SignaMax 065-7434 Page 282 Configuration Manual Download

Page: 282 / 669

282

SIGNAMAX LLC • www.signamax.eu

Attack Detection

Signamax 3400 switches possess the attack detection function to detect and defend the

common network attacks, such as IP Source Address spoofing attack, LAND attack, SYN

Flood attack, Smurf attack, Ping Flood attack, TearDrop attack and Netbios/Samba attack.

This function only takes effect for the packets need to be processed by the CPU of a

switch, is invalid for common service packets.

Pseudo-source Address Detection

Overview

Pseudo source address is a mean utilized most frequently by attackers. It is often used for

session hijacking and DOS attacking etc. Detection of this kind of packet is highly technical;

the most common detection is configuring the access list of the receiving direction on each

interface to filter packets. However, this kind of detection is very limited. The firewall function

strengthens and adds some other detection mechanisms for this aspect. The detection is not

omnipotent, not all such packets are legal, and also it doesn’t indicate that all detected

packets are illegal. The detection is processed in the following aspects:

Whether the receiving interface is correct. If the interface which receives a packet doesn’t

has a route to achieve its source address and the route should depend on other interface,

the packet should be intercepted (even it is not the spoofing of the pseudo-source address,

it is abnormal);

The route to achieve the source address of a packet cannot be found from the switch, the

packet should be intercepted;

If it is a direct route according to the source address (and belongs to Ethernet) or interface

route, but cannot find the corresponding source IP address of the MAC address from the

Summary of Contents for 065-7434

Page 1: ...24 Port 10 100 L3 Switch Model 065 7434 Configuration Guide Revision A1 ...

Page 2: ...NFIGURE SYSTEM TIME 41 CONFIGURE LOGIN SECURITY SERVICE 41 MANAGE SYSTEM 43 Overview 43 Manage File System 43 File System 43 File System Commands 44 Examples of Applying Commands 45 File Management 46 Directory Management 56 Manage Configuration File 57 The Contents and Formats of Configuration File 57 Load of Configuration File 60 Save Current System Configuration 61 View Current Running Configur...

Page 3: ...ystem Control 94 View Status Information Function Switch 95 3IN3OUT 95 Configuration Commands 95 View Status Information 96 CONFIGURE PORTS 97 PORT 97 Serial Number 97 Basic Concept of portlist 99 Enter port configuration mode 100 CONFIGURE PORTS 101 Configuring Ports Basic Commands 101 Monitoring Maintaining 107 Monitoring Commands 107 Monitoring Command Example 108 CONFIGURE VLAN 110 INTRODUCTIO...

Page 4: ...le 133 Manage Monitor MAC Address Table 134 Commands for Monitoring Managing MAC Address Table 134 Example of Monitoring Commands 135 CONFIGURE LINK AGGREGATION 137 CONFIGURE LINK AGGREGATION 137 Overview 137 Basic Commands of Link Aggregation 138 Application Examples 141 Application Example 1 141 Monitoring Debugging Link Aggregation 142 Monitoring Commands 142 Example of Monitoring Commands 143 ...

Page 5: ...EL 182 CONFIGURE L2 PROTOCOL TUNNEL 185 OVERVIEW 185 BASIC COMMANDS 186 APPLICATION EXAMPLES 188 DEBUGGING MONITORING 189 Debugging Command 189 Debugging Command Example 189 CONFIGURE L2 MULTICAST 191 COMMON PARTS OF L2 MULTICAST 191 Overview 191 Basic Commands 192 Monitoring Debugging 194 Monitoring Commands 194 Examples of Monitoring Commands 194 Debug Commands 195 Examples of Debug Commands 195...

Page 6: ...ging Commands 220 Debugging Command Examples 221 802 1X CONFIGURATION 222 OVERVIEW 222 Expansions of Standard 802 1X 223 Auto Vlan 224 Guest Vlan 225 CONFIGURE 802 1X 226 Basic Commands 227 802 1X APPLICATION EXAMPLE 234 MONITORING MAINTAINING 236 Monitoring Commands 236 Monitoring Command Examples 236 Debugging Commands 237 Debugging Command Example 237 DHCP SNOOPING CONFIGURATION 239 OVERVIEW 23...

Page 7: ...ING MAINTAINING 266 Monitoring Commands 266 Monitoring Example 266 Debugging Commands 267 Debugging Command Example 267 PORT MONITORING CONFIGURATION 269 OVERVIEW 269 CONFIGURE PORT MONITORING 270 Basic Commands 270 PORT MONITORING APPLICATION EXAMPLE 276 PORT ISOLATION CONFIGURATION 278 OVERVIEW 278 Port Isolation Commands 278 Applying Port Isolation Example 280 Application Example 280 Monitoring...

Page 8: ...N 293 OVERVIEW 293 BASIC COMMANDS 295 APPLICATION EXAMPLE 297 Application Example 1 297 Application Example 2 297 MONITORING DEBUGGING 300 Monitoring Commands 300 Example 300 Debugging Commands 300 SWITCHING INTERFACE CONFIGURATION 301 CONFIGURE SWITCHING INTERFACE 301 Overview 301 Basic Commands 301 NETWORK PROTOCOL 303 CONFIGURE IPADDRESS 304 IP Address Overview 304 Basic Commands for Configurin...

Page 9: ...tions 316 Subnet Mask Option 316 Redirection Packet Option 316 Disabling Option of Source End 316 Display ICMP Statistics 317 TCP PROTOCOL 318 Basic Commands for Configuring TCP 319 Configure TCP Attributes 319 Configure TCP recvbuffers size 319 Configure TCP sendbuffers size 320 Configure Maximum TCP Retransmission Times 320 Configure TCP max segment size 320 Configure TCP Max Round trip Time 320...

Page 10: ...Example 357 Example of Configuring RIP Learning IPv4 Route 357 Example of Configuring RIP Learning IPv4 Route from Standby Interface 358 RIP Monitoring and Debugging 361 Monitoring Commands 361 Monitoring Command Example 361 show ip rip 361 show ip rip database 362 show ip rip statistics 363 show ip rip interface 364 show running config router rip 364 show ip route rip 365 Debugging Information 36...

Page 11: ...ute Re distribution 25 Configure OSPF Route Filtering 26 Configure OSPF Graceful Restart 28 Restart OSPF Process 29 OSPF Configuration Example 29 Enable OSPF Process 29 Configure OSPF Interface Parameters 31 Configure OSPF Area Parameters 32 Configure Route Summary between OSPF Areas 32 Configure Filtering Routes between OSPF Areas 33 Configure OSPF to Re distribute Outer Routes and Summarize 35 C...

Page 12: ...FIGURE METER 82 Basic Commands 83 APPLY ACLTO OBJECT 85 Basic Commands 87 MONITORING AND DEBUGGING 89 Monitoring Command Example 90 show access list 90 show time range 92 show action group 94 show traffic meter 95 show acl object 96 APPLICATION EXAMPLE 99 Application Configuration Example of ACL Packet Classification 100 Configuration Example of Controlling ACL Packet Flow 102 QOS CONFIGURATION 10...

Page 13: ...113 Example of Application 114 Monitoring Debugging 114 Commands for Monitoring 114 Example of Monitoring 114 FLOW SHAPING 114 Overview 114 Basic Commands 115 Example of Application 116 Example 1 of Application 116 Example 2 of Application 116 Monitoring Debugging 117 Commands for Monitoring 117 Example of Monitoring 117 CONFIGURE AAA 118 BASIC COMMANDS FOR CONFIGURING AAA 118 BASIC COMMANDS FOR C...

Page 14: ...58 Example of Debugging Command 159 CONFIGURE OAM 161 802 1AG CFM 161 Overview 161 Basic Commands 162 Application Example 167 Configure CFM 167 Monitoring Debugging 171 Monitoring Commands 171 Monitoring Command Examples 171 Debugging Commands 173 Debugging Command Examples 173 CONFIGURE E LMI 175 Overview 175 Basic Commands 176 Application Examples 178 Monitoring and Debugging 181 Monitoring Comm...

Page 15: ...221 CONFIGURE LLDP 224 CONFIGURE LLDP PROTOCOL 224 Overview 224 Basic Commands of LLDP Protocol 225 LLDP Configuration Example 230 Application Example 230 LLDP Monitoring and Debugging 231 Monitoring Command 231 Monitoring Command Example 232 Debugging Command 234 Debugging Command Example 234 Commands for Clearing Statistics 236 CONFIGURE SLA 238 OVERVIEW 238 BASIC COMMANDS 238 SLACONFIGURATION E...

Page 16: ...aceroute Command Test Routing Information of Data Packet 262 netstatv Command View Status and Detailed Statistics information of Each Network Interface 265 Show Command View Statistics Information and Status of Syetem 265 HOW TO DIAGNOSE NETWORK FAULT 266 Troubleshooting of LAN Interface 266 PWE3 CONFIGURATION 268 PWE3 CONFIGURATION COMMANDS 268 PWE3 Global Configuration 268 TDM Port Configuration...

Page 17: ...92 Monitoring Command 292 Monitoring Command Example 293 Debugging Command 294 Debugging Command Example 294 LOOPBACK DETECTION CONFIGURATION 295 LOOPBACK DETECTION CONFIGURATION 295 Overview 295 Basic Commands of Loopback Detection 296 Application Example of Loopback Detection 297 Application Example of Loopback 297 Monitoring and Debugging of Loopback Detection 298 Monitoring Commands of Loopbac...

Page 18: ... manual mainly describes how to configure a switch via the console interface The method for configuring a switch via Telnet remote login is similar with it For the details of configuring a switch via the SNMP network management system please refer to the specification of the network system Command Operation Modes One Signamax switch provides a specified command dealing subsystem for managing and e...

Page 19: ...face configuration The route configuration mode switch configuration The file system mode file system configuration The access list configuration mode access list configuration The voice port configuration mode voice port configuration The dial peer configuration mode dial peer configuration The encryption transform configuration mode crypto transform set configuration The encryption mapping confi...

Page 20: ...et interface Configure serialinterface Configure ISDN interface Configure IP phone interface Configure E1 interface Configure interface group The routing configuration mode To execute the related routing configuration commands in the global configuration mode switch config static switch config rip switch config irmp To execute the command exit to return to the global configuration mode To execute ...

Page 21: ...e global configuration mode and meanwhile specify the related keywords and parameters switch config isakmp To run the command exit to return to the global configuration mode To configure IKE policy The public key chain configuration mode To enter the mode via the command crypto key pubkey chain rsa in the global configuration mode switch config pubkey chain To run the command exit to return to the...

Page 22: ...mode The encryption transform configuration mode The encryption mapping configuration mode The public key configuration mode enabl e f i l esyst em conf i gure i nt erf ace rout er i p access l i st voi ce port di al peer crypt o m ap crypt o i sakm p crypt o key pubkey chai n rsa Nam ed key or addressed key i p dhcp pool IKE policy Configuration mode DHCP Configuration mode The public key chain c...

Page 23: ... RS 232 serial port of the terminal with the console port of the switch by cable The connection relationships are shown in the figure 1 2 Figure 1 2 the connection of configuring a switch locally 3 Power up the terminal and configure the communication parameters of the terminal as 9600bps baud rate 8 data bits 1 stop bit software flow control and no parity check Choose VT100 as the type of the ter...

Page 24: ... 1 3 create connection Choose the serial communication port figure 1 4 COM1 or COM2 can be chose according to the connected serial port Figure 1 4 choose the serial communication port Configure the parameters of the serial communication port figure 1 5 Baud ratio 9600bps ...

Page 25: ...nformation of the switch is displayed on the terminal and Press any key to start the shell is shown once the startup is finished If configured that login needs to be authenticated users need to input the user name and password or press any key to log into directly The switch prompt is displayed on the terminal after logged into successfully and then users can configure the switch ...

Page 26: ...and the switch can be configured 1 Configure via LAN Figure 1 6 configure a switch via LAN Connect the network port of the PC with the Ethernet port of the switch via LAN Run the Telnet client application program on the PC in LAN Configure the default option preference of the Telnet terminal Contents of the configuration should be set as terminal default mode simulation option select VT100 ANSI ...

Page 27: ...signamax eu During configuration of Telnet client program the option local response each display should be canceled or it displays contents input by the user adversely effecting the command edit function of shell subsystem ...

Page 28: ... and establish Telnet connection to the router Set Host Name as router IP address 128 255 255 1 Configure port as Telnet 23 Configure terminal type as TCP IP Winsock The other operations are the same as configuration via console interface 2 Configure via WAN ...

Page 29: ... Following is the connection figure Figure 1 10 configure a remote switch via a local switch When configuring a switch via telnet do not alter the IP address of WAN interface easily Change the IP address if necessary only after ensuring that other parameters are configured correctly After the address is changed Telnet may disconnect the new IP address of the host needs to be input to re establish ...

Page 30: ...u After the command is executed the output result is as follows Connecting to128 255 255 1 Display the system prompt of the switch switch Press the key combination Ctrl to return to the prompt of the telnet program Microsoft Telnet ...

Page 31: ...ive interface provided by the shell subsystem for users to configure and use a switch Users can input and edit commands via the command line interface to complete the related configuration assignments also they can view the information and the running status of the system via the interface Command line interface provides the following functions for users Manage the system help information Input an...

Page 32: ...bes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show pr And Edit key usage is the following CTRL A go to home of current line CTRL E go to end of current line CTRL U erase all character from home to current cursor CTRL K erase all character from current cursor to end CTRL W erase a word on the lef...

Page 33: ...f the interactive help system language Set help information language logout Exit from EXEC shell match id Set the identity string memdump Dump memory image monitor Monitor some information more Format show output netstat Show active connections for Internet protocol socket no Negate a command or set its defaults ping Send echo messages reload Halt and perform a cold restart Reset BGP information r...

Page 34: ...t access lists arp Print entries in the system ARP table clock Print system clock information controllers Controllers cpu Show CPU use per process debugging State of each debugging option debuglist Debug register list device Print the system devices information dhcp Dynamic Host Configuration Protocol status eld Ethernet loopbace detect enable Print enable information env list Show current shell c...

Page 35: ...atistics protocol Command protocol queueing Show queueing configuration rmon Remote monitoring route map Route map information rtr Response time reporter running config Print system running configuration information scanprotect Show scanprotect information scriptList Print system script list self memory Show the contents of memory block semaphore Print the semaphore information snapshot Snapshot p...

Page 36: ...aracter string and the descriptions are listed switch d Command Description disable Turn off privileged commands debug Debugging functions see also undebug Error Message of Command line The syntax of all commands typed by a user is examined If the examination is passed the command is executed correctly or an error message is reported to the user For common error messages please refer to the table ...

Page 37: ...rsor key or Ctrl p If there are some earlier history commands then they are taken out or the system alarms Access the next history command Down cursor key or Ctrl n If there are some later history commands then they are taken out or else the system clears the command line and alarms When the cursor key is used to access history commands and telnet runs in Windows98 NT system to log into the router...

Page 38: ... history commands A To shift cursor to the beginning of command line E To shift cursor to the end of the command line U To delete all characters on the left of the cursor until the cursor arrives at the beginning of the command line K To delete all characters on right of cursor until cursor arrives at the end of command line Display Features Command line Interface provides the following displaying...

Page 39: ...on of the previous screen Space or or Ctrl F To go on displaying the information of the next screen or The information displayed on screen rolls up one row Enter or or To go on displaying the information of the next row Ctrl H To return to the beginning of the displayed information Other keys To exit from displaying ...

Page 40: ...gnamax switches the main tasks of configuring system are as follows Configure the system name Configure the system time Configure the login security service Configure System Name When the switch leaves the factory its default system name is switch Users can change the system name by desires This change takes effect immediately and the new system name appears in the displaying of the next system pr...

Page 41: ...g of NTP please refer to Chapter 18 Configure SNTP Users can use the command clock to configure the present time of the system which comprises year month date hour minute and second Command for configuration is as follows Command Description Config mode clock year month day hour minute second To configure the system clock enable The following example configures the system time as 09 36 10 November...

Page 42: ...ecure forbid time 10m 144000m To configure the time for the login security service forbidding the illegal IP address to log in 10 minutes by default config login secure max try time 1 20 To configure the maximum authentication failure times for continued login after the login security service takes effect 5 times by default config login secure record aging time 15m 1440m To configure the time for ...

Page 43: ...ion and command hierarchical authorization Manage File System The contents of the section are as follows Introduction to the file system Brief introduction to the commands of the file system Example of applying the commands File System Signamax switches have three kinds of storage mediums Their functions are as follows SDRAM it is used as the space for a switch executing the application programs F...

Page 44: ...erver config fs tftpcopy To copy a file via the TFTP server config fs xmodemcopy To copy a file by using XMODEM protocol via the configuration config fs delete To delete a file config fs type To view contents of a file config fs dir To view a directory or a file config fs cd To change the present path config fs mkdir To create a directory config fs rmdir To delete a directory config fs pwd To disp...

Page 45: ...che block I O descriptor ptr cbio 0x2cfaa40 auto disk check on mount NOT ENABLED max of simultaneously open files 22 file descriptors in use 0 of different files in use 0 of descriptors for deleted files 0 of obsolete descriptors 0 current volume configuration volume label NO LABEL in boot sector volume Id 0x0 total number of sectors 5 213 sectors of the file system bytes per sector 512 bytes of e...

Page 46: ... of the unit can be allocated free space on volume 2 641 920 bytes the size of the system free space switch config fs File Management By utilizing the file manage commands in the file system configuration mode users can operate all files in TFFS Directory Copy files Delete files View contents of files The examples of applying the commands of file management are as follows 1 Directory Command Forma...

Page 47: ...lename flash dest filename usb dest filename running config startup config ftpcopy vrf vrf name dest ipaddress ftp username ftp password source filename dest filename tftpcopy vrf vrf name dest ipaddress source filename dest filename xmodemcopy source filename trans baudrate The following explains each copy type in detail Copy files from FLASH file system to FLASH file system Command Format copy f...

Page 48: ...startup 11577 JAN 01 1980 00 09 10 abc switch config fs copy flash abc ftp 128 255 42 180 123 123 test Copying Total 11577 bytes copying completed switch config fs 1 Copy files from FLASH to tftp server Command Format copy flash source filename tftp vrf vrf name dest ipaddress dest filename Application example switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 19...

Page 49: ... Completed switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 00 26 random 510 JAN 01 1980 00 05 46 startup 510 JAN 01 1980 00 05 16 abc switch config fs Copy the startup configuration as a file of FLASH file system Command Format copy startup config flash dest filename Application example switch config fs copy startup config flash abc Copying Completed s...

Page 50: ...t copy startup config tftp vrf vrf name dest ipaddress dest filename Application example switch config fs copy startup config tftp 128 255 42 180 test Completed Copy the running configuration as a file of FLASH file system Command Format copy running config flash dest filename Application example switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 00 26 ra...

Page 51: ... running config tftp vrf vrf name dest ipaddress dest filename Application example switch config fs copy running config tftp 128 255 42 180 test Completed Copy the running configuration as the startup configuration Command Format copy running config startup config Application example switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 00 26 random switch c...

Page 52: ...ftp 128 255 42 180 123 123 test bin flash abc Downloading OK switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 00 24 random 11577 JAN 01 1980 00 09 10 abc switch config fs Copy from FTP server to the startup configuration file Command Format copy ftp vrf vrf name dest ipaddress ftp username ftp password source filename startup config Application example ...

Page 53: ...py tftp vrf vrf name dest ipaddress source filename flash dest filename Note same as the command tftpcopy Application example switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 00 26 random switch config fs copy tftp 128 255 42 180 test flash abc Downloading OK switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 0...

Page 54: ...K switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 00 26 random 495 JAN 01 1980 01 03 28 startup switch config fs Copy files to FLASH file system by using xmodem protocol via the configuration port Command Format xmodemcopy dest filename trans baudrate Application example switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN...

Page 55: ... example switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 00 26 random 512 JAN 01 1980 01 30 32 abc switch config fs delete abc WARNING The Data of this file will be lost if OS is deleted the system will hangup Please confirm to continue Yes No y switch config fs dir size date time name 2048 JAN 01 1980 00 00 30 mpssh DIR 4 JAN 01 1980 00 00 26 random s...

Page 56: ...rises Print the path that the system locating in Change the current path Create a directory Delete a directory The examples of applying the commands of directory management are as follows 1 Print the path that the system locating in Command Format pwd Application example switch config fs pwd flash switch config fs The above displaying indicates that currently the system locates in flash directory ...

Page 57: ...y flash Signamax 4 Delete directory Command Format rmdir dir name Application example switch config fs cd flash switch config fs rmdir Signamax WARNING The Data of this dir will be lost if OS is deleted the system will hangup Please confirm to continue Yes No y switch config fs dir size date time name 1930 JAN 01 1980 00 00 00 LOGGING 4 JAN 01 1980 00 00 00 RANDOM 3160 JAN 01 1980 00 00 00 STARTUP...

Page 58: ...ce configuration mode and the route configuration mode e Sort commands according to the relationships among them All related commands are grouped together and a blank line is used to separate groups The example of Signamax switch configuration file is as follows the detailed meaning of the information is introduced in the following chapters switch sh running config Building Configuration done Curr...

Page 59: ...t type uni uni isolate isolated shutdown ethernet uni id UNI port 0 2 ethernet uni type bundling exit port 0 3 port type uni uni isolate isolated shutdown ethernet uni id UNI port 0 3 ethernet uni type bundling exit port 0 4 port type uni uni isolate isolated shutdown ethernet uni id UNI port 0 4 ethernet uni type bundling exit port 0 5 port type uni uni isolate isolated shutdown ethernet uni id U...

Page 60: ...guration File The configuration file of a Signamax switch can be edited in a text editor for example WordPad according to the format prescribed in the above section and can be downloaded to a switch via FTP or TFTP This operation can be used by terminal users or via Telnet remote login The following example is given to explain how to download the switch configuration file via FTP Step 1 Edit the c...

Page 61: ...a TFTP is similar with downloading via FTP The only difference between them is that the computer needs to run TFTP SERVER Step 4 Restart the switch execute the configuration file startup and modify the system configurations Save Current System Configuration After validated that the modified system configurations are error free users can save the configurations to be treated as configuration parame...

Page 62: ...the configuration files WORD of the remote host into the startup configuration file STARTUP of the switch via TFTP switch copy tftp A B C D WORD startup config View Current Running Configuration of Switch switch show running config Configure Switch to serve as FTP server Signamax switches can be used as the ftp servers When a switch serves as an ftp server it permits the user to access the file sy...

Page 63: ...a Signamax switch as an ftp server the following operations need to be executed in the config mode Command Description switch configure terminal switch config ftp enable To enable the ftp sever switch config ftp max user num 2 To configure the maximum number of users permitted to login as 2 switch config user Signamax password 0 Signamax To configure the user name and password for login as Signama...

Page 64: ...nable password config enable password 0 7 string To set the enable password config no enable password CR level 1 15 To delete the enable password config user string password 0 LINE To set the user password config user string nopassword To set that a user can log in without password authentication config user string privilege 0 15 To set the authorized level of a user config user string autocommand...

Page 65: ...o enter a level which is higher than his the user needs to pass the authentication according to the current configuration and the authentication method is selected according to the configuration 3 If the enable password of the corresponding level is configured configure via the command enable password level and if no enable authentication of AAA is configured or the enable authentication of AAA us...

Page 66: ...onding methods need to be used for authenticating they are as follows If configured aaa authentication enable default none no password is needed If configured aaa authentication enable default line if configured line password then use the password or Error in authentication is prompted and the authentication is failed If configured aaa authentication enable default radius use the radius authentica...

Page 67: ... is failed The above enable authentication methods can be combined to use please refer to chapter 15 Configure AAA Modify Command Level Every shell command of Signamax switch IOS has its default level However the command privileged can be used to modify the default level Users can only execute the commands whose levels are equal with or lower than the levels of themselves For example if a user who...

Page 68: ...esponding command set to the default level privilege MODE level 0 15 all command LINE Syntax Description MODE MODE means the mode that the command needs to be configured in includes all modes of the present system level 0 15 Parameter 0 15 is a level specified for a command request To configure as the responder all Specify all commands in the present mode as a level command Can input some keywords...

Page 69: ...og in without password authentication config user user name privilege 0 15 To configure the authorized level of the user config user user name autocommand command line To configure the authorized auto execute command of the user config user user name autocommand option nohangup delay 0_120 To set the option of a user executing the auto command Nohangup means the connection is not disconnected afte...

Page 70: ...ers logging into the device at the same time Line command can be used to set different attributes for these logins such as authentications and authorizations The commands are as follows Command Descritpion Config mode line con 0 To enter the line configuration mode of the console interface config line vty 0 15 0 15 To enter the line configuration mode of telnet user config line ssh vty 0 15 0 15 T...

Page 71: ...ault word accounting exec default word accounting commands level default word modem auto detection To enable the mode function of console interface config line timeout login respond 1 300 To configure the timeout of waiting for a user to input the user name and password 30 seconds by default config line Except the first command others have their corresponding no commands which are used to cancel t...

Page 72: ...via enable the command debug author exec AUTHOR EXEC LINE 6 processing AV priv lvl 14 AUTHOR EXEC LINE 6 processing AV autocmd show mem AUTHOR EXEC LINE 6 processing AV nohangup TRUE AUTHOR EXEC LINE 6 processing AV timeout 120 View Present User Level The level of the present user can be viewed via a command The command is as follows show privilege Execute in the normal user mode STD or the privil...

Page 73: ...stem ARP table ip To display the information about the statistic of IP layer include TCP and UDP startup config To display the contents of system startup configuration file about To display the information about the system copyright version To display the information about the versions of the system hardware and software Take 065 7434 Signamax 24 Port 10 100 L3 Switch as an example partial informa...

Page 74: ...24 536 15832 bcmCNTR 0 80a98024 8648fc40 16368 200 676 15692 bcmTX 809d3630 86474f00 16368 136 212 16156 bcmXGS3AsyncTX 809d1788 86470a20 16368 192 348 16020 bcmLINK 0 809803c0 860fa980 16368 184 1540 14828 tRtrSched 80434694 85e2e7a0 10224 96 172 10052 tRtrWdog 8042ac38 85e28b20 10224 96 408 9816 tKmemReapd 804babbc 87f92d60 3984 136 396 3588 tConMSig 802db208 865b7940 4080 112 372 3708 tSysTask ...

Page 75: ...28 tRtrSla 80450ddc 85e2b8e0 10224 336 412 9812 bcmRX3 809a8f78 85fba4d0 32752 176 628 32124 bcmRX2 809a8ab0 85fb2070 32752 176 332 32420 bcmRX1 809a85e8 85fa9c10 32752 176 332 32420 bcmRX0 809a8120 85fa17b0 32752 176 488 32264 tFmmDtct 8068d468 85e147b0 16368 256 1736 14632 tDcacheUpd 8023c254 87ed71d0 4992 176 436 4556 tTunnel 804d3830 874ca460 5104 520 780 4324 tPortPoll 8056e1a0 85f35a50 16368...

Page 76: ...ts on 37 and 72 Use the command show memory to set different parameters to realize various functions show memory FPSS HEAP MBUF SLAB display the memory using condition of different memory management mechanisms show memory FPSS MBUF SLAB _POOLNAME_ display the memory pool using condition of a memory management mechanism show memory detail display the detailed using condition of the system memory sh...

Page 77: ...NAME 0 ZOMBIE 0 SOOPTS 0 FTABLE 0 RIGHTS 0 IFADDR 0 CONTROL 0 OOBDATA 0 IPMOPTS 0 IPMADDR 0 IFMADDR 0 MRTABLE 0 DRV_SCC 0 DRV_8SA 0 DRV_8S 0 DRV_16A 0 DRV_4M336 0 DRVEXTSCC 0 DRV_QMC 0 E1 0 CE1 0 CPOS 0 POS 0 MCC 0 M128 0 ASYNC 0 FEC 0 FPSS 0 ISDN 0 ENCRYPT 0 RS8234 0 ...

Page 78: ... 0 ARP 0 TEST 0 PKTGEN 0 TOTAL 1024 number of mbufs 1024 number of times failed to find space 0 number of times waited for space 0 number of times drained protocols for space 0 __________________ CLUSTER POOL TABLE _____________________________________________________________________ __________ size clusters free usage 1884 1024 1024 0 Size 2078720 bytes ...

Page 79: ...pe number FREE 41823 DATA 0 HEADER 0 SOCKET 5 PCB 7 RTABLE 0 HTABLE 0 ATABLE 0 SONAME 0 ZOMBIE 0 SOOPTS 0 FTABLE 0 RIGHTS 0 IFADDR 3 CONTROL 0 OOBDATA 0 IPMOPTS 0 IPMADDR 1 IFMADDR 0 MRTABLE 0 DRV_SCC 0 DRV_8SA 0 DRV_8S 0 DRV_16A 0 DRV_4M336 0 DRVEXTSCC 0 DRV_QMC 0 E1 0 CE1 0 CPOS 0 ...

Page 80: ...FCC 0 NDSP 0 FR 0 PPP 0 LABP 0 X25 0 SNA 0 ADSL 0 PWI 0 MASC 0 LLC2 0 ATM 0 LINK 0 MDOT 0 MPLSINFO 0 IPSEC 0 IGMP 1 RTSOCK 0 ARP 0 TEST 0 PKTGEN 0 TOTAL 41840 number of mbufs 41840 number of times failed to find space 0 number of times waited for space 0 number of times drained protocols for space 0 ...

Page 81: ... size clusters free usage 64 10000 9997 3 128 24000 23996 43 256 5024 5019 5 512 3000 2995 12 1024 360 360 0 2048 480 480 0 Size 13914880 bytes unregistered pool Statistics for the network stack mbuf type number FREE 512 DATA 0 HEADER 0 SOCKET 0 PCB 0 RTABLE 0 HTABLE 0 ATABLE 0 SONAME 0 ZOMBIE 0 SOOPTS 0 FTABLE 0 RIGHTS 0 IFADDR 0 CONTROL 0 OOBDATA 0 ...

Page 82: ... IFMADDR 0 MRTABLE 0 DRV_SCC 0 DRV_8SA 0 DRV_8S 0 DRV_16A 0 DRV_4M336 0 DRVEXTSCC 0 DRV_QMC 0 E1 0 CE1 0 CPOS 0 POS 0 MCC 0 M128 0 ASYNC 0 FEC 0 FPSS 0 ISDN 0 ENCRYPT 0 RS8234 0 FCC 0 NDSP 0 FR 0 PPP 0 LABP 0 X25 0 SNA 0 ADSL 0 PWI 0 MASC 0 LLC2 0 ATM 0 ...

Page 83: ...er of times drained protocols for space 0 __________________ CLUSTER POOL TABLE _____________________________________________________________________ __________ size clusters free usage 2048 512 448 64 Size 1126404 bytes All MBUF pool size 17120004 bytes 4 Display the information about the system device switch show device drv name 0 null 1 tyCo 0 1 tyCo 1 3 flash 3 flash1 1 tyCo M 2 pipe temp 3 co...

Page 84: ...rm Control Multicast Disabled Storm Action None Port Type Nni Pvid 1 6 Display the information about the system version switch show version Operating System Software 065 7434 Signamax 24 Port 10 100 L3 Switch system image file flash0 flash sp1 g 6 1 0 RL08 ar bin version 6 1 0 RL08 ar Compiled on Aug 12 2008 17 21 13 Copyright C 1999 Signamax Sichuan Communication Technology Co Ltd All Rights Rese...

Page 85: ...w signamax eu MPU CPLD Version 101 Monitor Version 1 15 Software Version 6 1 0 RL08 ar Software Image File flash0 flash sp1 g 6 1 0 RL08 ar bin Compiled Aug 12 2008 17 21 13 System Uptime is 0 hour 28 minutes 37 seconds ...

Page 86: ...ichuan Communication Technology Co Ltd All Rights Reserved Protocol Debugging The system provides debugging switches for various protocols The following example briefly explains the enabling and disabling of the debugging switch Enable the protocol debugging switch Enable the packet debugging switch of IP protocol access list switch debug ip packet access list For detailed introduction of the prot...

Page 87: ...ng console 0 7 alerts critical debugging emergencies errors informational notifications warnings To configure the log messages selected according to the severity level and need to be displayed on console config logging file To enable saving the log messages in the flash file system with file format The corresponding command no logging file can be executed to disable the function config logging fil...

Page 88: ...l 7 according to the severity levels Level 0 means the message level is the most severe By default level 0 7 are all printed to the console interface and the telnet terminal level 0 5 are written into the memory file level 0 2 are written into the flash file level 0 5 are sent to the log server Meanwhile ranges for modifying command level are provided The related commands are logging console level...

Page 89: ...op collecting the data of cpu utilization By default is disabled config check cpu time interval 1 3600 To set the time interval for refreshing the current cpu utilization By default is 2 seconds config check cpu view simple Whether to display in the simple mode which means only to display the task which uses CPU By default the simple mode is disabled config check cpu parameter To view the present ...

Page 90: ...0a9e0 10 0 0 0 0 tActive 85c6ad00 10 0 0 0 0 tVlanTask 85ef0d70 19 0 0 0 0 tDmemReapd 87f91140 20 0 0 0 0 tIpamTrap 874dfc10 20 0 0 0 0 tShell0 85c71560 20 3 1 3 1 tMdsp 8662e8f0 35 0 0 0 0 tSysLog 87f06c10 40 0 0 0 0 tMbufTask 8677a790 40 0 0 0 0 tCGTimer 865c1cf0 40 6 2 6 2 tEAps 85c741c0 40 0 0 0 0 bcmRX7 85fdb650 42 0 0 0 0 bcmRX6 85fd31f0 42 0 0 0 0 bcmRX5 85fcad90 43 3 1 3 1 bcmRX4 85fc2930 ...

Page 91: ...669edf0 90 0 0 0 0 tIp6tnlTask 8669a330 90 0 0 0 0 tTffsPTask 87fe4cb0 100 0 0 0 0 tStaticRt 8660dcc0 100 0 0 0 0 tDot1x 85db6de0 100 0 0 0 0 tPortMon 85da5f60 100 0 0 0 0 tElmi 85d09c70 100 0 0 0 0 tTrackMsg 865bb7c0 110 0 0 0 0 tPmtud 866b2db0 120 0 0 0 0 tTelnetd 85c69800 120 0 0 0 0 tTelnetd6 85c66b00 120 0 0 0 0 tIcmpErr 874ce060 150 0 0 0 0 tArpTask 866addf0 150 0 0 0 0 tRtMgt 866235b0 150 0...

Page 92: ... using condition of the CPU in a period and then use show cpu monitor to display the using condition of the CPU in a period switch monitor cpu switch show cpu monitor CPU utilization for five seconds 2 one minute 1 five minutes 1 CPU utilization per second in the past 60 seconds 0 0 0 9 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 ...

Page 93: ...k you should better not enable the switch System Remote Login Service Telnet Signamax switches provide telnet server client function service port 23 It permits at most 16 telnet users to be online at the same time Users can configure the attributes of the telnet login via the command line vty Meanwhile Signamax switches provide the commands of the telnet client In the common user mode and the priv...

Page 94: ...dormancy temperature the system automatically enters the dormancy state and sends SNMP TRAP When the temperature reaches a certain degree the system automatically recovers to work normally and sends SNMP TRAP The system supports setting dormancy temperature The temperature value when the system automatically recovers to work normally is set automatically which is usually 10 lower than the dormancy...

Page 95: ...iguration Commands You can describe the alarm name set alarm disabled or enabled and set alarm input logic and output logic which correspond with the input and output system auto lighting When the input alarm alarms send out TRAP message when the alarm disappears send out the alarm disappearance TRAP message The related commands are as follows Command Description Configuration Mode alarm in out 0 ...

Page 96: ...al logic are different from the logic of the system input or output alarm when the logic of the system input or output alarm logic is different from the external device alarm signal logic you can adjust it until they are consistent The default value is on config View Status Information The related commands are as follows Command Description Configuration Mode show alarm in out In means to display ...

Page 97: ...o ports Configure ports Port The contents of this section Serial number Basic concept of porlist Enter port configuration mode Serial Number The serial numbers of devices physical ports are denominated according to the device features as follows Type Slot Stackable Small card Serial number Desktop with fixed slot S P Desktop with fixed slot S P Desktop with fixed slot U S P Desktop with fixed slot...

Page 98: ...namax eu Rack S Sub S P Note U Unit S Slot Sub S Sub Slot P Port Unit Indicates the device in a stack therefore users need to confirm if the device is in the stacking state when initializing it The serial number starts from 0 ...

Page 99: ...is reserved for the fixed port Port Indicates physical ports on the device or the card the serial number of the fixed port on each device card and sub card starts from 0 Basic Concept of portlist Whether configuring or displaying Signamax switches use portlist to select ports portlist can be one of the following situations A sing port such as 0 1 Continuous Ports use to represent a section of cont...

Page 100: ...er the global configuration mode switch config port portlist To enter the port configuration mode Port configuration mode has two kinds of conditions as follows A single port represented by config port Multiple ports represented by config port range When configuring Signamax switches if you are already in the port configuration mode you can also re select or re configure the port via inputting por...

Page 101: ...rm control broadcast multicast unicast pps packets bps rate bps To configure the storm control config port config port range no storm control broadcast multicast unicast To cancel the storm control of the port config port config port range storm control action shutdown trap To configure the storm control action config port config port range no storm control action To cancel the storm control actio...

Page 102: ...disable one port use the command Otherwise use the no format shutdown no shutdown Note Even a port is no shutdown its status may not be up The status also depends on other situations for example the network cable is not inserted or the port is closed temporarily Description For memorizing easily you can configure the description information for a port For example a port is allocated to company A a...

Page 103: ...and is used to restrict the size of the broadcast flow permitted to pass on an Ethernet port When the broadcast flow on the port exceeds the value configured by the user the system discards the packets which exceed the limitation of the broadcast flow In this way the proportion of the broadcast flow can be reduced to the limited range and the normal operation of network services is ensured Followi...

Page 104: ...l action This command is used to configure the action executed after storm suppression happens that is disable the port pr send TRAP alarm To send TRAP first enable snmp service and enable the corresponding switch The action types Disable port hutdown Send TRAP alarm trap To cancel the storm control action use the no format storm control action shutdown trap no storm control action Syntax Descript...

Page 105: ...mmon network cables When auto mode is configured use common network cable or crossover network cable The rules are as follows Local mdix Configuration Remote mdix Configuration Supported Network Cable Type auto auto Common network cable crossover network cable auto normal Common network cable crossover network cable auto cross Common network cable crossover network cable normal auto Common network...

Page 106: ...rt delay after link event is checked Default status 0s that is interrupt and report the link event loopback Loop check is used to check link As a test command it doesn t save script loopback external internal Syntax Description internal To start internal loopback test external To start the external loopback test When practical status of a link is down the internal loop check can be performed while...

Page 107: ...ion community UNI ports can communicate with each other isolated UNI ports cannot communicate with each other Monitoring Maintaining Monitoring Commands In order to display basic information of a port such as link status rate duplex and UNI type users can switch to the privilege user mode and run show port portlist configuration Command Description show port portlist configuration To display basic...

Page 108: ...he management flow control is disabled Act Flow Control Off The actual flow control status is disabled Mdix Normal The network cable type is common network cable Mtu 1728 MTU is 1728 bytes Link Delay 0 The report delay of the link status is 0 Storm Control Unicast Disabled Do not enable unicast storm control Storm Control Broadcast Disabled Do not enable broadcast storm control Storm Control Multi...

Page 109: ...stPkts 37480 The total number of received and sent multicast packets TotalCRCErrors 0 The number of CRC errors TotalSymbolErrors 0 The total number of symbol errors TotalAlignmetErrors 0 The total number of non integral bytes and CRC errors TotalUndersizePkts 0 The total number of the packets with small bytes no more than 64 bytes TotalOversizePkts 0 The total number of the packets with oversize b...

Page 110: ...on Application example Debugging and monitoring Introduction to VLAN Virtual Local Area Network VLAN is to divide physical networks into logical networks Dividing VLAN is not restricted by the physical location The hosts of different physical locations can belong to one VLAN VLAN restricts the broadcast domain L2 unicast broadcast and multicast frames can be forwarded and diffused only in the VLAN...

Page 111: ...ls of packets when the port transmits packets Access Type The port can belong to only one VLAN and the default VLAN ID of the port is the same as the VLAN ID to which it belongs The port usually connects with user devices The default type of a port is the Access type Trunk Type The port permits multiple VLANs to pass and it can receive or send multiple VLAN packets Only the packets of the default ...

Page 112: ...s received by ports are processed as follows If the source MAC address of the packet is consistent with the MAC of the MAC based VLAN assign the packet to the corresponding VLAN ID of the MAC VLAN If the packet doesn t match the MAC configured by the MAC VLAN the packet is assigned to the default VLAN ID of the port IP Subnet Based VLAN IP subnet based VLAN is to assign VLAN IDs to packets accordi...

Page 113: ...emplate If the packet doesn t match the protocol template assign the packet to the default VLAN ID of the port VLAN Division Priority By default the priorities of the four different VLANs from high to low are MAC address based VLAN IP subnet based VLAN protocol based VLAN and port based VLAN On one port VLAN divisions take effect according to their priorities and only one VLAN division can take ef...

Page 114: ...gure IP subnet VLAN items config ip subnet vlan enable To configure IP subnet VLAN is enabled on the port config port xxx config link aggregation x ip subnet vlan priority front To configure the priority of the IP subnet VLAN of the port is higher than MAC VLAN config port xxx config link aggregation x protocol vlan profile index frame type ETHERII LLC SNAP ether type ether value To configure prot...

Page 115: ... The default description information of VLAN 1 is DEFAULT and the description information of other VLANs is vlanId port accept frame type all tag untag This command is used to configure the receivable frames of the port The frames that do not meet the requirements are discarded Syntax Description all The port receives all Tag packets and Untag packets tag The port only receives the Tag frames and ...

Page 116: ...is switched the original VLAN configuration of the port is deleted and VLAN configuration of the port recovers to the default value of the new port type port access vlan This command is used to add Access port to VLAN The no format of the command is used to add the port to the default VLAN 1 port access vlan vlanId no port access vlan Syntax Description vlanId The value range of VLAN ID is 1 4094 ...

Page 117: ...n command must be consistent with the port type Otherwise the system prompts error information such as port 0 1 current mode is not trunk The port type cannot switch from Hybrid to Trunk directly It should first switch to Access and then to Trunk Note When Trunk port is configured to allow VLAN to pass 1 If VLAN exists the port is added to the VLAN 2 If VLAN does not exist the VLAN is not created ...

Page 118: ...ort trunk pvid vlan This command is used to configure the default VLAN pvid of Trunk port The no format of the command is used to delete the configured default VLAN pvid of the port and the default VLAN of the port recovers to 1 port trunk pvid vlan vlanId no port trunk pvid vlan Syntax Description vlanId The value range of VLAN ID is 1 4094 Default status The default VLAN pvid of the port is 1 No...

Page 119: ...atus The port does not have vlan dot1q tag pvid configuration Note The configuration command must be consistent with the port type Otherwise the system prompts error information such as port 0 1 current mode is not trunk mac vlan mac address This command is used to configure MAC VLAN items globally and distribute the corresponding VLAN ID as per the MAC address The no format of the command is used...

Page 120: ...P subnet VLAN items globally and distribute the corresponding VLAN ID as per the IP subnet The no format of the command is used to delete the IP subnet VLAN items ip subnet vlan ipv4 ip mask mask vlan vlanId no ip subnet vlan ipv4 ip mask mask vlan Syntax Description ip IP address mask IP address mask vlanId To distribute the corresponding VLAN ID as per the IP subnet the value range of the VLAN I...

Page 121: ...ty front Default status By default the configuration does not exist Note In the default VLAN division of the port the priority of MAC VLAN is higher than that of IP subnet VLAN protocol vlan profile This command is used to configure the protocol profile of the protocol VLAN globally The no format of the command is used to delete the protocol profile protocol vlan profile index frame type ETHERII L...

Page 122: ...e the value range is 1 16 vlanId To divide the corresponding VLAN ID as per the protocol the value range of the VLAN ID is 1 4094 Default status By default the protocol profile is not configured on the port Note The port matches protocol profile and the corresponding VLAN The protocol profile corresponding to the protocol profile serial number must exist protocol vlan enable This command is used t...

Page 123: ... the type of the port as Trunk switch config port 0 1 port trunk allowed vlan 10 to 20 The port permits VLAN 10 20 to pass switch config port 0 1 port trunk pvid vlan 30 To configure the default VLAN of the port switch config port 0 1 vlan dot1q tag pvid To configure the default VLAN packets of a Trunk port to be sent with Tag Example of Configuring VLAN of Hyrbid Port Command Description switch c...

Page 124: ...0 100 100 mask 255 255 255 0 vlan 10 To configure the items in IP subnet VLAN table to assign the Untagged of the corresponding network segment to the VLAN switch config port 0 1 To enter port 0 1 configuration status switch config port 0 1 ip subnet vlan enable To configure the port enabling IP subnet VLAN function Protocol Based VLAN Example Command Description switch configure terminal Users en...

Page 125: ... the information about the protocol VLAN items Monitoring Command Example switch show vlan Displayed Result NO VID VLAN Name Port Name 1 1 DEFAULT Untag Port port 0 0 port 0 1 port 0 3 port 0 4 port 0 5 port 0 6 port 0 7 port 0 8 port 0 9 port 0 10 port 0 11 port 0 12 port 0 13 port 0 14 port 0 15 port 0 16 port 0 17 port 0 18 port 0 19 port 0 20 port 0 21 port 0 22 port 0 23 port 0 24 port 0 25 p...

Page 126: ...LAN ID distributed to the Untag packets matching MAC address The displayed result indicates the existing MAC VLAN items of the system and the included details switch show ip subnet vlan Displayed Result IP SUBNET VLAN NO IP MASK VLAN 1 10 10 10 0 255 255 255 0 10 2 20 20 0 0 255 255 0 0 20 Description analysis NO display serial number IP IP address MASK IP mask VLAN The VLAN ID distributed to the ...

Page 127: ...result indicates the existing protocol profile of the system and the details switch show protocol vlan Displayed result PROTOTOCL VLAN Port Profile VLAN port 0 1 1 10 port 0 1 3 20 port 0 2 3 30 Description analysis Port Port name Profile The serial number of the protocol profile VLAN The VLAN ID distributed to Untag packets matching the protocol profile of the port The displayed result indicates ...

Page 128: ...e as follows Introduction to MAC address table management Basic commands for managing MAC address table Application examples of MAC address table management Introduction to MAC Address Table MAC address table includes the address information for forwarding packets between ports The items in the MAC address table include static MAC address dynamic address and filtered MAC address Static MAC address...

Page 129: ...C addresses learned by the port reaches the maximum value do not learn MAC address again After receiving a MAC address the switch learns and records it in the MAC address table if the switch does not receive any other packet whose source MAC address is the MAC address before reaching the aging time of dynamic MAC address the MAC address is deleted from the MAC address table Basic Commands for Mana...

Page 130: ...nfig link aggregationx The symbol before the command description means that there is the configuration example to describe the command in details later mac address static This command is to configure a static MAC address or static filtered MAC address The no format of the command can be used to delete a static MAC address or static filtered MAC address mac address static H H H vlan vlan id port po...

Page 131: ...alue Not defined Note The specified MAC address must be uni cast MAC address and the MAC address cannot be all zero The specified vlan id must be valid vlan that is the existing vlan When the specified port is a common port ensure that the port is not added to the aggregation group When the specified port is an aggregation port ensure that the aggregation group is created The static MAC addresses ...

Page 132: ...ns that the specified port type is the aggregation port Portlist The list of common ports whose dynamic MAC addresses are deleted such as 0 1 0 3 trunk id The aggregation port whose dynamic MAC address is deleted The value range is 1 16 Default value Not defined Note The specified vlan id must be a valid vlan that is the existing vlan When the specified port is a common port ensure that the port i...

Page 133: ...ber of learned MAC addresses The value range is 1 1000 no mac address max mac count To cancel the maximum number of learned MAC addresses Default value By default the number of the learned MAC addresses is not restricted that is there is no maximum number of learned MAC addresses After canceling the maximum number of the learned MAC addresses the number of the learned MAC addresses turns to be the...

Page 134: ...e Command Description show mac address all This command is to display all static MAC addresses excluding the static filtered MAC addresses and dynamic MAC addresses show mac address static This command is to display all static MAC addresses excluding static filtered MAC addresses including the static MAC addresses configured on other modules show mac address dynamic This command is to display all ...

Page 135: ... VLAN MAC TYPE PORT STATE FLAG 1 0003 0FFF DD40 STATIC port 0 1 FWD C Description analysis VLAN The VLAN to which the MAC address belongs MAC The MAC address TYPE The MAC address type including static MAC address dynamic MAC address and filtered MAC address PORT The port bound to the MAC address including common port and aggregation port STATE The processing of the packet whose destination MAC add...

Page 136: ...address 0003 0FFF DD41 is in VLAN1 The MAC address is based on global configuration it does not belong to any port and is configured through shell command The static MAC address 0003 0FFF DD40 is on VLAN1 and is bound to port 0 1 it is configured through shell command and forwarded normally switch show mac address max mac count port 0 1 Displayed result port 0 1 max learning mac 300 The maximum nu...

Page 137: ...aggregation Commands for configuring link aggregation Configure Link Aggregation Main contents of this section Introduction to link aggregation Basic Commands of link aggregation Configuration example of link aggregation Monitor and debug link aggregation Overview Link aggregation is to bind several physical links together to form a logic link and it can be used to expand link bandwidth Meanwhile ...

Page 138: ...ort priority priority To configure the LACP port priority config port XXX no link aggregation agg id To delete a specified aggregation group config no link aggregation agg id To remove a port from a specified aggregation group config port XXX no lacp system priority To configure the LACP system priority as the default value config no lacp port priority To configure the LACP port priority as the de...

Page 139: ...ue range is 1 16 dst ip Based on destination IP address dst mac Based on destination MAC address src dst ip Based on source and destination IP addresses src dst mac Based on source and destination MAC addresses src ip Based on source IP address src mac Based on source MAC address Configuration mode Global configuration mode Default status The default value is the load balance arithmetic based on s...

Page 140: ...e value range is 1 16 manual A port is added into aggregation group in manual aggregation mode active A port is added into aggregation group in protocol aggregation mode and is active port passive A port is added into aggregation group in protocol aggregation mode and is a passive port Configuration mode Port configuration mode Default status Not defined lacp port priority In port mode this comman...

Page 141: ...ual aggregation switch1 configuration Command Description switch config link aggregation 1 mode manual To create manual aggregation group 1 switch config port 0 0 0 3 To enter the port mode switch config port range link aggregation 1 manual To add a port into aggregation group in manual mode switch2 configuration Command Description switch config link aggregation 1 mode manual To create manual agg...

Page 142: ... create manual aggregation group 1 switch config port 0 0 0 3 To enter the port mode switch config port range link aggregation 1 active To add a port into an aggregation group in protocol mode Monitoring Debugging Link Aggregation Monitoring Commands View Commands Command Description show link aggregation group agg id To display the aggregation information of a specified aggregation group show lin...

Page 143: ...ated successfully and can send and receive service packets Root port port 0 1 The root port of the aggregation group is 0 1 port 0 0 DETACHED port 0 0 is in the detached state port 0 1 ATTACHED port 0 1 is in the attached state port 0 2 DETACHED port 0 2 is in the detached state port 0 3 DETACHED port 0 3 is in the detached state Perform the show operation as per the link aggregation of the LACP m...

Page 144: ...machine information receive DEFAULTED periodic SLOW mux DETACHED The status machine information of the port Debugging Commands Command Description no debug lac pdu rx tx machine event port port no To enable the debugging switch of the information about link aggregating process The symbol before the command description means that there is the configuration example to describe the command in details...

Page 145: ...n logic for link aggregation 1 00 04 46 LAC port 0 5 LAC_EVENT_AGG_ADD_PORT event happened 00 04 46 LAC Selection logic for link aggregation 1 The event information of adding ports 0 1 0 5 into an aggregation group Selection logic needs to be executed again when a port is added into an aggregation group 00 08 39 LAC port 0 3 LAC_EVENT_AGG_REMOVE_PORT event happened 00 08 39 LAC Selection logic for...

Page 146: ... 1 RX machine enter MANUAL_ON The RX status machine enters MANUAL_ON 00 14 53 LAC port 0 1 MUX machine enter WAITING The MUX status machine enters WAITING 00 14 55 LAC port 0 1 MUX machine enter ATTACHED The MUX status machine enters ATTACHED 00 14 55 LAC port 0 1 MUX machine enter COLLECTING_DISTRIBUTING The MUX status machine enters COLLECTING_DISTRIBUTING 3 When using the command debug lac pdu ...

Page 147: ...2 C5 00 00 00 Partner 02 14 80 00 00 00 00 00 00 00 00 02 80 00 00 02 42 00 00 00 13 53 11 LAC port 0 1 rx pdu info Actor 01 14 80 00 00 01 12 34 00 33 03 90 80 00 00 02 C5 00 00 00 Partner 02 14 80 00 00 00 00 00 00 00 00 02 80 00 00 02 42 00 00 00 The port receives the pdu information ...

Page 148: ...e Protocol is to avoid and clear the loops in the network by negotiating a non loop path to the root switch Through certain arithmetic it locates the place with loops in the network blocks the redundant link and shears the loop network to the tree network without loops In this way the data frames are prevented from increasing and circulating endlessly in the loop network Currently the Spanning Tre...

Page 149: ...ANs according to their own paths In this way the better traffic load balance mechanism is provided MSTP has the following features MSTP shears the loop network to a tree network without loops to prevent the packets from increasing and circulating endlessly in the loop network MSTP divides the whole switching network to multiple domains and all the domains are connected by a common spanning tree CS...

Page 150: ...old count number To set the maximum sending rate of STP protocol for sending packets on port config spanning tree pathcost method dot1D 1998 dot1T 2001 To set the standard adopted by the device for accounting the default Path Cost of the port config spanning tree mst instance instance id priority priority number To set the bridge priority of spanning tree examples config spanning tree enable disab...

Page 151: ...up to 32 bytes Default status By default use the bridge ID as MST domain name Configuring the MST domain names of bridges the same does not mean that the bridges are in the same MST domain The two or more bridges belong to one MST domain only when the name revision level example and VLAN mapping of the MST domains are the same ...

Page 152: ... id vlan vlan range no instance instance id vlan vlan range no instance instance id Syntax Description instance id The example ID of an MST domain The value range is 1 63 vlan range The VLAN list mapping with the example It is the character string with such format as 2 9 200 411 500 Default status By default the MST domain has only example 0 and all VLANs are mapped to example 0 Practically the su...

Page 153: ...ats of MSTP protocol are different from those of STP and RSTP To realize the mixed networking with STP device and be compatible with RSTP MSTP sets three working modes including STP compatibility mode RSTP mode and MSTP mode Use the following commands to configure the working modes and the no format to recover the default working mode spanning tree mode stp rstp mstp no spanning tree mode Syntax D...

Page 154: ...ge is 7 127 The default value is 20 Default status By default the maximum number of hops of MST domain is 20 From the root bridge of the spanning tree in the MST domain the configuration message in the domain is forwarded through a device and the number of hops is reduced by 1 The device discards the received configuration message with the number of hops as 0 so that the devices that are out of th...

Page 155: ...Hello Time means the interval of the root bridge sending BPDU to other bridges Sending BPDU is to inform other bridges that it is the root bridge so that other bridges can recognize its root bridge status Once there is bridge with a lower priority in the switching network the root bridge will be replaced and the new bridge sends BPDU to other non root bridges at the interval of Hello packets Usual...

Page 156: ...mmand to configure the maximum rate of sending packets The no format of the command can be used to recover the default value spanning tree transmit hold count count no spanning tree transmit hold count Syntax Description Count The maximum number of packets that can be sent on the port within HELLO TIME The value range is 1 10 The default value is 6 Default status By default the maximum number of p...

Page 157: ... The configurable values are as follows 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 spanning tree enable disable By default the spanning tree protocol is disabled globally The MSTP function can be globally enabled by the command spanning tree enable The no format of the command spanning tree disable or spanning tree enable can be used to disable MSTP f...

Page 158: ...ree pathcost method Syntax Description dot1D 1998 Adopt IEEE802 1D 1998 dot1T 2001 Adopt IEEE802 1T 2001 Default status By default the bridge adopt IEEE802 1T to calculate the path cost of the port When the port is configured with Path Cost it adopts the configured value spanning tree mst instance instance id cost Path cost is related with port link rate On the device that supports MSTP the port c...

Page 159: ...he priority of the port in the example The no format of the command can be used to recover the default value spanning tree mst instance instance id priority priority number no spanning tree mst instance instance id priority Syntax Description instance id MST spanning tree example ID The value range is 0 63 priority number The port priority The value range is 0 240 It must be the multiple of 16 The...

Page 160: ...by a point to point link are root ports or specified ports the rapid transferring to the forwarding status can be realized by transmitting proposal and agreement synchronization packets which can reduce the unnecessary forwarding delay time You can use the following command to configure the point to point link type of the port The no format of the command can be used to recover the default value s...

Page 161: ...e standard interoperability The Cisco devices can be configured to send non IEEE802 1s packet format Besides the key used by the mapping configuration abstract between the calculation example and VLAN is private Therefore when a device is inter connected with a Cisco device and even if they are configured with the same MST domain same revision level the same mapping between VLAN and example they a...

Page 162: ...rmat sent by the Cisco devices the port works in Pre Standard mode To exit the mode you need to execute MCHECK operation manually MSTP Protection Features Command Description Configuration Mode spanning tree guard none root loop To set protection feature of a port config port xxx spanning tree bpdu filter guard To set the BPDU protection filtering function of a port config port xxx spanning tree b...

Page 163: ...can use the following command to configure the BPDU filtering function The no format of the command can be used to disable the function spanning tree bpdu filter no spanning tree bpdu filter By default the BPDU filtering function of a port is disabled The BPDU filtering function takes effect only on the ports configured with edge port attributes For the ports that are configured with edge port att...

Page 164: ... the status of the root port and other blocked ports by receiving BPDU packets from the upstream devices But the ports cannot receive the BPDU packets from the upstream devices because the link is blocked or the uni directional link fails and the spanning tree information on the port times out Here the downstream device re selects the role of the ports The ports on the downstream device that do no...

Page 165: ...unction spanning tree guard root spanning tree guard none no spanning tree guard By default the Loop Guard protection function of the port is disabled The Root Guard protection function and Loop Guard protection function cannot be enabled at the same time ...

Page 166: ...of example 3 is Switch A The packets of VLAN 40 are forwarded along example 4 the root bridge of example 4 is Switch B The configuration of Switch A Command Description SwitchA config spanning tree mst configuration To enter the configuration mode of MST domain SwitchA config mst region region name test To configure MST domain name as test SwitchA config mst region revision level 0 To configure th...

Page 167: ...chC config spanning tree mst configuration To enter the configuration mode of MST domain SwitchC config mst region region name test To configure MST domain name as test SwitchC config mst region revision level 0 To configure the revision level of MST domain as 0 SwitchC config mst region instance 1 vlan 10 To map VLAN 10 configuration to example 1 SwitchC config mst region instance 2 vlan 20 To ma...

Page 168: ...the port on the device that runs MSTP RSTP is connected with the device that runs STP the port automatically transfers to work in STP compatibility mode if the device that runs STP protocol is removed the port cannot transfers to work in MSTP RSTP mode and still works in STP compatibility mode Here execute the mCheck operation to force the port to works in MSTP RSTP mode Use the following command ...

Page 169: ...ormation on one device SwitchA show spanning tree mst Displayed Result Description and Analysis MST Instance 00 vlans mapped 1 3 4094 The following is the information about example 0 Currently the VLANs that map with example 0 is VLAN 1 and 1 4094 Bridge address 0001 7a4f 738e priority 32768 Region root address 0001 7a4f 738e priority 32768 root 32772 rpc 0 epc 200000 hop 20 The bridge address and...

Page 170: ...eive transmit To enable disable the debugging switch of sending receiving MSTP spanning tree BPDU packets no debug spanning tree mstp roles To enable disable the debugging switch of MSTP spanning tree role no debug spanning tree mstp state To enable disable the debugging switch of MSTP spanning tree status change no debug spanning tree mstp event To enable disable the debugging switch of MSTP span...

Page 171: ...VENT Port event received port 0 7 duplex status changed After the ports are connected with the network cables the port link is UP and MSTP receives the event of link UP meanwhile the events of port rate change and duplex mode change are received 05 24 06 MSTP 7 EVENT Fdb flush on port 0 7 for instance 0 05 24 06 MSTP 7 TRANS Port 0 7 INST 0 roles trans from Disabled to Designated The port role cha...

Page 172: ... provider network In this way packets go through the backbone network public network of carriers with two layers of VLAN tags In the public network packets are transmitted only according to the VLAN tag of the external layer that is the VLAN tag of the public network and the VLAN tag of the customers private network is screened Therefore VLAN IDs of the public network are saved and a simple L2 VPN...

Page 173: ...then encapsulates the external VLAN Tag for the packet the VLAN Tag is the port PVID VLAN Flexible Vlan dot1q tunnel Function The flexible Vlan dot1q tunnel function is a flexible realization of the Vlan dot1q tunnel function by cooperating with the port VLAN A port adds a specified external VLAN tag to a packet according to the items of the flexible Vlan dot1q tunnel mapping table and the VLAN ID...

Page 174: ...rded config port xxx config link aggregation x frame tag tpid tpvalue To configure the TPID of the external Tag config port xxx config link aggregation x inner priority trust enable To copy the priority field of the internal Tag to the priority field of the external layer Tag config port xxx config link aggregation x vlan dot1q tunnel enable This command is used to enable the vlan dot1q tunnel fun...

Page 175: ...e configured on the Access port and can be configured only on Hybrid and Trunk ports When a port switches to the Access type from Hybrid type or Trunk mode type all the items in the flexible Vlan dot1q tunnel mapping table are deleted When configuring Vlan dot1q tunnel Vlan dot1q tunnel mapping items on link aggregation port it is recommended that the users add all member ports to link aggregation...

Page 176: ... dot1q tunnel mapping and the port VLAN Therefore users need to add a Vlan dot1q tunnel mapping port into the external VLAN via configuration Caution The items of the flexible Vlan dot1q tunnel mapping table cannot be configured on the Access port and can be configured only on Hybrid and Trunk ports When a port switches to the Access type from Hybrid type or Trunk mode type all the items in the fl...

Page 177: ...port that is vlan dot1q tunnel drop function is not enabled on the port frame tag tpid This command is used to configure the TPID in the outer Tag of the port The no format of the command is used to delete the configured TPID in the outer Tag of the port and recover the default value 0x8100 frame tag tpid tpvalue no frame tag tpid Syntax Description tpvalue The TPID of the outer Tag the common TPI...

Page 178: ...er C are inter communicated via VLAN 200 of the operator network PE1 configuration Command Description PE1 config port 0 1 port mode hybrid To set the port as Hybrid port PE1 config port 0 1 port hybrid vlan 100 untagged To add the port to VLAN 100 PE1 config port 0 1 vlan dot1q tunnel enable To enable the basic vlan dot1q tunnel function on the port PE1 config port 0 1 vlan dot1q tunnel 10 100 Th...

Page 179: ...onfig port 0 2 port hybrid vlan 100 untagged To add the port to VLAN 100 PE2 config port 0 2 port hybrid vlan 200 untagged To add the port to VLAN 200 PE2 config port 0 2 vlan dot1q tunnel enable To enable basic vlan dot1q tunnel function on the port PE2 config port 0 2 vlan dot1q tunnel 10 100 The port configures flexible items and encapsulates outer Tag 100 for received VLAN 10 packets PE2 confi...

Page 180: ...how vlan dot1q tunnel VLAN DOT1Q TUNNEL Port Inner VlanId Outer VlanId port 0 1 totals 2 10 100 15 150 port 0 2 totals 1 20 200 Description and analysis Port port name Inner VlanId The VLAN ID of the Tag packets received by the port that is the inner VLAN ID of the packets after encapsulation Outer VlanId The outer VLAN ID encapsulated by the port that is the outer VLAN ID of the packets after enc...

Page 181: ...rt as hybrid switch config port 0 1 port hybrid vlan 20 untagged The port is added into VLAN 20 in Untagged mode switch config port 0 1 port hybrid vlan 40 untagged A port is added into VLAN 40 in Untagged mode switch config port 0 1 vlan dot1q tunnel enable To enable basic vlan dot1q tunnel function on a port switch config port 0 1 vlan dot1q tunnel 10 20 To configure the items in the flexible vl...

Page 182: ...licting items automatically and resets new items for the table Flexible Vlan dot1q tunnel mapping function is realized through the mapping between flexible Vlan dot1q tunnel mapping and the port VLAN Therefore users need to add a Vlan dot1q tunnel mapping port into the external VLAN mapping VLAN via configuration The items of the flexible Vlan dot1q tunnel mapping table cannot be configured on the...

Page 183: ... that is the non VLAN10 packets are discarded PE1 config port 0 1 vlan dot1q tunnel drop To configure the port0 2 as a Hybrid port PE1 config port 0 2 port mode hybrid To add the port0 2 to the VLAN 200 PE1 config port 0 2 port hybrid vlan 200 untagged To configure the items in the flexible table on the port0 2 and to encapsulates the external Tag 200 for the received VLAN 20 packets PE1 config po...

Page 184: ...late the external Tag 200 of the received VLAN 20 packets PE2 config port 0 2 vlan dot1q tunnel 10 100 PE2 config port 0 2 vlan dot1q tunnel 20 200 To configure the port0 2 only to support the flexible table the packets that do not match the items in the flexible table are discarded that is the received non VLAN10 packets and non VLAN20 packets are discarded PE2 config port 0 2 vlan dot1q tunnel d...

Page 185: ...and LACPDU in carriers network as well as the spanning tree calculation and link aggregation of the whole user network When L2 Protocol Tunnel function is enabled on the ports of the device the device replaces the destination MAC address of input L2 protocol packet with a special multicast MAC address by default it is 01 00 0c cd cd d0 The protocol packet is transferred to tunnel packet which is f...

Page 186: ... as BPDU and LACPU and directly transmitted to upper protocol module for processing This is the default function Basic Commands Command Description Config mode l2protocol control tunnel dmac mac address To configure the special multicast MAC replacing the L2 protocol destination MAC config l2protocol control bmga dot1x gmrp gvrp lacp stp discard peer tunnel To enable the protocol packet tunnel fun...

Page 187: ...es of L2 protocol packets must be the same l2protocol control bmga dot1x gmrp gvrp lacp stp discard peer tunnel This command is used to enable protocol packet tunnel function separation function and transparent transmission function on the port By default the transparent transmission function is enabled on the port l2protocol control bmga dot1x gmrp gvrp lacp stp discard peer tunnel Syntax Descrip...

Page 188: ... you need to set up the L2 protocol tunnel for stp packets between PE1 and PE2 PE1 configuration Command Description PE1 config port 0 2 port mode hybrid To set port0 2 as Hybrid port PE1 config port 0 2 port hybrid vlan 10 untagged To add port 0 2 to VLAN 10 PE1 config port 0 2 port hybtid pvid vlan 10 To set the port pvid as VLAN 10 PE1 config port 0 2 l2protocol control stp tunnel To set the st...

Page 189: ...2 allow tunnel packets VLAN 10 to pass through configuration Debugging Monitoring Debugging Command Command Description no debug l2protocol control To enable disable the debugging switch of L2 protocol tunnel Debugging Command Example For environment refer to the application example Enable the command debug l2protocol control switch debug l2protocol control Displayed Result Analysis 01 51 14 L2PC ...

Page 190: ... send STP tunnel packet in vlan 10 01 51 20 L2PC 7 EVENT port 0 2 receives STP packet 01 51 20 L2PC 7 EVENT non tunnel ports send STP tunnel packet in vlan 10 tunnel packets from the non STP tunnel port the STP protocol tunnel function is not enabled on the port of VLAN 10 ...

Page 191: ...lication module of L2 multicast The contents of this section are as follows Brief introduction Basic commands Monitoring and debugging Overview The application modules such as L2 static multicast and IGMP SNOOP protocol of L2 multicast get the L2 multicast table through static configuration or dynamically learning and forward the information to the common modules of L2 multicast The common modules...

Page 192: ...unknown multicast packets belonging to the specified VLAN config vlan no snmp server enable traps l2 multicast change To configure to send L1 multicast TRAP messages config before command means it has configuration example description config port means the port configuration mode config link aggregation means the configuration mode of the aggregation group config vlan means VLAN configuration mode...

Page 193: ...ard unknown multicast packets on the VLAN If the multicast packets of the L2 table item are not found during L2 multicast forwarding called unknown multicast packets the multicast packets flood in the VLAN by default no snmp server enable traps l2 multicast change This command is used to configure to send the L2 multicast Trap messages The no format of the command is used to prohibit sending L2 mu...

Page 194: ... port information of the items in the table The member ports in the comprehensive table are transformed to physical ports through VLAN filtering and convergence group It is consistent with the forwarding table in the hardware Examples of Monitoring Commands For environment and configuration refer to L2 static multicast configuration example in the section of L2 static multicast application example...

Page 195: ... 1 and port 0 5 Debug Commands Command Description no debug l2 mcast event To enable disable L2 multicast public event switch and display the events of the L2 multicast public modules no debug l2 mcast entry To enable disable L2 multicast public software item switch and display the debugging information of the L2 multicast public software items no debug l2 mcast l2mc To enable disable L2 multicast...

Page 196: ... map 0 1 00 48 07 Multicast group num increased to 1 on port 0 1 00 48 07 Try to add L2MC 2 0100 5E00 010C entry 00 48 07 AG Port Map 0 1 00 48 07 AP Port Map 0 1 00 48 07 Try to update L2MC entry 2 0100 5E00 010C 00 48 07 Update L2MC 2 0100 5E00 010C entry ports succeeded 00 48 07 Process result is Port map change for L2 multicast entry update To add member ports update the L2 multicast forwardin...

Page 197: ...o the physical port config mcast link aggregation _LINKAGGREGATION_ member forbidden To configure the aggregation group member ports of an L2 static multicast item or aggregation group forbidden ports Here the port refers to the logical port of an aggregation group config mcast no link aggregation _LINKAGGREGATION_ all To delete an aggregation group of an L2 static multicast item or all forbidden ...

Page 198: ...e port list member Member mode forbidden Forbidden mode all All non convergence mode Default status No port configurations of static multicast item The port command can be executed on the physical port list link aggregation _LINKAGGREGATION_ member forbidden This command is used to configure an aggregation group as the aggregation group member port or aggregation group forbidden port of a static m...

Page 199: ...and PC3 are connected via port 0 1 port 0 2 and port 0 3 Ports 0 0 0 3 belong to VLAN2 Each port is access mode UNTAG is added to VLAN 2 Port 0 1 is configured as the member port of the L2 multicast 2 vlan 0100 5E00 010C multicast MAC port 0 2 is configured as the forbidden port of the L2 multicast 2 vlan 0100 5E00 010C multicast MAC The configuration of L2 static multicast is not done on port 0 3...

Page 200: ...5E00 010C vlan 2 To configure L2 multicast 2 0100 5E00 010C table switch config mcast port 0 1 0 4 member To configure port 0 1 and 0 4 as the member ports of the table switch config mcast link aggregation 1 member To configure aggregation group 1 as the member port of the table switch config mcast port 0 2 forbidden To configure port 0 2 as the forbidden port of the table switch config mcast exit...

Page 201: ... the item port 0 2 is the forbidden port of the item Debugging Commands Command Description no debug l2 mcast static event To enable disable the L2 static multicast switch and display the even debugging information of the L2 static multicast no debug l2 mcast static all To enable disable all the debugging switches of the L2 static multicast Debugging Command Examples For environment and configurat...

Page 202: ...at the local via monitoring IGMP packets In this way only the multicast packets of the specified group are sent to the downstream port of the multicast group when the multicast packets are received Besides IGMP Snooping is responsible for forwarding IGMP packets IGMP Snooping has close relationship with IGMP Originally IGMP Snooping is used to maintain multicast group information when IGMP does no...

Page 203: ...r query interval interval no ip igmp snooping vlan vlan id last member query interval To configure the interval of the last member query timer config ip igmp snooping vlan vlan id querier no ip igmp snooping vlan vlan id querier To configure whether to enable querier globally or in a VLAN config ip igmp snooping vlan vlan id querier address ip address no ip igmp snooping vlan vlan id querier addre...

Page 204: ...nooping vlan vlan id timer router port expiry To configure the aging time of dynamic uplink port config ip igmp snooping vlan vlan id timer report port expiry timeout no ip igmp snooping vlan vlan id timer report port expiry To configure the aging time of dynamic report port config Command Description Configuration Mode ip igmp profile profile number no ip igmp profile profile number To create del...

Page 205: ...id last member query interval interval This command is used to configure the query interval of IGMP leave The no form of the command is used to recover the default value Syntax Description vlan id VLAN ID and the value range is 1 4094 interval The interval and the value range is 100 5000 Default status The default value is 1000 that is 1s ip igmp snooping vlan vlan id querier This command is used ...

Page 206: ...ng vlan vlan id querier query interval interval This command is used to configure the query interval of querier globally or in a VLAN The no form of the command is used to recover the default value Syntax Description vlan id VLAN ID and the value range is 1 4094 interval The query interval and the value range is 1 18000 Default status The default value is 125s ip igmp snooping vlan vlan id querier...

Page 207: ...eout The timeout and the value range is 60 300 Default status The default value is 255s ip igmp snooping vlan vlan id querier version version This command is used to configure the querier version globally or in a VLAN The no form of the command is used to recover the default value Syntax Description vlan id VLAN ID and the value range is 1 4094 version The version and the value range is 1 2 Defaul...

Page 208: ...onfigure the times of general queries after TCN event Syntax Description count The times and the value range is 1 10 Default status The default value is 2 times ip igmp snooping tcn query solicit This command is used to configure that when the switch is not the spanning tree root it still sends global IGMP leave packets actively in the TCN event to speed up the recovery from TCN Default status By ...

Page 209: ...mmand is used to recover the default value Syntax Description vlan id VLAN ID and the value range is 1 4094 timeout The aging time and the value range is 60 300s Default status The default value is 260s ip igmp profile profile number Enter the configuration mode of the filtering rule If the rule does not exist create it first The no form of the command is used to delete a filtering rule Syntax Des...

Page 210: ...mmand is used to restrict the maximum number of the multicast groups to which the port or aggregation port can be added The no form of the command is used to cancel the restriction Syntax Description number The maximum number and the value range is 0 500 Default status The default value is 500 This configuration is not for the router ports ip igmp max groups action deny replace This command is use...

Page 211: ...serve the multicast data with multicast address as 224 1 1 1 Host B sends IGMP report packets to reserve the multicast data with multicast address as 224 1 1 1 IGMP snooping maintains a multicast forwarding table on the switch The multicast data sent from source multicast reaches the switch via the router The switch sends the multicast packets to port 0 2 and 0 3 after searching in the multicast t...

Page 212: ...oring Commands Command Description show ip igmp snooping vlan vlan id To display the IGMP snooping configured globally or in a VLAN show ip igmp snooping groups vlan vlan id count To display the member port information of the multicast group or group number statistics show ip igmp snooping mrouter vlan vlan id To display the router port information show ip igmp snooping querier vlan vlan id To dis...

Page 213: ... display the global configuration and then the configuration in VLANs To enable IGMP snooping globally To enable the report suppression To disable speeding up the recovery from TCN The multicast flood time after TCN event The query interval of IGMP leave is 1s IGMP version is 2 Current protocol status enabled The aging time of dynamic router port The aging time of dynamic multicast member port swi...

Page 214: ...interval sec 125 max response time sec 10 querier timeout sec 255 tcn query count 2 tcn query interval 31 Vlan 1 querier configuration admin state Disabled admin version 2 source IP address 0 0 0 0 query interval sec 125 max response time sec 10 querier timeout sec 255 tcn query count 2 tcn query interval 31 operational state Disabled operational version 2 Vlan 2 querier configuration admin state ...

Page 215: ...uerier FsmStatus Non Querier Query source address 128 255 44 53 Uplink port port 0 5 Status flag IGMP snooping is enabled non querier Status machine non querier mainly used for programming switch show ip igmp snooping egress_table Displayed Result Vlan MAC PortList 2 0100 5E00 0000 port 0 1 2 0100 5E00 0001 port 0 1 2 0100 5E00 0002 port 0 1 2 0100 5E00 0003 port 0 1 2 0100 5E00 010B port 0 1 Desc...

Page 216: ... Analysis ip igmp snooping ip igmp snooping vlan 2 static 224 0 1 11 port 0 1 ip igmp snooping vlan 1 ip igmp snooping vlan 2 ip igmp profile 1 permit range 225 0 0 0 225 0 0 50 exit ip igmp profile 2 range 225 0 0 2 225 0 0 6 exit To enable IGMP snooping globally Port 0 1 in VLAN2 is statically added to multicast group 224 0 1 11 To enable IGMP snooping in VLAN 1 To enable IGMP snooping in VLAN 2...

Page 217: ... Debugging Command Examples switch debug ip igmp snooping config switch config no ip igmp snooping Displayed Result Description and Analysis Enter configuration commands one per line End with CNTL Z 00 31 55 IgmpSnoop find vlanIf id 1 00 31 55 IgmpSnoop set vlan 1 snooping disable sucessfully 00 31 55 IgmpSnoop find vlanIf id 2 00 31 55 IgmpSnoop set vlan 2 snooping disable sucessfully 00 31 55 Ig...

Page 218: ... multicast VLAN the multicast flow can be sent to users continuously Basic Commands Command Description Configuration Mode mvr enable disable To set whether to enable MVR config no mvr vlan vlan id To set cancel a VLAN as multicast VLAN config before command means it has configuration example description Config refers to the global configuration mode mvr enable disable This command is used to set ...

Page 219: ... with host B port 0 2 in tagged mode is added to VLAN3 and PVID is 3 port 0 3 in untagged mode is added to VLAN4 and PVID is 4 Port 0 1 on the switch is added to VLAN2 in tagged mode port 0 2 and 0 3 are added to VLAN2 in untagged mode set VLAN 2 as the multicast VLAN Enable MVR and enable IGMP Snooping globally The multicast packets from the multicast source can be received by host A and host B ...

Page 220: ...n 2 untagged Switch config port 0 3 port hybrid pvid vlan 4 Switch config port 0 3 exit Port 0 2 is added to VLAN 2 and VLAN 3 in untagged mode set PVID as VLAN3 port 0 3 is added to VLAN2 and VLAN 4 in untagged mode set PVID as VLAN 4 Switch config mvr vlan 2 To set VLAN2 as the multicast VLAN Switch config mvr enable To enable MVR Switch config ip igmp snooping To enable IGMP Snooping globally M...

Page 221: ... 21 03 MVR del multicast vlan id 2 successfully 00 21 03 MVR call portVlanDependDel to clear vlan id 2 MVR tag 00 21 03 MVR notifyCall event MVR_DEL_VLAN vlanId 2 successfully Cancel the setting of multicast VLAN When MVR is enabled the multicast VLAN record is deleted the MVR attributes of the VLAN are removed from the function referencing the VLAN module send notify to inform the event of deleti...

Page 222: ... or no user access The result of authentication depends on changes of the port status This is the simplest solution to realize the authentication among various authentication technologies The EAP protocol used by 802 1X only defines the means of communication authentication information but doesn t define a concrete authentication mechanism The authentication mechanism can be selected flexibly incl...

Page 223: ... Signamax series switches not only support the standard 802X protocol but also expand and optimize it to meet various application demands It supports multiple user access via one port The standard 802 1X protocol is realized based on the port which means as long as one user of the port is authenticated successfully other users can use the network sources without authentication When the user is off...

Page 224: ...ng function the assigned VLAN information is included in the authorization information The device adds the port to the assigned VLAN We call the assigned VLAN as the Auto VLAN If the RADIUS server authentication information doesn t have the assigned VLAN information the attributes of the port VLAN are not changed after the authentication is passed If RADIUS server authentication information has th...

Page 225: ...ult VLAN that is Guest VLAN before it passes the 802 1X authentication Users can access the resources of that VLAN without authentication but cannot access other network resources after the authentication is passed the port leaves the Guest VLAN and the user can access other network resources Users obtain 802 1X client software from the Guest VLAN to upgrade the client or execute other application...

Page 226: ...gn any VLAN the port leaves the Guest VLAN and joins the Config VLAN If the user goes offline the port joins the Guest VLAN The Auto Vlan and Guest Vlan only take effect in the ACCESS port authentication mode They are invalid in the other authentication modes Configure 802 1X The contents are Command description Configuring 802 1X Enable and disable 802 1X Configure maximum number of users support...

Page 227: ...t config port config port range config link aggregation x dot1x eap relay enable disable To enable disable EAP relay of the port config port config port range config link aggregation x dot1x guest vlan vlanId To configure port guest vlan config port config port range config link aggregation x dot1x default To recover dot1x default configuration of the port config port config port range config link...

Page 228: ...unction on a port dot1x port control enable disable Syntax Description enable To enable 802 1X disable To disable 802 1X Default status disable dot1x port method This command is to configure the authentication mode of 802 1X the port based authentication mode or the user based authentication mode dot1x port method portbased macbased Syntax Description portbased The port based authentication mode m...

Page 229: ... to disable the multicast trigger function Command for configuration dot1x multicast trigger Default status disable dot1x multicast period This command is used to configure interval for sending multicast packets of the port dot1x multicast period 5 3600 Syntax Description 5 3600 The interval second for sending multicast packets Default status 15s dot1x eap relay This command is to configure the EA...

Page 230: ...lient and the authentication server dot1x guest vlan This command is to configure the guest vlan of a port The no format of the command can be used to cancel the guest vlan of the port dot1x guest vlan vlanId Syntax Description vlanId The Vlan number Default status no The guest vlan of a port takes effect only in the Access based port portbased authentication mode the configuration doesn t take ef...

Page 231: ...format of the command is to disable the re authentication function dot1x reauthentication no dot1x reauthentication Default status enable re authentication dot1x eapol relay This command is to enable disable the EAPOL packet transparent transmission function of port dot1x eapol relay enable disable Syntax Description enable To enable the EAPOL packet transparent transmission disable To disable the...

Page 232: ...ail 1 10 Syntax Description 1 10 The maximum number of failures Default status 1 dot1x timeout re authperiod This command is to configure the re authentication time second of a port When a port is enabled with the re authentication it executes re authentication in the period of each time interval dot1x timeout re authperiod 1 3600 Syntax Description 1 3600 The re authentication time Default status...

Page 233: ...iet period 1 65535 Syntax Description 1 65535 Punishment time Default status 60 dot1x default This command is to return to the 802 1X default configuration of a port dot1x default Default status None This command disables the 802 1X function of a port ...

Page 234: ...the authentication server is in the VLAN 2 the Update Server is used for downloading and upgrading the client software is in the VLAN 10 the port 0 2 connects to Internet of the switch is in the VLAN 5 The switch configuration Command Description switch config port 0 1 To enter the port switch config port 0 1 dot1x port control enable To enable 802 1x switch config port 0 1 dot1x port method portb...

Page 235: ...nt Internet Vlan1 Port0 1 Vlan5 Port0 2 Vlan10 Port0 4 Vlan2 Port0 3 Switch Vlan 10 The port 0 1 is added into the Guest VLAN and the supplicant and update server are both in VLAN10 at the time The supplicant can access the Update Server and download the 802 1X client ...

Page 236: ...nternet Monitoring Maintaining Monitoring Commands Command Description show dot1x user portId To display the 802 1x user information of a specified port if no port is specified display all the user information show dot1x port portId To display the 802 1x configuration of a specified port if no port is specified display the 802 1x configuration of all ports the ports which are not configured with a...

Page 237: ... environment refer to Figure 11 3 View the user login authentication information via the command debug dot1x all Enable the command debug dot1x all switch debug dot1x all Displayed Result Analysis 00 44 18 802 1X DBG port 2 eapol frame recved mac 00 05 5d e4 0e 25 00 44 18 802 1X DBG port 2 eapol type eapol start 00 44 18 802 1X DBG user 00 05 5d e4 0e 25 was create 00 44 18 802 1X DBG port 2 vlan...

Page 238: ...5 5d e4 0e 25 85c2d040 00 44 18 802 1X DBG port 2 send eapol frame success 00 44 18 802 1X DBG port 2 eapol frame recved mac 00 05 5d e4 0e 25 00 44 18 802 1X DBG port 2 eapol type eapol eap 00 44 18 802 1X DBG port 2 eap realy disable eap type 4 00 44 18 802 1X DBG port 2 get user ip address 128 255 42 111 00 44 18 802 1X DBG port 2 25 authPaeSm enter AUTHENTICATING 00 44 18 802 1X DBG port 2 25 ...

Page 239: ...ser obtains from the DHCP server and MAC address of the user s host DHCP Snooping records MAC address of DHCP client end and the obtained IP address by listening the DHCP REQUEST and DHCP ACK broadcast packets received by a trustport The Administrator can view the information about IP addresses obtained from the DHCP client via command show dhcp snooping database Client obtains IP addresses from l...

Page 240: ...t obtains correct IP addresses The untrust port is a port that does not connect to a legal DHCP server If the responding DHCP ACK and the DHCP OFFER packets of a DHCP server are received from an untrust port the packets are discarded This prevents that the DHCP client obtains false IP addresses DHCP networking The interactive processes between packets of the DHCP Client and packets of the DHCP Ser...

Page 241: ...or VLAN can allocate According to different types of DHCP packets the processing modes for Option 82 are different 1 After the device receives a DHCP request packet the packet is processed according to Option 82 and the processing policy configured by users and the fill mode The processed packet is transmitted to the DHCP server 2 When a device is receiving a responding packet of DHCP server if th...

Page 242: ... 82 by default replace config dhcp snooping database timeout seconds To configure deleting time of invalid items in the binding table by default 300s config dhcp snooping relay address ip address The relay address config snmp server enable traps port shutdown dhcpsp To enable trap switch when DHCP Snooping function makes the port shutdown send trap alarms config no snmp server enable traps port sh...

Page 243: ...ntify the switch by default to fill the local MAC address dhcp snooping information format remote id STRING default hostname Syntax Description STRING User configured character string default By default to fill the MAC address hostname Local host name Default status default dhcp snooping information policy The command configures the transmitting policy of Option 82 in the DHCP packet dhcp snooping...

Page 244: ...rded If the packets received continuously in 20s exceed the rate then the corresponding port is shutdown directly and automatically recovers after 5 minutes It can also be configured to recover manually The rate limit configuration of a trust port does not take effect which means we can configure the rate limit but it is not performed on the port unless we change the status of the port into an unt...

Page 245: ...245 SIGNAMAX LLC www signamax eu Application Example Example of configuring DHCP Snooping ...

Page 246: ...e of Option 82 message as the user configuration mode switch config dhcp snooping information format remote id hostname To configure the remote ID as hostname switch config exit To exit the global configuration mode In the port configuration mode Command Description switch config port 0 4 0 10 To enter the port configuration mode and support that the port0 4 0 10 connects to the user network switc...

Page 247: ...st 88 default vlan mod port 0 5 untrust 88 default vlan mod port 0 6 untrust 88 default vlan mod port 0 7 untrust 88 default vlan mod port 0 8 untrust 88 default vlan mod port 0 9 untrust 88 default vlan mod port 0 10 untrust 88 default vlan mod port Description and analysis dhcp snooping status whether to enable dhcp snooping dhcp snooping information status whether to enable option 82 processing...

Page 248: ...e binding table After the binding relationship is dissolved the binding table is not deleted immediately but after the deleting time During the period if the client extends the lease time the items can be activated again without re allocate sources macAddr User MAC address ipAddr IP address requested by the user transtion id ID The transaction ID of the DHCP course vlan VLAN ID port The port for r...

Page 249: ...3 35 source mac 0005 5dd3 36c6 00 03 35 client mac 0005 5dd3 36c6 00 03 35 vlan Id 1 00 03 35 message type 1 00 03 35 add a database entry transtion id 2e22e229 Mac 0005 5dd3 36c6 00 03 35 Broadcast send vlanId 1 msgType 1 Receive a DICOVER message from port 0 7 add new dynamic binding item and broadcast the packers in the VLAN 00 03 35 Receive a dhcp message from port 0 1 00 03 35 dhcp snooping m...

Page 250: ... 00 03 35 Receive a dhcp message from port 0 1 00 03 35 dhcp snooping message decode 00 03 35 destination mac ffff ffff ffff 00 03 35 source mac 0000 006c 7d23 00 03 35 client mac 0005 5dd3 36c6 00 03 35 vlan Id 1 00 03 35 message type 5 00 03 35 Broadcast send vlanId 1 msgType 5 Receive an ACK response message from port 0 1 configure the dynamic binding item and broadcast it in the VLAN ...

Page 251: ...oadcast ARP and unicast ARP of the ports on which the functions are enabled to CPU for judging and comparing transmitting software and recording log etc it consumes CUP resources when the volume of ARP packets is large Therefore we suggested that do not enable the function by default When you suspect that an ARP spoofing attack exists in the network you can enable it to ensure and locate Devices d...

Page 252: ... and the log information is printed Basic Commands Command Description Config mode ip arp inspection To enable the Dynamic ARP Inspection function config port xx config link aggregation x no ip arp inspection To disable the Dynamic ARP Inspection function config port xx config link aggregation x ip arp inspection rate limit num To configure the number of ARP packet rate limitations config port xx ...

Page 253: ...nmp server enable traps arp inspection arp lawless drop To disable trap switch when ARP packets of the port are illegal do not send trap alarms config snmp server enable traps arp inspection arp log drop To enable trap switch when the log is lost send trap alarm config no snmp server enable traps arp inspection arp log drop To disable trap switch when the log is lost do not send trap alarm config ...

Page 254: ...level of a log record when the configuration is 9 only record to a log and do not print on the console interface ip arp inspection log level 0 11 Syntax Description 0 11 The level of a log record Default status 6 ip arp inspection log buffer This command is to configure the buffer size of a log that is the number of logs can be cached in a log ip arp inspection log buffer 0 1024 Syntax Description...

Page 255: ...255 SIGNAMAX LLC www signamax eu Syntax Description 0 86400 The DHCP packet with the Option 82 is discarded directly Default status 20s ...

Page 256: ... Dynamic ARP Inspection Command Description switch configure terminal To enter the global configuration mode switch config port 0 4 To enter the port configuration mode and suppose on the port 0 4 switch config port 0 4 ip arp inspection To enable the dynamic ARP inspection function on a port switch config port 0 4 ip arp inspection rate limit 22 The upper limit of the ARP rate on a port is 22 pps...

Page 257: ...cs for log recording Monitoring Command Example switch show ip arp inspection Displayed Result Description and Analysis Dynamic ARP Inspection information Dynamic ARP Inspection log buffer size 64 Log buffer size 64 Dynamic ARP Inspection log Interval 30 Log output interval 30s Dynamic ARP Inspection log Level 7 Log output level 7 Dynamic ARP Inspection port information port status rate limit pps ...

Page 258: ...hat the log is output and the record in the buffer is not aged switch show ip arp inspection log statistics Displayed Result Description and Analysis LogDropCount 27 The number of the logs which are discarded in the present output interval LogDropCountTotal 27 The number of the total logs which are discarded LogCount 149 The number of the log records in the present input interval LogCountTotal 149...

Page 259: ...7a99 6771 00 23 50 sender mac 1201 7a1a 6771 00 23 50 target mac 0000 0000 0000 00 23 50 sender ipAddr 128 255 19 107 00 23 50 target ipAddr 128 255 19 107 00 23 50 Drop an arp packet and log in buffer sender macAddr 1201 7a1a 6771 Receive an ARP request from port 0 7 The packet does not match the local items in the table so the packet is regarded as illegal and is discarded and a log is recorded ...

Page 260: ...ee binding modes the MAC binding the MAC IP binding and the MAC VID binding the IP rule can aim at one IP or a series of IPs the MAX rule can be used to limit the number of the maximum MAC addresses that learned freely by a port in order and this number doesn t include the legal MAC addresses generated by the MAC rule and the IP rule Configurations of the three rules are 1 MAC Rule MAC Binding con...

Page 261: ... If a MAC address or an IP address is denied the host cannot communicate even if the upper limit of the MAX is not reached Configure Port Security Contents of this section are Description of Commands for configuring port security Enable and Disable port security Configure MAC binding Configure MAC VLAN binding Configure MAC IP binding Configure IP rule Configure MAX rule Configure address aging ti...

Page 262: ...igure the IP rule of a port config port config port range config link aggregation x port security maximum 0 4000 To configure the MAX rule of a port config port config port range config link aggregation x port security aging time 0 86400 To configure the MAC address aging time of a port config port config port range config link aggregation x port security aging static To enable the static address ...

Page 263: ...plied by the rule vlan id The vlan number that is bound with the mac addressed Default status none port security permit deny mac address mac address ip addres This command configures the MAC IP binding rule of a port The no format of the command can be used to delete the rule port security permit deny mac address mac address ip address ip address no port security permit deny mac address mac addres...

Page 264: ...scription 0 4000 The number of the MAX rule s addresses Default status 0 port security aging time This command configures the address aging time second of a port The no format of the command can be used to configure it as 0s port security aging time 0 86400 no port security aging time Syntax Description 0 86400 Aging time 0 indicates do not age Default status 0 By default only the MAC addresses le...

Page 265: ...ecurity all Default status none Applying Port Security Example Switch Port 0 7 connects to the user network It is required that the host with MAC address 0005 5de4 0e25 is permitted to access at any time the host with MAC address 001f c627 3823 is forbid to access at any time Besides at most 100 hosts can access the port The switch configuration is as follows Command Description switch config port...

Page 266: ...ddress VID IP Addr ConfigType 1 port 0 7 deny 00 1F C6 27 38 23 MAC 2 port 0 7 permit 00 05 5D E4 0E 25 MAC Description and analysis Entry Port the port connected to the host Action the action deny permit connected to the host MAC address the MAC address of the host VID the corresponding Vlan Id IP Addr the IP address of the host ConfigType the type of the MAC rule You can see the two configured M...

Page 267: ...tch of the port Debugging Command Example View the rule matching information via the command debug port security Enable the command debug port security switch debug port security Displayed Result Analysis 01 02 14 PS DBG port 8 pkt recv mac 00 05 5d e4 0e 25 vlan 1 type 0806 01 02 14 PS DBG match with MAC_RULE 01 02 14 PS DBG action PERMIT 01 02 14 PS DBG adding a ARL entry mac 00 05 5d e4 0e 25 p...

Page 268: ...atch with MAC_RULE 01 06 15 PS DBG action DENY 01 06 15 PS DBG deleting ARL entry mac 00 1f c6 27 38 23 port 8 vlan 1 00 1f c6 27 38 23 The packet matches a MAC_RULE and the executed action is DENY Prohibit the user from accessing the network resources ...

Page 269: ...e port level monitoring the monitoring program gathers statistics of the packets to be processed by CPU Users discover the attacked port by statistical data enable the host level monitoring on the port and configure the upper limit value of various packets to be processed by CPU in a sampling period The packets exceeding the upper limit value from the host who initiates the attack are filtered in ...

Page 270: ...packets except the above four kinds The entirety of above all packets is total packet Configure Port Monitoring Basic Commands Command Description Config mode monitor sampling period 10 3600 To configure sampling period config monitor host inactive times 1 99 To configure host aging time config monitor permit tcp connecting ip address To configure list of hosts who permit to establish TCP connecti...

Page 271: ...or sampling period The command configures the sampling period second of port monitoring After the port monitoring is enabled it counts the packets to be processed by CPU in each period The no format of the command can be used to delete the configuration and recover the default value monitor sampling period 10 3600 no monitor sampling period Syntax Description 10 3600 Sampling period Default status...

Page 272: ... tcp syn The command enables and disables the TCP connection limit function of a port After enabling the function only the IP configured host can establish TCP connection to a switch via the port monitor restrict tcp syn enable disable Syntax Description Enable To enable TCP connection limit function Disable To disable TCP connection limit function Default status disable monitor protocol ether The...

Page 273: ...p pim on off no monitor protocol ip Syntax Description 0 255 ospf irmp pim IP header protocol value protocol name on To be monitored off Not to be monitored Default status see note By default protocol ospf 89 irmp 88 pim are not monitored Other protocols are monitored monitor protocol tcp udp The command is to configure the monitored and non monitored TCP UDP services destination port number The n...

Page 274: ...tored packets of other hosts are discarded The no format of the command can be used to delete the configuration monitor host limit number 1 9999 no monitor host limit number Syntax Description 1 9999 The maximum number of monitored hosts Default status no limit The configuration only takes effect when the host level monitoring is enabled monitor host limit The command is to configure maximum numbe...

Page 275: ...fault status no limit The configuration only takes effect when the host level monitoring is enabled snmp server enable traps monitor blacklist entry add This command is to enable the TRAP sending switch of the port monitoring After configuring the command the port monitoring sends the corresponding TRAP information when the host is added to the backlist The no format of the command is to disable t...

Page 276: ...erve which ports indicator lights are flashing The frequent flashing indicates that a great deal of packets are being sent or received Enable the port level monitoring on these ports Command Description switch config port 0 2 0 3 To enter the port switch config port range monitor enable To enable the port level monitoring Wait a moment and then observe the statistic information about the broadcast...

Page 277: ...host C initiated the attack on the switch Step3 Users can view the host who initiates the attack by displaying the blacklist switch show monitor blacklist Entry Port MAC Address Total Forward Broadcast Multicast Admin Other 1 0 3 00 03 4B 40 DB 0A BLACK Step4 Users can observe detailed situation of the host connected to each port switch config port 0 3 show monitor host broadcast packet Entry MAC ...

Page 278: ... VLAN to which the port belongs Currently 065 7434 Signamax 24 Port 10 100 L3 Switches support configuring isolated ports in the normal port mode and the aggregation port mode The configured isolated ports can be normal ports and aggregation ports The port isolation function realizes single directional packet discarding If enabling the port isolation function on port A and specifying port B Port C...

Page 279: ...ed port as an aggregation port CR To cancel all isolated ports Default status not defined When configuring an isolated port as a normal port which means a port users should ensure that the port is not added into an aggregation group or the isolation operation is failed If the port is added into an aggregation group users need to isolate the aggregation group to isolate the port instead of just iso...

Page 280: ...2 and port 0 3 connect with terminal 1 terminal 2 and terminal 3 The port 0 1 port 0 2 and port 0 3 belong to the same VLAN The above commands can be used to configure terminal 1 not to communicate with terminal 2 and terminal 3 065 7434 Signamax 24 Port 10 100 L3 Switch Configuration Command Description switch config port 0 1 To enter port configuration mode switch config port 0 1 isolate port po...

Page 281: ...red on specified port Monitoring Commands Example switch show isolate port port 0 1 Display results Port port 0 1 Isolate Port port 0 2 port 0 3 Description and analysis Port The port to be configured with port isolation Isolate Port the information about the isolated ports The above display indicates that port 0 1 isolates port 0 2 and port 0 3 that is the packets from port 0 1 to port 0 2 and po...

Page 282: ...on each interface to filter packets However this kind of detection is very limited The firewall function strengthens and adds some other detection mechanisms for this aspect The detection is not omnipotent not all such packets are legal and also it doesn t indicate that all detected packets are illegal The detection is processed in the following aspects 1 Whether the receiving interface is correct...

Page 283: ... whether to detect the pseudo source config if The symbol before the command description means that there is the configuration example to describe the command in details later firewall check pseudo address This command is to configure the pseudo address detection according to the interface firewall check pseudo address no firewall check pseudo address Command Description no To disable the pseudo s...

Page 284: ...xample to describe the command in details later ip icmp intercept ICMP flood this kind of attack occupies bandwidth by sending a great deal of ICMP packets to the target IP which causes the legal packets cannot arrive the destination When detecting count the number of the ICMP packets which are sent to the destination address the address of switch layer3 interface once the receiving frequency of p...

Page 285: ...smurf intercept list access list number access list name masklen number ip smurf intercept list access list number access list name masklen number Syntax Description access list number The access list number it can be a number among 1 to 1000 access list name The name of the access list which only supports the standard access list masklen The length of the destination network mask by default 24 ip...

Page 286: ...ictim s system But in fact the source address doesn t exist or is not online at that time so the responding ACK message cannot reach the destination The victim s system is full with this kind of half open connections and the resources are exhausted while the legal connection cannot be responded For this kind of attack we adopt a simple interception way threshold value interception Once the packet ...

Page 287: ...n config if clear scanprotect To clear the present scan information enable Note The symbol before the command description means that there is the configuration example to describe the command in details later scanprotect This command is to configure the scan detection function on an interface no scanprotect interval default interval value addr limit default max addr value port limit default max po...

Page 288: ... the threshold value of address scan is 10 the threshold value of port scan is 10 and ban time is 15 second clear scanprotect This command is to clear the information about scan detection clear scanprotect Syntax Description clear scanprotect To clear the information about the scan statistic Monitoring Debugging Monitoring Commands Command Description show scanprotect To display the scan detection...

Page 289: ...ere the information of the normal access list such as the filtering log the special packet detection and the pseudo source address detection is in the system log buffer When a log record is generated firstly send the prompt information to the log file or remote log system cache the following information in the local buffer temporarily and write the recording condition in the time interval per a pe...

Page 290: ...ssing information of each access list enable Note The symbol before the command description means that there is the configuration example to describe the command in details later show access list This command is to display the contents of the access list When there is no name and no number all access lists are displayed show access list access list number access list name audit Syntax Description ...

Page 291: ...g the filtering information of the access list The record comprises the information of the packet such as the source address the destination address the protocol type the port number and the receiving or sending interface Undebug can be used to cancel the view debug undebug ip packet access list Default status Disable that is undebug Monitoring Examples Display all access lists Command show access...

Page 292: ...39 Port 137 netbios ns the NETBIOS name service used by Samba in Linux Port 138 netbios dgm the NETBIOS data service used by Samba in Linux Port 139 netbios ssn the NETBIOS session service used by Samba in Linux Therefore to realize Netbios Samba filtering prohibit ports 137 138 and 139 of TCP UDP via ACL ...

Page 293: ...PAN Local SPAN supports the port mirroring on one switch All monitored ports and the destination port are on a same switch The local SPAN mirrors the data of one or more monitored ports to the destination port RSPAN Remote SPAN RSPAN supports that the monitored ports and the destination port are not on one switch It realizes the remote monitoring across network Each RSPAN Session bears monitoring ...

Page 294: ...ort can only be an individual physical port or link aggregation One monitoring port can be used in one SPAN session at the same time only Features of a destination port are A destination port is a common port or link aggregation A destination port cannot be a monitored port The type of RSPAN Destination Session destination port should be hybrid A destination port can join the STP computing A desti...

Page 295: ...e RSPAN vlan config monitor session session_number destination port port id link aggregation linkNum remote vlan vlan id To specify the destination port of the SPAN Session associate RSPAN Destination Session with RSPAN vlan config remote span To configure the vlan as the RSPAN VLAN VLAN mode The symbol before the command description means that there is the configuration example to describe the co...

Page 296: ...tion Copy the both or ingress or egress traffic of the monitored port By default both remote vlan vlan id To associate the RSPAN VLAN with the RSPAN Destination Session monitor session session_number destination This command is to create a SPAN destination port and associate the RSPAN VLAN with the RSPAN Source Session the no format of the command can be used to clear the configuration monitor ses...

Page 297: ...nput direction of port 0 1 to the destination port 0 20 Configure local SPAN session Command Description switch config no monitor session 1 To clear the existed configuration of the SPAN Session switch config monitor session 1 source port 0 1 rx To configure the monitored port and the type of the monitored traffic is rx switch config monitor session 1 destination port 0 20 To configure the destina...

Page 298: ...mode set it as the destination port and VLAN 800 as source VLAN Switch 1 Configure RSPAN VLAN Command Description switch config vlan 800 switch config vlan remote span To configure the RSPAN VLAN switch config vlan exit To exit the vlan mode Users need to add an idle port into the VLAN 800 The port should better be used specially for remote mirroring Command Description switch config port 0 10 To ...

Page 299: ... To enter port configuration mode switch config port 0 10 port mode hybrid To configure port mode as hybrid switch config port 0 10 port hybrid vlan 800 tagged To add the port to VLAN 800 in tag mode switch config port 0 10 exit Set the destination port mode as hybrid Command Description switch config port 0 1 To enter port configuration mode switch config port 0 1 port mode hybrid To set the port...

Page 300: ... and the destination port session_number Session id All display the information about all sessions Local local SPAN session Remote remote SPAN session Example switch show monitor session 1 Displayed result Displaying result Description and Analysis Session 1 SPAN Session name Type Local Session SPAN type Source Ports 0 1 Monitored port BOTH 0 1 Monitoring Type Destination Port port 0 2 Destination...

Page 301: ...e vlan vlan id To configure a switching interface config 1 The symbol before the command description means that there is the configuration example to explain the command 2 Configuration mode means the mode for executing the configuration command such as config config if xx interface name and config xx protocol name interface vlan The command configures a switching interface The no syntax of the co...

Page 302: ...302 SIGNAMAX LLC www signamax eu Default status no switching interface ...

Page 303: ...addressing fragmenting reassembling and disassembling of the IP packets As the network layer protocol IP processes address routing and controls the transmission of data packets Transmission Control Protocol TCP and User Datagram Protocol UDP are established on the IP layer It is a connection based protocol which provides the reliable data transmission service while UDP is connectionless protocol w...

Page 304: ...ress type Valid Ranges of IP address Explanation A 0 0 0 0 127 255 255 255 The network number 127 is used for loopback interface B 128 0 0 0 191 255 255 255 A host number whose bits are all 1 is used for a broadcast over its network C 192 0 0 0 223 255 255 255 A host number whose bits are all 1 is used for a broadcast over its network D 224 0 0 0 239 255 255 255 Class D addresses are used for Mult...

Page 305: ...ress features Supports the feature of class network addresses Supports subnetting features of network addresses Supports CIDR features of classless routing Allocates several IP addresses of different segments to a network interface Basic Commands for Configuring IP Addresses Command Description Configuration Mode ip address ip address mask To configure main IP address of an interface config if no ...

Page 306: ...atus Not defined 1 There may not be enough host addresses for a specified network segment For instance your subnet allows up to 254 host addresses for a logical subnet However your physical subnet has 300 actual host addresses Two logical subnets on the physical subnet can exist after introducing secondary IP addresses to a router or an access server 2 In the past many networks used Layer 2 bridge...

Page 307: ... mp2600 conf t mp2600 config interface Fastethernet0 mp2600 config if fastethernet0 ip address 128 255 255 1 255 255 0 0 mp2600 config if fastethernet0 ip address 129 255 255 1 255 255 0 0 secondary mp2600 config if fastethernet0 ip address 130 255 255 1 255 255 0 0 secondary Those assistant IP addresses configured for the same interface have priority according to their configuration time At the s...

Page 308: ...max packets Metric 0 MTU 1500 BW 100000 Kbps DLY 100 usec VRF global Reliability 255 255 Txload 1 255 Rxload 1 255 Ethernet address is 0001 7a01 f92e 5 minutes input rate 1000 bits sec 1 packets sec 5 minutes output rate 0 bits sec 0 packets sec 53213 packets received 185 packets sent 53033 multicast packets received 1 multicast packets sent 5 input errors 0 output errors 0 collisions 0 dropped Un...

Page 309: ...onfigure sending IP packet default ttl config ip option fragment ttl Configure distributing packet regrouping ttl config ip option recv checksum Configure whether to check IP packet of Interface config ip option send checksum Configure whether to send checksum of IP config show ip statistics Display IP layer statistics information enable debug ip packet Debug the IP layer packet information enable...

Page 310: ...s no ip redirects Default status By default the interface is permitted to send IP re direction Users can disable the IP of the interface to send IP re direction by the command no ip redirects Users can enable the IP of the interface to send IP re direction by the command ip redirects Permit Prohibit IP Receiving Redirection Message icmp redirect route The redirection packet of icmp can result in t...

Page 311: ...upper cache When there are packets sent down from the user layer and if the destination is the same each time and the route is UP the route in the cache can be used without searching the routing table Only one route which is the result of recently searching the routing table is stored in cache Execute the following commands in the global configuration mode ip upper cache no ip upper cache Default ...

Page 312: ...lt ttl time to live no ip option default ttl time to live default ip option default ttl Syntax Description time to live IP packet time to live and the value range is 1 255 Default status The default value is 64 The no command and default command are used to recover the default value Time to live is not the real time but the skip times of packets Tt1 is reduced by 1 every time going through a switc...

Page 313: ... and default command are used to recover the default value Enable IP recv checksum Configure the following command in global mode ip option recv checksum ip option recv checksum no ip option recv checksum default ip option recv checksum Default status By default recv checksum is enabled The no command is used to disable the option and the default command is used to renew the default value Enable I...

Page 314: ...agments 0 Number of the received fragment packets fragdropped 0 Number of packets discarded when fragment fragtimeout 0 Number of packets when fragmented overtime forward 0 Number of packets forwarded cantforward 1312 Number of packets that cannot be forwarded redirectsent 0 Number of redirected transmissions unknownprotocol 16 Number of packets with unknown protocols nobuffers 0 Number of packets...

Page 315: ...00 1c 9a f7 00 01 00 10 88 88 88 88 00 00 25 cf 03 41 53 0040 0f 03 00 04 88 88 88 88 03 41 53 Delivered The actions after the packets are sent to IP layer Syntax Description delivered Delivered to the transmission layer discarded Discarded and the discarding reason can be got by viewing the IP layer statistics forwarded Forwarded unforwarded Not forwarded and the reason can be got by viewing the ...

Page 316: ...able Note Note Note Note before command means it has configuration example description Configuring ICMP Options Subnet Mask Option Configure in global configuration mode ip mask reply ip mask reply no ip mask reply Default status The option is disabled by default Redirection Packet Option Configure in global configuration mode icmp redirect route icmp redirect route no icmp redirect route Default ...

Page 317: ...histogram output information echo reply 5 Number of replies Destination unreachable 16 The times of the unreachable destination 0 message with bad code fields The number of packets with bad code field 0 message minimum length 0 bad checksum The numbers of packets with bad checksum 0 message with bad length The numbers of packets with bad length Input histogram The input information echo reply 10 T...

Page 318: ...provides a highly reliable data transmission service between application programs Signamax switches support RFC793 RFC813 RFC879 RFC896 and RFC1122 The contents of this section are as follows Basic commands for configuring TCP Configure TCP attributes Display TCP statistics information ...

Page 319: ...ping alive times when the opposite terminal has no response config ip tcp path mtu discovery To set the TCP path MTU discovery config ip tcp timestamp To enable the TCP time stamp config ip tcp selective ack To enable the TCP selective retransmission config show ip tcpstate To display the TCP statistics information enable Note Note Note Note before command means it has configuration example descri...

Page 320: ...ansmits default ip tcp retransmits Syntax Description retransmits count TCP maximum retransmission times and the value range is 1 100 Default status The default value is 3 The no command and default command are used to recover the default value of the re transmission times Configure TCP max segment size ip tcp segment size ip tcp segment size segment size no ip tcp segment size default ip tcp segm...

Page 321: ...command and default command are used to recover the default value of the idle time Configure Timer Value ip tcp init timeout ip tcp init timeout init time no ip tcp init timeout default ip tcp init timeout Syntax Description init timeout TCP setting connection timer and the value range is 2 30000 Default status The default value is 150 and the unit is 0 5s The no command and default command are us...

Page 322: ...stamp Default status By default the TCP time stamp is disabled Enable TCP Selective Retransmission ip tcp selective ack ip tcp selective ack no ip tcp selective ack Default status By default the TCP selective retransmission is disabled Display TCP Statistics Information show ip tcpstate show ip tcpstate Default status Not defined For example The command show ip tcpstate provides the detailed TCP s...

Page 323: ...mber of completely duplicate packet byte 0 packet with some dup data 0 byte duped The number of partial duplicate packet byte 0 out of order packet 0 byte The number of out of order packets byte 0 packet 0 byte of data after window The number of the packets outside of the window byte 0 window probe The number of window probe packets 0 window update packet The number of window update packets 0 pack...

Page 324: ...times of persist timer timeout 0 keepalive timeout The times of keepalive timeouts 0 keepalive probe sent The number of keepalive probes 0 connection dropped by keepalive The number of connections dropped by keepalive 0 pcb cache lookup failed The times of examining protocol control module failure UDP Protocol The User Datagram Protocol UDP provides the basic service of data transmission between a...

Page 325: ...he default value is 30 The no command and default command are used to recover the default value of TTL Configure UDPAccepting recvbuffers Size ip udp recvbuffers ip udp recvbuffers buffer size no ip udp recvbuffers default ip udp recvbuffers Syntax Description buffer size UDP input buffer size and the value range is 1024 65536 Default status The default value is 41600 bytes The no command and defa...

Page 326: ...abled The no command and default command are used to recover the default value Display UDP Statistics Information show ip udpstate show ip udpstate Default status Not defined For example The command show ip udpstate is used to display detailed UDP statistics router show ip udpstate Statistics for the UDP protocol 32 total packets Total number of input and output packets 16 input packets Total numb...

Page 327: ...mand Show Ip Sockets can be used to display the usage situation of the TCP UDP connection used by the system and is helpful to troubleshoot show ip socket show ip socket Default status Not defined For example router show ip sockets Active Internet connections including servers PCB Proto Recv Q Send Q Local Address Foreign Address vrf state 8ab0205c TCP 0 0 129 255 19 220 23 129 255 19 119 1055 glo...

Page 328: ...the connection TCP or UDP Recev Q indicates the data received over the connection Send Q indicates the data sent over the connection Local Address indicated the local address and port number of the connection Foreign Address remote address and port number of the connection vrf The VRF to which tbe current socket belongs For TCP connection State indicates the TCP state ...

Page 329: ...ng the packet to the destination host Each router has a routing table which plays a key role in transmitting packets A routing table is created manually by network administrators or dynamically by exchanging route information with other routers Each item in a routing table comprises the network address the network mask the measurement standard for routing the using interfaces and the IP address of...

Page 330: ...ent next hops may exist These different routes can be the static routes configured manually or discovered by different route protocols The route whose priority is higher will be the optimum route Routes can be divided into the following two kinds depending on whether the router switching equipment is connected to the destination directly or not Direct route the network that the destination locates...

Page 331: ...evices but one or two static routes can be configured for special conditions The default route is a kind of special route through configuring the static route In a routing table the default route begins in the route format with network 0 0 0 0 mask 0 0 0 0 Via command show ip route user can see if it is configured When the destination address for receiving packets cannot match any items in the rou...

Page 332: ...t administration distance of the static route to 1 config static scantime interval To configure regular running time of static routing management config recursion To enable recursion function of static routing config no ip route vrf vrf_name 0 0 0 0 0 0 0 0 next hop ip address vrf vrf_name interface type interface number track track id administrative distance To delete one default routing enable s...

Page 333: ...terface number track track id administrative distance Syntax Description vrf_name The route which has the vrf_name attribute destination ip address The network address of the destination is dotted decimal notation format destination mask The network address mask of the destination is dotted decimal notation format next hop ip address The IP address of the next hop is dotted decimal notation format...

Page 334: ...f last resort is 0 0 0 0 to network 0 0 0 0 S 0 0 0 0 0 1 100 is directly connected 01 00 25 vlan1 C 127 0 0 0 8 is directly connected 01 30 22 lo0 C 128 255 60 0 22 is directly connected 01 30 11 vlan1 S 199 199 199 0 24 1 100 is directly connected 00 00 06 vlan1 The route record labeled with underline is the configured static route Other configuration example Command Description ip route 128 255...

Page 335: ...istration distance and its value is 1 255 DEFAULT DISTANCE To recover the default administration distance of the static route to 1 Default status The administration distance of the static route is 1 Scantime Command Under static routing mode use scantime command to configure period running time of static routing management task Use command of no scantime to recover default value of period running ...

Page 336: ... 0 0 0 next hop ip address vrf vrf_name interface type interface number administrative distance Syntax Description vrf_name The route which has the vrf_name attribute 0 0 0 0 The network address of the destination is 0 0 0 0 to all destinations dotted decimal notation format 0 0 0 0 The network address mask of the destination is 0 0 0 0 dotted decimal notation format next hop ip address The IP add...

Page 337: ...outer config ip routing 2 The no format of the command can be used to delete a default route Display Static Route After the configuration is completed to command show ip route static can be executed in the privileged user mode to display the information about the configured static route and default route Users can validate the effect of the configuration by viewing the displaying information Comma...

Page 338: ...leted the command debug ip routing can be executed in the privileged user mode to display the courses and status that the configured static route and default route be added into the system routing table and be deleted from the system routing table Users can validate the working status of the static route by viewing the displaying information Command syntax debug ip routing debug ip routing message...

Page 339: ...55 0 0 255 255 0 0 global 0 128 255 42 240 global 0 vlan1 tos 0 distance 1 cost 0 flags 0x2 0x0 mplskey 0 to rtable global 0 success Three static routings are added Configure RIP Dynamic Route The main contents of this section RIP introduction RIP basic commands Description of RIP basic commands RIP application examples RIP monitoring and debugging RIP Introduction RIP Routing Information Protocol...

Page 340: ...base and alarm percentage config rip config rip af neighbor ip address To configure to notify the neighbor switch of the route information via the unicast form config rip config rip af network network address interface To configure the direct connected network or interface covered by RIP config rip config rip af offset list access list name in out metric offset interface To configure RIP to modify...

Page 341: ... sent by RIP on the interface specify the version and format of the interface to send the packet config if xxx ip rip send packet To enable RIP to send packets on the interface config if xxx ip rip standby interface timeout timeout value To configure the standby interface of the RIP interface to speed up the convergence of the standby route config if xxx ip rip tag tag value Yo configure the route...

Page 342: ...at all the subnet routes in a nature segment are converged to a nature mask route when notifying outside The minimum metric in the converged routes serves as the metric of the converged route The route tag of the converged route is always 0 RIP v1 always enables the route auto summary function but does not support the host route When RIP v1 sends the default route 0 0 0 0 0 do not need to perform ...

Page 343: ...mand is used to recover the default value of the default metric of the RIP re distributing other routing protocol routes default metric metric value no default metric metric value Syntax Description metric value To configure the default metric of the RIP re distributing other routing protocol routes the value range is 1 16 Default status metric value 1 distance This command is used to configure th...

Page 344: ...igure the maximum next hops of the RIP payload balance When the next hops of the learned routes exceeds the maximum route next hops the learned new next hops replace the next hops that consume more than a half valid time The no format of the command is used to recover the default value of the maximum next hops of the RIP payload balance maximum paths max number no maximum paths max number Syntax D...

Page 345: ...x Description ip address To configure the IP address of the interface directly connected to the neighbor of notifying the route information in unicast form Default status No neighbor network This command is used to configure the direct connected network or interface covered by RIP Covering the interfaces is equivalent to covering all direct connected networks on the interface The notified route in...

Page 346: ... the default metric of the RIP route offset list access list name in out metric offset interface no offset list access list name in out metric offset interface Syntax Description access list name To configure the access list name used for selecting routes here only the standard access list is supported in To configure RIP to modify the learned route metric out To configure RIP to modify the notifi...

Page 347: ...the interface The no format of the command is used to cancel the suppression interface of RIP sending packets passive interface interface no passive interface interface Syntax Description interface To configure the name of the suppression interface of RIP sending packets Default status The suppression interface of RIP sending packets is not specified recv buffer size This command is used to config...

Page 348: ...atch metric match ip next hop and match ip route source The route map can set the parameters including set metric and set tag The no format of the command can be used to cancel RIP of re distributing the routes of other protocols redistribute protocol protocol id metric metric value route map route map name match route sub type no redistribute protocol protocol id Syntax Description protocol To co...

Page 349: ...s second and the value range is 5 2147483647 holddown interval The time of suppressing invalid route to be updated when the route becomes invalid because invalid times out enter the suppressing update status set the roite metric of the route table as 16 hops When the route is deleted from the database the route can be deleted from the route table In the suppressing update state the invalid route d...

Page 350: ...thentication mode Syntax Description text To configure the protocol packet authentication mode of RIP v2 on the interface as the text authentication mode md5 To configure the protocol packet authentication mode of RIP v2 on the interface as the MD5 encryption authentication mode Default status No protocol packet authentication Caution When performing MD5 authentication pay attention to the followi...

Page 351: ...se the configured password to authenticate The no format of the command is used to delete the protocol packet authentication password of RIP v2 on the interface ip rip authentication key 0 7 key string no ip rip authentication key Syntax Description 0 To configure the password of the packet authentication of RIP v2 in text mode on the interface 7 To configure the password of the packet authenticat...

Page 352: ...ication password chain of the protocol packet ip rip metric This command is used to configure the metric of RIP direct connected subnet on the interface The command only affects the metric of the direct connected subnet on the interface and does not affect the metric of the route learning The no format of the command is sued to recover the default metric of RIP direct connected subnet on the inter...

Page 353: ...ket to request the neighboring device to get all routes However the RIP protocol packet is the UDP packet which cannot be transmitted reliably and may be lost during the transmission so enable the timer to re transmit the route request packet per second until the route response packet is received or the re transmission times out The no format of the command is used to recover the default value of ...

Page 354: ... the command is used to disable sending RIP packets on the interface ip rip send packet no ip rip send packet Default status Enable sending RIP packets on the interface ip rip standby This command is used to configure the standby interface of the RIP interface to speed up the convergence of the standby route After the active interface is down the standby interface sends route request packet to the...

Page 355: ... connected subnet on the interface ip rip tag tag value no ip rip tag tag value Syntax Description tag value To configure the summary route of the RIP v2 address summary on the interface Default status There is no route tag ip split horizon This command is used to configure RIP to enable horizon splitting or poisoned reversion on the interface The horizon splitting and poisoned reversion are valid...

Page 356: ...ummary on the interface The no format of the command is used to cancel the address summary of RIP v2 on the interface ip summary address rip A B C D n no ip summary address rip A B C D n Syntax Description A B C D n To configure the summary route of the RIP v2 address summary on the interface Default status There is no address summary clear ip rip This command is used to clear the RIP process and ...

Page 357: ...ocol and enter the RIP configuration mode switch A config rip version 2 To configure the version of the RIP protocol as 2 switch A config rip network vlan 2 To configure the interface covered by RIP switch A config rip exit To exit the RIP configuration mode switch A config interface vlan 2 To enter the interface configuration mode switch A config if vlan2 ip address 10 1 1 1 255 255 255 0 To conf...

Page 358: ...s 10 1 1 2 255 255 255 0 To configure the IP address of the interface switch B config if vlan2 exit To exit the interface configuration mode switch B config interface vlan 1 To enter the interface configuration mode switch B config if vlan1 ip address 11 1 1 1 255 255 255 0 To configure the IP address of the interface switch B config if vlan1 exit To exit the interface configuration mode Example o...

Page 359: ...A configure terminal To enter the global configuration mode switch A config router rip To enable the RIP routing protocol and enter the RIP configuration mode switch A config rip version 2 To configure the version of the RIP protocol as 2 switch A config rip network vlan 2 To configure the interface covered by RIP switch A config rip network vlan 1 To configure the interface covered by RIP switch ...

Page 360: ... ip address 10 1 1 1 255 255 255 0 To configure the IP address of the interface switch B config if vlan2 exit To exit the interface configuration mode switch B config interface vlan 1 To enter the interface configuration mode switch B config if vlan1 ip address 12 1 1 1 255 255 255 0 To configure the IP address of the interface switch B config if vlan1 exit To exit the interface configuration mode...

Page 361: ...e To display the RIP interface information show running config router rip To display the RIP configuration information show ip route rip To display the RIP route information in the route table Monitoring Command Example For environment and configuration refer to Example of Configuring RIP Learning IPv4 Route show ip rip switch A show ip rip Displayed result RIP router VRF kernel serving for snmp a...

Page 362: ...w ip rip database switch A show ip rip database Displayed result Types N Network L Learn R Redistribute D Default config S Static config Proto C connected S static R RIP O OSPF E IRMP o SNSP B BGP i ISIS RIP routing database in VRF kernel Counter 3 T P Network ProID Metric Next Hop From Time Tag Interface 2 2 2 2 32 none 16 Garbage 03 57 Holdown off N C 10 1 1 0 24 none 0 0 vlan1 L R 11 0 0 0 8 no...

Page 363: ...id Tag the route tag Interface the next hop interface of the route Garbage the timeout time for deleting the route after the route becomes invalid delete the route when the time times out Holddown the timeout time of the route suppression the route cannot be updated before the time times out show ip rip statistics switch A show ip rip statistics Displayed result RIP statistics VRF kernel Protocol ...

Page 364: ...d Standby interface None RIP packets send Enable RIP packets send version v2 RIP packets receive Enable RIP packets receive version v2 Split horizon Enabled with Poisoned Reversed Joined RIPv2 multicast group Yes IP interface address 10 1 1 1 24 Description and analysis The result displays the running information of the RIP protocol interface show running config router rip switch A show running co...

Page 365: ...e core route table Debugging Information Command Description no debug ip rip all To enable disable all RIP debugging switches no debug ip rip events To enable disable the debugging switch of the RIP event no debug ip rip packet send recv detail interface To enable disable the debugging switch of sending receiving and processing RIP packets no debug ip rip route To enable disable the debugging swit...

Page 366: ...1 19 18 RIP 10 1 1 0 24 0 0 0 0 family 2 tag 0 metric 16 01 19 18 RIP 11 1 1 0 24 0 0 0 0 family 2 tag 0 metric 16 Send the all route update on the interface totally two routes are sent here 10 1 1 0 24 and 11 1 1 0 24 are the poison reversed routes 01 19 16 RIP RECV vlan1 Receive RESPONSE version 2 size 104 from 10 1 1 2 520 01 19 16 RIP 10 1 1 0 24 0 0 0 0 family 2 tag 0 metric 16 01 19 16 RIP 1...

Page 367: ...imes out check whether all routes in the database time out 00 30 09 RIP TIMER garbage Garbage timer processing Deleting timer of the route times out check whether all routes should be deleted from the database 00 30 09 RIP TIMER garbage Next garbage timer interval 133 The timeout time of the next route deleting timer is 133s 00 32 22 RIP TIMER garbage Garbage time out 11 1 1 0 24 Deleting the rout...

Page 368: ......

Page 369: ...Route re distribution The routes learned via any IP routing protocol can be re distributed to any other IP routing protocol It means that in one area OSPF can bring in RIP route and accordingly the OSPF route can be brought in by RIP Authentication The neighbors in one area support text authentication and MD5 authentication OSPF interface parameter configuration Configure the parameters on OSPF in...

Page 370: ...ion of the interfaces are managed by OSPF config ospf clear ip ospf process id process route redistribution statistics ifname neighbor if addr nbr id Re start OSPF process re calculate the OSPF route re distribute the outer routes clear the statistics information of the OSPF process reset the neighbor of one interface address enable auto cost reference bandwidth ref bandwidth Set the bandwidth to ...

Page 371: ... of OSPF adjacency status By default recording the change of the adjacency FULL status is enabled config ospf max concurrent dd max value The maximum number of the DD packets that one OSPF interface permits to exchange concurrently The default value is 2 config ospf neighbor ip address cost cost value poll interval interval value priority priority value Set the neighbor address set the neighbor on...

Page 372: ...h the OSPF protocol packets are not sent or received config ospf redistribute protocol protocol id metric metric value metric type type value tag tag value route map map name match route type Re distribute the routes generated by the specified routing protocols to the OSPF route domain You can specify the cost cost type route tag and route map mapping for the route config ospf refresh timer time v...

Page 373: ...ne area as nssa area the sub command can specify the parameter to generate the default route for NSSA area do not bring in outer route or summary LSA specify the role of NSSA area ABR when converting from type 7 LSA to type 5 LSA config ospf area area id range prefix range advertise not advertise The route summary between areas you can select notifying or not notifying when the area edge performs ...

Page 374: ...ss demand circut Enable the demand lines on the interface config if xx ip ospf disable all Make the interface not run OSPF config if xx ip ospf ip address hello interval interval value Set the interval of sending hello packets the unit is second config if xx ip ospf ip address message digest key key id md5 0 7 password Set the MD5 authentication key and password config if xx ip ospf mtu mtu value ...

Page 375: ...ptional Enable OSPF Process Similar to other routing protocols enabling the OSPF function needs to create an OSPF routing process specify the address range associated with the process and specify the area to which the address range belongs To finish these operations use the following commands router ospf This command is used to enable the OSPF protocol and create an OSPF routing process After conf...

Page 376: ...work command can make the OSPF process know The command can specify the interface to one area In the network command all interfaces that can match the address and wildcard mask pair are added to the specified area The 0 in the wildcard mask is the placeholder and 1 means matching at will Configure Basic Parameters of OSPF Interface OSPF realizes allowing modifying the parameters of the OSPF interf...

Page 377: ... the interface address then authentication mode of the interface and at last the authentication mode of the area to which the interface belongs ip ospf authentication key This command is used to configure the simple text password of the OSPF interface When the authentication mode is the text authentication use the password to perform the authentication The no format of the command is used to delet...

Page 378: ...key key id md5 0 7 password Syntax Description ip address When there are multiple interfaces addresses on one OSPF interface you can specify the MD5 authentication password for one interface address separately When the interface address is not specified it means that all addresses in the interface adopt the configured MD5 authentication password key id Configure the key id of the MD5 authenticatio...

Page 379: ... interval This command is used to set the interval for the interface to send the hello packets The default value depends on the network type of the interface For the broadcast and point to point network the default value is 10s for the NBMA and point to multipoint network the default value is 30s The no format of the command is used to recover the default value of the interval ip ospf ip address h...

Page 380: ...corresponding dead time is modified that is four multiples of the hello interval But if the dead time does not adopt the default value it is not four multiples of the hello interval modifying the hello interface does not affect the dead time Modifying the dead time does not affect the hello interval If two OSPF interfaces need to set up the neighboring relation the dead time must be consistent ip ...

Page 381: ...the MTU value when exchanging the DD packets Default status By default compare MTU value when exchanging DD packets ip ospf network This command is used to configure the network type of the OSPF interface The network types of the two neighboring OSPF interfaces must be consistent so that the OSPF routes can be expanded and learned correctly By default the network type of the OSPF depends on the ne...

Page 382: ...ting to the area The stub area is the area that cannot import the outer route information ABR generates a default route to the stub area The switch in the stub area reaches the destination out of the AS via the default route To reduce the number of the LSAs sent to the stub area you can configure the area stub no summary command on ABR to prevent the type 3 LSA from being sent to the stub area are...

Page 383: ...kbone area that is the area number cannot be 0 The stub area does not accept type 5 LSA that is outer LSA The command must be configured on all switches of the stub area so that the neighboring relation can be set up between switches area default cost This command is used to configure the default route cost of stub area or NSSA area The stub area or NSSA area brings in type 3 default route and the...

Page 384: ...te translate never translator role always candidate never Syntax Description area id The OSPF area ID default information originate Allow the NSSA area to generate the default route When the OSPF process is configured with the re distribution default route and if the NSSA area does not configure the command the default route cannot be brought to the NSSA area metric metric value Specify the metric...

Page 385: ... edge router and AS edge router can be configured to notify the summary route which specifies the range of the network serial numbers The route summary reduces the size of the link status database OSPF route summary includes the route summary between areas and outer route summary Configure the area range command on the area edge router the area edge router summarizes the routes in the configured s...

Page 386: ...OSPF link status database is reduced To summarize the outer routes use the summary address command The command summarizes the AS External LSA and generates only one summary ASE LSA for all LSAs in the segment ASBR only notifies the summary ASE LSA to the other switch summary address The summary address command is used to summarize the OSPF outer routes To make the command become invalid use the no...

Page 387: ...rval for the interface of the virtual connection The meanings of the interface parameters are consistent with those on the common OSPF interface The no format of the command is used to cancel the connection of the virtual connection area transit area id virtual link address authentication message digest null message digest key key id md5 key authentication key key hello interval seconds retransmit...

Page 388: ...tual connection cannot be set via the stub or NSSA area that is the transit area of the virtual connection cannot be stub or NSSA area Configure OSPF Demand Circuits The demand circuit is the network whose cost varies with the use The cost can be based on connection time and transmitted packet bits The typical demand circuits include ISDN circuit X 25SVC and dial up Even after the neighboring stat...

Page 389: ...mand circuit is not configured Note To enable the demand circuit between switches you can configure the command on the interface of only one side and also can configure the command on the interfaces of both sides The demand circuit can take effect in the point to point and point to multipoint interface mode Do not enable the function on the broadcast or NBMA network because the protocol packets ca...

Page 390: ...to divide the reference bandwidth The default reference bandwidth is 100M and the interface bandwidth depends on the bandwidth command in the interface configuration mode To modify the reference bandwidth use the following command auto cost reference bandwidth This command is used to modify the reference bandwidth used to calculate the OSPF cost The no format of the command is used to recover the ...

Page 391: ... 1 255 and the default value is 110 dist2 The management distance of the route between areas the value range is 1 255 and the default value is 110 dist3 The management distance of the outer route the value range is 1 255 and the default value is 150 Default status The management distance of the OSPF route is not configured and adopts the default value Configure Blocking Flooding LSA on OSPF Interf...

Page 392: ... no overflow database external ospfExtLsdbLimit ospfExitOverflowInterval Syntax Description ospfExtLsdbLimit Configure the maximum number of the allowed outer LSAs the value range is 0 4294967294 the default value is 0 which means infinite When the number of outer LSAs exceeds the value enter the database overflow state ospfExitOverflowInterval Configure the interval of trying to exit the database...

Page 393: ...redistribute protocol protocol id metric metric value metric type type value tag tag value route map map name match route type Syntax Description protocol Re distributed routing protocols including RIP OSPF ISIS IRMP BGP static static route and connected direct connected route protocol id The protocol process number some protocols have protocol process number such as IRMP The value range is 1 6553...

Page 394: ... cost of the protocol needs to be converted during re distribution If the cost of the re distributed route is not configured the cost of the non default route is 20 For the default route if it is learned via the static default route the default cost is 20 force to generate the default route the default cost is 1 Configure OSPF Route Filtering To filter some route information there are the followin...

Page 395: ...ription access list number The standard access list number the value range is 1 1000 access list nam The standard access list name routing protoco The routing protocol to be filtered process id The process number of the routing protocol some protocols do not have process number Default status The command is not configured area filter list For the route notification between the areas use the access...

Page 396: ...unction of the device the protocol needs to support graceful restart so that the route jitter and route black hole can be avoided after the device restarts or active standby switch The basic theory of OSPF graceful restart is The neighboring relation of the neighbor router and the restart router avoids flap during restart The neighbor router still keeps the protocol information and topology inform...

Page 397: ...command When there are many neighbors at the helper end the LSA update cannot be checked completely which may result in exiting the helper mode in advance Restart OSPF Process When it is necessary to clear all database neighbor status interface status and routes of the current OSPF process re start to run the OSPF to set up neighbors and calculate the route by using the following commands clear ip...

Page 398: ...itch A config ospf exit Switch A config int vlan1 Switch A config if vlan1 ip address 70 1 1 1 255 255 255 0 Configure the interface address Switch A config if vlan1 exit Switch B configuration Command Description Switch B configure terminal Switch B config router ospf 1 Set up the OSPF process Switch B config ospf network 70 1 1 0 0 0 0 255 area 0 Specify the corresponding OSPF interface and the ...

Page 399: ...iguration switch A can learn the route 30 1 1 0 24 switch C can learn the route 70 1 1 0 24 Configure OSPF Interface Parameters To perform the text authentication on the OSPF interface between switch A and switch B and configure hello time as 20 configure as follows The configurations of switch A and switch B must be consistent that is authentication mode password and hello interval must be consis...

Page 400: ...h need to configure area 1 as the stub area To configure MD5 authentication password on the interface the MD5 authentication passwords of the two inter connected interfaces must be the same Switch B configuration Command Description Switch B config router ospf 1 Enter the OSPF configuration mode Switch B config ospf area 1 authentication message digest Configure the switches in area 1 need MD5 aut...

Page 401: ... interface loopback5 Switch B config if loopback5 ip address 33 33 33 55 255 255 255 255 Configure the interface address Switch B config if loopback5 exit After the configuration area 0 generates one summary route between the 33 33 33 0 24 areas Configure Filtering Routes between OSPF Areas If some routes belonging to area 1 on switch B cannot be notified to other areas use the route filtering com...

Page 402: ... 44 32 out area 0 can learn only the route between 44 44 44 45 32 and 44 44 44 46 32 This is the filtering at the out direction The filtering at the in direction that is filter the routes notified from other areas for example configure the filtering in area 0 at the in direction is configured on the area edge router Switch B configuration Command Description Switch B config ip access list standard...

Page 403: ...5 255 255 100 1 1 10 Configure static routes Switch C config ip route 77 77 77 99 255 255 255 255 100 1 1 10 Configure static routes After the configuration switch A and switch b can learn the summarized outer route 77 77 77 0 24 Configure OSPF to Filter Outer Routes As shown in OSPF configuration example 1 there is the static route 88 88 88 88 on switch C To filter the static route during re dist...

Page 404: ...teway of last resort is not set O 26 26 26 26 32 110 2 via 70 1 1 2 00 02 24 vlan1 routes in the area O 30 1 1 1 32 110 2 via 70 1 1 2 00 02 24 vlan1 route between the areas OE 77 77 77 77 32 150 20 via 70 1 1 2 00 02 24 vlan1 outer routes Modify the distance of all OSPF routes Switch A configuration Command Description Switch A config router ospf 1 Enter the OSPF configuration mode Switch A confi...

Page 405: ...rea If switch C brings in outer routes it is NSSA LSA in area 1 to notify the outer route On switch B the NSSA LSA is converted to AS External LSA and is notified to area 0 For example Switch B configuration Command Description Switch B config router ospf 1 Enter the OSPF configuration mode Switch B config ospf area 1 nssa Configure area 1 as NSSA area Switch B config ospf exit Switch C configurat...

Page 406: ... Switch C is 60 1 1 1 configure the two switches as follows Switch B configuration Command Description Switch B config router ospf 1 Enter the OSPF configuration mode Switch B config ospf area 1 virtual link 60 1 1 1 Specify to set up the virtual connection to the peer end 60 1 1 1 via the transmission area 1 Switch B config ospf exit Switch C configuration Command Description Switch C config rout...

Page 407: ... packets show ip ospf process id database max age lsa type self originate adv router ip addr link state id summary Display OSPF link status database information You can specify the link status type via the Router ID of router and link id of the link status The types of the link status include Router LSA Network LSA Summary LSA ASBR summary LSA AS External LSA NSSA External LSA Opaque Link LSA Opaq...

Page 408: ...rf vrf name host usr pwd filename Syntax Identification character of more expanding sub command begin _LINE_ Display from the specified character string include context _LINE_ Only display the contents that contain the specified character string exclude _LINE_ Display the contents that do not contain the specified character string redirect file filename Copy the displayed contents to the specified...

Page 409: ...r ID for backup 70 1 1 1 Interface Address 70 1 1 1 Specify the IP address of the router interface for backup 70 1 1 1 Timer intervals configured Hello 10 Hello interval 10s Dead 40 Dead time 40s Wait 40 Retransmit 5 Hello due in 00 00 04 Neighbor Count is 1 Adjacent neighbor count is 1 Crypt Sequence Number is 0 Hello received 6 sent 11 DD received 3 sent 4 LS Req received 1 sent 1 LS Upd receive...

Page 410: ...nd messages debug ip ospf packet dd detail hello ls ack ls request ls update recv send Track the receiving and sending of the packets Hello hello packets dd database description abstract packets ls request link status request packets ls update link status update packets ls ack link status update response packets debug ip ospf route ase ia install spf The calculation process of track route table as...

Page 411: ...belongs to broadcast type the sent packets are multicast packets 00 52 23 OSPF RECV Hello From 70 1 1 2 via vlan1 70 1 1 1 70 1 1 2 224 0 0 5 00 52 23 OSPF NFSM vlan1 70 1 1 1 0 0 0 0 Start 00 52 23 OSPF NFSM vlan1 70 1 1 1 70 1 1 2 Down HelloReceived 00 52 23 OSPF NFSM vlan1 70 1 1 1 70 1 1 2 Status change Down Init 00 52 23 OSPF NFSM vlan1 70 1 1 1 70 1 1 2 Init 2 WayReceived 00 52 23 OSPF NFSM ...

Page 412: ...0 1 1 1 70 1 1 2 70 1 1 1 00 52 23 OSPF NFSM vlan1 70 1 1 1 70 1 1 2 Exchange ExchangeDone 00 52 23 OSPF NFSM vlan1 70 1 1 1 70 1 1 2 Status change Exchange Loading 00 52 23 OSPF SEND DD To 70 1 1 2 via vlan1 70 1 1 1 Begin to exchange DD packets after exchanging DD packets the neighbor status changes from Exchange to Loading 00 52 23 OSPF SEND LS Req To 70 1 1 2 via vlan1 70 1 1 1 00 52 23 OSPF R...

Page 413: ... 1 1 2 via vlan1 70 1 1 1 70 1 1 2 224 0 0 5 00 52 32 OSPF IFSM vlan1 70 1 1 1 IfIndex 1 Hello timer expire 00 52 32 OSPF SEND Hello To 224 0 0 5 via vlan1 70 1 1 1 00 52 33 OSPF RECV Hello From 70 1 1 2 via vlan1 70 1 1 1 70 1 1 2 224 0 0 5 00 52 33 OSPF NFSM vlan1 70 1 1 1 70 1 1 2 Full HelloReceived 00 52 33 OSPF NFSM vlan1 70 1 1 1 70 1 1 2 nfsm_ignore called 00 52 33 OSPF NFSM vlan1 70 1 1 1 ...

Page 414: ... apply ACL in Signamax S34xx switch including global object VLAN object and port object Global object refers to the switch and the ACL takes effect on all packets entering the switch VLAN object refers to a VLAN configured on the switch and the ACL takes effect on all packets entering the VLAN Port object refers to the port or aggregation port on the switch and the ACL takes effect on all packets ...

Page 415: ... with action group to indicate what actions should be taken for the matched packets Traffic control is abstracted as a kind of action Reference the Traffic Meter in the configuration parameters of action groups according to the names The configurations related with ACL function of Signamax S34xx switches include action group configuration traffic meter configuration and time range configuration wh...

Page 416: ...ule it is not mandatory to specify the serial number of the rule When the serial number of a rule is specified the new rule is added to the appropriate place of the access list according to the serial number when the serial number is not specified the new rule is added to the end of the access list and the system automatically assigns a serial number to the rule The step length is 10 ACL Classific...

Page 417: ...ndard access list number access list name To configure the standard access list config sequence permit deny any source source wildcard host source time range time range name action group action group name To configure one rule config std nacl sequence remark comment To configure the comment of an access list config std nacl The symbol before the command description means that there is the configur...

Page 418: ...d Source IP address and wildcard host source A source host address time range time range name To specify the time range within which the rule takes effect action group action group name To specify the action taken after the rule is matched remark comment To configure a comment indicating that the rule does not take part in the matching and only takes part in the comment and separation of the rules...

Page 419: ... access list including all the rules in it no ip access list standard access list number access list name permit deny This command is to configure the rules of a permit or deny IP standard access list sequence permit deny any source source wildcard host source time range time range name action group action group name Syntax Description sequence The serial number of a rule permit If the conditions ...

Page 420: ...nt and separation of the rules Configuration mode Configuration mode of IP standard access list Default status By default no access lists and rules are configured The no format of the command is to delete a comment no sequence no sequence remark comment Application Example Set up standard access list 2 defining three rules It permits the packet from the host with IP address as 92 49 0 3 on the sub...

Page 421: ...ording to IP protocol number source IP address destination IP address source TCP UDP port number destination TCP UDP port number packet priority TCP tag and IP segment tag and performs the corresponding processing on the packets IP extended access list defines more abundant exact and flexible contents than IP standard access list Basic Commands Command Description Config Mode access list To config...

Page 422: ...nded access list The value range is 1001 2000 permit If the conditions are matched the access is permitted deny If the conditions are matched the access is denied protocol The matched protocol The following values can be configured 0 255 The value of the protocol number icmp Specifies Internet error and control packet protocol ICMP igmp Specifies the Internet group management protocol IGMP ip Spec...

Page 423: ... can be configured 0 63 The value of the distinguished service code point af11 10 af12 12 af13 14 af21 18 af22 20 af23 22 af31 26 af32 28 af33 30 af41 34 af42 36 af43 38 cs1 8 cs2 16 cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 ef 46 default 0 operator Port comparison One of the following can be chosen eq The packets that match a port wildcard Wildcard matching source port source port wildcard To specify th...

Page 424: ...ation mode Default status By default no access lists and rules are configured The no format of the command is to delete an access list including all the rules in it no access list access list number The supported TCP UDP well known ports in ACL are as follows Protocol Port Name Definition Actual Value TCP bgp Border Gateway Protocol 179 chargen Character generator 19 daytime Daytime 13 discard Dis...

Page 425: ...etbios dgm NetBios datagram service 138 netbios ns NetBios name service 137 netbios ss NetBios session service 139 non500 isakmp Internet Security Association and Key Management Protocol 4500 ntp Network Time Protocol 123 pim auto rp PIM Auto RP 496 rip Routing Information Protocol router in routed 520 snmp Simple Network Management Protocol 161 snmptrap SNMP Traps 162 sunrpc Sun Remote Procedure ...

Page 426: ...d access list sequence permit deny protocol source source wildcard operator source port source port wildcard destination destination wildcard operator destination port destination port wildcard ack fin psh rst syn urg precedence precedence tos tos dscp dscp time range time range name action group action group name Syntax Description sequence The serial number of a rule permit If the conditions are...

Page 427: ...et It has three kinds of expressing methods For details refer to the previous introduction to the expressing methods of IP addresses precedence precedence The IP priority of the packet The following values can be configured 0 7 The value of the IP priority critical 5 flash 3 flash override 4 immediate 2 internet 6 network 7 priority 1 routine 0 tos tos The service type The following values can be ...

Page 428: ...ng tag immediate sending tag reset tag synchronizing tag and emergent tag time range time range name To specify the time range within which the rule takes effect action group action group name To specify the action taken after the rule is matched Configuration mode Configuration mode of IP extended access list Default status By default no access lists and rules are configured The no format of the ...

Page 429: ...atistics of an IP access list show ip access list access list number access list name Syntax Description access list number The serial number of an IP access list The value range is 1 2000 access list name The name of an IP access list Configuration mode Privilege mode clear ip access list This command is to clear the packet matching statistics of an IP access list clear ip access list access list...

Page 430: ...dresses of Ethernet packets and performs the corresponding processing on the packets Basic Commands Command Description Configuration Mode access list To configure the access list config mac access list standard To configure the MAC standard access list config sequence To configure the serial number of the rule The value range is 1 2147483647 config std mac nacl permit To configure a permitted rul...

Page 431: ...nt To configure a comment indicating that the rule does not take part in the matching and only takes part in the comment and separation of the rules Configuration mode Global configuration mode Default status By default no access lists and rules are configured The no format is to delete an access list named after numbers including all the rules in it no access list access list number mac access li...

Page 432: ... source A source MAC host address time range time range name To specify the time range within which the rule takes effect Configuration mode Configuration mode of MAC standard access list Default status By default no access lists and rules are configured The no format of the command is to delete a rule It can only be the serial number of the rule and also can include the contents of the rule no se...

Page 433: ...ommand Description switch config mac access list standard 2001 To define MAC access list 2001 entering the configuration mode of MAC standard access list switch config std mac nacl 10 permit host 0005 5d5e 4129 To configure the rules of a MAC access list with serial number as 10 allowing the packets with source MAC address as 0005 5d5e 4129 to pass switch config std mac nacl exit Configure MAC Ext...

Page 434: ... type time range time range name access list access list number remark comment Syntax Description access list To configure the rules of an access list access list number The serial number of a MAC extended access list The value range is 3001 4000 permit If the conditions are matched the access is permitted deny If the conditions are matched the access is denied any Any address mac source mac sourc...

Page 435: ... value range is 3001 4000 access list name The name of a MAC standard access list Configuration mode Global configuration mode Default status By default no access lists and rules are configured The no format of the command is to delete a MAC extended access list including all the rules in it no mac access list extended access list number access list name permit deny This command is to configure th...

Page 436: ...t of the command is to delete a rule It can be the serial number of a rule and also can include the contents of the rule no sequence no sequence permit deny any mac source mac source wildcard host mac source any mac destination mac destination wildcard host mac destination ether type ether protocol type precedence priority vlan id vlan id number time range time range name remark This command is to...

Page 437: ...ist clear mac access list access list number access list name Syntax Description access list number The serial number of a MAC access list The value range is 2001 4000 access list name The name of a MAC access list Configuration mode Privilege mode router config port 0 5 exit Configure Time Range Usually users have the following similar requirements The PCs in a network segment can access the serv...

Page 438: ...ne time range can include 0 and multiple time periods The time range is the incorporate set of the time periods The command time range is to define the time range time range time range name Command Description time range To define the time range The command enters the configuration mode of the time range time range name The name of the time range If the time range name does not exist create a new ...

Page 439: ...e the contents of the time range no sequence no sequence periodic days of the week hh mm to days of the week hh mm Example Command Description router config time range periodic 8 00 to 17 30 8 00 to 17 30 of each day Or periodic daily 8 00 to 17 30 router config time range periodic weekdays saturday 8 00 to 17 00 Working days Monday to Friday and 8 00 to 17 00 of Saturday router config time range ...

Page 440: ...is to display the configuration and status of a time range show time range time range name Command Description show time range To display the configuration and status of a time range time range name The name of a time range If it is not specified all the time ranges are displayed Configuration mode Privilege mode Time Range Application The time range has two states including ACTIVE and INACTIVE Th...

Page 441: ...r example if the time range abc in the above example is not defined the ACL rule takes effect and telnet packets are permitted to pass Bind with a whole ACL The time range is bound with a whole ACL that is each rule of the ACL is bound with a same time range When using an ACL to perform packet matching first judge whether there is time range restriction and the status of the current time range If ...

Page 442: ...ds Command Description Config Mode set time range frequency To configure the refreshing period config set time range max offset To configure the maximum time offset config set time range enable To enable the time range function config set time range disable To disable the time range function config set time range frequency By default the period of refreshing the time range status is 1 minute The t...

Page 443: ...100s set time range disable enable The default status of the time range switch is enable The binding entity has the time restriction If the switch is disable the binding relationship is deleted and the binding entity is not restricted on the time For the ACL rule all time range name sentences are neglected and the rule always takes part in the packet matching for the access list the binding relati...

Page 444: ...ount To configure the counter config action group meter To configure the meter config action group mirror port To configure the mirror port config action group redirect port To configure the re directing port config action group remark l2 priority To configure L2 remark config action group remark l3 priority To configure L3 remark config action group The symbol before the command description means...

Page 445: ...ame The name of an action group access list number The serial number of an access list access list name The name of an access list Configuration mode Global configuration mode Default status By default the ACL is not bound with any action group The no format of the command is used to delete the binding of an action group and an ACL no action group action group name access list access list number a...

Page 446: ...he counting action that is do not count the matched packets no count meter This command is to configure the name of the referenced meter in the action group Configuring the metering action is to restrict the rate on the matched packets or label the packets The command supports configuring the un existing meter name After a new meter is configured it takes effect automatically The command traffic m...

Page 447: ...rmer is prior to the later and the configuration on the port does not take effect redirect port This command is to configure the action of re directing packets in an action group The configuration is to re direct the matched packets to a port redirect port port_name Command Description port_name The name of the re directing destination port Configuration mode Configuration mode of the action group...

Page 448: ...ponding to the reflection list configuration of 802 1p internal priority About the 802 1p internal priority please refer to the chapter of Qos configuration remark l2 priority cos queue_number dot1p internal priority priority_number tos_precedence dot1p priority_number tos_precedence internal priority priority_number tos_precedence Command Description dp drop_priority The discarding priority which...

Page 449: ...riority dp drop_priority drop priority is in the output direction of queue number at the ports The remarked packets enter different queues when being output The above mentioned internal priority is the priority used within the switch and does not modify the packet After being modified the internal priorities are mapped to different queues in the port output direction according to the configuration...

Page 450: ... packet TOS Configuration mode Global configuration mode Default status By default no L2 modifying action is configured in the action group The no format of the command is used to delete the modifying action that is do not modify the matched packets no remark l3 priority Configure Meter To support the packet traffic control function you can specify a traffic meter name in the action group One traf...

Page 451: ... traffic meter traffic meter name Command Description traffic meter To define a traffic meter The command enters the configuration mode of the traffic meter traffic meter name The name of the traffic meter If the traffic meter name does not exist create a new one Configuration mode Global configuration mode Default status By default no traffic meter is configured The no format of the command is us...

Page 452: ... CR Command Description meter action red yellow drop The traffic meter discards the colored packets meter action red yellow trasmit remark dot1p priority_number CR remark dp priority_number CR remark 1p priority_number CR remark dscp dscp_number CR CR The traffic meter remarks the colored packets remark dot1p priority_number To remark the priority field in the L2 TAG of the packet as priority_numb...

Page 453: ...uration of the traffic meter mode no meter mode Apply ACL to Object After an access list is created it can be applied on one or more objects to realize the function of filtering ACL packets For Signamax S34xx switches the access list can be applied only at the input direction of the objects The objects include port object global object and VLAN object The configured ACLs on all objects may have co...

Page 454: ...stricting its flow as 5Mbps The ACL on VLAN1 allows the packets with IP address as 1 1 1 1 to pass and is configured with action of restricting the flow as 1Mbps In this situation the minimum speed in the packet channel takes effect and the speed is restricted as 1Mpbs Because of the hardware limitation the actual flow of multi level speed restrictions is smaller than the minimum restricted speed ...

Page 455: ...on means that there is the configuration example to describe the command in details later ip access group This command is to apply the IP access list at the input direction of the port objects ip access group access list number access list name in Syntax Description ip access group To bind an IP access list on the interface access list number The serial number of an IP access list The value range ...

Page 456: ...tion of the port object mac access group access list number access list name in Syntax Description mac access group To bind a AMC access list on the Ethernet interface access list number The serial number of a MAC access list The value range is 2001 4000 access list name The name of a MAC access list in The input direction Configuration mode Port configuration mode Default status By default the po...

Page 457: ... format of the command is to cancel the application of an IP access list on the global object no global ip access group access list number access list name in Example Apply IP extended access list 1001 at the input direction of the global objects Command Description router config port 0 5 global ip access group 1001 in To apply an extended access list 1001 at the input direction of global objects ...

Page 458: ... The displaying content includes meter mode and the disposing mode of the meter to the colored packet show acl object port port name vlan vlan number global To display all ACL configurations or ACL configurations which are appointed by the objects Monitoring Command Example show access list switch show access list Displayed result ip access list standard 1 10 permit any time range tr1 active actio...

Page 459: ...The name of the access list is 1001 and it has only one rule An Action group named test is bound to the access list The test action group is bound to all the permit rules which do not specify action group in the access list The test action group is configured in the system so the status of the test action group on the rule is displayed as active mac access list standard 2001 20 permit host 0111 01...

Page 460: ...domain named tr1 Rule 10 is active only when the trl is active Rule 20 matches the packet with source MAC as any protocol type as 0x0800 priority as 7 and VLAN number as 911 The tr2 bound to the rule is in the inactive state Therefore the rule 20 is not effective now switch show access list 3001 Displayed result mac access list extended 3001 10 permit host 0111 0111 0111 any ether type 0x0800 prec...

Page 461: ...domain the time domain is in the active state absolute start 14 28 12 march 2008 end 14 28 12 march 2009 active It is the absolute time configuration The starting time of the period is 14 28 on May 12 2008 and the ending time is 14 28 on May 12 2009 active means the current time is the time period 20 periodic daily 09 00 to 18 00 active It is the period configuration The starting time of the perio...

Page 462: ...and analysis action group act1 the name of the action group is act1 remark l2 priority lp 5 remark L2 priority and the internal priority is remarked as 5 remark l3 priority dscp 10 remark L3 priority and the value of DSCP is remarked as 5 count red yellow count the red and yellow packets colored by the meter meter mt1 inactive meter the meter name associated to the action group inactive meter mean...

Page 463: ...ter config meter action red drop meter action yellow drop traffic meter test valid meter config meter mode trtcm 0 0 0 50000 meter action red drop meter action yellow transmit Description and analysis traffic meter mt2 invalid meter config the name of the meter is mt 2 invalid meter config means that the meter is not configured completely The invalid configuration does not take effect We can see t...

Page 464: ...it Description and analysis For the command show traffic meter with specified meter name only the specified meter configuration in the command is displayed show acl object switch show acl object Displayed result Object global IP ACL name 1 valid ip access list standard 1 number of rules 1 10 permit any time range tr1 active action group act1 active 0 mache of red packets 0 mache of yellow packets ...

Page 465: ...here is one rule 10 permit any time range tr1 active action group act1 active it shows the status of the rule Here the time domain is in the active state and the configuration of action group exists 0 mache of red packets It means the bound action group on the rule is configured to count the red packets 0 mache of yellow packets It means the bound action group on the rule is configured to count th...

Page 466: ...object its name is 1 and there is one rule 10 permit any time range tr1 active action group act1 active it speifies the status of the rule the rule of the time domain is in the active state and the action group configuration exists 0 mache of red packets It means the bound action group on this rule is configured to count the red packets 0 mache of yellow packets It means the bound action group on ...

Page 467: ...s the MAC rule with series number as 50 Its bound time domain is in inactive state and the rule is not effective now Application Example Besides the application of packet filtering the command described in this chapter has two more important applications One is to use ACL to classify packets the other is to use ACL to control packet flow The following uses the example to describe the configuration...

Page 468: ...rom port 0 1 to the switch are classified according to the IP address segment The packet with source IP address as 10 0 0 is the first type and packet with source IP address as 10 0 0 1 is the second type The packet with other source IP addresses is the third type Use DSCP filed to identify the type The configuration steps are as follows Command Description switch config terminal To configure IP s...

Page 469: ...ch show access list cs1 To re display the csl configuration ip access list standard cs1 10 permit 10 0 0 0 0 0 0 255 action group rmk1 active 20 permit 10 0 1 0 0 0 0 255 action group rmk2 active 30 permit any action group rmk3 active switch config terminal The action group rmk1 rmk2 and rmk3 are created so the status of the action groups is displayed as active Next we can apply them to port 0 1 s...

Page 470: ...e action group For example the packets entering from port 0 1 to the switch are classified according to the IP address segment The packet with source IP address as 10 0 0 is the first type and the speed is limited as 5Mbps the packet with source IP address as 10 0 0 1 is the second type and the speed is limited as 1Mbps the packet with other source IP addresses is the third type and the speed is l...

Page 471: ...eter mt3 To specify the meter associated with the action group as mt3 switch config action group end switch show access list cs1 To re display the csl configuration ip access list standard cs1 10 permit 10 0 0 0 0 0 0 255 action group act1 active 20 permit 10 0 1 0 0 0 0 255 action group act2 active 30 permit any action group act3 active switch show action group The action groups act 1 act 2 and a...

Page 472: ...ere the status of the configured meters in the action group becomes active switch config terminal Next apply the configured ACL to port 0 1 switch config port 0 1 switch config port 0 1 ip access group cs1 in switch config port 0 1 end switch show acl object port 0 5 After applying it to the object display the status of the ACL object Object type port IP ACL name cs1 valid ip access list standard ...

Page 473: ...riority value the faster of dropping it The dropping priorities correspond to the port queue one by one The message with dp as zero joins to the queue zero and the message with dp as 1 joins to the queue 1 and the following is accounted as above way The dscp dscp mapping the dscp value is modified according to the dscp of the message Basic Commands Command Description Config mode no map table lp d...

Page 474: ... mappings under the port are mapped to the dscps which have same value If the default value is configured the un configured items are mapped to the default value 3 Once any dscp lp mapping is configured at the port the un configured items will be mapped by section and section to different lps The mapping relationship as following the value of dscp from zero to 7 is mapped to lp value 1 the value o...

Page 475: ... 0 to 7 To configure mapping relation Switch config port 0 0 map table lp dp 1 to 6 To configure mapping relation Switch config port 0 0 map table lp dp 2 to 5 To configure mapping relation Switch config port 0 0 exit To exit the mode Monitoring Debugging Commands for Monitoring Command Description show maptable lp dp dscp lp dscp dscp dot1p lp To inquiry the configuration of present items and the...

Page 476: ...ion of Commands for Configuring Queue Scheduling Example of Configuration Overview Each port has 8 queue output queues following scheduling policies can be adopted SP Strict Priority the queue 7 has the highest priority while the queue 0 has the lowest priority RR Round Robin the port based fair scheduling Each queue schedules out one packet and then transmits the packet to the next queue WRR Weig...

Page 477: ...ority scheduling rr To configure as the round robin scheduling wrr weight0 weight1 weight2 weight3 weight4 weight5 weight6 weight7 To configure as the wrr mode wdrr weight0 weight1 weight2 weight3 weight4 weight5 weight6 weight7 To configure as the wdrr mode Default status by default the port configuration mode is the strict priority Notes When configuring the scheduling modes of wdrr and wrr if a...

Page 478: ...how queue schedule port portlist To display the scheduling mode of a specified port if no port is specified then display the scheduling modes of all ports Monitoring Example To display the configuration of the port 0 1 Command show queue schedule port 0 1 Displayed result example 1 of configuration Port 0 1 schedule mode Weighted Round Robin weight for queue 0 1 weight for queue 1 2 weight for que...

Page 479: ... depth is between the low threshold and the high threshold whether to discard the packet is according to the configured discarding probability The discarding probabilities of the yellow packet and the red packet can be configured the value ranges are from 0 to 7 Discarding probability Corresponding percentage 0 100 discard whole 1 6 25 2 3 125 3 1 5625 4 0 78125 5 0 390625 6 0 1953125 7 0 09765625...

Page 480: ...lues of the red packet and the yellow packet are 3 4 respectively Command Description Switch config port 0 1 To enter the port mode Switch config port 0 1 drop mode sred red 3 yellow 4 To configure the discarding mode Switch config port 0 1 exit To exit the port mode Monitoring Debugging Commands for Monitoring Command Description show drop mode port portlist To display the configured discarding m...

Page 481: ... of the burst size is byte Config port no rate limit To cancel the rate limitation of a port Config port rate limit rate burst size When users configuring the command the input parameters may be different with the practical value configured successfully Because the drive adjusts the value input by users according to the chip The final verity value of the rate is an integer multiple of 64 When the ...

Page 482: ...de Monitoring Debugging Commands for Monitoring Command Description show rate limit port portlist To display the rate limitation of a specified port if no port is specified then display the rate limitation of all ports Example of Monitoring To display the configuration of port0 1 Command show rate limit port 0 1 Displayed results port 0 1 rate limit 250048 12288 Flow Shaping The contents are as fo...

Page 483: ... shape queue queue_id To cancel the flow shaping of a port or a queue config port config port range traffic shape rate burst size This command is to configure the flow shaping of a port When users configuring the command the input parameters may be different with the practical value configured successfully because the drive adjusts the value input by users according to the chip The final verity va...

Page 484: ...scarded when the network is congestion Pbs and cbs partly express the size of allowed bursting flow When the database passes the port it is restricted by both shaping of queue and shaping of port The queue with configured shape priority schedules the queue whose flow is smaller than cir it prefers to schedule the queue whose flow is between cir and pir and the last one is the queue whose flow is b...

Page 485: ...ds for Monitoring Command Description show traffic shape port portlist To display the flow shaping of a specified port if no port is specified then display the flow shaping of all ports Example of Monitoring To display the configuration of port0 2 Command show traffic shape port 0 1 Display results port 0 1 traffic shape 250048 12288 traffic shape of queues queue_id cir cbs pbs pir 1 1024 4096 819...

Page 486: ...nfig aaa authentication banner To configure the banner during AAA authentication config aaa authentication fail message To configure the displayed information when AAA authentication fails config aaa authentication username prompt To configure the user name prompt during AAA authentication config aaa authentication password prompt To configure the password prompt during AAA authentication config a...

Page 487: ...mbers of the server group config sg tacacs config sg radius server private To configure the private members of the server group config sg tacacs config sg radius ip vrf forwarding To configure the VRF attributes of the server group config sg tacacs config sg radius radius server host To configure the address of RADIUS server config radius server dead time To configure the silence time after the RA...

Page 488: ...Description banner The welcome information displayed when you log in to the switch The beginning and ending of the welcome information use the same expressing symbols for example if the output welcome information is welcome the input banner is welcome is the symbol expressing the beginning and ending Default status The default welcome information is User Access Verification Command mode Global con...

Page 489: ...entication password prompt This command is used to modify the displayed text to prompt the user to input password The no form of the command is used to recover the default displayed text aaa authentication password prompt password prompt no aaa authentication password prompt Syntax Description password prompt The displayed text to prompt the user to input the password Default status The default di...

Page 490: ...st aaa authentication enable default method1 method2 no aaa authentication enable default Syntax Description default To define the default method list method Authentication method None Pass directly without authenticating the identity Enable Use the valid password to authenticate the identity the global enable passport Line Use the line password to authenticate the identity Radius Use RADIUS to au...

Page 491: ...ault list name Syntax Description list name The default method list default To define the default method list method Authentication method None Pass directly without authenticating the identity Local Use the local user database to authenticate the identity Radius Use RADIUS to authenticate the identity Tacacs Use TACACS to authenticate the identity WORD Use TACACS or RADIUS server group to authent...

Page 492: ...o form of the command is used to not restrict the access authority aaa authorization config commands no aaa authorization config commands aaa authorization console This command is used to restrict the authority of the user to enter the system from the console port The no form of the command is used to not restrict the console port aaa authorization console no aaa authorization console aaa authoriz...

Page 493: ...ves the start accounting notice all requested user processes start to execute stop only Send an end accounting notice only when the requested user process ends wait start Send a start accounting notice and an end accounting notice to the AAA accounting server The requested user service isn t enabled until the notices above are acknowledged broadcast When there are multiple TACACS or RADIUS servers...

Page 494: ...otice all requested user processes start to execute method Accounting method tacacs Send accounting information to the TACACS server WORD Use TACACS or RADIUS server to authenticate WORD is the name of the server group Default status By default the accounting method list is not defined Command mode Global configuration mode aaa accounting suppress null username This command is used to prohibit gen...

Page 495: ... seconds Command mode Global configuration mode Note The key configured on the router should be consistent with that on the Tacacs server Multiple Tacacs servers can be configured and the system can select one of them for system authentication according to the configuration sequence when one server fails the system can select the next one automatically till the last one fails tacacs server key Thi...

Page 496: ...d list server TACACS This command is used to configure the members of a TACACS server group The no form of the command is used to delete the members server ip address no server ip address Syntax Description ip address The address of the Tacacs server It must be the address configured through the command tacacs server Otherwise it cannot take effect Default status No Command mode Server group confi...

Page 497: ... it can overlap with the global configured server server private RADIUS This command is used to configure the members of a RADIUS server group The no form of the command is used to delete the members server private ip address acc port acc port auth port auth port priority priority key key no server private ip address auth port port acct port port Syntax Description ip address The address of Radius...

Page 498: ...red on the router should be consistent with that on the RADIUS server Multiple RADIUS servers can be configured and the system can select one of them for system authentication according to the configuration sequence when some server is unavailable the system can select the next one automatically till the last one fails radius server dead time This command is used to configure dead time The no form...

Page 499: ...RADIUS server The no form of this command is used to recover the default value radius server retransmit retries no radius server timeout Syntax Description retries The maximum times of retransmitting a packet to the RADIUS server Default status 3 times Command mode Global configuration mode ip tacacs radius source interface This command is used to configure the interface address which is specified...

Page 500: ...or rlogin user One or more authentication methods can be selected NAS config aaa authentication enable default radius enable The authentication method radius enable is adopted for the telnet or rlogin user to enter the privilege use mode NAS config aaa authentication ppp auth name radius tacacs local To configure the PPP authentication and cooperate with the command ppp authentication on the inter...

Page 501: ...and other related configurations are as follows Command Description NAS conifgure terminal To enter the configuration mode NAS config aaa new model To enable AAA authentication NAS config aaa authentication login aa radius tacacs none The authentication methods radius tacacs and none are adopted for identification authentication of the telnet or rlogin user Adopt the customized method list named a...

Page 502: ... identity authentication process will end and no other identity authentication method will be tried Checking and Debugging AAA show aaa This command is used to display AAA information show aaa configure module server session source address Syntax Description configure To display the AAA configuration information module To display AAA functional module and the result after these modules operate AAA...

Page 503: ...ed to disable the switch debug aaa accounting no debug aaa accounting Command mode Privilege user mode debug aaa all This command is used to enable all AAA debugging switches The no form of the command is used to disable all the switches debug aaa all no debug aaa all Command mode Privilege user mode debug tacacs This command is used to enable the TACACS debugging switch The no form of the command...

Page 504: ...ommunication between the nodes on the ring network Compared with STP protocol EAPS has the features that the topology convergence speed is fast lower than 50ms and the convergence time is not related with the nodes on the ring network The main contents Commands for configuring EAPS EAPS configuration example Debug EAPS EAPS Basic Commands Command Description Config Mode eaps ring ring id master tr...

Page 505: ...master node needs to send hello packet check ring faults config eaps Transmit ring ring id To configure the edge node of EAPS transmission node config eaps Easp timer hello receive block recover timer value To configure the value of EAPS timer config eaps Eaps start To enable EAPS protocol config eaps Note The symbol before the command description means that there is the configuration example to d...

Page 506: ... id id number domain id id number Default status Undefined Command mode EAPS configuration mode ring type This command is to configure the type of the EAPS ring The no format of the command is to recover the default configuration The default configuration is the master ring ring type primary subordinate no ring type primary subordinate Default Status Master ring Command Mode EAPS configuration mod...

Page 507: ...APS configuration mode Primary link aggregation This command is to configure EAPS convergence master port primary link aggregation link number no primary link aggregation link number Syxtax Description link number To configure number of EAPS convergentce master port the value range is from 1 to 16 Default status Undefined Command mode EAPS protocol configuration mode second port This command is to...

Page 508: ...ion mode edge link aggregation This command is to configure the EAPS edge convergence port edge link aggregation link number no edge link aggregation link number Syntax Description link number To configure number of edge convergence port the value range is from 1 to 16 Default status No secondary port Command mode EAPS protocol configuration mode common port This command is to configure the EAPS p...

Page 509: ...r Timer value To configure value of timer Default status The value of hello timer is 1s 60 ticks The value of receive timer is 3s 180 ticks Note The transmitting mode does not need to configure value of timer the transmitting node learns value of time according to the sent message of transmitting node from master node The value of receive timer must be larger than that of receive timer We suggest ...

Page 510: ...smission nodes Transmit n Port 0 0 is the master port and port 0 1 is the secondary port A Configure the master node Command Description Master configure terminal To enter the global configuration mode Master config easp ring 1 master To generate the master node with ring ID as 1 and enter the configuration node of the easp node Master config eaps domain id 1 To configure the domain ID as 1 Master...

Page 511: ...ransmission node with ID as 1 and enter the configuration node of the easp node transmit config eaps domain id 1 To configure the domain ID as 1 transmit config eaps ring type primary To configure the EAPS ring type as the master ring transmit config eaps level 0 To configure the level of EAPS ring transmit config eaps control vlan 3 To configure to control vlan transmit config eaps primary port 0...

Page 512: ...e sub ring vlan and add the ports of the master control node to the sub ring VLAN 2 Configure the common transmission nodes of the master ring The common transmission nodes refer to the transmission nodes that are not connected to the sub ring You need to create the sub ring VLAN for the common transmission nodes and add the mater ports and secondary ports on the transmission node to the sub ring ...

Page 513: ...e the level of sub ring as 1 Transmit2 config eaps transmit ring 1 To transmitting node of relative edge node Transmit2 config eaps control vlan 4 To configure the control vlan of edge node Transmit2 config eaps edge port 0 2 To configure the public ports of the edge node Transmit2 config eaps common port 0 1 To configure public port of edge node Transmit2 config eaps eaps start The edge node star...

Page 514: ...onfigure the public ports of the assistant edge node Transmitm config eaps eaps start To enable the EAPS protocol on the assistant edge node Note The public ports must be the ports of the transmission node Configure the access node of the maser ring transmit m transmit m is the access node of the sub ring and the assistant edge node on the device Command Description Transmitm configure terminal Tr...

Page 515: ...of eaps node sMaster node config eaps domain id 1 To configure the domain ID as 1 sMaster node config eaps ring type sub To configure EAPS ring type as sub ring sMaster config eaps level 1 To congiure the level of EAPS as 1 sMaster node config eaps control vlan 4 To configure the control vlan sMaster node config eaps primary port 0 0 To configure the master port port 0 0 sMaster node config eaps s...

Page 516: ...ND Sending statistics Total packet 9915 Hello packet 9888 Edge Hello packet 0 There are 9915 messages are sent in total wherein Hello message has 9888 Edge Hello message has 0 COMM FLUSH FDB packet 21 COMP FLSUH FDB packet 6 Major Fault packet Error innovates 21 FDB messages ring completely innovates new 6 messages and zero error message of master ring Link Down packet 0 Link Up packet 0 There are...

Page 517: ...B packet 0 There are zero message zero ring error innovating message and zero ring intact innovating message Edge Hello packet 0 Link Down packet 7 Link Up packet 8 There are zero Edge Hello message seven Link down messages and 8 Link Up messages Major Fault packet 0 There is zero master error message EAPS Debugging Command The introduction of EAPS debugging demand as following list Command Descri...

Page 518: ... NODE RECV RING 1 port 0 1 Receive LINKUP message LINK UP information is received from port 0 1 by the master node 03 29 41 EAPS 5 NODE FSM Master Node FSM FAULT PREUP The master node is transmitted from error situation to intact situation 03 29 41 EAPS 7 NODE RECV RING 1 port 0 0 1 Receive LINKUP message LINK UP information is received from port 0 0by the master node 03 29 41 EAPS 5 NODE FSM Mast...

Page 519: ... 01 08 00 01 00 01 00 00 00 00 00 00 00 00 03 37 46 00 3c 00 b5 01 00 33 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 37 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 37 46 00 00 To send ring error innovating message and its content 03 37 46 EAPS 7 PORT FLUSH FDB port 0 0 Fresh FDB To innovate port 0 0 03 37 46 EAPS 7 PORT RCV port 0 0 RECV 03 37 46 01 80 63 07 00 02 0...

Page 520: ...0 03 37 49 00 00 The received message and its content form port 0 0 03 37 49 EAPS 7 PORT SEND port 0 0 Send FDB FLUSH_COMP message 03 37 49 EAPS 7 PORT SEND port 0 0 vlan 3 SEND 03 37 49 01 80 63 07 00 02 00 00 00 34 54 34 81 00 e0 0300 40 aa aa 03 00 03 37 49 e0 2b 00 bb 99 0b 00 40 01 09 00 01 00 01 00 00 00 00 00 00 00 00 03 37 49 00 3c 00 b5 03 00 33 25 00 00 00 00 00 00 00 00 00 00 00 00 00 0...

Page 521: ...tion of the cables and check whether uni directional link exists The uni directional link can be identified and prohibited only when all the devices support UDLD When discovering a uni directional link UDLD disables the interface and informs the user Basic Commands The commands for configuring UDLD include global configuration and port configuration The global configuration takes effect on all the...

Page 522: ...own the UDLD function of the port config port x y snmp server enable traps port shutdown udld To open UDLD module to send sharp function of ShutDown information of the port config no snmp server enable traps port shutdown udld To shutdown UDLD module to send sharp function of ShutDown information of the port config Note The symbol before the command description means that there is the configuratio...

Page 523: ... Status Under default status the time space is 15s Note If the configured packet sending frequency is too fast this adds the burden of network If the configured packet sending frequency is too slow this decreases protocol running efficiency udld port In order to configure UDLD working mode on the port above command is used In order to forbid UDLD function on the port no udld port command is used u...

Page 524: ...xit the port configuration mode SwitchA config udld message time 16 To configure time space of packet sending as 16s SwitchA config udld enable To enable Global UDLD SwitchA config exit To finish UDLD configuration The configuration of Switch B Command Description SwitchA config port 0 1 To enter into port configuration mode SwitchA config port 0 1 udld port aggressive To configure aggressive work...

Page 525: ...figuration of equipment udld configuration of each port and current status Monitoring Command Example This section describes the using and information of monitoring command via examples For the environment and configuration please refer to UDLD application example one SwitchA show udld Displayed Result Description and Analysis Device UDLD Info Start To start status information of UDLD equipment De...

Page 526: ...ipment of neighber Port ID port 0 0 ID port of neighbor Port 0 0 of Switch A DeviceName SwitchA Equipment Name Switch A Message Interval 16 The Message Time parameter of the neighbor is 16 Death Count 52 The aging time of the neighbor Debugging Command The UDLD provides basic debugging command It is used for processing protocol analysis The debugging information mainly includes the packet informat...

Page 527: ...dld_St_Echo The single communication status in the current is unknown Enable the command debug udld port 0 0 receive to check the contents of the UDLD packet received by port 0 0 SwitchA debug udld port 0 0 receive Displayed Result Analysis UDLD enter parse Data port 0 0 receive PDU data Len 64 00 00 36 Buff Len 64 00 00 36 0x21 0x02 0x00 0x01 0x00 0x01 0x00 0x10 0x30 0x30 00 00 36 0x30 0x31 0x35 ...

Page 528: ... 0x62 0x36 0x63 0x37 0x64 0x30 0x32 00 00 36 0x00 0x02 0x00 0x0c 0x70 0x6f 0x72 0x74 0x20 0x30 00 00 36 0x2f 0x30 0x00 0x03 0x00 0x04 0x00 0x04 0x00 0x05 00 00 36 0x0f 0x00 0x05 0x00 0x05 0x05 0x00 0x06 0x00 0x0a 00 00 36 0x72 0x6f 0x75 0x74 0x65 0x72 0x00 0x07 0x00 0x08 00 00 36 0x00 0x00 0x00 0x01 An UDLD message is sent by port 0 0 the length of PDU is 64 The data displaying method of sending d...

Page 529: ...vel Ethernet services including user service providers and network operators The users purchase Ethernet services from service providers The service providers use their own network or other operators network to provide end to end Ethernet services IEEE 802 1ag divides operator level Ethernet to a multi domain OAM network model including user service provider and operator maintenance levels which c...

Page 530: ... port which determines the MD range The MA and MD to which the MEP belongs determine the VALN attributes and level attributes of the packets by the MEP According to the location of MEP in MA the MEP direction includes the outward and inward If the packets in MA are received from the configured ports the MEP is outward Similarly the outward MEP can only send packets to the network through the MEP p...

Page 531: ...traceroute ethernet domain domain name service instance service name mpid mpid mac address The link tracking command enable clear ethernet cfm maintenance points remote domain domain name service instance service name To clear the CCM database enable clear ethernet cfm traceroute cache domain domain name service instance service name To clear link tracking cache enable snmp server enable traps eth...

Page 532: ...nd the database information of the remote peer MEP configured in the maintenance domain service instance ma name vlan vid no service instance ma name vlan vid Syntax Description ma name To set the service instance name vlan vid To specify VLAN Default Status No cc interval secondes This command is to specify the interval of all MEPs sending CCM packets in the maintenance set or service instance Th...

Page 533: ...e service name To specify the service instance name mpid id To set the MEP ID cc enable To enable the function of sending CCM packets it is the default value cc disable To disable the function of sending CCM packets Default Status By default the CCM function is enabled ping ethernet domain domain name service instance service name mpid mpid mac address source mpid This command is used to loopback ...

Page 534: ... MEP ID mac address To specify the destination MAC address Default Status No clear ethernet cfm maintenance points remote domain domain name service instance service name This command is used to clear the CCM database The command does not have the no format clear ethernet cfm maintenance points remote domain domain name service instance service name Syntax Description domain domain name To specify...

Page 535: ...intenance domain dom_l4_vlan100 specify the domain level as 4 specify the domain direction as outward and enter the ether cfm mode Switch A config ethernet cfm service instance ser_vlan100 vlan 100 To create the service instance bind it with VLAN 100 and enter ethernet si mode Switch A config ethernet si exit To exit ethernet si mode Switch A config ethernet cfm exit To exit ethernet cfm mode Swit...

Page 536: ... 4 specify the domain direction as outward and enter the ether cfm mode Switch B config ethernet cfm service instance ser_vlan100 vlan 100 To create the service instance bind it with VLAN 100 and enter ethernet si mode Switch B config ethernet si exit To exit ethernet si mode Switch B config ethernet cfm exit To exit ethernet cfm mode Switch B config ethernet cfm domain dom_l7_vlan100 level 7 To c...

Page 537: ... exit ethernet si mode Switch C config ethernet cfm exit To exit ethernet cfm mode Switch C config ethernet cfm domain dom_l7_vlan100 level 7 To create the maintenance domain dom_l7_vlan100 specify the domain level as 7 and enter the ether cfm mode Switch C config ethernet cfm service instance ser_vlan100 vlan 100 To create the service instance bind it with VLAN 100 and enter ethernet si mode Swit...

Page 538: ... 7D22 with 64 bytes of data Reply from 00017 AB6C 7D22 bytes 64 time 0ms Reply from 00017 AB6C 7D22 bytes 64 time 0ms Reply from 00017 AB6C 7D22 bytes 64 time 0ms Reply from 00017 AB6C 7D22 bytes 64 time 0ms Ping statistics for 00017 AB6C 7D22 Packets Sent 4 Received 4 Lost 0 0 loss Approximate round trip times in milli seconds Minimum 0ms Maximum 0ms Average 0ms Use the command traceroute Etherne...

Page 539: ...ache domain domain name service instance service name To display the link tracking cache information show ethernet cfm port To display the CFM configured on the ports of the local device Monitoring Command Examples show ethernet cfm maintenance points local For the environment and configuration refer to Configure CFM in the application example Switch A show ethernet cfm maintenance points local Di...

Page 540: ...sPort Age sec Expire sec 300 4 00017 AB6C 7D22 100 UP port 0 1 499 26 Domain dom_l7_vlan100 Service Instance ser_vlan100 MPID Level MAC VLAN PortStatus IngressPort Age sec Expire sec 200 7 00017 AB6C 7D22 100 BLOCKED port 0 1 499 26 Description and analysis The above displays the remote peer MEP database information show ethernet cfm port For the environment and configuration refer to Configure CF...

Page 541: ...no debug ethernet cfm continuity check send receive port link aggregation port num To enable disable connectivity checking debug switch no debug ethernet cfm loopback send receive port link aggregation port num To enable disable the loopback checking debug switch no debug ethernet cfm linktrace send receive port link aggregation port num To enable disable the link tracking debug switch Debugging C...

Page 542: ... 07 6C 37 5F 76 6C 61 6E 31 30 30 02 0B 73 65 72 5F 00 10 07 76 6C 61 6E 31 30 30 00 00 00 00 00 00 00 00 00 00 10 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 07 00 00 00 00 00 00 00 00 00 00 02 00 01 01 01 00 00 10 07 0C 08 01 73 77 69 74 63 68 2D 42 00 00 00 00 10 07 CFM PKT RECV Find MEP at equal MD level do MEP equal process 00 10 07 CFM CCM TLV Decode port status 1 BLOCKED 00 10 ...

Page 543: ...de Reply IngressId TLV Action 1 Hit Target MAC 00017 AB6C 7D22 Port ID length 8 Port ID sub type 2 Port Component Port ID port 0 1 00 02 51 CFM LTR TLV Decode sender s chassis ID ID length 8 ID sub type 1 Port Component ID switch B Configure E LMI The contents of this section are as follows Introduction to E LMI protocol Configure to use E LMI protocol Application examples Monitoring and debugging...

Page 544: ...ter executing the command the E LMI protocol is enabled on all the ports if the running mode of equipment E LMI protocol is not configured as CE before the E LMI protocol default running mode as PE config ethernet lmi ce To configure E LMI protocol to run in the CE mode The command can be executed only after the ethernet lmi global command is executed config ethernet lmi port To enable the E LMI p...

Page 545: ...he port in the port configuration mode Syntax Description n391 1 65000 To configure the times of the E LMI protocol polling the counter actively After N391 polling the CE end initiates the Full Status request The default value is 360 n393 2 10 To configure the times of the counter counting the E LMI status After connecting the device fails for N393 times when running the E LMI protocol the E LMI s...

Page 546: ...he Gold Shop In this way we can create a virtual Ethernet connection EVC Evc gold between CE1 and CE2 The EVC is consisted by two nodes including MEP 100 and MEP 200 it is EVC of point to point Suppose PE1 uses port 1 0 to connect with port 1 0 on the CE configure the E LMI protocol on the UNI between CE1 and PE1 so that the CE1 can get the configuration and status information of UNI and Evc gold ...

Page 547: ... to the global configuration mode switch config evc evc gold To define one EVC the EVC ID is the configuration mode of evc gold entering into EVC The EVC defaults to be point to point type switch config evc implement type qinq To configure the achieving type of EVC as QINQ switch config evc svlan id 100 svlan id corresponds to vlan id of CEM example which is configured at above third line switch c...

Page 548: ...ment example whose name is gold chief shop and service Vlan Id is 100 switch config ethernet si exit To exit the CFM domain configuration mode switch config ethernet cfm exit To exit the CFM configuration mode and return to the global configuration mode switch config port 0 2 To enter the configuration mode of port 0 2 switch config port 0 2 ethernet cfm mep domain gold shop service instance gold ...

Page 549: ...inted port show ethernet lmi statistics port string link aggregation 1 16 To display the E LMI statistics protocol information on the appointed port show ethernet lmi uni map detail port string link aggregation 1 16 To display the configuration and status information of UNI clear ethernet lmi statistics port string link aggregation 1 16 To clean all ports or E LMI protocol statistics information o...

Page 550: ...test and only version is MEF 16 Jan 2006 Mode CE The running mode of the E LMI protocol CE mode Status Enable The running status of E LMI on the port enable E LMI Link Active The current connection status of the E LMI protocol on the port is Active T391 10 Interval of PT timer 10s T392 15 Interval of PVT timer 15s N391 360 The times of active polling at the CE 360 N393 4 E LMI status check The tim...

Page 551: ...ocol error Protocol Errors Invalid Protocol Version 0 Invalid EVC Reference Id 0 Invalid Message Type 0 Out of Sequence IE 0 Duplicated IE 0 Mandatory IE Missing 24 Invalid Mandatory IE 0 Invalid non Mandatory IE 0 Unrecognized IE 0 Unexpected IE 0 Short Message 0 Description and analysis Invalid Protocol Version The times of receiving E LIM packet with error protocol versions Invalid EVC Referenc...

Page 552: ...sult Uni Id Evc Id Port name uni1 evc1 ag port 0 1 Signamax uni1 evc Signamax ag port 0 2 uni gold evc gold ag port 0 3 Description and analysis Uni Id The UNI ID configured on the device Evc ID The EVC corresponding with UNI One UNI can correspond with multiple EVCs Port Name The name of the port where the UNI is located Debugging Commands Command Description debug ethernet lmi all port string li...

Page 553: ...he information about resolving the packet 10 35 54 E LMI ag port 0 1 PACKET received E LMI Check in CE mode 10 35 54 Version 1 10 35 54 Message Type STATUS 10 35 54 Report Type E LMI Check 10 35 54 Sequence Number Send 231 Receive 230 10 35 54 Data Instance 1 The packet is the response information for the E LMI Check Enquiry received by the CE And the information of the message is displayed in des...

Page 554: ...tions Administration and Maintenance OAM is the tool for monitoring and solving network problems It reports the network status at the data link layer so that the network administrator can management the network more efficiently Ethernet OAM is defined in IEEE 802 3ah Currently Ethernet OAM solves the OAM problems of the last meter Ethernet devices including link performance monitoring fault detect...

Page 555: ... the Ethernet OAM link monitoring config port ethernet oam link monitor frame window window value To set the window period of error frame checking of Ethernet OAM link monitoring config port ethernet oam link monitor frame threshold low high none threshold value To set the threshold of error signal checking of Ethernet OAM link monitoring config port ethernet oam link monitor frame action threshol...

Page 556: ... loop back link detecting enable clear ethernet oam event log port port list To clear OAM event log information of Ethernet enable clear ethernet oam process port port list To clear OAM running data of Ethernet enable clear ethernet oam statistics port port list To clear OAM statistics information of Ethernet enable snmp server enable traps ethernet oam none threshold threshold To enable SNMP netp...

Page 557: ...rmation OAMPDU packets to detect connection actively in the passive mode do not send information OAMPDU packets to detect connection actively once enter the state of setting up the connection negotiation the information OAMPDU packets are interacted normally The no format of the command is used to recover the default value of the Ethernet OAM mode ethernet oam mode active passive no ethernet oam m...

Page 558: ...e 5000ms ethernet oam link monitor shutdown This command is used to disable the link monitoring function of Ethernet OAM The no format of the command is used to recover the default value ethernet oam link monitor shutdown no ethernet oam link monitor shutdown Default Status By default the link monitoring function of Ethernet OAM is enabled ethernet oam link monitor symbol window This command is us...

Page 559: ...ot monitor threshold value To set the threshold of error signal checking of Ethernet OAM link monitoring The value range is 1 65535 Default Status threshold low threshold value 1 threshold high threshold value none ethernet oam link monitor symbol action This command is used to set the error response processing of error signal checking of Ethernet OAM link monitoring as not monitoring Checking err...

Page 560: ... Description window value To set the window period of error frame checking of Ethernet OAM link monitoring The value range is 1 60 and the unit is second Default Status window value 1s ethernet oam link monitor frame threshold This command is used to set the threshold of error frame checking of Ethernet OAM link monitoring Checking error frames is to check whether there are error frames within eac...

Page 561: ... frame checking of Ethernet OAM link monitoring none To set the error response processing of error frame checking of Ethernet OAM link monitoring as not process error disable interface To set the error response processing of error frame checking of Ethernet OAM link monitoring as shutdown the interface Default Status By default do not process the error response ethernet oam link monitor frame peri...

Page 562: ...hold of error frame checking of Ethernet OAM link monitoring as not monitor threshold value To set the threshold of error frame checking of Ethernet OAM link monitoring The value range is 1 65535 Default Status threshold low threshold value 1 threshold high threshold value none ethernet oam link monitor frame period action This command is used to set the error response processing of error frame ch...

Page 563: ...nk monitor frame seconds window window value no ethernet oam link monitor frame seconds window window value Syntax Description window value To set the window period of error frame second checking of Ethernet OAM link monitoring The value range is 1 60 and the unit is second Default Status window value 1s ethernet oam link monitor frame seconds threshold This command is used to set the threshold of...

Page 564: ...hernet oam link monitor frame seconds action threshold low high none error disable interface no ethernet oam link monitor frame seconds action threshold low high none error disable interface Syntax Description low To set the error response processing of the low threshold of error frame second checking of Ethernet OAM link monitoring high To set the error response processing of the high threshold o...

Page 565: ...t To send the command of enabling remote loopback to the connected peer end stop To send the command of disabling remote loopback to the connected peer end port port num The port that sends the remote loopback command Default Status No ethernet oam remote loopback test This command is used to detect remote loop back link The command only can be used after using the command of ethernet oam remote l...

Page 566: ...r all the connections clear ethernet oam oam statistics This command is used to clear the statistics information of Ethernet OAM The no format of the command is used to recover the default value clear ethernet oam oam statistics port port list Syntax Description port port list To clear the port list of ran data of Ethernet OAM statistics information Default Status When no connection is specified c...

Page 567: ...ogy of running Ethernet OAM Illustration Port 0 0 of Switch A is connected to port 0 0 of Switch B Run Ethernet OAM on the Ethernet link Switch A configuration Command Description Switch A config port 0 0 To enter the port configuration mode Switch A config port 0 0 ethernet oam enable To enable Ethernet OAM Switch A config port 0 0 exit To exit the port configuration mode Switch B configuration C...

Page 568: ...pplication example Switch A show ethernet oam discovery Displayed result Capability codes U Unidirection R Remote Loopback L Link Event V Variable Retrieval Local Discovery Loopback Local Remote Local Remote Discovery Interface State State Mode Mode Capability Capability Timeout port 0 0 Up None Active Active R L R L 4sec 600msec Description and analysis The above displays the running abbreviation...

Page 569: ...rdware state Up OAM enable Enable Hello rate 1000msec Hello timeout 5000msec Link state Up Link state on time 00 08 33 Loopback state None Multiplexer mode Forward Parser mode Forward Next hello in 0sec 200msec Timeout in 4sec 200msec Information OAMPDU Critical link events None Local stable Stable Remote stable Stable OAM version 1 Revision 0 Parser state Forward Multiplexer state Forward Mode Ac...

Page 570: ...00 0x00 Description and analysis The above displays the running information of the link monitoring show ethernet oam event log For the environment and configuration refer to Configure Running Ethernet OAM in the application example Switch A show ethernet oam event log Displayed result Link port 0 0 event log counter 3 cache size 50 Index 6 event Dying gasp log Time stamp 00 00 17 Vendor ID oui 0x0...

Page 571: ...t port 0 0 link monitor status Link monitor error symbol event check Window size 1 x 1 seconds Threshold low value 1 Threshold low action none Threshold high value none Threshold high action none Last error number 0 Next check in 0sec 616msec Error statistics 0 Link monitor error frame event check Window size 1 x 1 seconds Threshold low value 1 Threshold low action none Threshold high value none T...

Page 572: ...n the application example Switch A show ethernet oam statistics Displayed result Link port 0 0 statistics OAMPDU packet counter Information OAMPDU Tx Rx Err 559 558 0 Unique event notification OAMPDU Tx Rx Err 0 0 0 Duplicate event notification OAMPDU Tx Rx Err 0 0 0 Loopback control OAMPDU Tx Rx Err 0 0 0 Variable request OAMPDU Tx Rx Err 0 0 0 Variable response OAMPDU Tx Rx Err 0 0 0 Organizatio...

Page 573: ... switch of MIB information request no debug ethernet oam variable response send recv detail port port num To enable disable the debug switch of MIB information response no debug ethernet oam organization specific send recv detail port port num To enable disable the debug switch of organization defining packets Debugging Command Examples For the environment and configuration refer to Configure Runn...

Page 574: ...09 16 ETH OAM vendor ID oui 0x00 0x01 0x7A Signamax vendor specific info 0x00 0x00 0x00 0x00 00 09 16 ETH OAM Info TLV type 2 len 16 version 1 revision 450 State 0x00 config 0x0D pduConfig 0x05DC 00 09 16 ETH OAM vendor ID oui 0x00 0x01 0x7A Signamax vendor specific info 0x00 0x00 0x00 0x00 ...

Page 575: ...hange Ethernet service frames between them EVC is classified into three types as per the connection mode Point to point EVC also called Eline Service including two types EPL Ethernet private line EVPL Ethernet virtual private line The difference between EVPL and EPL is There can be multiple EVPLs on one UNI while there can be only one EPL on one UNI Currently for the RL08 QinW mode they have no di...

Page 576: ...tion Config Mode evc evc id To create a new EVC with a specified ID and then enter into the configuration mode of the EVC or the configuration mode of a created EVC config no evc evc id To delete a created EVC as per EVC ID config description string To configure the description information of a specified EVC config evc no description To delete description information of a specified EVC config evc ...

Page 577: ...tion interface MEPID config evc no local link aggregation link number local mepid mep id To delete local aggregation interface MEPID config evc remote mepid mep id To add remote MEPID associated with EVC config evc no remote mepid mep id To delete remote MEPID associated with EVC config evc ethernet uni id uni id To configure UNI ID config port x x config port range no ethernet uni id To delete UN...

Page 578: ...C EVC ID needs to be specified and the length of EVC ID is restricted to 32 The no format of the command is used to delete one created EVC evc evc id no evc evc id Syntax Description evc id The ID character string of EVC and the value range is 1 32 characters Default status Undefined Notes EVC bound to the local port cannot be deleted description For easy memory you can configure the description i...

Page 579: ...ntly it only supports qing type implement type qinq mpls unknown Syntax Description qinq Realizing type is qinq mpls Realizing type is mpls unknown Realizing type is unknown Default status Undefined mdid The command is used to configure some control information of the EVC management domain which can take effect only when it is consistent with CFM configuration information The command no mdid is us...

Page 580: ...nnot be configured When QINQ mode is one svlan information cannot be configured cevlan id The command is used to configure CEVLAN ID cevlan id vid no cevlan id vid Syntax Description vid To configure CEVLAN ID which ranges from 1 to 4094 Default status Undefined Notes 1 When EVC is bound to the local port cevlan information cannot be configured 2 When QINQ mode is one cevlan information cannot be ...

Page 581: ...d can be used to configure the number of UNIs of the EVC which ranges from 3 to 8000 Default status The default value is point to point mode local This command is used to configure MEPID information of the local port which is added to the corresponding EVC through binding EVC to the port by QINQ To delete MEPID information of local port add no before the command The MEPID information of local aggr...

Page 582: ...The ID of the UNI port which comprises up to 64 characters Default status For example the default ID of port 0 1 is UNI port 0 1 Ethernet uni type The command is used to configure UNI type of local port Currently three types are supported including bundling all to one and multiplexing Bundling means that one UNI port can be bound to multiple EVCs and one or more CEVLANs are mapped to these EVCs Al...

Page 583: ...The ethernet uni type type of the port must match the information about the EVC to be bound The all to one port can only be bound to the EVC with QINQ mode as one and the port can be bound to only one EVC The multiplexing port can only be bound to the EVC with QINQ mode as multiple The port can be bound to multiple EVCs and each EVC can have only one CEVLAN The bundling port can only be bound to t...

Page 584: ...on red yellow trasmit remark dp priority_number Label the dropping priority on the packets colored by the meter For the definition of dropping priority refer to the chapter of ACL configuration meter action red yellow trasmit remark lp priority_number Label the inner priority on the packets colored by the meter For the definition of inner priority refer to the chapter of ACL configuration meter ac...

Page 585: ...e EBS Exceeded burst size PBS Peak burst size PIR Peak information rate Configuration mode Configuration mode of EVC action group Default status Meter mode is not configured The no format of the command is used to delete the configuration of meter mode no meter mode remark dot1p This command is used to configure the action of EVC action group to label 802 1p priority remark dot1p priority_number C...

Page 586: ...ANs and priority are all configured as any and the evc action parameter is also appointed to one non existing or existing action group without the configuration of meter mode evc policy outer vlan outer vlan id any outer priority any inner vlan inner vlan id any inner priority any evc action evc action name Command Description evc policy To configure one EVC policy on the port outer vlan outer vla...

Page 587: ...display the configurations of all EVCs Command show evc Displayed result switch show evc evc id EVC_Provider description mdid maid detail information impltype type uni num state qinq mode svlan id svlan type qinq p2p 2 active multiple 200 double admin state protected state cevidprs cevlancosprsv unknown unknown yes yes cevlan information local information local ifidx 2 mepid 0 opratesta up refid 1...

Page 588: ...drop the processing mode of the meter to yellow packets remark dot1p 7 label 802 1p priority on packets evc action action2 valid meter config meter mode srtcm 10000 1000 1000 meter action red drop meter action yellow drop Note The invalid meter configuration only makes the flow restriction function invalid and does not influence remark dot1p action The command show evc action evc action name is us...

Page 589: ...d packets are transmitted directly If one evc policy is valid it means that hardware resources are already distributed and are in valid state The show evc action instance command displays the implied policy of dropping all packets at the lowest priority of each port The command show evc action instance port port name is used to display only the configuration of a specified port EVC Application Exa...

Page 590: ...4 outward Configure CFM management domain and enter into CFM configuration mode switch config ethernet cfm service instance vlan200 vlan 200 Configure application example vlan200 and the vlan ID is 200 switch config ethernet si crosscheck mpid 2000 Add detected remote MEPID 2000 that is PE2 switch config ethernet si crosscheck mpid 3000 Add detected remote MEPID 3000 that is PE3 switch config evc ...

Page 591: ...f the management set corresponding to the related information configured by CFM switch config port 0 1 0 2 Enter into port configuration mode switch config port range qinq bind evc EVC_Provider active Bind EVC to port 0 1 and 0 2 For the configurations of PE2 PE3 and CE1 please refer to the related configuration manuals of CFM ...

Page 592: ...on example LLDP monitoring and debugging Overview LLDP Link Layer Discovery Protocol is the link layer protocol It organizes the information of the local device as TLV Type Length Value type length value encapsulates it in LLDPDU Link Layer Discovery Protocol Data Unit and then sends it to direct connected neighbors Meanwhile it saves the LLDPDU received from the neighbor in the form of standard M...

Page 593: ...ntory To choose the TLV sent by the port config port XXX config link aggregation XXX lldp check change interval seconds To configure the polling time of the port and enable the polling of the port config port XXX config link aggregation XXX no lldp run To close Lldp global enable config no lldp holdtime To recover default survival period 120s config no lldp time To recover default updating period ...

Page 594: ...nd is used to enable the LLDP function The no format of the command is used to disable the function lldp run no lldp run Default status disable Lldp enable The command is used to enable the LLDP function of the port The no format of the command is used to disable the function lldp enable no lldp enable Default status disable Lldp receive This command is used to configure admin status of the port a...

Page 595: ... Through configuring polling function LLDP periodically checks whether the configurations of the device change in the specified polling interval If the configurations of the device change it triggers the sending of LLDPDU to inform the other devices of the changing of the device configurations lldp check change interval seconds no lldp check change interval Syntax Description seconds Polling time ...

Page 596: ...nds Default status The default value is 2 seconds lldp tlv select This command is used to configure the flv types released by the port The no format of the command is used to cancel releasing the tlv lldp tlv select no lldp tlv select Syntax Description basic tlv Basic TLV all Choose all basic TLVs port description Port description system capability System capability system description System desc...

Page 597: ...upported applications such as radio and video the applied priority and used policy power via mdi Power supplying capability of the device inventory It includes the version information of hardware firmware and software of the device the serial number of the device manufacturer Model Name assertion identifier Default Status By default basic tlv dot1 tlv and dot3 tlv are released When selecting med t...

Page 598: ... 1 switch config port 0 1 lldp enable Start LLDP function of the port switch config port 0 1 lldp tlv select med tlv all Choose to send MED TLV switch config port 0 1 exit Exit the interface switch config port 0 2 Enter into port 0 2 switch config port 0 2 lldp enable Start LLDP function of the port switch config port 0 2 lldp tlv select med tlv all Choose to send MED TLV switch config port 0 2 ex...

Page 599: ...P Monitoring and Debugging Monitoring Command Command Description show lldp global information To show the local global information show lldp global neighbor To show all neighbor information of the device show lldp link aggregation aggId location To show the configuration information of the local aggregation port show lldp port portNo location To show the configuration information of the local com...

Page 600: ...e current system is 2 seconds Transmit delay 2s The delay time of sending LLDPDU is 2 seconds Fast start times 3 The number of the packets quickly sent by the current system is 3 View all neighbor information of current system and the result is as follows switch show lldp global neighbor Displayed Result Description and Analysis The current number of neighbors 1 The total number of the neighbors o...

Page 601: ... neighbors on the port is 10 Rx TLVs Discarded Total 0 The number of the TLVs dropped by the port because the TLV in the received LLDPDU is illegal is 0 Rx TLVs Unrecognized Total 0 The number of unrecognized TLVs in the LLDPDU received by the port is 0 View the information of the released TLVs chosen by the port configured with LLDP in the current system and the result is as follows switch show l...

Page 602: ...re it means the command has the configuration example Debugging Command Example View the information about the event of responding to the port or link of the port on which lldp is enabled via the command debug lldp event Enable the command debug lldp event switch debug lldp event Show Analyze 01 01 01 LLDP AG LINK PRE DOWN EVENT ON PORT 1 The event of responding to AG1 port before down 01 01 01 LL...

Page 603: ...06 The port sends pdu information 00 18 04 LLDP port 0 0 rx pkt info 01 80 C2 00 00 0E 00 01 7A 4F 48 6F 81 00 00 01 88 CC 02 07 04 23 01 7A 4F 48 6F 04 07 03 00 01 7A 4F 48 6F 06 02 00 78 08 07 70 6F 72 74 30 2F 30 0A 06 73 77 69 74 63 68 0C 06 73 77 69 74 63 68 0E 04 00 12 00 12 10 0C 05 01 80 FF 2A 31 03 00 00 00 01 00 FE 06 00 80 C2 01 00 01 FE 07 00 80 C2 02 06 00 6E FE 07 00 80 C2 02 06 00 7...

Page 604: ...V recieved 00 18 04 LLDP dot3 link agg TLV recieved 00 18 04 LLDP med capabilit TLV recieved 00 18 04 LLDP med network policy TLV recieved 00 18 04 LLDP med extend power via mdi TLV recieved 00 18 04 LLDP med hardware revision TLV recieved 00 18 04 LLDP med firmware revision TLV recieved 00 18 04 LLDP med software revision TLV recieved 00 18 04 LLDP med serial number TLV recieved 00 18 04 LLDP med...

Page 605: ...r information of the common port clear lldp link aggregation aggId counter To clear the statistics information of the packets sent and received by the aggregation port clear lldp port portId counter To clear the statistics information of the packets sent and received by the common port ...

Page 606: ...vided to the customers and check whether the indexes are in in the pre set thresholds For RL08 devices the SLA is the SLA at the MAC layer Basic Commands Command Description Config Mode rtr enable To enable rtr module config no rtr enable To disable rtr module config rtr rtr_id sla To define or enter into one rtr entity of the sla service config no rtr rtr_id To delete rtr entity config rtr schedu...

Page 607: ...fore it means that there is the configuration example to describe the command in details rtr rtr id sla This command is used to configure one rtr entity of the sla service and enter into the configuration of the sla service If the entity exists enter into the configuration of the entity rtr rtr id sla no rtr rtr id Syntax Description rtr id The unique ID of the entity the value range is from 1 to ...

Page 608: ...e The parameters to be set includes CFM maintenance domain where the sla service is located source MEPID and destination MEPID After setting the command the vadility of the parameter is checked as per the SFM configuration Syntax Description maintenance domain service instance The CFM maintenance domain where the connection is located smepid The source MEPID the value range is from 1 to 8191 dmepi...

Page 609: ... of the sla service When the statistics result of the uni directional delay exceeds the threshold execute the alarming operation The uni directional delay is defined as the time difference from the source port sending the packet to the destination port receiving the packet The unit is ms Syntax Description delaylarm The uni directional delay alarm threshold the value range is from 1 to 5000 the un...

Page 610: ...onsecutive bi directional delays It is used to describe the stability of the connection The unit is ms Syntax Description jitterlarm The Jitter alarm threshold the value range is from 1 to 5000 the unit is ms Default Status The default value of the parameter is 500ms avglost alarm lostlarm This command is used to set the alarm threshold of the packet loss rate of the sla service When packet loss r...

Page 611: ... vlan200 the SLA service example 1025 source MEPID 2017 destination MEPID Switch1 config rtr sla cycle 10 num packes 5 avg cyclenum 5 Set the scheduling period as 10 seconds the number of the packets during each period is 5 the number of average statistics periods is 5 Switch1 config rtr sla avgdelay alarm 100 Set the alarm threshold of the uni directional delay as 100ms Switch1 config rtr sla avg...

Page 612: ...LogSize 0 Maxlogsize 0 type SLA Create time 02 42 27 01 10 2008 Modification time 02 42 55 01 10 2008 Entry state Stop CFM maintance domain name Signamax com CFM maintance domain service id vlan200 Source mepid 1025 Destination mepid 2017 Cycle time 10 s PktNumPerCycl 2 Avgcycle number 2 Avgdelay alarm 500 ms Avgrndtrpdelay alarm 500 ms Avgjitter alarm 500 ms Avglost alarm 50 Status DEFAULT Descri...

Page 613: ...try state Run CFM maintance domain name Signamax com CFM maintance domain service id vlan200 Source mepid 1025 Destination mepid 2017 Cycle time 10 s PktNumPerCycl 2 Avgcycle number 2 Avgdelay alarm 500 ms Avgrndtrpdelay alarm 500 ms Avgjitter alarm 500 ms Avglost alarm 50 statistics Now send 86 packets totally received 86 packets Finished statistics cycle number 21 Start time 02 56 01 01 10 2008 ...

Page 614: ...played Result Analysis 00 17 52 SLA LOG FUNCTION rtrSlaInforFill 1333 Update rtr Sla entity 1 attributes in 02 09 53 01 10 2008 Update the attribute of sla entity 00 51 49 SLA DEBUG FUNCTION rtrSlaCtrlDo 959 Start processing SLA entity rtrEntId 1 00 51 49 SLA DEBUG FUNCTION rtrSlaMsgProc 664 Received message rtrEntId 1 message type SLA_MSG_START 00 51 49 SLA DEBUG FUNCTION rtrSlaStartOneSched 521 ...

Page 615: ...et system and users IEEE 802 3af is a new standard based on POE It is added with the related standards for providing power directly through network cables based on IEEE 802 3 It is the expansion of the present Ethernet standards and the first international standard about the power distribution A term related with POE is PD which is short for Power Device that is the device accepting the power The ...

Page 616: ...igure circuit break detecting mode of POE port PORT power detect mode compatible standard To configure PD detecting mode of POE port PORT power disconnect ac dc To configure circuit detecting mode of POE port PORT power priority critical high medium low To configure priority level of POE port PORT power recover time 0 30 To configure wrong resuming time of POE port PORT power threshold mode classi...

Page 617: ...n only detects standard PD equipment which is ruled by 802 3AF Default Status Use the compatible detecting mode power disconnect The command is used for configuring circuit broken detecting mode of POE port power disconnect ac dc Syntax Description ac Alternating current broken detecting mode Standare Direct current broken detecting mode Default Status Use the alternating current broken detecting ...

Page 618: ...n Hierarchical mode the PD hierarchical power is the largest power max The largest power mode the power of CLASS0 is taken as the largest power user User configuration mode it is used combining with command of power port max power Default Status Use hierarchical mode power port max power The command is used for configuring the largest power restriction of the POE port After using the command to co...

Page 619: ...matically detects the PD equipment and it is automatically electric charging it has dynamic FIFS power management mode When the hierarchical power of the new connected PD is less than rest useable power the mode supplies no electricity to it static priority Dynamic PRI mode it automatically detects the PD equipment and it is automatically electric charging it has dynamic priority power management ...

Page 620: ...al power of POE system EN show power configure portlist To inquire current configured information of POE port EN show power detect portlist To inquire PD detecting result of POE port EN show power pd status portlist To inquire PD status information of POE port EN show power summary To show configured information and PD information of all POE ports EN Notes The range of POE port can be configured t...

Page 621: ...0 configuration Displayed Result Description and Analysis POE Function Enable The POE function of the port has already opened Power UP Enable The port can charge the PD equipment Priority Low The priority of port is LOW Detect Mode Point 4 detection and legacy detection The PD detecting mode is compatible detecting mode Classification Mode 802 3AF classificaion PD hierarchical mode is standard hie...

Page 622: ...owered Device Standard PD equipment Error Type None No fault Power Class CLASS0 15 4W PD is classified to CLASS0 To display PD status information of port 0 3 switch show power pd status 0 3 Power Over Ethernet port 0 3 status information Displayed Result Description and Analysis Powered device current 4 0mA Electric current of PD Powered device voltage 46 8V Voltage of PD Powered device power 0 1W...

Page 623: ...ing serial port such as com1 and set its attributes 9600 baud rate the soft flow control 8 data bits no parity and 1 stop bit Step 2 Enter the Monitor Mode If some information similar to Monitor version 2 02 is Booting c enter monitor mode is displayed on the screen when the switch starts up you can press CTRL C to enter the Monitor mode immediately The prompt character of the mode is mpMonitor or...

Page 624: ...de the bin file of application We take Signamax TFTP server as an example to describe the upgrade Open Signamax TFTP server click Option O button on tool bar and the following interface appears Configure Public path in the directory of the program which needs to be upgraded configure server IP address as the local PC address configure server port as the TFTP server port 69 the others can be config...

Page 625: ... the switch after the upgrade is finished Here the M1000 series monitor prompts you Do you really update sp1 g 6 1 0 bin yes no You can either enter n CR to cancel the operation or enter y CR to implement the operation to upgrade If you enter y CR the switch prompts the following information downloading IOS 2688708 Bytes Omitting the middle information OK Download sp1 g 6 1 0 bin 5963936 Bytes suc...

Page 626: ...s follows Ping and groupping command test network connectivity and test whether the reachability of the destination Traceroute command test the data packets route information Netstat command view network interface status and detailed statistics information Show command view the system statistics information and system status Ping Command and Groupping Command Test Network Connectivity and Destinat...

Page 627: ...umber of the sent ICMP echo request packets is 5 the waiting time is 2s Example switch ping1 1 1 1 l 80 send the echo request packet with 80 bytes to 1 1 1 1 host to test whether the switch can access the host Note You can stop the ping procedure by pressing Ctrl Shift 6 on the keyboard After the ping command no options like n are added after it has been executed you will see the following onscree...

Page 628: ...pecify the value range of the ICMP request packet size the default value is no Output result Press key ctrl shift 6 interrupt it Sending 20 1000 byte ICMP Echos to 192 168 8 1 timeout is 1 seconds Success rate is 100 20 20 Round trip min avg max 0 12 16 ms Example 2 After you choose the extended command options you can set the options such as source route record timestamp and display detailed info...

Page 629: ...4 2000 Maximum the default value is 18024 Sweep interval 1 10 The increasing interval between two neighboring ICMP packet sizes the default value is 1 Output result Press key ctrl shift 6 interrupt it Sending 372490 72 2000 byte ICMP Echos to 128 255 255 1 timeout is 1 seconds Packet has IP options Total option bytes 40 Loose source route 128 255 255 223 128 255 255 1 Record route number 3 Record ...

Page 630: ...the network connectivity and analyze the network fault Traceroute executing procedure Send a data packet with TTL as 1 Therefore the first hop router sends back an ICMP timeout error packet since TTL 0 and then this data packet is re sent and TTL is 2 Similarly the second hop router returns ICMP error packet since when passing the second router TTL 0 This process performs ceaselessly till arriving...

Page 631: ...rce address interface Timeout in seconds 3 Permitted maximum delay the default value is 3 seconds Probe count 3 The number of the sent detecting packets with the same TTL value the default value is 3 Minimum Time to Live 1 The default minimum TTL value of the sent detecting packet the default value is 1 Maximum Time to Live 30 The default maximum TTL value of the sent detecting packet the default ...

Page 632: ...detailed information Loose Strict Record Timestamp Verbose L t Number of hops 7 7 Specify the number of hops of time record Loose Strict Record Timestamp Verbose LTV v Don t print detailed information Loose Strict Record Timestamp Verbose LT Output result Type escape sequence to abort Tracing the route to 192 168 8 254 min ttl 1 max ttl 30 Packet has IP options Total option bytes 40 Loose source r...

Page 633: ...on of the switch m Display the data buffer information of the network stack n Display the system buffer information of the network stack p Display the special protocol statistics information Support igmp icmp ip tcp and udp protocols r Display route list information s Display all abstract statistics information of the IP protocol CR Display TCP UDP protocol connection and port information Show Com...

Page 634: ...functions that Signamax switches support For details please refer to related chapters How to Diagnose Network Fault Troubleshooting of LAN Interface Ping packets are sent from PC to Ethernet interface of the switch If there is no response or packet loss is serious when there is lots of data flow it means the fault is on Ethernet interface Check the fault on Ethernet interface according to the foll...

Page 635: ... packet is returned or packet loss is not serious when test machine pings the Ethernet interface of the switch this indicates that the configuration of switch Ethernet interface is not correct After confirming that the configuration of Ethernet interface is wrong locate the fault as follows 1 Whether the protocol is matching Currently Ethernet interface supports two IP frame types including Ethern...

Page 636: ...ption Configuration Mode controller pwe3 To enter PWE3 global configuration mode config link type e1 t1 To set the link type of all TDM ports by default it is E1 config pwe3 rtp mode absolute differential To select the generating mode of the time stamp in the RTP head by default it is absolute When differential is adopted there must be input clock on CLK socket config pwe3 report link mac bundle T...

Page 637: ...s the modes that can execute the configuration modes such as config and config pwe3 rtp mode The command is meaningful when only data packets have the RTP head fields Syntax Description rtp mode absolute The time stamp in the RTP head is added 1 per 125us It is used for auto sensing clock mode no need to input reference clock outside rtp mode differential The time stamp in the RTP head increases b...

Page 638: ...pback local remote analog dual payload framer To enable the port loopback config tdm no loopback To disable the port loopback config tdm mode unframed ccs cas esf sf To set the frame format of the TDM port unframed ccs and cas are used for E1 esf and sf are used for T1 config tdm crc4 tx rx both To enable CRC4 of E1 config tdm no crc4 To disable CRC4 of E1 config tdm channel group group num timesl...

Page 639: ... device cannot be set as the inner clock mode clock source recovery The TDM sending clock is recovered from the PSN network By default the input clock of CLK socket is not needed If the input 25MHz clock of the CLK socket is needed the RTP mode must be set as differential Meanwhile select on RAW bundle of the port as clock master and enable the RTP head Default status line loopback This command is...

Page 640: ...el group This command is used to set the frame format of the TDM signals Syntax Description channel group group num timeslots range Select specified time slots to form a bundle In unframed mode the command cannot be used The bundle name is cesslot unit group num channel group group num unframed Create an unframed bundle In framed mode the command cannot be used The bundle name is cesslot unit grou...

Page 641: ...r clock source recovery configuration Only RAW bundle can be set as clock master config bundle xconnect ip addr bundle id To enable bundle connection and specify the destination IP address and bundle ID The bundle ID is used to identify one bundle connection config bundle no xconnect To disable the bundle connection config bundle loopback local remote To enable the bundle loopback this is valid on...

Page 642: ... frame is the total of payload protocol head RTP head if it is enabled and CW head If the payload is set too large the Ethernet frame may be discarded 2 The larger the payload the fewer Ethernet frames generated per unit time The smaller the payload the more Ethernet frames generated per unit time PWE3 Configuration Examples Two 065 7434 Signamax 24 Port 10 100 L3 Switches connect to one DSU CSU d...

Page 643: ...nd bundle ID is 1 SW 2 configure terminal Enter the configuration mode SW 2 config interface vlan1 Enter the VLAN interface configuration SW 2 config if vlan1 ip address 128 255 41 6 255 255 0 0 Configure the IP address which is at the same segment with the IP address of SW 1 SW 2 config if vlan1 keepalive gateway 128 255 41 7 10 5 Set the IP address of SW 1 as the gateway and enable the keepalive...

Page 644: ...he value range is 0 7 Displayed Result Description Adaptive Clock State IDLE If the port adopts recovery clock it reflects the current adaptive clock status When the status is in TRK1 or TRK2 the recovery clock is normal Receive Loss of Signal Condition 0 Whether the TDM port is in the signal loss status Receive Loss of Frame Condition 0 Whether the TDM port is in the synchronization loss status F...

Page 645: ...inner clock CE line clock PE inner clock PE inner clock CE line clock CE line clock PE external clock PE external clock CE line clock 5 In the RAW mode of bundle the following network clock modes are supported CE inner clock PE line clock PE recovery clock CE line clock CE line clock PE inner clock PE recovery clock CE line clock CE line clock PE external clock PE recovery clock CE line clock CE l...

Page 646: ...emote login operations The buffer speeds up converting the host name to address IP defines one naming method and allows a device to be identified by the location in IP This is one layered naming method provided for the domain To keep tracking the domain name IP defines the concept of the domain name server It is to keep a buffer database which maps the domain name to IP address To map the domain n...

Page 647: ...e corresponding addresses that is the mapping of host names to addresses The advanced protocols such as telnet adopt the host name to identify the network device host The switches and other network devices can realize the association of IP addresses via static or dynamic tools When the dynamic mapping is unavailable you can assign host name for the address manually ip host vrf vrf name host name i...

Page 648: ... service for DNS ip name server vrf vrf name ip address no ip name server vrf vrf name ip address Syntax Description ip address Define a domain name server address vrf vrf name Specify the corresponding VRF of the host table Default status No ip name order When using the domain name service for domain name resolution the system first uses the local host name Cache by default If the local host name...

Page 649: ... signamax eu no ip name order Syntax Description dns first DNS server query is preferential dns only Query only on the DNS server local first The local query is preferential Default status The default value is local first ...

Page 650: ...ponse packets so as to realize the layer 3 inter connection between the layer 2 separated ports The users in Sub VLAN use the IP addresses of Super VLAN as the gateway to perform layer 3 communication Multiple sub VLAN functions save the IP addresses via a network segment The VLANs added into Super VLAN become the sub VLANs The communication in one sub VLAN completely belongs to common layer 2 com...

Page 651: ...lanxxx sub vlan vlanlist Add sub VLANs into Super VLAN config super vlanxxx arp proxy enable Enable the ARP proxy in Super VLAN config super vlanxxx super vlan This command is used to create Super VLAN The no format of the command is used to delete the super VLAN super vlan vlanId no super vlan vlanId Syntax Description vlanId Super VLAN ID the value range is 2 4094 Note The Super VLAN IDs cannot ...

Page 652: ...system One sub VLAN can be added into only one Super VLAN When the common VLAN is configured with VLAN interface it cannot become sub VLAN The user needs to delete the interface so that the common VLAN can be added into the Super VLAN After the common VLAN is added into Super VLAN and become sub VLAN the user still can add ports to the sub VLAN or delete ports from the Sub VLAN Note One Super VLAN...

Page 653: ...3 interfaces of the Super VLAN as the network management to communicate with the outside The switch configuration Command Description switch config port 0 2 port access vlan 5 Add the port to VLAN 5 switch config port 0 3 port access vlan 5 Add the port to VLAN 5 switch config port 0 4 port access vlan 6 Add the port to VLAN 6 switch config port 0 5 port access vlan 6 Add the port to VLAN 6 switch...

Page 654: ...ands Command Description show super vlan vlanId View the selective Super VLAN information Monitoring Command Example switch show vlan dot1q tunnel Displayed result NO SuperVlan Description Arp Proxy SubVlan Member 1 2 SuperVLAN0002 disable 5 7 9 2 3 SuperVLAN0003 enable 4 6 8 3 10 SuperVLAN0010 disable 11 13 15 4 19 SuperVLAN0019 disable Description and analysis NO displays the serial number Descr...

Page 655: ...287 SIGNAMAX LLC www signamax eu Sub VLAN members in the system ...

Page 656: ...addresses from passing the port and improve the port security After receiving packets the port searches the bound items of IP Source Guard and processes the packets according to the specified filtering mode as follows When the filtering mode of the port is IP filtering If the source IP address of the packet is the same as the IP address recorded in the bound items the port forwards the packet othe...

Page 657: ...no ip source binding mac addr vlan num ip addr Delete the corresponding static binding table config port xx config link aggregation x no ip source binding all Delete the all static binding table on the corresponding port config port xx config link aggregation x Note The symbol before the command description means that there is the configuration example to describe the command in details ip source ...

Page 658: ...switching chip hardware resources are not enough seriously to make the resource usage reaches the maximum value the binding items occupy the pre distributed resources Meanwhile after the IP Source Guard function is disabled on the port the pre distributed resources of the port are released but maybe the resources cannot be used for writing into the binding table no ip source binding mac addr vlan ...

Page 659: ... connected to Internet via the switch only after being bound with the address The IP packets sent from the un bound address are regarded as illegal packets and are filtered Port configuration Command Description switch config port 0 1 Enter the port configuration mode switch config port 0 1 ip verify source ip mac Enable the IP Source Guard function in IP MAC filtering mode switch config port 0 1 ...

Page 660: ... configure terminal Enter the global configuration mode switch config dhcp snooping Enable the DHCP Snooping function switch config exit Exit the global configuration mode Port configuration Command Description switch config port 0 1 Enter the port configuration mode switch config port 0 1 dhcp snooping limit rate 66 Configure the port rate as 66pps switch config port 0 1 no dhcp snooping trust Se...

Page 661: ... status of the IP Source Guard function on the port verify type the checking type of the IP Source Guard function switch show ip binding table Displayed result IP Source bindging table macAddr ipAddr vlan port ipsgflag 0006 0007 0007 1 6 6 7 1 0 1 write 0002 0002 0002 2 2 2 2 1 0 1 write 0006 0007 0006 1 6 6 6 1 0 1 write 0001 0001 0001 1 1 1 1 1 0 2 write 0003 0003 0003 4 4 4 4 1 0 1 write Descri...

Page 662: ...sult Analysis 00 22 17 IP Source Guard pce set success mode IP MAC Setting hardware items succeeds the filtering mode is IP MAC 00 29 26 IP Source Guard pce release success Releasing hardware resources succeeds 00 30 12 IP Source Guard pce set success mode IP Setting hardware items succeeds the filtering mode is IP 00 09 53 IP Source Guard notify deal event DHCPSP_DATA_CHANGE portId 1 macAddr 001f...

Page 663: ...switch broadcast it in one VLAN When there is loop in the network the packet is forwarded repeatedly in the network At last the network bandwidth is consumed up which results in the abnormal communication When enabling loopback detection function on the port send Loopback packets regularly and check whether there is loop in the network When the port receives the loopback packets sent from the loca...

Page 664: ...time 5 300 It is the interval of sending the loopback detection packets the value range is 5 300s loopback detection interval time Do not specify the interval of sending the loopback detection packets the default value is 30s no loopback detection down Make the loopdown port with loopback detection function up fast no loopback detection interval time Disable the loopback detection function of the ...

Page 665: ...ort 10 100 L3 Switch_2 via the network cable use the network cable to connect port 0 3 of 065 7434 Signamax 24 Port 10 100 L3 Switch_2 with port 0 4 of 065 7434 Signamax 24 Port 10 100 L3 Switch_2 add port 0 1 of 065 7434 Signamax 24 Port 10 100 L3 Switch_1 and port 0 2 port 0 3 and port 0 4 of 065 7434 Signamax 24 Port 10 100 L3 Switch_2 into VLAN 10 in tagged mode Now the user hopes to use the l...

Page 666: ...ge port hybrid vlan 10 tagged Add port 0 2 port 0 3 and port 0 4 to VLAN 10 in tagged mode Monitoring and Debugging of Loopback Detection Monitoring Commands of Loopback Detection Command Description show loopback detection This command displays the enabling status of loopback detection function on the port the time of sending loopback packets and the current status of the port Monitoring Command ...

Page 667: ...t the port is blocked by the loopback detection module Debugging Commands The loopback detection provides basic debugging commands to analyze the protocol packets The debugging information includes the packet information and port status information Command Description debug loopback detection Enable loopback detection debugging information no debug loopback detection Disable loopback detection deb...

Page 668: ...OOP_BACK_DETECTED port 0 1 State LBD_LINK_DOWN 00 40 08 LOOP_BACK_DETECTED port 0 1 send tag packet 00 01 7A 4F 49 57 00 01 7A 4F 49 54 81 00 40 0A 90 00 00 00 01 00 00 02 00 40 09 LOOP_BACK_DETECTED port 0 1 State LBD_LINK_DOWN 00 40 09 LOOP_BACK_DETECTED port 0 1 send tag packet 00 01 7A 4F 49 57 00 01 7A 4F 49 54 81 00 40 0A 90 00 00 00 01 00 00 02 00 40 10 LOOP_BACK_DETECTED port 0 1 State LBD...

Page 669: ... 02 00 40 15 LOOP_BACK_DETECTED port 0 1 State LBD_LINK_DOWN 00 40 15 LOOP_BACK_DETECTED port 0 1 send tag packet 00 01 7A 4F 49 57 00 01 7A 4F 49 54 81 00 40 0A 90 00 00 00 01 00 00 02 00 40 16 LOOP_BACK_DETECTED port 0 1 State LBD_LINK_DOWN 00 40 16 LOOP_BACK_DETECTED port 0 1 send tag packet 00 01 7A 4F 49 57 00 01 7A 4F 49 54 81 00 40 0A 90 00 00 00 01 00 00 02 00 40 17 LOOP_BACK_DETECTED port...

Search results

Summary of Contents for 065-7434

Reviews:

Related manuals for 065-7434

Brands by name

Popular brands

SignaMax 065-7434, Configuration Manual

Search results

Summary of Contents for 065-7434

Reviews:

Related manuals for 065-7434

Brands by name

Popular brands