manualshive.com logo in svg

Siemens S223, User Manual

The Siemens S223 user manual is essential for mastering your device's features and functions. Find it available for free download on our website, guaranteeing easy access to detailed instructions and troubleshooting tips. Enhance your product experience with the comprehensive manual from manualshive.com.

Share
Download
background image

User Manual                                                                               UMN:CLI 
SURPASS hiD 6615 S223/S323 R1.5 

A50010-Y3-C150-2-7619                                                                         65 

4.5.1 802.1x 

Authentication 

 

4.5.1.1 Enabling 

802.1x 

To configure 802.1x, the user should enable 802.1x daemon first. In order to enable 
802.1x daemon, use the following command. 

Command Mode 

Description 

dot1x system-auth-control 

Enables 802.1x daemon. 

no dot1x system-auth-control 

Global 

Disables 802.1x daemon. 

 

4.5.1.2 Configuring 

RADIUS 

Server 

As RADIUS server is registered in authenticator, authenticator also can be registered in 
RADIUS server.   

Here, authenticator and RADIUS server need extra data authenticating each other be-
sides they register each other’s IP address. The data is the key and should be the same 
value for each other. For the key value, every kinds of character can be used except for 
the space or special character. 

[Suppliant]

[Authenticator]

[Authentication Server]

RADIUS
Server

RADIUS Servers

A : 10.1.1.1

B : 20.1.1.1

C : 30.1.1.1

:

J : 100.1.1.1

Response

Authentication request 

in order

Designate as default 

RADIUS server

 

Fig. 4.2 

Multiple Authentication Servers 

 

If you register in several servers, the authentication server starts form RADIUS server 
registered as first one, then requests the second RADIUS server in case there’s no re-
sponse. According to the order of registering the authentication request, the authentica-
tion request is tried and the server which responds to it becomes the default server from 
the point of response time. 

 

Summary of Contents for S223

Page 1: ...User Manual SURPASS hiD 6615 S223 S323 R1 5 UMN CLI A50010 Y3 C150 2 7619 ...

Page 2: ...estimmte Teile der Geräte unter Spannung Einige Teile können auch eine hohe Betriebstemperatur aufweisen Eine Nichtbeachtung dieser Situation und der Warnungshinweise kann zu Körperverletzungen und Sachschäden führen Deshalb wird vorausgesetzt dass nur geschultes und qualifiziertes Personal die Anlagen installiert und wartet Das System entspricht den Anforderungen der EN 60950 1 IEC 60950 1 Angesc...

Page 3: ... 2 7619 3 Reason for Update Summary System software upgrade added Details Chapter Section Reason for Update 11 System software upgrade added Issue History Issue Number Date of Issue Reason for Update 01 07 2006 Initial release 02 08 2006 System software upgrade added ...

Page 4: ... 32 3 1 8 Interface Configuration Mode 33 3 1 9 RMON Configuration Mode 33 3 1 10 Router Configuration Mode 34 3 1 11 VRRP Configuration Mode 34 3 1 12 Route Map Configuration Mode 35 3 2 Useful Tips 36 3 2 1 Listing Available Commands 36 3 2 2 Calling Command History 37 3 2 3 Using Abbreviation 38 3 2 4 Using Command of Privileged EXEC Enable Mode 38 3 2 5 Exit Current Command Mode 39 4 System Co...

Page 5: ...laying Interface 60 4 3 8 Sample Configuration 60 4 4 SSH Secure Shell 61 4 4 1 SSH Server 61 4 4 1 1 Enabling SSH Server 61 4 4 1 2 Displaying On line SSH Client 61 4 4 1 3 Disconnecting SSH Client 61 4 4 1 4 Displaying Connection History of SSH Client 61 4 4 1 5 Assigning Specific Authentication Key 62 4 4 2 SSH Client 62 4 4 2 1 Login to SSH Server 62 4 4 2 2 File Copy 62 4 4 2 3 Configuring Au...

Page 6: ... Port Mirroring 80 6 System Environment 83 6 1 Environment Configuration 83 6 1 1 Host Name 83 6 1 2 Time and Date 83 6 1 3 Time Zone 84 6 1 4 Network Time Protocol 84 6 1 5 NTP Network Time Protocol 85 6 1 6 Simple Network Time Protocol SNTP 85 6 1 7 Terminal Configuration 86 6 1 8 Login Banner 87 6 1 9 DNS Server 87 6 1 10 Fan Operation 88 6 1 11 Disabling Daemon Operation 88 6 1 12 System Thres...

Page 7: ...6 7 1 4 SNMP Group 106 7 1 5 SNMP View Record 107 7 1 6 Permission to Access SNMP View Record 107 7 1 7 SNMP Version 3 User 108 7 1 8 SNMP Trap 108 7 1 8 1 SNMP Trap Host 109 7 1 8 2 SNMP Trap Mode 109 7 1 8 3 Enabling SNMP Trap 110 7 1 8 4 Disabling SNMP Trap 111 7 1 8 5 Displaying SNMP Trap 112 7 1 9 SNMP Alarm 112 7 1 9 1 Enabling Alarm Notification 112 7 1 9 2 Default Alarm Severity 113 7 1 9 ...

Page 8: ...First Alarm 131 7 4 2 7 Interval of Sample Inquiry 131 7 4 2 8 Activating RMON Alarm 132 7 4 2 9 Deleting Configuration of RMON Alarm 132 7 4 2 10 Displaying RMON Alarm 132 7 4 3 RMON Event 132 7 4 3 1 Event Community 132 7 4 3 2 Event Description 133 7 4 3 3 Subject of RMON Event 133 7 4 3 4 Event Type 133 7 4 3 5 Activating RMON Event 133 7 4 3 6 Deleting Configuration of RMON Event 134 7 4 3 7 ...

Page 9: ...g 163 7 12 2 Adding Policy of MAC Filter 163 7 12 3 Deleting MAC Filter Policy 164 7 12 4 Listing of MAC Filter Policy 164 7 12 5 Displaying MAC Filter Policy 164 7 13 Address Resolution Protocol ARP 165 7 13 1 ARP Table 165 7 13 1 1 Registering ARP Table 166 7 13 1 2 Displaying ARP Table 166 7 13 2 ARP Alias 167 7 13 3 ARP Inspection 167 7 13 4 Gratuitous ARP 169 7 13 5 Proxy ARP 169 7 14 ICMP Me...

Page 10: ...rt Trunk 193 8 2 1 1 Configuring Port Trunk 193 8 2 1 2 Disabling Port Trunk 194 8 2 1 3 Displaying Port Trunk Configuration 194 8 2 2 Link Aggregation Control Protocol LACP 194 8 2 2 1 Configuring LACP 195 8 2 2 2 Packet Route 195 8 2 2 3 Operating Mode of Member Port 196 8 2 2 4 Identifying Member Ports within LACP 197 8 2 2 5 BPDU Transmission Rate 197 8 2 2 6 Key value of Member Port 197 8 2 2...

Page 11: ... 1 2 Access to Associated IP Address 229 8 4 1 3 Master Router and Backup Router 229 8 4 1 4 VRRP Track Function 231 8 4 1 5 Authentication Password 232 8 4 1 6 Preempt 233 8 4 1 7 VRRP Statistics 234 8 5 Rate Limit 234 8 5 1 Configuring Rate Limit 235 8 5 2 Sample Configuration 235 8 6 Flood Guard 236 8 6 1 Configuring Flood Guard 236 8 6 2 Sample Configuration 237 8 7 Bandwidth 237 8 8 Dynamic H...

Page 12: ... 5 5 Simplified DHCP Option 82 255 8 8 6 DHCP Client 256 8 8 6 1 Enabling DHCP Client 256 8 8 6 2 DHCP Client ID 256 8 8 6 3 DHCP Class ID 256 8 8 6 4 Host Name 256 8 8 6 5 IP Lease Time 257 8 8 6 6 Requesting Option 257 8 8 6 7 Forcing Release or Renewal of DHCP Lease 257 8 8 6 8 Displaying DHCP Client Configuration 257 8 8 7 DHCP Snooping 258 8 8 7 1 Enabling DHCP Snooping 258 8 8 7 2 DHCP Trust...

Page 13: ...nabling Multicast Routing Required 279 9 1 2 Limitation of MRIB Routing Entry 279 9 1 3 Clearing MRIB Information 280 9 1 4 Displaying MRIB Information 281 9 1 5 Multicast Time To Live Threshold 281 9 1 6 MRIB Debug 281 9 1 7 Multicast Aging 282 9 2 Internet Group Management Protocol IGMP 283 9 2 1 IGMP Basic Configuration 283 9 2 1 1 IGMP Version per Interface 283 9 2 1 2 Removing IGMP Entry 284 ...

Page 14: ... PIM SM and Passive Mode 305 9 3 1 2 DR Priority 305 9 3 1 3 Filters of Neighbor in PIM 306 9 3 1 4 PIM Hello Query 306 9 3 1 5 PIM Debug 307 9 3 2 BSR and RP 307 9 3 3 Bootstrap Router BSR 307 9 3 4 RP Information 308 9 3 4 1 Static RP for Certain Group 308 9 3 4 2 Enabling Transmission of Candidate RP Message 309 9 3 4 3 KAT Keep Alive Time of RP 310 9 3 4 4 Ignoring RP Priority 310 9 3 5 PIM SM...

Page 15: ...Session Reset of Peer Group 330 10 1 6 Displaying and Managing BGP 331 10 2 Open Shortest Path First OSPF 333 10 2 1 Enabling OSPF 333 10 2 2 ABR Type Configuration 335 10 2 3 Compatibility Support 335 10 2 4 OSPF Interface 335 10 2 4 1 Authentication Type 336 10 2 4 2 Authentication Key 336 10 2 4 3 Interface Cost 337 10 2 4 4 Blocking Transmission of Route Information Database 338 10 2 4 5 Routi...

Page 16: ...or Router 362 10 3 3 RIP Version 363 10 3 4 Creating available Static Route only for RIP 364 10 3 5 Redistributing Routing Information 364 10 3 6 Metrics for Redistributed Routes 366 10 3 7 Administrative Distance 367 10 3 8 Originating Default Information 367 10 3 9 Routing Information Filtering 367 10 3 9 1 Filtering Access List and Prefix List 368 10 3 9 2 Disabling the transmission to Interfac...

Page 17: ...Spanning Tree Protocol 200 Fig 8 10 Root Switch 201 Fig 8 11 Designated Switch 202 Fig 8 12 Port Priority 203 Fig 8 13 Port State 204 Fig 8 14 Alternate Port and Backup port 205 Fig 8 15 Example of Receiving Low BPDU 206 Fig 8 16 Convergence of 802 1d Network 207 Fig 8 17 Network Convergence of 802 1w 1 207 Fig 8 18 Network Convergence of 802 1w 2 208 Fig 8 19 Network Convergece of 802 1w 3 208 Fi...

Page 18: ...of Stacking 270 Fig 9 1 IGMP Snooping Configuration Network 278 Fig 9 2 PIM SM Configuration Network 278 Fig 9 3 IGMP Snooping and PIM SM Configuration Network 279 Fig 9 4 IP Multicasting 290 Fig 9 5 RPT of PIM SM 304 Fig 9 6 STP of PIM SM 304 Fig 9 7 In Case Multicast Source not Directly Connected to Multicast Group 313 ...

Page 19: ...Mode 32 Tab 3 8 Main Commands of Interface Configuration Mode 33 Tab 3 9 Main Commands of RMON Configuration Mode 33 Tab 3 10 Main Commands of Router Configuration Mode 34 Tab 3 11 Main Commands of VRRP Configuration Mode 34 Tab 3 12 Main Commands of Route map Configuration Mode 35 Tab 3 13 Command Abbreviation 38 Tab 6 1 World Time Zone 84 Tab 6 2 Options for Ping 95 Tab 6 3 Options for Ping for ...

Page 20: ...rview Introduces the hiD 6615 S223 S323 system It also lists the features of the system 3 Command Line Interface CLI Describes how to use the Command Line Interface CLI 4 System Connection and IP Address Describes how to manage the system account and IP address 5 Port Configuration Describes how to configure the Ethernet ports 6 System Environment Describes how to configure the system environment ...

Page 21: ...cription a Commands you should use as is NAME PROFILE VALUE Variables for which you supply values PORTS For entry this variable see Section 5 1 Commands or variables that appear within square brackets are optional Range of number that you can use A choice of required keywords appears in braces You must se lect one Optional variables are separated by vertical bars Tab 1 2 Command Notation of Guide ...

Page 22: ...the related copyright notices by sending your request to the following e mail address opensrc dasannetworks com You will however be required to reimburse Siemens for its costs of postage and copying Any source code request made by you must be sent within 3 years of your purchase of the product Please include a copy of your sales receipt when submitting your request Also please include the exact na...

Page 23: ...AN network consisted of typi cal Ethernet switch Layer 3 switch can connect to PC web server LAN equip ment backbone equipment or another switch through various interfaces SURPASS hiD 6615 L3 switch supports routing based on VLAN IP multicasting and pro vides Layer 3 switching service such as IP packet filtering or DHCP The Fig 2 1 shows network construction with using hiD 6615 S223 S323 Fig 2 1 N...

Page 24: ...g to each class which the packets belong to The QoS capabilities enable network managers to protect mission critical applications and support differentiated level of bandwidth for man aging traffic congestion The hiD 6615 S223 S323 support ingress and egress shaping rate limiting and different scheduling type such as SP Strict Priority WRR Weighted Round Robin and WFQ Weighted Fair Queuing Multica...

Page 25: ...23 S323 supports Multiple Spanning Tree Protocol MSTP Link Aggregation Trunking The hiD 6615 S223 S323 aggregates several physical interfaces into one logical port aggregate port Port trunk aggregates interfaces with the standard of same speed same duplex mode and same VLAN ID According to IEEE 802 3ad the hiD 6615 S223 S323 can configure maximum 8 aggregate ports and up to 12 trunk groups LACP Th...

Page 26: ...on protocol that is RADIUS Remote Au thentication Dial In User Service and TACACS Terminal Access Controller Access Con trol System Plus Not only user IP and password registered in switch but also authentica tion through RADIUS server and TACACS server are required to access Therefore se curity of system and network management is strengthened ...

Page 27: ...lled on user s PC For this use the CLI based interface commands Connect RJ45 to DB9 console cable to the hiD 6615 S223 S323 This chapter explains how CLI command mode is organized before installing CLI command mode is consisted as follow Privileged EXEC View Mode Privileged EXEC Enable Mode Global Configuration Mode Bridge Configuration Mode Rule Configuration Mode DHCP Configuration Mode DHCP Opt...

Page 28: ...UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 28 A50010 Y3 C150 2 7619 Fig 3 1 shows hiD 6615 S323 software mode structure briefly Fig 3 1 Software mode structure ...

Page 29: ...d to Privileged EXEC Enable mode to enhance security Once set ting a password you should enter a configured password when you open Privileged EXEC Enable mode Tab 3 2 shows main commands of Privileged EXEC Enable mode Command Description clock Inputs time and date in system configure terminal Opens Configuration mode telnet Connects to another device through telnet terminal length Configures the n...

Page 30: ...e Configuration mode ip Configures various functions of the interface passwd Changes a system password qos Configures QoS restore factory defaults Restores the default configuration of the switch rmon alarm Opens Rmon alarm configuration mode rmon event Opens Rmon event configuration mode rmon history Opens Rmon history configuration mode route map Opens Route map Configuration mode router Opens R...

Page 31: ...figuration Mode You can open Rule Configuration mode using the command rule NAME create on Global Configuration mode If you open Rule Configuration mode the system prompt is changed from SWITCH config to SWITCH config rule name Command Mode Description rule NAME create Global Opens Rule Configuration mode On the Rule Configuration mode it is possible to configure the condition and operational meth...

Page 32: ...Main Commands of DHCP Configuration Mode 3 1 7 DHCP Option 82 Configuration Mode To open DHCP Option 82 Configuration mode use the command ip dhcp option82 on Global Configuration mode as follow Then the prompt is changed from SWITCH config to SWITCH config opt82 Command Mode Description ip dhcp option82 Global Opens DHCP Option 82 Configuration mode for DHCP option 82 configuration On DHCP Option...

Page 33: ...e to interface Tab 3 8 Main Commands of Interface Configuration Mode 3 1 9 RMON Configuration Mode To open RMON Alarm Configuration mode enter rmon alarm 1 65534 To open RMON Event Configuration mode input rmon event 1 65534 And to open RMON History Configuration mode enter rmon history 1 65534 Tab 3 9 shows a couple of important main commands of RMON Configuration mode Command Description active ...

Page 34: ... to operate each routing protocol redistribute Registers transmitted routing information to another router s table Tab 3 10 Main Commands of Router Configuration Mode 3 1 11 VRRP Configuration Mode To open VRRP Configuration mode use the following command The system prompt is changed from SWITCH config to SWITCH config router Command Mode Description router vrrp INTERFACE GROUP ID Global Opens VRR...

Page 35: ... Description route map NAME permit deny 1 65535 Global Opens Route map Configuration mode On Route map Configuration mode you can configure the place where information is from and sent in routing table Tab 3 12 shows a couple of important main commands of Route map Configuration mode Command Description match Transmits routing information to specified place set Configures router address and distan...

Page 36: ...guration mode copy Copy from one file to another debug Debugging functions see also undebug disconnect Disconnect user connection enable Turn on privileged mode command erase Erase saved configuration exit End current mode and down to previous mode halt Halt process help Description of the interactive help system no Negate a command or set its defaults ping Send echo messages quote Execute externa...

Page 37: ... find out commands starting with specific alphabet Input the first letter and question mark without space The following is an example of finding out the commands starting s in Privileged EXEC En able mode of hiD 6615 S223 S323 SWITCH s show Show running system information ssh Configure secure shell SWITCH s Also it is possible to view variables you should input following after commands After in pu...

Page 38: ...6615 S223 S323 also provides the command that shows the commands used before up to 100 lines Command Mode Description show history Enable Shows a command history 3 2 3 Using Abbreviation Most of the commands can be used also with abbreviated form The following table shows some examples of abbreviated commands Command Abbreviation clock cl exit ex show sh configure terminal con te Tab 3 13 Command ...

Page 39: ...Command Mode To exit to the previous command mode use the following command Command Mode Description exit Exits to the previous command mode end All Exits to Privileged EXEC enable mode If you use the command exit on Privileged EXEC View mode or Privileged EXEC En able mode you will be logged out ...

Page 40: ...4 1 1 System Login After installing the hiD 6615 S223 S323 finally make sure that each port is correctly con nected to PC for network and management And then turn on the power and boot the system as follow Step 1 When you turn on the switch booting will be automatically started and login prompt will be displayed SWITCH login Step 2 When you enter login ID at the login prompt password prompt will b...

Page 41: ... en crypted input 8 before the encrypted string When you use the password enable command with 8 and the string you will make into Privileged EXEC Enable mode with the encrypted string Therefore to log in the system you should do it with the encrypted string as password that you configured after 8 In short according to using the 8 option or not the next string is encrypted or not The following is a...

Page 42: ... junior95 Re enter new password junior95 Password changed SWITCH config The password you are entering won t be seen in the screen so please be careful not to make mistake 4 1 4 Management for System Account 4 1 4 1 Creating System Account For the hiD 6615 S223 S323 the administrator can create a system account In addition it is possible to set the security level from 0 to 15 to enhance the system ...

Page 43: ...ion mode in the level privilege bridge level 0 15 COMMAND all Uses the specific command of Bridge Configuration mode in the level privilege configure level 0 15 COMMAND all Uses the specific command of Global Configuration mode in the level privilege dhcp option82 level 0 15 COMMAND all Uses the specific command of DHCP Option 82 Con figuration mode in the level privilege dhcp pool level 0 15 COMM...

Page 44: ...command in level 0 can be used in from level 0 to level 14 The commands should be input same as the displayed commands by show list There fore it is not possible to input the commands in the bracket separately SWITCH show list clear arp inspection mapping counter clear arp inspection statistics clear cpu statistics PORTS clear ip bgp clear ip bgp in clear ip bgp in prefix filter clear ip bgp ipv4 ...

Page 45: ...cp class level 0 15 COMMAND all no privilege dhcp pool class level 0 15 COMMAND all no privilege enable level 0 15 COMMAND all no privilege interface level 0 15 COMMAND all no privilege ospf level 0 15 COMMAND all no privilege pim level 0 15 COMMAND all no privilege rip level 0 15 COMMAND all no privilege rmon alarm level 0 15 COMMAND all no privilege rmon event level 0 15 COMMAND all no privilege...

Page 46: ...word changed SWITCH config user add test1 level 1 level1user Changing password for test1 Enter the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers Enter new password Enter Bad password too short Warning weak password continuing Re enter new password Enter Password changed SWITCH config show user User name Description Level test...

Page 47: ...ng command Command Mode Description telnet DESTINATION TCP PORT Enable Connects to a remote host DESTINATION IP address or host name In case of telnet connection you should wait for OK message when you save a system configuration Otherwise all changes will be deleted when the telnet session is discon nected SWITCH write memory OK SWITCH The system administrator can disconnect users connected from ...

Page 48: ...configuring auto logout function as 60 seconds and view ing the configuration SWITCH config exec timeout 60 SWITCH config show exec timeout Log out time 60 seconds SWITCH config 4 1 8 System Rebooting 4 1 8 1 Manual System Rebooting When installing or maintaining the system some tasks require rebooting the system by various reasons Then you can reboot the system with a selected system OS To restar...

Page 49: ... reboot the system automatically in case memory low occurs as the configured value 1 120 time of memory low 1 10 count of memory low The default is 5 no auto reset cpu memory Bridge Disables auto system rebooting To show auto system rebooting configuration use the following command Command Mode Description show auto reset cpu memory Global Bridge Shows a configuration of auto rebooting function Th...

Page 50: ...223 S323 you can designate one specific interface to access RADIUS or TACACS server To designate an authentication interface use the following command Command Mode Description login radius tacacs interface INTERFACE A B C D Global Designates an authentication interface radius selects RADIUS authentication tacacs selects TACACS authentication INTERFACE interface name A B C D IP address optional 4 2...

Page 51: ...rt number optional acct_port Enters accounting port number optional no login radius server A B C D Global Deletes an added RADIUS server You can add up to 5 RADIUS servers 4 2 4 2 RADIUS Server Priority To specify the priority of a registered RADIUS server use the following command Command Mode Description login radius server move A B C D 1 5 Global Specifies the priority of RADIUS server A B C D ...

Page 52: ...ess KEY authentication key value no login tacacs server A B C D Global Deletes an added TACACS server A B C D IP address You can add up to 5 TACACS servers After adding the TACACS server you should register interface of TACACS server con nected to user s switch Use the following command Command Mode Description login tacacs interface NAME A B C D Registers interface of TACACS server connected to u...

Page 53: ...ion Authentication Type To select the authentication type for TACACS use the following command Command Mode Description login tacacs auth type ascii pap chap Selects the authentication type for TACACS ascii plain text pap password authentication protocol chap challenge handshake authentication protocol no login tacacs auth type Global Deletes a specified authentication type Priority Level You can ...

Page 54: ... used or the amount of data a user has sent and received To set an accounting mode use the following command Command Mode Description login accounting mode none start stop both Global Sets an accounting mode none disables an accounting function start measures start point only stop measures stop point only both measures start and stop point both 4 2 7 Displaying System Authentication To display a c...

Page 55: ...r the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers Enter new password vertex Re enter new password vertex Password changed SWITCH config login local radius enable SWITCH config login remote radius enable SWITCH config login local radius primary SWITCH config login remote host primary SWITCH config login radius server add 100...

Page 56: ...acs interface default SWITCH config login tacacs socket port 1 SWITCH config login tacacs auth type pap SWITCH config login tacacs timeout 10 SWITCH config login tacacs priority level root SWITCH config show login AUTHEN Local login tacacs host Remote login tacacs host Accounting mode both HOST maximum_login_counts 8 RADIUS Radius Servers Key Radius Retries 3 Radius Timeout 3 Radius Interface defa...

Page 57: ... enabled use the command show running config Interface Configuration Mode To open Interface Configuration mode of the interface you are about to enable interface use the following command Command Mode Description interface INTERFACE Global Opens Interface Configuration mode of the interface To enable the interface use the following command Command Mode Description no shutdown Interface Enables the...

Page 58: ...nterface 4 3 4 Static Route and Default Gateway It is possible to configure the static route Static route is a route which user configures manually Packets are transmitted to the destination through static route Static route in cludes destination address neighbor router to receive packet the number of routes that packets have to go through To configure static route use the following command Comman...

Page 59: ... and CEF updates the FIB Because there is a one to one corre lation between FIB entries and routing table entries the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with switching paths such as fast switching and optimum switching FIB is used for making IP destina tion prefix based switching decisions and maintaining next hop address informatio...

Page 60: ...followings are examples of enabling interface 1 in two ways On Configuration Mode SWITCH configure terminal SWITCH config interface noshutdown 1 SWITCH config On Interface Configuration Mode SWITCH configure terminal SWITCH config interface 1 SWITCH config if no shutdown SWITCH config if Sample Configuration 2 The following is an example of assigning IP address 192 168 1 10 to 1 SWITCH config if i...

Page 61: ...Client Assigning Specific Authentication Key 4 4 1 1 Enabling SSH Server To enable disable SSH server use the following command Command Mode Description ssh server enable Enables SSH server ssh server disable Global Disables SSH server 4 4 1 2 Displaying On line SSH Client To display SSH clients connected to SSH server use the following command Command Mode Description show ssh Enable Global Shows...

Page 62: ...tion Key 4 4 2 1 Login to SSH Server To login to SSH server after configuring the hiD 6615 S223 S323 as SSH client use the following command Command Mode Description ssh login DESTINATION PUBLIC_KEY Enable Logins to SSH server DESTINATION IP address of SSH server or hostname and account PUBLIC_KEY Specify public key 4 4 2 2 File Copy To copy a file from to SSH server use the following command Comm...

Page 63: ... switch SWITCH_A config ssh keygen dsa Generating public private dsa key pair Enter file in which to save the key etc ssh id_dsa Enter passphrase empty for no passphrase networks Enter same passphrase again networks Your identification has been saved in etc ssh id_dsa Your public key has been saved in etc ssh id_dsa pub The key fingerprint is d9 26 8e 3d fa 06 31 95 f8 fe f6 59 24 42 47 7e root hi...

Page 64: ...S accesses through the mutual authentication system of server authentication and personal authentication and it is possible to guarantee high security because of mutual authentication system At a request of user Authentication from user s PC EAPOL Start type of packets are transmitted to authenticator and authenticator again requests identification After getting respond about identification reques...

Page 65: ...hey register each other s IP address The data is the key and should be the same value for each other For the key value every kinds of character can be used except for the space or special character Suppliant Authenticator Authentication Server RADIUS Server RADIUS Servers A 10 1 1 1 B 20 1 1 1 C 30 1 1 1 J 100 1 1 1 Response Authentication request in order Designate as default RADIUS server Fig 4 ...

Page 66: ...thentication information between the authenticator and RADIUS server The authenticator and RADIUS server must have a same key value and you can use alpha betic characters and numbers for the key value The space or special character is not al lowed You can configure the priority for the radius server that have configured by user Command Mode Description dot1x radius server move IP ADDRESS NAME prio...

Page 67: ...rt control PORTS Global Deletes the configuration of the way of authorization to control port auto Follows the authentication of RADIUS server force authorized Gives the authorization to a client even though RADIUS server didn t approve it force unauthorized Don t give the authorization to a client even though RADIUS server authenticates it 4 5 1 6 Configuring Interval for Retransmitting Request I...

Page 68: ...waits for a response from RADIUS server during the configured time before resending the request To set the interval of request to RADIUS server use the following command Command Mode Description dot1x radius server timeout 1 120 Global Configures the interval of request to RADIUS server 1 120 1 120 seconds Default value 1 You should consider the distance from the server for configuring the interva...

Page 69: ... period between re authentication attempts 4 5 2 3 Configuring the Interval of Requesting Re authentication When the authenticator sends Request Identity packet for re authentication and no re sponse is received from the suppliant for the number of seconds the authenticator re transmits the request to the suppliant In hiD 6615 S223 S323 you can set the number of seconds that the authenticator shou...

Page 70: ... the system use the following command Command Mode Description dot1x default PORTS Global Applies the default value 4 5 5 Displaying 802 1x Configuration To display 802 1x configuration use the following command Command Mode Description show dot1x PORTS Enable Global Shows 802 1x configuration 4 5 6 802 1x User Authentication Statistic To display the statistics about the process of 802 1x user aut...

Page 71: ...d u MacEnable MacAuthed p port based m mac based a authenticated u unauthenticated SWTICH config The following is configuring a term of re authentication as 1800 and a tem of re authentication as 1000 sec SWTICH config dot1x timeout quiet period 1000 4 SWTICH config dot1x timeout reauth period 1800 4 SWTICH config dot1x reauth enable 4 SWTICH config show dot1x 4 Port 4 SystemAuthControl Enabled Pr...

Page 72: ...UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 72 A50010 Y3 C150 2 7619 PortAuthed MacEnable m MacAuthed u p port based m mac based a authenticated u unauthenticated SWTICH config ...

Page 73: ...h port is different depending on its features Read the below instruction carefully and follow it before you configure Refer to below figure for front interfaces of hiD 6615 S223 S323 RUN RPU DIAG RX LNK ACT MGMT CONSOLE TX 1 1 2 3 4 5 6 7 8 9 10 11 12 L A S323 1 G 2 3 4 5 6 7 8 9 10 11 12 SURPASS hiD 6615 Fig 5 1 hiD 6615 S223 S323 Interface To display the configuration of the physical port use th...

Page 74: ...port number Default enable The following is an example of disabling the Ethernet port 1 to 3 SWITCH config bridge SWITCH bridge show port 1 5 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 1 Ethernet 1 Up Down Auto Half 0 Off N 2 Ethernet 1 Up Down Auto Half 0 Off N 3 Ethernet 1 Up Down Auto Half 0 Off N 4 Ethernet 1 Up Down Auto Half 0 Off N 5 Ethernet 1 Up Down Auto Half 0 Off N SWITCH b...

Page 75: ...gure transmit rate or duplex mode of connected equipment even when auto negotiation is enabled For example when you configure transmit rate as 10Mbps with configured auto negotiation a port is worked by the standard 10Mbps full duplex mode By default auto negotiation is activated in 10 100 1000Base TX port of the hiD 6615 S223 S323 However you cannot configure auto nego in fiber port The following...

Page 76: ...Description port duplex PORTS full half Bridge Sets full or half duplex mode of specified port enter the port number The following is an example of configuring duplex mode of port 1 as half mode and show ing it SWITCH bridge show port 1 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 1 Ethernet 1 Up Up Force Full 100 Off Y SWITCH bridge port duplex 1 half SWITCH bridge show port 1 NO TYPE P...

Page 77: ... MODE FLOWCTRL INSTALLED ADMIN OPER 25 Ethernet 1 Up Down Auto Half 0 On Y SWITCH bridge 5 2 6 Port Description To specify a description of an Ethernet port use the following command Command Mode Description port description PORTS DESCRIPTION Specifies a description of an Ethernet port no port description PORTS Bridge Deletes description of specified port To view description of port use the follow...

Page 78: ...thernet port The following is an example of displaying traffic average of port 1 SWITCH bridge show port statistics avg pkt 1 Slot Port Tx Rx Time pkts s bits s pkts s bits s port 1 5 sec 1 608 120 61 848 1 min 3 3 242 122 62 240 10 min 0 440 39 20 272 SWITCH bridge The following is an example of displaying RMON statistic counters of port 1 SWITCH bridge show port statistics rmon 1 Port1 EtherStat...

Page 79: ...se the following command Command Mode Description clear cpu statistics PORTS Global Bridge Deletes all CPU statistics for an Ethernet port 5 2 7 3 The Protocol statistics To enable disable protocol statistics Command Mode Description protocol statistics enable dis able arp icmp ip tcp udp Global Bridge To display protocols statistics of Ethernet port use the following command Command Mode Descript...

Page 80: ...8 Ethernet 1 Up Down Auto Full 0 Off Off Y 9 Ethernet 1 Up Down Auto Full 0 Off Off Y 10 Ethernet 1 Up Down Auto Full 0 Off Off Y 11 Ethernet 1 Up Down Auto Full 0 Off Off Y 12 Ethernet 1 Up Down Auto Full 0 Off Off Y SWITCH 5 2 9 Initializing Port Statistics To clear all recorded statistics of port and initiate use the following command It is possi ble to initiate statistics of port and select sp...

Page 81: ... many mirrored ports for one switch Step 1 Activate the port mirroring using the following command Command Mode Description mirror enable Bridge Activates port mirroring Step 2 Designate the monitor port use the following command Command Mode Description mirror monitor PORTS I cpu Bridge Designates the monitor port Step 3 Designate the mirrored ports use the following command Command Mode Descript...

Page 82: ...r monitor Bridge Disable port mirroring function The following is an example of configuring port mirroring with a port Step 1 Connect a motoring PC to the monitor port of the switch Step 2 Enable mirroring function SWITCH bridge mirror enable SWITCH bridge Step 3 Configure the monitor port 1 and mirroring port 2 3 4 and 5 SWITCH bridge mirror monitor 1 SWITCH bridge mirror add 2 SWITCH bridge mirr...

Page 83: ...istinguish each device connected to network To set a new host name use the following command Command Mode Description hostname NAME Creates a host name of the switch enter the name no hostname NAME Global Deletes a configured host name enter the name To see a new host name use the following command Command Mode Description show running config hostname Global Shows the host name The following is an...

Page 84: ...y Time Zone Country City GMT 12 Eniwetok GMT 3 Rio De Janeiro GMT 6 Rangoon GMT 11 Samoa GMT 2 Maryland GMT 7 Singapore GMT 10 Hawaii Honolulu GMT 1 Azores GMT 8 Hong Kong GMT 9 Alaska GMT 0 London Lisbon GMT 9 Seoul Tokyo GMT 8 LA Seattle GMT 1 Berlin Rome GMT 10 Sydney GMT 7 Denver GMT 2 Cairo Athens GMT 11 Okhotsk GMT 6 Chicago Dallas GMT 3 Moscow GMT 12 Wellington GMT 5 New York Miami GMT 4 Te...

Page 85: ...erver use the following command Command Mode Description ntp bind address A B C D Assigns IP address which receiving the message from server during transmitting the messages with NTP server no ntp bind address Global Deletes the binding IP address 6 1 6 Simple Network Time Protocol SNTP NTP Network Time Protocol and SNTP Simple Network Time Protocol are the same TCP IP protocol in that they use th...

Page 86: ...figuration use the following command Command Mode Description show sntp Enable Global Show SNTP configuration The following is to register SNTP server as 203 255 112 96 and enable it SWITCH config sntp 203 255 112 96 SWITCH config show sntp sntpd is running Time Servers 1st 203 255 112 96 SWITCH config You can configure up to 3 servers so that you use second and third servers as backup use in case...

Page 87: ...fail Global Restores a default banner To display a current login banner use the following command Command Mode Description show banner Enable Global Shows a current login banner 6 1 9 DNS Server To set a DNS server use the following command Command Mode Description dns server A B C D Sets a DNS server no dns server A B C D Global Removes a DNS server show dns Enable Global Shows a DNS server If a ...

Page 88: ...les the daemon operation You can display PID of daemon with the show process command SWITCH show process USER PID CPU MEM VSZ RSS TTY STAT START TIME COMMAND admin 1 0 0 0 5 1448 592 S 15 56 0 03 init 3 admin 2 0 0 0 0 0 0 S 15 56 0 00 keventd admin 3 0 0 0 0 0 0 SN 15 56 0 00 ksoftirqd_CPU0 admin 4 0 0 0 0 0 0 S 15 56 0 00 kswapd More 6 1 12 System Threshold You can configure the switch with vari...

Page 89: ... show a configured threshold of port traffic use the following command Command Mode Description show port threshold Enable Global Shows a configured threshold of port traffic 6 1 12 3 Fan Operation The system fan will operate depending on a configured fan threshold To set a threshold of port traffic use the following command Command Mode Description threshold fan START TEMP STOP TEMP Sets a thresh...

Page 90: ...g command Command Mode Description threshold memory 20 100 Sets a threshold of system memory in the unit of per cent 20 100 system memory in use no threshold memory Global Deletes a configured threshold of system memory 6 1 13 Enabling FTP Server FTP server is enabled on hiD 6615 S223 S323 by default But this configuration can t provide the security serveice becaue it s easy to access to the port ...

Page 91: ...guration Management You can verify if the system configurations are correct and save them in the system This section contains the following functions Displaying System Configuration Saving System Configuration Auto Saving System Configuration File Restoring Default Configuration 6 2 1 Displaying System Configuration To display a current running configuration of the system use the following command...

Page 92: ...igure the con figuration periodically use the following command Command Mode Description write interval 10 1440 Saves auto configuration periodically 10 1440 auto saving interval Default 10 minute no write interval Global Disables auto saving function 6 2 4 System Configuration File To manage a system configuration file use the following command Command Mode Description copy running config FILENAM...

Page 93: ...he file through FTP you can check the file transmission because hash function is automatically turned on To display a system configuration file use the following command Command Mode Description show startup config Enable Shows a current startup configuration show config list Enable Global Shows a list of configuration files The following is an example of displaying a list of configuration files S...

Page 94: ...rce Routing Tracing Packet Route Displaying User Connecting to MAC Table Running Time of System System Information System Memory Information Average of CPU Load Running Process Displaying System Image Displaying Installed OS Default OS Switch Status Tech Support 6 3 1 Network Connection To verify if your system is correctly connected to the network use the command ping For IP network this command ...

Page 95: ...P address 172 16 1 254 Repeat count 5 5 Datagram size 100 100 Timeout in seconds 2 2 Extended commands n n PING 172 16 1 254 172 16 1 254 100 128 bytes of data Warning time of day goes back 394us taking countermeasures 108 bytes from 172 16 1 254 icmp_seq 1 ttl 255 time 0 058 ms 108 bytes from 172 16 1 254 icmp_seq 2 ttl 255 time 0 400 ms 108 bytes from 172 16 1 254 icmp_seq 3 ttl 255 time 0 403 m...

Page 96: ... Tab 6 3 Options for Ping for Multiple IP Addresses The following is to verify network status between 172 16 157 100 and 172 16 1 254 when IP address of the switch is configured as 172 16 157 100 SWITCH ping Protocol ip Target IP address 172 16 1 254 Repeat count 5 5 Datagram size 100 100 Timeout in seconds 2 2 Extended commands n y Source address or interface 172 16 157 100 Type of service 0 0 Se...

Page 97: ...ute according to the routing theory Fig 6 1 Ping Test for Network Status In the above figure if you perform ping test from PC to C it goes through the route of A B C This is the general case But the hiD 6615 S223 S323 can enable to per form ping test from PC as the route of A E D C Fig 6 2 IP Source Routing B C D E A hiD 6615 PC PING test to C Request Reply The route for general PING test B C D E ...

Page 98: ...ion traceroute ADDRESS traceroute ip ADDRESS Enable Traces packet routes through the network ADDRESS IP address or host name The following is the basic information to trace packet routes Items Description Protocol ip Supports ping test Default is IP Target IP address Sends ICMP echo message by inputting IP address or host name of destination in order to check network status with relative Source ad...

Page 99: ...essing user from remote place SWITCH where admin at ttyp0 from 10 20 1 32 2196 for 30 minutes 35 56 seconds admin at ttyS0 from console for 28 minutes 10 90 seconds SWITCH 6 3 5 MAC Table To display MAC table recorded in specific port use the following command Command Mode Description show mac BRIDGE PORTS Enable Global Bridge Shows MAC table BRIDGE bridge name The following is an example of displ...

Page 100: ... Description show uptime Enable Global Shows running time of the system The following is an example of displaying running time of the system SWITCH show uptime 10 41am up 15 days 10 55 0 users load average 0 05 0 07 0 01 SWITCH 6 3 8 System Information To display the system information use the following command Command Mode Description show system Enable Global Shows the system information The fol...

Page 101: ... display the packet limit of CPU using the following command Command Mode Description show cpu packet limit View Enable Global 6 3 11 Average of CPU Load It is possible to display average of CPU load using the following command Command Mode Description show cpuload View Enable Global Shows threshold of CPU utilization and average of CPU utilization 6 3 12 Running Process The hiD 6615 S223 S323 pro...

Page 102: ...0 00 jffs2_gcd_mtd3 admin 149 0 0 0 3 1784 776 S Jan01 0 00 sbin syslogd m admin 151 0 0 0 2 1428 544 S Jan01 0 00 sbin klogd c 1 admin 103 2 6 2 0 20552 5100 S 20 12 0 53 usr sbin swchd more Omitted SWITCH 6 3 13 Displaying System Image To check a current system image version use the following command Command Mode Description show version Enable Global Shows version of system image To display a s...

Page 103: ... of switch show status power Shows power status show status temp Enable Global Bridge Shows temperature of switch 6 3 17 Tech Support In hiD 6615 S223 S323 you can display the configuration and configuration file log information register memory debugging information using the following commands By checking tech supporting check the system errors and use it for solving the problem Command Mode Desc...

Page 104: ...es information on system and network SNMP agent sends trap to administrator for specific cases Trap is a warning message to alert network status to SNMP administrator The hiD 6615 S223 S323 enhances accessing management of SNMP agent more and limit the range of OID opened to agents The following is how to configure SNMP SNMP Community Information of SNMP Agent SNMP Com2sec SNMP Group SNMP View Rec...

Page 105: ... its own identity To set basic information of SNMP agent use the following command Command Mode Description snmp contact NAME Sets a name of administrator snmp location LOCATION Sets a location of SNMP agent snmp agent address IP ADDRESS Sets an IP address of SNMP agent no snmp contact no snmp location no snmp agent address IP ADDRESS Global Deletes specified basic information for each item The fo...

Page 106: ...CURITY Global Deletes a specified security name enter the security name SECURITY security name show snmp com2sec Enable Global Shows a specified security name The following is an example of configuring SNMP com2sec SWITCH config snmp com2sec TEST 10 1 1 1 PUBLIC SWITCH config show snmp com2sec Com2Sec List SecName Source Community com2sec TEST 10 1 1 1 PUBLIC SWITCH config 7 1 4 SNMP Group You can...

Page 107: ...owing command Command Mode Description show snmp view Enable Global Shows a created SNMP view record The following is an example of creating an SNMP view record SWITCH config snmp view TEST included 410 SWITCH config show snmp view View list view TEST included 410 SWITCH config 7 1 6 Permission to Access SNMP View Record To grant an SNMP group to access a specific SNMP view record use the followin...

Page 108: ...an SNMP agent as user If you register SNMP ver sion 3 user you should configure it with the authentication key To create delete SNMP version 3 user use the following command Command Mode Description snmp user USER md5 sha AUTH KEY des PRIVATE KEY Creates SNMP version 3 user USER enters user name AUTH KEY Authentication passphrase min length 8 PRIVATE KEY Privacy passphrase min length 8 no snmp use...

Page 109: ...ADDRESS Global Deletes a specified information trap host You can set maximum 16 SNMP trap hosts with inputting one by one The following is an example of setting an SNMP trap host SWITCH config snmp trap host 10 1 1 3 SWITCH config snmp trap host 20 1 1 5 SWITCH config snmp trap host 30 1 1 2 SWITCH config 7 1 8 2 SNMP Trap Mode To select an SNMP trap mode use the following command Command Mode Des...

Page 110: ...e will be shown temperature threshold is shown when the system temperature exceeds the thresh old configured by user Also when system temperature falls below the threshold trap message will be shown dhcp lease is shown when there is no more IP address can be assigned in subnet of DHCP server Even if only one subnet does not have IP address to assign when there are several subnets this trap message...

Page 111: ...n power snmp trap module Global Configures the system to send SNMP trap when there is any problem in module 7 1 8 4 Disabling SNMP Trap To disable SNMP trap use the following command Command Mode Description no snmp trap auth fail no snmp trap cold start no snmp trap link up PORTS NODE no snmp trap link down PORTS NODE no snmp trap cpu threshold no snmp trap port threshold no snmp trap temp thresh...

Page 112: ...e Status auth fail enable cold start enable cpu threshold enable port threshold enable dhcp lease enable power enable module enable fan enable temp threshold enable SWITCH config 7 1 9 SNMP Alarm The hiD 6615 S223 S323 provides an alarm notification function The alarm will be sent to a SNMP trap host whenever a specific event in the system occurs through CLI and ACI E You can also set the alarm se...

Page 113: ...arm severity criterion to make an alarm be shown only in case of se lected severity or higher For example if an alarm severity criterion has been set to major you will see only an alarm whose severity is major or critical To configure alarm severity criteria in CLI use the following command Command Mode Description snmp alarm severity criteria critical major minor warning intermediate Global Confi...

Page 114: ... Configures the priority of memory over alarm snmp alarm severity mfgd block critical major minor warning intermediate Configures the priority of MFGD block alarm snmp alarm severity port link down critical major minor warning intermediate Configures the priority of port link down alarm snmp alarm severity port remove critical major minor warning intermediate Configures the priority of port remove...

Page 115: ...no snmp alarm severity temperature high Global Deletes a configured alarm severity 7 1 9 5 ADVA Alarm Severity To configure a severity of alarms for ADVA status use the following command Command Mode Description snmp alarm severity adva fan fail critical major minor warning intermediate Sends alarm notification with the sever ity when ADVA informs fan fail snmp alarm severity adva if misconfig cri...

Page 116: ...ver ity when ADVA informs the voltage is low If you want to clear a configured ADVA alarm prioirity use the following command Command Mode Description no snmp alarm severity adva fan fail no snmp alarm severity adva if misconfig no snmp alarm severity adva if opt thres no snmp alarm severity adva if rcv fail no snmp alarm severity adva if sfp mismatch no snmp alarm severity adva if trans fault no ...

Page 117: ...o snmp alarm severity erp domain ulotp Global Deletes a configured severity of alarm for ERP status 7 1 9 7 STP Guard Alarm Severity To configure a severity of alarm for STP guard status use the following command Command Mode Description snmp alarm severity stp bpdu guard critical major minor warning intermediate Sends alarm notification with the severity when there is stp bpdu guard problem snmp ...

Page 118: ...how snmp alarm history cold start minor Fri Mar 25 15 30 56 2005 System booted SWITCH config snmp clear alarm history SWITCH config show snmp alarm history SWITCH config To display a current alarm report use the following command Command Mode Description show snmp alarm report Enable Global Shows a current alarm report To deletes a recorded alarm report in the system use the following command Comm...

Page 119: ...OAM capabilities to Ethernet like interfaces These manage ment capabilities were introduced to provide some basic OAM function on Ethernet media EFM OAM is complementary not competitive with SNMP management in that it provides some basic management functions at Layer 2 rather than using Layer 3 and above as required by SNMP over an IP infrastructure OAM provides single hop functionality in that it...

Page 120: ...nformation by using TX To enable disable the function use the following command Command Mode Description oam local unidirection enable PORTS Sends the information by using TX oam local unidirection disable PORTS Bridge Disables to transmit the information by using TX 7 2 4 Remote OAM To enable disable remote OAM use the following command Command Mode Description oam remote oam admin 1 2 enable POR...

Page 121: ...5 PORTS oam remote general user 1 4 STRING PORTS oam remote system interface unforced forceA forceB PORTS oam remote system interval 0 255 PORTS oam remote system mode master slave PORTS oam remote system reset PORTS Bridge Shows the information of peer host using OAM func tion 7 2 5 Displaying OAM Configuration To display OAM configuration use the following command Command Mode Description show o...

Page 122: ...ow oam local 25 LOCAL PORT 25 item value admin ENABLE mode ACTIVE mux action FORWARD par action DISCARD variable UNSUPPORT link event UNSUPPORT loopback SUPPORT disable uni direction UNSUPPORT disable SWITCH bridge show oam remote 25 REMOTE PORT 25 item value mode ACTIVE MAC address 00 d0 cb 27 00 94 variable UNSUPPORT link event UNSUPPORT loopback SUPPORT enable uni direction UNSUPPORT SWITCH bri...

Page 123: ...atus is disabled it informs that the port is disabled to near switches And the switch that receives the information from near switches processes LLDP frame and saves the information of the other switches The information received from other switches is aged 7 3 2 LLDP Operation Type If you activated LLDP on a port configure LLDP operation type Each LLDP operation type works as the follow both sends...

Page 124: ...ime and times of LLDP message use the fol lowing command Command Mode Description lldp msg txinterval 5 32768 Configures the interval of sending LLDP message The unit is second lldp msg txhold 2 10 Bridge Configures the periodic times of LLDP message Default for sending LLDP message is 4 times in every 30 seconds 7 3 5 Interval and Delay Time In hiD 6615 S223 S323 the administrator can configure t...

Page 125: ...n accumulated statistics on the port The following is to configure to enable LLDP function on Bridge Configuration mode through port number 10 of the switch and operate it SWITCH bridge show lldp config 10 GLOBL MsgTxInterval 30 MsgTxHold 4 txTTL 120 ReInitDelay 2 TxDelay 2 PORTS active adminStat optTLVs 10 disable Tx Rx 0xf PortDesc SysName SysDesc SysCap SWITCH bridge lldp enable 10 SWITCH bridg...

Page 126: ...cket Capture and Event The system supports two MIB groups of them most basic ones Sta tistics only for uplink ports and History 7 4 1 RMON History RMON history is periodical sample inquiry of statistical data about each traffic occurred in Ethernet port Statistical data of all ports are pre configured to be monitored at 30 minute interval and 50 statistical data stored in one port It also allows y...

Page 127: ...al Data To specify a source port of statistical data use the following command Command Mode Description data source NAME RMON Specifies a data object ID NAME enters a data object ID ex ifindex n1 port1 7 4 1 2 Subject of RMON History To identify subject using RMON history use the following command Command Mode Description owner NAME RMON Identifies subject using related data enter the name max 32 ...

Page 128: ...1 6 Deleting Configuration of RMON History When you need to change a configuration of RMON history you should delete an existing RMON history To delete RMON history use the following command Command Mode Description no rmon history 1 65535 RMON Deletes RMON history of specified number enter the value for deleting 7 4 1 7 Displaying RMON History To display RMON history use the following command Com...

Page 129: ...tive Activate the event do To run exec commands in config mode exit End current mode and down to previous mode falling event Associate the falling threshold with an existing RMON event falling threshold Define the falling threshold help Description of the interactive help system owner Assign the owner who define and is using the history resources rising event Associate the rising threshold with an...

Page 130: ... RMON Compares object with the threshold directly Delta comparison compares difference between current data and the latest data with the threshold For instance in order to know the point of variable notation rule 100 000 more than the former rule configure apCntHits as Delta comparison To configure delta com parison use the following command Command Mode Description sample type delta RMON Compares...

Page 131: ... is less than threshold or the first point when object is more than threshold or less than threshold To configure the first RMON alarm to occur when object is less than lower bound of threshold first use the following command Command Mode Description startup type falling RMON Configures the first RMON Alarm to occur when object is less than lower bound of threshold first To configure the first ala...

Page 132: ...command Command Mode Description no rmon alarm 1 65535 Global Deletes RMON history of specified number enter the value for deleting 7 4 2 10 Displaying RMON Alarm To display RMON alarm use the following command Command Mode Description show running config rmon alarm All Shows a configured RMON alarm 7 4 3 RMON Event RMON event identifies all operations such as RMON alarm in the switch You can conf...

Page 133: ...ing various data from event To identify subject of RMON event use the following command Command Mode Description owner NAME RMON Identifies subject of event You can use maximum 126 characters and this subject should be same with the subject of RMON alarm 7 4 3 4 Event Type When RMON event happened you need to configure event type to arrange where to send event To configure event type use the follo...

Page 134: ... configuration of RMON event you should delete RMON event of the number and configure it again To delete RMON event use the following command Command Mode Description no rmon event 1 65535 Global Delete RMON event of specified number 7 4 3 7 Displaying RMON Event To display RMON alarm use the following command Command Mode Description show running config rmon event All Shows a configured RMON even...

Page 135: ...ng notice info debug console Generates a syslog message of selected level or higher and forwards it to the console syslog output emerg alert crit err warning notice info debug local volatile non volatile Generates a syslog message of selected level or higher in the system memory volatile deletes a syslog message after restart non volatile reserves a syslog message syslog output emerg alert crit er...

Page 136: ...erg alert crit err warning notice info remote IP ADDRESS Global Generates a user defined syslog mes sage with a priority and forwards it to a remote host To disable a user defined syslog output level use the following command Command Mode Description no syslog output priority auth authpriv cron daemon kern local1 local2 local3 local4 local5 local6 local7 lpr mail news sys log user uucp emerg alert...

Page 137: ...es efficiently To set a facility code use the following command Command Mode Description syslog local code 0 7 Sets a facility code no syslog local code Global Deletes a specified facility code The following is an example of configuring priority of all syslog messages which is trans mitted to remote host 10 1 1 1 as the facility code 0 SWITCH config syslog output err remote 10 1 1 1 SWITCH config ...

Page 138: ...g Syslog Message To display a received syslog message in the system memory use the following command Command Mode Description show syslog local volatile non volatile NUMBER Shows a received syslog message volatile removes a syslog message after restart non volatile reserves a syslog message NUMBER shows the last N syslog messages show syslog local volatile non volatile reverse Enable Global Shows ...

Page 139: ...ng traf fics However in case of overloading traffics QoS can apply processing order to traffic by reorganizing priorities according to its importance By favor of QoS you can predict net work performance in advance and manage bandwidth more effectively 7 6 1 How to Operate Rule and QoS For the hiD 6615 S223 S323 rules operate as follows Rule Creation To classify the packets according to the specifi...

Page 140: ... name After opening Rule Configuration mode the prompt changes from SWITCH config to SWITCH config rule name After opening Rule Configuration mode a rule can be configured by user The rule priority rule match rule action and action parameter s can be configured for each rule 1 The rule name must be unique Its size is limited to 63 significant characters 2 The order in which the following configura...

Page 141: ...0 7 802 1p priority value any any 802 1p priority value ignore tos 0 255 any Classifies all ToS field 0 255 ToS value any any ToS value ignore ip prec 0 7 any Classifies an IP precedence 0 7 IP precedence value any any IP precedence value ignore length 21 65535 any Classifies a packet length 21 65535 IP packet length any any IP packet length ignore ethtype TYPE NUM arp any Classifies the Ethernet ...

Page 142: ...y any source destination IP address tcp TCP udp UDP ip A B C D A B C D M any A B C D A B C D M any tcp udp 0 65535 any 0 65535 any Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address tcp TCP udp UDP 0 65535 TCP UDP source destination port number any any TCP UDP source destination port ip A B...

Page 143: ... 7 CoS value match cos 0 7 overwrite Overwrites 802 1p CoS field in the packet 0 7 CoS value match cos same as tos overwrite Overwrites 802 1p CoS field in the packet same as IP ToS precedence bits match ip prec 0 7 Changes IP ToS precedence bits in the packet 0 7 ToS precedence value match ip prec same as cos Changes IP ToS precedence bits in the packet same as 802 1p CoS value match bandwidth BA...

Page 144: ...ription no match deny Denies a packet no match redirect PORT Redirects to specified egress port PORT uplink port number e g 25 28 no match mirror Sends a copy to mirror monitoring port no match dscp 0 63 Changes DSCP field enter DSCP value no match cos 0 7 Changes 802 1p class of service enter CoS value 0 7 CoS value no match cos 0 7 overwrite Overwrites 802 1p CoS field in the packet 0 7 CoS valu...

Page 145: ...ntains bad or unsupported values or conflicts to other rules In this case the switch informs about the reason and the operator may correct the values 2 The switch may reject a rule with the message Already exist rule allthough the name will not be listed by command show rule Unfortunately the entered name in this case interferes with the name of an internally managed rule Remedy Select another nam...

Page 146: ... rule profile and showing it SWITCH configure terminal SWITCH config rule jean create SWITCH config rule jean priority low SWITCH config rule jean match copy to cpu SWITCH config rule jean apply SWITCH config rule jean exit SWITCH config rule jean create Already exist rule SWITCH config show rule rule jean priority low port any any match copy to cpu SWITCH config rule jean modify SWITCH config rul...

Page 147: ...t 1 Weight 1 Weight 1 Weight 1 Weight 2 Weighted Round Robin Scheduler Fig 7 1 Weighted Round Robin Weighted Fair Queuing WFQ Weighted fair queuing WFQ provides automatically sorts among individual traffic streams without requiring that you first define access lists It can manage one way or two way streams of data traffic between pairs of applications or voice and video In WFQ packets are sorted i...

Page 148: ...ut data without low priority might be delayed and piled up This method has a strong point of providing the distin guished service with a simple way However if the packets having higher priority enter the packets having lower priority are not processed 3 7 6 7 7 4 1 The processing order in Strict Priority Queuing in case of entering packets having the Queue numbers as below 3 3 4 7 Output Scheduler...

Page 149: ...se the following command Command Mode Description qos weight PORTS 0 3 1 15 unlimited Global Sets a weight for each port and queue PORTS port numbers 0 7 queue number 1 15 weight value default 1 unlimited strict priority queuing 7 6 3 3 802 1p Priory to queue Mapping For the hiD 6615 S223 S323 it is possible to configure how packets having a certain 802 1p priority will be stored into which queue ...

Page 150: ...3 4 2047 Sets a maximum packet size per queue for egress port PORTS port numbers 0 3 queue number qos seglimit PORTS 0 3 1 8191 Sets a maximum segment per queue for egress port PORTS port numbers 0 3 queue number no qos ibp PORTS no qos pktlimit PORTS 0 3 no qos seglimit PORTS 0 3 Global Restroes it as a default 7 6 3 5 Displaying QoS To display a configuration of QoS enter following command Comma...

Page 151: ...y packet classification and rule action s can be configured for each rule 1 The rule name must be unique Its size is limited to 63 significant characters 2 The order in which the following configuration commands will be entered is arbitrary 3 The configuration of a rule being configured can be changed as often as wanted inclusive rule type until the command apply will be entered 4 Use the command ...

Page 152: ... protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address icmp ICMP 0 255 ICMP message type number 0 255 ICMP message code number ip A B C D A B C D M any A B C D A B C D M any tcp udp Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any so...

Page 153: ...ermit Admin rule Deletes a specified rule action 7 6 4 5 Applying Rule After configuring rule using the above commands apply it to the system with the following command If you do not apply a rule to the system all specified rules will be lost To save and apply an admin access rule use the following command Command Mode Description apply Admin rule Applies an admin access rule to the system 1 The s...

Page 154: ... a rule use the following command Command Mode Description no rule admin Deletes an admin access rule enter a rule name op tionally no rule all Global Deletes all rules and admin access rules 7 6 4 7 Displaying Rule The following command can be used to show a certain rule by its name all rules of a cer tain type or all rules at once sorted by rule type Command Mode Description show rule admin Show...

Page 155: ...ing function Internet Information Shared Needs to prevent sharing information between customers LAN environment for Internet Service Fig 7 4 NetBIOS Filtering Without NetBIOS filtering customer s data may be opened to each other even though the data should be kept To keep customer s information and prevent sharing information in the above case NetBIOS filtering is necessary Command Mode Descriptio...

Page 156: ...lter INTERFACE Global Blocks packets which bring different source IP address from specified interface INTERFACE enter the interface name It is not possible to configure both QoS and Martian filter at the same time To disable the configured Martian filter function use the following command Command Mode Description no ip martian filter INTERFACE Global Disables a configured Martian filter function I...

Page 157: ...SWTICH bridge To display configured max host use the following command Command Mode Description show max hosts Enable Global Bridge Shows configured max host The following is an example of displaying configured max hosts SWITCH bridge show max hosts port 1 0 5 current max port 2 0 5 current max port 3 0 2 current max port 4 0 Unlimited current max port 5 0 Unlimited current max port 6 0 Unlimited ...

Page 158: ...ady counted disappears before passing 1 second and starts learning again it is not counted In case the same MAC is detected on the other port also it is not counted again For example if MAC that was learned on port 1 is detected on port 2 it is supposed that MAC moved to the port 2 So it is deleted from the port 1 and learned on the port 2 but it is not counted 7 10 Port Security You can use the p...

Page 159: ...l you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the Security Violation counter to increment shutdown puts the interface into the error disabled state immediately and sends an SNMP trap notification Step 4 Enter a secure MAC address for the port Command Mode Description port security PORTS mac address MACADDR vlan NAME Bridge Sets a secure MAC add...

Page 160: ... violation aging type static maximum current 7 enabled shutdown absolute 1 0 port vlan secure mac addr status in use SWITCH bridge 7 10 2 Port Security Aging Port security aging is to set the aging time for all secure addresses on a port Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addr...

Page 161: ...curity PORTS Enable Global Bridge Shows port security on the port 7 11 MAC Table A dynamic MAC address is automatically registered in the MAC table and it is removed if there is no access to from the network element corresponding to the MAC address during the specified MAC aging time On the other hand a static MAC address is manually reg istered by user This will not removed regardless of the MAC ...

Page 162: ...E Deletes static MAC addresses enter the bridge name no mac NAME PORT Deletes static MAC addresses NAME enter the bridge name PORT enter the port number no mac NAME PORT MACADDR Bridge Deletes a specified static MAC address NAME enter the bridge name PORT enter the port number MACADDR enter the MAC address To display a MAC table in the switch use the following command Command Mode Description show...

Page 163: ...pecified port By default basic filtering policy provided by system is configured to permit all packets in each port Sample Configuration This is an example of blocking all packets in port 1 3 and port 7 SWTICH bridge mac filter default policy deny 5 10 SWTICH bridge mac filter default policy permit 2 SWTICH bridge show mac filter default policy PORT POLICY PORT POLICY 1 PERMIT 2 PERMIT 3 PERMIT 4 ...

Page 164: ...o delete MAC filtering function use the following command Command Mode Description no mac filter Bridge Deletes all MAC filtering functions 7 12 4 Listing of MAC Filter Policy If you need to make many MAC filtering policies at a time it is hard to input command one by one In this case it is more convenient to save MAC filtering policies at etc mfdb conf and display the list of MAC filtering policy...

Page 165: ...s MAC address Ethernet Switch needs 48 bit MAC address to transmit packets In this case the process of finding proper MAC ad dress from IP address is called as address resolution On the other hand the progress of finding proper IP address from MAC address is called as reverse address resolution Siemens switches find MAC address from IP address through address resolution protocol ARP This chapter c...

Page 166: ...ts of ARP table use one of the following command Command Mode Description no arp A B C D Negates a command or set sets its default no arp A B C D INTERFACE Global Negates a command or set sets its default enter the IP address and enter the interface name clear arp Deletes all the contents of ARP table clear arp INTERFACE Enable Global Deletes all the contents of ARP table enter the inter face name...

Page 167: ... alias To display ARP alias use the following command Command Mode Description show arp alias Enable Global Shows a registered ARP alias 7 13 3 ARP Inspection ARP provides IP communication by mapping an IP address to a MAC address But a ma licious user can attack ARP caches of systems by intercepting traffic intended for other hosts on the subnet For example Host B generates a broadcast message fo...

Page 168: ...ed with the arp ac cess list NAME command ip arp inspection trust port PORTS Global Configures a connection between switches as trusted PORTS trusted port number To remove the specific ARP Inspection configuration use the following commands Command Mode Description no ip arp inspection validate src mac dst mac ip no ip arp inspection filter NAME vlan VLAN no ip arp inspection trust port PORTS Glob...

Page 169: ...sec and trans mission times as 4 and showing it SWITCH config arp patrol 10 4 SWITCH config show running config Building configuration Current configuration hostname SWITCH Omitted arp patrol 10 4 no snmp SWITCH config 7 13 5 Proxy ARP To configure Proxy ARP you need to enter Interface configuration mode and use the fol lowing command Command Mode Description ip proxy arp Sets proxy ARP at specifi...

Page 170: ...artner who is doing ping test to switch To block echo reply message use the following commands Command Mode Description ip icmp ignore echo all Blocks echo reply message to all partners who are taking ping test to device ip icmp ignore echo broadcast Global Blocks echo reply message to partner who is taking broadcast ping test to device To release the blocked echo reply message use the following c...

Page 171: ...er 8 is changed as binary number it is 1000 In 1000 0 digit is 0 and 1 digit is 0 2 digit is 0 and 3 digit is 1 The digit showed as 1 is 3 and ICMP_DEST_UNREACH means ICMP value is 3 Therefore ICMP_DEST_UNREACH is chosen the message of limiting the transmission time Default is 0x1818 If 1818 as hexadecimal number is changed as binary number it is 1100000011000 By calculating from 0 digit 3 digit 4...

Page 172: ...ommand Mode Description show ip icmp interval Enable Global Shows ICMP interval configuration 7 14 3 Transmitting ICMP Redirect Message User can configure to transmit ICMP Redirect Message Transmitting ICMP Redirect Message is one of the ways preventing DoS Denial of Service and this can make the switch provide the constant service to the hosts SURPASS hiD 6615 transmits more op timized route to t...

Page 173: ...e system it might cause slow down the system operation Not to bring these messages back to source IP address on a specific interface use the following command on Interface Configuration mode Command Mode Description ip unreachables Configures not to bring unreached messages back to their source IP address on interface no ip unreachables Interface Brings all unreached messages back to their source ...

Page 174: ... when transmitted cookies are returned after sending cookies with SYN use the following command Command Mode Description ip tcp syncookies Permits only when transmitted cookies are returned after sending cookies with SYN no ip tcp syncookies Global Disables configuration to permit only when transmitted cookies are returned after sending cookies with SYN 7 16 Packet Dump Failures in network can occ...

Page 175: ...t src ip A B C D dest ip A B C D src port 1 65535 dest port 1 65535 Shows host packet dump debug packet interface INTER FACE port PORTS multicast src ip A B C D dest ip A B C D Shows multicast packet dump debug packet interface INTER FACE port PORTS src ip A B C D dest ip A B C D debug packet interface INTER FACE port PORTS dest ip A B C D Enable Show packet dump by source IP address or destinatio...

Page 176: ...e debug after receive packets as many as the number F FILE Recieves file as filter expression All additional expressions on command line are ignored i INTERFACE Desinate the interface where the intended packets are transmitted If not designated it automatically select a interface which has the lowest number within the system interfaces Loopback is excepted r FILE Read packets from the file which c...

Page 177: ...guration Basically user can save current configuration with write memory command However the dump file is not saved 7 17 Displaying the usage of the packet routing table The packet routing based on host uses L3 table as it s memory It searches the informa tion of destination addess in L3 table to get the Nexthop information and transmits pack ets through Rewriting process If it does not find the i...

Page 178: ...ffic loading because of broadcast you can get cost effective network composition since switch is not needed Strengthened Security When using a shared bandwidth LAN there is no inherent protection provided against unwanted eavesdropping In addition to eavesdropping a malicious user on a shared LAN can also induce problems by sending lots of traffic to specific targeted users or net work as a whole ...

Page 179: ... layers of the architec ture for example by using a Network layer router with connections to two or more VLANs Multicast traffic or traffic destined for an unknown unicast address arriving on any port will be flooded only to those ports that are part of the same VLAN This provides the de sired traffic isolation and bandwidth preservation The use of port based VLANs effec tively partitions a single...

Page 180: ... PVID PORTS enter the port numbers PVIDS enter the PV IDs 1 to 4094 multiple entries possible 8 1 1 3 Assigning Port to VLAN To assign a port to VLAN use the following command Command Mode Description vlan add VLANS PORTS tagged untagged Assigns a port to VLAN VLANS enter the VLAN ID PORTS enter the port number vlan del VLANS PORTS Bridge Deletes associated ports from specified VLAN VLANS enter th...

Page 181: ... protocol based VLAN follow these steps 1 Configure VLAN groups for the protocols you want to use 2 Create a protocol group for each of the protocols you want to assign to a VLAN 3 Then map the protocol for each interface to the appropriate VLAN Command Mode Description vlan pvid PORTS ethertype ETHERTYPE 1 4094 Configures protocol based VLAN PORTS input a port number ETHERTYPE 0x800 1 4094 Vlan I...

Page 182: ... Description vlan precedence MAC SUB NET Bridge Configure precedence between MAC based VLAN and Subnet based VLAN 8 1 5 Tagged VLAN In a VLAN environment a frame s association with a given VLAN is soft the fact that a given frame exists on some physical cable does not imply its membership in any particu lar VLAN VLAN association is determined by a set of rules applied to the frames by VLAN aware s...

Page 183: ...n frame to that VLAN In the case of tagged frame the mapping is simple the tag contains the VLAN identifier for the frame and the frame is assumed to belong to the indicated VLAN That s all there is to it To configure the tagged VLAN use the following command Command Mode Description vlan add VLANS PORTS tagged Bridge Configures tagged VLAN on a port VLANS enter the VLAN ID PORTS enter the port nu...

Page 184: ...tion Source 802 1Q VLAN Tag Type Length LLC Data FCS TPID 8100 Priority Canonical 12 bit identifier VLAN Ethernet Frame Preamble Destination Source 802 1Q VLAN Tag Type Length LLC Data FCS VLAN Tag TPID 8100 9100 Priority Canonical 12 bit identifier TPID 8100 Priority Canonical 12 bit identifier Ethernet Frame using 802 1Q Tunneling Fig 8 3 QinQ Frame Port which connected with Service Provider is ...

Page 185: ...ccess port is configured as Untagged remove SPVLAN If egress port is uplink port transmit as it is Step 4 The hiD 6615 S223 S323 switch has 0x8100 TPID value as default and other values are used as hexadecimal number 8 1 8 2 Double Tagging Configuration Step 1 Designate the QinQ port Command Mode Description vlan dot1q tunnel enable PORTS Bridge Configures a qinq port PORTS selects port number qin...

Page 186: ... protected port cannot transmit any traffic to other protected ports Private VLAN Private VLAN provides L2 isolation within the same Broadcast Domain ports That means another VLAN is created within a VLAN There are three type of VLAN mode Promiscuous A promiscuous port can communicate with all interfaces including the isolated and community ports within a PVLAN Isolated An isolated port has comple...

Page 187: ...t isolation 8 1 9 2 Shared VLAN This chapter is only for Layer 2 switch operation The hiD 6615 S223 S323 is Layer 3 switch but it can be used for Layer 2 also Because there is no routing information in Layer 2 switch each VLAN cannot communicate Especially the uplink port should re ceive packets from all VLANs Therefore when you configure the hiD 6615 S223 S323 as Layer 2 switch the uplink ports h...

Page 188: ... information from MAC table and floods the packets default br2 br3 br4 br5 Outer Network Uplink Port SWITCH bridge show vlan u untagged port t tagged port 1 2 3 4 Name VID FID 123456789012345678901234567890123456789012 default 1 6 u uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2 2 6 u u br3 3 6 u u br4 4 6 u u br5 5 6 u u br6 6 6 uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu SWITCH bridge Fig 8 6 In Case...

Page 189: ...Translation will be applied by Rule Step 3 Designate the VLAN ID that will be changed in the first step by the match vlan 1 4094 command Step 4 Open Bridge Configuration mode using the bridge command Step 5 Add the classified packet to VLAN members of the VLAN ID that will be changed 8 1 11 Sample Configuration Sample Configuration 1 Configuring Port based VLAN The following is assigning vlan id o...

Page 190: ... interface exit SWITCH config bridge SWITCH bridge no vlan 3 SWITCH bridge show vlan u untagged port t tagged port 1 2 3 4 Name VID FID 123456789012345678901234567890123456789012 default 1 1 u u uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2 2 2 u br4 4 4 u SWITCH bridge Sample Configuration 3 Configuring Protocol based VLAN The following is an example of configuring protocol based VLAN on the port 2 ...

Page 191: ...llows You should configure the ports connected to network communicating with PVID 11 as Tagged VLAN port SWITCH 1 SWITCH bridge vlan dot1q tunnel enable 10 SWITCH bridge vlan pvid 10 11 SWITCH bridge show vlan dot1q tunnel Tag Protocol Id 0x8100 d double tagging port 1 2 3 4 Port 123456789012345678901234567890123456789012 dtag d SWITCH bridge SWITCH 2 SWITCH bridge vlan dot1q tunnel enable 11 SWIT...

Page 192: ...vlan add br3 24 untagged SWITCH bridge vlan add br4 24 untagged SWITCH bridge vlan create br5 SWITCH bridge vlan add br5 1 42 untagged SWITCH bridge vlan fid 1 5 5 SWITCH bridge show vlan u untagged port t tagged port 1 2 3 4 Name VID FID 123456789012345678901234567890123456789012 default 1 5 uu uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2 2 5 uu u br3 3 5 uu u br4 4 5 uu u br5 5 5 uuuuuuuuuuuuuuuuuuuuu...

Page 193: ...ng enables you to dynamically group similarly configured interfaces into a sin gle logical link aggregated port to increase bandwidth while reducing the traffic conges tion 8 2 1 1 Configuring Port Trunk To make logical port by aggregating the ports use the following command Command Mode Description trunk 0 5 PORT Adds a port to the aggregation port group trunk distmode 0 5 PORTS dstip dstmac srcd...

Page 194: ...configured trunk port If the user deleted member port from logical port or release port trunk they are automati cally contained as default VLAN 8 2 1 3 Displaying Port Trunk Configuration To display a configuration of port trunk use the following command Command Mode Description show trunk Enable Global Bridge Shows a configuration for trunk 8 2 2 Link Aggregation Control Protocol LACP Link Aggreg...

Page 195: ...iption lacp port PORTS Configures physical port that is member port of aggre gator select the port number s that should be enabled for LACP no lacp port PORTS Bridge Deletes member port of Aggregator select the port number s that should be disabled for LACP 8 2 2 2 Packet Route When packets enter to logical port integrating several ports if there s no process to de cide the packet route it is not ...

Page 196: ... lacp aggregator AGGREGETIONS Bridge Deletes destination MAC address select the aggrega tor ID 8 2 2 3 Operating Mode of Member Port After configuring member port configure the mode of member port There are two kinds of mode Active mode and Passive mode in member port The port of Passive mode starts LACP when there s Active mode on the port of opposite switch The priority of Active mode is higher ...

Page 197: ...t aggregation PORTS Bridge Deletes the configured member port in LACP select the member port 8 2 2 5 BPDU Transmission Rate Member port transmits BPDU with its information For the hiD 6615 S223 S323 it is pos sible to configure the BPDU transmission rate use the following command Command Mode Description lacp port timeout PORTS short long Bridge Configures BPDU transmission rate PORTS select the p...

Page 198: ...mmand Mode Description no lacp port priority PORTS Bridge Deletes port priority of selected member port select the member port number 8 2 2 8 Priority of Switch In case the member ports of connected switches are configured as Active mode LACP system enabled it is required to configure which switch would be a standard for it For this case the user could configure the priority on switch The followin...

Page 199: ...d port show lacp aggregator AGGRE GATIONS Shows the information of selected aggregated port show lacp port Shows the information of member port show lacp port PORTS Shows the information of appropriated member port show lacp statistics Enable Global Bridge Shows aggregator statistics To clear LACP statistics information use the following command Command Mode Description clear lacp statistics Enabl...

Page 200: ... A B PC A sends packet through broadcast or multicast and then the packet keeps rotating It causes superfluous data transmission and network fault STP Spanning Tree Protocol is the function to prevent Loop in LAN with more than two paths and to utilize the double path efficiently It specify in IEEE 802 1d If STP is config ured there is no Loop since it chooses more effective path of them and close...

Page 201: ...gration Bridge Protocol Data Unit Configuration Sample Configuration 8 3 1 STP Operation The 802 1d STP defines port state as blocking listening learning and forwarding When STP is configured in LAN with double path switches exchange their information including bridge ID It is named as BPDU Bridge Protocol Data Unit Switches decide port state based on the exchanged BPDU and automatically decide op...

Page 202: ...and switch with lower path cost is selected to be designated switch Switch B Switch A Priority 9 Switch C Switch D Priority 10 Priority 8 Root Switch Designated Switch Path cost 50 Path cost 100 Path cost 100 Path 2 Path 1 PATH 1 50 100 150 PATH 2 100 100 200 PATH 1 PATH 2 PATH 1 selected Path cost 100 Fig 8 11 Designated Switch In case of the above picture showing SWITCH C sends packet path cost ...

Page 203: ...en path costs of two paths are same port priority is compared As the be low picture suppose that two switches are connected Since the path costs of two paths are 100 same their port priorities are compared and port with smaller port priority is se lected to transmit packet All these functions are automatically performed by BPDU which is the information of switch It is also possible to configure BP...

Page 204: ...f and when the port should consider becoming active in the spanning tree Listening the port is still not forwarding data traffic but is listening to BPDUs in order to compute the spanning tree The port is comparing its own information path cost Bridge Identifier Port Identifier with information received from other candidates and deciding which is best suited for inclusion in the spanning tree Lear...

Page 205: ...ined into discarding Same as STP root port and designated port are de cided by port state But a port in blocking state is divided into alternate port and backup port Alternate port means a port blocking BPDUs of priority of high numerical value from other switches and backup port means a port blocking BPDUs of priority of high numeri cal value from another port of same equipment Switch B Switch A ...

Page 206: ...ecause of the disconnection and forwards BPDU However SWITCH C recognizes root existing so it transmits BPDU including information of root to Bridge B Thus SWITCH B configures a port connected to SWITCH C as new root port Switch B Switch A Switch C BPDU including Root information ROOT New Root Port Low BPDU Fig 8 15 Example of Receiving Low BPDU Rapid Network Convergence A new link is connected be...

Page 207: ... epochal way of preventing a loop The matter is that communication is disconnected during two times of BPDU Forward delay till a port connected to switch D and SWITCH C is blocked Then right after the connection it is possible to transmit BPDU although packet cannot be transmitted between switch A and root Switch B Switch C ROOT Switch D 1 New link created 2 Negotiate between Switch A and ROOT Tra...

Page 208: ...TCH C Switch B Switch C ROOT Switch D 3 Forwarding 3 Negotiate between Switch A and Switch C Traffic Blocking Switch A 3 Negotiate between Switch A and Switch B Traffic Blocking Fig 8 18 Network Convergence of 802 1w 2 SWITCH B has only edge designated port Edge designated does not cause loop so it is defined in 802 1w to be changed to forwarding state Therefore SWITCH B does not need to block spe...

Page 209: ...nd SWITCH A is connected to SWITCH C as designated switch Since SWITCH C which is 802 1d ignores RSTP BPDU it is interpreted that switch C is not connected to any switch or segment Switch A 802 1w Switch B 802 1w Switch C 802 1d STP BPDU RSTP BPDU Fig 8 20 Compatibility with 802 1d 1 However SWITCH A converts a port received BPDU into RSTP of 802 1d because it can read BPDU of SWITCH C Then SWITCH...

Page 210: ...e the same VLAN classi fied with same configuration ID is called MST region In a region there s only a STP so that it is possible to reduce the number of STP comparing to PVSTP There s no limitation for region in a network environment but it is possible to generate Instances up to 64 Therefore instances can be generated from 1 to 64 Spanning tree which operates in each region is IST Internal Spann...

Page 211: ...f B operates with MSTP B will send it s BPDU to CST root and IST root in order to request itself to be CST root However if any BPDU having higher priority than that of B is sent B cannot be CST root For the hiD 6615 S223 S323 the commands configuring MSTP are also used to config ure STP and RSTP 8 3 4 Configuring STP RSTP MSTP PVSTP PVRSTP Mode Required First of all you need to configure force ver...

Page 212: ...as IST root switch Each switch has its own bridge ID and root switch on same LAN is decided by comparing their bridge ID However the user can modify root switch by configuring priority for it The switch hav ing the lowest priority is decided as root switch To change root switch by configuring priority for it use the following command Command Mode Description stp mst priority MSTID RANGE 0 61440 Co...

Page 213: ...ath cost MSTID RANGE PORTS 1 200000000 Sets the path cost to configure route MSTID_RANGE select instance number 0 64 PORTS select the port number 1 200000000 enter the path cost value no stp mst path cost MSTID RANGE PORTS Bridge Deletes the configured path cost enter the instance number and the port number 8 3 5 4 Port priority When all conditions of two switches are same the last standard to dec...

Page 214: ...STP you don t need to configure configuration ID If it is configured error message is displayed To delete configuration ID use the following command Command Mode Description no stp mst config id Delete the entire configured configuration ID no stp mst config id name Deletes the name of region enter the MST region name no stp mst config id map 1 64 VLAN RANGE Deletes entire VLAN map or part of it s...

Page 215: ...t status of the MAC entity by the MAC relay entity To configure the point to point status use the following command Command Mode Description stp point to point mac PORTS auto force true force false Bridge Sets point to point MAC PORTS select the port number auto auto detect force true force to point to point MAC force false force to shared MAC not point to point MAC True means the MAC is connected...

Page 216: ...GE select the MST instance number all select all ports PORTS select port number detail show detail information as option In case STP or RSTP is configured in the SURPASS hiD 6615 S223 S323 you should configure MSTID RANGE as 0 To display a configured MSTP of the switch use the following command Command Mode Description show stp mst config id current pending Enable Global Bridge Shows the MSTP conf...

Page 217: ...ng Blocking Fig 8 24 Example of PVSTP 8 3 6 1 Activating PVSTP PVRSTP To configure PVSTP or PVRSTP configure force version in order to decide the mode In order to decide force version use the following command Command Mode Description stp pvst enable VLAN RANGE Bridge Activates PVSTP or PVRSTP function VLAN RANGE Vlan name PVSTP is activated after selecting PVSTP in Force version using the above c...

Page 218: ... is path cost Generally path cost depends on transmission speed of LAN interface in switch In case the route is overload based on Path cost it is better to take another route By considering the situation the user can configure Path cost of Root port in order to des ignate the route on ones own To configure Path cost use the following command Command Mode Description stp pvst path cost VLAN RANGE P...

Page 219: ...will be elected as a root bridge for this VLAN As a result network topology could be changed This may lead to sub optimal switching But by configuring root guard on switch A no switches be hind the port connecting to switch A can be elected as a root for the service provider s switch network In which case switch A will block the port connecting switch B To configure Root Guard use the following co...

Page 220: ...es However if there are many switches on network it takes lots of time to transmit BPDU And if network status is changed while transmitting BPDU this in formation is useless To get rid of useless information max age is identified in each information Forward Delay Switches find location of another switches connected to LAN though received BPDU and transmit packets Since it takes certain time to rec...

Page 221: ...E 4 30 Bridge Modifies forward delay in PVSTP and PVRSTP enter a delay time value of VLAN default 15 To delete a configured forward delay use the following command Command Mode Description no stp mst forward delay Returns to the default value of STP RSTP and MSTP no stp pvst forward delay VLAN RANGE Bridge Returns to the default value of PVSTP and PVRSTP per VLAN 8 3 9 3 Max Age Max age shows how ...

Page 222: ...l not be sent out of the port To set the BPDU filter on the port use the following command Command Mode Description stp bpdu filter enable disable PORTS Bridge Forbids all STP BPDUs to go out the specific port and not to recognize incoming STP BPDUs the specific port By default it is disabled The BPDU filter enabled port acts as if STP is disabled on the port This feature can be used for the ports...

Page 223: ...which came from other switch the port is recovered automatically after configured time To configure BPDU Guard auto recovery use the following command Command Mode Description stp bpdu guard auto recovery Configures BPDU Guard auto recovery on switch stp bpdu guard auto recovery time 10 1000000 Configures BPDU Guard auto recovery time no stp bpdu guard auto recovery no stp bpdu guard auto recovery...

Page 224: ...ection and a port where loop is happed show self loop detect all PORTS Enable Global Bridge Shows self loop detection status on specified ports all all the ports PORTS selected port 8 3 9 8 Displaying BPDU Configuration To display the configuration for BPDU use the following command Command Mode Description show stp mst MSTID RANGE all PORTS detail show stp mst MSTID RANGE all detail show stp mst ...

Page 225: ... case data packets go to Root switch A through the blue path The black ar rows describe the routine path to the Aggregation Switch And the dot lines are in blocking state But if there is a broken between Switch A and Switch B the data from PC A should find another route at Switch D Switch D can send the data to Switch C and Switch E Be cause Switch E has shorter hop count than Switch B the data ma...

Page 226: ...er 2 Network Design in MSTP Environment The following is an example of configuring MSTP in the switch SWITCH bridge stp force version mstp SWITCH bridge stp mst enable SWITCH bridge stp mst config id map 2 1 50 SWITCH bridge stp mst config id name 1 SWITCH bridge stp mst config id revision 1 SWITCH bridge stp mst config id commit SWITCH bridge show stp mst Status enabled bridge id 8000 00d0cb00018...

Page 227: ...irtual Router A router which has the highest priority is supposed to be Master and Backup Vir tual Routers also get orders depending on priority Routing functionalities such as RIP OSPF BGP VRRP and PIM SM are only available for hiD 6615 S323 Unavailable for hiD 6615 S223 Internet Backup Router 1 IP 10 0 0 1 24 Default Gateway 10 0 0 5 24 Backup Router 2 IP 10 0 0 2 24 Backup Router 3 IP 10 0 0 3 ...

Page 228: ...nable Global Bridge VRRP Shows current configuration of specified interface VRRP To delete the VRRP configuration use the following command Command Mode Description no router vrrp 1 255 Global Configures Virtual Router VRRP Group 1 255 group ID 8 4 1 1 Associated IP Address After configuring a virtual router you need to assign an associated IP address to the vir tual router Assign unified IP addre...

Page 229: ...has higher Priority is to be higher precedence And when devices have same Priority then it compares IP address A device which has lower IP address is to be higher precedence If a problem occurs on Master Router and there are more than two routers one of them is selected as new Master Router according to their precedence To configure Priority of Virtual Router or delete the configuration use the fo...

Page 230: ...ss 10 0 0 5 Layer 3 SWITCH 2 IP Address 10 0 0 2 24 SWTICH2 config router vrrp default 1 SWITCH2 config router associate 10 0 0 5 SWITCH1 config router vr priority 102 SWITCH2 config router exit SWITCH2 config show vrrp default virtual router 1 state master virtual mac address 00 00 5E 00 01 01 advertisement interval 1 sec preemption enabled priority 102 master down interval 3 620 sec 1 associate ...

Page 231: ...p virtual mac address 00 00 5E 00 01 01 advertisement interval 1 sec preemption enabled priority 100 master down interval 3 620 sec 1 associate address 10 0 0 5 8 4 1 4 VRRP Track Function When the link connected to Master Router of VRRP is off as below if link of Master Router is not recognized the users on the interface are not able to communicate because the interface is not able to access to M...

Page 232: ... Router Master Router will be changed at the same time with Link down 3 Fig 8 29 VRRP Track To configure VRRP Track use the following command Command Mode Description track interface INTERFACE pri ority 1 254 VRRP Configures VRRP Track The Priority becomes lower as the configured value To release VRRP Track configuration use the following command Command Mode Description no track interface INTERFA...

Page 233: ...ted vrrp default 1 authentication clear_text network associate 10 0 0 5 no snmp SWITCH config vrrp 8 4 1 6 Preempt Preempt is a function that an added device with the highest Priority user gave is auto matically configured as Master Router without rebooting or specific configuration when you add an other device after Virtual Router is configured To configure Preempt use the following command on VR...

Page 234: ...ackets rcvd with invalid TTL 0 VRRP packets rcvd with invalid version 0 VRRP packets rcvd with invalid VRID 0 VRRP packets rcvd with invalid size 0 VRRP packets rcvd with invalid checksum 0 VRRP packets rcvd with invalid auth type 0 VRRP packets rcvd with interval mismatch 0 SWITCH config To clear the VRRP statistics information use the following command Command Mode Description clear vrrp stat En...

Page 235: ...ort by transmit ting direction Unless you input neither egress nor ingress they are configured to be same To switch egress is incoming packet To display the configured bandwidth use the following com mand Command Mode Description show rate Global Shows the configured bandwidth 8 5 2 Sample Configuration The following is an example of showing the configuration after setting the bandwidth of 64Mbps ...

Page 236: ... port 1 2 3 n n 1 n 2 Configure Flood guard to allow packets as many as n per a second n packets allowed for a second Packets over thrown away Fig 8 30 Rate Limit and Flood Guard 8 6 1 Configuring Flood Guard To configure the number of packets which can be transmitted in a second use the follow ing command Command Mode Description mac flood guard PORTS 1 2000000 Limits the number of packets which ...

Page 237: ...col uses bandwidth information to measure routing distance value To con figure bandwidth of interface use the following command Command Mode Description bandwidth BANDWIDTH Interface Configures bandwidth of interface enter the value of bandwidth The bandwidth can be from 1 to 10 000 000 Kbits This bandwidth is for routing informa tion implement and it does not concern physical bandwidth To delete ...

Page 238: ...t the IP address must be changed DHCP allows you to dy namically assign an IP address to a client from a DHCP server IP address database on the local network The DHCP provides the following benefits Saving Cost Numerous users can access the IP network with a small amount of IP resources in the environment that most users do not have to access the IP network at the same time all day long This allow...

Page 239: ...nd configurations DHCP Pool Creation DHCP Subnet Range of IP Address Default Gateway IP Lease Time DNS Server Manual Binding Domain Name DHCP Server Option Static Mapping Recognition of DHCP Client IP Address Validation Authorized ARP Prohibition of 1 N IP Address Assignment Ignoring BOOTP Request DHCP Packet Statistics Displaying DHCP Pool Configuration To activate deactivate the DHCP function in...

Page 240: ... service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample 8 8 1 2 DHCP Subnet To specify a subnet of the DHCP pool use the following command Command Mode Description network A B C D M Specifies a subnet of the DHCP pool A B C D M network address no network A B C D M DHCP Pool Deletes a specified subnet The following is an example of specifying the subnet as 100 1 1 0 24 SWITCH conf...

Page 241: ...way of the DHCP pool A B C D default gateway IP address no default router A B C D1 A B C D2 A B C D8 Deletes a specified default gateway no default router all DHCP Pool Deletes all the specified default gateways The following is an example of specifying the default gateway 100 1 1 254 SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH...

Page 242: ...erver all DHCP Pool Deletes all the specified DNS servers The following is an example of specifying a DNS server SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sample default router 100 1 1 254 SWITCH config dhcp sample range 100 1 1 1 100 1 1 100 SWITCH config dhcp sample lease time default 5000 SWITCH config dhcp sam...

Page 243: ...efined DHCP option codes or the DHCP option codes only for the DHCP client cannot be specified with this command e g option 82 8 8 1 10 Static Mapping The hiD 6615 S223 S323 provides a static mapping function that enables to assign a static IP address without manually specifying static IP assignment by using a DHCP lease database in the DHCP database agent To perform a static mapping use the follo...

Page 244: ...d ping or ARP when a DHCP server validates an IP address To set a validation value of how many responses from an IP address for a requested ping or ARP use the following command Command Mode Description ip dhcp arp ping packet 0 20 Global Sets a validation value of how many responses 0 20 response value default 2 To set a validation value of timeout for the responses from an IP address for a reque...

Page 245: ...but most DHCP clients like personal computers need only a single IP address In this case you can configure the hiD 6615 S223 S323 to prohibit assigning plural IP addresses to a single DHCP client To prohibit assigning plural IP addresses to a DHCP client use the following command Command Mode Description ip dhcp check client hardware address Prohibits assigning plural IP addresses no ip dhcp check...

Page 246: ...n show ip dhcp pool POOL Shows a DHCP pool configuration show ip dhcp pool summary POOL Enable Global Bridge Shows a summary of a DHCP pool configuration POOL pool name The following is an example of displaying a DHCP pool configuration SWITCH config show ip dhcp pool summary Total 1 Pools Total 0 0 00 of total Available 0 0 00 of total Abandon 0 0 00 of total Bound 0 0 00 of total Offered 0 0 00 ...

Page 247: ...he follow ing command Command Mode Description ip dhcp use class Enables the DHCP server to use a DHCP class to assign IP addresses no ip dhcp use class Global Disables the DHCP server to use a DHCP class 8 8 2 2 DHCP Class Creation To create a DHCP class use the following command Command Mode Description ip dhcp class CLASS Creates a DHCP class and opens DHCP Class Con figuration mode CLASS DHCP ...

Page 248: ...o relay information all DHCP Class Deletes all specified option 82 informa tion 8 8 2 4 Associating DHCP Class To associate a DHCP class with a current DHCP pool use the following command Command Mode Description class CLASS Associates a DHCP class with a DHCP pool and opens DHCP Pool Class Configuration mode CLASS DHCP class name no class CLASS DHCP Pool Releases an associated DHCP class from a c...

Page 249: ...nt and back up inter val A B C D DHCP database agent address INTERVAL 120 2147483637 unit second no ip dhcp database Global Deletes a specified DHCP database agent Upon entering the ip dhcp database command the back up interval will begin To display a configuration of the DHCP database agent use the following command Command Mode Description show ip dhcp database Enable Global Bridge Shows a confi...

Page 250: ...ical subnet The DHCP relay agent for warding is distinct from the normal forwarding of an IP router where IP datagrams are switched between networks somewhat transparently By contrast DHCP relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface The DHCP relay agent sets the gate way address and if configured adds the DHCP option 82 information in th...

Page 251: ...D 6615 S223 S323 will enable a DHCP relay agent You can also specify an organizationally unique identifier OUI when configuring a packet forwarding address The OUI is a 24 bit number assigned to a company or organization for use in various network hardware products which is a first 24 bits of a MAC address If an OUI is specified a DHCP relay agent will forward DHCP_DISCOVER message to a specific D...

Page 252: ...rwarding the normally broadcasted DHCP response only on the circuit indicated in the circuit ID DHCP Address Exhaustion In general a DHCP server may be extended to maintain a DHCP lease database with an IP address hardware address and remote ID The DHCP server should implement poli cies that restrict the number of IP addresses to be assigned to a single remote ID Static Assignment A DHCP server ma...

Page 253: ...stem to add the DHCP option 82 field 8 8 5 2 Option 82 Sub Option The DHCP option 82 enables a DHCP relay agent to include information about itself when forwarding client originated DHCP packets to a DHCP server The DHCP server can use this information to implement security and IP address assignment policies There are 2 sub options for the DHCP option 82 information as follows Remote ID This sub o...

Page 254: ...rcuit ID 8 8 5 3 Option 82 Reforwarding Policy A DHCP relay agent may receive a DHCP packet from a DHCP server or another DHCP relay agent that already contains relay information You can specify a DHCP option 82 re forwarding policy to be suitable for the network To specify a DHCP option 82 reforwarding policy use the following command Command Mode Description policy replace keep policy drop norma...

Page 255: ...physical port normal DHCP packet option82 DHCP option 82 packet all DHCP option 82 packet no trust port all PORTS nor mal option82 all Option 82 Deletes a specified trusted port 8 8 5 5 Simplified DHCP Option 82 In case of a DHCP option 82 environment when forwarding DHCP messages to a DHCP server a DHCP relay agent normally adds a relay agent information option to the DHCP messages and replaces a...

Page 256: ...p Enables a DHCP client on an interface no ip address dhcp Interface Disables a DHCP client 8 8 6 2 DHCP Client ID To specify a client ID use the following command Command Mode Description ip dhcp client client id hex HEXSTRING ip dhcp client client id text STRING Specifies a client ID no ip dhcp client client id Interface Deletes a specified client ID 8 8 6 3 DHCP Class ID To specify a class ID u...

Page 257: ...t to request an option use the following command Command Mode Description no ip dhcp client request domain name dns Interface Configures a DHCP client not to request a specified option 8 8 6 7 Forcing Release or Renewal of DHCP Lease The hiD 6615 S223 S323 supports two independent operation immediate release a DHCP lease for a DHCP client and force DHCP renewal of a lease for a DHCP client To forc...

Page 258: ... DHCP Snooping To enable the DHCP snooping on the system use the following command Command Mode Description ip dhcp snooping Enables the DHCP snooping on the system no ip dhcp snooping Global Disables the DHCP snooping on the system default Upon entering the ip dhcp snooping command the DHCP_OFFER and DHCP_ACK messages from all the ports will be discarded before specifying a trusted port To enable...

Page 259: ...quest IP address at the same time it may cause IP pool exhaustion To set the number of entry registration in DHCP snooping binding table use the following command Command Mode Description ip dhcp snooping limit lease PORTS 1 2147483637 Enables a DHCP lease limit on a specified untrusted port 1 2147483637 the number of entry registration no ip dhcp snooping limit lease PORTS Global Deletes a DHCP l...

Page 260: ...cription ip dhcp snooping database A B C D INTERVAL Specifies a DHCP snooping database agent and back up interval A B C D DHCP snooping database agent address INTERVAL 120 2147483637 unit second no ip dhcp snooping database Global Deletes a specified DHCP snooping database agent To request snooping binding entries from a DHCP snooping database agent use the fol lowing command Command Mode Descript...

Page 261: ...its source IP address Only IP traffic with a source IP address that matches the IP source binding entry is permitted An IP source address filter is changed when a new IP source entry binding is created or deleted on the port which will be recalculated and reapplied in the hardware to reflect the IP source bind ing change By default if the IP filter is enabled without any IP source binding on the p...

Page 262: ...ou cannot configure IP source guard with the ip dhcp verify source and ip dhcp verify source port security commands together 8 8 8 2 Static IP Source Binding The IP source binding table has bindings that are learned by DHCP snooping or manually specified with the ip dhcp verify source binding command The switch uses the IP source binding table only when IP source guard is enabled To specify a stat...

Page 263: ...ation protocol DHCP makes DHCP server assign IP address to DHCP clients automatically and manage the IP address Most ISP operators provide the service as such a way At this time if a DHCP client connects with the equipment that can be the other DHCP server such as Internet access gateway router communication failure might be occurred DHCP filtering helps to operate DHCP service by blocking DHCP re...

Page 264: ...ver packet filtering use the following command Command Mode Description dhcp server filter PORTS Enables the DHCP server packet filtering no dhcp server filter PORTS Bridge Disables the DHCP server packet filtering To display a status of the DHCP server packet filtering use the following command Command Mode Description show dhcp server filter Enable Global Bridge Show a status of the DHCP server ...

Page 265: ...ing Protection ERP is a concept and protocol optimized for fast failure detec tion and recovery on Ethernet ring topologies The Protection of fast failure detection and recovery occurs on RM Node An Ethernet ring consists of two or more switches One of the nodes on the ring is designated as redundancy manager RM and the two ring ports on the RM node are configured as primary port and secondary por...

Page 266: ... condition ERP sends a link up message to the RM The RM will logically block the protected VLANs on its secondary port and generate a RM link up packet to make sure that all transit nodes are properly reconfigured This completes fault restoration and the ring is back in normal state 2 Nodes detecting Link Failure send Link Down message 2 Nodes detecting Link Failure send Link Down message Normal N...

Page 267: ...Node unblocks Secon dary port The condition that RM Test Packet from RM Node doesn t return is LOTP state On the other hand if RM Test Packet is retransmitted to RM Note through Ethernet Ring Loop may occur In this condition RM Node blocks Secondary port 8 9 3 Configuring ERP 8 9 3 1 ERP Domain To realize ERP you should fist configure domain for ERP To configure the domain use the following comman...

Page 268: ...ort should be different 8 9 3 4 Protected VLAN To configure Protected VLAN of ERP domain use the following command Command Mode Description erp protections DOMAIN ID VID Bridge Configures protected VLAN of ERP domain VID VLAN ID To delete the configured Protected VLAN use the following command Command Mode Description no erp protections VID Bridge Deletes protected VLAN of ERP domain VID VLAN ID 8...

Page 269: ...onfigured Wait to Restore Time as Default use the following command Command Mode Description no erp wait to restore DOMAIN ID Bridge Configures ERP wait to restore time as default value 8 9 3 8 Learning Disable Time To configure ERP Learning Disable Time use the following command Command Mode Description erp learn dis time DOMAIN ID 0 500 Bridge Configures ERP learning disable time 0 500 learning ...

Page 270: ... are too many switches which you must man age you can manage a number of switches with a IP address using this stacking function Switch stacking technology available in the industry today provides two main benefits to customers The first benefit is the ability to manage a group of switches using a single IP address The second benefit is the ability to interconnect two or more switches to create a ...

Page 271: ...unction the port connecting Master switch and Slave switch must be in the same VLAN 8 10 2 Designating Master and Slave Switch Designate Mater switch using the following command Command Mode Description stack master Global Designates Master switch After designating Master switch register Slave switch for Master switch To register Slave switch or delete the registered Slave switch use the following...

Page 272: ...on mode Command Mode Description rcommand NODE Global Accesses to a slave switch NODE node number NODE means node ID from configuring stacking in Slave switch If you input the above command in Mater switch Telnet connected to Slave switch is displayed and it is possible to configure Slave switch using DSH command If you use the exit command in Telnet the connection to Slave switch is down 8 10 6 S...

Page 273: ...onfigure it as a Master switch Switch A Master Switch SWITCH_A config stack master SWITCH_A config stack device default SWITCH_A config stack add 00 d0 cb 22 00 11 Step 3 Configure VLAN in order to belong to the same switch group in Switch B registered by Master switch as Slave switch and configure as a Slave switch Switch B Slave Switch SWITCH_B config stack slave SWITCH_B config stack device def...

Page 274: ...in TCP IP Storm may occur In addition when information of routing protocol regularly transmitted from router incor rectly recognized by system which does not support the protocol Broadcast Storm may be occurred Broadcast Storm Control is operated by system counts how many Broadcast packets are there for a second and if there are packets over configured limit they are discarded The hiD 6615 S223 S3...

Page 275: ...on To configure to accept Jumbo frame larger than 1518 bytes use the following command Command Mode Description jumbo frame PORTS 1518 9000 Bridge Configures to accept jumbo frame between specified ranges 1518 9000 Max packet length To disable configuration to accept Jumbo frame use the following command Command Mode Description no jumbo frame PORTS Bridge Disables configuration to accept jumbo fr...

Page 276: ...SS hiD 6615 In order to block Direct broadcast packet use the fol lowing command Command Mode Description no ip forward direct broadcast Enables blocking Direct broadcast packet Default ip forward direct broadcast Global Disables blocking Direct broadcast packet The following is an example of blocking Direct broadcast packet and showing it SWITCH config ip forward direct broadcast SWITCH config sh...

Page 277: ...1 5 A50010 Y3 C150 2 7619 277 The following is an example of configuration to mtu size as 100 SWITCH config if mtu 100 SWITCH config if show running config interface 1 interface default mtu 100 bandwidth 1m ip address 10 27 41 181 24 SWITCH config if ...

Page 278: ...ng configuration network In Layer 2 network the hiD 6615 S223 S323 is configured only for IGMP Snooping hiX 5430 Layer 2 Network Layer 3 Network Multicast Server PIM SM Set top Box Set top Box Multicast data IGMP Join Leave message IGMP Snooping Fig 9 1 IGMP Snooping Configuration Network If the hiD 6615 S323 is installed within Layer 3 network PIM SM should be configured Below the hiD 6615 S223 S...

Page 279: ...If you disable the multicast routing the multicast protocol daemon remains present but does not perform multicast functions Enable the multicast routing function using the following command Command Mode Description ip multicast routing Enables multicast routing function no ip multicast routing Global Disables multicast routing function default 9 1 2 Limitation of MRIB Routing Entry You can limit t...

Page 280: ...R group IP address SRC IP ADDRESS source IP address Clearing Statistics of Multicast Routing Table To delete the multicast route statistics entries from IP multicast routing table use the fol lowing command Command Mode Description clear ip mroute statistics Deletes all multicast routes statistics entries clear ip mroute statistics GROUP ADDR SRC IP ADDRESS Enable Global Bridge Deletes specific mu...

Page 281: ...ription show ip mvif IFNAME Enable Displays IP multicast interface 9 1 5 Multicast Time To Live Threshold Use this command to configure the time to live TTL threshold of packets being for warded out of an interface Command Mode Description ip multicast ttl threshold 0 255 Configures the time to live threshold for multicast packet Default 1 no ip multicast ttl threshold interface Restores is as a d...

Page 282: ...Stream for Aging Default 5000 no ip mcfdb aging time no ip mcfdb aging limit Global Restores it as a default To delete Muticast Stream Entry that has done the Aging use the following command Command Mode Description clear ip mcfdb vlan VLAN Deletes Multicast Stream Entry after Aging per vlan or all clear ip mcfdb vlan VLAN group A B C D source A B C D Global Deletes Multicast Stream Entry after Ag...

Page 283: ...MP Pro tocol version use the following command Command Mode Description ip igmp version 1 3 Selects an IGMP version 1 version 1 2 version 2 3 version 3 default no ip igmp version Interface Returns to the default setting version 3 IGMP Version 1 Provides basic Query Response mechanism that allows the multicast router to deter mine which multicast groups are active an other processes that enable hos...

Page 284: ...n Base TIB no debug igmp all decode encode events fsm tib Enable Disables the IGMP debugging configuration 9 2 1 4 IGMP Robustness Value To change the Querier Robustness Variable value on an interface use the following command Command Mode Description ip igmp robustness variable 2 7 Configures the querier robustness variable value on an interface no ip igmp robustness variable Interface Returns to...

Page 285: ...ce Disables groups on interfaces 9 2 2 3 IGMP Query Configuration Multicast routers send host membership query messages host query messages to dis cover which multicast groups have members on the attached networks of the router Hosts respond with IGMP report messages indicating that they wish to receive multicast packets for specific groups indicating that the host wants to become a member of the ...

Page 286: ...of Group Specific Queries sent before the router assumes there are no local members The Last Member Query Count is also the number of Group and Source Specific Queries sent before the router assumes there are no listeners for a particular source To configure the last member query count use the following command Command Mode Description ip igmp last member query count 2 7 Configures the IGMP last m...

Page 287: ...ion 2 leave group message from that interface Instead the router immediately removes the interface from the IGMP cache for that group and informs the multicast routing protocols To configure the IGMP v2 fast leave use the following command Command Mode Description ip igmp immediate leave group list 1 99 1300 1999 WORD Configures the IGMP fast leave function 1 99 access list number 1300 1999 access...

Page 288: ...per VLAN The hiD 6615 S223 S323 supports 256 Snooping Membership Group Table that are managed by each VLAN Snooping supports Enable Disable by VLAN independently By default IGMP snooping is globally disabled on the switch To enable disable global IGMP use the following steps Step 1 Open Global Configuration mode using the configure terminal command Step 2 Execute the ip multicast routing command S...

Page 289: ...AN basis using the following command Command Mode Description ip igmp snooping vlan VLANS robustness variable 1 7 Configures the robustness variable no ip igmp snooping vlan VLANS robustness variable Global Returns to the default value 9 2 5 IGMP v2 Snooping Layer 2 switches can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that m...

Page 290: ...MP Snooping can be enabled 9 2 5 1 IGMP v2 Snooping Fast Leave If the Multicast client sends the leave massage to leave out Multicast group Multicast router sends IGMP Query massage to the client again and when the client does not re spond delete the client from the Multicast group In IGMP v2 even after Host sent Leave Message it receives Multicast Traffic until send ing Specific Query In Snooping...

Page 291: ...IGMP Snooping IP Address was mandatory and Specific Query was operated by IGMP Querier The hiD 6615 S223 S323 implemented IGMP Snooping Querier and it operates differently with IGMP Query IGMP Snooping Querier can send General Query from Snooping Switch and it should be distinguished with Specific Query IGMP Snooping Querier also uses Source IP Address 0 0 0 0 if there is no IP Address on Switch E...

Page 292: ... querier query interval Global Disables the IGMP snooping querier interval on a VLAN interface The Timeout Value of IGMP v2 Snooping Querier s General Query Use this following command to configure the max response time in which the reply for the IGMP snooping query being sent should be received Command Mode Description ip igmp snooping querier max response time 1 25 Configures the IGMP snooping ma...

Page 293: ... Leave can be implemented To send IGMP Query message and configure the respond time use the following com mand Command Mode Description ip igmp snooping last member query interval 100 10000 Configures the time of registering in multicast group after sending Join message on the system unit ms ip igmp snooping vlan VLANS last member query interval 100 10000 Global Configures the time of registering ...

Page 294: ... Deletes the IGMP report suppression on the system no ip igmp snooping vlan VLANS report suppression Global Deletes the IGMP report suppression on a VLAN inter face To display the IGMP Report Suppression configuration use the following command Command Mode Description show ip igmp snooping vlan VLANS Enable Global Bridge Shows that the IGMP report suppression is enabled 9 2 5 5 Mrouter Port Config...

Page 295: ...ter learn pim Disables the mrouter port learning method on the sys tem no ip igmp snooping vlan VLANS mrouter learn pim Global Disables the mrouter port learning method on a VLAN interface Displaying Mrouter Configuration To display IGMP snooping mrouter configuration use the following command Command Mode Description show ip igmp snooping mrouter Shows the mrouter configuration on the system show...

Page 296: ...uery interval 1 1800 Global Configures IGMP snooping TCN flood query Interval 1 1800 Seconds With the ip igmp snooping tcn query solicit command you can direct a non spanning tree root switch to issue the same query solicitation Command Mode Description ip igmp snooping tcn query solicit address A B C D Global Configures the switch to send a query solicitation when a TCN is detected on the system ...

Page 297: ...snooping vlan VLANS version 1 3 Global Configures the version of IGMP report on a VLAN inter face To return to the default version of IGMP report use the no parameter command 9 2 6 2 Join Host Management Explicit host tracking is supported only with IGMP v3 hosts With explicit host tracking enabled the switch is in its proxy reporting mode In proxy reporting mode the switch forwards the first repo...

Page 298: ...ate leave To configure the Immediate Block use the following command Command Mode Description ip igmp snooping immediate block Enables immediate block on the system ip igmp snooping vlan VLANS immediate block Global Enables immediate block on a VLAN interface 9 2 7 Multicast VLAN Registration MVR Multicast VLAN Registration MVR is for applications using wide scale deployment of multicast traffic a...

Page 299: ...DDR Global Deletes a MVR group address GROUP ADDR specific group address ex a b c d or a b c d x y z w 9 2 7 3 MVR IP Address Statically configure a VLAN interface to receive multicast traffic sent to the multicast VLAN and the IP multicast address An interface statically configured as a member of a group remains a member of the group until statically removed When a multicast server belongs to dif...

Page 300: ...s a receiver port if it is a subscriber port and should only re ceive multicast data It does not receive data unless it becomes a member of the multicast group either statically or by using IGMP leave and join messages Receiver ports cannot belong to the multicast VLAN To delete the statically configured MVR port use the following command Command Mode Description no mvr port PORTS Global Deletes a...

Page 301: ...config igmp profile N from SWITCH config Command Mode Description ip igmp profile 1 2147483647 Global Configures IGMP profile To delete the created IGMP profile use the no ip igmp profile 1 2147483647 com mand on global mode To display the IGMP profile use the following command Command Mode Description show ip igmp profile 1 2147483647 Enable Global Bridge Shows IGMP profile 9 2 8 2 Policy of IGMP...

Page 302: ...y the IGMP filter configuration use the following command Command Mode Description show ip igmp filter port PORTS Enable Global Bridge Shows a configuration 9 2 8 5 Max Number of IGMP Join Group You can configure the maximum number of IGMP groups that a Layer 2 interface can join To configure the maximum number of IGMP groups per port use the following command Command Mode Description ip igmp max ...

Page 303: ...e belonged to multicast group and there is enough bandwidth to support flow of controlling message between constituent members these overheads are acceptable but the other cases are inefficient Contrary to dense mode PIM SM receives multicast packet only when request comes from specific host in multicast group Therefore PIM SM is proper when constituent mem bers of group are dispersed in wide area...

Page 304: ...ctly In the below figure packets are usually transmitted through A B C D but packets are transmitted through faster route A C F when traffic is increased SPT Shortest Path Tree selects the shortest route between source and receiver regardless of RP it is called source based tree or short path tree SPT has S G entry S means source ad dress and G means multicast group 1 Multicast packet transmitted ...

Page 305: ... to be active To turn off passive mode use the ip pim sparse mode passive or the ip pim sparse mode command To disable PIM SM use the following command Command Mode Description no ip pim sparse mode passive Interface Disables PIM SM from specified interface 9 3 1 2 DR Priority To set the priority for which a router is elected as the designated router DR use the fol lowing command in interface conf...

Page 306: ...list no ip pim neighbor filter 1 99 ACCESS LIST Interface Disables the filtering configuration 9 3 1 4 PIM Hello Query To configure a query hold time use the following command Command Mode Description ip pim query holdtime 1 65535 Configures the query hold time 1 65535 hello message hold time unit second no ip pim query holdtime Interface Disables the query hold time configuration When configuring...

Page 307: ... in the automatic way is called Bootstrap message and the router which sends this Bootstrap message is called BSR Bootstrap Router All PIM routers existing on multicast network can be BSR Routers that want to be BSP are named as candidate BSR and one router which has the highest priority becomes BSR among them If there are routers which have same priority then one router which has the highest IP a...

Page 308: ...he switch the candidate BSR status INTERFACE interface name 0 32 hash mask length for RP selection 0 255 priority for candidate bootstrap switch To disable assigned IP address in candidate BSR use the following command Command Mode Description no ip pim bsr candidate Global Disables the configuration of BSR candidate You can clear all RP sets learned through the PIM Bootstrap Router BSR using the ...

Page 309: ...for a group range then one with the highest IP address is chosen To delete configured IP address use the following command Command Mode Description no ip pim rp address A B C D Global Deletes configured IP address 9 3 4 2 Enabling Transmission of Candidate RP Message Use this command to give the router the candidate RP status using the IP address of the specified interface Command Mode Description...

Page 310: ...essage You can configure the rate of register packets sent by the designated router DR in units of packets per second Enabling this command will limit the load on the DR and RP at the expense of dropping those register messages that exceed the set limit Receivers may experience data packet loss within the first second in which register messages are sent from bursty sources The configured rate is p...

Page 311: ...rform the below tasks Step 1 Configure filtering out multicast sources Command Mode Description ip pim accept register list 100 199 2000 2699 ACCESS LIST Global Configures multicast source filtering function 100 199 IP extended access list 2000 2699 IP extended access list expanded range ACCESS LIST IP named Standard Access List Step 2 Allow or deny only the transmitted packets by routers that exc...

Page 312: ...ction no ip pim register rp reach ability Global Disables the RP reachability verification function default This command is disabled by default 9 3 6 SPT Switchover This command is used to enable and configure the bandwidth of the switchover from RPT to SPT for the certain group If a source sends at a rate greater than or equal to traffic rate the kbps value a PIM join message is triggered toward ...

Page 313: ...age Although source of multicast is not connected to multicast group multicast communica tion is possible In the below picture First Hop router directly connected to source can re ceive packet from source without S G entry about source The First Hop router encap sulates the packet in Register message and unicasts to RP of multicast group RP decap sulates capsule of Register message and transmits i...

Page 314: ...IST IP named standard access list To delete a configured Cisco compatible checksum option use the following command Command Mode Description no ip pim cisco register checksum Global Deletes a configured value This command is disabled by default And Register Checksum is calculated only over the header by default 9 3 8 2 Candidate RP Message with Cisco BSR Cisco s BSR code does not conform to the la...

Page 315: ...h restricts multicast packets for each IP multicast group to only those multicast router ports that have downstream receivers joined to that group And the switch learns which multicast router ports need to receive the multicast traffic within a specific VLAN by listening to the PIM hello messages PIM join and prune messages To configure PIM Snooping use the following command Command Mode Descripti...

Page 316: ... multicast group address A B C D Multicast group address PORTS Spedify the logical port number to use VLANS VLAN ID ex NAME X X Y 9 3 11 Displaying PIM SM Configuration To display the information of PIM SM configuration use the following command Command Mode Description show ip pim bsr router Shows Bootstrap router v2 show ip pim interface detail Shows PIM interface information show ip pim local m...

Page 317: ...t update fragmentation retransmission acknowledgment and sequencing The routing protocol software supports BGP version 4 This version of BGP adds support for classless interdomain routing CIDR which eliminates the concept of network classes Instead of assuming which bits of an address represent the network by looking at the first octet CIDR allows you to explicitly specify the number of bits in th...

Page 318: ...ion in BGP by default No auto summary Standard configuration type does not support auto summary feature By default the system disables the automatic network number summarization The ZebOS type requires no specific configuration for sending out BGP community and extended community attributes ZebOS type is the default for the hiD 6615 S323 To select configuration type of the BGP router use the follo...

Page 319: ...C D mask NET MASK Router Deletes BGP network A B C D M network address with netmask A B C D network address NETMASK subnet Mask Step 2 Go back to Global Configuration mode using the exit command Step 3 To disable BGP routing of the chosen AS use the following command Command Mode Description no router bgp 1 65535 Global Deletes assigned AS number to configure BGP routing enter the AS number 1 6553...

Page 320: ...ate address A B C D M as set summary only aggregate address A B C D M summary only as set Router Summarizes the information of routes and transmits it to the other routers A B C D M network address summary only transmits IP prefix only as set transmits one AS path information To delete the route s information of specific network address use the following command Command Mode Description no aggrega...

Page 321: ...tonomous System it doesn t compare MED values of them However in case the paths have same AS path information it does compare MED values If there are two paths with different AS path each other the comparison of MED is unnecessary work Other parameter s path information can be used to find the best path To compare MED values in order to choose the best path among lots of alternative paths included...

Page 322: ... the best route no bgp bestpath compare confed aspath Router Ignores AS path length of confederation as a factor in the algorithm for choosing the best route When comparing similar routes from more than 2 peers the BGP router does not consider router ID of the routes It selects the first received route The hiD 6615 S323 uses router ID in the selection process similar routes are compared and the ro...

Page 323: ...meter is configured in the system the path will be recog nized as the worst path without MED value 10 1 2 5 Graceful Restart Graceful restart allows a router undergoing a restart to inform its adjacent neighbors and peers of its condition The restarting router requests a grace period from the neighbor or peer which can then cooperate with the restarting router With a graceful restart the re starti...

Page 324: ...me 1 3600 Router Sets the stalepath time of Graceful Restart configura tion in the unit of second 1 3600 stalepath time default 30 If you don t use Graceful Restart feature or want to return the default value for restart time or stalepath time use the following command Command Mode Description no bgp graceful restart restart time 1 3600 Restores the default value for restart time no bgp graceful r...

Page 325: ...ion neighbor NEIGHBOR IP WORD default originate route map NAME Generates the default route to BGP Neighbor NEIGHBOR IP neighbor IP address WORD peer group name or neighbor tag 1 65535 remote AS number NAME route map name no neighbor NEIGHBOR IP WORD default originate route map NAME Router Removes the default route for BGP Neighbor or peer group 10 1 4 2 Peer Group As the number of external BGP gro...

Page 326: ...eighboring router that the exchange route in formation between routers or blocking the IP address range is configured on route map To make BGP Neighbor router exchange the routing information using Route map use the following command Command Mode Description neighbor NEIGHBOR IP GROUP route map NAME in out Applies a route map to incoming or outgoing routes on neighboring router or peer group and e...

Page 327: ...l parameters to reset the BGP connections The advanced configurations describe in the following sections are as follows Session Reset of All Peers Session Reset of Peers within Particular AS Session Reset of Specific Route Session Reset of External Peer Session Reset of Peer Group 10 1 5 1 Session Reset of All Peers To reset the sessions with all BGP peers use the following command Command Mode De...

Page 328: ...e conditional option peer group name or AS num ber or IP address 10 1 5 2 Session Reset of Peers within Particular AS To reset the session with all neighbor router which are connected to a particular AC use the following command Command Mode Description clear ip bgp 1 65535 Global Resets the session with all members of neighbor routers which are configured a particular AC number See Section 10 1 5...

Page 329: ...bgp A B C D in prefix filter clear ip bgp A B C D ipv4 uni cast multicast in prefix filter Resets the session of BGP neighboring router con tained specified IP address in clears incoming advertised routes prefix filter pushes out prefix list ORF and does in bound soft reconfiguration A B C D route IP address clear ip bgp A B C D out clear ip bgp A B C D ipv4 uni cast multicast out Resets the sessi...

Page 330: ...t clear ip bgp external ipv4 uni cast multicast soft in out Global Updates the route information only while the session is possible of BGP router connected to external AS Apply the route either incoming or outgoing routes external clears all external peers 10 1 5 5 Session Reset of Peer Group To reset the session for all members of a peer group use the following command Command Mode Description cl...

Page 331: ...use the following command Command Mode Description show ip bgp summary show ip bgp ipv4 unicast multicast summary Enable Global Shows the summarized network status of BGP neighboring routers To show detailed information on BGP neighbor router s session use the following com mand Command Mode Description show ip bgp neighbors show ip bgp ipv4 unicast mul ticast neighbors Shows general information o...

Page 332: ...NEIGHBOR IP received routes The received routes option displays all received routes both accepted and rejected from the specified neighbor To implement this feature BGP soft recon figuration is set show ip bgp neighbors NEIGHBOR IP routes show ip bgp ipv4 unicast mul ticast neighbors NEIGHBOR IP routes Enable Global The routes option displays the available routes only that are received and accepte...

Page 333: ... OSPF router operation and assigns interface to Area To make compatible OSPF router configuration for user environment each router configuration must be accorded by verification This section provides configurations for OSPF routing protocol Lists are as follows Enabling OSPF ABR Type Configuration Compatibility Support OSPF Interface Non Broadcast Network OSPF Area Default Metric Graceful Restart ...

Page 334: ...ling OSPF no router id A B C D Router Deletes a configured router ID In case if using router id command to apply new router ID on OSPF process OSPF process must be restarted to apply Use the clear ip ospf process command to restart OSPF process If there is changing router ID while OSPF process is operating configuration must be processed from the first In this case the hiD 6615 S323 can change onl...

Page 335: ... of OSPF use the following command Command Mode Description ospf abr type cisco ibm shortcut standard Selects an ABR type cisco cisco type ABR RFC 3509 default ibm IBM type ABR RFC 3509 shortcut IETF draft type standard RFC 2328 type no ospf abr type cisco ibm shortcut standard Router Deletes a configured ABR type 10 2 3 Compatibility Support OSPF protocol in the hiD 6615 S323 uses RFC 2328 which ...

Page 336: ... ip ospf A B C D authentica tion message digest null Interface Deletes configured authentication 10 2 4 2 Authentication Key If authentication enables on OSPF router interface the password is needed for authenti cation The authentication key works as a password The authentication key must be con sistent across all routers in an attached network There are two ways of authentication by user selectio...

Page 337: ...igured authentication key use the following command Command Mode Description no ip ospf authentication key KEY no ip ospf authentication key KEY first second no ip ospf A B C D authentica tion key KEY no ip ospf A B C D authentica tion key KEY first second no ip ospf message digest key 1 255 no ip ospf A B C D message digest key 1 255 Interface Deletes a configured authentication key 10 2 4 3 Inte...

Page 338: ... Description no ip ospf database filter no ip ospf A B C D database filter Interface Releases a blocked interface 10 2 4 5 Routing Protocol Interval Routers on OSPF network exchange various packets about that packet transmission time interval can be configured in several ways The following lists are sort of time interval which can be configured by user Hello Interval OSPF router sends Hello packet...

Page 339: ...D retransmit interval 1 65535 Configures a retransmit interval in the unit of second 1 65535 interval value default 5 no ip ospf retransmit interval no ip ospf A B C D retransmit interval Interface Sets a retransmit interval to the default value To configure a dead interval use the following command Command Mode Description ip ospf dead interval 1 65535 ip ospf A B C D dead interval 1 65535 Config...

Page 340: ...D exchanging To configure the switch to skip the MTU verification in DD process use the following command Command Mode Description ip ospf mtu ignore ip ospf A B C D mtu ignore Interface Configures the switch to skip the MTU verification in DD process To configure the switch not to skip the MTU verification in DD process use the following command Command Mode Description no ip ospf mtu ignore no i...

Page 341: ...ctly connected It also saves IP resources and no need to configure the process for destination router It supports those benefits for stable network services Generally the routers and Layer 3 switches are using Broadcast type network To select an OSPF network type use the following command Command Mode Description ip ospf network broadcast non broadcast point to multi point point to point Interface...

Page 342: ...routing protocol except for OSPF on other interface or Area ASBR exchanges area in formation between different routing protocols Area types are various The most principle Area types are Stub Area and NSSA Not So Stubby Area 10 2 6 1 Area Authentication OSPF routers in specific Area can configure authentication for security of routing informa tion Encoding uses password based on text or MD5 To set ...

Page 343: ...te to stub or NSSA 10 2 6 3 Blocking the Transmission of Routing Information Between Area ABR transmits routing information between Areas In case of not to transmit router infor mation to other area the hiD 6615 S323 can configure it as a blocking First of all use the access list or prefix list command to assign LIST NAME And use the following command to block the routing information on LIST NAME ...

Page 344: ...ion is for restriction to exchange routing information between OSPF areas translator role NSSA LSA Link State Advertisement has three types according to the way of process type always changes all NSSA LSA into Type 5 LSA candidate changes NSSA LSA into Type 5 LSA when it is translator never does not change NSSA LSA NSSA uses ASBR when it transmits Stub Area or other routing protocol Area into OSPF...

Page 345: ...Configures NSSA with one option The following example shows how to configure NAAS with more than 2 options area 0 4294967295 nssa no summary no redistribution area 0 4294967295 nssa translator role candidate never always default information originate metric type 1 2 no redistribution To delete configured NSSA use the following command Command Mode Description no area 0 4294967295 nssa no area 0 42...

Page 346: ... release the configuration use the following command Command Mode Description no area 0 4294967295 range A B C D M no area 0 4294967295 range A B C D M advertise not advertise Router Releases the configuration to use summarized informa tion for assigned path 10 2 6 6 Shortcut Area Backbone Area is the default Area among the Areas of OSPF All traffic should pass the Backbone Area and OSPF network m...

Page 347: ...urposefully portioned you can establish a virtual link The virtual link must be configured in both routers OSPF network regards virtual link routers as Point to point router Therefore the Hello interval Retransmit interval Transmit delay must be consistent across all routers in an at tached network User can configure Authentication for security Authentication key for password and time period for H...

Page 348: ...sage digest null authentication key KEY message digest key KEY md5 KEY hello interval 1 65535 retransmit interval 1 65535 dead interval 1 65535 transmit delay 1 65535 To configure a virtual link with one option use the following command Command Mode Description area 0 4294967295 virtual link A B C D au thentication message digest null area 0 4294967295 virtual link A B C D au thentication key KEY ...

Page 349: ...width For example default metric of T1 link is 64 but default metric of 64K line is 1562 If there are plural lines in the bandwidth you can view costs to use line by assigning metric to each line To classify costs to use line use the following command Command Mode Description auto cost reference bandwidth 1 4294967 Router Configures default metric in the unit of Mbps default 100 To delete the conf...

Page 350: ... for the OSPF router which is up grading software and max grace period works when grace period from other routers has less value than it Configuration for Helper can be selected more than 2 options without order To configure the additional options for Graceful Restart use the following command Command Mode Description ospf restart grace period 1 1800 ospf restart helper max grace period 1 1800 osp...

Page 351: ...que Router Enables Opaque LSA management 10 2 10 Default Route You can configure ASBR Autonomous System Boundary Router to transmit default route to OSPF network Autonomous System Boundary router transmits route created ex ternally to OSPF network However it does not create system default route To have autonomous System Boundary router create system default route use the follow ing command Command...

Page 352: ...tion originate always default information originate route map MAP NAME Router Configures the default route with one option The following example shows how to configure default route with more than 2 options default information originate metric type 1 2 always default information originate route map MAP NAME metric 0 16777214 To delete the configuration use the following command Command Mode Descri...

Page 353: ...onfigures Metric value of the default route metric type is for type of finding the path metric type 1 uses internal path cost with external path cost as a cost metric type 2 always uses external cost value route map is transmission of specific routing in formation to assigned route which has MAP NAME and tag is using the assign tag num ber on the specific MAP NAME Those 4 kinds of additional confi...

Page 354: ... the trustworthiness of a routing information source such as an individual router or a group of routers Numerically an administrative distance is an integer between 0 and 255 In general the higher the value is the lower the trust rating is An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored OSPF uses three different administrative d...

Page 355: ...and Command Mode Description host A B C D area A B C D host A B C D area A B C D cost 0 65535 Router Configures the routing information to each host Command Mode Description host A B C D area 1 4294967295 host A B C D area 1 4294967295 cost 0 65535 Router Configures the routing information to each host 10 2 15 Passive Interface The passive interface which is configured by OSPF network operate as s...

Page 356: ...ummarized as one For example 192 168 1 0 24 and 192 168 2 0 24 can become 192 168 0 0 16 to transmit to OSPF network This summary reduces the number of routing information and it improves a stability of OSPF protocol And you can use no advertise option command to block the transmission of summarized routing information to outside Or assign the specific tag number to configure To configure the summ...

Page 357: ... ospf database self originate max age show ip ospf database adv router A B C D show ip ospf database asbr summary exter nal network router summary nssa external opaque link opaque area opaque as show ip ospf database asbr summary exter nal network router summary nssa external opaque link opaque area opaque as self originate show ip ospf database asbr summary exter nal network router summary nssa e...

Page 358: ...w ip ospf neighbor A B C D detail show ip ospf neighbor interface A B C D show ip ospf neighbor detail all show ip ospf neighbor all Enable Global Shows the information of neighbor router To display the routing information which is registered in routing table use the following command Command Mode Description show ip ospf route Enable Global Shows the routing information which is registered in rou...

Page 359: ...e debugging information between OSPF process and NSM Network Services Module debug ospf packet hello dd ls ack ls request ls update all send recv detail Shows the debugging information of each packet debug ospf route ase ia in stall spf Enable Shows the debugging information of OSPF routing To display the debugging information use the following command Command Mode Description show debugging ospf ...

Page 360: ...p the process before the administrator reboots the system To assign the maximum number of LSA to process in OSPF use the following command Command Mode Description overflow database 1 4294967294 hard soft Assigns the number of LSA for internal route overflow database external 0 2147483647 0 65535 Router Assigns the number of LSA for external route When there is an overflow hard configuration will ...

Page 361: ...ble entries for the non updating router The metric that RIP uses to rate the value of different routes is hop count The hop count is the number of routers that should be traversed through the network to reach the desti nation A directly connected network has a metric of zero an unreachable network has a metric of 16 This short range of metrics makes RIP an unsuitable routing protocol for large net...

Page 362: ...shed RIP network using network command even though interface belongs to RIP network RIP packets with RIP routing information is transmitted to port specified with the network command After RIP is enabled you can configure RIP with the following items RIP Neighbor Routers RIP Version Creating available Static Route only for RIP Redistributing Routing Information Metrics for Redistributed Routes Adm...

Page 363: ...uters RIP version by configuring a particular interface to behave differently To control which RIP version an interface sends perform one of the following tasks after opening Interface Configuration mode Command Mode Description ip rip send version 1 Sends RIP v1 type packet only to this interface ip rip send version 2 Sends RIP v2 type packet only to this interface ip rip send version 1 2 Interfa...

Page 364: ...ion of both RIP v1 and RIP v2 type packets for helping them to be received from the interface 10 3 4 Creating available Static Route only for RIP This feature is provided only by Siemens route command creates static route available only for RIP If you are not familiar with RIP protocol you would better use redistribute static command Command Mode Description route A B C D M Creates suitable static...

Page 365: ...tic ospf bgp route map WORD no redistribute kernel con nected static ospf bgp met ric 0 16 route map WORD Router Removes the configuration of transmitted routing in formation in another router s RIP table As the needs of the case demand you may also conditionally restrict the routing informa tion between the two networks using route map command To permit or deny the specific information open the R...

Page 366: ...Configures Neighbor router s address A B C D IP address of next hop set metric 1 2147483647 Route map Sets the metric value for destination routing protocol 1 2147483647 metric value 10 3 6 Metrics for Redistributed Routes The metrics of one routing protocol do not necessarily translate into the metrics of another For example the RIP metric is a hop count and the OSPF metric is a combination of fi...

Page 367: ...e following command Command Mode Description distance 1 255 A B C D M ACCESS LIST Sets the administrative distance value for routes 1 255 distance value A B C D M IP source prefix ACCESS LIST access list name no distance 1 255 A B C D M ACCESS LIST Router Deletes the administrative distance value 10 3 8 Originating Default Information You can set an autonomous system boundary router to generate an...

Page 368: ...cess list name PREFIX LIST prefix list name To remove the filtering access list or prefix list to incoming or outgoing RIP route Command Mode Description no distribute list ACCESS LIST in out INTERFACE no distribute list prefix PREFIX LIST in out INTERFACE Router Removes the application of a specific access list or prefix list to incoming or outgoing RIP route updates on interface in order to bloc...

Page 369: ...of routes of RIP which are set before 10 3 11 RIP Network Timer Routing protocols use several timers that determine such variables as the frequency of routing updates the length of time before a route becomes invalid and other parameters You can adjust these timers to tune routing protocol performance to better your internet needs The default settings for the timers are as follows Update The routi...

Page 370: ... address One routing update is sourced per network number unless split horizon is disabled To enable or disable split horizon mechanism use the following command in Interface Configuration mode Command Mode Description ip rip split horizon poisoned Enables the split horizon mechanism poisoned performs poisoned reverse no rip ip split horizon poisoned Interface Disables the split horizon mechanism ...

Page 371: ...disable RIP authentication use the following command Command Mode Description no ip rip authentication key chain NAME Disables authentication keys that can be used on an interface no ip rip authentication mode text md5 Disables specified authentication mode no ip rip authentication string STRING Interface Removes RIP authentication string which will be using on interface without Key chain 10 3 14 ...

Page 372: ...RIP information use the following command Command Mode Description show ip rip Shows RIP information being used in router show ip route rip Shows a routing table information involved in RIP show ip protocols rip Enable Global Shows a current status of RIP protocol and its informa tion To quickly diagnose problems the debug command is useful for customers To display in formation on RIP routing tran...

Page 373: ...and Command Mode Description copy ftp tftp os download os1 os2 Downloads the system software of the switch via FTP or TFTP os1 os2 the area where the system software is stored copy ftp tftp os upload os1 os2 Enable Uploads the system software of the switch via FTP or TFTP To upgrade the system software FTP or TFTP server must be set up first Using the copy command the system will download the new ...

Page 374: ...you can upgrade it with the boot mode upgrade procedure Before the boot mode up grade please keep in mind the following restrictions A terminal must be connected to the system via the console interface To open the boot mode you should press S key when the boot logo is shown up The boot mode upgrade supports TFTP only You must set up TFTP server before upgrading the system software in the boot mode...

Page 375: ...o configure a default gateway use the following command Command Mode Description gateway A B C D Configures a default gateway gateway Boot Shows a currently configured default gateway To display a configured IP address subnet mask and gateway use the following com mand Command Mode Description show Boot Shows a currently configured IP address subnet mask and gateway The configured IP address subne...

Page 376: ...ade the system software in the boot mode TFTP server must be set up first Us ing the load command the system will download the new system software from the server The following is an example of upgrading the system software stored in os1 in the boot mode Boot load os1 10 27 41 82 V5212G 3 18 x TFTP from server 10 27 41 82 our IP address is 10 27 41 83 Filename V5212G 3 18 x Load address 0xffffe0 L...

Page 377: ...e using FTP perform the following step by step instruction Step 1 Connect to the hiD 6615 S223 323 with your FTP client software To login the system you can use the system user ID and password Note that you must use the command line based interface FTP client software when up grading the hiD 6615 S223 323 If you use the graphic based interface FTP client soft ware the system cannot recognize the u...

Page 378: ...3 323 using the FTP provided by Microsoft Windows XP in the remote place Microsoft Windows XP Version 5 1 2600 C Copyright 1985 2001 Microsoft Corp C ftp 10 27 41 91 Connected to 10 27 41 91 220 FTP Server 1 2 4 FTPD User 10 27 41 91 none admin 331 Password required for admin Password 230 User root logged in ftp bin 200 Type set to I ftp hash Hash mark printing On ftp 2048 bytes hash mark ftp put ...

Page 379: ...c Host Configuration Protocol DSCP Differentiated Service Code Point EGP Exterior Gateway Protocol EMC Electro Magnetic Compatibility EN Europäische Norm European Standard ERP Ethernet Ring Protection FDB Filtering Data Base FE Fast Ethernet FTP File Transfer Protocol GB Gigabyte GE Gigabit Ethernet hiD Access Products in SURPASS Product Family HW Hardware I2 C Inter Integrated Circuit interface I...

Page 380: ...rotocol LAN Local Area Network LCT Local Craft Terminal LLC Logical Link Control LLDP Link Layer Discover Protocol LOF Loss of Frame LOL Loss of Link LOS Loss of Signal LPR Loss of Power MAC Medium Access Control NE Network Element OAM Operation Administration and Maintenance OS Operating System OSPF Open Shortest Path First PC Personal Computer PPP Point to Point Protocol QoS Quality of Service R...

Page 381: ...ftware TCP Transmission Control Protocol TDM Time Division Multiplexing TFTP Trivial FTP TMN Telecommunication Management Network TOS Type of Service UDP User Datagram Protocol UMN User Manual VID VLAN ID VLAN Virtual Local Area Network VoD Video on Demand VPI Virtual Path Identifier VPN Virtual Private Network ...

Reviews:

No comments

Related manuals for S223

Abocom MH200 Quick Installation Manual preview
MH200
Brand: Abocom Pages: 11
Abocom CWB1000 Quick Installation Manual preview
CWB1000
Brand: Abocom Pages: 19
Palm M505 Setting Up preview
M505
Brand: Palm Pages: 4
Paradyne FrameSaver 9120 Installation Instruction Supplement preview
FrameSaver 9120
Brand: Paradyne Pages: 2
Conceptronic C150BRS4 Quick Installation Manual preview
C150BRS4
Brand: Conceptronic Pages: 230
Konica Minolta Network Setup Network Setup Manual preview
Network Setup
Brand: Konica Minolta Pages: 38
Western Digital My Net N750 Start Here Manual preview
My Net N750
Brand: Western Digital Pages: 8
Enginko MCF-LW06424 Operating Manual preview
MCF-LW06424
Brand: Enginko Pages: 19
3Com Token Ring Getting Started Manual preview
Token Ring
Brand: 3Com Pages: 18
Supermicro SC836 X9 User Manual preview
SC836 X9
Brand: Supermicro Pages: 24
Baldor Modbus Plus Installation And Operating Manual preview
Modbus Plus
Brand: Baldor Pages: 34
NETGEAR FS605 v3 Installation Manual preview
FS605 v3
Brand: NETGEAR Pages: 84
HighPoint RocketCache 3240X8 User Manual preview
RocketCache 3240X8
Brand: HighPoint Pages: 17
Supero SAS 846 TQ User Manual preview
SAS 846 TQ
Brand: Supero Pages: 16
Comet Labs GS8+ User Manual preview
GS8+
Brand: Comet Labs Pages: 11
ZoneVu ZSI-450-IP Installation Manual & User Manual preview
ZSI-450-IP
Brand: ZoneVu Pages: 15
FUNcube Dongle Pro User Manual preview
Dongle Pro
Brand: FUNcube Pages: 23
Perle IOLAN MDC User Manual preview
IOLAN MDC
Brand: Perle Pages: 491

Brands by name

Popular brands

Load more brands