manualshive.com logo in svg

ELTEX MES3108, Operation Manual, Page: 170 / 243

Share
Download
ELTEX MES3108 Operation Manual Download Page 170

 

170

 

MES3000 Ethernet switch series

 

5.24

 

Security functions 

5.24.1

 

Port security functions 

For increased security purposes, the switch allows to configure specific ports in such a manner, that 

only  certain  devices  could  access  the  switch  through  this  port.  Port  security  function  is  based  on  the 
permitted  MAC  address  identification.  MAC  addresses  can  be  configured  manually  or  learned  by  the 
switch.  After  the  required  addresses  has  been  learnt,  block  the  port  and  protect  it  from  packets  with 
unknown MAC addresses. Thus, when the blocked port receives the packet, and the packet source MAC 
address is not related to this port, protection mechanism will be activated, which can take the following 
measures: unauthorized packets, coming to the blocked port, will be forwarded, dropped, or the port goes 
down. Locked Port security function allows to save the list of learnt MAC addresses into the configuration 
file, so this list could be restored after the device is restarted. 

 

There is a restriction on the quantity of learnt MAC addresses for the port protected with 
security function. For MES3000 switches, this restriction equals to 128 addresses per port. 

Ethernet interface configuration mode commands (interface range), port group interface 

Command  line  request  in Ethernet  interface,  port  group  interface  configuration  mode  appears  as 

follows: 

console(config-if)# 

Table 5.198 —Ethernet interface configuration mode commands, interface group 

Command 

Value/Default value 

Action 

port security max 

num 

num: (1..128)/1 

Define the maximum address quantity that could be learnt by the 
port. 

no port security max 

Restore the default value.  

port security routed 
secure­address 

mac_address

 

MAC address format: 

H.H.H, H:H:H:H:H:H, 

H-H-H-H-H-H 

Define the secured MAC address. 

no port security routed 
secure­address [

mac_address

Remove the secured MAC address. 

port security 

trap: (1..1000000) 

seconds 

Enable  security  function  for  the  interface.  Block  new  address 
learning function for the interface. Packets with unknown source 
MAC addresses will be dropped. This command is identical to the 

port security discard 

command. 

port security

 

forward

 [

trap

 

trap

]}

 

Enable  security  function  for  the  interface.  Block  new  address 
learning function for the interface. Packets with unknown source 
MAC addresses will be forwarded. 

port security

 

discard

 [

trap

 

trap

]

 

Enable  security  function  for  the  interface.  Block  new  address 
learning function for the interface. Packets with unknown source 
MAC addresses will be dropped. 

port security

 

discard­shutdown

 [

trap

 

trap

]

 

Enable security function for the interface. Disable the port, when 
packets  with  unknown  MAC  addresses  arrive.  Packets  with 
unknown source MAC addresses will be dropped. 

port security

 

trap

 

trap

 

Define  the  SNMP  trap  message  generation  frequency,  when 
unauthorized packets arrive. 

no port security 

Disable security function for the interface. 

Summary of Contents for MES3108

Page 1: ...MES3000 MES3108 MES3108F MES3116 MES3116F MES3124 MES3124F MES3224 MES3224F Operation Manual firmware version 2 5 47 Backbone Switches Aggregation Switches ...

Page 2: ...ce configuration 5 14 1 IPv6 configuration 5 15 5 STP family STP RSTP MSTP 5 19 Alarm log SYSLOG protocol 5 27 DHCP server configuration 5 28 IPv4 ACL configuration 5 30 Quality of Services QoS Version 1 29 10 02 2016 Changes in chapters 5 8 Interface and VLAN configuration 5 10 Broadcast storm control 5 17 Multicast addressing 5 18 4 Simple network management protocol SNMP 5 24 2 Port based clien...

Page 3: ...5 14 4 DHCPv6 guard function configuration Version 1 23 25 11 2014 Synchronized with firmware version 2 5 32 Changes in chapters 5 18 1 AAA mechanism 5 30 5 Configuration of Virtual Router Redundancy Protocol VRRP Added chapters 5 14 3 IPv6 RA guard function configuration 5 14 4 DHCPv6 guard function configuration Version 1 22 21 10 2014 Synchronized with firmware version 2 5 30 Changes in chapter...

Page 4: ...S protocol configuration 5 14 9 OAM protocol configuration 5 14 10 CFM protocol configuration Changes in chapters 4 1 Terminal configuration 5 9 Broadcast storm control 5 17 2 RADIUS protocol 5 17 3 TACACS protocol 5 17 4 SNMP network management protocol 5 17 1 ААА mechanism 5 17 7 1 Telnet SSH HTTP and FTP 5 17 7 2 Terminal configuration commands 5 21 2 Optical transceiver diagnostics Version 1 9...

Page 5: ...e description of MAC Address Notification function Changes in chapters 5 5 2 File operation commands 7 2 1 Adding SVLAN 7 2 2 CVLAN substitution Version 1 4 04 07 2012 Support for device operation in stackable mode Added description MES3224 MES3224F Version 1 3 20 12 2011 Changes in chapters 5 8 Selective Q in Q 7 2 Selective qinq configuration Version 1 2 01 12 2011 Added description of EAPS prot...

Page 6: ...INITIAL SWITCH CONFIGURATION 29 4 1 Configuring the Terminal 29 4 2 Turning on the device 29 4 3 Startup menu 30 4 4 Switch operation modes 31 4 4 1 Switch operation mode selection 31 4 4 2 Switch operation in stackable mode 31 4 5 Switch function configuration 33 4 5 1 Basic switch configuration 33 4 5 2 Security system configuration 36 4 5 3 Banner configuration 37 5 DEVICE MANAGEMENT COMMAND LI...

Page 7: ...5 15 12Layer 2 Protocol Tunneling L2PT function configuration 114 5 16Voice VLAN 117 5 17Multicast addressing 118 5 17 1 Multicast addressing rules 118 5 17 2 IGMP snooping 124 5 17 3 MLD Snooping multicast traffic control protocol for IPv6 networks 127 5 17 4 Multicast traffic restriction functions 129 5 17 5 IGMP Proxy multicast routing 131 5 18Control functions 133 5 18 1 AAA mechanism 133 5 18...

Page 8: ...tection from DoS Attacks 207 5 31Quality of Services QoS 208 5 31 1 QoS Configuration 208 5 31 2 QoS Statistics 216 5 32 Configuration of routing protocol 217 5 32 1 Static routing configuration 217 5 32 2 RIP Configuration 219 5 32 3 OSPF Protocol Configuration 221 5 32 4 BFD protocol configuration 223 5 32 5 Configuration of Virtual Router Redundancy Protocol VRRP 224 6 SERVICE MENU CHANGE OF SO...

Page 9: ...lic Variables and parameters that should be replaced with the appropriate word or string are written in Calibri Italic Semibold font Notes and warnings are written in bold font Semibold italic Keyboard keys are written in bold italic and enclosed in angle brackets Courier New Examples of command entry are written in Courier New bold Courier New Results of command execution are written in Courier N...

Page 10: ...le fail over operation power modules and ventilation modules Design versions of MES3000 series switches MES3124 24x10 100 1000Base T ports 4x10GBaseX SFP or 1000Base X SFP ports MES3124F 20x1000Base X SFP ports 4x10 100 1000Base T 1000Base X SFP combo ports 4x10GBase X SFP or 1000Base X SFP ports MES3116 16x10 100 1000Base T ports 2x10GBaseX SFP or 1000Base X SFP ports MES3116F 12x1000Base X SFP p...

Page 11: ... of data MDI MDIX support Automatic cable type detection crossed or straight MDI Media Dependent Interface straight cable standard for connection of terminal devices MDIX Media Dependent Interface with Crossover crossed cable standard for connection of hubs and switches Jumbo frames Enables jumbo frame transmission to minimize the amount of packets used for data transfer It allows to reduce servic...

Page 12: ...t groups and forward the traffic to the corresponding ports MLD Snooping MLD protocol implementation allows the device to minimize multicast IPv6 traffic MVR Function that allows to redirect multicast traffic to another VLAN using IGMP messages and to reduce the load to the uplink port Used in III play solutions Broadcast Storm Control Broadcast storm is a multiplication of broadcast messages in e...

Page 13: ...ch identifies and then distributes the VLAN inherence data to all ports that form the active topology Port Based VLAN Distribution to VLAN groups is performed by the inbound ports This solution allows to use only one VLAN group on each port IEEE 802 1Q support IEEE 802 1Q is an open standard that describes the traffic tagging procedure for transfer of VLAN inherence information It allows to use mu...

Page 14: ...m OSPF protocol distributes information on available routes between routers in a single stand alone system VRRP VRRP is designed for reservation of routers acting as a default gateway This is performed by aggregation of router group IP interfaces into single virtual interface that will be used as a default gateway for computers in the network 2 2 5 QoS functions Table 2 5 lists the basic quality o...

Page 15: ...e timeperiod for ACL operation Blocked ports support Main function of blocking is to improve the network security access to the switch port will be granted only to those devices whose MAC addresses have been assigned for this port Port based authentication IEEE 802 1x IEEE 802 1x authentication mechanism manages access to resources through the external server Authorized users will gain access to t...

Page 16: ...Management interface blocking The switch can block access to each management interface SNMP CLI Blocking can be set independently for each type of access Telnet CLI over Telnet session Secure Shell CLI over SSH SNMP Local authentication Passwords can be stored in the switch database for local authentication IP address filtering for SNMP Access via SNMP is allowed only for specific IP addresses tha...

Page 17: ...rted operations ICMP Echo UDP Jitter 2 3 Main specifications Table 2 9 lists main specifications of the switch Table 2 9 Main specifications General parameters Packet processor Marvell 98DX4122 Interfaces MES3108 8x10 100 1000Base T 2x 10GBase X SFP 1000Base X SFP MES3108F 4x1000 Base X SFP 4xCombo 10 100 1000Base T 1000Base X 2x 10G Base X SFP 1000Base X SFP MES3116 16x10 100 1000Base T 2x 10GBas...

Page 18: ...iance IEEE 802 3 10BASE T Ethernet IEEE 802 3u 100BASE T Fast Ethernet IEEE 802 3ab 1000BASE T Gigabit Ethernet IEEE 802 3z Fiber Gigabit Ethernet ANSI IEEE 802 3 Speed auto detection IEEE 802 3x Data flow control IEEE 802 3ad LACP link aggregation IEEE 802 1p Priority of traffic IEEE 802 1q VLAN virtual local networks IEEE 802 1v IEEE 802 3 ac IEEE 802 1d STP spanning tree IEEE 802 1w RSTP rapid ...

Page 19: ...ries Ethernet switches enclosed in a metal case available for 19 form factor rack mount case height 1U 2 4 1 Front panel of the device Front panel layout MES3108 MES3108F MES3116 MES3116F MES3124 MES3124F MES3224 MES3224F is depicted in Fig 1 8 Fig 1 MES3108 front panel Fig 2 MES3108F front panel Fig 3 MES3116 front panel The combined ports may have only one active interface at the same time In ca...

Page 20: ...tch series Fig 4 MES3116F front panel Fig 5 MES3124 front panel Fig 6 MES3124F front panel Fig 7 MES3224 front panel Fig 8 MES3224F front panel Table 2 10 lists sizes LEDs and controls located on the front panel of the switch ...

Page 21: ...e X SFP 4 MES3108F 3 4 7 8 Combo ports 10 100 1000 Base T RJ45 MES3116F 7 8 15 16 MES3124F MES3224F 11 12 23 24 5 Unit ID Indicator of device number in stack Power Device power indicator Master Device activity mode indicator master slave Fan Fan operation indicator RPS Backup power supply indicator 6 F Functional key that reboots the device and resets it to factory settings pressing the key for le...

Page 22: ...els of the device Fig 10 The right side panel of MES3000 series Ethernet switches Fig 11 The left side panel of MES3000 series Ethernet switches Side panels of the device have air vents for heat removal Do not block air vents This may cause components overheating which may result in terminal malfunction For recommendations on device installation see section Installation and connection 2 4 4 Light ...

Page 23: ... the activity of the receiving part of the port Data transmission is represented by flashing indicators of the corresponding direction Fig 14 XG interface LED indicator appearance Unit ID 1 8 indicators are intended for identifying the number of device in a stack System indicators Power Master Fan RPS are designed for displaying the operation status of MES3000 series switches Table 2 13 LED indica...

Page 24: ...up power supply operation mode Green solid Backup power supply is connected and in normal operation Off Backup power supply is not connected Red Backup power supply is missing or failed When the switch operates in standalone mode without stacking Master and Unit ID indicators are off 2 5 Delivery Package The standard delivery package includes Ethernet switch Power supply PM100 48 12 or PM 160 220 ...

Page 25: ...ign four mounting holes in the support bracket with the corresponding holes in the side panel of the device 2 Use a screwdriver to screw the support bracket to the case 3 Repeat steps 1 and 2 for the second support bracket 3 2 Device rack installation To install the device to the rack 1 Attach the device to the vertical guides of the rack 2 Align mounting holes in the support bracket with the corr...

Page 26: ...example of MES3000 rack installation Fig 17 MES3000 switch rack installation The device is ventilated from the front The front panel of the device has air vents Do not block air vents and fans located on the rear panel to avoid components overheating and subsequent switch malfunction ...

Page 27: ...vailable through the switch management interfaces 3 4 Connection to Power Supply 1 Ground the case of the device prior to connecting it to the power supply An insulated multiconductor wire should be used for earthing The device grounding and the earthing wire cross section should comply with Electric Installation Code 2 If a PC or another device is supposed to be connected to the switch console po...

Page 28: ...to a slot with its open side down and the bottom SFP module with its open side up Fig 19 SFP transceiver installation 2 Press the module until it fits with a click Fig 20 Installed SFP transceivers To remove a transceiver perform the following actions 1 Unlock the module s latch Fig 21 Opening SFT transceiver latch 2 Remove the module from the slot Fig 22 SFP transceiver removal ...

Page 29: ... check operational capability of the device before execution program is loaded into RAM POST procedure progress on MES3000 series switches Boot1 Checksum Test PASS Boot2 Checksum Test PASS Flash Image Validation Test PASS BOOT Software Version 0 0 0 3 Built 17 Aug 2010 23 18 59 Networking device with CPU based on arm926ejs core 256 MByte SDRAM I Cache 16 KB D Cache 16 KB L2 Cache 256 KB Cache Enab...

Page 30: ... ESC or ENTER keys in 2 seconds after POST procedure completion Boot1 Checksum Test PASS Boot2 Checksum Test PASS Flash Image Validation Test PASS BOOT Software Version 0 0 0 3 Built 17 Aug 2010 23 18 59 Networking device with CPU based on arm926ejs core 256 MByte SDRAM I Cache 16 KB D Cache 16 KB L2 Cache 256 KB Cache Enabled MAC Address a8 f9 4b a3 a4 a6 Autoboot in 2 seconds press RETURN or Esc...

Page 31: ...e 4 Back Enter your choice or press ESC to exit 4 4 2 Switch operation in stackable mode MES3000 stack works as a single device and can include up to 8 devices with the following roles defined by their sequential number UID Master device UID 1 or 2 manages all devices in a stack Backup device UID 1 or 2 device controlled by master Replicates all settings and takes on stack management functions in ...

Page 32: ... information on devices in a stack If you enter this command without parameters the brief information will be shown for all devices in a stack If you specify unit_id detailed information will be shown for the specific device Example use of show unit command console show unit 1 Unit 1 MAC address a8 f9 4b 80 bf 40 Master Enabled Product MES 3124F 28 port Fiber 1G 10G Stackable Managed Switch Softwa...

Page 33: ...to the PC using the serial port Run the terminal emulation application on the PC according to Paragraph 4 1 Terminal Configuration During the initial configuration you can define the interface that will be used for remote connection to the device Basic configuration includes 1 Assigning password for admin user with level 15 privileges 2 Creation of new users 3 Static IP address subnet mask default...

Page 34: ... the physical port or port group interface this interface will be deleted from its VLAN group If all switch IP addresses will be deleted you can access it via IP address 192 168 1 239 24 Example of commands for IP address configuration on VLAN1 interface Interface parameters IP address to be assigned for VLAN 1 interface 192 168 16 144 Subnet mask 255 255 255 0 Default gateway IP address 192 168 1...

Page 35: ...vice administration via SNMP you have to create at least one community string MES3000 switches support three types of community strings ro defines read only access rw defines read write access su defines SNMP administrator access Most commonly used community strings public with read only access to MIB objects and private with read write access to MIB objects You can assign the IP address of the ma...

Page 36: ...you can restart the device and interrupt its startup via the serial port by pressing Esc or Enter keys in two seconds after the automatic startup message is displayed The Startup menu will be opened there you can initiate the password recovery procedure 3 Password Recovery Procedure To ensure the basic security you can define the password for the following services Console serial port connection T...

Page 37: ...hentication enable default line console config ip ssh server console config line ssh console config line login authentication default console config line enable authentication default console config line password ssh Enter the ssh password in reply to the password entry prompt that appears during the registration in the SSH session 4 5 3 Banner configuration For your own convenience you can specif...

Page 38: ... used in the system prompt Use enable command to enter the privileged mode from EXEC mode console enable enter password console Global configuration mode global configuration this mode allows to specify general settings of the switch Global configuration mode commands are available in any configuration submode Use configure command to enter this mode console configure console config Interface conf...

Page 39: ...ges More space Quit q One line return no terminal datadump Set the default value show banner motd login exec Displays banner configuration Privileged EXEC mode commands Command line request appears as follows console Table 5 2 Basic commands available in privileged EXEC mode Command Value Default value Action disable priv priv 1 15 1 Return to the normal mode from the privileged mode if the value ...

Page 40: ...essage_text message text the string up to 510 characters total count 2000 characters no banner login Remove login message text Terminal configuration mode commands Command line request in terminal configuration mode appears as follows console config line Table 5 5 Basic commands available in terminal configuration mode Command Value Default value Action history function is enabled Enable saving hi...

Page 41: ...inish the macro with character Maximum macro length 510 characters no macro name word Delete the selected macro macro global apply word word 1 32 characters Apply the selected macro macro global trace word word 1 32 characters Validate the selected macro macro global description word word 1 160 characters Create the global macro descriptor string no macro global description Delete the descriptor s...

Page 42: ...quest ping ipv6 A B C D E F host size size count count timeout timeout host 1 158 symbols size 68 1518 68 bytes count 0 65535 4 timeout 50 65535 2000 ms This command is used for transmission of ICMP requests ICMP Echo Request to the specified network node and for reply management ICMP Echo Reply A B C D E F IPv6 address of the network node host domain name of the network node size size of the pack...

Page 43: ... encryption method Supported methods 3des aes128 aes192 aes256 arcfour All methods are provided by default resume connection connection 1 4 the last established session Switch to another established TELNET session connection number of established TELNET session show unit unit unit 1 8 Show information on stack state unit stack number show cpu counters View CPU packet counter show users Show inform...

Page 44: ... 1x port fdb multicast port mirroring spanning tree vlan voice vlan network security dos attacks ip addressing qos acl Show the device factory settings show system resources routing Shows information on routing table resources utilization show system resources tcam Show detailed information about using of TCAM Ternary Content Addressable Memory resources show system mode Show information on traffi...

Page 45: ...h Telnet o Send abort output AO command through Telnet t Send Are You There AYT message through telnet to check the connection u Send erase line EL command through Telnet x Return to the command line mode Also you can use additional options during Telnet session opening Table 5 15 Keywords used during Telnet session opening Option Description echo Locally enable echo function suppress console outp...

Page 46: ...e tasks utilization Deny the device to perform software based measurement of the switch CPU load level for each system process system resources routing routes hosts interfaces routes 20 11136 hosts 20 2800 interfaces 2 1024 Set the size of the routing table routes maximum quantity of remote networks hosts maximum quantity of connected hosts interfaces maximum quantity of IP interfaces reset button...

Page 47: ...ations For description of keywords used in operations see Table 5 19 Table 5 19 Keyword list and description Keyword Description flash Source or destination address for non volatile memory Non volatile memory is used by default if URL address is defined without the prefix prefixes flash tftp scp running config Current configuration file startup config Initial configuration file image If the source...

Page 48: ... source_url boot Copy the load file from the server into non volatile memory copy source_url running config Copy configuration file from the server into the current configuration copy source_url startup config Copy configuration file from the server into the initial configuration copy running config destination_url Save the current configuration on the server copy startup config destination_url Sa...

Page 49: ...eter configuration routing configuration of static routing RIP OSPF protocols snmp SNMP configuration sntp SNTP configuration syslog syslog configuratiion spanning tree configuration of Spanning Tree family of protocols vlan VLAN configuration interfaces configuration of the switch interfaces physical interfaces interface groups port channel VLAN interfaces show bootvar unit unit unit 1 8 Show the...

Page 50: ...in yyyymmddhhmmss format no backup path Delete backup path backup history enable disabled Enable backup history no backup history enable Disable backup history backup time period timer timer 1 35791394 720 min Specify the time period for automatic creation of the configuration backup no backup time period Restore the default value backup auto disabled Enable automatic configuration backup no backu...

Page 51: ...tomatic saving boot host auto save command the current running configuration will be copied into the initial configuration startup Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 24 System management commands in global configuration mode Command Value Default value Action boot host auto config enabled Enable automatic c...

Page 52: ...ng change is performed according to US and EU standards by default You can set any date and time for daylight saving change and the set back process in the configuration Privileged EXEC mode commands Command line request in Privileged EXEC mode appears as follows console Table 5 26 System time configuration commands in Privileged EXEC mode Command Value Action clock set hh mm ss day month year hh ...

Page 53: ...ay of March set back on the first Sunday of November at 2am local time eu set the daylight saving rules used in EU daylight saving on the last Sunday of March set back on the last Sunday of October at 1am GMT hh hours mm minutes offset quantity of minutes added during the daylight saving change no clock summer time Disable daylight saving change sntp authentication key number md5 value number 1 42...

Page 54: ... node poll enable polling keyid key identifier no sntp server ipv4_address ipv6_address ipv6z_address hostname Delete the server from NTP server list sntp port port_number port_number 1 65535 123 Define UDP port of SNTP server no sntp port Restore the default value clock dhcp timezone denied Allow to get the timezone and daylight saving data from DHCP server no clock dhcp timezone Deny to get the ...

Page 55: ...cast server Server Interface Status Last Response Offset Delay mSec mSe Broadcast Interface IP address Last Response In the example above the system time is synchronized with the server 192 168 16 1 the last response is received at 05 47 01 system time mismatch with server time is equal to 7 23 seconds 5 8 Interface and VLAN configuration Depending on the switch operation mode standalone or stacka...

Page 56: ...ration where group sequential number of the channel group possible values 1 12 gi_port interface Ethernet g1 g24 sequential number specified as 1 8 0 1 24 te_port interface Ethernet XG1 XG4 sequential number specified as 1 8 0 1 4 Interface record 1 8 0 1 N number of device in a stack slot number interface number Commands entered in the interface configuration mode are applied to the selected inte...

Page 57: ... default value duplex mode mode full half full Define interface duplex mode full duplex connection half duplex connection Ethernet This command is not available for XG1 XG4 ports no duplex Set the default value negotiation cap1 cap2 cap5 cap 10f 10h 100f 100h 1000f Enables autonegotiation of speed and duplex on the configured interface You can define the specific compatibility autonegotiation para...

Page 58: ...uard loopback detection using the STP protocol no errdisable recovery cause loopack detection port security dot1x src address acl deny stp bpdu guard stp loopback guard Set the default value errdisable recovery interval seconds seconds 30 86400 300 seconds Define the time period for automatic interface reactivation no errdisable recovery interval Set the default value default interface range gigab...

Page 59: ...tatistics for all interfaces show interfaces utilization gigabitethernet gi_port tengigabitethernet te_port port channel group gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group 1 24 Show load statistics for Ethernet port show interfaces mtu gigabitethernet gi_port tengigabitethernet te_port port channel group gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group 1 24 Show MTU settings for the interface show ports j...

Page 60: ...rnet MAC address is a8 f9 4b f1 1d 0b Interface MTU is 1500 Full duplex 100Mbps link type is auto media type is 1G Combo C Link is up for 0 days 22 hours 12 minutes and 35 seconds Advertised link modes 1000baseT Full 100baseT Full 100baseT Half 10baseT Full 10baseT Half Flow control is off MDIX mode is off 15 second input rate is 0 Kbit s 15 second output rate is 0 Kbit s 111594 packets input 7142...

Page 61: ... 0 gi0 12 0 0 0 0 gi0 13 0 0 0 0 gi0 14 0 0 0 0 gi0 15 0 0 0 0 gi0 16 0 0 0 0 gi0 17 0 0 0 0 gi0 18 0 0 0 0 gi0 19 0 0 0 0 gi0 20 0 0 0 0 Show channel group 1 statistics console show interfaces counters port channel 1 Ch InUcastPkts InMcastPkts InBcastPkts InOctets Po1 111 0 0 9007 Ch OutUcastPkts OutMcastPkts OutBcastPkts OutOctets Po1 0 6 3 912 Alignment Errors 0 FCS Errors 0 Single Collision Fr...

Page 62: ...r transmission of the first 64 bytes of the packet to the communication link slotTime Excessive Collisions Quantity of frames that were not sent due to excessive number of collisions Carrier Sense Errors Quantity of cases when carrier control state was lost or not approved in the frame transmission attempt Oversize Packets Quantity of received packets which size exceeds the maximum allowed frame s...

Page 63: ...le or a range of MAC addresses to MAC address group no map mac mac_address host mask Remove tethering map subnet ip_address mask subnets group group mask 1 32 group 1 2147483647 Tether a single IP address or IP address range to IP address group using mask no map subnet ip_address mask Remove tethering VLAN interface configuration mode commands interface range Command line request in VLAN interface...

Page 64: ...access trunk general customer access Define port operation mode in VLAN mode port operation mode in VLAN no switchport mode Set the default value switchport access vlan vlan_id vlan_id 1 4094 1 Add VLAN for the access interface no switchport access vlan Set the default value switchport general acceptable frame type untagged only tagged only all accept all frame types Accept only specific frame typ...

Page 65: ...s stag ethertype ethertype 0 ffff hex Replace EtherType in outbound packets from this interface Ethertype value should not match the reserved protocol numbers or be less than the maximum value General reserved protocol numbers are listed in the Table 5 37 no switchport dot1q ethertype egress stag Set the default value switchport dot1q ethertype ingress stag add ethertype ethertype 0 ffff hex Add E...

Page 66: ...hport default vlan tagged Set the default value Table 5 37 Basic reserved protocol numbers Protocol number Description 0x0800 Internet Protocol Version 4 IPv4 0x0806 Address Resolution Protocol ARP 0x86DD Internet Protocol Version 6 IPv6 0x8808 Ethernet flow control 0x8809 Slow Protocols IEEE 802 3 0x8847 MPLS unicast 0x8848 MPLS multicast 0x8863 PPPoE Discovery stage 0x8864 PPPoE Session Stage 0x...

Page 67: ...sole configure console config vlan database console config vlan Privileged EXEC mode commands Command line request in Privileged EXEC mode appears as follows console Table 5 39 Privileged EXEC mode commands Command Value Action show vlan Show information on all VLANs show vlan name name name 1 32 characters Show information on VLAN search by name show vlan tag vlan_id vlan_id 1 4094 Show informati...

Page 68: ...lan Name Tagged ports Untagged ports Type Authorization 1 gi1 0 4 24 te1 0 1 4 Po1 12 Default Required 5 test1 gi1 0 16 18 gi1 0 1 3 permanent Required 6 test2 gi1 0 16 18 permanent Required 7 gi1 0 16 18 permanent Required Show source ports and multicast traffic receivers in VLAN 4 console show vlan multicast tv vlan 4 Source ports gi0 1 Receiver ports gi0 2 gi0 4 gi0 8 Show information on protoc...

Page 69: ...4 gi1 0 24 0 0 0 0 te1 0 1 0 0 0 0 te1 0 2 0 0 0 0 te1 0 3 0 0 0 0 te1 0 4 0 0 0 0 Ch InUcastPkts InMcastPkts InBcastPkts InOctets Po1 0 0 0 0 Po2 0 0 0 0 Po3 0 0 0 0 Po4 0 0 0 0 Po5 0 0 0 0 Po6 0 0 0 0 Po7 0 0 0 0 Po8 0 0 0 0 Po9 0 0 0 0 Po10 0 0 0 0 Po11 0 0 0 0 Po12 0 0 0 0 Ch OutUcastPkts OutMcastPkts OutBcastPkts OutOctets Po1 0 0 0 0 Po2 0 0 0 0 Po3 0 0 0 0 Po4 0 0 0 0 Po5 0 0 0 0 Po6 0 0 0 ...

Page 70: ... the OSI Model between switch ports which located in one broadcast domain Three types of PVLAN ports can be configured on switches promiscuous port which can exchange data between any interfaces including isolated and community ports PVLAN isolated port which is completely isolated from other ports within PVLAN except promiscous ports PVLAN blocks all traffic transmitting to isolated ports except ...

Page 71: ...an add remove secondary_vlan primary_vlan 1 4094 secondary_vlan 1 4094 Add remove primary and secondary VLAN on a promiscuous interface It is possible to add no more than one primary VLAN on promiscuous interface no switchport private vlan mapping Remove primary and secondary VLAN switchport private vlan host association primary_vlan secondary_vlan primary_vlan 1 4094 secondary_vlan 1 4094 Add pri...

Page 72: ...ociation 100 201 exit interface gigabitethernet 1 0 2 switchport mode host description Community 1 switchport forbidden default vlan switchport private vlan host association 100 202 exit interface gigabitethernet 1 0 3 switchport mode host description Community 2 switchport forbidden default vlan switchport private vlan host association 100 202 exit interface gigabitethernet 1 0 4 switchport mode ...

Page 73: ...tion Interface IP address will be used as the source address for DHCP Relay messages If there are multiple IP interfaces created on the switch interface the preferred interface if exists with the lowest IP address will be selected for DHCP Relay operation no source precedence Disable the preference settings ip irdp enabled Enable sending of IRDP ICMP Router Discovery Protocol announcement no ip ir...

Page 74: ...nges selective qinq list ingress override_vlan vlan_id ingress_vlan ingress_vlan_id vlan_id 1 4094 ingress_vlan_id 1 4094 Create the rule that will replace ingress_vlan_id mark of the inbound packet with vlan_id If ingress_vlan_id is not defined the rule will be applied to all inbound packets selective qinq list egress override_vlan vlan_id ingress_vlan ingress_vlan_id vlan_id 1 4094 ingress_vlan_...

Page 75: ...enable disabled Enable multicast traffic control no storm control multicast enable Disable multicast traffic control storm control multicast level kbps rate rate 1 1000000 3500 kbps Set maximum rate of multicast traffic no port storm control multicast level Set the default value storm control unknown unicast enable disabled Enable unknown unicast traffic control no storm control unknown unicast en...

Page 76: ... storm control broadcast enable console config if storm control multicast enable console config if storm control unknown unicast enable console config if storm control broadcast level kbps 5000 5 11 Link Aggregation Groups LAG MES3000 switches support up to 24 Ethernet interfaces in one LAG port group and up to 8 LAG groups on the standalone device or device stack Each port group should include Et...

Page 77: ...ance mechanism based on IP address src dst mac ip port load balance mechanism based on MAC address IP address and the destination port dst mac load balance mechanism based on MAC address of receiver dst ip load balance mechanism based on IP address of reciever src mac load balance mechanism based on MAC address of transmitter src ip load balance mechanism based on IP address of transmitter mpls aw...

Page 78: ...hernet interface configuration mode appears as follows console config if Table 5 52 Ethernet interface configuration mode commands Command Value Default value Action lacp timeout long short long Set LACP protocol administrative timeout long long timeout short short timeout no lacp timeout Restore the default value lacp port priority value value 1 65535 1 Set the Ethernet inteface priority no lacp ...

Page 79: ... corresponding configuration sections Ethernet interface configuration mode commands port group interface VLAN Command line request in Ethernet interface port group VLAN interface configuration mode appears as follows console config if Table 5 54 Ethernet interface configuration mode commands Command Value Action ip address ip_address mask gateway prefix_length prefix_length 8 30 Assign IP address...

Page 80: ... dhcp name name 1 158 characters Delete all interface ip address match records received via DHCP from the memory delete all matches renew dhcp gigabitethernet gi_port tengigabitethernet te_port port channel group vlan vlan_id force autoconfig gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group 1 24 vlan_id 1 4094 Send the IP address renewal request to DHCP server force autoconfig download the configuration...

Page 81: ... saving mode for cable length green ethernet short reach threshold value value 0 70 40 meters Set the threshold value for short reach power saving mode no green ethernet short reach threshold Restore default setting Interface configuration mode commands Command line request in Ethernet interface configuration mode appears as follows console config if Table 5 59 Ethernet interface configuration mod...

Page 82: ...f LT te0 3 on off LT on off off LT te0 4 on off LT on off off LT LU interface is in the UP state LD interface is in the DOWN state LL cable length exceeds the threshold value LT optical interface 5 14 IPv6 addressing configuration 5 14 1 IPv6 protocol MES3000 switches support IPv6 operations Ipv6 support is the important advantage since IPv6 protocol is destined to replace IPv4 protocol addressing...

Page 83: ...tches IPv6 address to the device network name ipv6 neighbor ipv6_address gigabitethernet gi_port tengigabitethernet te_port port channel group vlan vlan_id mac_address gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group 1 24 vlan_id 1 4094 Create static match between MAC address of the neighbouring device and its IPv6 address ipv6_address IPv6 address mac_address МАС address no ipv6 neighbor Remove static ...

Page 84: ... unreachables Restore the default value ipv6 mld version 1 2 2 Define MLD protocol version for the interface no ipv6 mld version Restore the default value ipv6 mld join group group_address Define MLD messages for the specific group group address IPv6 address of a multicast group no ipv6 mld join group group_address Disable reporting and remove IP address from a multicast group Privileged EXEC mode...

Page 85: ...s that the route to the neighbouring device works correctly received after the reachable time period ReachableTime ms While the neighbouring device is accessible and the packet exchange goes without errors no special actions are taken DELAY positive confirmation means that the route to the neighbouring device works correctly received after the reachable time period ReachableTime ms and the next re...

Page 86: ...ue Action tunnel mode ipv6ip isatap default Enable IPv6 tunnelling support through IPv4 with ISATAP IPv6 addressing and tunnelling support can coexist in the same interface e g Ethernet VLAN IPv6 addressing and tunnelling selection will be based on the information on the destination IP address no tunnel mode ipv6ip isatap Disable IPv6 protocol tunnelling support tunnel isatap router router_name th...

Page 87: ...ation mode commands Command Value Default value Action ipv6 nd raguard device role host router host Port operation mode selection host block all incoming RA messages router filter RA messages according to the configured rules ipv6 nd raguard match access list acl acl 1 32 characters Enable ACL for filtering RA messages in router mode acl ACL name no ipv6 nd raguard match access list Disable ACL fo...

Page 88: ...refix list for filtering DHCPv6 messages prefix list prefix list name ipv6 dhcp guard trusted port By default all ports are untrusted Add port to the trusted list Trusted ports allow all types of messages no ipv6 dhcp guard trusted port Delete port from trusted list 5 15 Protocol configuration 5 15 1 DNS protocol configuration The main task of DNS protocol is the identification of the network node...

Page 89: ...d IP address in cache or delete all records show hosts name name 1 158 characters Show default domain name DNS server list static and cached matches between node names and IP addresses When network node name is used in command the corresponding IP address will be shown Example use of commands Use DNS server with 192 168 16 35 and 192 168 16 38 addresses define the default domain name mes сonsole c...

Page 90: ...able records All records filter by IP address filter by MAC address filter by interface ip_address IP address mac_address MAC address gi_port Ethernet g1 g4 interface number te_port Ethernet XG1 XG4 interface number group channel group show arp configuration Show global ARP configuration and interface ARP configuration ip arp proxy disable disabled Disable ARP request proxy mode for the switch no ...

Page 91: ...ort group interface configuration mode appears as follows console configure console config interface gigabitethernet gi_port tengigabitethernet te_port port channel group console config if Table 5 78 Ethernet interface configuration mode commands interface group Command Value Default value Action gvrp enable disabled Enable GVRP utilization for configured interface no gvrp enable Disable GVRP util...

Page 92: ...he untagged port Interface configured in the access port mode will not be able to work with GVRP protocol since it always belongs to only one VLAN group Privileged EXEC mode commands Command line request in privileged EXEC mode appears as follows console Table 5 80 Privileged EXEC mode commands Command Value Action clear gvrp statistics gigabitethernet gi_port tengigabitethernet te_port port chann...

Page 93: ...stination MAC address is the device MAC address loopback detection vlan based disabled Enables loopback detection mode for VLAN If there is a loop in VLAN this VLAN will be blocked on port on which the loop is detected no loopback detection vlan based Disables loopback detection mode for VLAN loopback detection vlan based recovery time time time 30 1000000 disabled Defines time in seconds during w...

Page 94: ...ossibility of loop formation for member ports of the different trees For isolated tree processing the separate process is created for each tree in the system The process matches the device ports that belong to the tree 5 15 5 1 STP RSTP configuration Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 85 Global configuratio...

Page 95: ...ce configuration mode commands port group interface Command line request in Ethernet interface port group interface configuration mode appears as follows console config if Table 5 86 Ethernet interface configuration mode commands port group Command Value Default value Action spanning tree disable enabled Disable STP operation for the configured interface no spanning tree disable Enable STP operati...

Page 96: ... configuration mode commands Command line request in process configuration mode appears as follows console config mstp process Table 5 88 Privileged EXEC mode commands Command Value Default value Action spanning tree forward time seconds seconds 4 30 15 seconds Set the time interval for state listening and learning of configured process before switching to the interchange mode no spanning tree for...

Page 97: ...mands Command Value Default value Action spanning tree Enable STP utilization by the switch no spanning tree Disable STP utilization by the switch spanning tree mode stp rstp mstp rstp Set STP operation mode no spanning tree mode Restore the default value spanning tree pathcost method long short short Set the method for defining the path value long value in the range 1 200000000 short value in the...

Page 98: ...st in Ethernet interface port group interface configuration mode appears as follows console config if Table 5 93 Ethernet interface configuration mode commands port group Command Value Default value Action spanning tree guard root protection disabled Enable root protection for all spanning trees for the selected port Such protection denies the interface to be the root port of the switch no spannin...

Page 99: ... commands Enable STP support set the spanning tree priority value to 12288 forward time interval 20 seconds Hello broadcast message transmission interval 5 seconds spanning tree lifetime 38 seconds Show STP configuration console config spanning tree console config spanning tree mode rstp console config spanning tree priority 12288 console config spanning tree forward time 20 console config spannin...

Page 100: ...ected interface in a pair no flex link backup tengigabitethernet te_port gigabitethernet gi_port port channel port_channel Disables flex link on the interface and removes configured interface from flex link pair flex link preemption mode forced bandwidth off off Specifies action upon establishing an interface participating in flex link forced if the established interface is configured as master it...

Page 101: ...identifier and enter the region configuration mode no eaps domain domain_id Remove EAPS region with domain id identifier Domain configuration mode commands Command line request in domain configuration mode appears as follows console config eaps domain Table 5 98 EAPS domain configuration mode commands Command Value Default value Action control vlan vlan_id vlan_id 1 4093 Identifier of VLAN being u...

Page 102: ... increase stability and robustness of data network with ring topology by decreasing the restoration time after the failure Restoration time does not exceed 1 second which is substantially lower than the network reconstruction in case of spanning tree family of protocols Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 10...

Page 103: ...et the default value timer holdoff value value 0 10000 ms divisible by 100 with accuracy 5 ms 0 ms Set the delay timer for response of the switch to state changes Instead of response the timer is activated when it expires the switch will provide information on its state Designed for reducing the packet flood during the port flapping no timer holdoff Set the default value timer wtr value value 1 12...

Page 104: ...ended to set this delay less than 0 25 LLDP Timer no lldp tx delay Restore the default value lldp lldpdu filtering flooding filtering Define the LLDP packet processing mode when LLDP is disabled on the switch filtering LLDP packets are filtered if LLDP is disabled on the switch flooding LLDP packets are transmitted if LLDP is disabled on the switch no lldp lldpdu Restore the default value lldp med...

Page 105: ...move stp rstp mstp pause 802 1x lacp gvrp no lldp optional tlv 802 1 pvid Restore the default value lldp management address ip_address none automatic gigabitethernet gi_port tengigabitethernet te_port port channel group vlan vlan_id ip_address format A B C D gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group 1 24 vlan_id 1 4094 By default the control address is defined automatically Define the control add...

Page 106: ...ble 5 106 Privileged EXEC mode commands Command Value Default value Action clear lldp table Clear address table for discovered neighbouring devices and start a new packet exchange cycle via LLDP MED show lldp configuration gigabitethernet gi_port tengigabitethernet te_port gi_port 1 8 0 1 24 te_port 1 8 0 1 4 Show LLDP configuration on all device physical interfaces or on specified interfaces only...

Page 107: ...that the port will wait before sending the next LLDP message Tx delay Define the delay between the subsequent LLDP frame transmissions initiated by changes of values or status Port Port number State Port operation mode for LLDP Optional TLVs TLV options being sent Possible values PD port description SN system name SD system description SC system capabilities Address Device address being send in LL...

Page 108: ...epeater O Other System description Neighbouring device description Port description Neighbouring device port description Management address Device management address Auto negotiation support Defines if the automatic port mode identification is supported Auto negotiation status Defines if the automatic port mode identification support is enabled Auto negotiation Advertised Capabilities Defines mode...

Page 109: ...et oam link monitor frame seconds window window window 100 9000 100 ms Define the time interval for frame period event no ethernet oam link monitor frame seconds window Restore the default value ethernet oam mode active passive active Set OAM protocol operation mode active switch sends OAMPDU constantly passive switch will send OAMPDU only when OAMPDU are present from the opposite device no ethern...

Page 110: ...t 1 8 0 1 4 Show protocol message exchange statistics for the selected interface show ethernet oam status interface gigabitethernet gi_port tengigabitethernet te_port gi_port 1 8 0 1 24 te_port 1 8 0 1 4 Show Ethernet OAM settings for the selected interface show ethernet oam uni directional detection interface gigabitethernet gi_port tengigabitethernet te_port gi_port 1 8 0 1 24 te_port 1 8 0 1 4 ...

Page 111: ...ig Table 5 111 Global configuration mode commands Command Value Default value Action ethernet cfm domain name level level name 1 32 characters level 0 7 0 Create or change level of CFM domain MD with the name and enter the domain configuration mode level CFM domain level no ethernet cfm domain name Remove CFM domain MD with the name Domain configuration mode commands Command line request in domain...

Page 112: ...ce end point MEP no direction down Set the upstream direction for the maintenance end point MEP mep id id 1 8191 Add the maintenance end point MEP with id identifier to this maintenance This command performs MEP association with the maintenance only MEP is created in the interface configuration mode no mep id Remove maintenance end point MEP mip auto create lower mep only none The mode configured ...

Page 113: ...or xcon remote error xcon mac remote error xcon xcon none mac remote error xcon Enable notifications for the specific event types Event types all all DefRDI DefMACStatus DefRemote DefError DefXcon events error xcon DefError and DefXcon events only remote error xcon DefRemote DefError and DefXcon events only mac remote error xcon DefMACStatus DefRemote DefError and DefXcon events only xcon DefXcon ...

Page 114: ...e network L2PT encapsulates PDU on boundary switch transmits to another boundary switch which expect and decapsulate them It allows users to transmit Level 2 data through the service provider network MES3000 allows encapsulating of PDU in STP LACP LLDP IS IS protocols Example When L2PT is enabled for STP switches A B C and D are combined in one spanning tree despite the fact that switch A is not c...

Page 115: ... or not If setting is enabled port from which encapsulated PDU frame was received is blocked by l2pt guard If setting is disabled Decapsulated PDU frame is transmitted to all VLAN ports with enabled tunneling Encapsulated PDU frame is transmitted to all VLAN ports with disabled tunneling Global configuration mode commands Command line request in global configuration mode appears as follows console...

Page 116: ...ine request in priviledged EXEC mode appears as follows console Table 5 119 Privileged EXEC mode commands Command Value Default value Action show l2protocol tunnel gigabitethernet gi_port tengigabitethernet te_port port channel group gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group 1 12 Show L2PT information for specified interface or for all interfaces with enabled L2PT in case of not specifying of int...

Page 117: ... for port is performed automatically when the frame with OUI from the Voice VLAN table comes to the port When the port is identified as Voice VLAN port this port is added to VLAN as tagged Voice VLAN is applied in the following circumstances VoIP equipment is configured to send tagged packets with Voice VLAN ID configured on the switch VoIP equipment sends untagged DHCP requests DHCP server reply ...

Page 118: ...n state Restore the default value Ethernet interface configuration mode commands Command line request in Ethernet interface port group interface configuration mode appears as follows console config if Table 5 121 Ethernet interface configuration mode commands Command Value Default value Action voice vlan enable disabled Enable Voice VLAN for the port no voice vlan enable Disable Voice VLAN for the...

Page 119: ..._address multicast IP address add add port s into the banned list remove remove port s from the banned list Interface listing should be delimited with and no bridge multicast forbidden address mac_multicast_address ip_multicast_address Remove the banning rule for the multicast MAC address bridge multicast forward all add remove gigabitethernet gi_port tengigabitethernet te_port port channel group ...

Page 120: ...mac group ip group ip src group mac group Specify multicast data transmission mode for IPv6 multicast packets mac group multicast transmission based on VLAN and MAC addresses ip group multicast transmission with the filtering type based on VLAN and the recipient address in IPv6 format ip src group multicast transmission with the filtering type based on VLAN and the sender address in IPv6 format no...

Page 121: ...e config interface tengigabitethernet te_port gigabitethernet gi_port port channel group range console config if Table 5 124 Ethernet interface configuration mode commands interface group Command Value Default value Description bridge multicast unregistered forwarding filtering forwarding Set the forwarding rule for packets received from unregistered multicast addresses forwarding forward unregist...

Page 122: ...ddress multicast MAC address ethtype Ethernet v2 packet type sap LLC packet type pid LLC Snap packet type discard drop packets bridge bridge packet transmission mode no bridge multicast reserved address mac_multicast_address ethernet v2 ethtype llc sap llc snap pid Restore the default value mac address table lookup length length length 1 8 3 Specify the size of MAC address area in the hashing algo...

Page 123: ... ipv6_multicast_address all mac ip vlan_id 1 4094 Show static multicast address table for the selected interface or for all VLAN interfaces mac_multicast_address multicast MAC address ipv4_multicast_address multicast IPv4 address ipv6_multicast_address multicast IPv6 address ipv4_source_address IPv4 source address ipv6_source_address IPv6 source address all view full table ip show by IP addresses ...

Page 124: ...gh the port Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 128 Global configuration mode commands Command Value Action ip igmp snooping disabled Enable IGMP Snooping utilization by the switch no ip igmp snooping Disable IGMP Snooping utilization by the switch ip igmp snooping vlan vlan_id vlan_id 1 4094 disabled Enable...

Page 125: ...replacement of source IP address with specified IP address in all IGMP report packets of the specified VLAN ip igmp snooping map cpe vlan vlan_id multicast tv vlan vlan_id vlan_id 1 4094 Add the match between user VLAN CPE VLAN and TV VLAN multicast tv vlan If IGMP message comes to a port with CPE vlan tag and the match CPE vlan multicast tv vlan exists IGMP message will be associated with TV VLAN...

Page 126: ...sed no ip igmp robustness Restore the default value ip igmp query interval seconds seconds 30 18000 125 seconds Define the timeout upon the expiration of which the system will send basic queries to check the activity of multicast group participants no ip igmp query interval Restore the default value ip igmp query max response time seconds seconds 5 20 10 seconds Set the maximum query response time...

Page 127: ...lan_id 1 4094 Show IGMP Snooping information for the current interface show ip igmp snooping groups vlan vlan_id ip multicast address ip_multicast_address ip address ip_address vlan_id 1 4094 Show information on learnt multicast groups show ip igmp snooping cpe vlans vlan vlan_id vlan_id 1 4094 Show table of matches for subscriber VLAN equipment and TV VLAN Example execution of commands Enable IGM...

Page 128: ...i_port tengigabitethernet te_port port channel group Remove the rule that denies the registration of listed ports as MLD router ipv6 mld snooping vlan vlan_id mrouter learn pim dvmrp enabled Learn ports connected to mrouter with MLD query packets no ipv6 mld snooping vlan vlan_id mrouter learn pim dvmrp Do not learn ports connected to mrouter with MLD query packets ipv6 mld snooping vlan vlan_id m...

Page 129: ... interface configuration mode appears as follows console config if Table 5 134 Ethernet interface configuration mode commands interface group Command Value Default value Description ipv6 mld join group ipv6_multicast_address Perform the MLD report message transmission for joining ipv6_address group from the current port ipv6_multicast_address IPv6 multicast address no ipv6 mld join group ipv6_mult...

Page 130: ...ne the profile match to the specified IPv6 multicast address range no match ipv6 low_ipv6 high_ipv6 Remove the profile match to the specified IPv6 multicast address range permit no permit If mismatch to one of the defined ranges is found IGMP reports will be skipped no permit If mismatch to one of the defined ranges is found IGMP reports will be dropped Ethernet interface configuration mode comman...

Page 131: ... supports up to 1024 multicast groups IGMP Proxy supports up to 512 downlink interfaces IGMP Proxy restrictions IGMP Proxy is not supported on LAG groups only one uplink interface can be defined when V3 version of IGMP protocol is used only exclude G and include G queries are processed on downlink interfaces Global configuration mode commands Command line request in global configuration mode appea...

Page 132: ... address group group IP address source multicast data source IP address show ip igmp proxy Show information on uplink interfaces show ip igmp proxy interface Show information on dowlink interfaces console show ip igmp proxy interface Interface Version No of Groups CoS DSCP vlan 1 2 0 2 37 vlan 30 2 0 5 12 Example use of commands Configure IGMP proxy function operation on the device use VLAN 100 as...

Page 133: ...ntication method being activated when the user logs in Method description method1 method2 enable use password for authentication line use terminal password for authentication local use local username database for authentication none do not use authentication radius use RADIUS server list for authentication tacacs use TACACS server list for authentication If authentication method is not defined the...

Page 134: ... characters Add the user to the local database level privilege level password password name username encrypted_password encrypted password e g encrypted password copied from another device no username name Remove the user from the local database aaa accounting login start stop group radius Accounting is disabled by default Enable accounting for control sessions Accounting is enabled only for users...

Page 135: ... message Description User Name 1 Yes Yes User identification NAS IP Address 4 Yes Yes Switch IP address used for Radius server sessions Class 25 Yes Yes Arbitrary value included in all session accounting messages Called Station ID 30 Yes Yes Switch IP address used for control sessions Calling Station ID 31 Yes Yes User IP address Acct Session ID 44 Yes Yes Unique accounting identifier Acct Authent...

Page 136: ... by aaa authentication login default command list_name use the list created by aaa authentication login list_name command no enable authentication Restore the default value password password encrypted password 1 159 characters Define the terminal password encrypted define the encrypted password e g encrypted password copied from another device no password Remove the terminal password Privileged EX...

Page 137: ...led by the switch RADIUS client secret_key authentication and encryption key for RADIUS data exchange encrypted key authentication and encryption key for RADIUS data exchange source_ip_addr IPv4 or IPv6 address used as a source address in RADIUS protocol messages priority RADIUS server utilization priority the lower the value the higher the server priority type RADIUS server utilization type no ra...

Page 138: ...ius servers Show RADIUS server configuration parameters this command is available to privileged users only show radius statistics Show Radius protocol statistics Example execution of commands Set global values for parameters server reply interval 5 seconds RADIUS server discovery attempts 5 time when unavailable servers will not be polled by the switch RADIUS client 10 minutes secret key secret Ad...

Page 139: ...s for data exchange with TACACS server to only one at a time port port number for data exchange with TACACS server timeout server response interval secret_key authentication and encryption key for TACACS data exchange encrypted_key encrypted authentication and encryption key for TACACS data exchange source_ip_address IP address used as the default source address being sent in TACACS protocol messa...

Page 140: ... network management stations and network elements hosts gateways and routers terminal servers that enables management communications between the network management stations and the network agents MES3000 series switches allow to configure SNMP operation for device remote monitoring and management tasks Device supports SNMPv1 SNMPv2 SNMPv3 versions Global configuration mode commands Command line re...

Page 141: ...erver view view_name OID Remove browsing rule for SNMP snmp server group groupname v1 v2 v3 noauth auth priv notify notifyview read readview write writeview groupname 1 30 characters notifyview 1 30 characters readview 1 30 characters writeview 1 30 characters Create SNMP group or match table for SNMP users and SNMP browsing rules v1 v2 v3 SNMP v1 v2 v3 security model noauth auth priv authenticati...

Page 142: ...nsmission attempts when their confirmation is not received no snmp server v3 host ipv4_address ipv6_address hostname username traps informs Remove settings for inform and trap notification message transmission to SNMPv3 server snmp server engineid local engineid_string default engineid_string 5 32 characters Create the local SNMP device identifier engineid_string default when this setting is used ...

Page 143: ...ormation snmp server location text text 1 160 characters Define the device location information no snmp server location Remove the device location information snmp server set variable_name name1 value1 name2 value2 variable_name name value should be defined according to specification Allows to set variable values in the switch MIB database variable_name variable name name value match pairs name va...

Page 144: ...The data collected by RMON describes the traffic between the network nodes Information collected by the agent is transmitted to the network management application Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 156 Global configuration mode commands Command Value Default value Action rmon event index type community comm...

Page 145: ...above or equal to this threshold falling generate a single alarm event for the falling threshold if the selected variable value at the first control interval is below or equal to this threshold rising falling generate a single alarm event for the rising and or falling threshold if the selected variable value at the first control interval is is above or equal to the rising threshold below or equal ...

Page 146: ...ndex Example execution of commands Show 10th Ethernet interface statistics сonsole show rmon statistics gigabitethernet 1 0 10 Port gi0 10 Dropped 8 Octets 878128 Packets 978 Broadcast 7 Multicast 1 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbers 0 64 Octets 98 65 to 127 Octets 0 128 to 255 Octets 0 256 to 511 Octets 0 512 to 1023 Octets 491 1024 to 1518 Octets...

Page 147: ...1 Octets Quantity of packets received including bad packets with length from 256 to 511 bytes inclusively w o frame bits but with checksum bits 512 to 1023 Octets Quantity of packets received including bad packets with length from 512 to 1023 bytes inclusively w o frame bits but with checksum bits 1024 to 1518 Octets Quantity of packets received including bad packets with length from 1024 to 1518 ...

Page 148: ...y of packets received during the record generation period with length less than 64 bytes w o frame bits but with checksum bits but formed correctly in other respects Oversize Pkts Quantity of packets received during the record generation period with length more than 1518 bytes w o frame bits but with checksum bits but formed correctly in other respects Fragments Quantity of packets received during...

Page 149: ...p Alarm Event generation instruction at the first control interval Define alarm event generation rules for the first control interval by comparing the selected variable with the one of the thresholds or both thresholds rising generate a single alarm event for the rising threshold if the selected variable value at the first control interval is above or equal to this threshold falling generate a sin...

Page 150: ...e equal to zero Show RMON remote monitoring record table console show rmon log Maximum table size 100 Event Description Time 1 Errors Nov 10 2009 18 48 33 Table 5 165 Description of results Parameter Description Index Index the unique identifier of the record Description Comment that describes the event Time Event creation time 5 18 6 Access Lists ACL for device management MES3000 series switches ...

Page 151: ...r the access control list service access type Telnet SSH SNMP HTTP HTTPS permit ip source ipv4_address ipv6_address prefix_length mask mask prefix_length gigabitethernet gi_port tengigabitethernet te_port port channel group vlan vlan_id service service deny gigabitethernet gi_port tengigabitethernet te_port port channel group vlan vlan_id service service gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group ...

Page 152: ...d authentication mode no ip ssh password auth Disable password authentication mode crypto key pubkey chain ssh By default the key is not created Enter the public key configuration mode crypto key generate dsa Generate DSA key pair private and public for SSH service If one of the keys from the pair has been already created the system will prompt to overwrite this key crypto key generate rsa Generat...

Page 153: ...e specific user key string row key_string key_string 0 160 characters Create the public key for the specific user Key is entered one line at a time key_string key part To notify the system that the key entry is completed enter key string row command without symbols EXEC mode commands Commands from this section are available to the privileged users only Command line request in EXEC mode appears as ...

Page 154: ...guration mode appears as follows console config Table 5 173 Global configuration mode commands Command Value Default value Action line console telnet ssh Enter the mode of the corresponding terminal local console remote console Telnet or secure remote console SSH Terminal configuration mode commands Command line request in terminal configuration mode appears as follows console configure console co...

Page 155: ...ame port port number to send a messages on the SYSLOG protocol level importance level for messages sent to SYSLOG server facility service transmitted in messages text SYSLOG server description no logging host ip_address host Remove the selected server from the list of utilized SYSLOG servers logging console level level see Table 5 177 informational Enable transmission of alarm and debug messages o...

Page 156: ...ging time Restore the default value logging cli commands disabled Enable accounting for commands entered into CLI no logging cli commands Restore the default value logging service cpu rate limits traffic traffic http telnet ssh snmp ip link local arp switch mode arp inspection stp bpdu other bpdu dhcp snooping dhcpv6 snooping igmp snooping mld snooping sflow log deny aces vrrp Enable control of th...

Page 157: ...ed ports to the controlling port Loss of traffic is possible in case of mirroring more than one physical interface No loss is guaranteed in case of mirroring only one physical interface Controlling port has the following restrictions Port cannot act as monitored and controlling port at the same time Port cannot belong to the port group IP interface should not be set for this port GVRP must be disa...

Page 158: ...interface will no longer be deemed as the controlling port for the monitored port specified in the command port monitor vlan vlan_id vlan_id 1 4096 Enable monitoring function for the configured interface This interface will be deemed as the controlling port for the specified VLAN Monitoring port should not belong to the configured VLAN VLAN monitoring may be enabled only when there is a single con...

Page 159: ...ld be sent in a single data packet no sflow receiver id Delete sflow statistics server address Ethernet interface configuration mode commands Command line request in Ethernet interface configuration mode appears as follows console configure console config interface gigabitethernet gi_port tengigabitethernet te_port console config if Table 5 183 Ethernet interface configuration mode commands Comman...

Page 160: ...0 0 80 1 console config interface range gigabitethernet 1 0 1 24 console config if range sflow flowing sample 1 10240 console config if sflow counters sampling 240 1 5 22 Physical layer diagnostics functions MES3000 series network switches are equipped with the hardware and software tools for diagnostics of physical interfaces and communication lines You can test the following parameters For elect...

Page 161: ...r interface gigabitethernet gi_port tengigabitethernet te_port gi_port 1 8 0 1 24 te_port 1 8 0 1 4 Show results for the last virtual cable testing for the specific interface if the port number is not defined the command is executed for all ports show cable diagnostics cable length interface gigabitethernet gi_port tengigabitethernet te_port Show the assumed cable length connected to the specific ...

Page 162: ...5 Not tested gi1 0 16 Not tested gi1 0 17 Not tested gi1 0 18 Not tested gi1 0 19 Not tested gi1 0 20 Not tested gi1 0 21 Not tested gi1 0 22 Not tested gi1 0 23 Not tested gi1 0 24 Open cable 10 14 Mar 2014 13 41 43 te1 0 1 Fiber te1 0 2 Fiber te1 0 3 Fiber te1 0 4 Fiber 5 22 2 Optical transceiver diagnostics Diagnostics function allows to estimate the current condition of the optical transceiver...

Page 163: ...r supply current voltage supply voltage input power receiving optical signal power output power transmitting optical signal power temperature temperature optical transceiver threshold values parameter high alarm high warning low warning low alarm parameter current input power output power temperature voltage Specify the threshold values which when crossed will cause SYSLOG SNMP message generation ...

Page 164: ...illiWatts LOS Loss of signal N A Not Available N S Not Supported W Warning E Error Transceiver information Vendor name OEM Serial number SX31221300026 Connector type LC Type SFP SFP Compliance code 10GBASE LR Laser wavelength 1310 nm Transfer distance 10000 Diagnostic supported Table 5 190 Optical transceiver diagnostics parameters Parameter Value Temp Transceiver temperature Voltage Transceiver p...

Page 165: ...atistics collected during the lifetime of the operation Stop the cyclic execution if necessary Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 191 Global configuration mode commands Command Value Action ip sla operation index index 1 20 Go to operation configuration context no ip sla operation index Remove an existing I...

Page 166: ...creation mode Command Value Action icmp echo target_address source address source_address source interface source_interface source_interface gi_port 1 8 0 1 24 te_port 1 8 0 1 4 Create ICMP Echo operation target_address IPv4 address for receiving ICMP Echo request messages source_address IPv4 address used for placement into ICMP packet header source_interface port for sending packets You can defin...

Page 167: ...atency value value of the last successfully measured ICMP packet transit time Number of operations number of operation executions Latency Min Avg Max minimal average and maximum packet transit times collected during the lifetime of the operation Number of successes number of successfully completed operations Number of failures number of failed operations Failed operations counters that show the nu...

Page 168: ...tween packets in a sequence You can define udp jitter command parameters only at the time of operation creation you will not be able to edit them later To define other parameters remove the existing operation and create a new one ICMP Echo operation configuration mode commands Command line request in UDP Jitter operation configuration mode appears as follows console config ip sla udp jitter Table ...

Page 169: ...f Sequence 0 Number of successes 91 Number of failures 0 Operations failed due to TimeOut Unable Send Bad Reply 0 0 0 Operations failed due to Unreachable Net Host Port Prot 0 0 0 0 Operations failed due to Exceeded TTL Time of reassembly 0 0 Packet unidirectional transit statistics may be empty because of the missing time synchronization on devices and generation of invalid values where Latest op...

Page 170: ...pears as follows console config if Table 5 198 Ethernet interface configuration mode commands interface group Command Value Default value Action port security max num num 1 128 1 Define the maximum address quantity that could be learnt by the port no port security max Restore the default value port security routed secure address mac_address MAC address format H H H H H H H H H H H H H H H Define t...

Page 171: ...e active gigabitethernet gi_port tengigabitethernet te_port port channel group gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group 1 24 Activate the interface disabled by the port security function this command is available to privileged users only Example execution of commands Enable security function for Ethernet interface 15 Set the port learning restriction for port 1 After the MAC address has been lea...

Page 172: ...uthorized and visa versa force authorized disable IEEE 802 1X authentication on the interface Port will enter the authorized state without authentication force unauthorized transfer the port into unauthorized state All client authentication attempts are ignored the switch will not provide the authentication service for this port time time interval If this parameter is not defined the port will not...

Page 173: ...s username username 1 160 characters Show active authenticated IEEE 802 1X switch users show dot1x statistics interface gigabitethernet gi_port tengigabitethernet te_port gi_port 1 8 0 1 24 te_port 1 8 0 1 4 Show IEEE 802 1X statistics for the selected interface Example execution of commands Enable IEEE 802 1X authentication mode on the switch Use RADIUS server for client authentication checks on ...

Page 174: ...s Parameter Description Port Port number Admin mode IEEE 802 1X authentication mode Force auth Force unauth Auto Oper mode Port operation mode Authorized Unauthorized Down Reauth Control Re authentication control Reauth Period The period between the recurring authentication checks Username Username for IEEE 802 1X usage If the port is authorized the current user name is shown If the port is not au...

Page 175: ...uthenticator EapolStartFramesRx The quantity of EAPOL Start packets received by the current authenticator EapolLogoffFramesRx The quantity of EAPOL Logoff packets received by the current authenticator EapolRespIdFramesRx The quantity of EAPOL Resp Id packets received by the current authenticator EapolRespFramesRx The quantity of EAPOL response packets except for Resp Id received by the current aut...

Page 176: ...ivation or port activation and adding port to guest VLAN no dot1x guest vlan timeout Restore the default value dot1x traps mac authentication success disable Enable trap message transmission when the client successfully passes the MAC address authentication based on IEEE 802 1x standard no dot1x traps mac authentication success Restore the default value dot1x traps mac authentication failure disab...

Page 177: ...e to access the guest VLAN dot1x mac authentication mac only mac and 802 1x disabled Enable authentication based on the user MAC addresses mac only enable authentication based on MAC addresses only IEEE 802 1х packets are ignored mac and 802 1x enable authentication based on IEEE 802 1х and MAC addresses Guest VLAN should be enabled when authentication based on МАС address is used There should be ...

Page 178: ... Deny access to the current VLAN for the unauthorized users dot1x guest vlan VLAN is not configured as the guest VLAN Define the guest VLAN Allow unauthorized users of this interface to access the guest VLAN If the guest VLAN is defined and allowed the port will automatically join the guest VLAN when it is unauthorized and leave the guest VLAN when it passes authorization To use these functions th...

Page 179: ...le 5 210 Option 82 field format Field Information sent Circuit ID device hostname string appearance eth stacked slotid interfaceid vlan The last byte number of the port that the device which sent dhcp request is connected to Remote agent ID Enterprise number 0089c1 Device MAC address In order to use Option 82 the device should have DHCP relay agent function enabled To enable DHCP relay agent funct...

Page 180: ...cp information option format type access node id Set the default value ip dhcp information option format type remote id remote_id remote_id 1 32 characters Specifies the Option 82 remote_id identifier no ip dhcp information option format type remote id Set the default value ip dhcp information option format type option format delimeter delimeter format sp sv pv spv bin user defined delimeter space...

Page 181: ...rnet interface configuration mode commands interface group Command Value Default value Action ip dhcp snooping trust The interface is not trusted by default Add the interface into the trusted interface list when DHCP management is used Trusted interface DHCP traffic is deemed as safe and not controlled no ip dhcp snooping trust Remove the interface from the trusted interface list when DHCP managem...

Page 182: ...ing mac_address vlan_id Remove the client MAC address match to VLAN group from the DHCP management file database clear ip dhcp snooping database Clear the DHCP management file database EXEC mode commands Command line request in EXEC mode appears as follows console Table 5 216 EXEC mode commands Command Value Action show ip dhcp information option Show information on DHCP Option 82 utilization show...

Page 183: ...onfiguration mode appears as follows console config Table 5 217 Global configuration mode commands Command Value Action ip source guard Function is disabled by default Enable client IP address protection for the whole switch no ip source guard Disable client IP address protection for the whole switch ip source guard binding mac_address vlan_id ip_address gigabitethernet gi_port tengigabitethernet ...

Page 184: ...pears as follows console Table 5 220 EXEC mode commands Command Value Action show ip source guard configuration gigabitethernet gi_port tengigabitethernet te_port port channel group gi_port 1 8 0 1 24 te_port 1 8 0 1 4 group 1 24 Command shows IP address protection function configuration for the selected or all device interfaces show ip source guard status mac address mac_address ip address ip_add...

Page 185: ...lue Default value Action ip arp inspection Function is disabled by default Enable ARP management ARP Inspection function no ip arp inspection Disable ARP management ARP Inspection function ip arp inspection vlan vlan_id vlan_id 1 4094 Function is disabled by default Enable ARP Inspection based on DHCP Snooping match database in the selected VLAN group no ip arp inspection vlan vlan_id Disable ARP ...

Page 186: ...RP list configuration mode commands Command line request in ARP list configuration mode appears as follows console configure console config ip arp inspection list list console config ARP list Table 5 223 ARP list configuration mode commands Command Action ip ip_address mac mac_address Add IP and MAC address static match no ip ip_address mac mac_address Remove IP and MAC address static match EXEC m...

Page 187: ...tion has configurable parameters the event history depth and the minimum message transmission interval MAC Address Notification service is disabled by default and can be configured selectively for the specific switch ports Global configuration mode commands Command line request in global configuration mode appears as follows console config Table 5 225 Global configuration mode commands Command Val...

Page 188: ...nts You can enable generation of notifications only for MAC address learning or removal Privileged EXEC mode commands Command line request in privileged EXEC mode appears as follows console Table 5 227 Privileged EXEC mode commands Command Value Action show mac address table notification change history interfaces Show all notifications on MAC address state changes saved in history You can filter e...

Page 189: ...rver IP address for DHCP Relay agent no ip dhcp relay address ip_addr Remove the IP address from DHCP server list for DHCP Relay agent ip dhcp relay broadcast enable The mode is disabled by default Enable DHCP server answers broadcasting no ip dhcp relay broadcast enable Restore the default mode ip dhcp relay information policy keep replace drop The keep mode is enabled by default Define the proce...

Page 190: ...ured interface no ip dhcp relay enable Disable DHCP Relay agent for the configured interface Ethernet interface configuration mode commands Command line request appears as follows console config if Table 5 230 Ethernet interface configuration mode commands Command Default value Action ip dhcp relay information policy keep replace drop global global Define the processing mode for DHCP packets with ...

Page 191: ...in the global configuration mode appears as follows console config Table 5 232 Global Configuration Mode Commands Command Value Action ipv6 dhcp ldra enable Disabled by default Enable Lightweight DHCPv6 Relay Agent LDRA function no ipv6 dhcp ldra enable Disable LDRA function ipv6 dhcp ldra information option format type remote id word word 1 63 characters Set remote id option 37 identifier no ipv6...

Page 192: ...ce identifier is not assigned by default A string with identifier of the access device The command in negative form no restores the default settings no pppoe intermediate agent format type generic error message word word word 1 128 characters Contains the PPPoE Discover packet is too large to process message by default Text of the error message which is displayed when the size of the packet MTU se...

Page 193: ...erfaces with connected PPPoE servers are configured as trusted Interfaces with connected users are configured as untrusted The command in negative form restores the default setting no pppoe intermediate agent vendor tag strip Removal is disabled by default Enables disables removal of a vendor specific option from PADO PADS PADT packets before they are sent to user The removal option can be used on...

Page 194: ...the switch no ip dhcp server Disables the DHCP server option for the switch ip dhcp pool host name 1 32 characters Enters the configuration mode for static addresses of DHCP server no ip dhcp pool host name Deletes configuration of the DHCP client with the specified name ip dhcp pool network name 1 32 characters Enters the configuration mode for DHCP address pool of DHCP server name name of the DH...

Page 195: ...mands of the configuration mode Command Value Action address network number low low address high high address mask prefix length Sets the subnet number and mask for address poll of DHCP server network number IP address of the subnet number low address the first IP address of the range high address the last IP address of the range mask prefix length subnet mask prefix length no address Removes conf...

Page 196: ... with the load file no next server name Sets the default value bootfile filename 1 128 characters Specifies the name of the file which is used for boot load of DHCP client no bootfile Sets the default value time server ip_address_list The list of servers is not defined by default Defines the list of time servers available to DHCP clients ip_address_list list of time server IP addresses may contain...

Page 197: ...st console config dhcp address 192 168 45 0 255 255 255 0 console config dhcp domain name test ru console config dhcp dns server 192 168 45 112 console config dhcp default router 192 168 45 1 5 29 ACL Configuration Access Control Lists ACL Access Control List is a table which defines filtration rules for incoming traffic based on IP and MAC addresses sent in packets of protocols and TCP UPD ports ...

Page 198: ...243 A command that assigns an ACL to an interface Command Value Action service acl input access_list access_list access list 1 32 characters profile_id 0 2 The command specifies the list in the settings of a definite physical interface and binds the list to the interface It is possible to bind mac access list and ip access list no service acl input Remove the list from the interface Privileged EXE...

Page 199: ...nip pim l2tp isis ipip or a protocol number 0 255 The ip value is used for all protocols to establish correspondence source Source address Defines address of the packet source source_wildcard Address mask of the source A bit mask applied to IP address of the packet source The mask defines the bits of the IP address which should be ignored 1 should be written to all ignored bites For example the ma...

Page 200: ...ip 520 snmp 161 snmptrap 162 sunrpc 111 syslog 514 tacacs ds 49 talk 517 tftp 69 time 37 who 513 xdmcp 177 Any number 0 65535 source_port UDP TCP source port list_of_flags TCP flags If a flag should be set for a filtration rule is specified before the flag otherwise is specified Possible flags urg ack psh rst syn fin urg ack psh rst syn and fin If several flags are used for the same filtration rul...

Page 201: ...tion destination_wildcard any destination_port dscp dscp precedence precedence match all list_of_flags time range time_name index index offset list offset_list_name Adds a permit filtration record for the TCP Packets which fulfil the record s requirements will be processed by the switch permit udp any source source_wildcard any source_port any destination destination_wildcard any destination port ...

Page 202: ...ation destination_wildcard any destination_port dscp dscp precedence precedence match all list_of_flags time range time_name disable port log input index index offset list offset_list_name Adds a deny filtration record for the TCP Packets which fulfil the record s requirements will be blocked by the switch If the disable port keyword is specified the physical interface receiving the packet will be...

Page 203: ...uter solicitation 133 router advertisement 134 nd ns 135 nd na 136 icmp_code ICMP message code It is used for filtration of ICMP packets Possible field values 0 255 destination_port UDP TCP destination port Possible values of the TCP port field bgp 179 chargen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 lpd 515...

Page 204: ..._list_name Adds a permit filtration record for the TCP Packets which fulfil the record s requirements will be processed by the switch permit udp any source_prefix length any source_port any destination_prefix length any destination_port dscp dscp precedence precedence time range time_name offset list offset_list_name Adds a permit filtration record for the UDP Packets which fulfil the record s req...

Page 205: ...d system mode having the following parameters offset_base basic offset Possible values L3 beginning of the IPv6 header L4 end of the IPv6 header offset byte offset within a packet Basic offset is considered as a starting point mask mask Packet analysis is performed only for the bytes digits which have 1 specified as defined in the mask value the set value no offset list offset_list_name Removes a ...

Page 206: ...f the rule in a table The lower the index the higher is the priority 1 2 147 483 647 In order to select the whole range of parameters except dscp and ip precedence the any parameter is used As soon as at least one record has been added to ACL the last record is set by default to deny any any That means that all packets which do not fulfil ACL requirements will be dropped Table 5 251 Configuration ...

Page 207: ...with destination port 2140 and source port 2140 back orifice trojan filters out UDP packets with destination port 31337 and source port 1024 security suite enable Enables the security suite command class no security suite enable Disables the security suite command class Commands for Interface Configuration of Ethernet Interface and a Group of Ports Command line in the interface configuration mode ...

Page 208: ...ation Global Configuration Mode Commands Command line request in the global configuration mode appears as follows console config Table 5 254 Global configuration mode commands Command Value Default Value Action qos basic advanced ports trusted ports not trusted basic Enables QoS in the switch basic QoS basic mode advanced QoS advanced configuration mode which provides all commands of QoS configura...

Page 209: ... 32 characters committed rate kbps 3 57 982 058 committed burst byte 3000 19 173 960 Defines a configuration template which allows bandwidth limitation and at the same time guarantees a certain data transfer rate The marked bucket algorithm is used for work with bandwidth The goal of the algorithm is to make a decision whether to send or drop a packet The algorithm parameters are the rate of token...

Page 210: ...will be forbidden no qos wrr queue threshold gigabitethernet queue id Sets the default threshold values qos wrr queue wrtd WRTD is disabled by default Enables WRTD The changes will take effect after the device is restarted no qos wrr queue wrtd Disables WRTD qos map enable cos dscp dscp cos Use specified remarking table for trusted ports of the switch no qos map enable cos dscp dscp cos Do not use...

Page 211: ...to be rewritten with new values The table of DSCP changes can be used only for incoming traffic of trusted ports Valid for the qos basic mode only no qos dscp mutation Disables the use of the DSCP changes qos map dscp mutation in dscp to out dscp in dscp 0 63 out dscp 0 63 The table of changes is empty by default i e DSCP values remain the same for all incoming packets Fills in the table of repeat...

Page 212: ...or an interface use the service policy command in the interface configuration mode Valid for the qos advanced mode only no class class_map_name Removes a class map traffic classification rule from the policy map strategy Commands of the Configuration Mode for Classification Rules Command line request in the configuration mode for classification rules appears as follows console configure console co...

Page 213: ...ion template to a classification rule that allows bandwidth limitation and at the same time guarantees a certain data transfer rate Valid for the qos advanced mode only no police agregate aggregate_policer_name Removes the channel rate configuration template from the traffic classification rule Qos tail drop profile configuration mode commands Command line request in configuration mode for qos tai...

Page 214: ... id Removes the traffic rate limitation for the outgoing queue in the interface qos trust cos dscp cos dscp enabled Enables the basic QoS for the interface cos port trusts 802 1p User priority value dscp port trusts DSCP value in IPv4 IPv6 packets cos dscp port trusts both levels however DSCP takes precedence over 802 1p Valid for the qos basic mode only no qos trust Disables the basic QoS for the...

Page 215: ... incoming traffic rate limit show qos map dscp queue dscp dp policed dscp dscp mutation Displays information on fields replacement in packets which are used by QoS dscp queue table of correspondence between DSCP and queues dscp dp table of correspondence between DSCP tags and drop priority DP policed dscp table of repeated DSCP marking dscp mutation table of DSCP to DSCP changes show qos tail drop...

Page 216: ...hernet te_port all set 1 2 queue 1 8 dp high low gi_port 1 8 0 1 24 te_port 1 8 0 1 4 Default value set 1 all priorities all queues high drop priority set 2 all priorities all queues low drop priority Enables QoS statistics for outgoing queues set defines a set of counters dp defines drop priority no qos statistics queues set Disables QoS statistics for outgoing queues Commands for Interface Confi...

Page 217: ... 0 broadcasts 0 multicasts 0 input errors 0 FCS 0 alignment 0 oversize 0 internal MAC 0 pause frames received 0 packets output 0 bytes sent 0 broadcasts 0 multicasts 0 output errors 0 collisions 0 excessive collisions 0 late collisions 0 pause frames transmitted 0 symbol errors 0 carrier 0 SQE test error Output queues queue passed dropped 1 14 20 2 0 20 3 0 20 4 0 20 5 0 20 6 0 20 7 0 20 8 0 20 pa...

Page 218: ...PU traffic packet routing is supported no ipv6 route ipv6_prefix len gateway Remove static IPv6 route ip proxy arp disabled Enables APR requests proxy mode no ip proxy arp Disables APR requests proxy mode Commands of EXEC mode Type of request of command line of EXEC mode console Table 5 266 Commands of EXEC mode Command Action show ip route connected static address ip_address mask prefix_length lo...

Page 219: ...and line in global configuration mode console config Table 5 268 Commands of global configuration mode Command Default value Action router rip Access to RIP configuration mode no router rip Removal of RIP global configuration Commands of RIP protocol configuration mode Type of request of command line console config rip Table 5 269 Commands of RIP protocol configuration mode Command Value Default v...

Page 220: ... value ip rip authentication key chain key_chain key_chain 1 32 digits Defines set of keys which can be used for authentication no ip rip authentication key chain Assigns default value ip rip authentication key clear_text clear_text 1 16 digits Defines key for authentication by clear text no ip rip authentication key Assigns default value ip rip distribute list acl_name acl_name 1 32 digits Assign...

Page 221: ...tible rfc1583 Disables compatibility with RFC 1583 router ospf router id A B C D Assigns router ID which gives the router unique number within one independent system A B C D router ID in format of IPv4 address no router ospf router id Assigns default value router ospf area A B C D Assigns zone ID by default Zone is a set of networks and routers which have same ID A B C D router ID in format of IPv...

Page 222: ...interval Usually the dead interval equals to 4 intervals of sending hello packages i e 40 seconds no ospf dead interval Assigns default value ospf hello interval interval interval 1 65535 10 Assigns time interval in seconds upon expiry of which the router sends next hello package from interface no ospf hello interval Assigns default value ospf retransmit interval interval interval 1 3600 5 Assigns...

Page 223: ... Displays status of OSPF protocol database for specified zone show ip ospf virtual links router A B C D area E F G H A B C D Interface IP address E F G H zone ID Displays parameters and current state of virtual links for specified router optionally for specified zone optionally 5 32 4 BFD protocol configuration Bidirectional Forwarding Detection BFD is a network protocol used for determination of ...

Page 224: ...ccording to RFC 5798 If current master becomes unavailable then selection of master is repeated The highest priority belongs to router with own IP address which matches the virtual one In case of availability it always becomes VRRP master The maximum number of VRRP processes 32 Commands of configuration mode of interfaces Ethernet VLAN and interface of group of ports Type of request of the line in...

Page 225: ...pported defined in RFC5798 without compatibility with VRRPv2 8 4 RFC5798 Received messages VRRPv2 are rejected by the router Only VRRPv3 announces are sent 2 and 3 VRRPv3 is supported defined in RFC5798 with backward compatibility with VRRPv2 Received messages VRRPv2 are processed by the router VRRPv2 and VRRPv3 announce are sent Only VRRP version 3 is supported Modes 2 and 2 and 3 will be support...

Page 226: ...outer 1 Virtual Router name Supported version VRRPv3 State is Initializing Virtual IP addresses are 10 10 10 1 down Source IP address is 0 0 0 0 default Virtual MAC address is 00 00 5e 00 01 01 Advertisement interval is 1 000 sec Preemption enabled Priority is 255 ...

Page 227: ...are When pressing 1 following message will be displayed in console Downloading code using XMODEM Now when device is ready to receive the file it is required to transfer it with help of X Modem protocol After the file is received the device would restart automatically 2 Erase Flash File Erase Flash File This procedure is used for removal of device configuration In order to remove the file press 2 w...

Page 228: ...tack press 1 Current working mode is stacking Unit stack id set to 1 2 Set unit stack id Assigning device ID in stack To assign device ID in stack press 2 Enter unit stack id 0 8 1 Unit stack id updated to 1 where value from 1 to 8 is a number of device in stack value 0 stands for independent operation mode of the switch To return to stack menu press enter Press Enter To Continue 3 Set unit workin...

Page 229: ...0e656 date 24 Nov 2015 time 17 28 25 Boot version 0 0 1 2 date 12 Dec 2012 time 19 10 41 HW version 02 07 CPLD version 03 Software update procedure With command copy copy new file of the software to device in assigned section of memory image2 Format of the command copy tftp tftp_ip_address directory filename image Sample of command execution console copy tftp 192 168 16 34 file1 image Accessing fi...

Page 230: ...ial loader is saved in flash memory instead of old one To view current version of loading file operating on the device enter command show version console show version SW version 2 5 44 0b70e656 date 24 Nov 2015 time 17 28 25 Boot version 0 0 1 2 date 12 Dec 2012 time 19 10 41 HW version 02 07 CPLD version 03 Software update procedure 1 With help of command copy copy new loading file to the device ...

Page 231: ...MES3000 Ethernet switch series 231 This command will reset the whole system and disconnect your current session Do you want to continue y n n Confirm reboot by entering y ...

Page 232: ...rees When one of switches is fault or the channel is broken multiple trees MSTP are rebuild which allows minimizing consequences of the fault Below you can find switches configuration process For faster configuration common configuration template is created this template is uploaded to TFTP server and later is used for configuration of all switches 1 Creation of the template and configuration of f...

Page 233: ...00 13 hh mm ss console config if do reload You haven t saved your changes Are you sure you want to continue Y N N Y This command will reset the whole system and disconnect your current session Do you want to continue Y N N Y Shutting down console configure console config interface vlan 1 console config if no ip address console config if ip address 192 168 16 100 24 console config if exit console c...

Page 234: ...evel of access there exists typical configuration but user traffic VOIP and traffic for control are required to be transferred in different VLAN to different directions In this case it would be comfortable to use CVLAN substitution function for changing typical VLAN to VLAN for required direction Below you can find switch configuration in which substitution of VLAN 100 101 and 102 to 200 201 and 2...

Page 235: ...g if ip igmp proxy vlan 100 console config if ip address 10 3 0 1 24 console config if exit Configuration of multicast TV VLAN Function Multicast TV VLAN gives possibility to use one VLAN in operator s network for transferring multi address traffic and deliver this traffic to users even if they are not members of this VLAN By means of Multicast TV VLAN function load to operator s network can be de...

Page 236: ...nsole config ip igmp snooping vlan 124 6 Configure control interface console config interface vlan 1200 console config if ip address 192 168 33 100 255 255 255 0 console config if exit Sample of configuration of the port in customer mode This type of communication can be used for marking users IGMP Reports of specific VLAN CVLAN with specific external marks SVLAN 1 Enable filtration of multi addre...

Page 237: ...king rules of users IGMP Reports console config ip igmp snooping console config ip igmp snooping vlan 100 console config ip igmp snooping map cpe vlan 5 multicast tv vlan 1000 console config ip igmp snooping map cpe vlan 6 multicast tv vlan 1001 6 Configure control interface console config interface vlan 1200 console config if ip address 192 168 33 100 255 255 255 0 console config if exit ...

Page 238: ...opology there is only one ring In this case it is required to define for it only EAPS domain 2 Topology one domain with several rings In topology of network 3 rings can be 2 or more and 2 common hubs between them In this case it is required to define EAPS domain and establish one ring as main and rest of rings as secondary ...

Page 239: ...00 Ethernet switch series 239 3 Topology several domains with common rings In network topology 2 rings can be more than two with one common hub In this case it is required to define EAPS domain for each ring ...

Page 240: ...g rollout of configuration COPY Files copying management D_LM Link Manager task which control state of stack links D_SP Stacking Protocol DACT Diacnostic ACTive tests task in which VCT tests are performed DDFG Operation with file system DHCP Server and Relay Agent DHCP DMNG Distant Manager receiving of information from remote units firmware version uptime active firmware image installation DNSC DN...

Page 241: ...fer of packages to level 3 L2PS Processing of events of status interface configuration change and transfer messages to registered services L2SC Storm control logging L2UT Show interfaces utilization LACP LACP IEEE 802 1AX implementation LBDR Loopback Detection implementation MACT Processing of events about end of actions in FDB aging of MAC addresses MLDP Marvell Link Layer Reliable Datagram Proto...

Page 242: ...N STSC CLI session through VLAN STSD CLI session through VLAN STSE CLI session through VLAN STSF CLI session through VLAN STSG CLI session through VLAN STSH CLI session through VLAN STSI CLI session through VLAN SW2M Processing events Address update from FDB blockage of port in case of faults on the port SWTR Permission of traffic transfer through cascade interfaces SYLG Output of messages to SYSL...

Page 243: ...on 630020 Novosibirsk 29 Okruzhnaya Str Phone 7 383 274 47 87 7 383 272 83 31 E mail techsupp eltex nsk ru In official website of the Eltex Ltd you can find technical documentation and software for products advert to knowledge base leave your interactive inquiry or ask for consultation from engineers of Service Center in our technical forum http eltex co ru en http www eltex co ru en support downl...

Reviews:

No comments