Raisecom ISCOM2600G-HI (A) Series Configuration Manual Download Page 471 | Manualshive

Page: 471 / 581

background image

Raisecom
ISCOM2600G-HI (A) Series Configuration Guide

10 Security

Raisecom Proprietary and Confidential

Copyright © Raisecom Technology Co., Ltd.

440

permitted to forward normally. Otherwise, the user is an attacker and the IP packets are
discarded.

10.8.2 Preparing for configurations

Scenario

There are often some IP source spoofing attacks on the network. For example, the attacker
forges legal users to send IP packets to the server, or the attacker forges the source IP address
of another user to communicate. This prevents legal users from accessing network services
normally.

With IP Source Guard binding, you can filter and control packets forwarded by the interface,
prevent the illegal packets from passing through the interface, thus to restrict the illegal use of
network resources and improve the interface security.

Prerequisite

Enable DHCP Snooping if there are DHCP users.

10.8.3 Default configurations of IP Source Guard

Default configurations of IP Source Guard are as below.

Function

Default value

IP Source Guard static binding

Disable

IP Source Guard dynamic binding

Disable

Interface trust status

Untrusted

10.8.4 Configuring interface trust status of IP Source Guard

Configure the interface trust status of IP Source Guard for the ISCOM2600G-HI series switch
as below.

Step

Command

Description

1

Raisecom#config

Enter global configuration mode.

2

Raisecom(config)#
interface

interface-type
interface-number

Enter physical layer interface configuration mode.

3

Raisecom(config-
gigaethernet1/1/p
ort)#ip verify
source trust

(Optional) configure the interface to a trusted interface.

Use the

no ip verify source trust

command to configure

the interface as an untrusted interface. In this case, all
packets, except DHCP packets and IP packets that meet
binding relation, are not forwarded. When the interface
is in trusted status, all packets are forwarded normally.

«
...
469
470
471
472
473
...
»

Summary of Contents for ISCOM2600G-HI (A) Series

Page 1: ...ISCOM2600G HI A Series Configuration Guide Rel_01 www raisecom com ...

Page 2: ...ication may be excerpted reproduced translated or utilized in any form or by any means electronic or mechanical including photocopying and microfilm without permission in Writing from Raisecom Technology Co Ltd is the trademark of Raisecom Technology Co Ltd All other trademarks and trade names mentioned in this document are the property of their respective holders The information in this document ...

Page 3: ...ent By reading this document you can master principles and configurations of the ISCOM2600G HI series switch and how to network with the ISCOM2600G HI series switch Versions The following table lists the product versions related to this document Product name Software version Hardware version ISCOM2600G HI series switch V3 50 A Conventions Symbol conventions The symbols that may be found in this do...

Page 4: ...tles are in italics Lucida Console Terminal display is in Lucida Console Book Antiqua Heading 1 Heading 2 Heading 3 and Block are in Book Antiqua Command conventions Convention Description Boldface The keywords of a command line are in boldface Italic Command arguments are in italics Items keywords or arguments in square brackets are optional x y Alternative items are grouped in braces and separat...

Page 5: ...om Proprietary and Confidential Copyright Raisecom Technology Co Ltd iii Change history Updates between document versions are cumulative Therefore the latest document version contains all updates made to previous versions Issue 01 2018 05 14 Initial commercial release ...

Page 6: ...2 Accessing through Console interface 11 1 2 3 Accessing through Telnet 12 1 2 4 Accessing through SSH 14 1 2 5 Managing users 16 1 2 6 Configuring HTTP Server 18 1 2 7 Checking configurations 18 1 2 8 Example for configuring user management 18 1 3 File management 20 1 3 1 Managing BootROM files 20 1 3 2 Managing system files 21 1 3 3 Managing configuration files 21 1 3 4 Checking configurations 2...

Page 7: ...oduction 39 1 7 2 Default configurations of interface management 40 1 7 3 Configuring basic attributes of interfaces 40 1 7 4 Configuring interface rate statistics 41 1 7 5 Configuring flow control on interfaces 42 1 7 6 Shutting down Restarting interface 42 1 7 7 Configuring Console interface 42 1 7 8 Configuring SNMP interface 43 1 7 9 Checking configurations 44 1 8 Configuring basic information...

Page 8: ... 57 2 2 1 Introduction 57 2 2 2 Preparing for configurations 60 2 2 3 Default configurations of VLAN 60 2 2 4 Configuring VLAN attributes 61 2 2 5 Configuring interface mode 61 2 2 6 Configuring VLAN on Access interface 61 2 2 7 Configuring VLAN on Trunk interface 62 2 2 8 Configuring VLAN based on MAC address 63 2 2 9 Configuring VLAN based on IP subnet 63 2 2 10 Configuring VLAN based on IP subn...

Page 9: ...g STP 91 2 6 5 Configuring STP parameters 91 2 6 6 Configuring edge interface 92 2 6 7 Configuring link type 92 2 6 8 Configuring BPDU filtering 93 2 6 9 Configuring BPDU Guard 93 2 6 10 Configuring MRSTP 94 2 6 11 Checking configurations 94 2 6 12 Example for configuring STP 95 2 7 MSTP 97 2 7 1 Introduction 97 2 7 2 Preparation for configuration 100 2 7 3 Default configurations of MSTP 100 2 7 4...

Page 10: ... configurations 120 2 9 3 Default configurations of loop detection 120 2 9 4 Configuring loop detection 121 2 9 5 Checking configurations 122 2 9 6 Maintenance 122 2 9 7 Example for configuring inner loop detection 122 2 10 Interface protection 124 2 10 1 Introduction 124 2 10 2 Preparing for configurations 124 2 10 3 Default configurations of interface protection 124 2 10 4 Configuring interface ...

Page 11: ... it to work in manual mode 141 2 13 9 Example for configuring IP phone to access voice VLAN packets through LLDP 142 2 14 GARP 144 2 14 1 Introduction 144 2 14 2 Preparing for configurations 146 2 14 3 Default configurations of GARP 147 2 14 4 Configuring basic functions of GARP 147 2 14 5 Configuring GVRP 148 2 14 6 Checking configurations 148 2 14 7 Example for configuring GVRP 149 3 ISF 152 3 1...

Page 12: ...ring MAC address synchronization 171 3 6 8 Enabling automatic device restart upon ISF merge 171 3 6 9 Configuring MAD 172 3 7 Checking configurations 177 3 8 Configuration examples 178 3 8 1 Example for configuring ISF in preconfiguration mode with BFD MAD 178 3 8 2 Example for configuring ISF in non preconfiguration mode with BFD MAD 181 3 8 3 Example for switching member device from ISF mode to ...

Page 13: ...ith host 209 5 2 Loopback interface 211 5 2 1 Introduction 211 5 2 2 Preparing for configurations 211 5 2 3 Default configurations of loopback interface 211 5 2 4 Configuring IP address of loopback interface 211 5 2 5 Configuring interface loopback 212 5 2 6 Checking configurations 212 5 3 ARP 212 5 3 1 Introduction 212 5 3 2 Preparing for configurations 213 5 3 3 Default configurations of ARP 213...

Page 14: ...ation 229 5 6 8 Configuring routing policy 229 5 6 9 Configuring route calculation 230 5 6 10 Checking configurations 230 5 6 11 Maintenance 231 5 7 OSPFv2 231 5 7 1 Introduction 231 5 7 2 Configuring basic functions of OSPF 236 5 7 3 Configuring OSPF route attributes 237 5 7 4 Configuring load balancing 239 5 7 5 Configuring OSPF network 239 5 7 6 Optimizing OSPF network 240 5 7 7 Configuring OSP...

Page 15: ...68 6 3 8 Example for configuring DHCP Snooping 269 6 4 DHCP Options 270 6 4 1 Introduction 270 6 4 2 Preparing for configurations 272 6 4 3 Default configurations of DHCP Option 272 6 4 4 Configuring DHCP Option fields 272 6 4 5 Configuring DHCP Option 18 over IPv6 273 6 4 6 Configuring DHCP Option 37 over IPv6 274 6 4 7 Configuring user defined DHCP Option over IPv6 274 6 4 8 Checking configurati...

Page 16: ...es of priorities trusted by interface 296 7 2 4 Configuring mapping from CoS to local priority 296 7 2 5 Configuring mapping from DSCP to local priority and color 297 7 2 6 Configuring DSCP mutation 297 7 2 7 Configuring CoS remarking 298 7 2 8 Checking configurations 298 7 3 Configuring congestion management 299 7 3 1 Preparing for configurations 299 7 3 2 Default configurations of congestion man...

Page 17: ... bandwidth rate limiting 310 7 7 4 Configuring bandwidth guarantee 311 7 7 5 Configuring hierarchical bandwidth guarantee 312 7 7 6 Checking configurations 313 7 8 Configuration examples 314 7 8 1 Example for configuring congestion management 314 7 8 2 Example for configuring rate limiting based on traffic policy 316 7 8 3 Example for configuring rate limiting based on interface 319 8 Multicast 32...

Page 18: ...ations of IGMP filtering 346 8 6 4 Enabling global IGMP filtering 346 8 6 5 Configuring IGMP filtering profile 346 8 6 6 Configuring maximum number of multicast groups 347 8 6 7 Checking configurations 348 8 6 8 Example for applying IGMP filtering on interface 348 8 7 Multicast VLAN copy 350 8 7 1 Introduction 350 8 7 2 Preparing for configurations 352 8 7 3 Default configurations of multicast VLA...

Page 19: ...owledgement 377 9 3 7 Configuring CFM fault location 378 9 3 8 Configuring alarm indication signal 379 9 3 9 Configuring Ethernet locked signal 380 9 3 10 Configuring Ethernet CSF 381 9 3 11 Configuring performance monitoring 381 9 3 12 Checking configurations 381 9 3 13 Example for configuring CFM 382 9 4 SLA 385 9 4 1 Introduction 385 9 4 2 Preparing for configurations 387 9 4 3 Limits on SLA co...

Page 20: ...Checking configurations 408 10 2 9 Maintenance 408 10 2 10 Example for configuring port security MAC 408 10 3 Dynamic ARP inspection 410 10 3 1 Introduction 410 10 3 2 Preparing for configurations 412 10 3 3 Default configurations of dynamic ARP inspection 412 10 3 4 Configuring trusted interfaces of dynamic ARP inspection 412 10 3 5 Configuring static binding of dynamic ARP inspection 413 10 3 6 ...

Page 21: ...0 6 7 Example for configuring storm control 429 10 7 802 1x 431 10 7 1 Introduction 431 10 7 2 Preparing for configruations 433 10 7 3 Default configurations of 802 1x 433 10 7 4 Configuring basic functions of 802 1x 434 10 7 5 Configuring 802 1x re authentication 435 10 7 6 Configuring 802 1x timers 435 10 7 7 Checking configurations 436 10 7 8 Maintenance 436 10 7 9 Example for configuring 802 1...

Page 22: ...n 457 11 1 4 Configuring static LACP link aggregation 458 11 1 5 Configuring manual master slave link aggregation 459 11 1 6 Checking configurations 460 11 1 7 Example for configuring static LACP link aggregation 461 11 2 Interface backup 463 11 2 1 Introduction 463 11 2 2 Preparing for configurations 465 11 2 3 Default configurations of interface backup 465 11 2 4 Configuring basic functions of i...

Page 23: ... 6 Configuring IP address authentication by SNMP server 488 12 1 7 Configuring other information about SNMP 488 12 1 8 Configuring Trap 489 12 1 9 Checking configurations 490 12 1 10 Example for configuring SNMPv1 SNMPv2c and Trap 490 12 1 11 Example for configuring SNMPv3 and Trap 492 12 2 RMON 494 12 2 1 Introduction 494 12 2 2 Preparing for configurations 496 12 2 3 Default configurations of RM...

Page 24: ... Checking configurations 516 12 5 7 Maintenance 516 12 5 8 Example for configuring outputting system logs to log host 516 12 6 Alarm management 518 12 6 1 Introduction 518 12 6 2 Preparing for configurations 522 12 6 3 Configuring basic functions of alarm management 522 12 6 4 Checking configurations 524 12 7 Hardware environment monitoring 524 12 7 1 Introduction 524 12 7 2 Preparing for configur...

Page 25: ...ns 533 12 10 2 Configuring memory monitoring 533 12 10 3 Checking configurations 533 12 11 Ping 534 12 11 1 Introduction 534 12 11 2 Configuring Ping 534 12 12 Traceroute 535 12 12 1 Introduction 535 12 12 2 Configuring Traceroute 535 12 13 Performance statistics 536 12 13 1 Introduction 536 12 13 2 Preparing for configurations 536 12 13 3 Default configurations of performance statistics 536 12 13...

Page 26: ...e 51 Figure 2 2 MAC networking 56 Figure 2 3 VLAN partitions 58 Figure 2 4 VLAN and interface protection networking 65 Figure 2 5 Networking with PVLAN 72 Figure 2 6 Principles of basic QinQ 75 Figure 2 7 Basic QinQ networking 80 Figure 2 8 Selective QinQ networking 81 Figure 2 9 Principles of VLAN mapping 83 Figure 2 10 VLAN mapping networking 85 Figure 2 11 Network storm due to loopback 88 Figur...

Page 27: ...3 1 ISF networking 153 Figure 3 2 ISF visualization 154 Figure 3 3 ISF merge 155 Figure 3 4 ISF split 156 Figure 3 5 Chain networking 157 Figure 3 6 Ring networking 157 Figure 3 7 ISF relay networking 158 Figure 3 8 Flow for establishing the ISF environment 162 Figure 3 9 Multi ISF domain networking 168 Figure 3 10 BFD MAD networking without intermediate device 173 Figure 3 11 BFD MAD networking w...

Page 28: ...e 6 9 DHCP Snooping 265 Figure 6 10 DHCP Snooping networking 269 Figure 6 11 DHCP Server and Client networking 276 Figure 6 12 Structure of a DHCP packet 276 Figure 6 13 DHCP Server networking 280 Figure 6 14 Typical application of DHCP Relay 282 Figure 6 15 DHCP Relay networking 285 Figure 7 1 Traffic classification 289 Figure 7 2 Structure of an IP packet header 289 Figure 7 3 Structures of the ...

Page 29: ...372 Figure 9 4 CFM networking 383 Figure 9 5 SLA test networking 386 Figure 9 6 SLA test networking 392 Figure 10 1 Port security MAC networking 409 Figure 10 2 Principles of dynamic ARP inspection 411 Figure 10 3 Configuring dynamic ARP inspection 415 Figure 10 4 RADIUS networking 421 Figure 10 5 TACACS networking 425 Figure 10 6 Storm control networking 430 Figure 10 7 802 1x structure 431 Figur...

Page 30: ...e 12 1 Principles of SNMP 484 Figure 12 2 SNMPv3 authentication mechanism 487 Figure 12 3 SNMPv1 SNMPv2c networking 490 Figure 12 4 SNMPv3 and Trap networking 492 Figure 12 5 RMON networking 495 Figure 12 6 RMON networking 499 Figure 12 7 Structure of a LLDPDU 501 Figure 12 8 Structure of a TLV packet 501 Figure 12 9 LLDP networking 507 Figure 12 10 Networking of outputting system log to log host ...

Page 31: ...t 277 Table 7 1 Mapping from DSCP or CoS to local priority 291 Table 7 2 Mapping between local priority and queue 291 Table 7 3 Default mapping from CoS to local priority 295 Table 7 4 Default mapping from DSCP to local priority 296 Table 7 5 Default mapping from ToS to local priority and color 296 Table 12 1 TLV types 501 Table 12 2 IEEE 802 1 organization defined TLVs 502 Table 12 3 IEEE 802 3 o...

Page 32: ...nagement Configuring basic information Task scheduling Watchdog Configuring Banner 1 1 CLI 1 1 1 Introduction The Command line Interface CLI is a medium for you to communicate with the ISCOM2600G HI series switch You can configure monitor and manage the ISCOM2600G HI series switch through the CLI You can log in to the ISCOM2600G HI series switch through the terminal equipment or through a computer...

Page 33: ...s the ping clear and history commands Privileges 5 10 monitoring privilege Users can execute monitoring commands such as the show command Privileges 11 14 configuring privilege Users can execute commands for configuring different services such as Virtual Local Area Network VLAN and Internet Protocol IP Privilege 15 administering privilege Users can execute basic commands for administering the syst...

Page 34: ...secom config fastethernet1 0 1 Loopback interface configuration In global configuration mode enter the interface loopback lb number command Raisecom config loopback VLAN configuration In global configuration mode enter the vlan vlan id command Raisecom config vlan Aggregation group configuration In global configuration mode enter the interface port channel channel number command Raisecom config po...

Page 35: ... enter the mls qos mapping cos remark profile id command Raisecom cos remark cos to pri configuration In global configuration mode enter the mls qos mapping cos to local priority profile id command Raisecom cos to pri dscp mutation configuration In global configuration mode enter the mls qos mapping dscp mutation profile id command Raisecom dscp mutation dscp to pri configuration In global configu...

Page 36: ...and the system will show the follow up available keywords Press Tab after entering an incomplete keyword and the system automatically executes partial helps When only one keyword matches the entered incomplete keyword the system takes the complete keyword to replace the entered incomplete keyword and leaves one space between the cursor and end of the keyword When no keyword or multiple keywords ma...

Page 37: ...ree conditions You can enter a question mark at the system prompt to display a list of commands and brief descriptions available for each command mode Raisecom The command output is as below aaa Authentication Authorization Accounting boot system boot bootrom Bootrom clear Reset functions clock System time and date config Configuration from terminal interface console Console copy load configuratio...

Page 38: ...p You can acquire incomplete help under following three conditions After you enter part of a particular character string and a question mark a list of commands that begin with a particular character string is displayed Raisecom config c The command output is as below class map Set class map clear Clear buffer content command log Log the command to the file console console cpu Configure cpu paramet...

Page 39: ...e keyword marked is invalid Ambiguous input in the position marked by The keyword marked is not clear If there is an error message mentioned above use CLI help information to solve the problem 1 1 6 Display information Display features The CLI provides the following display features The help information and prompt messages displayed at the CLI are in English When messages are displayed at more tha...

Page 40: ...600G HI series switch as below Step Command Description 1 Raisecom terminal page break enable Enable terminal page break 1 1 7 Command history The history commands can be automatically saved at the CLI You can use the up arrow or down arrow to schedule a history command By default the last 20 history commands are saved You can configure the number of commands to be saved at the CLI Configure the I...

Page 41: ...lues which often are restored by the no form 1 1 9 Logging commands Configure command logging for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config command log enable Enable command logging 1 2 Accessing device 1 2 1 Introduction The ISCOM2600G HI series switch can be configured and managed in Command Line Interfac...

Page 42: ...he Console interface when the network fails In the following two conditions you can only log in to the ISCOM2600G HI series switch and configure it through the Console interface The ISCOM2600G HI series switch is powered on to start for the first time Accessing the ISCOM2600G HI series switch through Telnet fails Accessing device through RJ45 Console interface If you want to access the ISCOM2600G ...

Page 43: ...erial interface to 115200 19200 38400 or 9600 1 2 3 Accessing through Telnet By default the default management IP address of the out of band management interface SNMP interface fastethernet 1 0 1 and the subnet mask is 255 255 255 0 To modify the IP address log in to the ISCOM2600G HI series switch and configure it Both the default user name and password are raisecom In Telnet connection status if...

Page 44: ...ommand Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface fastethernet 1 0 1 Enter out of band network management interface configuration mode 3 Raisecom config fastethernet 1 0 1 ip address ip address ip mask Configure the IP address of the out of band network management interface By default it is 192 168 0 1 24 Both the default user name and password are ra...

Page 45: ...ntial security hazard Telnet service may cause hostile attacks such as Deny of Service DoS host IP spoofing and routing spoofing The traditional Telnet and File Transfer Protocol FTP transmit password and data in plain text which cannot satisfy users security demands SSHv2 is a network security protocol which can effectively prevent the disclosure of information in remote management through data e...

Page 46: ...igure SSH key renegotiation period 4 Raisecom config ssh2 server authentication password rsa key Optional configure SSHv2 authentication mode By default it is password 5 Raisecom config ssh2 server authentication public key public key Optional record the public key of the client on the ISCOM2600G HI series switch in rsa key authentication mode 6 Raisecom config ssh2 server authentication timeout p...

Page 47: ...lose the specified SSHv2 session 1 2 5 Managing users When you start the ISCOM2600G HI series switch for the first time connect the PC through Console interface to the ISCOM2600G HI series switch enter the initial user name and password in HyperTerminal to log in and configure the ISCOM2600G HI series switch By default both the user name and password are raisecom If there is no privilege restricti...

Page 48: ...4 Raisecom user user name service type lan access ssh telnet web console all Optional configure the service type supported by the user 5 Raisecom user login console telnet ssh web local radius local user radius local radius user local tacacs tacacs local tacacs user Optional configure the authentication mode for different user login modes 6 Raisecom enable password cipher password Optional modify ...

Page 49: ...om show user active Show information about users logged in to the ISCOM2600G HI series switch 3 Raisecom show telnet server Show configurations of the Telnet server 4 Raisecom show ssh public key authentication Show the public key used for SSH authentication on the ISCOM2600G HI series switch and client 5 Raisecom show ssh2 server session Show SSHv2 server or session information 1 2 8 Example for ...

Page 50: ... Raisecom user name user1 password simple aaAA123 Step 3 Configure the user privilege Raisecom user user1 privilege 10 Step 4 Configure the service type of the user Raisecom user user1 service type telnet Checking results Use the show user table detail command to show configurations of local users Raisecom show user table detail User Login local user Enable Login local user Username raisecom Prior...

Page 51: ...in user1 Password Raisecom enable Raisecom config Raisecom config arp 192 168 0 2 000E 5E12 3456 Set successfully 1 3 File management 1 3 1 Managing BootROM files In Boot mode you can do the following operations Operation Description t Update system software to the ISCOM2600G HI series switch m Update the boot file to the ISCOM2600G HI series switch b Read system software from the ISCOM2600G HI se...

Page 52: ... fails to work due to upgrade failure you can use the other set to boot the ISCOM2600G HI series switch Manage system files for the ISCOM2600G HI series switch as below All the following steps are optional and in any sequence Step Command Description 1 Raisecom download system boot ftp ipv4 address ipv6 address user name password file name tftp ipv4 address ipv6 address file name sftp ipv4 address...

Page 53: ...guration can be used as initial configuration upon next power on You must use the write command to save running configurations in the memory and form a configuration file Manage configuration files for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom download startup config ftp ipv4 address ipv6 address user name password file name tftp ipv4 address ipv6 address file na...

Page 54: ...upload the system log file through FTP or TFTP 8 Raisecom write Optional save the running configuration file in the Flash 1 3 4 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show startup config Show configurations loaded upon device startup 2 Raisecom show running config Show running configurations 1 3 5 Maintenance Maintain the...

Page 55: ...n files from a server and then configure the ISCOM2600G HI series switch Auto loading allows configuration files to contain loading related commands for multiple configurations loading to meet file auto loading requirements in complex network environment The ISCOM2600G HI series switch provides several methods to confirm configuration file name on the TFTP server such as manually entering obtainin...

Page 56: ...the Ethernet interface on the TFTP server to the SNMP interface on the ISCOM2600G HI series switch The default IP address of the SNMP interface is 192 168 0 1 by default Upgrade system software through BootROM for the ISCOM2600G HI series switch as below Step Operation 1 Log in to the ISCOM2600G HI series switch through serial interface as the administrator enter Privileged EXEC mode and restart t...

Page 57: ...big BootROM file The ISCOM2600G HI series switch is restarted and will load the downloaded startup file 1 4 3 Upgrading system software through CLI Before upgrading system software through CLI you should establish a TFTP environment and use a PC as the TFTP server and the ISCOM2600G HI series switch as the client Basic requirements are as below Connect the Ethernet interface on the TFTP server to ...

Page 58: ... Show information about the startup configuration file 2 Raisecom show running config Show information about the running configuration file 3 Raisecom show version Show system version 1 5 Automatically updating version and configurations 1 5 1 Introduction After being powered on the ISCOM2600G HI series switch can automatically obtain the new version and configurations After obtaining an IP addres...

Page 59: ...Layer 3 interface configuration mode 3 Raisecom config vlan1 ip address dhcp server ip ip address Configure the DHCP client to apply for the IP address through DHCP 4 Raisecom config vlan1 auto config enable Raisecom config vlan1 exit Enable automatic update of version and configurations 5 Raisecom config auto save enable Optional enable automatic saving of configurations 6 Raisecom config auto lo...

Page 60: ...configuring system time and time zone manually configuring Daylight Saving Time DST Network Time Protocol NTP and Simple Network Time Protocol SNTP Time and time zone The device time is usually configured to the local time of the device while the time zone is configured to the local time zone based on Greenwich Mean Time GMT for example China Beijing is in the eastern eight zone based on GMT so it...

Page 61: ... the timestamp of leaving Switch A The timestamp is 10 00 00am and recorded as t1 Step 2 When the message reaches Switch B it is added with the timestamp of reaching Switch B which is 11 00 01am and recorded as t2 Step 3 When the message leaves Switch B it is added with the timestamp of leaving Switch B which is 11 00 02am and recorded as t3 Step 4 When switch A receives the response message it ad...

Page 62: ...forms clock filtering and selection and is synchronized to the preferred server In this mode the client can be synchronized to the server but the server cannot be synchronized to the client The ISCOM2600G HI series switch can work as a client or server Symmetric mode In this mode you can configure the passive peer on the active peer The active peer sends a clock synchronization message to the pass...

Page 63: ...ode SNTP client passively monitors the packet After being configured to multicast mode the device monitors the multicast IP address of 224 0 1 1 in real time and obtain clock signals from the SNTP multicast server The maximum timeout for obtaining clock signals from the SNTP server is 60s After being configured to broadcast mode the device monitors the broadcast IP address of 255 255 255 255 in re...

Page 64: ...dard Time EST GMT 5 00 Central Daylight Time CDT GMT 5 00 Central Standard Time CST GMT 6 00 Mountain Daylight Time MDT GMT 6 00 Mountain Standard Time MST GMT 7 00 Pacific Daylight Time PDT GMT 7 00 Pacific Standard Time PDT GMT 8 00 DST Default configurations of DST are as below Function Default value DST status Disable NTP Default configurations of NTP are as below Function Default value Whethe...

Page 65: ...ute offset mm Configure calculation period for system DST Underlined command lines indicate the termination DST When you configure system time manually if the system uses DST such as DST from 2 A M on the second Sunday April to 2 A M on the second Sunday September every year you have to adjust the clock one hour forward during this period configure time offset as 60 minutes and the period from 2 A...

Page 66: ...es identity authentication when NTP is used After enabled with identity authentication a NTP client synchronizes with the NTP server that passes identity authentication thus guaranteeing network security Only after the NTP client is enabled with identity authentication can it authenticate the NTP server If it is disabled with identity authentication it will directly synchronize time with the NTP s...

Page 67: ... commands to check configuration results No Command Description 1 Raisecom show clock summer time recurring Show configurations of the time zone and DST 2 Raisecom show sntp Show SNTP configurations 3 Raisecom show ntp status Show NTP configurations 4 Raisecom show ntp associations detail Show information about NTP connection 5 Raisecom show ntp authentication Show information about NTP identity a...

Page 68: ...steps Step 1 Configure Switch A Raisecom hostname SwitchA SwitchA config SwitchA config ntp refclock master Step 2 Configure Switch B Raisecom hostname SwitchB SwitchB config SwitchB config ntp server 172 16 0 1 SwitchB config ntp peer 172 16 0 3 Checking results Check Switch A Use the show ntp status command to view configurations of Switch A SwitchA show ntp status Clock status synchronized ...

Page 69: ...SwitchB show ntp status Clock status synchronized NTP peer 172 16 0 1 NTP version 3 NTP mode ntpSlave Leap 0 Poll 6 Stratum 9 Precision 2 16 Reference clock 172 16 0 1 Reference time 5333d671 383980f6 Thu 2014 03 27 15 44 58 466 Current time 5333d697 0a917f54 Thu 2014 03 27 15 45 58 765 Root delay 0 000000 Root dispersion 0 010004 Use the show ntp associations command to view information about NTP...

Page 70: ...ow ntp associations Active IP refid stratum poll when delay offset dispersion mode reach s 172 16 0 2 172 16 0 1 9 6 97596571 4 154726 13447 112484 0 000930 1 6 1 7 Interface management 1 7 1 Introduction Ethernet is a very important LAN networking technology which is flexible simple and easy to implement The Ethernet interface includes the Ethernet electrical interface and Ethernet optical interf...

Page 71: ...ng frame length of interface 2000 bytes Duplex mode of interface Auto negotiation Interface rate Auto negotiation Interval for monitoring the interface rate 5s Interface rate statistics status Disable Interval of interface dynamic statistics 5s Interface flow control status Disable Interface status Enable L2protocol peer stp status Disable 1 7 3 Configuring basic attributes of interfaces The inter...

Page 72: ...mbo frame frame size Optional configure the MTU on the interface The device supports configuring MTU on interfaces in batches 8 Raisecom config gigaethernet1 1 port mdi xover auto normal Optional configure the MDI MDIX mode of the electrical interface 9 Raisecom config gigaethernet1 1 port vibra tion suppress peroid second Optional configure the period for suppressing vibration on the interface 10...

Page 73: ...er global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port flowcontrol receive send off on Enable Disable interface flow control over 802 3x packets By default it is disabled 1 7 6 Shutting down Restarting interface Shut down Restart an interface for the ISCOM2600G HI series switc...

Page 74: ...Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface fastethernet 1 0 1 Enter SNMP interface configuration mode The device supports shutdown 3 Raisecom config fastethernet1 0 1 ip address ip address ip mask Configure the IPv4 address of the SNMP interface 4 Raisecom config fastethernet1 0 1 ipv6 address ipv6 address prefix length eui 64 Raisecom config ...

Page 75: ...w interface statistics dynamic detail Show interface statistics 4 Raisecom show interface brief Show the interface list 5 Raisecom show interface interface type interface number description Show the interface description 1 8 Configuring basic information Configure basic information for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom host name name Optional configure th...

Page 76: ...oblem according to actual condition 5 Raisecom show exception last count Show information about exceptional restart 6 Raisecom clea r exception Clear information about exceptional restart 7 Raisecom show tech support Show common system information such as the CPU memory terminal connection status and DDM Restarting the ISCOM2600G HI series switch interrupts services so use the command with caution...

Page 77: ...config command string schedule list list number Bind the command line which needs periodical execution and supports the scheduling list to the scheduling list 1 9 3 Checking configurations Use the following command to check configuration results No Command Description 1 Raisecom show schedule list list number Show configurations of the scheduling list 1 10 Watchdog 1 10 1 Introduction The external...

Page 78: ...onfigurations of Watchdog are as below Function Default value Watchdog status Enable 1 10 4 Configuring Watchdog Configure Watchdog for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom watchdog enable Enable Watchdog 1 10 5 Checking configurations Use the following command to check configuration results Step Command Description 1 Raisecom show watchdog Show Watchdog sta...

Page 79: ...onfig Enter global configuration mode 2 Raisecom config banner login w Press Enter message w Configure the Banner contents Enter the banner login and w press Enter enter the Banner contents and then end with the w character The w parameter is a character with the length of 1 It is the beginning and end marker of the Banner contents These 2 marks must be the identical character We recommend selecti...

Page 80: ...ons Raisecom Proprietary and Confidential Copyright Raisecom Technology Co Ltd 49 1 11 4 Checking configurations Use the following commands to check configurations No Command Description 1 Raisecom show banner login Show Banner status and contents of the configured Banner ...

Page 81: ...tection Interface protection Port mirroring L2CP Voice VLAN GARP 2 1 MAC address table 2 1 1 Introduction The MAC address table records mappings between MAC addresses and interfaces It is the basis for an Ethernet device to forward packets When the Ethernet device forwards packets on Layer 2 it searches the MAC address table for the forwarding interface implements expedited forwarding of packets a...

Page 82: ...in Figure 2 1 Figure 2 1 Forwarding packets according to the MAC address table Multicast when the ISCOM2600G HI series switch receives a packet of which the destination MAC address is a multicast address it will broadcast the packet If multicast is enabled and storm control over unknown packets is also enabled the packet will be sent to the specified Report interface If no Report interface is spec...

Page 83: ... addresses Forwarding policies of MAC addresses The MAC address table has two forwarding policies When receiving packets on an interface the ISCOM2600G HI series switch searches the MAC address table for the interface related to the destination MAC address of packets If successful it forwards packets on the related interface records the source MAC addresses of packets interface number of ingress p...

Page 84: ...e as below Function Default value MAC address learning status Enable MAC address aging time 300s MAC address limit Unlimited 2 1 4 Configuring static MAC address Configure static MAC address as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config mac address static unicast mac address vlan vlan id interface type interface number Configure static unicas...

Page 85: ...fig interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port mac address learning enable interface type interface number vlanlist vlan list Enable MAC address learning 2 1 8 Configuring MAC address limit Configure the MAC address limit for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config En...

Page 86: ...n results No Command Description 1 Raisecom show mac address static interface type interface number vlan vlan id Show static unicast MAC addresses 2 Raisecom show mac address multicast vlan vlan id count Show Layer 2 multicast addresses or the number of existing multicast MAC address 3 Raisecom show mac address blackhole Show the blackhole MAC address 4 Raisecom show mac address threshold interfac...

Page 87: ...lackhole vlan vlan id Clear blackhole MAC address entries in a specified VLAN Raisecom config search mac address mac address all dynamic static interface type interface number vlan vlan id Search for a MAC address 2 1 13 Example for configuring MAC address table Networking requirements As shown in Figure 2 2 configure Switch A as below Configure a static unicast MAC address 0001 0203 0405 on GE 1 ...

Page 88: ...address to show configurations of MAC addresses Raisecom show mac address all gigaethernet 1 1 2 Aging time 500 seconds Mac Address Port Vlan Flags 0001 0203 0405 gigaethernet1 1 2 10 Static 2 2 VLAN 2 2 1 Introduction Overview Virtual Local Area Network VLAN is a protocol to solve Ethernet broadcast and security problem It is a Layer 2 isolation technique that partitions a LAN into different broa...

Page 89: ...ace The ISCOM2600G HI series switch has two interface modes Access mode and Trunk mode The method for processing packets for the two modes is shown as below Table 2 1 Interface mode and packet processing Interface type Processing ingress packets Processing egress packets Untagged packets Tagged packets Access Add the Access VLAN Tag to the packet If the VLAN ID of the packet is equal to the Access...

Page 90: ... match the packet with the IP address based VLAN and interface based VLAN in descending order When a tagged packet reaches an interface if its VLAN ID is in the VLAN ID list allowed to pass by the interface the interface receives it Otherwise the interface discards it VLAN partitions by IP subnet This refers to VLAN partitions by the source IP subnet of the packet When an interface receives an unt...

Page 91: ...s are cascaded and data packets carry VLAN Tag for forwarding The interfaces in the same VLAN on multiple devices can communicate but the interfaces in different VLANs cannot communicate This mode is used in enterprise that has many employees and needs a large number of hosts in the same department but different position the hosts in one department can access one another so users have to partition...

Page 92: ...ng interface mode Configure the interface mode for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port switchport mode access trunk Configure the interface to Access or Trunk mode 2 2 6 C...

Page 93: ...s interface If the configured Access VLAN is not the default VLAN and there is no default VLAN in the allowed VLAN list of the Access interface the interface does not allow packets of the default VLAN to pass The allowed VLAN list of the Access interface is effective to static VLANs only and ineffective to cluster VLAN GVRP dynamic VLAN and so on 2 2 7 Configuring VLAN on Trunk interface Configure...

Page 94: ...sed on MAC address for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config mac vlan mac address mask mac address mask vlan vlan id priority value Associate a MAC address with a VLAN 3 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 4 Raisecom config gigaethe...

Page 95: ...ifferent VLANs the association will fail 2 2 10 Configuring VLAN based on IP subnet Configure the VLAN based on IP subnet for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config protocol vlan protocol index ipv4 ipv6 ethertype protocol id Configure the rule for associating the protocol VLAN with Ethernet packets 3 Ra...

Page 96: ...gurations of the protocol VLAN on the interface 2 2 12 Example for configuring VLAN Networking requirements As shown in Figure 2 4 PC 1 PC 2 and PC 5 belong to VLAN 10 PC 3 and PC 4 belong to VLAN 20 Switch A and Switch B are connected by the Trunk interface PC 3 and PC 4 cannot communicate because VLAN 20 is not allowed to pass in the link PC 1 and PC 2 under the same Switch B are enabled with in...

Page 97: ...aethernet 1 1 4 SwitchB config gigaethernet1 1 4 switchport mode access SwitchB config gigaethernet1 1 4 switchport access vlan 20 SwitchB config gigaethernet1 1 4 exit SwitchB config interface gigaethernet 1 1 1 SwitchB config gigaethernet1 1 1 switchport mode trunk SwitchB config gigaethernet1 1 1 switchport trunk allowed vlan 10 confirm SwitchB config gigaethernet1 1 1 exit Step 3 Add GE 1 1 2 ...

Page 98: ...ace gigaethernet 1 1 2 Interface gigaethernet1 1 2 Switch Mode switch Reject frame type none Administrative Mode access Operational Mode access Access Mode VLAN 10 Administrative Access Egress VLANs Operational Access Egress VLANs 10 Trunk Native Mode VLAN 1 Trunk Native VLAN untagged Administrative Trunk Allowed VLANs Operational Trunk Allowed VLANs 1 Administrative Trunk Untagged VLANs Operation...

Page 99: ...LAN each PVLAN can be configured with multiple community VLANs Interface modes of PVLAN The interface to be able to communicate with the external network is called the Promiscuous interface The interface in the secondary VLAN is the Host interface Promiscuous interface it belongs to all PVLANs in the PVLAN domain It can communicate with all interfaces Isolated interface isolated interfaces cannot ...

Page 100: ... the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config private vlan primary vlan vlan id isolated vlan vlan id community vlan vlan list Configure the PVLAN type 3 Raisecom config private vlan association primary vlan id add remove secondary vlan list Configuration association of the primary VLAN and secondary VLANs Bef...

Page 101: ...ce for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 1 switchport mode private vlan host promiscuous Configure the PVLAN mode on the interface 4 Raisecom config gigaethernet1 1 1 exit Re...

Page 102: ... Description 1 Raisecom show vlan private vlan Show PVLAN configuration 2 Raisecom show switchport interface interface type interface number Show configuration of interface VLAN attributes 3 Raisecom show vlan vlan list static dynamic detail Show configuration of VLAN attributes 2 3 8 Example for configuring PVLAN Networking requirements To effectively distribute VLAN resources you need to properl...

Page 103: ...ype Raisecom config Raisecom config create vlan 10 20 30 active Raisecom config private vlan primary vlan 10 Raisecom config private vlan community vlan 30 Raisecom config private vlan isolated vlan 20 Raisecom config private vlan association 10 20 30 Step 2 Configure the promiscuous interface mode and mapping of the primary VLAN and secondary VLAN on the promiscuous interface Raisecom config inte...

Page 104: ...rnet 1 1 3 Raisecom config gigaethernet1 1 3 switchport mode private vlan host Raisecom config gigaethernet1 1 3 switchport private vlan host association 10 20 Checking results Use the show vlan private vlan command to show PVLAN configurations on the ISCOM2600G HI series switch Raisecom show vlan private vlan VLAN ID 10 Pvlan type primary Port list GE1 1 5 1 1 1 2 Associated vlans 20 30 VLAN ID 2...

Page 105: ...s Mode VLAN 1 Administrative Access Egress VLANs Operational Access Egress VLANs 1 Trunk Native Mode VLAN 1 Administrative Trunk Allowed VLANs 1 4094 Operational Trunk Allowed VLANs N A Administrative Trunk Untagged VLANs Operational Trunk Untagged VLANs N A Administrative private vlan host association 10 30 Administrative private vlan mapping 1 Operational private vlan 10 30 Raisecom show interfa...

Page 106: ...raversing from the PE device at the network side interface to the carrier network Packets with the VLAN 1000 outer Tag are transmitted to PE device on the other side by the carrier and then the PE will remove the outer tag VLAN 1000 and send packets to the user device Now the packets return to carrying only one tag VLAN 100 This technique can save public network VLAN ID resources You can plan priv...

Page 107: ...LAN ID on the service provider network Selective QinQ Different from basic QinQ outer VLAN Tag of selective QinQ can be selectable according to different services There are multiple services and different private VLAN ID on the user network which are divided by adding different outer VLAN Tag for voice video and data services then implementing different distributaries and inner and outer VLAN mapp...

Page 108: ...s or Trunk interface and configuring the default VLAN When basic QinQ is enabled on the interface all packets are processed as untagged packets If you configure the untagged packets to be discarded tagged packets are also discarded VLAN mapping based on VLAN CoS and VLAN mapping based on VLAN cannot be concurrently configured 2 4 5 Configuring selective QinQ Configure selective QinQ on the ingress...

Page 109: ...iguration on the LAG or in ISF mode Double tagged VLAN mapping cannot be concurrently configured with basic QinQ or tagged CVLAN Priority tagged VLAN mapping on the same interface Before configuring selective QinQ and specifying CoS of the outer VLAN configure basic QinQ 2 4 6 Configuring network side interface to Trunk mode Configure the network side interface to Trunk mode for the ISCOM2600G HI ...

Page 110: ...l Show configurations of basic QinQ 2 Raisecom show vlan mapping both interface interface type interface number Show configurations of selective QinQ 3 Raisecom show vlan mapping interface interface type interface number Show configurations of selective QinQ of EtherType on the interface 2 4 9 Example for configuring basic QinQ Networking requirements As shown in Figure 2 7 Switch A and Switch B a...

Page 111: ...an 100 1000 active Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 switchport mode trunk Raisecom config gigaethernet1 1 1 switchport trunk allowed vlan 1000 Raisecom config gigaethernet1 1 1 tpid 9100 Raisecom config gigaethernet1 1 1 exit Step 2 Configure basic QinQ on the interface Raisecom config interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 swit...

Page 112: ...ntains common PC Internet access services and IP phone services PC Internet access services are assigned to VLAN 1000 and IP phone services are assigned to VLAN 2000 Configure Switch A and Switch B as below to make the user and server communicate through the carrier network Add outer Tag VLAN 1000 to VLANs 100 102 assigned to PC Internet access services Add outer Tag 2000 to VLANs 200 202 for IP p...

Page 113: ...fig gigaethernet1 1 2 switchport trunk allowed vlan 100 101 102 200 201 202 1000 2000 SwitchA config gigaethernet1 1 2 switchport vlan mapping both inner 100 102 add outer 1000 SwitchA config gigaethernet1 1 2 switchport vlan mapping both inner 200 202 add outer 2000 SwitchA config gigaethernet1 1 2 exit Checking results Use the following command to show configurations of selective QinQ Take Switc...

Page 114: ... matches the packet according to configured VLAN mapping rules If successful it maps the packet according to configured VLAN mapping rules By supporting 1 1 VLAN mapping the ISCOM2600G HI series switch replaces the VLAN Tag carried by a packet from a specified VLAN to the new VLAN Tag Different from QinQ VLAN mapping does not encapsulate packets with multiple layers of VLAN Tags but needs to modif...

Page 115: ...e 3 Raisecom config gigaethernet1 1 port switchport vlan mapping both outer vlan id translate outer vlan id Raisecom config gigaethernet1 1 port switchport vlan mapping both outer vlan id inner inner vlan id translate outer vlan id inner inner vlan id Configure the VLAN mapping rule based on outer and inner VLAN Tag in both the ingress and egress directions of the interface 4 Raisecom config gigae...

Page 116: ...e 2 10 GE 1 1 2 and GE 1 1 3 on Switch A are connected to Department E using VLAN 100 and Department F using VLAN 200 GE 1 1 2 and GE 1 1 3 on Switch A are connected to Department C using VLAN 100 and Department D using VLAN 200 The carrier s network uses VLAN 1000 to transmit services between Department E and Department C and uses VLAN 2008 to transmit services between Department F and Department...

Page 117: ... rules SwitchA config interface gigaethernet 1 1 2 SwitchA config gigaethernet1 1 2 switchport mode trunk SwitchA config gigaethernet1 1 2 switchport trunk allowed vlan 100 confirm SwitchA config gigaethernet1 1 2 switchport vlan mapping both outer 100 translate 1000 SwitchA config gigaethernet1 1 2 exit Step 4 Configure GE 1 1 3 to Trunk mode allowing packets of VLAN 200 to pass Configure VLAN ma...

Page 118: ...e Interface GE 1 1 3 Default cvlan Original Outer VLANs 200 Original Outer COS Original Inner VLANs Original Inner COS Vlan mapping Mode S TRANS New Outer VID 2008 New Outer COS New Inner VID New Inner COS 2 6 STP RSTP 2 6 1 Introduction STP With the increasing complexity of network structure and growing number of switches on the network the Ethernet network loops become the most prominent problem...

Page 119: ...h each other for the election of root switch and selection of root port and designated port It also can block loop interface on the ISCOM2600G HI series switch logically according to the selection results and finally trims the loop network structure to tree network structure without loop which takes an ISCOM2600G HI series switch as root This prevents the continuous proliferation and limitless cir...

Page 120: ... topology convergence rate The purpose of STP RSTP is to simplify a bridged LAN to a unitary spanning tree in logical topology and to avoid broadcast storm The disadvantages of STP RSTP are exposed with the rapid development of VLAN technology The unitary spanning tree simplified from STP RSTP leads to the following problems The whole switching network has only one spanning tree which will lead to...

Page 121: ...p among them MAC address learning fault and broadcast storm and network down caused by quick copy and transmission of data frame STP calculation can block one interface in a broken loop and ensure that there is only one path from data flow to the destination host which is also the best path Preconditions N A 2 6 3 Default configurations of STP Default configurations of STP are as below Function De...

Page 122: ... series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config spanning tree priority priority value Optional configure device priorities 3 Raisecom config spanning tree root primary secondary Optional configure the device as the root or backup device 4 Raisecom config interface interface type interface number Raisecom config gigaethernet1 1 po...

Page 123: ...n real operation it will maintain the force false mode until the configuration is changed By default all interfaces on the ISCOM2600G HI series switch are configured in auto detection attribute Configure the edge interface for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface numb...

Page 124: ...du filter enable interface type interface number Enable BPDU filtering on the edge interface 2 6 9 Configuring BPDU Guard Generally on a switch interfaces are directly connected with terminals such as a PC or file servers are configured to an edge interfaces Therefore these interfaces can be transferred quickly In normal status these edge interfaces will not receive BPDUs If somebody attacks the s...

Page 125: ...SCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config spanning tree mrstp pro id Create an MRSTP process 3 Raisecom config spanning tree mrstp pro id priority priority Configure the priority of a specified process 4 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 5...

Page 126: ...igure the priority of Switch A to 0 and path cost from Switch B to Switch A to 10 Figure 2 14 STP networking Configuration steps Step 1 Enable STP on Switch A Switch B and Switch C Configure Switch A Raisecom hostname SwitchA SwitchA config SwitchA config spanning tree enable SwitchA config spanning tree mode stp Configure Switch B Raisecom hostname SwitchB SwitchB config SwitchB config spanning t...

Page 127: ...gigaethernet1 1 1 exit SwitchB config interface gigaethernet 1 1 2 SwitchB config gigaethernet1 1 2 switchport mode trunk SwitchB config gigaethernet1 1 2 exit Configure Switch C SwitchC config interface gigaethernet 1 1 1 SwitchC config gigaethernet1 1 1 switchport mode trunk SwitchC config gigaethernet1 1 1 exit SwitchC config interface gigaethernet 1 1 2 SwitchC config gigaethernet1 1 2 switchp...

Page 128: ... 1 1 PortProtocolEnable admin enable oper enable Rootguard disable Loopguard disable Bpduguard disable ExternPathCost 200000 Partner STP Mode stp Bpdus send 0 TCN 0 Config 0 RST 0 MST 0 Bpdus received 0 TCN 0 Config 0 RST 0 MST 0 State blocking Role non designated Priority 128 Cost 200000 Root Mac 0000 0000 0000 Priority 0 RootCost 0 DesignatedBridge Mac 0000 0000 0000 Priority 0 DesignatedPort 0 ...

Page 129: ...root MST Region Root concepts The total root is a global concept all switches running STP RSTP MSTP can have only one total root which is the CIST Root The region root is a local concept which is relative to an instance in a region As shown in Figure 2 15 all connected devices only have one total root and the number of region root contained in each region is associated with the number of instances...

Page 130: ...an only be transmitted in one MSTI but one MSTI may correspond to several VLANs Compared with STP and RSTP mentioned previously MSTP has obvious advantages including cognitive ability of VLAN load balancing similar RSTP interface status switching and binding multiple VLAN to one MST instance to reduce resource occupancy rate In addition devices running MSTP on the network are also compatible with ...

Page 131: ...rwarding packet of VLAN 100 MSTI 2 takes F as the root switch forwarding packet of VLAN 200 In this case all VLANs can communicate internally different VLAN packets are forwarded in different paths to share loading 2 7 2 Preparation for configuration Scenario In a big LAN or residential region aggregation the aggregation devices make up a ring for link backup avoiding loop and realizing load balan...

Page 132: ... 3 Raisecom config spanning tree enable Enable global STP 4 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 5 Raisecom config gigaethernet1 1 port spanning tree enable Enable interface STP The device supports this configuration on the LAG interface 2 7 5 Configuring MST region and its maximum number of hops You can configure region inform...

Page 133: ...ue Configure the maximum number of hops for MST region Only when the configured device is the region root can the configured maximum number of hops be used as the maximum number of hops for MST region other non region root cannot be configured this item 2 7 6 Configuring root backup bridge Two methods for MSTP root selection are as below To configure device priority and calculated by STP to confir...

Page 134: ...one root bridge and several backup bridges for a spanning tree 2 7 7 Configuring interface priority and system priority Whether the interface is elected as the root interface depends on interface priority Under the identical condition the interface with smaller priority will be elected as the root interface An interface may have different priorities and play different roles in different instances ...

Page 135: ...sure the region scale while network diameter is a parameter to measure the whole network scale The greater the network diameter is the larger the network scale is Similar to the maximum number of hops of the MST region only when the ISCOM2600G HI series switch is configured as the CIST root device can this configuration take effect MSTP will automatically configure the Hello Time Forward Delay and...

Page 136: ...ost for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port spanning tree extern path cost cost value Configure the external path cost of the interface 2 7 11 Configuring maximum transmis...

Page 137: ...d interface starts forwarding data it needs a medium status learning status after delay for the interval of Forward Delay it enters forwarding status The delay guarantees the new configuration message to be transmitted through whole network You can adjust the delay according to actual condition in other words reduce it when network topology changes infrequently and increase it under opposite condi...

Page 138: ...hysical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port spanning tree edged port auto force true force false Configure attributes of the RSTP edge interface 2 7 14 Configuring BPDU filtering After being enabled with BPDU filtering the edge interface does not send BPDU packets nor process received BPDU packets Configure BPDU filtering for the ISCOM2600G HI series switch as...

Page 139: ...terface is shut down if it receives a BPDU 2 7 16 Configuring STP RSTP MSTP mode switching When STP is enabled three spanning tree modes are supported as below STP compatible mode the ISCOM2600G HI series switch does not implement fast switching from the replacement interface to the root interface and expedited forwarding by a specified interface instead it sends STP configuration BPDU and STP Top...

Page 140: ...itch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port spanning tree link type auto point to point shared Configure link type for interface 2 7 18 Configuring root interface protection The network will select a bridge...

Page 141: ...lure in receiving packets may not link fault In this case enabling the backup interface may lead to loop Loopguard is used to keep the original interface status when it cannot receive packet in a period Loopguard and link backup are mutually exclusive in other words loopguard is implemented on the cost of disabling link backup Configure interface loop protection for the ISCOM2600G HI series switch...

Page 142: ... Raisecom show spanning tree region operation Show operation information about the MST region 4 Raisecom config region show spanning tree region configuration Show configurations of the MST region 2 7 22 Maintenance Maintain the ISCOM2600G HI series switch as below Command Description Raisecom config gigaethernet1 1 port spanning tree clear statistics Clear statistics about spanning tree on the in...

Page 143: ... SwitchA SwitchA config SwitchA config create vlan 3 4 active Configure Switch B Raisecom name SwitchB SwitchB config SwitchB config create vlan 3 4 active Configure Switch C Raisecom name SwitchC SwitchC config SwitchC config create vlan 3 4 active Step 2 Configure GE 1 1 1 and GE 1 1 2 on Switch A to allow packets of all VLAN to pass in Trunk mode Configure GE 1 1 1 and GE 1 1 2 on Switch B to a...

Page 144: ...ethernet 1 1 3 SwitchB config gigaethernet1 1 3 switchport access vlan 3 SwitchB config gigaethernet1 1 3 exit SwitchB config interface gigaethernet 1 1 4 SwitchB config gigaethernet1 1 4 switchport access vlan 4 SwitchB config gigaethernet1 1 4 exit Configure Switch C SwitchC config interface gigaethernet 1 1 1 SwitchC config gigaethernet1 1 1 switchport mode trunk SwitchC config gigaethernet1 1 ...

Page 145: ...evel 0 SwitchB config region instance 3 vlan 3 SwitchB config region instance 4 vlan 4 SwitchB config region exit Configure Switch C SwitchC config spanning tree mode mstp SwitchC config spanning tree enable SwitchC config spanning tree region configuration SwitchC config region name aaa SwitchC config region revision level 0 SwitchC config region instance 3 vlan 3 SwitchC config region instance 4...

Page 146: ...ning tree admin state enable Spanning tree protocol mode MSTP MST ID 3 BridgeId Mac 000E 5E11 2233 Priority 32768 RegionalRoot Mac 000E 5E11 2233 Priority 32768 InternalRootCost 0 Port PortState PortRole PathCost PortPriority LinkType Use the show spanning tree instance 4 command to show basic information about spanning tree instance 4 Take Switch A for example SwitchA show spanning tree instance ...

Page 147: ... device B is the root bridge of device A You can create multiple MRSTP processes on device A and bind the interfaces connecting these ring networks to the specified processes In this case when devices on these ring networks they will elect device A as the root bridge of each ring network while device A will elect device B as its root bridge Figure 2 19 Configuring MRSTP for specifying root bridge ...

Page 148: ...nfig Enter global configuration mode 2 Raisecom config spanning tree enable Enable STP 3 Raisecom config spanning treemode mrstp Configure the mode of the spanning tree to MRSTP 4 Raisecom config spanning tree mrstp pro id Create an MRSTP 5 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 6 Raisecom config gigaethernet1 1 port spanning tre...

Page 149: ...terface 8 Raisecom config spanning tree forward delay value Optional configure the Forward Delay 9 Raisecom config spanning tree max age value Optional configure the Max Age 2 8 6 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show spanning tree mrstp pro id Show basic configurations of MRSTP 2 9 Loop detection 2 9 1 Introduction...

Page 150: ...nterface receiving the packet are different process the interface with the smaller interface ID to eliminate the loop inner loop If the interface sending the packet and the interface receiving the packet are the same process the interface to eliminate the loop self loop In Figure 2 20 assume that both Switch B and Switch C connect user network interfaces enabled with loop detection The system proc...

Page 151: ... sends Trap only Loop restoration After an interface is blocked or shut down you can configure it such as no automatic restoration and automatic restoration after a specified period If an interface is configured as automatic restoration after a specified period the system will start loop detection after the period If the loop disappears the interface will be restored Otherwise it will be kept in b...

Page 152: ...ig interface interface type interface number Enter interface configuration mode The device also supports batch interface configuration mode 3 Raisecom config gigaethernet1 1 port loopback detection pkt vlan untag vlan id hello time second restore time second action block trap only shutdown shutdown restore log interval log interval time Raisecom config gigaethernet1 1 port loopback detection detec...

Page 153: ... loopback detection statistic interface type interface number Clear statistics about loop detection 2 9 7 Example for configuring inner loop detection Networking requirements As shown in Figure 2 21 GE 1 1 2 and GE 1 1 3 on Switch A are connected to the user network To avoid loops on the user network enable loop detection on Switch A to detect loops on user network and then take actions accordingl...

Page 154: ...onfig gigaethernet1 1 1 exit Raisecom config interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 switchport access vlan 3 Raisecom config gigaethernet1 1 2 exit Step 2 Configure the VLAN for sending loop detection packets action taken for detected loops and period for sending loop detection packets Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 loopback d...

Page 155: ...tion group isolating Layer 2 Layer 3 data in the interface protection group This can provide physical isolation between interfaces enhance network security and provide flexible networking scheme for users After being configured with interface protection interfaces in an interface protection group cannot transmit packets to each other Interfaces in and out of the interface protection group can comm...

Page 156: ... across devices in the ISF Interface isolation can be implemented based on LAG interface namely between LAG interfaces and between a LAG interface and common interface 2 10 5 Configuring interface isolation Configure interface isolation for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config protect group group id vl...

Page 157: ...rface protection on GE 1 1 1 and GE 1 1 2 on Switch A Figure 2 22 Interface protection networking Configuration steps Step 1 Enable interface protection on the GE 1 1 1 Raisecom config Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 switchport protect Raisecom config gigaethernet1 1 1 exit Step 2 Enable interface protection on the GE 1 1 2 Raisecom config interface g...

Page 158: ...eck whether PC 1 can ping PC 2 successfully PC 1 fails to ping PC 3 so interface protection has taken effect 2 11 Port mirroring 2 11 1 Introduction Port mirroring refers to assigning some packets mirrored from the source port to the destination port such as from the monitor port without affecting the normal packet forwarding You can monitor sending and receiving status for packets on a port throu...

Page 159: ...enabled with port mirroring The monitor port and mirroring port cannot be the same one 2 11 2 Preparing for configurations Scenario Port mirroring is used to monitor the type and flow of network data regularly for the network administrator Port mirroring copies the port flow monitored to a monitor port or CPU to obtain the ingress egress port failure or abnormal flow of data for analysis discovers...

Page 160: ...ress and egress directions of the port 8 Raisecom config gigaethernet1 1 port exit Raisecom config mirror group group id source cpu ingress egress Configure port mirroring to mirror packets to or from the CPU 2 11 5 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show mirror group group id Show configurations of port mirroring 2 1...

Page 161: ...com config interface gigaethernet 1 1 3 Raisecom config gigaethernet1 1 3 mirror group 1 monitor port Raisecom config gigaethernet1 1 3 exit Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 mirror group 1 source port ingress Checking results Use the show mirror command to show configurations of port mirroring Raisecom show mirror group Mirror Group 1 Monitor Port giga...

Page 162: ...e MAN It is more complex than discard and peer mode requiring cooperating profile at network side interface and carrier side interface tunnel terminal to allow packets to pass through the carrier network 2 12 2 Preparing for configurations Scenario On the access device of MAN you can configure profile on user network interface according to services from the carrier to configure L2CP of the user ne...

Page 163: ...p dot1x lacp lldp cdp vtp pvst all action tunnel drop peer Optional configure the mode for processing L2CP packets 5 Raisecom config l2cp profile tunnel vlan vlan id Optional configure the specified VLAN for transparent transmission 6 Raisecom config l2cp profile tunnel interface type interface number Optional configure the specified egress interface for transparent transmission 7 Raisecom config ...

Page 164: ...2CP on the interface 3 Raisecom show l2cp process tunnel statistics interface type interface number Show statistics about L2CP packets on the interface 2 12 8 Maintenance Maintain the ISCOM2600G HI series switch as below Command Description Raisecom config clear l2cp process tunnel statistic interface type interface number Clear statistics about L2CP packets on the interface 2 12 9 Example for con...

Page 165: ...omer A Raisecom config l2cp process profile 1 Raisecom config l2cp profile name CustomerA Raisecom config l2cp profile l2cp process protocol all action drop Raisecom config l2cp profile l2cp process protocol stp action tunnel Raisecom config l2cp profile exit Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 l2cp process profile 1 Raisecom config gigaethernet1 1 1 exit...

Page 166: ...0 C200 0000 tunnel none dot1x 0180 C200 0003 drop none lacp 0180 C200 0002 drop none oam 0180 C200 0002 drop none cdp 0100 0CCC CCCC drop none vtp 0100 0CCC CCCC drop none pvst 0100 0CCC CCCD drop none lldp 0180 C200 000E drop none elmi 0180 C200 0007 drop none udld 0100 0CCC CCCC drop none pagp 0100 0CCC CCCC drop none ProfileId 2 Name customerB BpduType Mac address l2cp process Mac vlan EgressPo...

Page 167: ...evices are more and more widely used especially in broadband residential communities The network usually transmits voice traffic and data traffic concurrently but voice traffic requires a higher priority than data traffic in transmission to avoid delay and packet loss A voice VLAN is especially partitioned for voice traffic of users By partitioning voice VLANs and add interfaces of the voice devic...

Page 168: ...omatically add the interface to the voice VLAN When the interface fails to receive voice packets for a specified period it will automatically quit the voice VLAN Manual mode in this mode you need to manually add the interface to the voice VLAN The interface does not automatically join and leave the voice VLAN The ISCOM2600G HI series switch supports the following two networking modes Figure 2 26 s...

Page 169: ...oice VLAN configured on the switch through LLDP it will send tagged voice packets For details see section 2 13 9 Example for configuring IP phone to access voice VLAN packets through LLDP Prerequisite Create a VLAN and configure its parameters 2 13 3 Default configurations of voice VLAN Default configurations of Organizationally Unique Identifier OUI of the voice VLAN are as below OUI Address Mask...

Page 170: ...witch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port voice vlan qos cos cos value dscp dscp value Configure CoS and DSCP of voice VLAN packets 4 Raisecom config gigaethernet1 1 port voice vlan qos trust Configure Q...

Page 171: ...he interface to join the voice VLAN 5 Raisecom config vioce vlan aging time time Configure the aging time for the interface to leave the voice VLAN in automatic mode 2 13 6 Configuring OUI address Configure the OUI address for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config voice vlan mac address mac address mask...

Page 172: ...hat the device can add voice VLAN Tag when these packets pass the voice VLAN interface Configure VLAN 200 as the voice VLAN to transmit voice traffic sent from the IP phone Figure 2 28 Networking with adding interface to voice VLAN and configuring it to work in manual mode Configuration steps Step 1 Create VLAN 100 and VLAN 200 activate them and configure VLAN 200 as the voice VLAN Raisecom config...

Page 173: ...ce vlan status command to view the current status of the voice VLAN Use the show voice vlan mac address command to view the OUI address of the voice VLAN Raisecom config show voice vlan mac address OUI Address Mask Description 0001 E300 0000 FFFF FF00 0000 Siemens phone 0003 6B00 0000 FFFF FF00 0000 Cisco phone 0004 0D00 0000 FFFF FF00 0000 Avaya phone 00D0 1E00 0000 FFFF FF00 0000 Pingtel phone 0...

Page 174: ...to access voice VLAN packets through LLDP Configuration steps Step 1 Create VLAN 100 and VLAN 200 activate them and configure VLAN 200 as the voice VLAN Raisecom config create vlan 100 200 active Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 switchport mode trunk Raisecom config gigaethernet1 1 1 switchport trunk native vlan 100 Raisecom config gigaethernet1 1 1 vo...

Page 175: ...LAN Raisecom config show voice vlan mac address OUI Address Mask Description 0001 E300 0000 FFFF FF00 0000 Siemens phone 0003 6B00 0000 FFFF FF00 0000 Cisco phone 0004 0D00 0000 FFFF FF00 0000 Avaya phone 00D0 1E00 0000 FFFF FF00 0000 Pingtel phone 0060 B900 0000 FFFF FF00 0000 Philips NEC phone 00E0 7500 0000 FFFF FF00 0000 Verilink phone 00E0 BB00 0000 FFFF FF00 0000 NBX phone 0001 ED00 0000 FFF...

Page 176: ...ister or reregister attributes Through message exchange all attributes to be registered can be transmitted to all GARP entities in the same LAN GARP timer The interval for sending the GARP message is controlled by timers GARP defines three timers to control the interval Join timer if no message is replied to the first Join message sent by the GARP application entity this entity will send another J...

Page 177: ...AN 1 to pass and transmits packets of the default VLAN to other GARP members As shown in Figure 2 30 to configure VLANs on multiple devices on a network and allow packets of the specified VLAN to pass are complex By using GVRP to dynamically register and transmit the specified VLAN the network administrator can improve working efficiency and accuracy Figure 2 30 Principles of GVRP As shown in Figu...

Page 178: ...tep Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface num Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port garp timer join leave leaveall time value Configure the GARP timer The value of the Join timer must be smaller than half of that of the Leave timer The value of the Leave timer mus...

Page 179: ...d forbidden normal Optional configure GVRP registration mode 6 Raisecom config gigaethernet1 1 port gvrp enable Enabling interface GVRP Interface GVRP can be enabled only after the interface is configured to Trunk mode We do not recommend enabling GVRP on a LAG member interface 2 14 6 Checking configurations Use the following commands to check configuration results No Command Description 1 Raiseco...

Page 180: ...tch A and Switch C Configure static VLANs 15 20 on Switch D Configure static VLANs 25 30 on Switch E Configure the interfaces that are connected to other switches to Trunk mode and enable GVRP on these interfaces Configure the Join timer Leave timer and LeaveAll timer of GARP on each interface to 600 3000 and 12000 in units of 10ms Figure 2 31 GVRP networking Configuration steps Step 1 Create VLAN...

Page 181: ...Switch B GE 1 1 1 on Switch C and GE 1 1 1 on Switch D to Trunk mode and enable GVRP on them Take GE 1 1 1 on Switch A for example Configurations of other interfaces are the same SwitchA config interface gigaethernet 1 1 1 SwitchA config gigaethernet1 1 1 switchport mode trunk SwitchA config gigaethernet1 1 1 gvrp enable SwitchA config gigaethernet1 1 1 exit Step 3 Configure GARP timers of GE 1 1 ...

Page 182: ... Copyright Raisecom Technology Co Ltd 151 Checking results Use the show gvrp command to show GVRP configurations on the interface Take Switch A for example SwitchA show gvrp gigaethernet 1 1 1 Port PortStatus RegMode LastPduOrigin FailedTimes PortRunStatus GE1 1 1 Enable Normal 0000 0000 0000 0 Enable ...

Page 183: ... uniform management and uninterrupted maintenance of multiple devices 3 1 1 ISF advantages Simplified management after an ISF is formed you can log in from any interface on any member switch to manage all members in the ISF Powerful network scalability you can increase interfaces network bandwidth and processing capability of an ISF simply by adding member switches High reliability the ISF is reli...

Page 184: ... shown in Figure 3 1 the master switch and backup switch form an ISF so they appear as only one device the ISF for the upstream or downstream devices Figure 3 1 ISF networking 3 2 ISF concepts As shown in Figure 3 2 connect Switch A with Switch B and configure them properly to form an ISF The ISF manages physical and software resources of Switch A and Switch B ...

Page 185: ...ster device In other words when the master device fails it becomes the master device Slave it works as a backup for the backup device In other words when the master and backup device fail the ISF will automatically elect a new master device from all slave devices to replace the original master device The master device backup device and slave device are elected as roles An ISF contains only one mas...

Page 186: ... to different chips cannot be bound with the same ISF interface while those connected to the same chip cannot be bound with different ISF interfaces In standalone mode IDs of ISF interfaces are ISF Port1 1 1 and ISF Port1 1 2 In ISF mode IDs of ISF interfaces are ISF PortN 1 1 and ISF PortN 2 1 in the IDs N is the member ID To be brief this document uses ISF Port1 and ISF Port2 uniformly ISF physi...

Page 187: ...ected as the master device you can modify its member priority to a high value on CLI before establishing an ISF When two master devices have the same priority the one with a longer up time of the ISF will be elected as the master device In ISF mode you can configure the priority of other devices on the master device 3 2 2 Principles of ISF Establishing an ISF consists of the following four phases ...

Page 188: ... ISF Raisecom Proprietary and Confidential Copyright Raisecom Technology Co Ltd 157 Figure 3 5 Chain networking Figure 3 6 Ring networking Chain networking it has a lower physical location than the ring networking so it is used when members are scattered ...

Page 189: ...ncement the ISF connection topology must be the ring type and exclude ISF relay networking Topology collection A member device and its neighbors exchange ISF Probe packets to collect the entire ISF topology The ISF Route packet carries topology information including connection relation of ISF interfaces ID of member device priority of member device and bridge MAC addresses of member interfaces Whe...

Page 190: ...unication is normal After the ISF is completely established it enters management and maintenance phase When two ISF merge ISF election will occur by following rules of role election The devices in the loser ISF join the winner ISF as the backup device or slave devices and forming a new ISF with the master member device The restart during ISF merge is manually operated No matter a device forms an I...

Page 191: ...ceive heartbeat packets from its neighbor for multiple periods usually 16 periods it considers that the neighbor has left the ISF Thus new topology will form If a stack interface in the ISF becomes Down the ISF will re elect members to form a new topology If the master device leaves the ISF will elect the backup device as the master device preferentially If the backup device leaves the ISF will el...

Page 192: ...e ISF split to work properly MAD has the following functions Detect ISF split use Bidirectional Forwarding Detection BFD to detect whether there are multiple ISFs on the network Eliminate conflict after ISF split occurs the original ISF can detect other ISFs in Active status indicating the ISF is working This function allows the ISF with the minimum unit ID of the master device to continue to work...

Page 193: ...gure 3 8 Flow for establishing the ISF environment 3 3 2 Planning number of ISF members After multiple member devices form an ISF the sum of their switching capacity is the switching capacity of the ISF Determine the number and model of ISF members according to access and uplink requirements for the network An ISF supports up to 9 members ...

Page 194: ...face The two ISF interfaces that connect two neighbor devices should be bound with the same number of ISF physical interfaces so that these ISF physical interfaces can be interconnected with those on the neighbor device For example the number of ISF physical interfaces bound with ISF Port2 on Device A should be equal to that of ISF physical interfaces bound with ISF Port1 on Device B In standalone...

Page 195: ...e Unit ID 1 Domain ID 0 Priority 0 Automatic upgrade Disable Restart upon ISF split or merge Enable 3 4 3 Preconfiguration mode In preconfiguration mode you can configure a standalone device with the ISF interface ID member ID and member priority These configurations do not affect the running of the standalone device but will take effect after the standalone device enter ISF mode Before forming an...

Page 196: ...r device restart the modification takes effect and the original member ID becomes invalid Modify the priority of a member device to make the device be elected as the master device Modify the existing binding of an ISF deleting a binding or add a binding The configuration of the ISF interface may affect the running of the local device such as causing ISF split or ISF merge Task Description Configur...

Page 197: ...config isf port1 1 1 exit Bind a physical interface with the ISF interface Save the configuration to the startup configuration file so that it can take effect when the device switches to the ISF mode and load the startup configuration file In standalone mode binding an ISF interface with an ISF physical interface does not affect current services of the ISF physical interface When the device switch...

Page 198: ...w Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config isf mode isf Configure the ISF mode When the configuration command is executed the system prompts Set successfully The device will switch to isf mode take effect after reboot To prevent the device from being restarted type no and press Enter The device will not be restarted so you can further configure i...

Page 199: ... form ISF physical interfaces Use ISF cables to connect these ISF physical interfaces Then ISF on these devices will take effect ISF Port1 ISF Port2 1 1 as used in ISF mode on one device can be connected to ISF Port2 ISF Port2 1 2 as used in ISF mode only on the other device An ISF interface can be bound with up to 8 physical interfaces through multiple execution of the isf port group interface co...

Page 200: ...ring member ID The ISF uses the member ID to uniquely identify member devices Information and configurations of the device are related to the member ID such as the interface ID including the physical interface and logic interface interface configurations and member priority If you modify the member ID but do not restart the device the original member ID will still take effect and be used by physic...

Page 201: ...l An ISF communicates with the external network as a virtual device so it should have a unique bridge MAC address called the ISF bridge MAC address It usually uses the bridge MAC address of the master device as the ISF bridge MAC address Conflict with the bridge MAC address causes communication failure but switching of the bridge MAC address causes service interruption In this case you should conf...

Page 202: ...dress synchronization In ISF mode after a switch interface quits a VLAN it will delete the MAC address corresponding to the VLAN on the interface During the deleting process it does not process the MAC address synchronization request from other ISF member switches until it deletes the MAC address After the period for synchronizing MAC addresses expires the interface will receive and process the MA...

Page 203: ...tion and process mechanism When an ISF link is faulty the ISF splits into two new ISFs These two ISFs have the same IP address which causes IP address conflict and thus enlarges the fault In this case a mechanism is required to improve system availability and detect whether there are multiple ISFs on the network and take actions accordingly to minimize impact of ISF split on services The MAD mode ...

Page 204: ...ame VLAN Configure these member devices with different IP addresses in the same network segment in VLAN interface configuration mode Figure 3 10 BFD MAD networking without intermediate device If there are 3 or 4 member devices in an ISF you must use an intermediate device to configure BFD MAD As shown in Figure 3 11 there must be one BFD MAD link between any member device and the intermediate swit...

Page 205: ... also configure it with this step Step 2 Determine physical interfaces at least one on each member device used for BFD MAD and add them to the VLAN specially used for BFD MAD if an intermediate device is used for networking you should also configure it with this step Step 3 Create a VLAN interface for the VLAN specially used for BFD MAD Enable BFD MAD on the VLAN interface Configure the MAD IP add...

Page 206: ...P address through the mad ip address command instead of other IP addresses common IP address configured through the ip address command and VRRP IP address to prevent from affecting MAD BFD MAD and STP are mutually exclusive so do not enable STP on the physical interface that is in the VLAN corresponding to the VLAN interface enabled with BFD MAD Ensure that there is no physical loop Plan the MAD I...

Page 207: ...ts to Recovery status in which it fails to forward service packets In this case you can clear the ISF link fault to resume the ISF system devices will automatically try to clear the ISF link fault If failed it needs manual restoration After the ISF link fault is cleared the Active ISF and the Recovery ISF will merge into an ISF The ISF system prompts you to restart the Recovery ISF After the Recov...

Page 208: ...com config mad restore Restore service interfaces shut down due to MAD to normal status 3 7 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show isf Show all collected ISF information 2 Raisecom show isf topology Show information about ISF topology 3 Raisecom show isf packet Show statistics on ISF packets 4 Raisecom show isf confi...

Page 209: ... in preconfiguration mode with BFD MAD Networking requirements When the network grows rapidly the central switch Switch A fails to meet forwarding requirements To double forwarding capability based on protecting the existing investment with easy management and maintenance you can configure ISF Configuration thought To double forwarding capability of Switch A add Switch B to the network and then co...

Page 210: ...priority to 12 Create ISF interface 2 Binding it with the physical interface Tengigabitethernet 1 1 25 Raisecom config Raisecom config isf renumber 1 Raisecom config isf priority 12 Raisecom config interface tengigabitethernet 1 1 25 Raisecom config tengigabitethernet1 1 25 exit Raisecom config interface isf port 1 1 1 Raisecom config isf port1 1 1 isf port group tengigabitethernet 1 1 25 Raisecom...

Page 211: ... 2 and member priority to 26 Create ISF interface 1 Bind it with the physical interface Tengigabitethernet 1 1 25 Raisecom config Raisecom config isf renumber 2 Member ID change will take effect after the switch reboots and work in ISF mode Will you change start config please input yes to change no Raisecom config isf priority 26 Raisecom config interface tengigabitethernet 1 1 25 Raisecom config ...

Page 212: ... vlan3 mad bfd enable 1970 01 01 08 17 21 BFD 5 BFD_SESSIONID_DOWN unit1 Bfd session 65 is down Configure Switch B Create VLAN 3 Configure the MAD IP address Enable BFD MAD on Switch B with the member ID as 2 Raisecom 2 config Raisecom 2 config create vlan 3 active Raisecom 2 config interface vlan 3 Raisecom 2 config vlan3 mad ip address 192 168 2 2 unit 2 Raisecom 2 config vlan3 mad bfd enable 19...

Page 213: ...es from ISF mode to standalone mode Networking topology Figure 3 15 ISF networking with member device changing from ISF mode to standalone mode Configuration steps Step 1 Determine the master device Raisecom 1 show isf Raisecom 1 config isf renumber 1 Raisecom 1 config isf mode isf next unit is 1 are you sure please input yes yes This config reboot go into effect Please input yes to reboot yes 197...

Page 214: ...g isf renumber 2 Raisecom 1 config isf mode isf next unit is 2 are you sure please input yes yes This config reboot go into effect Please input yes to reboot yes 1970 01 01 08 07 17 System 4 SYSTEM_REBOOT unit1 Change work Mode reboot BOOTROM starting Configure ISF interface 1 1 1 and bind it with physical interface Tengigabitethernet 1 1 25 Raisecom 2 config interface tengigabitethernet 1 1 25 Ra...

Page 215: ... interface vlan 3 Raisecom 2 config vlan3 mad ip address 192 168 2 2 unit 2 Raisecom 2 config vlan3 mad bfd enable 1970 01 01 08 17 21 BFD 5 BFD_SESSIONID_DOWN unit1 Bfd session 65 is down If the intermediate device is an ISF you must configure it with a domain ID that is different from the domain ID of the target ISF system 3 8 3 Example for switching member device from ISF mode to standalone mod...

Page 216: ... Switch A as below Raisecom 1 show isf MODE ISF mode ISF MAC 00 01 22 44 76 78 Isf port1 1 1 Tengigabitethernet1 1 25 Number MAC Address Domain Unit Priority Role Stk Time Version Minversion 1 00 01 22 44 76 78 0 2 255 master 18 2 9 2 00 0e 5e 61 91 cf 0 1 64 backup 30 2 9 Previous information shows that Switch B is the master device Step 2 Disconnect the ISF link by manually shutting down ISF phy...

Page 217: ... successfully BOOTROM starting Step 4 Log in to Switch B Configure it to standalone mode Raisecom 2 config Raisecom 2 config isf mode single This config reboot go into effect Please input yes to reboot yes Will you change start config please input yes to change yes 1970 01 01 08 36 35 System 4 SYSTEM_REBOOT unit2 Change work Mode reboot Operation successfully BOOTROM starting 3 8 4 Example for con...

Page 218: ...com ISCOM2600G HI A Series Configuration Guide 3 ISF Raisecom Proprietary and Confidential Copyright Raisecom Technology Co Ltd 187 Networking topology Figure 3 17 Networking topology before configuring ISF ...

Page 219: ...he previous networking topology Switch them to ISF mode Configuration steps Step 1 Configure Switch A 1 Configure the member ID of Switch A to 1 and member priority to 12 Raisecom config Raisecom config isf renumber 1 Raisecom config isf priority 12 Raisecom config interface tengigabitethernet 1 1 25 Raisecom config tengigabitethernet1 1 25 exit Raisecom config interface tengigabitethernet 1 1 27 ...

Page 220: ...ot Operation successfully BOOTROM starting After Switch A is restarted it forms an ISF that has only one member device Step 2 Configure Device B 1 Configure the member ID of Switch B to 2 and member priority to 26 Raisecom config Raisecom config isf renumber 2 Raisecom config isf priority 26 Raisecom config interface tengigabitethernet 1 1 25 Raisecom config tengigabitethernet1 1 25 exit Raisecom ...

Page 221: ...aisecom config isf renumber 3 Raisecom config isf priority 6 Raisecom config interface tengigabitethernet 1 1 25 Raisecom config tengigabitethernet1 1 25 exit Raisecom config interface tengigabitethernet 1 1 27 Raisecom config tengigabitethernet1 1 27 exit Raisecom config interface isf port 1 1 1 Raisecom config isf port1 1 1 isf port group tengigabitethernet 1 1 25 Raisecom config isf port1 1 1 e...

Page 222: ...ecom config tengigabitethernet1 1 27 exit Raisecom config interface isf port 1 1 1 Raisecom config isf port1 1 1 isf port group tengigabitethernet 1 1 25 Raisecom config isf port1 1 1 exit Raisecom config interface isf port 1 1 2 Raisecom config isf port1 1 2 isf port group tengigabitethernet 1 1 27 Raisecom config isf port1 1 2 exit 2 Save running configurations to the startup configuration file ...

Page 223: ...etwork to transmit ring network control information Meanwhile combining with the topology feature of the ring network it discovers network fault quickly and enable the backup link to restore service fast 4 1 2 Preparing for configurations Scenario With development of Ethernet to telecom grade network voice and video multicast services bring higher requirements on Ethernet redundant protection and ...

Page 224: ...500ms Ring Hold off timer 0ms G 8032 fault reported to NMS Enable Tributary ring virtual channel mode in intersecting node With Ring Propagate switch in crossing node Disable 4 1 4 Creating G 8032 ring Configure G 8032 for the ISCOM2600G HI series switch as below Only one device on the protection ring can be configured to the Ring Protection Link RPL Owner and one device is configured to the RPL n...

Page 225: ...ocol vlan vlan id block vlanlist vlan list Create a protection ring and configure the node as the RPL Neighbour Raisecom config ethernet ring protection ring id east interface type interface number port channel port channel number west interface type interface number port channel port channel number not revertive protocol vlan vlan id block vlanlist vlan list Create a protection line and configure...

Page 226: ...config ethernet ring protection ring id holdoff time holdoff time Optional configure the ring Hold off timer After the Hold off timer is configured when the working line fails the system will delay processing the fault It means that traffic is delayed to be switched to the protection line This helps prevent frequent switching caused by working line vibration If the ring Hold off timer value is too...

Page 227: ... Configurations of non intersecting nodes of the intersecting ring are identical to those of the single tangent ring For details see section 4 1 4 Creating G 8032 ring Configure G 8032 intersecting rings for ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config ethernet ring protection ring id east west interface type inte...

Page 228: ...g protection ring id raps vc with without Optional configure the tributary ring virtual channel mode on the intersecting node Because the intersecting node belongs to the main ring transmission modes of protocol packets in the tributary ring are different from the ones of the main ring In the tributary ring transmission modes are divided into with and without modes with the main ring provides chan...

Page 229: ...ng protection ring id force switch east west Switch the traffic on the protection ring to the west east interface forcedly FS can be configured on multiple interfaces of multiple ring nodes 3 Raisecom config eth ernet ring protection ring id manual switch east west Switch the traffic on the protection ring to the west east interface manually Its priority is lower than the one of FS and APS MS can ...

Page 230: ...in Ethernet can make Ethernet reliability up to telecommunication level network self heal time less than 50ms It is an end to end protection technology used for protecting an Ethernet link ELPS supports 1 1 protection switching and 1 1 protection switching modes 1 1 protection switching each working line is assigned with a protection line In the protection domain the source end sends traffic throu...

Page 231: ...o modes for fault detection Detecting fault over physical interface status to get link fault quickly and switching in time available to neighboring devices Detecting fault over CC available to one way detection or multi devices crossing detection Prerequisite Connect interfaces Configure physical parameters to make interfaces Up at the physical layer Create VLANs Add interfaces to VLANs Configure ...

Page 232: ...isecom config ethernet line protection line id name string Optional configure a name for the ELPS protection line 4 Raisecom config ethernet line protection line id wtr timer wtr timer Optional configure the WTR timer In revertive mode when the working line recovers from a fault traffic is not switched to the working line unless the WTR timer times out By default the WTR time value is 5min We reco...

Page 233: ...g ethernet line protection line id working protection failure detect cc md md name ma ma name level level mep local mep id remote mep id Configure the fault detection mode of the working line protection line to CC This fault detection mode cannot take effect unless you finish related configurations on CFM Raisecom config ethernet line protection line id working protection failure detect physical l...

Page 234: ...ic from the protection line to the working line 6 Raisecom config clear ethernet line protection line id end to end command Clear end to end switching control commands including lockout force switch manual switch and manual switch to work By default traffic is automatically switched to the protection line when the working line fails Therefore you need to configure ELPS switching control in some sp...

Page 235: ...itchA config gigaethernet1 1 1 switchport mode trunk SwitchA config gigaethernet1 1 1 switchport trunk allowed vlan 100 200 confirm SwitchA config gigaethernet1 1 1 exit SwitchA config interface gigaethernet 1 1 2 SwitchA config gigaethernet1 1 2 switchport mode trunk SwitchA config gigaethernet1 1 2 switchport trunk allowed vlan 100 200 confirm SwitchA config gigaethernet1 1 2 exit Configure Swit...

Page 236: ...e to one Step 3 Configure fault detection mode Configure Switch A SwitchA config ethernet line protection 1 working failure detect physical link SwitchA config ethernet line protection 1 protection failure detect physical link Configure Switch B SwitchB config ethernet line protection 1 working failure detect physical link SwitchB config ethernet line protection 1 protection failure detect physica...

Page 237: ...reDetect physical MAID MdLevel 0 LocalMep 0 RemoteMep 0 State F M Standby N N Link State failure Wtr m 5 Holdoff 100ms 0 Use the show ethernet line protection aps command to show configurations of the 1 1 ELPS APS on the ISCOM2600G HI series switch Take Switch A for example SwitchA show ethernet line protection 1 aps Trap State Enable C Direction Configuration Direction N Direction Negotiated Dire...

Page 238: ... 1 1 Introduction The IP interface is the virtual interface based on VLAN Configuring Layer 3 interface is generally used for network management or routing link connection of multiple devices The ISCOM2600G HI series switch supports double tagged management VLAN packets in other words it can send and process double tagged packets 5 1 2 Preparing for configurations Scenario Configure the IP address...

Page 239: ...rface Use the no ip address ip address command to delete configuration of the IP address 5 1 5 Configuring IPv6 address of VLAN interface Configure the IPv6 address of the VLAN interface for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface vlan vlan id Enter Layer 3 interface configuration mode 3 Raiseco...

Page 240: ...nds to check configuration results No Command Description 1 Raisecom show ip interface brief Show configurations of the IP address of the VLAN interface 2 Raisecom show ipv6 interface brief Show configurations of the IPv6 address of the VLAN interface 3 Raisecom show ip management traffic Show information about management packets on the VLAN interface 5 1 8 Example for configuring VLAN interface t...

Page 241: ... Status Priority Member Ports 10 VLAN0010 active static Use the show ip interface brief to show configurations of the Layer 3 interface Raisecom show ip interface brief VRF IF Address NetMask Catagory Default IP Routing Table fastethernet1 0 1 192 168 0 1 255 255 255 0 primary Default IP Routing Table vlan10 192 168 1 2 255 255 255 0 primary Use the ping command to check whether the ISCOM2600G HI ...

Page 242: ...al interface status Up Down As long as the ISCOM2600G HI series switch is working normally the loopback interface will not become Down Thus it is used to identify the physical device as a management address 5 2 2 Preparing for configurations Scenario Use the IP address of the loopback interface to log in through Telnet so that the Telnet operation does not become Down due to change of physical sta...

Page 243: ...m config gigaethernet1 1 port loopback external cvlan vlan id cos cos value svlan vlan id cos cos value dmac mac address smac mac address swap smac mac address swap dmac disable Configure interface loopback 5 2 6 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show interface loopback Show configurations of the loopback interface 5...

Page 244: ...dress in ARP request packets When device B receives ARP request packets from device A it learns the mapping in its address table In this way device B will no longer send ARP request when sending packets to device A learn reply only mode in this mode the ISCOM2600G HI series switch learns ARP response packets with corresponding ARP request only sent by itself For ARP request packets from other devi...

Page 245: ...series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config arp mode learn all learn reply only Configure the aging time of dynamic ARP entries 3 Raisecom config arp aging time time Configure the aging time of dynamic ARP entries 4 Raisecom config arp max learning num number Optional configure the maximum number of dynamic ARP entries allowed...

Page 246: ... id Show information about local proxy ARP 5 3 3 Maintenance Maintain the ISCOM2600G HI series switch as below Command Description Raisecom config clear arp Clear all entries in the ARP address table 5 3 4 Example for configuring ARP Networking requirements As shown in Figure 5 2 the ISCOM2600G HI series switch is connected to the host and is also connected to the upstream Router through GE 1 1 1 ...

Page 247: ...ing Configuration steps Add a static ARP entry Raisecom config Raisecom config arp 192 168 1 10 0050 8d4b fd1e Checking results Use the show arp command to show configurations of the ARP address table Raisecom show arp ARP aging time 1200 seconds default 1200s ARP mode Learn all ARP table Total 1 Static 1 Dynamic 0 Age s status 192 168 1 10 0050 8D4B FD1E vlan10 static PERMANENT ...

Page 248: ... on Switch A and the destination address of the NS message is the multicast address of the requested node of the Switch B The NS message even contains the data link layer address of Switch A Step 2 After receiving the NS message Switch B judges whether the destination address of the NS message is the multicast address of the request node corresponding to the IPv6 address of Switch B If yes Switch ...

Page 249: ...ntries for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config ipv6 neighbor ipv6 address mac address configure static neighbor entries 5 4 5 Configuring times of sending NS messages for detecting duplicated addresses Configure times of sending NS messages for detecting duplicated addresses for the ISCOM2600G HI seri...

Page 250: ... the Layer 3 interface 5 4 7 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show ipv6 neighbors Show all NDP neighbor information 2 Raisecom show ipv6 neighbors ipv6 address Show neighbor information about a specified IPv6 address 3 Raisecom show ipv6 neighbors vlan vlan id Show neighbor information about a specified layer 3 inte...

Page 251: ...he Tx end to inform that the destination address or network is unavailable Static route A static route is the route configured manually thus bringing low requirements on the system It is available to simple small and stable network The disadvantage is that it cannot adapt to network topology changes automatically and needs manual intervention 5 5 2 Preparing for configurations Scenario Configure t...

Page 252: ... Enter global configuration mode 2 Raisecom config router id router id Configure the router ID By default it is 192 168 1 1 3 Raisecom config route recursive lookup tunnel ip prefix listname Configure non labeled public network routes to be recursive to a LSP tunnel 5 5 5 Checking configurations Use the following commands to check configuration results No Item Description 1 Raisecom show router id...

Page 253: ...show ipv6 fib ipv6 address nexthop ipv6 address 7 Raisecom show ip fib summary Show statistics in the routing table Raisecom show ipv6 fib summary 5 5 6 Example for configuring static route Networking requirements Configure the static route to enable any two hosts or ISCOM2600G HI series switch devices successfully to ping through each other as shown in Figure 5 4 Figure 5 4 Configuring static rou...

Page 254: ... 0 10 1 3 3 Step 5 Configure the default gateway of host A to 10 1 5 3 Detailed configurations are omitted Configure the default gateway of host B to 10 1 1 3 Detailed configurations are omitted Configure the default gateway of host C to 10 1 4 3 Detailed configurations are omitted Checking results Use the ping command to check whether any two of all devices can ping through each other SwitchA pin...

Page 255: ...blish matrix and path for routes RIP uses hops as matrix in other words the value 1 indicates a directly connected network while the value 16 indicates an unreachable network The router sends back the entire routing table as the response message Step 3 Receive the message and respond The router receives and processes the response message by adding deleting or modifying routing entries in the routi...

Page 256: ... RIPv2 and RIPng RIPv1 and RIPv2 are applicable to the IPv4 network while RIPng is applicable to the IPv6 network The ISCOM2600G HI series switch supports RIPv1 and RIPv2 RIPv1 RIPv2 Classful routing protocol Classless routing protocol The packet does not contain the subnet mask so devices on the network must use the same subnet mask Otherwise errors will occur Support VLSM The update message carr...

Page 257: ...ork reliability 5 6 2 Configuring basic RIP functions Configure basic RIP functions for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config router rip Enable RIP and enter RIP configuration mode 3 Raisecom config rip network ip address Configure a directly connected and effective network based on RIP 4 Raisecom confi...

Page 258: ...ng RIP version is subjected to the global RIP version 6 Raisecom config vlan1 ip rip send version 1 2 Configure the sending RIP version By default the sending RIP version is subjected to the global RIP version 7 Raisecom config vlan1 ip rip v2 broadcast Configure the interface which runs RIPv2 to send broadcast updates By default it sends multicast updates You can configure RIP version globally an...

Page 259: ...ecking the source IP address of received RIP packets By default it is enabled 5 6 5 Configuring RIP timer Configure the RIP timer for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config rout er rip Enable RIP and enter RIP configuration mode 3 Raisecom config rip timers basic update time invalid time holddown time fl...

Page 260: ...it horizon will be invalid 5 6 7 Configuring authentication Configure authentication for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter interface configuration mode 3 Raisecom config vlan1 ip rip authentication mode text md5 Configure the packet authentication mode...

Page 261: ...ing route calculation Configure route calculation for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config router rip Enable RIP and enter RIP configuration mode 3 Raisecom config rip distance administrative distance ip address wild card mask Configure the administrative distance of RIP namely the protocol priority Th...

Page 262: ... link status OSPF uses the shortest path tree algorithm to calculate routes which guarantees no routing loop Area division OSPF divides the network into different areas for layering management and routing information transmitted across areas is further abstracted thus reducing occupied network bandwidth Equivalent route OSPF supports multiple equivalent routes to the same destination address Multi...

Page 263: ...the route ID cannot be elected the process cannot be created you have to manually configure the router ID DR BDR In a broadcast network any two routers need to exchange routing information Thus route change on a router causes multiple transmissions which wastes bandwidth resources To solve this problem OSPF defines the Designated Router DR which receives information from all routers and then adver...

Page 264: ...rity may become effective for election In this case it does not replace the elected DR BDR and has to wait for next DR BDR election OSPF packets OSPF packets are divided into the following types Hello packet sent periodically used to discover and maintain OSPF neighbor relations It carries timer values DR BDR priority and known neighbor information Database Description DD packet used to synchroniz...

Page 265: ...n with the OSPF router A neighbor is not necessarily in an Adjacency relation and it depends on the network type Only when the two devices exchange DD packets and LSAs and synchronize to the peer LSDB can they become in adjacency relation The ISCOM2600G HI series switch supports up to 32 neighbors Calculating OSPF routes OSPF calculates routes as below Step 1 Each OSPF router generates LSAs accord...

Page 266: ...reduce the number of LSAs advertised to other areas and minimize impact from changes of network topology Router types As shown in Figure 5 6 OSPF routers can be divided into four types according to location in the AS Internal router all interfaces of an interval router belong to only one OSPF area Area Border Router ABR this router may belong to two or more areas which must contain a backbone area...

Page 267: ... area Generally the Totally Stub area is at the border of an AS To make routes from other areas to the AS or external routes of the AS reachable the ABR generates a default route and advertises it to non ABR routers in the area Route types OSPF divides routes into four types by priority in descending order Intra Area route Inter Area route Type1 External route and Type2 External route The Intra Ar...

Page 268: ...onfiguring OSPF route attributes Configuring interface cost Configure the interface cost for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter Layer 3 interface configuration mode 3 Raisecom config gigabitethernet1 1 port ip ospf cost cost Configure the route cost of ...

Page 269: ...as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config router ospf process id router id router id Enable an OSPF process and enter OSPF configuration mode 3 Raisecom config router ospf distance administrative distance Configure the OSPF administrative distance By default it is 110 4 Raisecom config router ospf distance ospf intra area inter area exter...

Page 270: ...nfigure the OSPF network type for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter interface configuration mode 3 Raisecom config gigaethernet1 1 port ip ospf network broadcast non broadcast ptmp ptp Configuring the network type of the Layer 3 interface By default it...

Page 271: ...iority By default no NBMA neighbor is configured and the priority is 0 when you configure the NBMA neighbor Priorities configured by the neighbour and ip ospf priority priority commands are different The priority configured by the neighbor command indicates that whether the neighbor has the right to vote If you configure the priority to 0 when configuring the neighbor the local router judges that ...

Page 272: ...interval on the IP interface By default it is 5s 7 Raisecom config gigaethernet1 1 port ip ospf transmit delay seconds Configure the LSA retransmission delay on the IP interface By default it is 1s When the dead interval is not manually configured the dead interval and poll interval are changed to 4 times of the hello interval after the hello interval is configured When the dead interval is manual...

Page 273: ...mode 2 Raisecom config interface interface type interface number Enter interface configuration mode 3 Raisecom config gigaethernet1 1 port ip ospf passive interface enable Enable passive interface on the OSPF interface By default it is disabled Configuring MTU ignorance By default the value of MTU domain in the DD packet is the MTU value of the interface which sends the DD packet Default MTU value...

Page 274: ...simple Configure the area authentication mode By default it is non authentication Configuring OSPF interface authentication mode Packet authentication prioritizes selecting the interface authentication mode If the interface authentication mode is configured to non authentication mode the area authentication mode will be selected OSPF interfaces cannot establish the neighbor relationship unless the...

Page 275: ...BR to send Summary LSA to the Stub area It means that it is a Totally Stub area and the ABR is available for the Stub only By default no area is the Stub area 4 Raisecom config router ospf area area id default cost cost Configure the default route cost of the Stub area This command is available for the ABR in the Stub area only By default it is 1 5 Raisecom config router ospf area area id nssa no ...

Page 276: ...m config router ospf redistribute ospf process id metric metric metric type 1 2 tag tag value route map map name 4 Raisecom config router ospf redistribute limit limit number Configure the threshold of redistributed OSPF external routes By default no threshold is configured Configuring inter area route aggregation If there are sequent network segments in the area you can configure route aggregatio...

Page 277: ...es By default external routes are not aggregated When external aggregates are aggregated the Metric is the maximum Metric of the LSA by default Configuring default route redistribution Configure default route redistribution for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config router ospf process id router id route...

Page 278: ... for receiving the OSPF inter area routes intra area routes and AS external routes Before configuring OSPF receiving policy ensure that the IP ACL used by the OSPF receiving policy has been created When the ISCOM2600G HI series switch performs filtering based on IP ACL all routes which match with the ACL can pass if the ACL mode is configured to permit Others are filtered You cannot modify the IP ...

Page 279: ...ic connected isis bgp Configure the OSPF advertising policy Raisecom config router ospf distribute list ip access list acl number prefix list list name out ospf process id Before configuring OSPF global distributing policy ensure that the IP ACL used by the OSPF global distributing policy has been created You cannot modify the IP ACL unless it is not used by any routing policy Different from IP AC...

Page 280: ...onfigure the filtering policy and no filtering operation is performed on received routes 5 7 11 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show ip ospf process id Show OSPF basic information 2 Raisecom show ip ospf process id interface interface type interface number Show OSPF interface information 3 Raisecom show ip ospf pro...

Page 281: ... Raisecom show ip ospf process id neighbor statistics Show OSPF statistics or OSPF neighbor statistics 8 Raisecom show ip ospf process id summay address Show OSPF ASBR external route aggregation information 5 7 12 Maintenance Maintain the ISCOM2600G HI series switch as below Command Description Rasiecom clear ip ospf process id process graceful Restart the OSPF process ...

Page 282: ...g network addresses and other extended configuration features With the enlargement of network scale and development of network complexity the number of PCs on a network usually exceeds the maximum number of distributable IP addresses Meanwhile the widely use of laptops and wireless networks lead to frequent changes of locations and also related IP addresses must be updated frequently As a result n...

Page 283: ...structure of a DHCP packet The DHCP packet is encapsulated in a UDP data packet Figure 6 2 Structure of DHCP packet Table 6 1 describes fields of DHCP packets Table 6 1 Fields of a DHCP packet Field Length Description OP 1 Packet type 1 a request packet 2 a reply packet Hardware type 1 Hardware address type of a DHCP client Hardware length 1 Hardware address size of a DHCP client Hops 1 Number of ...

Page 284: ...lient is in bound updated or re bind status used to reply ARP request Your client IP address 4 IP address of the client distributed by the DHCP server Server IP address 4 IP address of the DHCP server Relay agent IP address 4 IP address of the first DHCP hop after the DHCP client sends request packets Client hardware address 16 Hardware address of the DHCP client Server host name 64 Name of the DH...

Page 285: ...red The DHCP client has to renew the IP address for continuous use The DHCP client can release the IP address if it does not want to use the IP address before expiration We recommend configuring the number of DHCP relay devices smaller than 4 if the DHCP client needs to obtain IP address from the DHCP server through multiple DHCP relay devices Prerequisite Create VLANs Add the Layer 3 interface to...

Page 286: ...ddress of the DHCP server Configure DHCP Client for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interfa ce vlan 1 Enter Layer 3 interface configuration mode 3 Raisecom config vlan ip dhcp client class id class id client id client id hostname hostname Optional configure DHCP client information including the ty...

Page 287: ...ew Optional renew the IPv6 address If the Layer 3 interface on the ISCOM2600G HI series switch has obtained an IP address through DHCP the IPv6 address will automatically be renewed when the lease period expires 5 Raisecom config vlan1 ipv6 dhcp client rapid commit Optional enable DHCPv6 Client to apply for rapid interaction 6 1 6 Checking configurations Use the following commands to check configu...

Page 288: ...h DHCP Raisecom config vlan1 ip address dhcp server ip 192 168 1 1 Checking results Use the show ip dhcp client command to show configurations of DHCP Client Raisecom show ip dhcp client DHCP Client Mode Normal Mode Interface vlan1 Hostname Raisecom Class ID Raisecom ROS_5 2 1 Client ID Raisecom 000e5e112233 IF0 DHCP Client Is Requesting For A Lease Assigned IP Addr 0 0 0 0 Subnet Mask 0 0 0 0 Def...

Page 289: ...8 00 00 Client Lease Ends Jan 01 1970 08 00 00 Client Lease Duration 0 sec DHCP Server 0 0 0 0 TFTP Server Name TFTP Server IP Addr Bootfile Filename NTP Server IP Addr Root Path 6 2 Zero configuration 6 2 1 Introduction Zero configuration refers to that the device needs no manual configurations it automatically sends DHCP packets for applying for an IP address to the zero configuration server and...

Page 290: ...onfigurations of zero configuration Default configurations of zero configuration are as below Function Default value Zero configuration polling period 2h Zero configuration mode Enable 6 2 3 Preparing for configuration Scenario To enable the remote device to automatically apply for the IP address after being powered on configure zero configuration To configure zero configuration parameters see the...

Page 291: ...ble zero configuration use the command to configure the DHCP client to common client mode 3 Raisecom config ip dhcp client class id class id client id client id hostname host name Optional configure information about the DHCP client including the host name class ID and client ID Packets carry them when being sent by a client 6 2 5 Optional configuring zero configuration polling Configure zero conf...

Page 292: ...address Then it automatically downloads the configuration file and system files from the TFTP server in the same network segment and loads them Table 6 2 lists planned data Figure 6 6 Zero configuration networking Table 6 2 Planned data Device Parameter DHCP server IPv6 address 3ffe 501 ffff 100 5 64 IPv4 address 172 16 125 201 24 DHCPv6 server pool 3ffe 501 ffff 100 5 64 to 3ffe 501 ffff 100 102 ...

Page 293: ...v6 address of the DHCPv6 server Configure the IPv4 address and IPv6 address of the DHCPv6 server to 172 16 125 201 24 and 3ffe 501 ffff 100 5 64 respectively Configure the NIC of the virtual machine to be bridged with the NIC of the PC Step 5 Configure the DHCPv6 address pool and prefix length Take a DHCPv6 Server program for example Log in to the DHCPv6 Server console through its management addre...

Page 294: ...onfiguration file and system files to be issued to Switch B Step 7 On the PC installed with the virtual machine configure the directory for TFTP Server to read saved files and the IP address of TFTP Server and enable global IPv6 Configure the directory of TFTP Server to bootfile and save the configuration file and system files in this directory Configure the service address of TFTP Server to the I...

Page 295: ...face gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 switchport mode trunk Raisecom config gigaethernet1 1 1 switchport trunk allowed vlan 10 Raisecom config gigaethernet1 1 1 interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 switchport access vlan 10 Power on Switch B After Switch B is powered on it will automatically obtain the IPv6 address and download files Checking results A...

Page 296: ...apping between DHCP client IP address and MAC address DHCP Snooping records entries through monitor request and reply packets received by the trusted interface including client MAC address obtained IP address DHCP client connected interface and VLAN of the interface Then implement following by the record information ARP detection judge legality of a user that sends ARP packet and avoid ARP attack ...

Page 297: ...hrough the Option field and control client security and accounting The device configured with DHCP Snooping and Option can perform related process according to Option field status in the packet Prerequisite N A 6 3 3 Default configurations of DHCP Snooping Default configurations of DHCP Snooping are as below Function Default value Global DHCP Snooping status Disable Interface DHCP Snooping status ...

Page 298: ...g outer vlan id inner vlan list Optional enable DHCP Snooping based on interface or double VLAN Tags 8 Raisecom config ip dhcp snooping option client id Optional configure DHCP Snooping to support Option 61 field 9 Raisecom config ip dhcp snooping autosave enable Optional enable auto saving of the DHCP Snooping binding table 10 Raisecom config ip dhcp snooping autosave write interval time Optional...

Page 299: ...ified interface and in the specified VLAN 7 Raisecom config gigaethernet1 1 port ipv6 dhcp snooping binding max number Configure the maximum number of entries in the DHCPv6 Snooping binding table 8 Raisecom config gigaethernet1 1 port exit Raisecom config ipv6 dhcp snooping option number Optional configure DHCPv6 Snooping to support user defined Options 9 Raisecom config ipv6 dhcp snooping option ...

Page 300: ...sub option to raisecom on GE 1 1 3 and padding information about remote ID sub option to user01 Figure 6 10 DHCP Snooping networking Configuration steps Step 1 Configure global DHCP Snooping Raisecom config Raisecom config ip dhcp snooping Step 2 Configure the trusted interface Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 ip dhcp snooping Raisecom config gigaether...

Page 301: ...4 gigaethernet1 1 2 enabled no 1 4094 gigaethernet1 1 3 enabled no 1 4094 gigaethernet1 1 4 enabled no 1 4094 gigaethernet1 1 5 enabled no 1 4094 gigaethernet1 1 6 enabled no 1 4094 6 4 DHCP Options 6 4 1 Introduction DHCP transmits control information and network configuration parameters through Option field in packet to dynamically assign addresses to provide abundant network configurations for ...

Page 302: ...ormation required by voice calling Through Option 184 the DHCP server can distribute IP addresses for DHCP clients with voice function and meanwhile provide information about voice calling 255 Complete option Options 18 37 61 and 82 in DHCP Option are relay information options in DHCP packets When a DHCP client sends request packets to the DHCP server by passing a DHCP Relay or DHCP Snooping devic...

Page 303: ...tion Default value attach string in global configuration mode N A remote id in global configuration mode Switch mac circuit id in interface configuration mode N A 6 4 4 Configuring DHCP Option fields Configure DHCP Option fields for the ISCOM2600G HI series switch as below All the following steps are optional and in any sequence Step Command Description 1 Raisecom config Enter global configuration...

Page 304: ...mode 3 Raisecom config ipv4 dhcp option option id ascii ascii string hex hex string ip address ip address Optional create user defined Option based on IPv4 Raisecom config interface interface type interface number Raisecom config gigaethernet1 1 port ipv4 dhcp option option id ascii ascii string hex hex string ip address ip address Optional create user defined Option field information on the inter...

Page 305: ...eps are optional and in any sequence Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config ipv6 dhcp option remote id ascii hex string Optional configure information about Option 37 3 Raisecom config interface interface type interface number Raisecom config gigaethernet1 1 port ipv6 dhcp option remote id mac format string Optional configure the format of the ...

Page 306: ...twork address re use and other extended configuration options over BOOTP protocol With the enlargement of network scale and development of network complexity the number of PCs on a network usually exceeds the maximum number of distributable IP addresses Meanwhile the widely use of laptops and wireless networks lead to frequent change of PC positions and also related IP addresses must be updated fr...

Page 307: ...nt obtains the IP address from the DHCP server it cannot use the IP address permanently but in a fixed period which is called the lease period You can specify the duration of the lease period DHCP ensures rational allocation avoids waste of IP addresses and improves the utilization rate of IP addresses on the entire network The ISCOM2600G HI series switch as the DHCP server assigns dynamic IP addr...

Page 308: ...s 2 Bit 1 is the broadcast reply flag used to mark that the DHCP server response packet is transmitted in unicast or broadcast mode 0 unicast 1 broadcast Other bits are reserved Client IP address 4 IP address of the DHCP client only filled when the client is in bound updated or re bound status used to respond to ARP request Your client IP address 4 IP address of the DHCP client assigned by the DHC...

Page 309: ...k length Configure the range of IP addresses in the IPv4 address pool The mask length ranges from 1 to 30 4 Raisecom config pool excluded ip address start ip address end ip address Configure the range of excluded IP addresses in the IPv4 address pool 5 Raisecom config pool lease expired minute infinite Configure the lease period for the IPv4 address pool 6 Raisecom config pool dns server ip addres...

Page 310: ...er are enabled can the Layer 3 interface receive and process DHCP request packets from clients Enable DHCP Server on the VLAN interface for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface vlan vlan id Enter VLAN interface configuration mode 3 Raisecom config vlan1 ip dhcp server Enable DHCP Server on th...

Page 311: ...secom config show ip server pool Show configurations of the address pool of DHCPv4 Server 6 5 8 Example for configuring DHCPv4 Server Networking requirements As shown in Figure 6 13 the switch as a DHCP server assigns IP addresses to DHCP clients The lease period is 8h The name of the IP address pool is pool The range of IP addresses is 172 31 1 2 172 31 1 100 The IP address of the DNS server is 1...

Page 312: ...face Status vlan 1 Enable Use the show ip server pool command to show configurations of the address pool of the DHCP server Raisecom show ip server pool Pool Name poo11 pool type DHCP Address Range 172 31 1 2 172 31 1 100 Address Mask 255 255 255 0 Gateway 0 0 0 0 DNS Server 172 31 100 1 Secondary DNS 0 0 0 0 Tftp Server 0 0 0 0 Lease time 480 minutes Trap Server 0 0 0 0 interface vlan1 option60 6...

Page 313: ...he DHCP server in the specified segment The DHCP server sends required information to the DHCP client through the DHCP relay according to the request packet thus implementing dynamic configuration of the DHCP client 6 6 2 Preparing for configurations Scenario When DHCP Client and DHCP Server are not in the same segment you can use DHCP Relay function to make DHCP Client and DHCP Server in differen...

Page 314: ...and Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface vlan vlan id Enter VLAN interface configuration mode 3 Raisecom config vlan1 ip dhcp relay Enable DHCP Relay on the VLAN interface 4 Raisecom config vlan1 ip dhcp relay target ip ip address Configure the destination IP address for forwarding packets 6 6 6 Configuring global DHCPv6 Relay Configure global D...

Page 315: ...OM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config ip dhcp relay information option Configure DHCP Relay to support Option 82 DHCP Relay supports the Remote ID of Option 82 and is compatible with Huawei Default mode 3 Raisecom config ip dhcp relay information policy drop keep replace Configure the policy for DHCP Relay to ...

Page 316: ...host name is raisecom The switch is connected to the DHCP server through a service interface The DHCP server assigns IP addresses to clients so that the NMS can discover and manage these clients Figure 6 15 DHCP Relay networking Configuration steps Step 1 Enable global DHCP Relay and interface DHCP Relay Raisecom config Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1...

Page 317: ...ial Copyright Raisecom Technology Co Ltd 286 Raisecom config gigaethernet1 1 1 ip dhcp relay target ip 10 0 0 1 Checking results Use the show ip dhcp relay command to show configurations of DHCP Relay Raisecom show ip dhcp relay Interface Status Target Address gigaethernet1 1 1 Enable 10 0 0 1 ...

Page 318: ...ng Bandwidth rate limiting Configuration examples 7 1 Introduction When network applications become more and more versatile users bring forward different Quality of Service QoS requirements on them In this case the network should distribute and schedule resources for different network applications as required When network is overloaded or congested QoS can ensure service timeliness and integrity a...

Page 319: ...implemented through the following techniques Committed Access Rate CAR CAR refers to classifying the packets according to the preconfigured packet matching rules such as IP packets priority the packet source address or destination address The system continues to send the packets if the flow complies with the rules of token bucket Otherwise it discards the packets or remarks IP precedence DSCP EXP ...

Page 320: ...ain and applies the first 6 bits 0 5 to DSCP with value ranging from 0 to 63 the last 2 bits bit 6 and bit 7 are reserved Figure 7 3 shows the structure of ToS and DSCP Figure 7 2 Structure of an IP packet header Figure 7 3 Structures of the ToS priority and DSCP CoS IEEE802 1Q based VLAN packets are modifications of Ethernet packets A 4 byte 802 1Q header is added between the source MAC address a...

Page 321: ...ress direction on the interface The ISCOM2600G HI series switch supports using token bucket for rate limiting including single token bucket and dual token bucket Redirection Redirection refers to redirecting packets to a specified interface instead of forwarding packets according to the mapping between the original destination address and interface thus implementing policy routing The ISCOM2600G H...

Page 322: ...4 5 6 7 DSCP 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 CoS 0 1 2 3 4 5 6 7 Local priority refers to a kind of packet priority with internal meaning assigned by the ISCOM2600G HI series switch and is the priority corresponding to queue in QoS queue scheduling Local priority ranges from 0 to 7 Each interface of the ISCOM2600G HI series switch supports 8 queues Local priority and interface queue a...

Page 323: ...ed as shown in Figure 7 6 Figure 7 6 SP scheduling WRR on the basis of scheduling packets in a polling manner according to the priority the ISCOM2600G HI series switch schedules packets according to the weight based on bytes of the queue as shown in Figure 7 7 Figure 7 7 WRR scheduling DRR similar with WRR on the basis of scheduling packets in a polling manner according to the scheduling sequence ...

Page 324: ...d by adjusting network traffic The traditional packet loss policy uses the Tail Drop mode to process all packets equally without differentiating class of services When congestion occurs packets at the end of a queue are discarded until congestion is resolved This Tail Drop policy may cause TCP global synchronization making network traffic change between heavy and low and affecting link utilization...

Page 325: ...raffic entering the network is within the defined range and it discards or schedules packets Bandwidth guarantee can meet users requirements on service bandwidth and also protect network resources and carriers benefits By configuring the bandwidth guarantee profile and applying it to an interface you can mark different flows green yellow and red The ISCOM2600G HI series switch takes different acti...

Page 326: ...ets to different local priorities but also configure local priority for packets based on interface Then the ISCOM2600G HI series switch will conduct queue scheduling according to local priority of packets Generally IP packets need to be configured with mapping from IP precedence DSCP to local priority while VLAN packets need to be configured with mapping from CoS to local priority Prerequisite N A...

Page 327: ...g Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 1 mls qos trust cos dscp dscp or cos port priority Configure types of priorities trusted by interface CoS exists in the head of 802 1q packets When you use it the interface type must be Trunk Tunnel 4 Raisecom config gigae...

Page 328: ...guration mode 2 Raisecom config mls qos mapping dscp to local priority profile id Create a profile of mapping from DSCP to local priority and color and enter dscp to pri configuration mode 3 Raisecom dscp to pri dscp dscp value to local priority localpri value color green red yellow Optional modify the profile of mapping from DSCP to local priority and color 4 Raisecom dscp to pri exit Raisecom co...

Page 329: ...iguration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 1 mls qos cos remark mapping enable Raisecom config gigaethernet1 1 1 exit Enable CoS remarking on the interface 4 Raisecom config mls qos mapping cos remark profile id Create a CoS remarking profile and enter cos remark configuration mode 5...

Page 330: ...gement 7 3 1 Preparing for configurations Scenario When the network is congested you can configure queue scheduling if you want to Balance delay and delay jitter of various packets preferentially process packets of key services such as video and voice Fairly process packets of secondary services such as Email with identical priority Process packets of different priorities according to respective w...

Page 331: ...figuration mode 3 Raisecom config gigaethernet1 1 port mls qos queue scheduler wrr weigh1 weight2 weight3 weight8 Configure queue scheduling mode as WRR on the interface and the weight for each queue 7 3 5 Configuring DRR or SP DRR queue scheduling Configure DRR or SP DRR for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raise...

Page 332: ...face number Show the weight of queues on the interface 2 Raisecom show mls qos queue statistics interface interface type interface number Show statistics about queues on the interface 3 Raisecom show mls qos queue shaping interface interface type interface list Show queue shaping on the interface 7 4 Configuring congestion avoidance 7 4 1 Preparing for configurations Scenario To avoid network cong...

Page 333: ... check configuration results No Command Description 1 Raisecom show mls qos sred profile profile list Show information about the SRED profile 2 Raisecom show mls qos queue sred interface interface type interface number Show SRED information about the interface 7 5 Configuring traffic classification and traffic policy 7 5 1 Preparing for configurations Scenario Traffic classification is the basis o...

Page 334: ...ion string Optional configure the description of traffic class 7 5 4 Configuring traffic classification rules Configure traffic classification rules for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config class map class map name match all match any Create a traffic class and enter traffic classification cmap configu...

Page 335: ... To limit rate of packets based on traffic policy create a token bucket configure rate limiting and shaping rules on the token bucket quote these rules to the traffic class bound to the traffic policy Create rate limiting rules and shaping rule for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config mls qos policer p...

Page 336: ...m traffic policer set pri green green value red red value yellow yellow value Optional configure the mapping from packets color to local priority 7 5 6 Creating traffic policy Create a traffic policy for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config policy map policy map name Create a traffic policy and enter t...

Page 337: ... configuration mode 2 Raisecom config poli cy map policy map name Create a traffic policy and enter traffic policy pmap configuration mode 3 Raisecom config pmap class map class map name Bind a traffic class with a traffic policy The traffic policy is applied to the packets matching the traffic class At least one rule is required for the traffic class to be bound with the traffic policy otherwise ...

Page 338: ... the interface for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode or VLAN interface configuration mode 3 Raisecom config gigaethernet1 1 port service policy ingress egress policy map name Apply the configured traffic poli...

Page 339: ...escription Raisecom config clear service policy statistics interface interface type interface number ingress egress Clear statistics on QoS packets 7 6 Configuring rate limiting 7 6 1 Preparing for configurations Scenario When the network is congested you want to restrict burst flow on an interface or VLAN to make packets transmitted at a well proportioned rate to remove network congestion In this...

Page 340: ... rate limit If packets are inconsecutive reduce the burst value or increase the rate limit Packets discarded due to rate limiting on the egress interface are included in statistics about packet loss of the ingress interface 7 6 3 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show rate limit interface Show configurations of rate ...

Page 341: ...on or aggregation token bucket for each flow independently and then configure hierarchical token buckets to limit the sum of multiple flows Color aware and marking If enabled with color aware the ISCOM2600G HI series switch is in color aware status in which it can identify whether the ingress flow is marked with color If disabled with color aware the ISCOM2600G HI series switch is in color blind s...

Page 342: ...isecom config interface interface type interface number Raisecom config gigaethernet1 1 port bandwidth ingress egress bwp profile id Apply the bandwidth guarantee profile on the interface Configuring bandwidth guarantee based on interface VLAN Configure bandwidth guarantee based on interface VLAN for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global c...

Page 343: ...guring hierarchical bandwidth guarantee Creating hierarchical CoS bandwidth guarantee Create a hierarchical CoS bandwidth guarantee for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config bandwidth profile profile id cir cir cbs cbs eir eir ebs ebs color aware Create a bandwidth guarantee profile 3 Raisecom config hi...

Page 344: ...e 5 Raisecom config interface interface type interface number Raisecom config gigaethernet1 1 bandwidth ingress egress bwp profile id hierarchy vlan hv profile id Apply the hierarchical VLAN profile on the ingress or egress interface If a hierarchical bandwidth guarantee profile is applied it cannot be deleted or modified 7 7 6 Checking configurations Use the following commands to check configurat...

Page 345: ...ng to different services types For voice service perform SP scheduling to grant high priority For video service perform WRR scheduling with weight value of 50 For data service perform WRR scheduling with weight value of 20 Figure 7 9 Queue scheduling networking Configuration steps Step 1 Configure interface priority trust mode Raisecom name SwitchA SwitchA config SwitchA config interface gigaether...

Page 346: ... qos queue scheduler wrr 1 1 20 1 1 50 0 0 SwitchA config gigaethernet1 1 1 quit Checking results Use the following command to show priority trust mode on the interface Raisecom show mls qos interface Interface TrustMode Priority Cos PriProfile Dscp PriProfile Dscp Mutation Cos Remark gigaethernet1 1 1 cos 0 0 0 0 0 gigaethernet1 1 2 cos 0 1 0 0 0 Use the following command to show configurations o...

Page 347: ...onnected to the ISCOM2600G HI series switch by Switch A Switch B and Switch C User A uses voice and video services User B uses voice video and data services and User C uses video and data services According to service requirements user needs to make rules as below Provide User A with 25 Mbit s guaranteed bandwidth permitting burst flow of 100 Kbytes and discarding excess flow Provide User B with 3...

Page 348: ...ofile userb single Raisecom traffic policer cir 35000 cbs 100 Raisecom traffic policer drop color red Raisecom traffic policer quit Raisecom config mls qos policer profile userc single Raisecom traffic policer cir 30000 cbs 100 Raisecom traffic policer drop color red Raisecom traffic policer quit Step 3 Create and configure the traffic policy Raisecom config policy map usera Raisecom config pmap c...

Page 349: ...Map match any usera id 0 ref 1 Match vlan 1 Raisecom show class map userb Class Map match any userb id 1 ref 1 Match vlan 2 Raisecom show class map userc Class Map match any userb id 2 ref 1 Match vlan 3 Use the show mls qos policer command to show configurations of rate limiting rules Raisecom config show mls qos policer single policer USERC mode flow color blind cir 30000 kbps cbs 100 kB single ...

Page 350: ...r A with 25 Mbit s guaranteed bandwidth permitting burst flow of 100 Kbytes and discarding excess flow Provide User B with 35 Mbit s guaranteed bandwidth permitting burst flow of 100 Kbytes and discarding excess flow Provide User C with 30 Mbit s guaranteed bandwidth permitting burst flow of 100 Kbytes and discarding excess flow Figure 7 11 Rate limiting based on interface Configuration steps Conf...

Page 351: ...it ingress cir 30000 cbs 100 Raisecom config gigaethernet1 1 3 exit Checking results Use the show rate limit port list command to show configurations of rate limiting based on interface Raisecom config show rate limit interface Interface Direction Cir kbps Cbs kb CirOper kbps CbsOper kb gigaethernet1 1 1 ingress 25000 100 25024 101 gigaethernet1 1 2 ingress 30000 100 30016 101 gigaethernet1 1 3 in...

Page 352: ...and paid feature Traditional unicast and broadcast cannot meet these requirements well while multicast has met them timely Multicast is a point to multipoint data transmission method The method can effectively solve the single point sending and multipoint receiving problems During transmission of packets on the network multicast can save network resources and improve information security Compariso...

Page 353: ...f information Each switch on the network will establish their multicast forwarding table according to IGMP packets and finally transmits the information to the actual receiver User B and User C Figure 8 1 Multicast transmission networking In summary the unicast is for a network with sparse users and broadcast is for a network with dense users When the number of users in the network is uncertain un...

Page 354: ...p at any time Group members may be widely distributed in any part of the network Multicast source A multicast source refers to a server which regards multicast group address as the destination address to send IP packet A multicast source can send data to multiple multicast groups multiple multicast sources can send to a multicast group Multicast router A multicast router is a router that supports ...

Page 355: ...e IPv4 multicast address ranges from 224 0 0 0 to 239 255 255 255 Multicast MAC address When the Ethernet transmits unicast IP packets it uses the MAC address of the receiver as the destination MAC address However when multicast packets are transmitted the destination is no longer a specific receiver but a group with an uncertain number of members so the Ethernet needs to use the multicast MAC add...

Page 356: ...in various positions of network and make them cooperate with each other Typically IP multicast working at network layer is called Layer 3 multicast so the corresponding multicast protocol is called Layer 3 multicast protocol including Internet Group Management Protocol IGMP IP multicast working at data link layer is called Layer 2 multicast so the corresponding multicast protocol is called Layer 2...

Page 357: ...t the Leave packet Layer 2 multicast runs on Layer 2 devices between the host and multicast router Layer 2 multicast manages and controls multicast groups by monitoring and analyzing IGMP packets exchanged between hosts and multicast routers to implement forwarding multicast data at Layer 2 and suppress multicast data diffusion at Layer 2 Supported multicast features The ISCOM2600G HI series switc...

Page 358: ...mer of the router interface will be updated when an IGMP Query packet is received Each multicast entry starts a timer namely the aging time of a multicast member The expiration time is IGMP Snooping aging time The multicast member will be deleted if no IGMP Report packets are received in the aging time Update timeout for multicast entry when receiving IGMP Report packets The timer of the multicast...

Page 359: ...erface IGMP ring network forwarding status Disable 8 2 4 Configuring basic functions of Layer 2 multicast Configure basic functions of Layer 2 multicast for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config igmp mrouter vlan vlan id interface type interface number Optional configure the multicast router interface 3...

Page 360: ...lts No Command Description 1 Raisecom show igmp configuration Show IGMP basic configurations 2 Raisecom show igmp mrouter Show configurations of the multicast route interface 3 Raisecom show igmp immediate leave interface type interface number Show configuration of immediate leave on Layer 2 multicast 4 Raisecom show igmp statistics interface type interface number Show Layer 2 multicast statistics...

Page 361: ...oping forwards multicast data through Layer 2 multicast entry When receiving multicast data the ISCOM2600G HI series switch will forward them directly according to the corresponding receiving interface of the multicast entry instead of flooding them to all interfaces to save bandwidth of the ISCOM2600G HI series switch effectively IGMP Snooping establishes a Layer 2 multicast forwarding table of w...

Page 362: ...me out seconds infinite Optional configure the aging time of IGMP members 4 Raisecom config igmp snooping vlan vlan list Optional enable IGMP Snooping on all VLANs 5 Raisecom config vlan vlan id Raisecom config vlan igmp snooping static ip address interface type interface number Optional configure static members of IGMP Snooping in VLAN mode 6 Raisecom config interface interface type interface num...

Page 363: ...ing network Networking requirements Configure IGMP ring forwarding on single Ethernet ring to make multicast service more stable and prevent multicast service from being disrupted by link failure As shown in Figure 8 6 GE 1 1 1 and GE 1 1 2 on Switch A GE 1 1 1 and GE 1 1 2 on Switch B GE 1 1 1 and GE 1 1 2 on Switch C form a physical ring Multicast traffic is input from GE 1 1 1 on Switch B The c...

Page 364: ... config spanning tree mode stp SwitchA config interface gigaethernet 1 1 1 SwitchA config gigaethernet1 1 1 switchport mode trunk SwitchA config gigaethernet1 1 1 switchport trunk native vlan 200 SwitchA config gigaethernet1 1 1 exit SwitchA config interface gigaethernet 1 1 2 SwitchA config gigaethernet1 1 2 switchport mode trunk SwitchA config gigaethernet1 1 2 switchport trunk native vlan 200 C...

Page 365: ... switchport mode trunk SwitchC config gigaethernet1 1 1 switchport trunk native vlan 200 SwitchC config gigaethernet1 1 1 exit SwitchC config interface gigaethernet 1 1 2 SwitchC config gigaethernet1 1 2 switchport mode trunk SwitchC config gigaethernet1 1 2 switchport trunk native vlan 200 Step 2 Enable IGMP Snooping and IGMP ring network forwarding on the interface Configure Switch A SwitchA con...

Page 366: ...as required The proxy mechanism can control and access user information effectively and reduce the network side protocol packet and network load IGMP Querier establishes a multicast packet forwarding list by intercepting IGMP packets between the user and multicast routers IGMP Querier is used in cooperation with IGMP Snooping MVR The following concepts are related to IGMP Querier IGMP packet suppr...

Page 367: ... the specified group query interval It is the interval for the switch continues to send Query packets for the specified group when receiving IGMP Leave packet for a specified group by a host The Query packet for the specified multicast group is sent to query whether the group has members on the interface If yes the members must send Report packets within the maximum response time after the switch ...

Page 368: ...al configure the source IP address for the IGMP querier to send Query packets 4 Raisecom config igmp querier query interval seconds Optional configure the IGMP query interval 5 Raisecom config igmp querier query max response time seconds Optional configure the maximum response time to send Query packets 6 Raisecom config igmp querier last member query interval seconds Optional configure the interv...

Page 369: ... are connected to users All multicast users belong to the same VLAN 10 you need to configure IGMP Snooping on the switch to receive multicast data with the address 234 5 6 7 Enable the IGMP Querier on the switch to reduce communication between the hosts and multicast routers and implement the multicast function When the PC and set top box are added to the same multicast group the switch receives t...

Page 370: ...igaethernet 1 1 1 Raisecom config gigaethernet1 1 1 switchport access vlan 10 Raisecom config gigaethernet1 1 1 exit Step 2 Enable IGMP Snooping Raisecom config igmp snooping Raisecom config igmp snooping vlan 10 Step 3 Configure IGMP Querier Raisecom config igmp querier Raisecom config igmp source ip 192 168 1 2 Checking results Use the following command to show configurations of IGMP Snooping Ra...

Page 371: ...nt VLAN user uses one common multicast VLAN then the multicast data will be transmitted only in one multicast VLAN without copying one for each user VLAN thus saving bandwidth At the same time multicast VLAN and user VLAN are completely isolated which also increases the security Both IGMP MVR and IGMP Snooping can achieve Layer 2 multicast but the difference is multicast VLAN in IGMP Snooping is t...

Page 372: ...faces to the VLANs 8 5 3 Default configurations of IGMP MVR Default configurations of MVR are as below Function Default value Global IGMP MVR status Disable Interface IGMP MVR status Disable Multicast VLAN and group address set N A 8 5 4 Configuring IGMP MVR Configure IGMP MVR for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 ...

Page 373: ...mer VLAN 6 Raisecom config gigaethernet1 1 port igmp mvr user vlan vlan id Optional configure the range for multicast inter VLAN copy to take effect IGMP Snooping and IGMP MVR cannot be enabled concurrently in the same multicast VLAN Otherwise the configuration will fail IGMP Snooping and multicast VLAN copy cannot be enabled concurrently in the same multicast VLAN Otherwise the configuration will...

Page 374: ...customer VLAN thus saving bandwidth Figure 8 9 MVR networking Configuration steps Step 1 Create VLANs on Switch A and add interfaces to them Raisecom config config Raisecom config create vlan 3 12 13 active Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 switchport mode trunk Raisecom config gigaethernet1 1 1 switchport trunk native vlan 13 Raisecom config gigaethern...

Page 375: ... config gigaethernet1 1 1 exit Raisecom config interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 igmp mvr Raisecom config gigaethernet1 1 2 igmp mvr user vlan 12 Raisecom config gigaethernet1 1 2 exit Raisecom config igmp mvr mcast vlan 3 group 234 5 6 7 Raisecom config igmp mvr mcast vlan 3 group 225 1 1 1 Checking results Use the following command to show IGMP MVR configurations on ...

Page 376: ...d disallow the interface to receive this group of multicast data IGMP filtering profile can be configured on an interface or interface VLAN IGMP Profile only applies to dynamic multicast groups but not static ones Limit to the maximum number of multicast groups You can configure the maximum number of multicast groups allowed to join based on interface or interface VLAN and the rules to restrict th...

Page 377: ...r the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config igmp filter Enable global IGMP filtering When configuring IGMP filtering profile or the maximum group number use the igmp filter command to enable global IGMP filtering 8 6 5 Configuring IGMP filtering profile IGMP filtering profile can be used to interface or int...

Page 378: ...ream interface Perform the command of igmp filter profile profile number in interface configuration mode to make the created IGMP profile apply to the specified interface One IGMP profile can be applied to multiple interfaces but each interface can have only one IGMP profile 8 6 6 Configuring maximum number of multicast groups You can add the maximum number of multicast groups applied to interface...

Page 379: ...ce type interface number vlan vlan id Show configurations of IGMP filtering 2 Raisecom show igmp filter profile profile number Show information about the IGMP profile 8 6 8 Example for applying IGMP filtering on interface Networking requirements Enable IGMP filtering on the switch Add filtering rules on the interface to filter multicast users As shown in Figure 8 10 Create an IGMP filtering rule P...

Page 380: ...xit Raisecom config interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 switchport mode trunk Raisecom config gigaethernet1 1 2 switchport trunk native vlan 13 Raisecom config gigaethernet1 1 2 switchport trunk untagged vlan 3 Raisecom config gigaethernet1 1 2 exit Raisecom config interface gigaethernet 1 1 3 Raisecom config gigaethernet1 1 3 switchport mode trunk Raisecom config gigaet...

Page 381: ...igure the STB to apply the IGMP filtering profile Raisecom config igmp filter Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 igmp filter profile 1 Step 5 Configure the maximum number of multicast groups on the STB interface Raisecom config gigaethernet1 1 1 igmp filter max groups 1 Raisecom config gigaethernet1 1 1 igmp filter max groups action replace Checking resu...

Page 382: ...he multicast VLAN and multicast group address and copies multicast data for each user VLAN on the egress interface Both multicast VLAN copy and IGMP MVR can implement multicast functions when user VLANs and the multicast VLAN are in different VLANs Their difference is that multicast data of IGMP MVR can be forwarded in a multicast VLAN but multicast VLAN copy is used to copy multicast data to each...

Page 383: ...st VLAN and corresponding group address set It supports up to 1024 multicast groups 8 7 2 Preparing for configurations Scenario As shown in Figure 8 13 multiple hosts belonging to different VLANs receive data of the multicast source Enable multicast VLAN copy on Switch B and configure multicast VLAN so that multicast data is copied on the receiving interface to the user VLAN and users of different...

Page 384: ...multicast VLAN copy are as below Function Default value Global multicast VLAN copy status Disable Interface multicast VLAN copy status Disable Multicast VLAN and group address set N A To concurrently configure N 1 VLAN mapping and VLAN copy you must configure VLAN copy and then configure N 1 VLAN mapping To concurrently configure N 1 VLAN mapping and PIM you must configure PIM and then configure N...

Page 385: ...members of VLAN copy Configure static multicast members of VLAN copy for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port igmp vlan copy mcast vlan vlan id static ip address user vlan ...

Page 386: ...mation about multicast group members of multicast VLAN copy on the specified interface 5 Raisecom show igmp vlan copy member user vlan vlan id Show information about multicast group members of multicast VLAN copy in the specified user VLAN 6 Raisecom show igmp vlan copy vlan group mcast vlan vlan id Show the multicast VLAN and bound group address set of multicast VLAN copy 8 8 MLD 8 8 1 Introducti...

Page 387: ...d the retransmission mechanism to the querying and response packets 8 8 2 Preparing for configurations Scenarios Multicast arising in the IPv4 era solves the problem of single point sending and multi point receiving and transmits data efficiently point to multiple points on the network thus saving network bandwidth and lowering network load It is enhanced on the IPv4 network By listening MLD messa...

Page 388: ... robust factor and configure the expiration time for a member to leave the group as Group Membership Interval GMI GMI robust value lastmember queryinterval 5 Raisecom config mld report suppression Optional enable Report suppression When receiving multiple Report packets from the same group in a specified period the ISCOM2600G HI series switch forwards only one Report packet to the router interface...

Page 389: ...2 Raisecom config mld querier Enable MLD querier 3 Raisecom config mld source ip ip address Optional configure the source IP address for MLD Querier to send Query packets 4 Raisecom config mld query interval seconds Optional configure the MLD query interval 5 Raisecom config mld query max response time seconds Optional configure the maximum response time of Query packets 6 Raisecom config mld last...

Page 390: ...or interface VLAN Configure the MLD filtering profile for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config mld filter profile profile number Create a MLD profile and enter profile configuration mode 3 Raisecom config mld profile permit deny Configure the action of the MLD profile 4 Raisecom config mld profile rang...

Page 391: ...oup number vlan vlan list Apply the maximum number of groups to the physical interface or interface VLAN Raisecom config port channel1 mld filter max groups group number vlan vlan list Apply the maximum number of groups to the LAG interface or interface VLAN 4 Raisecom config gigaethernet1 1 port mld filter max groups action drop replace vlan vlan list Optional configure the action to be taken whe...

Page 392: ...multicast group members of MLD Snooping 6 Raisecom show mld statistics interface type interface number Show statistics of MLD statistics 7 Raisecom show mld filter interface gigaethernet interface number vlan vlan id Show configuration of MLD filtering 8 Raisecom show mld filter profile profile number Show configurations of the MLD filtering profile 9 Raisecom show mld configuration Show basic con...

Page 393: ...ength and network size of Telecom network is bigger and bigger The lack of effective management and maintenance mechanism has seriously obstructed Ethernet technology applying to the Telecom network To confirm connectivity of Ethernet virtual connection effectively detect confirm and locate faults on network balance network utilization measure network performance and provide service according Serv...

Page 394: ...DU to the peer active OAM entity to inform the following threshold events By default 3 Dying Gasp Traps are sent Therefore the network administrator can dynamically master the network status through the link monitoring process Error frame event the number of error frames exceeds the threshold in a time unit Error frame period event the number of error frames exceeds the threshold in a period speci...

Page 395: ...ernet in the First Mile EFM is a link level Ethernet OAM technology It provides link connectivity detection link fault monitoring and remote fault notification for a link between two directly connected devices EFM is mainly used for Ethernet links on edges of the network accessed by users 9 2 2 Preparing for configurations Scenario Deploying EFM feature between directly connected devices can effic...

Page 396: ...g basic functions of EFM Configure basic functions of EFM for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interf ace interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 1 oam active passive Raisecom config gigaethernet1 1 1 exit Configure the wor...

Page 397: ...and controls whether to respond to the loopback command Configure OAM remote loopback for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interf ace interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 1 oam remote loopback Configure the interface to ...

Page 398: ...as the maximum unit Each object contains Package and Attribute A package contains several attributes Attribute is the minimum unit of a variable When getting an OAM variable it defines object package branch and leaf description of attributes by Clause 30 to describe requesting object and the branch and leaf are followed by variable to denote object responds variable request The ISCOM2600G HI serie...

Page 399: ...er receives event notification and reports the NView NNM system through SNMP Trap Besides the local device can directly report events from a specified interface to the NView NNM system center through SNMP Trap Configure OAM link monitoring for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface ty...

Page 400: ...1 1 1 oam notify critical event dying gasp errored frame errored frame period errored frame seconds errored symbol period enable Enable the OAM fault notification to notify the peer device of local fault Configuring local OAM event Trap Configure local OAM event alarm for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom ...

Page 401: ... gigaethernet interface number Show information about the peer EFM OAM and interface statistical variable 9 2 8 Maintenance Maintain the ISCOM2600G HI series switch as below Command Description Raisecom config gigaethernet1 1 1 clear oam statistics Clear statistics on links of the EFM OAM interface Raisecom config gigaethernet1 1 1 clear oam event Clear EFM OAM link events Raisecom config clear oa...

Page 402: ... cannot diffuse into MD 1 MD 2 is a server layer while MD 1 is a client layer Figure 9 2 MDs at different levels Service instance The service instance is also called Maintenance Association MA It is a part of a MD One MD can be divided into one or multiple service instances One service instance corresponds to one service and is mapped to a group of VLANs VLANs of different service instances cannot...

Page 403: ...t is believed that the link fails Then a fault Trap will be sent according to configured alarm priority Fault acknowledgement LoopBack LB This function is used to verify the connectivity between two MPs through the source MEP sending LoopBack Message LBM and the destination MP sending LoopBack Reply LBR The source MEP sends a LBM to a MP who needs to acknowledge a fault When receiving the LBM the ...

Page 404: ...er When an Up MEP has a fault occurs at the client side it will periodically send CSF packets with LOS labels to the peer MEP After receiving these packets the peer MEP will report CSF alarms When the client side fault is cleared the local MEP will send 3 consecutive CSF packets with DCI labels When receives theses packets the peer MEP will exit the CSF status and report the CSF clearance alarm Th...

Page 405: ...sic functions of CFM Configure basic functions of CFM for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config e thernet cfm domain md name domain name level level Create a MD If a MD name is assigned by the md name parameter it indicates that the MD is in IEEE 802 1ag style and all MAs and CCMs in the MD are in 802 1...

Page 406: ...0 20 and service instance 2 is mapped to VLANs 15 30 Therefore VLANs 15 20 are crossed This configuration is illegal 5 Raisecom config service service mep up down mpid mep id interface type interface number port channel port channel priority priority Configure MEPs based on a service instance When configuring a MEP based on a service instance you must ensure that the service instance is mapped to ...

Page 407: ... cannot be modified when CCM delivery is enabled When the device sends hardware CC packets in the Down direction or the Up direction of 802 1ag style it can support the 3ms 10ms 100ms parameters When it sends software CC packets in the Up direction of the Y 1731 style it does not support the 3ms 10ms 100ms parameters 5 Raisecom config service service cc enable mep mep id list all Enable MEPs to se...

Page 408: ...BMs LTMs and DMMs sent by MEPs in a service instance will use the assigned priority By default the priority is 7 10 Raisecom config snmp server trap cfm all macremerr remerr ccmerr xcon none mep all mep list Optional configure the alarm level of CFM OAM 9 3 6 Configuring fault acknowledgement Configure CFM fault acknowledgement for the ISCOM2600G HI series switch as below Step Command Description ...

Page 409: ...rce MEP is invalid For example the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is If the Ping operation is performed on the specified destination MEP ID it will fail when the MAC address of the destination MEP fails to be found according to the MEP ID The Ping operation will fail if other users are using the specified source MEP to perform...

Page 410: ...rwise the Traceroute operation fails If there is no MEP in a service instance the Traceroute operation will fail because of failing to find source MEP The Traceroute operation will fail if the specified source MEP is invalid For example the specified source MEP does not exist or CFM is disabled on the interface where the specified source MEP is If the Traceroute operation is performed on the speci...

Page 411: ...ult this function is enabled 9 3 9 Configuring Ethernet locked signal Configuring Ethernet locked signal on the server layer device Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config serv ice cisid level level Enter service instance configuration mode 3 Raisecom config service service lck start mep all mep list Enable the function of sending LCK packets By...

Page 412: ...on of sending CSF packets By default this function is disabled 4 Raisecom config service service csf period 1 60 Configure the period for sending CSF packets By default the period for sending CSF packets is 1s 5 Raisecom config service service csf trap enable Enable the function of sending CSF Traps upstream This function is applicable to PW OAM only By default this function is disabled 9 3 11 Con...

Page 413: ... level static Show configurations of the static RMEP 7 Raisecom show ethernet cfm remote mep level level service service instance mpid mep id Show information about RMEP discovery 8 Raisecom show ethernet cfm suppress alarms level level Show configurations of CFM alarm suppression 9 Raisecom show ethernet cfm traceroute cache Show information about route discovery of the Traceroute database 9 3 13...

Page 414: ...gigaethernet1 1 1 exit SwitchA config interface gigaethernet 1 1 2 SwitchA config gigaethernet1 1 2 switchport mode trunk SwitchA config gigaethernet1 1 2 exit Configure Switch B Raisecom hostname SwitchB SwitchB config SwitchB config interface gigaethernet 1 1 1 SwitchB config gigaethernet1 1 1 switchport mode trunk SwitchB config gigaethernet1 1 1 exit SwitchB config interface gigaethernet 1 1 2...

Page 415: ... remote mep 302 SwitchA config service service cc enable mep all SwitchA config service exit SwitchA config ethernet cfm enable Configure Switch B SwitchB config ethernet cfm domain level 3 SwitchB config service ma1 level 3 SwitchB config service service vlan list 100 SwitchB config service exit SwitchB config ethernet cfm enable Configure Switch C SwitchC config ethernet cfm domain level 3 Switc...

Page 416: ...service ma1 Traceroute send via port1 Hops HostMac Ingress EgressPort IsForwarded RelayAction NextHop 1 000E 5E00 0003 2 1 Yes rlyFdb 000E 5E00 0003 2 000E 5E00 0003 1 2 Yes rlyFdb 000E 5E00 0001 3 000E 5E00 0001 1 No rlyHit 000E 5E00 0002 Checking results Use the show ethernet cfm command to show CFM configurations on the ISCOM2600G HI series switch Take Switch A for example SwitchA show ethernet...

Page 417: ...work performance between them Configure SLA operation on Switch A with its destination address as Switch B and then conduct scheduling to test network performance In this way the upper layer application such as NView NNM can obtain the roundtrip packet loss rate roundtrip delay and jitter through SLA statistics and then analyze network performance and provide the user with required data Basic SLA ...

Page 418: ...acket loss rate tests 9 4 2 Preparing for configurations Scenario The carrier and users sign SLA to guarantee that users can enjoy certain quality network service To perform SLA protocol effectively carrier needs to deploy SLA feature test performance on the device and the test result is evidence to ensure user s performance SLA chooses two testing nodes configures SLA operation on one node and sc...

Page 419: ...e Threshold alarm status disable 9 4 5 Creating SLA operation Create an SLA operation for the ISCOM2600G HI series switch as below All following steps are optional and in any sequence Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config sla oper num y1731 pkt loss slm remote mac mac address level level id svlan vlan id cos cos value interval interval num siz...

Page 420: ... the private TLV this may affect interoperability with devices of other vendors 9 4 6 Configuring SLA scheduling Configure SLA scheduling for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config sla schedule oper num life forever life time period period Configure information about scheduling the SLA operation and enab...

Page 421: ...ndow Configure the maintenance window for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config sla maintenance start stop Start Stop the maintenance window of SLA operations 9 4 9 Configuring availability test Configure the availability test for the ISCOM2600G HI series switch as below Step Command Description 1 Raise...

Page 422: ...enable Optional enable availability status change alarm 3 Raisecom config sla oper num loss pkt trap current average enable Enable threshold crossing alarm during operations Raisecom config sla oper num delay trap jitter trap current average ds sd two way enable 4 Raisecom config sla alarm threshold enable Optional enable threshold alarm 9 4 11 Checking configurations Use the following commands to...

Page 423: ...king Configuration steps Step 1 Configure CFM on the Switch For details see section 9 3 13 Example for configuring CFM Step 2 Configure y1731 pkt loss operation on Switch C and enable operation scheduling Switch_C config Switch_C config sla 2 y1731 pkt loss remote mac 000e 5e00 0001 level 3 svlan 3 Switch_C config sla schedule 2 life 20 period 10 Checking results Use the show sla configuration com...

Page 424: ...tted At the initial stage of the session both systems negotiate through parameters carried on the control packets such as session identifiers of two endpoints the minimum interval for receiving and sending packets BFD session status of the local endpoint When the negotiation is successful both systems send BFD control packets according to negotiated time of receiving and sending packets Modes for ...

Page 425: ...2VPN network The L2VPN network rapidly detects faults of the Tunnel or PW and guides the rapid switching of carried services thus protecting services BFD based on CR LSP use BFD to detect CR LSP and thus rapidly detect LSP faults thus triggering the switching of service traffic among different CR LSPs in the same TE Tunnel BFD based on ISIS BFD based on OSPF 9 5 2 Preparing for configurations Scen...

Page 426: ...al detection multiplier minimum sending interval and minimum receiving interval for dynamic BFD sessions globally or on the interface Configure them globally for the multi hop IP address Configure them on the interface for single IP address or default IP address 4 Raisecom config bfd session description description Configure the description of the BFD session 5 Raisecom config bfd session local di...

Page 427: ...e identifier is configured The remote identifier is automatically generated by the system if not configured 10 Raisecom config bfd session session enable Enable BFD session By default it is disabled 9 5 5 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show bfd Show BFD global configurations 2 Raisecom show bfd session id config S...

Page 428: ...rotection Configuring anti ARP attack 10 1 ACL 10 1 1 Introduction Access Control List ACL is a set of ordered rules which can control the ISCOM2600G HI series switch to receive or refuse some data packets You need to configure rules on the network to prevent illegal packets from affecting network performance and determine the packets allowed to pass These rules are defined by ACL ACL is a series ...

Page 429: ...t learn and show the source MAC address User ACL this type can perform the AND operation with the mask from a specified byte in the packet header or IP header compares the character string extracted from the packet with the user defined character string and thus find matching packets This type supports matching any field in the first 64 bytes of the Ethernet frame IPv6 ACL define classification ru...

Page 430: ...CL number is 5000 5999 this configuration enters User ACL configuration mode When the ACL number is 6000 6999 this configuration enters IPv6 ACL configuration mode When the ACL number is 7000 7999 this configuration enters advanced ACL configuration mode 3 Raisecom config acl ip std rule rule id deny permit source ip address source ip mask any Optional configure the matching rule for basic IP ACL ...

Page 431: ... source port maximum source port rst rst value syn syn value tos tos value urg urg value ttl ttl value time range time range name 5 Raisecom config acl mac rule rule id deny permit source mac address source mac mask any destination mac address destination mac mask any ethertype ethertype ethertype mask ip arp svlan svlanid cos cos value cvlan cvlanid inner cos inner cos time range time range name ...

Page 432: ...ange time range name Optional configure the matching rule for MAP ACL 8 Raisecom config acl advanced rule rule id deny permit source mac address source mac mask any destination mac address destination mac mask any svlan svlanid cos cos value cvlan cvlanid inner cos inner cos source ip address source ip mask any destination ip address destination ip mask any dscp dscp value ttl ttl value fragment p...

Page 433: ... Enter global configuration mode 2 Raisecom config interface interface type interface number Enter interface configuration mode You can use this command on the VLAN interface 3 Raisecom config gigaethernet1 1 port filter egress ingress access list acl number statistics Apply ACL on the interface 10 1 6 Checking configurations Use the following commands to check configuration results No Command Des...

Page 434: ...following three categories Static secure MAC address The static secure MAC address is configured by user on secure interface manually this MAC address will take effect when port security MAC is enabled Static secure MAC address does not age and supports loading configuration Dynamic secure MAC address The dynamic secure MAC address is learnt by the device You can configure the learnt MAC address t...

Page 435: ...nformation and send an alarm to the NMS Shutdown mode for illegal access users the secure interface will discard the user s packets and the console will print Syslog information send an alarm to the NMS and then shut down the secure interface When the MAC address is flapping in other words secure interface A is accessed by a user corresponding to a secure MAC address that is already on secure inte...

Page 436: ...e We do not recommend co configuring them concurrently Port security MAC and interface interface VLAN based MAC number limit are mutually exclusive which cannot be configured concurrently Configure basic functions of port security MAC for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type in...

Page 437: ...ion mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port switchport port security Enable port security MAC 4 Raisecom config gigaethernet1 1 port switchport port security mac address mac address vlan vlan id Configure the static secure MAC address 10 2 6 Configuring dynamic secure MAC address Confi...

Page 438: ...y command can enable port security MAC and dynamic secure MAC learning at the same time 10 2 7 Configuring sticky secure MAC address We do not recommend configuring sticky secure MAC addresses when port sticky security MAC is disabled Otherwise port sticky security MAC may malfunction Configure the sticky secure MAC address for the ISCOM2600G HI series switch as below Step Command Description 1 Ra...

Page 439: ...port security all configured dynamic sticky Clear a specified type of secure MAC addresses on a specified interface 10 2 10 Example for configuring port security MAC Networking requirements As shown in Figure 10 1 the Switch connects 3 user networks To ensure security of data accessed from the interface configure the Switch as below GE 1 1 1 allows up to 3 users to access the network One of specif...

Page 440: ... protect Raisecom config gigaethernet1 1 1 switchport port security trap enable Raisecom config gigaethernet1 1 1 exit Raisecom config port security aging time 10 Step 2 Configure the secure MAC address on GE 1 1 2 Raisecom config interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 switchport port security Raisecom config gigaethernet1 1 2 switchport port security maximum 2 Raisecom con...

Page 441: ...nt vio action Dynamic Trap Aging Type gigaethernet1 1 1 Enable 3 1 1 0 protect Enable Absolute gigaethernet1 1 2 Enable 2 0 0 0 restrict Disable Absolute gigaethernet1 1 3 Enable 1 1 1 0 shutdown Disable Absolute gigaethernet1 1 4 Disable 1024 0 0 0 protect Disable Absolute gigaethernet1 1 5 Disable 1024 0 0 0 Use the show port security mac address command to show configurations and learning of se...

Page 442: ...rusted interface the interface will stop ARP inspection which conducts no ARP protection on the interface All ARP packets are allowed to pass Untrusted interface the interface takes ARP protection Only ARP packets that match the binding table rules are allowed to pass Otherwise they are discarded Figure 10 2 Principles of dynamicARP inspection Figure 10 2 shows principles of dynamic ARP inspection...

Page 443: ...RP packets from unsafe sources Whether to trust ARP packets depend on the trusting status of an interface while ARP packets meet requirements depends on the ARP binding table Prerequisite Enable DHCP Snooping if there is a DHCP user 10 3 3 Default configurations of dynamic ARP inspection Default configurations of dynamic ARP inspection are as below Function Default value Dynamic ARP inspection int...

Page 444: ... arp inspection static config Enable global static ARP binding 3 Raisecom config ip arp inspection binding ip address mask mac address vlan vlan id interface type interface number Configure the static binding 10 3 6 Configuring dynamic binding of dynamic ARP inspection Before enabling dynamic binding of dynamic ARP inspection you need to use the ip dhcp snooping command to enable DHCP Snooping Con...

Page 445: ...sical layer interface configuration mode 3 Raisecom config gigaethernet1 1 port ip arp rate limit rate rate value Configure the rate limit of ARP packets on the interface 10 3 9 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show ip arp inspection Show configurations of dynamic ARP inspection 2 Raisecom show ip arp inspection bin...

Page 446: ...10 3 Configuring dynamic ARP inspection Configuration steps Step 1 Configure GE 1 1 3 as the trusted interface Raisecom config Raisecom config interface gigaethernet 1 1 3 Raisecom config gigaethernet1 1 3 ip arp inspection trust Raisecom config gigaethernet1 1 3 exit Step 2 Configure static binding Raisecom config ip arp inspection static config Raisecom config ip arp inspection binding 10 10 10 ...

Page 447: ...ble DHCP Snooping ARP Inspection Disable ARP Inspection Protect Vlan 1 4094 Bind Rule Num 1 Vlan Rule Num 0 Bind Acl Num 1 Vlan Acl Num 0 Remained Acl Num 511 Port Trust gigaethernet1 1 1 no gigaethernet1 1 2 no gigaethernet1 1 3 yes gigaethernet1 1 4 no gigaethernet1 1 5 no gigaethernet1 1 6 no gigaethernet1 1 7 no Use the show ip arp inspection binding command to show information about the dynam...

Page 448: ...he RADIUS server receives user connection requests authenticates users and replies them with configurations for providing services In this way RADIUS can control user to access devices and network thus improving network security Communication between clients and RADIUS server is authenticated by the shared key which will not be transmitted on the network Besides any user password to be transmitted...

Page 449: ...meout of the RADIUS server 3s IP address of the RADIUS accounting server 0 0 0 0 Port ID of the RADIUS authentication server 1812 Port ID of the RADIUS accounting server 1813 Shared key for communicating with the RADIUS accounting server N A Processing policy for accounting failure Online Period for sending Account Update packets 0 10 4 4 Configuring RADIUS authentication Configure RADIUS authenti...

Page 450: ... radius radius local server no response radius user Configure the authentication mode for users to enter the privileged EXEC mode to RADIUS 10 4 5 Configuring RADIUS accounting Configure RADIUS accounting for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom aaa accounting login enable Enable RADIUS accounting 2 Raisecom radius backup accounting server ip address account...

Page 451: ...ate packets and Accounting End packets 10 4 6 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show radius server Show configurations of the RADIUS server 2 Raisecom show aaa Show configurations of RADIUS accounting 10 4 7 Example for configuring RADIUS Networking requirements As shown in Figure 10 4 to control a user from accessin...

Page 452: ...ccounting for login user through RADIUS Raisecom aaa accounting login enable Raisecom radius accounting server 192 168 1 1 Raisecom radius accounting server key raisecom Raisecom aaa accounting fail offline Raisecom aaa accounting update 2 Checking results Use the show radius server to show RADIUS configurations Raisecom show radius server Radius timeout 3s Authentication server IP 192 168 1 1 por...

Page 453: ... with UPD port used by RADIUS TACACS encrypts the holistic of packets except the standard head of TACACS and there is a field to show whether the data packets are encrypted in the head of packet Compared to RADIUS user password encryption the TACACS is much safer TACACS authentication function is separated from authorization and accounting functions it is more flexible in deployment In a word TACA...

Page 454: ...ommand authorize enable disable Enable TACACS command authorization 10 5 5 Configuring TACACS authentication Configure TACACS authentication for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom tacacs server backup ip address auth port port id Assign the IP address and port number for the TACACS authentication server Configure the backup parameter to assign the backup T...

Page 455: ...ssign the IP address and UDP port ID for the TACACS accounting server Configure the backup parameter to assign the backup TACACS accounting server 3 Raisecom tacacs server key string Raisecom tacacs backup accounting server encrypt key string Configure the shared plaintext or ciphertext key to communicate with the TACACS accounting server 4 Raisecom aaa accounting fail offline online Configure the...

Page 456: ...nance Maintain the ISCOM2600G HI series switch as below Command Description Raisecom clear tacacs statistics Clear TACACS statistics 10 5 10 Example for configuring TACACS Networking requirements As shown in Figure 10 5 configure TACACS authentication on Switch A to authenticate login user and control users from accessing the ISCOM2600G HI series switch Figure 10 5 TACACS networking Configuration ...

Page 457: ...e broadcast unknown multicast and unknown unicast packets broadcast storm occurs If you do not control broadcast packets broadcast storm may occur and occupy much network bandwidth Broadcast storm can degrade network performance and impact forwarding of unicast packets or even lead to communication halt Restricting broadcast flow generated from network on Layer 2 device can suppress broadcast stor...

Page 458: ...controls is performed in the following forms Radio bandwidth ratio the allowed percentage of broadcast unknown multicast or unknown unicast traffic to total bandwidth Bits Per Second BPS the number of bits allowed to pass per second Packet Per Second PPS the number of packets allowed to pass per second The ISCOM2600G HI series switch supports BPS and PPS storm control 10 6 2 Preparing for configur...

Page 459: ...n id Raisecom config interface port channel port channel number Enter physical layer interface configuration mode VLAN configuration mode or aggregation group configuration mode 4 Raisecom config gigaethernet1 1 port storm control broadcast unknown multicast dlf all bps value burst value pps value Raisecom config vlan storm control broadcast unknown multicast dlf all bps value burst value pps valu...

Page 460: ...5 Configuring DLF packet forwarding Configure DLF packet forwarding for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config dlf forwarding enable Enable DLF packet forwarding on an interface 10 6 6 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show...

Page 461: ...ps Enable storm control and configure the threshold for storm control Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 storm control broadcast bps 640 Raisecom config gigaethernet1 1 1 exit Raisecom config interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 storm control broadcast bps 640 Checking results Use the show storm control command to show configura...

Page 462: ...authentication server Figure 10 7 802 1x structure Interface access control modes The authenticator uses the authentication server to authenticate clients that need to access the LAN and controls interface authorized unauthorized status through the authentication results You can control the access status of an interface by configuring access control modes on the interface 802 1x authentication sup...

Page 463: ...protocol packet and sends the RADIUS protocol packet to the authentication server Step 5 The authentication server compares the received user name with the one in the database finds the password for the user and encrypts the password with a randomly generated encryption word Meanwhile it sends the encryption word to the authenticator who then sends the encryption word to the suppliant Step 6 The s...

Page 464: ...orization response packet during the supp timeout the ISCOM2600G HI series switch will re send the Request Challenge packet The ISCOM2600G HI series switch sends this packet twice in total Server timeout Authentication server timeout timer The timer defines the total timeout period of sessions between authorizer and the RADIUS server When the configured time is exceeded the authenticator will end ...

Page 465: ...on mode 2 Raisecom config dot1x enable Enable global 802 1x 3 Raisecom config dot1x authentication method chap pap eap Configure global authentication mode 4 Raisecom config dot1x auth mode radius local tacacs Configure the mode of 802 1x authentication 5 Raisecom config dot1x free ip ip address ip mask mask lenth Configure the IP address segment available for 802 1x terminal users who fail to be ...

Page 466: ...global interface 802 1x is enabled Authorized interfaces are still in this mode during re authentication If re authentication fails the interfaces are in unauthorized state Configure 802 1x re authentication for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physic...

Page 467: ...he period for retransmitting KeepAlive packets by interface 802 1x 10 7 7 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show dot1x interface type interface number Show 802 1x configurations on the interface 2 Raisecom show dot1x interface type interface number statistics Show 802 1x statistics on the interface 3 Raisecom show do...

Page 468: ... the password is raisecom The interface control mode is auto After the PC passes authentication the Switch will start reauthentication every 600s Figure 10 8 Dot1x networking Configuration steps Step 1 Configure the IP addresses of the Switch and RADIUS server Raisecom config Raisecom config interface vlan 1 Raisecom config vlan1 ip address 10 10 0 1 255 255 0 0 Raisecom config vlan1 exit Raisecom...

Page 469: ...rface Raisecom show dot1x gigaethernet 1 1 1 802 1x Global Admin State enable 802 1x Authentication Method chap 802 1x Authentication Mode radius Port gigaethernet1 1 1 802 1X Port Admin State enable PAE Authenticator PortMethod Portbased PortControl Auto ReAuthentication enable KeepAlive enable QuietPeriod 60 s ServerTimeout 100 s SuppTimeout 30 s ReAuthPeriod 600 s TxPeriod 30 s KeepalivePeriod ...

Page 470: ... automatically from DHCP Snooping to complete the interface control which fits for the case where there are many hosts and you need to adopt DHCP to perform dynamic host configurations Dynamic binding can effectively prevent IP address conflict and embezzlement Principles of IP Source Guard Principles of IP Source Guard are to create an IP source binding table within the ISCOM2600G HI series switc...

Page 471: ... Enable DHCP Snooping if there are DHCP users 10 8 3 Default configurations of IP Source Guard Default configurations of IP Source Guard are as below Function Default value IP Source Guard static binding Disable IP Source Guard dynamic binding Disable Interface trust status Untrusted 10 8 4 Configuring interface trust status of IP Source Guard Configure the interface trust status of IP Source Guar...

Page 472: ... identical IP address the manually configured static binding will cover the dynamic binding However it cannot cover the existing static binding When the static binding is deleted the system will recover the covered dynamic binding automatically Configuring IP Source Guard dynamic binding Configure IP Source Guard dynamic binding for the ISCOM2600G HI series switch as below Step Command Description...

Page 473: ... rate limit of IP source guard for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config ip verify source ip address ip mask set cos cos value rate limit rate value Configure the priority and rate limit of IP source guard 10 8 7 Checking configurations Use the following commands to check configuration results No Comman...

Page 474: ...nterfaces only permit the packets meeting DHCP Snooping learnt dynamic binding to pass Figure 10 10 Configuring IP Source Guard Configuration steps Step 1 Configure GE 1 1 1 to the trusted interface Raisecom config Raisecom config interface gigaethernet 1 1 1 Raisecom config gigaethernet1 1 1 ip verify source trust Raisecom config gigaethernet1 1 1 exit Step 2 Configure static binding Raisecom con...

Page 475: ...rnet1 1 7 no 10 9 PPPoE 10 9 1 Introduction PPPoE Intermediate Agent PPPoE is used to process authentication packets PPPoE adds more information about access devices into the authentication packet to bind account and access device so that the account is not shared and stolen and the carrier s and users interests are protected This provides the server with enough information to identify users avoid...

Page 476: ...et is used to query the authentication server Step 2 After receiving the PADI packet the authentication server replies a unicast packet PPPoE Active Discovery Offer PADO Step 3 If multiple authentication servers reply PADO packets the client selects one from them and then sends a unicast PPPoE Active Discovery Request PADR to the authentication server Step 4 After receiving the PADR packet if the ...

Page 477: ...forwarded without being attached with any information 10 9 4 Configuring basic functions of PPPoE PPPoE is used to process PADI and PADR packets It is designed for the PPPoE client Generally PPPoE is only enabled on interfaces that are connected to the PPPoE client Trusted interfaces are interfaces through which the switch is connected to the PPPoE server PPPoE and trusted interface are exclusive ...

Page 478: ... for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 1 pppoeagent trust Configure the PPPoE trusted interface Because PPPoE is designed for the PPPoE client instead of the PPPoE server dow...

Page 479: ...ppoeagent circuit id attach string format hex string Configure the attached string of Circuit ID 3 Raisecom config interface interface type interface number Enter physical layer interface configuration mode 4 Raisecom config gigaethernet1 1 1 pppoeagent circuit id string Optional configure the Circuit ID to the customized string In default mode the Circuit ID contains an attached string By default...

Page 480: ...e forged by the client because of some reasons The client overrides the original Tags After Tag overriding is enabled if PPPoE packets contain Tags these Tags are overridden If not add Tags to these PPPoE packets Configure Tag overriding for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config interface interface type...

Page 481: ...ted to Client 1 and Client 2 respectively GE 1 1 3 is connected to the PPPoE server Enable global PPPoE and PPPoE on GE 1 1 1 and GE 1 1 2 Configure GE 1 1 3 as the trusted interface Configure the attached string of Circuit ID to raisecom padding information about Circuit ID on GE 1 1 1 to user01 padding information about Circuit ID on GE 1 1 2 to the MAC address of Client 2 in ASCII format Enable...

Page 482: ...oeagent vendor specific tag overwrite enable Raisecom config gigaethernet1 1 1 exit Raisecom config interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 pppoeagent vendor specific tag overwrite enable Raisecom config gigaethernet1 1 2 exit Step 4 Enable global PPPoE and PPPoE on GE 1 1 1 and GE 1 1 2 Raisecom config pppoeagent enable Raisecom config interface gigaethernet 1 1 1 Raisecom ...

Page 483: ... This will cause device malfunction CPU CAR helps efficiently limit the speed of packets which enters the CPU Prerequisite N A 10 10 2 Configuring global CPU CAR Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config cpu protect car arp dhcp global icmp igmp bpdu kbps cir cir cbs cbs pps pps value Configure the protocol type CIR and CBS of global CPU packet pr...

Page 484: ...no security mechanism Attackers can forge ARP packets from users or gateways When they send excessive IP packets whose IP addresses cannot be resolved to the ISCOM2600G HI series switch they will cause the following harms The ISCOM2600G HI series switch sends excessive ARP request packets to the destination network segment so this network segment is overburdened The ISCOM2600G HI series switch rep...

Page 485: ... ARP destination IP address 5 Raisecom config vlan1 arp filter gratuitous mac illegal tha filled request Configure ARP filtering 6 Raisecom config vlan1 arp anti attack entry check fixed all fixed mac send ack Configure the fixing of ARP entries 7 Raisecom config vlan1 ip arp rate limit rate rate value Configure rate limiting of ARP 10 11 3 Checking configurations Use the following commands to che...

Page 486: ...dwidth without upgrading hardware Generally the link aggregation consists of manual link aggregation static Link Aggregation Control Protocol LACP link aggregation and dynamic LACP link aggregation Manual link aggregation Manual link aggregation refers to aggregating multiple physical interfaces to one logical interface so that they can balance load Static LACP link aggregation Link Aggregation Co...

Page 487: ...us redundancy mechanisms provide nodes and networks with reliable links Choosing redundancy mechanisms depends on factors such as the transmission technology topology multi homing of a single node to the entire network device capability AS boundary carrier s service model and carrier s choice High reliability of the carrier grade Ethernet is accessible from concurrently applying the redundancy mec...

Page 488: ...igure physical parameters of interfaces and make them Up In the same LAG member interfaces that share loads must be identically configured Otherwise data cannot be forwarded properly These configurations include QoS QinQ VLAN interface properties and MAC address learning QoS traffic policing traffic shaping congestion avoidance rate limit SP queue WRR queue scheduling interface priority and interf...

Page 489: ...ig Enter global configuration mode 2 Raisecom config lacp system priority system priority Optional configure the system LACP priority The device with higher priority is the active end LACP chooses active and backup interfaces according to configurations of the active end The smaller the number is the higher the priority is The device with the smaller MAC address will be chosen as the active end if...

Page 490: ...ority The priority affects election for the default interface for LACP The smaller the value is the higher the priority is By default it is 32768 In a static LACP LAG a member interface can be an active standby one Both the active interface and standby interface can receive and send LACPDU However the standby interface cannot forward user packets The system chooses default interface in the order o...

Page 491: ...ns Use the following commands to check configuration results No Command Description 1 Raisecom show lacp internal Show local system LACP interface status flag interface priority administration key operation key and interface status machine status 2 Raisecom show lacp neighbor Show information about LACP neighbors including tag interface priority device ID Age operation key value interface ID and i...

Page 492: ...e static LACP link aggregation on Switch A Configure Switch A as the active end Raisecom hostname SwitchA SwitchA config SwitchA config lacp system priority 1000 SwitchA config interface port channel 1 SwitchA config port channel1 mode lacp SwitchA config port channel1 max active links 1 SwitchA config port channel1 exit SwitchA config interface gigaethernet 1 1 1 SwitchA config gigaethernet1 1 1 ...

Page 493: ...rc dst mac MinLinks 1 Max links 1 UpLinks 2 Priority Preemptive Disable Member Port gigaethernet1 1 1 gigaethernet1 1 2 Efficient Port gigaethernet1 1 1 Use the show lacp internal command to show configurations of local LACP interface status flag interface priority administration key operation key and interface state machine on Switch A SwitchA show lacp internal Flags S Device is requesting Slow ...

Page 494: ...d quick switching through working and protection lines It ensures performance and simplifies configurations Interface backup is another STP solution When STP is disabled you can realize basic link redundancy by manually configuring interfaces If the switch is enabled with STP you should disable interface backup because STP has provided similar functions When the primary link fails traffic is switc...

Page 495: ...nk device forward packet while GE 1 1 2 and the uplink device do not forward packets When the link between GE 1 1 1 and its uplink device fails the backup GE 1 1 2 and its uplink device forward packets When GE 1 1 1 restores normally and keeps Up for a period restore delay GE 1 1 1 restores to forward packets and GE 1 1 2 restores standby status When a switching between the primary interface and t...

Page 496: ...nterface backup is used to balance service load in different VLANs without depending on configurations of uplink switches thus facilitating users operation 11 2 2 Preparing for configurations Scenario By configuring interface backup in a dual uplink network you can realize redundancy backup and fast switching of the primary backup link and load balancing between different interfaces Compared with ...

Page 497: ...4 Raisecom config gigaethernet1 1 port port backup fault detect lldp Optional configure LLDP fault detection 5 Raisecom config gigaethernet1 1 port port backup restore mode non revertive revertive restore delay second Optional configure restoration mode In an interface backup group an interface is either a primary interface or a backup interface In a VLAN an interface or a LAG cannot be a member o...

Page 498: ...e backup interface number force switch 11 2 6 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show switchport backup Show status information about interface backup 2 Raisecom show port backup group Show configurations of interface backup 11 2 7 Example for configuring interface backup Networking requirements As shown in Figure 11 ...

Page 499: ...vlan 100 200 confirm Raisecom config gigaethernet1 1 1 exit Raisecom config interface gigaethernet 1 1 2 Raisecom config gigaethernet1 1 2 switchport mode trunk Raisecom config gigaethernet1 1 2 switchport trunk allowed vlan 100 200 confirm Raisecom config gigaethernet1 1 2 exit Step 2 Configure GE 1 1 1 as the primary interface of VLANs 100 150 and GE 1 1 2 as the backup interface Raisecom config...

Page 500: ... State ForceSwitch Vlanlist GE1 1 1 Forward GE1 1 2 Block NO 100 150 GE1 1 2 Forward GE1 1 1 Block NO 151 200 Manually disconnect the link between Switch A and Switch B to emulate a fault Then GE 1 1 1 becomes Down and GE 1 1 2 forwards traffic of VLANs 100 200 Raisecom show port backup group Active Port State Backup Port State ForceSwitch Vlanlist GE1 1 1 Down GE1 1 2 Forward NO 100 150 GE1 1 2 F...

Page 501: ...ownlink device immediately Uplink interfaces are not influenced when the downlink interface fail 11 3 2 Preparing for configurations Scenario When uplink fails traffic cannot be switched to the standby link if the downlink device fails to be notified in time Then traffic will be disrupted Link state tracking can be used to add downlink interfaces and uplink interfaces of the middle device to a lin...

Page 502: ... name cfm mepid level level Configure the link state group of the interface and interface type One interface can belong to only one link state group and be configured as an either uplink or downlink interface The interface can be bound with CC One link state group can contain several uplink interfaces Link state tracking will not be performed when at least one uplink interface is Up Only when all ...

Page 503: ...the uplink network in link aggregation mode When all uplink interfaces on Switch A and Switch C fails Switch B needs to sense the fault in time and switches traffic to the standby link Therefore you should deploy link state tracking on Switch A and Switch C Figure 11 6 Link state tracking networking Configuration steps Step 1 Configure link state tracking on Switch A Create a LAG Add uplink interf...

Page 504: ...he ones on Switch A Checking results Take Switch A for example Use the show link state tracking group command to show configurations of the link state group SwitchA show link state tracking group 1 Link state tracking Group 1 Trap State disable UpStream Type port UpStream PortList portchannel 1 Action Mode Shutdown port Action PortList gigaethernet 1 1 3 Link state tracking State normal Fault type...

Page 505: ...ly one direction is present UDLD can detect the fault shut down the corresponding interface and send a Trap Prerequisite Devices at both ends of the link should support UDLD 11 4 3 Default configurations of UDLD Default configurations of UDLD are as below Function Default value UDLD Disable 11 4 4 Configuring UDLD Configure UDLD for the ISCOM2600G HI series switch as below Step Command Description...

Page 506: ...figuration information through InterChassis Communication Protocol ICCP synchronizing the status of each other each PoA receives and saves information about the other PoA The two PoAs form a virtual LACP peer and appear as a single device to the DHD Links that connect the DHD are configured to the same Link Aggregation Group LAG Interface selection and link aggregation are implemented through LACP...

Page 507: ... be the ones connecting all links to the 2 PoAs However interfaces on the 2 PoAs which are to be added to the LAG contain the local interfaces which connect the DHD only 11 5 3 Configuring ICCP channel Configure the ICCP channel for the ISCOM2600G HI series switch as below Step Configuration Description 1 Raisecom config Enter global configuration mode 2 Raisecom config iccp local ip ip address Co...

Page 508: ...ablished LAG ID Otherwise it will be unavailable for use For how to create a LAG see descriptions about the port channel command 6 Raisecom config ic group restore mode non revertive revertive restore delay second Configure the LAG fault restore mode and restore delay time on the ICG 7 Raisecom config ic group mlacp system priority system priority Configure the system priority of the local device ...

Page 509: ...DHD exchanges LACPDU with the virtual LACP peer to aggregate links At the same time the link between the DHD and one switch is active and that between the DHD with the other switch is standby As shown in Figure 5 2 GE 1 1 1 GE 1 1 2 GE 1 1 3 and GE 1 1 4 on the DHD are in the same LAG GE 1 1 1 and GE 1 1 2 on Switch 1 and Switch 2 are in the same LAG Configure the maximum active links and minimum ...

Page 510: ...rnet1 1 1 interface gigaethernet 1 1 2 DHD config gigaethernet1 1 2 port channel 1 DHD config gigaethernet1 1 2 interface gigaethernet 1 1 4 DHD config gigaethernet1 1 4 port channel 1 DHD config gigaethernet1 1 4 interface gigaethernet 1 1 3 DHD config gigaethernet1 1 3 port channel 1 Configure a LAG for Switch1 Add GE 1 1 1 and GE 1 1 2 on Switch 1 to the LAG and enable priority pre emption of t...

Page 511: ...vlan 6 active Switch1 config interface gigaethernet 1 1 3 Switch1 config gigaethernet1 1 3 switchport access vlan 6 Switch1 config gigaethernet1 1 3 interface vlan 6 Switch1 config vlan6 ip address 10 110 3 1 255 255 255 0 Switch1 config vlan6 exit Switch1 config iccp local ip 10 110 3 1 Switch1 config iccp channel 1 Switch1 config iccp member ip 10 110 3 2 Switch1 config iccp iccp enable Switch1 ...

Page 512: ...p Load sharing mode src dst mac MinLinks 2 Max links 2 UpLinks 4 Priority Preemptive Enable Member Port gigaethernet1 1 1 gigaethernet1 1 2 gigaethernet1 1 4 gigaethernet1 1 3 Efficient Port gigaethernet1 1 1 gigaethernet1 1 2 Use the following command to show mLACP configurations of Switch 1 Switch1 show mlacp group 1 mlacp group 1 System information MAC address running 000E 5E11 2233 System prio...

Page 513: ...ation MAC address running 000E 5E11 2233 System priority running 20000 Configuration information Local information Peer information system mac 000E 5E11 2233 000E 5E55 0001 System priority 32768 20000 Port channel 1 N A Type slave master Iccp channel 1 N A Iccp State connect N A Track PwId 0 N A Pw Ip 0 0 0 0 N A Pw state N A N A State Standby Active Restore Type revertive N A Restore Time s 20 N ...

Page 514: ...anagement Hardware environment monitoring CPU monitoring Cable diagnosis Memory monitoring Ping Traceroute Performance statistics 12 1 SNMP 12 1 1 Introduction Simple Network Management Protocol SNMP is designed by the Internet Engineering Task Force IETF to resolve problems in managing network devices connected to the Internet Through SNMP a network management system that can manage all network d...

Page 515: ...iew NNM system Define trigger condition according to protocol modules enter exit system or restart the ISCOM2600G HI series switch when conditions are satisfied replying module sends Trap packets to the NView NNM system through agent to report current status of the ISCOM2600G HI series switch An Agent can be configured with several versions and different versions communicate with different NMSs Bu...

Page 516: ...hrough which NMS can read write every managed object in Agent to manage and monitor the ISCOM2600G HI series switch MIB stores information in a tree structure and its root is on the top without name Nodes of the tree are the managed objects which take a uniquely path starting from root OID for identification SNMP protocol packets can access network devices by checking the nodes in MIB tree directo...

Page 517: ...e community must use the community name in all Agent operations or their requests will not be accepted The community name is used by different SNMP strings to identify different groups Different communities can have read only or read write access permission Groups with read only permission can only query the device information while groups with read write access permission can configure the ISCOM2...

Page 518: ...nd to one access group each access group configures the related read write and announce view users in access group have access permission in this view The user access group to send Get and Set request must have permission corresponding to the request otherwise the request will not be accepted As shown in Figure 12 2 the network management station uses the normal access from SNMPv3 to switch and th...

Page 519: ...and configure the SNMPv3 access group 6 Raisecom config snmp server group group name user user name usm Configure the mapping between users and the access group 12 1 6 Configuring IP address authentication by SNMP server Configure IP address authentication by SNMP server for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisec...

Page 520: ...d to report some critical events Before configuring Trap you need to perform the following configurations Configure basic functions of SNMP SNMPv1 and v2c need to configure the community name SNMPv3 needs to configure the user name and SNMP view Configure the routing protocol and ensure that the route between the ISCOM2600G HI series switch and NMS is reachable Configure Trap of SNMP for the ISCOM...

Page 521: ...e access group 5 Raisecom show snmp host Show Trap target host information 6 Raisecom show snmp statistics Show SNMP statistics 7 Raisecom show snmp user Show SNMP user information 8 Raisecom show snmp view Show SNMP view information 9 Raisecom show snmp server auth Show SNMP server authentication configurations 12 1 10 Example for configuring SNMPv1 SNMPv2c and Trap Networking requirements As sho...

Page 522: ... 3 6 1 2 1 included Step 3 Configure SNMPv1 SNMPv2c community Raisecom config snmp server community raisecom view mib2 ro Step 4 Configure Trap sending Raisecom config snmp server enable traps Raisecom config snmp server host 20 0 0 221 version 2c raisecom Checking results Use the show ip interface brief command to show configurations of the IP address Raisecom show ip interface brief VRF IF Addre...

Page 523: ...secom show snmp host Index 0 IP family IPv4 IP address 20 0 0 221 Port 162 User Name raisecom SNMP Version v2c Security Level noauthnopriv TagList bridge config interface rmon snmp ospf 12 1 11 Example for configuring SNMPv3 and Trap Networking requirements As shown in Figure 12 4 the route between the NView NNM system and ISCOM2600G HI series switch is available the NView NNM system monitors the ...

Page 524: ...te user guestuser1 and use md5 authentication algorithm The password is raisecom Raisecom config snmp server user guestuser1 authentication md5 raisecom Create a guest group access group The security mode is usm security level is authentication without encryption and readable view name is mib2 Raisecom config snmp server access guestgroup read mib2 usm authnopriv Configure the guestuser1 user to b...

Page 525: ...tial shapriv usm 3 initial md5nopriv usm 4 initial shanopriv usm 5 guestgroup guestuser1 usm Use the show snmp host command to show configurations of the Trap target host Raisecom show snmp host Index 0 IP family IPv4 IP address 20 0 0 221 Port 162 User Name guestuser1 SNMP Version v3 Security Level authnopriv TagList bridge config interface rmon snmp ospf 12 2 RMON 12 2 1 Introduction Remote Netw...

Page 526: ... directly from RMON Probe through dedicated RMON Probe collection data Embedded RMON Embed RMON Agent directly to network devices such as switches to make them with RMON Probe function Network management center will collect network management information through the basic operation of SNMP and the exchange data information about RMON Agent The Raisecom ISCOM2600G HI series switch is embedded with ...

Page 527: ...f RMON are as below Function Default value Statistics group Enabled on all interfaces History group Disable Alarm group N A Event group N A 12 2 4 Configuring RMON statistics RMON statistics is used to gather statistics on an interface including the number of received packets undersized oversized packets collision CRC and errors discarded packets fragments unicast packets broadcast packets multica...

Page 528: ... generate Record the log to send Trap to network management station according to the definition of alarm event The monitored MIB variable must be real and the data value type is correct If the configured variable does not exist or value type variable is incorrect return error In the successfully configured alarm if the variable cannot be collected later close the alarm reconfigure the alarm if you...

Page 529: ...ent event id log trap description string owner owner name Add events to the RMON event group and configure processing modes of events 12 2 8 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show rmon Show RMON configurations 2 Raisecom show rmon alarms Show information about the RMON alarm group 3 Raisecom show rmon events Show inf...

Page 530: ...ived on GE 1 1 1 exceeds the threshold in a period logs are recorded and Trap is sent Figure 12 6 RMON networking Configuration steps Step 1 Create an event with index ID 1 used to record and send logs with description string High ifOutErrors The owner of logs is system Raisecom config Raisecom config rmon statistics gigaethernet 1 1 1 Raisecom config rmon event 1 log description High ifOutErrors ...

Page 531: ...tion when event is fired When an alarm event is triggered you can also check related information in the alarm management part of the NView NNM system 12 3 LLDP 12 3 1 Introduction With the enlargement of network scale and increase of network devices the network topology becomes more and more complex and network management becomes more important A lot of network management software adopts auto dete...

Page 532: ...7 Structure of a LLDPDU As shown in Figure 12 8 each TLV denotes a piece of information at local For example the device ID and interface ID correspond with the Chassis ID TLV and Port ID TLV respectively which are fixed TLVs Figure 12 8 Structure of a TLV packet Table 12 1 lists TLV types At present only types 0 8 are used Table 12 1 TLV types TLV type Description Optional Required 0 End Of LLDPDU...

Page 533: ...LDPDU or sending LLDPDU when link status changes periodically from the local end to the peer end The procedure of packet exchange When the local device transmits packet it gets system information required by TLV from NView NNM Network Node Management and gets configurations from LLDP MIB to generate TLV and form LLDPDU to transmit to peer The peer receives LLDPDU and analyzes TLV information If th...

Page 534: ...ons of LLDP Default configurations of LLDP are as below Function Default value Global LLDP Disable LLDP interface status Enable Delay timer 2s Period timer 30s Aging coefficient 4 Restart timer 2s Alarm function Enable Alarm notification timer 5s Destination MAC address of LLDP packets 0180 c200 000e 12 3 4 Enabling global LLDP After global LLDP is disabled you cannot re enable it immediately Glob...

Page 535: ...n configuring the delay timer and period timer the value of the delay timer should be smaller than or equal to a quarter of the period timer value Configure basic functions of LLDP for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config lldp message transmission interval period Optional configure the period timer of ...

Page 536: ...face type interface number Enter physical layer interface configuration mode 3 Raisecom config gigaethernet1 1 1 lldp tlv select basic tlv all port description system capability system name system description Configure the basic TLV allowed to issue 4 Raisecom config gigaethernet1 1 1 lldp tlv select med tlv all capability inventory network policy location id Configure the MED TLV allowed to issue...

Page 537: ...12 3 10 Maintenance Maintain the ISCOM2600G HI series switch as below Command Description Raisecom config clear lldp statistic interface type interface number Clear LLDP statistics Raisecom config clear lldp remote table interface type interface number Clear LLDP neighbor information Raisecom config clear lldp global statistic Clear global LLDP statistics 12 3 11 Example for configuring LLDP Netwo...

Page 538: ...witchA config SwitchA config lldp enable Configure Switch B Raisecom name SwitchB SwitchB config SwitchB config lldp enable Step 2 Configure the management IP address Configure Switch A SwitchA config create vlan 1024 active SwitchA config interface gigaethernet 1 1 1 SwitchA config gigaethernet1 1 1 switchport access vlan 1024 SwitchA config gigaethernet1 1 1 exit SwitchA config interface vlan 10...

Page 539: ...lldp trap interval 10 Configure Switch B SwitchB config lldp message transmission interval 60 SwitchB config lldp message transmission delay 9 SwitchB config lldp trap interval 10 Checking results Use the show lldp local config command to show local configurations SwitchA show lldp local config System configuration LLDP enable status enable default is disabled LldpMsgTxInterval 60 default is 30s L...

Page 540: ...0E GE1 1 6 enable 0180 C200 000E Use the show lldp remote command to show neighbor information SwitchA show lldp remote Port ChassisId PortId SysName MgtAddress ExpiredTime gigaethernet1 1 1 000E 5E02 B010 gigaethernet1 1 1 SwitchB 10 10 10 2 106 SwitchB show lldp remote Port ChassisId PortId SysName MgtAddress ExpiredTime gigaethernet1 1 1 000E 5E12 F120 gigaethernet1 1 1 SwitchA 10 10 10 1 106 1...

Page 541: ...ation through analyzing monitoring data Prerequisite The optical module used on the ISCOM2600G HI series switch should be a Raisecom certified one If you use an optical module of other vendors problems of unstable services failure in supporting DDM or incorrect DDM information will happen 12 4 3 Default configurations of optical module DDM Default configurations of optical module DDM are as below ...

Page 542: ...e optical module DDM Trap globally 3 Raisecom config inter face interface type interface number Enter physical layer interface configuration mode 4 Raisecom config gigaethernet1 1 port transceiver trap enable Enable interface optical module DDM Trap Only when global optical DDM Trap is enabled the optical module where interface optical module DDM Trap is enabled can the ISCOM2600G HI series switch...

Page 543: ...me scheduling output will be sent to the system log to deal with According to the configuration the system will send the log to various destinations The destinations that receive the system log are divided into Console send the log message to the local console through Console interface Host send the log message to the host Monitor send the log message to the monitor such as Telnet terminal File se...

Page 544: ...es and sends them to the logging host Console interface or control console to facilitate checking and locating faults Prerequisite N A 12 5 3 Default configurations of system log Default configurations of system log are as below Function Default value System log Enable Output log information to Console Enable the default level is information 6 Output log information to host N A the default level i...

Page 545: ...ebug level 0 6 system log timestamp by default this system log adopts date time as timestamp 4 Raisecom config l ogging rate limit log num Optional configure transmitting rate of system log 5 Raisecom config l ogging sequence number Optional configure sequence of system log The sequence number only applies to the console monitor log file and log buffer but not log host and history list 6 Raisecom ...

Page 546: ...e facility field of the log to be sent to the log host Configuration may fail if you do not create the log host This configuration is available for all log hosts configured on the ISCOM2600G HI series switch 4 Raisecom config logging monitor log level alerts critical debugging emergencies errors informational notifications warnings distriminator distriminator number Optional output system logs to ...

Page 547: ...on results No Command Description 1 Raisecom show logging Show configurations of system log 2 Raisecom show logging buffer Show information about the system log buffer 3 Raisecom show logging discriminator Show filter information 4 Raisecom show logging file Show contents of system log The device supports this configuration at millisecond level 5 Raisecom show logging history Show information abou...

Page 548: ...nfig logging time stamp log datetime Raisecom config logging rate limit 2 Raisecom config logging host 20 0 0 168 warnings Checking results Use the show logging command to show configurations of system log Raisecom show logging Syslog logging enable Dropped Log messages 0 Dropped debug messages 0 Rate limited 2 messages per second Squence number display disable Debug level time stamp none Log leve...

Page 549: ...es according to properties Fault alarm refer to alarms for some hardware fault or some abnormal important functions such as port Down alarm Recovery alarm refer to alarms that are generated when device failure or abnormal function returns to normal such as port Up alarm Event alarm refer to prompted alarms or alarms that are generated because of failure in relating the fault to the recovery such a...

Page 550: ...r Trap information alarm sent to NMS when the NMS is configured Alarm will be broadcasted according to various terminals configured by the ISCOM2600G HI series switch including CLI terminal and NMS Log output of alarm starts with the symbol and the output format is as below Index TimeStamp HostName ModuleName Severity name Arise From Description Table 12 5 describes alarm fields Table 12 5 Alarm f...

Page 551: ...d concepts about alarm management are displayed as below Alarm suppression The ISCOM2600G HI series switch only records root cause alarms but incidental alarms when enabling alarm suppression For example the generation of alarm A will inevitably produce alarm B which is in the inhibition list of alarm A then alarm B is inhibited and does not appear in alarm buffer and record the log information wh...

Page 552: ...iately in other words alarms are not reported when there are alarms and alarms are reported when there are no alarms actually The interface will maintain the opposite alarm status regardless of the alarm status changes before the alarm reverse status being restored to non reverse mode Auto reverse mode Configure the alarm reverse mode as auto reverse mode If no reversible alarm is on the interface...

Page 553: ...ment recommendations to help users deal with fault If the device is configured with hardware monitoring it will record the hardware monitoring alarm table generated Syslog and sent Trap when the operation environment of the device becomes abnormal and notify the user of taking actions accordingly and prevent faults Alarm management facilitates alarm suppression alarm auto reporting alarm monitorin...

Page 554: ...type Raisecom config alarm monitor type alarm type alarm restype alarm restype value enable Enable alarm monitoring of a specified alarm source and type 5 Raisecom config alarm inverse interface type interface number none auto manual Configure alarm reverse modes By default it is none in other words alarm reverse is disabled 6 Raisecom config alarm active cleared delay second Configure alarm delay...

Page 555: ...llowing commands to check configuration results No Command Description 1 Raisecom show alarm management alarm_type Show parameters of current alarms including status of alarm suppression alarm reverse mode alarm delay and alarm storage mode maximum alarm buffer size and alarm log size 2 Raisecom show alarm log Show alarm statistics in the system log 3 Raisecom show alarm management statistics Show...

Page 556: ...es are unplugged in other words two power modules are out of position The ISCOM2600G HI series switch supports saving to the device hardware environment monitoring alarm buffer sending Trap to the NView NNM system and outputting to the system log and relay Temperature beyond threshold alarm The device supports temperature beyond threshold alarm event when the current temperature is lower than low ...

Page 557: ...ear all alarm Alarm source device global alarm Interface number interface status alarm Timestamp Alarm time in the form of absolute time Alarm event type dev power down power down alarm power abnormal power abnormal alarm one of two powers is power down high temperature high temperature alarm low temperature low temperature alarm all alarm clear all alarms Syslog output Record alarms to Syslog Sys...

Page 558: ...t mode configure the management IP address of the device 12 7 3 Default configurations of hardware environment monitoring Default configurations of hardware environment monitoring are as below Function Default value Global hardware environment monitoring alarm Syslog output Disable Global hardware environment monitoring alarm Trap output Disable Power down event alarm Enable Trap output Enable Sys...

Page 559: ... notifies syslog Enable abnormal temperature alarm 3 Raisecom config alarm temperature high high value low low value notifies syslog Enable temperature monitoring alarm output and configure temperature monitoring alarm output modes The high temperature threshold high value must be greater than the low temperature threshold low value The low temperature threshold low value must be smaller than the ...

Page 560: ... Raisecom show alarm Show global hardware environment monitoring alarm configurations 2 Raisecom show alarm current Show current alarms of hardware environment monitoring 3 Raisecom show alarm history Show history alarms of hardware environment monitoring 4 Raisecom show environment temperature power Show information about the current environment such as power supply temperature and alarms 12 8 CP...

Page 561: ...e task status CPU utilization rate and stack usage in the system provide CPU utilization rate threshold alarm detect and eliminate hidden dangers or help administrator for fault location Prerequisite When the CPU monitoring alarm needs to be output in Trap mode configure Trap output target host address which is IP address of NView NNM system 12 8 3 Default configurations of CPU monitoring Default ...

Page 562: ...ing threshold value rising rising threshold value Optional configure the recovering threshold and rising threshold for CPU alarms 3 Raisecom config cpu interval interval value Optional configure the interval for sampling CPU alarms 12 8 6 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show cpu utilization Show CPU utilization and...

Page 563: ...rface number Enable cable diagnosis The device supports this configuration on multiple interfaces When you enable the function of not restarting the interface upon cable diagnosis the interface that is in Up status will be restarted once and then obtain cable diagnosis data Then when cable diagnosis is ongoing the interface that is in Up status will not be restarted but directly read cable diagnos...

Page 564: ...igure memory monitoring for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom config Enter global configuration mode 2 Raisecom config memory threshold recovering recovering threshold value rising rising threshold value Configure the rising threshold and recovering threshold for memory utilization alarms 3 Raisecom config memory interval Observation interval value Config...

Page 565: ...ved during a valid period and timeout information is displayed on the sender it indicates that the route between source and destination addresses is unreachable Figure 12 11 shows principles of Ping Figure 12 11 Principles of Ping 12 11 2 Configuring Ping Configure Ping for the ISCOM2600G HI series switch as below Step Command Description 1 Raisecom ping ip address count count size size waittime p...

Page 566: ...cating that this packet cannot be sent Step 3 The sending host adds 1 to TTL and resends this packet Step 4 Because the TTL value is reduced to 0 in the second hop the device will return an ICMP timeout packet indicating that this packet cannot be sent The previous steps continue until the packet reaches the destination host which will not return ICMP timeout packets Because the port ID of destina...

Page 567: ...to gather statistics about service packets on the interface of a monitoring device and enable you to learn network performance It can be based on interface or service flow in a short or long period The short period is 15 minutes while the long period is 24 hours Data in a statistical period is written as data block to the Flash for your review 12 13 2 Preparing for configurations Scenario To learn...

Page 568: ...d in the Flash for performance statistics in different statistics period mode 12 13 5 Checking configurations Use the following commands to check configuration results No Command Description 1 Raisecom show performance statistics interface interface type interface number current history Raisecom show performance statistics interval buckets Show performance statistics 12 13 6 Maintenance Maintain t...

Page 569: ...laser to avoid the maintenance and operation risks when the fiber is pulled out or the output power is too great Auto negotiation The interface automatically chooses the rate and duplex mode according to the result of negotiation The auto negotiation process is the interface adapts its rate and duplex mode to the highest performance according to the peer interface in other words both ends of the l...

Page 570: ...is mathematically infeasible D Dynamic ARP Inspection DAI A security feature that can be used to verify the ARP data packets in the network With DAI the administrator can intercept record and discard ARP packets with invalid MAC address IP address to prevent common ARP attacks Dynamic Host Configuration Protocol DHCP A technology used for assigning IP address dynamically It can automatically assig...

Page 571: ...gates authority for IP address space allocation and domain name assignment to the NIC and other organizations IANA also maintains a database of assigned protocol identifiers used in the TCP IP suite including autonomous system numbers Internet Engineering Task Force IETF A worldwide organization of individuals interested in networking and the Internet Managed by the Internet Engineering Steering G...

Page 572: ...NTP is used to perform clock synchronization on all devices that have clocks in the network Therefore the devices can provide different applications based on a unified time In addition NTP can ensure a very high accuracy with an error of 10ms or so O Open Shortest Path First OSPF An internal gateway dynamic routing protocol which is used to determine the route in an Autonomous System AS Optical Di...

Page 573: ...twork runs high efficiently Depending on the specific system and service it may relate to jitter delay packet loss ratio bit error ratio and signal to noise ratio R Rapid Spanning Tree Protocol RSTP Evolution of the Spanning Tree Protocol STP which provides improvements in the speed of convergence for bridged networks Remote Authentication Dial In User Service RADIUS RADIUS refers to a protocol us...

Page 574: ...mapping VLAN mapping is mainly used to replace the private VLAN Tag of the Ethernet service packet with the ISP s VLAN Tag making the packet transmitted according to ISP s VLAN forwarding rules When the packet is sent to the peer private network from the ISP network the VLAN Tag is restored to the original private VLAN Tag according to the same VLAN forwarding rules Thus the packet is sent to the ...

Page 575: ...llenge Handshake Authentication Protocol CIDR Classless Inter Domain Routing CIR Committed Information Rate CIST Common Internal Spanning Tree CLI Command Line Interface CoS Class of Service CPU Central Processing Unit CRC Cyclic Redundancy Check CSMA CD Carrier Sense Multiple Access Collision Detection CST Common Spanning Tree D DAI Dynamic ARP Inspection DBA Dynamic Bandwidth Allocation DC Direc...

Page 576: ... Discharge EVC Ethernet Virtual Connection F FCS Frame Check Sequence FE Fast Ethernet FIFO First Input First Output FTP File Transfer Protocol G GARP Generic Attribute Registration Protocol GE Gigabit Ethernet GMRP GARP Multicast Registration Protocol GPS Global Positioning System GVRP Generic VLAN Registration Protocol H HDLC High level Data Link Control HTTP Hyper Text Transfer Protocol I IANA ...

Page 577: ...ation Control Protocol LACPDU Link Aggregation Control Protocol Data Unit LAN Local Area Network LCAS Link Capacity Adjustment Scheme LLDP Link Layer Discovery Protocol LLDPDU Link Layer Discovery Protocol Data Unit M MAC Medium Access Control MDI Medium Dependent Interface MDI X Medium Dependent Interface cross over MIB Management Information Base MSTI Multiple Spanning Tree Instance MSTP Multipl...

Page 578: ... Active Discovery Initiation PADO PPPoE Active Discovery Offer PADS PPPoE Active Discovery Session confirmation PAP Password Authentication Protocol PDU Protocol Data Unit PE Provider Edge PIM DM Protocol Independent Multicast Dense Mode PIM SM Protocol Independent Multicast Sparse Mode Ping Packet Internet Grope PPP Point to Point Protocol PPPoE PPP over Ethernet PTP Precision Time Protocol Q QoS...

Page 579: ...m Topology Discover Protocol S SCADA Supervisory Control And Data Acquisition SF Signal Fail SFP Small Form factor Pluggable SFTP Secure File Transfer Protocol SLA Service Level Agreement SNMP Simple Network Management Protocol SNTP Simple Network Time Protocol SP Strict Priority SPF Shortest Path First SSHv2 Secure Shell v2 STP Spanning Tree Protocol T TACACS Terminal Access Controller Access Con...

Page 580: ...Proprietary and Confidential Copyright Raisecom Technology Co Ltd 549 UDP User Datagram Protocol UNI User Network Interface USM User Based Security Model V VLAN Virtual Local Area Network VRRP Virtual Router Redundancy Protocol W WAN Wide Area Network WRR Weight Round Robin ...

Page 581: ...ss Raisecom Building No 11 East Area No 10 Block East Xibeiwang Road Haidian District Beijing P R China Postal code 100094 Tel 86 10 82883305 Fax 8610 82883056 http www raisecom com Email export raisecom com ...

Reviews:

No comments

Related manuals for ISCOM2600G-HI (A) Series

Brand: GE Pages: 36

Brand: GE Pages: 8

Brand: KanexPro Pages: 16

IP-Reach IPR-M1

Brand: Raritan Pages: 4

Brand: wavin Pages: 4

Brand: Aruba Pages: 6

Brand: F&G Pages: 6

Brand: A-Neuvideo Pages: 28

Brand: PNI Pages: 92

Brand: Digitronic Pages: 24

Allen-Bradley 800F-ALR1

Brand: Rockwell Automation Pages: 2

Brand: STI Pages: 2

Brand: PowerShield Pages: 2

Brand: Murphy Pages: 24

Brand: Hammond Pages: 2

AC-MX44/88-AUHD-HDBT

Brand: AVProEdge Pages: 32

iRC Electronic DPSI TWIN Mini

Brand: Emcotec Pages: 2

Brand: Edge-Core Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands