#config Description Enter global configuration mode.
279
www.raisecom.com Step 2 3 4 5 Configuration Raisecom(config)#interface ip if-number Raisecom(config-ip)#ip address ip-address [ ip-mask ] [ sub ] [ vlan-list ] Raisecom(config)#exit Raisecom(config)#snmp-server host ip-address version 3 { noauthnopriv | authnopriv } user-name [ udpport udpport ] Raisecom(config)#snmp-server host ip-address version { 1 | 2c } com-name [ udpport udpport ] Raisecom(config)#snmp-server enable traps Description
User Manual
Enter Layer-3 interface configuration mode. Configure Layer-3 interface IP address. Exit from global configuration mode and enter Privileged EXEC mode. (Optional) Configure Trap target host over SNMP v3. (Optional) Configure Trap target host over SNMP v1 and SNMP v2c. Enable SNMP sending Trap function.
6 7
11.2.7
Checking configuration
Check the result by the commands below after configuration: No. 1 2 3 Item Raisecom(config)#show snmp access Raisecom(config)#show snmp community Raisecom(config)#show snmp config Description Show configuration information of SNMP access group. Show configuration information of SNMP community. Show basic configuration information of SNMP, including local SNMP engine ID, logo and contact method of administrators, switch location and TRAP switch status. Show mapping relationship between SNMP user and access group. Show SNMP target host information. Show SNMP statistic information. Show SNMP user information. Show SNMP view information.
4 5 6 7 8
Raisecom(config)#show snmp group Raisecom(config)#show snmp host Raisecom(config)#show snmp statistics Raisecom(config)#show snmp user Raisecom(config)#show snmp view
11.3
11.3.1
11.3.1.1
KeepAlive
Preparation for configuration
Networking situation Switch sends KeepAlive packet to make network management discover network segment in a short time, improve working efficiency and reduce the working load of administrators. User can configure to e nable or di sable t he K eepAlive t ransmission a nd i ts pe riod. When e nabling KeepAlive T rap switch, if setting snmp enable traps and layer-3 IP address, switch will send a KeepAlive Trap to all
280
www.raisecom.com target hosts with Bridge Trap every KeepAlive Trap Interval.
User Manual
11.3.1.2
Preconditions Configure SNMP interface IP address. Configure basic function of SNMP: SNMP v1 and v2c versions need to configure community name; SNMP v3 needs to configure username and SNMP view. Configure routing pr otocol, a nd m ake s ure r outing be tween ISCOM2924GF and N MS is available.
11.3.2
11.3.3
Note: To avoid multiple de vices s ending KeepAlive Trap in the s ame t ime accor ding to the s ame period and causing heavy network management load, the real transmission period of KeepAlive Trap is timed as period+5s random transmission.
11.3.4
Check configuration
Check the result by the commands below after configuration: No. 1 Item Raisecom#show keepalive Description Show KeepAlive configuration.
281
www.raisecom.com
User Manual
11.4
11.4.1
11.4.1.1
RMON
Preparation for configuration
Networking situation RMON can help user monitor network and statistic traffic flow. RMON is a more efficient monitoring method than SNMP. User just needs to assign alarm threshold, device over t hreshold w ill s end trap information without variable information, which r educes communication amount between management device and managed device management and provides simple and efficient management to network.
11.4.1.2
11.4.2
11.4.3
Note: When using the command of no rmon statistics to disable interface statistics function, user cannot continue to obtain the interface statistics, but the interface still can take data statistics.
282
www.raisecom.com
User Manual
11.4.4
Note: When using the command of no rmon history to disable interface history statistics function, the interface will not take data statistics and clear all history data collected previously.
11.4.5
11.4.6
283
www.raisecom.com Step 1 2 Configuration Raisecom#config Raisecom(config)#rmon event event-id [ log ] [ trap community name ] [ description string ] [ owner owner-name ] Description Enter global configuration mode.
User Manual
Add event to RMON event group and configure related event processing mode.
11.4.7
Checking configuration
Check the result by the commands below after configuration: No. 1 2 3 4 5 Item Raisecom#show rmon Raisecom#show rmon alarms Raisecom#show rmon events Raisecom#show rmon statistics [ port port-id | ip if-number ] Raisecom#show rmon history { port port-id | ip if-number } Description Show related information of RMON configuration. Show RMON alarm group information. Show RMON event group information. Show RMON statistics group information. Show RMON history statistics group information.
11.5
11.5.1
11.5.1.1
Cluster management
Preparation for configuration
Networking situation There ar e a l arge number of s witches ne eded t o be managed in l ayer-2 ne twork, bu t t he us able IP address is limited, cluster management function can use one IP address to manage multiple devices in one cluster.
11.5.1.2
Preconditions Finish the following tasks before configuring cluster management function: The link between command device and member device is available. Create VLAN. Add interface to VLAN.
11.5.2
www.raisecom.com Function Interface RNDP function status of cluster member RTDP collection function status of cluster member The maximum collection range for cluster member RTDP Cluster management function status of command device The maximum member number of command device cluster management Auto-active function status of candidate device MAC address of command device with candidate device auto-active function Default value Enable Disable 16 jumpers Disable 128 Disable 0000.0000.0000
User Manual
11.5.3
11.5.4
www.raisecom.com
User Manual
11.5.5
11.5.5.1
Please take the following configuration on the device: Step 1 2 3 Configuration Raisecom#config Raisecom(config)#cluster Raisecom(config-cluster)# max-member max-number Description Enter global configuration mode. Configure the device as command device and enable clustermanagement function. (Optional) Configure the maximum member number of clustermanagement.
11.5.5.2
Configure to add and activate candidate device automatically In order to facilitate the users to add and activate cluster members on command device, allow user using the s ame us er na me and password to add and activate a ll t he candi date de vices, or to all candidate de vices which can activate aut omatically by this command, or t o add and activate al l candidate devices one by one in the prompt of device command echo contents. Please take the following configuration on the device: Step 1 2 3 Configuration Raisecom#config Raisecom(config)#cluster Raisecom(config-cluster)#member auto-build [ active user-name password [ all ] ] Description Enter global configuration mode. Enter cluster configuration mode. Configure to add and activate allcandidate devices automatically.
11.5.5.3
Confugure to add and activate candidate device manually Configure to add a nd a ctivate candidate d evice on command device, us er ne eds t o a dd c luster management device to cluster and activate it. After adding member device to the cluster, command device cannot m anage m ember de vice through cluster m anagement function without a ctivation. Users can add and activate members according to the following steps. Please take the following configuration on the device: Step 1 Configuration Raisecom#config Description Enter global configuration mode.
286
www.raisecom.com Step 2 3 Configuration Raisecom(config)#cluster Raisecom(config-cluster)#member mac-address active [ user-name password ] Description Enable cluster management function and enter cluster configuration mode.
User Manual
Configure to add candidate device to cluster and activate it. The command of no member {all | mac-address} can delete all or specified cluster members. The command of member {all | mac-address} suspend can suspend all or specified cluster members.
11.5.5.4
Configure auto-active function User must set MAC address for auto-active subordinated command device after setting auto-active function on candidate de vice, and t hen the ca ndidate d evice can be act ivated automatically b y i ts subordinated command device if the command device is configured to add and activate all candidate members to cluster automatically when connecting the device to network. Please take the following configuration on the device: Step 1 2 3 Configuration Raisecom#config Raisecom(config)#cluster-autoactive Raisecom(config)#cluster-autoactive commander-mac mac-address Description Enter global configuration mode. (Optional) Enable auto-active function. (Optional) Assign MAC address for auto-active command device.
11.5.5.5
Configure remote access member device In c luster c onfiguration m ode, us er can t ake r emote m anagement t o activated member de vices on command device. User can login activated cluster members according to the following steps. Please take the following configuration on the device: Step 1 2 3 Configuration Raisecom#config Raisecom(config)#cluster Raisecom(config-cluster)#rcommand { hostname [ mac-address ] | mac-address } Description Enter global configuration mode. Enter cluster configuration mode. Login cluster member device.
11.5.6
Check configuration
Check the result by the commands below after configuration: No. Item Description
287
www.raisecom.com No. 1 2 3 4 5 6 Item Raisecom#show rndp Raisecom#show rndp neighbor Raisecom#show rtdp Raisecom#show cluster vlan Raisecom#show rtdp device-list [ mac-address | hostname ] [ detailed ] Raisecom#show cluster Description Show RNDP configuration. Show RNDP neighbour information. Show RTDP configuration. Show cluster VLAN configuration.
User Manual
11.6
11.6.1
11.6.1.1
LLDP
Preparation for configuration
Networking situation When users obtain connection information between devices through NView NNM system for topology di scovery, the de vices need t o e nable L LDP f unction, not ify their inf ormation to the neighbors mutually, and store neighbor information to facilitate the NView NNM system queries.
11.6.1.2
Preconditions N/A
11.6.2
288
www.raisecom.com
User Manual
11.6.3
11.6.4
11.6.5
www.raisecom.com Step 5 Configuration Raisecom(config)#lldp restart-delay period Description (Optional) Configure restart timer. The device can enable global LLDP function again after restart time when disabling global LLDP function. By default, the restart time is 2s.
User Manual
11.6.6
11.6.7
Check configuration
Check the result by the commands below after configuration: No. 1 2 3 4 Item Raisecom#show lldp local config Raisecom#show lldp local system-data [ port port-id ] Raisecom#show lldp remote [ port port-id ][ detail ] Raisecom#show lldp statistic [ port port-id ] Description Show LLDP local configuration. Show LLDP local system information. Show LLDP neighbor information. Show LLDP packet statistics information.
11.7
11.7.1
11.7.1.1
User Manual
11.7.2
11.7.3
11.7.4
291
www.raisecom.com Step 3 Configuration Raisecom(config)#interface port port-id Raisecom(config-port)#transceiver ddm enable Description Enable interface optical module digital disgnostics alarm sending Trap.
User Manual
Only when global optical module digital diagnostics alarm sending Trap is enabled, the optical module enabling interface optical module digital diagnostics alarm sending Trap function can send Trap when alarm generates.
11.7.5
Check configuration
Check the result on the device as below after configuration. No. 1 Item Raisecom#show transceiver Description Show global switch status and interface switch status of optical module digital diagnostics. Show optical module digital diagnostics performance parameters. Show history information of optical module digital diagnostics. Show basic information of optical module. Show optical module over threshold information last time.
2 3 4 5
Raisecom#show transceiver ddm port-list port-list [ detail ] Raisecom#show transceiver port-list port-list history { 15m | 24h } Raisecom#show transceiver information port-list port-list Raisecom#show transceiver threshold-violations port-list port-list
11.8
11.8.1
11.8.1.1
System log
Preparation for configuration
Networking situation Device will generate the key information, debugging information, error information, etc. to system log, output a s log file or transmit to log host, Console port or control c onsole to facilitate users to check and locate the fault.
11.8.1.2
Preconditions N/A
11.8.2
www.raisecom.com Function Enable/disable system log Output log information to console Output log information to host Output log information to file Output log information to monitor Output log information to buffer Output log information to history list Log list size Transfer log to Trap Log buffer size Transmitting rate of system log Timestamp of system log information Default value Enable Enable, the default level is information (6). N/A, the default level is information (6). Disable, the fixed level is warning (4). Disable, the default level is information (6). Disable, the default level is information (6). Disable 1 Disable, the default level is warning (4). 4KB No limit Debug: no timestamp to debug level (7) Syslog information. Log: The timestamp to 0-6 levels Syslog information is absolute time.
User Manual
11.8.3
www.raisecom.com Step 6 Configuration Raisecom(config)#logging discriminator distriminator-number { facility | mnemonics | msg-body } { drops | includes | none } key Description
User Manual
(Optional) Create and configure system log filter. The filter can filter output log from control console, monitor station, log file and log buffer.
11.8.4
(Optional) Configure system log output direction as log host. It can configure 10 log hosts at most. (Optional) Configure log information facility field sent to log host. The precondition is system has created log host, or the configuration will fail. This configuration applies to all log hosts on the device. (Optional) Configure system log output direction as monitor.
(Optional) Configure system log output direction as Flash. The heavy level is fixed as warning (4), not allow configuring. (Optional) Configure log buffer size.
Raisecom(config)#logging buffered [ log-level | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings | distriminator distriminator-number ] Raisecom(config)#logging buffered size size
(Optional) Configure system log output direction as history list. The output information is transferred to Trap level.
(Optional) Configure system log output direction as buffer. (Optional) Configure log history list size.
294
www.raisecom.com Step Configuration Raisecom(config)#logging trap [ log-level | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings | distriminator distriminator-number ] Description
User Manual
(Optional) Configure to transfer log with a certain level in history list to Trap. The precondition is system has enabled the log output to history list, or no system log is transferred to Trap.
11.8.5
Check configuration
Check the result by the commands below after configuration: No. 1 2 3 4 5 Item Raisecom#show logging Raisecom#show logging buffer Raisecom#show logging discriminator Raisecom#show logging file Raisecom#show logging history Description Show related information of system log configuration. Show system log buffer information. Show filter information Show system log file contents. Show system log history list information.
11.9
11.9.1
11.9.1.1
Alarm management
Preparation for configuration
Networking situation When t he d evice f ails, alarm management m odule will collect fault information and output alarm occurrence time, alarm name and description information in log format to help users locate problem quickly. If the device is configured network management system, alarm information can be reported directly to the network management system, providing possible alarm causes and treatment recommendations to help users deal with fault. Alarm management makes it easy for the user to take alarm suppression, alarm auto-reporting, alarm monitoring, alarm reverse, alarm delay, alarm memory mode, alarm clear and alarm view directly on the device.
11.9.1.2
Preconditions N/A
11.9.2
www.raisecom.com Function Alarm suppression Alarm monitoring Alarm auto-reporting Alarm reverse mode Alarm delay time Alarm memory mode Alarm output system log Default value Enable All enable All auto-reporting No reverse 0s Stop mode Enable
User Manual
11.9.3
5 6 7 8
Configure alarm reverse mode. Configure alarm delay. Configure alarm memory mode. Clear current alarm of sepecified alarm index. Clear current alarm of sepecified feature module. Clear current alarm of sepecified feature module under specified interface. Enable alarm outputting system log.
296
www.raisecom.com Step 10 Configuration Raisecom(config)#exit Raisecom#show alarm active [ module_name | severity severity ] Raisecom#show alarm cleared [ module_name | severity severity ] Show history alarm information. Description Show current alarm information.
User Manual
Note: All modules providing a larm support c an be configured to enable/disable a larm monitoring, alarm auto-reporting and alarm clear function.
11.9.4
Check configuration
Check the result by the commands below after configuration: No. 1 Item Raisecom#show alarm management [ module_name ] Description Check current alarm parameters configuration. Use this command to check alarm parameters information, including alarm suppression, alarm reverse mode, alarm delay, alarm memory mode, the maximum alarm number stored in alarm buffer and the maximum alarm number stored in alarm log. Check alarm statistics information of system log. Check statistics information of alarm management module.
2 3
11.10.1.2
Preconditions Hardware environment monitoring alarm output: In Syslog output mode, alarm information will generate system log. When you need to send alarm information to the system log host, please configure system log host IP address for the device. In Trap output mode, please configure network management center IP address for the device.
297
www.raisecom.com
User Manual
11.10.2
11.10.3
11.10.4
www.raisecom.com Step 1 2 Configuration Raisecom#config Raisecom(config)#alarm power-supply { notifies | syslog } Description Enter global configuration mode.
User Manual
Enable power monitoring alarm output and configure power monitoring alarm output mode.
11.10.5
11.10.6
11.10.7
299
www.raisecom.com
User Manual
11.10.8
11.10.9
Check configuration
Check the result by the commands below after configuration: No. 1 Item Raisecom#show alarm Description Show global hardware environment monitoring alarm configuration. Use this command to check hardware environment monitoring information, including global alarm Syslog output, global sending Trap, power down alarm, temperature alarm and voltage alarm. 2 3 4 5 6 Raisecom#show alarm port-list port-list Raisecom#show alarm currrent Raisecom#show alarm history Raisecom#show environment [ power | temperature | voltage ] Raisecom#show power-card Show interface status alarm information. Show current alarm information of hardware environment monitoring. Show history alarm information of hardware environment monitoring. Show the current power, temperature, voltage alarm and the current environment information. Show power type and serial No. of the device.
www.raisecom.com
User Manual
11.11.1.2
Preconditions N/A
11.11.2
Step 1 2 3 4
Configuration Raisecom#config Raisecom(config)#fan-monitor mode { auto | enforce } Raisecom(config)#fan-monitor enforce level level Raisecom(config)#fan-monitor temperature-scale temperature1 temperature2 temperature3
Description Enter global configuration mode. Configure monitor mode for fan rotate speed. By default, fan monitor mode is auto. (Optional) Configure fan rotate speed in force monitor mode. (Optional) configure temperature range corresponding to different rotate scale in auto monitor mode.
11.11.3
Check configuration
Check the result by the commands below after configuration: No. 1 2 Item Raisecom#show fan-monitor information Raisecom#show fan-monitor status Description Show related information of fan monitor configuration. Show current fan status information.
11.12.1.2
Preconditions Finish the following task before configuring CPU monitor: When the CPU monitor alarm information needs to be output in Trap mode, configure Trap output target host address on the device, which is IP address of network management center.
301
www.raisecom.com
User Manual
11.12.2
11.12.3
11.12.4
11.12.5
Check configuration
Check the result by the commands below after configuration: No. Item Description
302
www.raisecom.com No. 1 Item Raisecom#show cpu-utilization Description Check CPU utilization and related configuration information.
User Manual
11.14 Ping
Please configure Ping function on the device as below: Step 1 2 Configuration Raisecom#ping ip-address [ count count ] [ size size ] [ waittime period] Raisecom#ping ipv6 ipv6-address [ count count ] [ size size ] [ waittime period ] Description (Optional) Test IPv4 network connection by the command of Ping. (Optional) Test IPv6 network connection by the command of Ping.
Note: The device c annot perform ot her operations in the pr ocess of Ping. It can perform other operations only when Ping is finished or break off Ping through "ctrl + c".
11.15 Traceroute
Configure the I P address an d default ga teway f or ISCOM2924GF de vice be fore us ing T raceroute function. Please configure Traceroute function on the device as below: Step 1 2 3 Configuration Raisecom#config Raisecom(config)#interface ip if-number Raisecom(config-ip)#ip address ip-address [ ip-mask ] vlan-id Description Enter global configuration mode. Enter layer-3 interface configuration mode. Configure interface IP address.
303
www.raisecom.com Step 4 5 6 7 Configuration Raisecom(config-ip)#exit Raisecom(config)#ip default-gateway ip-address Raisecom(config)#exit Raisecom#traceroute ip-address [ firstttl fitst-ttl ] [ maxttl max-ttl ] [ port port-id ] [ waittime second ] [ count times ] Raisecom#traceroute ipv6 ipv6-address [ firstttl fitst-ttl ] [ maxttl max-ttl ] [ port port-id ] [ waittime second ] [ count times ] Description
User Manual
Exit from interface configuration mode and enter enter global configuration mode. Configure default gateway. Exit from global configuration mode and enter privileged EXEC mode. (Optional) Test IPv4 network connection by traceroute and check packet passed network nodes. (Optional) Test IPv6 network connection by traceroute and check packet passed network nodes.
11.16 Maintenance
User can maintain system features by the following commands. Command Raisecom(config)#clear lldp statistic port port-id Raisecom(config)#clear lldp remote-table [ port port-id ] Raisecom(config)#clear rmon Description Clear LLDP statistic information. Clear LLDP neighbor information. Clear all configuration information of RMON.
304
User Manual
11.17.1.3
www.raisecom.com
Port: User Name: SNMP Version: 162 raisecom v2c
User Manual
Security Level: noauthnopriv TagList: bridge config interface rmon snmp ospf
11.17.2
11.17.2.1
11.17.2.2
Configure SNMP v3 access. Create access view mib2, including all MIB variables under 1.3.6.1.x.1.
Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 1.1.1.1.0.1 included
Create gue stgroup a ccess g roup, s ecurity mode i s us msecurity le vel is a uthentication w ithout encryption, readable view name is mib2.
Raisecom(config)#snmp-server access guestgroup read mib2 usm authnopriv
www.raisecom.com
Raisecom(config)#snmp-server enable traps Raisecom(config)#snmp-server host 20.0.0.221 version 3 authnopriv guestuser1
User Manual
11.17.2.3
Show result Check SNMP access group configuration by show snmp access.
Raisecom#show snmp access Index: Group: 1 guestgroup
Security Model: usm Security Level: authnopriv Context Prefix: -Context Match: Read View: Write View: Notify View: exact mib2 -internet
Check the mapping relationship configuration between user and access group by show snmp group.
Raisecom#show snmp group Index GroupName UserName SecModel
----------------------------------------------------------0 1 2 3 initialnone initial initial guestgroup none md5nopriv shanopriv guestuser1 usm usm usm usm
Security Level: authnopriv TagList: bridge config interface rmon snmp ospf
11.17.3
11.17.3.1
User Manual
11.17.3.2
11.17.3.3
11.17.4
11.17.4.1
308
www.raisecom.com
User Manual
11.17.4.2
Configuration steps Create e vent w ith index I D 10, us ed t o r ecord a nd s end l og information with description s tring High-ifOutErrors, the owner of log information is system.
Raisecom#config Raisecom(config)#rmon event 1 log description High-ifOutErrors owner system
Create a larm i tem w ith i ndex I D 1 0, used t o m onitor M IB variables 1.3.6.1.2.1.2.2.1.20.1, c heck every 20 seconds, if the variable increases over 15, the Trap alarm is triggered, the owner of alarm information is also system.
Raisecom(config)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 interval 20 delta rising-threshold 15 1 falling-threshold 0 owner system
11.17.4.3
Show result Check w hether t here i s e vent gr oup i nformation on t he de vice by t he c ommand of show rmon alarms.
Raisecom#show rmon alarms Alarm 10 is active, owned by system Monitors 1.3.6.1.2.1.2.2.1.20.1 every 20 seconds Taking delta samples, last value was 0
Rising threshold is 15, assigned to event 1 Falling threshold is 0, assigned to event 0 On startup enable rising and falling alarm
Check w hether t here i s a larm gr oup i nformation on t he de vice by the c ommand of show rmon events.
Raisecom#show rmon events Event 1 is active, owned by system Event generated at 0:0:0 Send TRAP when event is fired.
When alarm event is triggered, user can also check related information by alarm management part of NNM system.
309
www.raisecom.com
User Manual
11.17.5
11.17.5.1
11.17.5.2
Configuration steps Switch A is command device, take the following configuration on Switch A. Configure global and interface enabling RNDP function.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#rndp enable SwitchA(config)#interface range 1-2 SwitchA(config-range)#rndp enable SwitchA(config-range)#exit
www.raisecom.com
SwitchA(config)#cluster-autoactive
User Manual
Assign itself for command device and start cluster management function.
SwitchA(config)#cluster
Configure to enable RNDP and RTDP function on Switch B, and enable auto-active function, assign MAC address for auto-active command device.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#rndp enable SwitchB(config)#interface port 3 SwitchB(config-port)#rndp enable SwitchB(config-port)#exit SwitchB(config)#rtdp enable SwitchB(config)#cluster-autoactive SwitchB(config)#cluster-autoactive commander-mac 000e.5e03.5318
Configure to enable RNDP and RTDP function on Switch C, and enable auto-active function, assign MAC address for auto-active command device.
Raisecom#hostname SwitchC SwitchC#config SwitchC(config)#rndp enable SwitchC(config)#interface port 3 SwitchC(config-port)#rndp enable SwitchC(config-port)#exit SwitchC(config)#rtdp enable SwitchC(config)#cluster-autoactive SwitchC(config)#cluster-autoactive commander-mac 000e.5e03.5318
www.raisecom.com
SwitchA(config)#cluster SwitchA(config-cluster)#rcommand SwitchC Login: raisecom Password: SwitchC>
User Manual
11.17.5.3
000E.5E03.023C Up
Check cluster information on Switch C; please take cluster information on Switch B for reference.
11.17.6
11.17.6.1
312
www.raisecom.com
User Manual
11.17.6.2
Configuration steps Configure to globally enable LLDP and LLDP alarm. Configure Switch A.
Raisecom#hostname SwitchA SwitchA#config SwitchA(config)#lldp enable SwitchA(config)#snmp-server lldp-trap enable
Configure Switch B.
Raisecom#hostname SwitchB SwitchB#config SwitchB(config)#lldp enable SwitchB(config)#snmp-server lldp-trap enable
Configure Switch B.
SwitchB(config)#create vlan 1024 active SwitchB(config)#interface port 1 SwitchB(config-port)#switchport access vlan 1024 313
www.raisecom.com
SwitchB(config)#interface ip 1 SwitchB(config-ip)#ip address 10.10.10.2 1024
User Manual
Configure Switch B.
SwitchB(config)#lldp message-transmission interval 60 SwitchB(config)#lldp message-transmission delay 9 SwitchB(config)#lldp trap-interval 10
11.17.6.3
Show result Check the local configuration by show lldp local config.
SwitchA#show lldp local config System configuration: ------------------------------------------------------------------------LLDP enable status: LLDP enable ports: LldpMsgTxInterval: LldpMsgTxHoldMultiplier: LldpReinitDelay: LldpTxDelay: LldpNotificationInterval: 5 LldpNotificationEnable: LldpNotificationEnable: 1-28 60 4 2 2 (default is 30s) (default is 4) (default is 2s) (default is 2s) (default is 5s) enable (default is enabled) enable(default is enabled) enable (default is disabled)
The destination mac address of LLDPDU: (default is 0180.c200.000e) ------------------------------------------------------------port1 port2 port3 : : : destination-mac:0180.C200.000E destination-mac:0180.C200.000E destination-mac:0180.C200.000E
SwitchB#show lldp local config System configuration: ------------------------------------------------------------------------LLDP enable status: LLDP enable ports: LldpMsgTxInterval: LldpMsgTxHoldMultiplier: LldpReinitDelay: 1 60 4 2 (default is 30s) (default is 4) (default is 2s) 314 enable (default is disabled)
www.raisecom.com
LldpTxDelay: LldpNotificationInterval: 10 LldpNotificationEnable: 9 (default is 2s) (default is 5s) enable (default is enabled)
User Manual
------------------------------------------------------------------------port1 000E.5E02.B010 SwitchB#show lldp remote Port ChassisId PortId SysName MgtAddress ExpiredTime port 1 SwitchB 10.10.10.2 106
11.17.7
11.17.7.1
11.17.7.2
11.17.7.3
Show result Show system log configuration by the command of show logging.
315
www.raisecom.com
Raisecom#show logging Syslog logging: Dropped Log messages: Dropped debug messages: Rate-limited: Logging config: Logging config level: Squence number display: Log time stamp: Debug time stamp: Log buffer size: Debug level: Syslog history logging: Syslog history table size:1 Dest Status Level LoggedMsgs DroppedMsgs Discriminator enable 0 0 2 messages per second disable informational(6) disable datetime none 4kB low disable
User Manual
----------------------------------------------------------------------------buffer console trap file monitor disable enable disable disable disable informational(6) informational(6) warnings(4) warnings(4) informational(6) 0 203 0 0 0 0 4 0 0 0 0 0 0 0 0
Log host information: Max number of log server: Current log server number: Target Address Port 10 1 Level Facility Sent Drop Discriminator
Show device log information typed from PC terminal emulation program interface.
07-01-2008 11:31:28 Local0.Debug 20.0.0.6 JAN CONFIG-7-CONFIG:USER " raisecom " Run " logging on " 01 10:22:15 ISCOM2924GF: ISCOM2924GF: ISCOM2924GF: ISCOM2924GF: ISCOM2924GF:
07-01-2008 11:27:41 Local0.Debug 20.0.0.6 JAN 01 10:18:30 CONFIG-7-CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 " 07-01-2008 11:27:35 Local0.Debug 20.0.0.10 JAN 01 10:18:24 CONFIG-7-CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.1 1 " 07-01-2008 11:12:43 Local0.Debug 20.0.0.10 JAN 01 10:03:41 CONFIG-7-CONFIG:USER " raisecom " Run " logging host 20.0.0.168 local0 7 " 07-01-2008 11:12:37 Local0.Debug 20.0.0.10 JAN CONFIG-7-CONFIG:USER " raisecom " Run " logging on " 01 10:03:35
11.17.8
11.17.8.1
User Manual
11.17.8.2
11.17.8.3
Show result Check device sending Trap configuration by show snmp config.
Raisecom#show snmp config Contact information: support@Raisecom.com Device location : SNMP trap status: SNMP engine ID: World China Raisecom enable 800022B603000E5E156789
www.raisecom.com
TagList: bridge config interface rmon snmp ospf
User Manual
Notifies: Syslog:
318
www.raisecom.com
User Manual
Failover
Provide a port association solution, extending link backup range. Transport fault of upper layer device quickly to downstream device by monitoring upstream link and synchronize downstream link, then trigger switching between master and standby device and avoid traffic loss. IEEE 1588 v2 protocol is also called PTP (Precision Time Protocol), a high-precision time protocol for synchronization used in measurement and control systems residing on a local area network. Accuracy in the sub-microsecond range may be achieved with low-cost implementations. A standard defined by IEEE. It defines protocols and practices for OAM (Operations, Administration, and Maintenance) for paths through 802.1 bridges and local area networks (LANs). Used to diagnose fault for EVC (Ethernet Virtual Connection). Cost-effective by fault management function and improve Ethernet maintenance. A computer networking term which describes using multiple network cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for higher availability. A technology adopts Ethernet link codes recover clock, similar to SDH clock synchronization quality, SyncE provides frequency synchronization of high precision. Unlike traditional Ethernet just synchronize data packets at receiving node, SyncE implements real-time synchronization system for inner clock. QinQ is (also called Stacked VLAN or Double VLAN) extended from 802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a simple layer-2 VPN tunnel technology, encapsulating outer VLAN Tag for client private packets at carrier access end, the packets take double VLAN Tag passing through trunk network (public network). In public network, packets only transmit according to outer VLAN Tag, the private VLAN Tag are transmitted as data in packets. Solve communication problem from BTS to BSC for 2G, NodeB to RNC for 3G. Mobile backhaul for 2G focuses on voice service, not request high bandwidth, implemented by TDM microwave or SDH/PDH device. In 3G times, lots of data service as HSPA, HSPA+, etc concerning to IP service, voice is changing to IP as well, namely IP RAN, to solve problem of IP RAN mobile backhaul is solving whole network backhaul, satisfying both data backhaul and voice transportation over IP (clock synchronization). An APS (Automatic Protection Switching) protocol based on ITU-T G.8032 Recommendation to provide backup link protection and recovery switching for Ethernet traffic in a ring topology and at the same time ensuring that there are no loops formed at the Ethernet layer. A protocol based on ITU-T G.8031 APS (Automatic Protection Switching) to protect an Ethernet connection. It is a kind of end-to-end protection technology. Including two linear protection modes: linear 1:1 protection switching and linear 1+1 protection switching.
Precision Time ProtocolPTP Connectivity Fault Management CFM Link Aggregation SyncE
802.1Q in 802.1Q
Mobile Backhaul
Ethernet Ring Protection Switching ERPS Ethernet Linear Protection Switching ELPS
319
www.raisecom.com
User Manual
Appendix B Acronym
Numerics A ACL APS C CCM CFM CoS D DoS DRR DSCP E EFM ELPS ERPS EVC F FTP G GARP GPS GSM GVRP I
Full Spelling
Ethernet in the First Mile Ethernet Linear Protection Switching Ethernet Ring Protection Switching Ethernet Virtual Connection
Generic Attribute Registration Protocol Global Positioning System Global System for Mobile Communications GARP VLAN Registration Protocol
320
www.raisecom.com IEEE IETF IP ITU-T L LACP LBM LBR LLDP LLDPDU LTM LTR M MA MAC MD MEG MEP MIB MIP MSTI MSTP N NNM O OAM P PC Q Personal Computer Operation, Administration and Management Network Node Management Maintenance Association Medium Access Control Maintenance Domain Maintenance Entity Group Maintenance associations End Point Management Information Base Maintenance association Intermediate Point Multiple Spanning Tree Instance Multiple Spanning Tree Protocol Link Aggregation Control Protocol LoopBack Message LoopBack Reply Link Layer Discovery Protocol Link Layer Discovery Protocol Data Unit LinkTrace Message LinkTrace Reply Institute of Electrical and Electronics Engineers Internet Engineering Task Force Internet Protocol International Telecommunications Union Telecommunication Standardization Sector
User Manual
321
www.raisecom.com QoS R RADIUS RMON RMEP RNC RSTP S SFP SLA SNMP SNTP SP SSHv2 STP T TACACS+ TCP TFTP TLV ToS V VLAN W WRR Weight Round Robin Virtual Local Area Network Terminal Access Controller Access Control System Transmission Control Protocol Trivial File Transfer Protocol Type Length Value Type of Service Small Form-factor Pluggables Service Level Agreement Simple Network Management Protocol Simple Network Time Protocol Strict-Priority Secure Shell v2 Spanning Tree Protocol Remote Authentication Dial In User Service Remote Network Monitoring Remote Maintenance association End Point Radio Network Controller Rapid Spanning Tree Protocol Quality of Service
User Manual
322
Address: Building 2, No. 28 of the Shangdi 6th Street, Haidian District, Beijing. Postcode: 100085 Tel: +86-10-82883305 Fax: +86-10-82883056 Email: export@raisecom.com http://www.raisecom.com