ZyXEL Communications IES4005M User Manual Download Page 97 | Manualshive

Page: 97 / 236

background image

Chapter 11 Management

IES4005M User’s Guide

97

11.8 AAA Commands

Use these commands to configure authentication, authorization and accounting on the IES.

Authentication, Authorization, Accounting (AAA)

Authentication is the process of determining who a user is and validating access to the system. The
system can authenticate users who try to log in based on user accounts configured on the system
itself. The system can also use an external authentication server to authenticate a large number of
users.

Authorization is the process of determining what a user is allowed to do. Different user accounts
may have higher or lower privilege levels associated with them. For example, user A may have the
right to create new login accounts on the system but user B cannot. The system can authorize users
based on user accounts configured on the system itself or it can use an external server to authorize
a large number of users.

Accounting is the process of recording what a user is doing. The system can use an external server
to track when users log in, log out, execute commands and so on. Accounting can also record
system related actions such as boot up and shut down times of the system.

The external servers that perform authentication, authorization and accounting functions are known
as AAA servers. The system supports RADIUS (Remote Authentication Dial-In User Service) and
(Terminal Access Controller Access-Control System Plus) as external authentication and
accounting servers. The system supports as external authorization server only.

Local User Accounts

By storing user profiles locally on the IES, your IES is able to authenticate and authorize users
without interacting with a network authentication server. However, there is a limit on the number of
users you may authenticate in this way.

RADIUS and

RADIUS and are security protocols used to authenticate users by means of an external
server instead of (or in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS and authentication both allow you to validate
an unlimited number of users from a central location.

The following table describes some key differences between RADIUS and .

Table 68

RADIUS vs.

RADIUS

Transport Protocol

UDP (User Datagram Protocol)

TCP (Transmission Control Protocol)

Encryption

Encrypts the password sent for
authentication.

All communication between the IES and
the server is encrypted.

«
...
95
96
97
98
99
...
»

Summary of Contents for IES4005M

Page 1: ...Quick Start Guide www zyxel com IES4005M 2U 5 slot Temperature Hardened Chassis MSAN Version 3 6 Edition 1 3 2014 Copyright 2014 ZyXEL Communications Corporation User s Guide...

Page 2: ...product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is accurate Related Documentation Support...

Page 3: ...de 3 Contents Overview Introduction 19 System Introduction 21 Installation and Connections 25 Hardware Installation and Connections 27 Maintenance and Troubleshooting 57 Maintenance 59 Hardware Troubl...

Page 4: ...Contents Overview IES4005M User s Guide 4...

Page 5: ...ding the IES 17 2 4 System Overview 19 Chapter 3 Management Cards 21 3 1 The MSC1401G Management Card 21 3 1 1 MSC1401G Front Panel 21 3 1 2 MSC1401G Ports 22 3 1 3 GPON SFP Transceiver Specifications...

Page 6: ...4 2 Ports 35 4 4 3 Pin Assignments 35 4 4 4 Specifications 36 4 5 Power Consumption 36 Chapter 5 Power Supply Unit 39 5 1 AC Power Supply Unit 39 5 1 1 Front Panel 39 5 1 2 Port 39 5 1 3 Specificatio...

Page 7: ...50 7 4 4 Specifications 51 7 5 Ethernet Cables 51 7 5 1 Application 51 7 5 2 Appearance 51 7 5 3 Pin Assignments 52 7 5 4 Specifications 53 7 6 RJ 45 DB 9 Cable 53 7 6 1 Application 53 7 6 2 Appearan...

Page 8: ...Common Command Notation 70 9 5 Command Summary 71 9 6 Privilege Levels Accounts and Passwords 72 9 6 1 Command Example 73 9 6 2 Privilege Levels for Login Accounts 74 9 6 3 Privilege Levels for Sessio...

Page 9: ...nce Management Commands Summary 103 11 9 2 Command Examples 105 11 10 Remote Management 105 11 10 1 Remote Management Commands Summary 105 11 10 2 Command Examples 106 Chapter 12 Line Card Management...

Page 10: ...ic Multicast Commands Summary 139 17 1 1 Command Examples 140 Chapter 18 IP 141 18 1 IP Commands Summary 141 Chapter 19 IPv6 143 19 1 IPv6 Commands Summary 148 Chapter 20 MTU 149 20 1 MTU Commands Sum...

Page 11: ...1 7 Multicast VLAN 183 25 1 8 Management and VoIP VLAN 183 25 2 General VLAN Commands 184 25 2 1 Command Examples 184 25 3 Transparent VLAN Commands 185 25 3 1 Command Examples 186 25 4 VLAN TLS Comm...

Page 12: ...Lockout 216 28 5 A Line Card Does Not Become Active 217 28 6 Resetting the Defaults 217 28 6 1 Resetting the Defaults Via CLI Command 217 28 6 2 Recovering the Firmware 218 28 7 No Voice on a DSL Con...

Page 13: ...13 PART I Introduction and Hardware Installation...

Page 14: ...14...

Page 15: ...ed to interrupt the service of other cards to change or service an individual card A single management switch card can provide the convenience of centralized network traffic supervision 1 2 Applicatio...

Page 16: ...1 Application Multi tenant Unit MTU 1 2 2 Central Office Application The IES provides DSL and voice service over telephone wires to subscribers The following figure shows the IES setup in a telephone...

Page 17: ...IES with AC power supply refer to Chapter 4 on page 36 Figure 3 IES Front Panel with MSC1401G and IES4005M DC Figure 4 IES Front Panel with MSC1002G and IES4005M DC 2 2 Deployment Use mounting bracket...

Page 18: ...he field environment Use the shortest path to the ground Type of cable terminal gauge 4 4 5 mm recommended Type of cable sleeved Cable color green and yellow required by safety The cable must be attac...

Page 19: ...ts the power to the fan module line cards and management card Subscriber devices connect to the IES line cards through subscriber cables and to the IP network through the management card Different lin...

Page 20: ...Chapter 2 IES Chassis IES4005M User s Guide 20...

Page 21: ...le 1 MSC1401G LED Descriptions LED COLOR STATUS DESCRIPTION PWR Green On The management switch card is installed and receiving power from the main chassis Off The management switch card is not receivi...

Page 22: ...traffic at 100 Mbps On A 100 Mbps Ethernet link is up Off The 100 Mbps Ethernet link is down Table 1 MSC1401G LED Descriptions continued LED COLOR STATUS DESCRIPTION Table 2 MSC1401G Port Description...

Page 23: ...TUS DESCRIPTION PWR Green On The management switch card is installed and receiving power from the main chassis Off The management switch card is not receiving power from the main chassis SYS Green Bli...

Page 24: ...Table 4 Management Switch Card LED Descriptions continued LED COLOR STATUS DESCRIPTION Table 5 Management Card Port Descriptions LABEL DESCRIPTION SFP1 SFP2 These are slots for SFP Small Form Factor P...

Page 25: ...arm occurs 3 2 4 MSC1002G Specifications Note The following table lists the MSC1002G s specifications 3 2 5 Gigabit Ethernet SFP Transceiver Specifications See Chapter 29 on page 221 for optical speci...

Page 26: ...ne cards Use the subtending mode to daisy chain other Ethernet switches With subtending mode the management switch card allows traffic between the ports in subtending mode and the ports in uplink mode...

Page 27: ...transceiver SFP module from the slot 1 Remove the fiber optic cables from the transceiver 2 Unlock the transceiver s latch latch styles vary 3 Pull the transceiver out of the slot 4 Put the transceiv...

Page 28: ...o a UPS Figure 12 CONSOLE2 RJ 45 Female Connector Table 8 CONSOLE1 Port PIN Layout PIN NO NAME 1 NC 2 WA3 TX 3 WA3 RX 4 GND Table 9 CONSOLE2 Port PIN Layout PIN NO NAME NOTE 1 DTR RS 232 for UPS 2 CTS...

Page 29: ...t Panel Table 10 Slots and Cards SLOT TYPE MODULE OR CARD NAME FUNCTION NUMBER OF SLOTS Fan IES4005M FAN Controls and monitors the fans This module is hot swappable 1 Power IES4005M AC Converts AC inp...

Page 30: ...figure and table describe the pinouts of the Telco 64 connectors Table 11 ALC1132G 51 LED Descriptions LED COLOR STATUS DESCRIPTION PWR Green On The line card is turned on Off The line card is turned...

Page 31: ...air 12 43 44 ADSL2 pair 12 13 14 POTS pair 13 13 14 ADSL2 pair 13 45 46 POTS pair 14 45 46 ADSL2 pair 14 15 16 POTS pair 15 15 16 ADSL2 pair 15 47 48 POTS pair 16 47 48 ADSL2 pair 16 17 18 POTS pair 1...

Page 32: ...ble describes the ports on VLC1132G 51 s front panel Table 14 ALC1132G 51 s Specifications ITEM VALUE Dimensions Height 16 mm 0 6 inches Width 260 mm 10 2 inches Depth 228 mm 9 inches Maximum Power Co...

Page 33: ...7 7 8 VDSL2 pair 7 39 40 POTS pair 8 39 40 VDSL2 pair 8 9 10 POTS pair 9 9 10 VDSL2 pair 9 41 42 POTS pair 10 41 42 VDSL2 pair 10 11 12 POTS pair 11 11 12 VDSL2 pair 11 43 44 POTS pair 12 43 44 VDSL2...

Page 34: ...air 29 61 62 POTS pair 30 61 62 VDSL2 pair 30 31 32 POTS pair 31 31 32 VDSL2 pair 31 63 64 POTS pair 32 63 64 VDSL2 pair 32 Table 17 VLC1132G 51 POTS 1 32 and LINE 1 32 Telco 64 Connector PIN Layout c...

Page 35: ...Ring Pin Tip Pin Function Ring Pin Tip Pin Function 1 2 POTS pair 1 1 2 POTS pair 33 33 34 POTS pair 2 33 34 POTS pair 34 3 4 POTS pair 3 3 4 POTS pair 35 35 36 POTS pair 4 35 36 POTS pair 36 5 6 POTS...

Page 36: ...29 30 POTS pair 61 61 62 POTS pair 30 61 62 POTS pair 62 31 32 POTS pair 31 31 32 POTS pair 63 63 64 POTS pair 32 63 64 POTS pair 64 Table 21 VOP1164G 61 s POTS 1 32 and 33 64 Telco 64 Connector PIN L...

Page 37: ...Chapter 4 Line Cards IES4005M User s Guide 37 Battery voltage 35 V Loop current 20 mA Table 23 Example General Power Consumption Specifications ITEM VALUE...

Page 38: ...Chapter 4 Line Cards IES4005M User s Guide 38...

Page 39: ...005M AC is located on the front panel This table describes the port Table 24 IES4005M AC LED Descriptions COLOR STATUS DESCRIPTION Green On The power module is turned on and receiving power Off The po...

Page 40: ...0 mm x 233 mm x 41 2 mm Max Power Consumption 96 6 W at the system s maximum power consumption The lower the system s overall power consumption the lower the IES4005M AC s power consumption Table 27 I...

Page 41: ...crews 3 Connect power wires to the negative power terminals on the front of the power module and tighten the terminal screw 4 Connect the other ends of the power wires to the 48 V terminal on the powe...

Page 42: ...Chapter 5 Power Supply Unit IES4005M User s Guide 42...

Page 43: ...ions as follows 6 2 1 Heat Dissipation The fan tray is installed at the left side of the IES chassis and blows air to dissipate heat Air flows into the left side of the chassis and passes the boards b...

Page 44: ...justs the rotation speed of the fans based on the detected temperature You can also manually set the high and low fan speed limits for raising an alarm on a specific fan 6 5 1 Automatic Adjustment The...

Page 45: ...alarm on a specific fan See the hw monitor fan speed threshold command in Section 11 3 on page 88 for details 6 6 Parameters This section provides the physical specifications for the fan module Table...

Page 46: ...Chapter 6 Fan Module IES4005M User s Guide 46...

Page 47: ...th a PHS 301RL connector supplies the operating voltage for the IES chassis The connections are as follows The end of the power cord with the PHS 301RL connector connects to the AC power input connect...

Page 48: ...mple 7 2 DC Power Wires The DC power wires transmit DC power to the IES Table 32 AC Power Cord Specifications ITEM DESCRIPTION Input Power AC input voltage range 100 240 VAC single phase AC input freq...

Page 49: ...otect against lightning and interference functions 7 3 1 Application The frame ground cable must be attached to the IES using an M4 machine screw with a suitable lock washer The other end must be secu...

Page 50: ...socket connects to a computer 7 4 2 Appearance The following figure shows a local management cable Figure 25 Mini RJ 11 DB 9 Cable 7 4 3 Pin Assignments The following diagram and chart show the pin as...

Page 51: ...erver to form the IES s upstream data connection A straight through or crossover Ethernet LAN cable connects the IES s MGMT port to a computer or network for out of band maintenance and management 7 5...

Page 52: ...n performance make sure the wires connected to pins 1 and 2 and to pins 3 and 6 are twisted pairs Table 37 Straight through Ethernet LAN Cable PIN Layout X1 PIN TIP COLOR X2 PIN 1 White and orange 1 2...

Page 53: ...a UPS 7 6 2 Appearance The following figure shows a one RJ 45 to two DB 9 cable Connect the DB 9 connector labeled MB to a UPS At the time of writing the MSC1002G does not use the other DB 9 connecto...

Page 54: ...e line cards for transmitting data and audio signals Table 41 RJ 45 DB 9 Cable PIN Layout RJ 45 DB 9 CONNECTED TO A UPS PIN NO COLOR NAME 1 White Orange DTR 2 Orange CTS 3 White Green RXD PON 4 Blue G...

Page 55: ...front of a line card The other end of the cable can be bare wires for connecting directly to an MDF Alternatively attach RJ 11 connectors and connect directly to DSL modems or telephones 7 7 2 Appeara...

Page 56: ...ble carries upstream and downstream traffic between the MSC1002G card and the active Gigabit Ethernet network MSC1002G converts the downstream traffic from the signal sent by the peer Gigabit Ethernet...

Page 57: ...ecifications of the supported optical transceivers 7 8 3 GPON SFP Transceiver Specifications Applications Access Networks Fiber to the Home Curb Office FTTx Point to Multipoint Service P2MP ITU T G 98...

Page 58: ...Chapter 7 Cables IES4005M User s Guide 58...

Page 59: ...g power connections and turning on the IES 8 2 Main Chassis Installation This section explains how to install the main chassis on a rack 8 2 1 Rack mounted Installation Requirements Make sure the rack...

Page 60: ...is Figure 33 Attaching Mounting Brackets to the IES 4 Position a mounting bracket that is already attached to the main chassis on one side of the rack lining up the screw holes on the bracket with the...

Page 61: ...enter of the front panel of the card with one hand and place the other hand under the card to support it 2 Insert the card halfway into the slot and spread the two ejector levers outward Make sure the...

Page 62: ...Chapter 8 Hardware Installation IES4005M User s Guide 62 5 Tighten the two thumbscrews Figure 35 Installing a Line Card 1 2 3...

Page 63: ...e two ejector levers firmly until the front of the card is clear of the main chassis Pull the ejector levers until they are perpendicular to the front panel Note The MSC has more connector pins than t...

Page 64: ...Chapter 8 Hardware Installation IES4005M User s Guide 64 Figure 36 Removing a Line Card 1 2 3...

Page 65: ...65 PART II Commands...

Page 66: ...66...

Page 67: ...e CLI from a computer connected to the MGMT port 1 Connect your computer to the MGMT port 2 Open a Telnet session to the IES s IP address If this is your first login use the default values Make sure y...

Page 68: ...mmand to check the STPID first If the aggregated switch s STPID is 0x88a8 then ignore this step 2 Configure the switch to add VLAN tag 1 to any packets it forwards from the computer towards the IES 3...

Page 69: ...snmp server contact system contact location system location the contact and location fields are optional The cr means press the ENTER key 9 3 1 Entering Partial Commands The CLI does not accept parti...

Page 70: ...subnet mask of an IP address The range is 0 to 32 for IPv4 or 0 to 128 for IPv6 To find the bit number convert the subnet mask to binary and add all of the 1 s together Take 255 255 255 0 for example...

Page 71: ...lable in user mode if the level P is less than 13 C The command is available in config not indented or one of the config indented modes pvid vid This represents a VLAN identifier VLAN ID The range is...

Page 72: ...ple logins and administrator and enable passwords 14 Configure login accounts login precedence multiple logins and administrator and enable passwords Table 53 Login Account and Password Command Parame...

Page 73: ...le password of the specified privilege enable mode Each command has a privilege level A user can only use commands with privilege levels equal to or lower than his current privilege enable mode passwo...

Page 74: ...ult password for the enable mode you have to set a password for it first The following command sets the enable password to 123456 In the following example the login user account has a privilege level...

Page 75: ...CLI is divided into modes Certain commands are available in certain command modes The modes that are available depend on the session s privilege level 9 7 1 Modes for Privilege Levels 0 12 If the sess...

Page 76: ...o the IES 9 9 Dual Configuration Files The IES also supports dual configuration files that you can switch between 9 10 Saving Your Configuration When you run a command the IES saves any changes to its...

Page 77: ...Chapter 9 The CLI IES4005M User s Guide 77 Enter the exit command in enable mode to log out of the CLI See Section 9 7 on page 75 for more information about modes...

Page 78: ...Chapter 9 The CLI IES4005M User s Guide 78...

Page 79: ...lphanumeric characters long 10 2 Changing the Enable Password Note It is recommended you change the default enable password Use this command to change the enable password password password where passw...

Page 80: ...IP address to access the IES 10 4 Changing the Management VLAN This command changes the inband management VLAN IP ip inband mgmt vlan mgmt vid Note After the following example configuration you must c...

Page 81: ...ddress 00 13 49 00 00 01 System up time 0 days 0 17 04 Bootbase version V1 02 08 28 2013 F W build date Aug 28 2013 17 40 13 Hardware version Serial number Console baudrate 115200 bps ras show running...

Page 82: ...propriate type of line card before you can use a card in the slot see Section 12 1 1 on page 107 Otherwise any line cards you install in the slot will not be active You can check the status of all slo...

Page 83: ...ION DESCRIPTION alarm A category of alarms eqpt represents equipment alarms dsl represents Digital Subscriber Line DSL alarms enet represents Ethernet alarms sys represents system alarms voip represen...

Page 84: ...alarm alarm condition condition severity severity syslog facility facility target target clearable Configures the specified alarm definition condition check the alarm definition table for allowed con...

Page 85: ...sending alarms about these ports This applies when you enable alarm line control on these ports C 13 show interface ge port alarm notification severity Displays the minimum severity level to send out...

Page 86: ...arm dua Disables polling of a UPS and clears all issued delta UPS alarms C 13 show alarm dua Displays whether delta UPS alarm is enabled UPS model name and UPS firmware version E 1 alarm sys suppress...

Page 87: ...3 show alarm coa Displays the CPU overload alarm related settings E 1 Table 58 Alarm Commands Summary continued COMMAND DESCRIPTION M P Table 59 Date and Time Command Parameters NOTATION DESCRIPTION h...

Page 88: ...ovember at 2 A M local time In the European Union Daylight Saving Time ends on the last Sunday of October at 1 A M GMT or UTC so the o clock field depends on your time zone C 13 show time server Displ...

Page 89: ...ware Monitor Commands Summary continued COMMAND DESCRIPTION M P Table 62 Running Configuration Commands Summary COMMAND DESCRIPTION M P copy running config interface dsl slot port slot portlist attrib...

Page 90: ...e current configuration file This file contains the commands that change the IES s configuration from the default settings to the current configuration Optionally displays current operating configurat...

Page 91: ...er of TCP IP protocol suite A manager station can manage and monitor the system through the network via SNMP version one SNMPv1 and or SNMP version 2c The next figure illustrates an SNMP management op...

Page 92: ...is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager age...

Page 93: ...ommonly used parameter notation for these commands This table describes the commands Table 64 SNMP Server Command Parameters NOTATION DESCRIPTION property 1 31 English printable characters spaces are...

Page 94: ...e through the console port and use the ATBI command For example ATBI1 has the IES use the first firmware ATBI2 has it use the second After the system successfully boots up use the show boot image comm...

Page 95: ...nfig Displays the configuration file currently in use E 13 hostname hostname Sets the system name for identification purposes hostname up to 31 printable characters spaces are allowed C 13 contact con...

Page 96: ...r file firmware bin to the IES ftp get config config cfg This is a sample FTP session saving the current configuration to a file called config cfg on your computer If your T FTP client does not allow...

Page 97: ...up and shut down times of the system The external servers that perform authentication authorization and accounting functions are known as AAA servers The system supports RADIUS Remote Authentication D...

Page 98: ...e authentication server s mode to the default C 13 no aaa server authentication radius timeout Resets the timeout value to the default C 13 show aaa server authentication radius Displays all RADIUS au...

Page 99: ...S authorization server In index priority mode the timeout is divided by the number of servers you configure For example if you configure two servers and the timeout is 30 seconds then the IES waits 15...

Page 100: ...session stop only to have the system send information to the accounting server only when a user ends a session method radius or tacacs C 13 aaa accounting command privilege privilege stop only tacacs...

Page 101: ...in the TACACS server to only give user A access to VoIP SIP commands privilege 1 14 mode 1 5 1 none to have no authorization 2 local to have the system use its local database This is the default valu...

Page 102: ...ysname configure sysname config aaa authorization privilege 12 3 sysname config exit sysname show aaa authorization Privilege Mode 1 local 2 local 3 local 4 local 5 local 6 local 7 local 8 local 9 loc...

Page 103: ...threshold threshold Configures the number of packets allowed to transmit in any 15 minute period C 13 15min txbcastpkts threshold threshold Configures the number of broadcast packets allowed to transm...

Page 104: ...ist performance Clears current historical 15 minutes and historical 1 day Ethernet line status on the specified GE ports E 13 show interface ge nni portlist performance current 15 min 1 day Displays c...

Page 105: ...nt 15 minute or in the past one day time segment E 13 Table 71 performance management commands summary continued Command Description M P ras config ras config ge nni alarm profile Alarm1 ras config Gs...

Page 106: ...ipv6 index Enters the sub command mode for configuring the specified IPv6 trusted host entry C 13 exit Leaves the IPv6 trusted host configuration sub command mode C 13 active Enables the IPv6 trusted...

Page 107: ...ne card you can only use that type of line card in the slot Provisioning a slot with a wrong provision type cannot activate the slot Table 74 Line Card Management Commands Summary COMMAND DESCRIPTION...

Page 108: ...n V3 60 UHM 0 b4 id state card type provision type uptime heat vol mon 1 Active MSC1002G 30 53 2 Idle ALC1132G 51 3 4 Idle VOP1164G 61 5 ras config ras config lcman slot 2 provision type alc ras confi...

Page 109: ...command mode for configuring system wide settings C 13 exit Leaves the system wide settings sub command mode C 13 acl acl profile Use the specified ACL profile for the system C 13 no acl acl profile D...

Page 110: ...ifies an outer VLAN ID C 13 inner pbit pbit Specifies an inner VLAN priority bit pbit 0 7 C 13 outer pbit pbit Specifies an outer VLAN priority bit C 13 source ip range ip mask Specifies a source IP r...

Page 111: ...he profile C 13 no protocol Removes the IP protocol from the profile C 13 no ip precedence Removes the IP precedence from the profile C 13 no dscp Removes the IP DSCP from the profile C 13 no source i...

Page 112: ...network You can specify limits for DLF and broadcast packets no change inner pbit Disables changing the inner VLAN inner priority bit of matching packets C 13 change outer pbit pbit Changes the outer...

Page 113: ...wing section lists the commands for this feature 13 4 Forwarding Database Commands Use these commands to configure the forwarding database settings and display the forwarding database address table Yo...

Page 114: ...For DSL ports use the interface dsl slot portlist and active commands to re activate the UNI port Note Anti spoofing must also be enabled for this to take effect C 13 show fdb spoofing Displays wheth...

Page 115: ...can also specify the VLAN it must use mac unicast MAC address vlan 1 4093 VLAN mode vlan Trunk uni vlan uni vid Trunk uni untag svlan Trunk etype S svlan Trunk etype S C cvlan Translation uni vid Tra...

Page 116: ...s speed and duplex mode The default is auto auto auto negotiation 10 half fixed to 10Base T half duplex 10 full fixed to 10Base T full duplex 100 half fixed to 100Base TX half duplex 100 full fixed t...

Page 117: ...acp Configures and enables the Gigabit Ethernet uplink ports IEEE 802 3ad mode static statically aggregate the GE ports lacp have LACP aggregate and control the GE ports C 13 no dot3ad Turns off link...

Page 118: ...f a loop guard enabled port is connected to a switch in loop state This is accomplished by periodically sending a probe packet and seeing if the packet returns on the same port If this is the case the...

Page 119: ...y IEEE 802 1p priority bit to look for to detect loopguard packets Detecting the loopguard packets fails if the VLAN mode you configured through vlan trunk for example does not match the loopguard VID...

Page 120: ...mmary COMMAND DESCRIPTION M P isolation inactive Allows communications between subscriber ports C 13 no isolation inactive Blocks communications between subscriber ports C 13 show isolation Displays t...

Page 121: ...2 You can also include a range of ports 1 2 C 13 exit Leaves the Gigabit Ethernet uplink port configuration C 13 rstp Enables RSTP on the specified Gigabit Ethernet uplink port C 13 no rstp Disables...

Page 122: ...l slot srcport interface dsl slot dstport mode mode Mirrors the specified traffic from one DSL port srcport to another dstport C 13 mirror interface dsl slot srcport interface dsl slot dstport atm vc...

Page 123: ...ort atm vc vpi vci Disables port mirroring on the specified PVC C 13 no mirror interface ge nni port Disables port mirroring on the specified uplink GE port C 13 no mirror interface fe slot srcport Di...

Page 124: ...Chapter 13 Switch Features IES4005M User s Guide 124...

Page 125: ...use them for different services or levels of service You set the PVID that is assigned to untagged frames received on each channel You also set an IEEE 802 1p priority for each of the PVIDs In this wa...

Page 126: ...tlist atm vc Displays the ATM VC configuration on the specified DSL ports E 13 interface dsl slot portlist Enters the sub command mode for configuring the specified DSL ports C 13 exit Leaves the DSL...

Page 127: ...c DSL ports DHCP Relay Agent Information Option The system can add information to DHCP requests that it relays to a DHCP server This helps provide authentication about the source of the requests You c...

Page 128: ...ice in XX XX XX XX XX XX format where X 0 F dmac2 MAC address of the host device in XXXXXXXXXXXX format where X 0 F dmac3 MAC address of host device in Bytes phtype ATM atm Ethernet eth hmodel model n...

Page 129: ...the DHCPv6 requests forwarded for this VLAN Use option 37 if you need to add extra information beyond what you configure for option 18 Option 37 Remote ID Info is the DHCPv6 equivalent for the Dynami...

Page 130: ...ooping IP MAC binding on the specified DSL ports C 13 dhcp l2agent snooping max lease lease count Configures the DHCP Snooping database max lease count for the specified DSL ports lease count 1 32 C 1...

Page 131: ...l2agent LDRA option82subopt1 option82subopt2 option18 option37 100 V option82subopt1 Circuit ID info option82subopt2 Remote ID info option18 Interface ID info option37 Remote ID info ras config ras c...

Page 132: ...snooping ip mac binding ras config interface dsl 2 1 dhcp l2agent snooping max lease 10 ras config interface dsl 2 1 exit ras config exit ras show interface dsl 2 1 dhcp l2agent snooping database slot...

Page 133: ...ber of a multicast group When the host doesn t want to be a member of a multicast group any more it sends an IGMP leave report IGMP query and report B A router sends an IGMP query to its downlink swit...

Page 134: ...Protocol version 2 IGMPv2 MLD uses ICMPv6 message types rather than IGMP message types MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3 MLD allows an IPv6 switch or router to discover...

Page 135: ...uery timer query interval interval robustness robustness max response time max response time Configures general query timers interval 10 300 in seconds robustness 1 5 max response time 1 10 in seconds...

Page 136: ...13 igmp mld mvlan table mvid index index Configures an entry for the specified MVLAN mapping table for N 1 VLAN mapping in TR 101 mode only The MVLAN table is not editable when tr101 fw is specified...

Page 137: ...orts C 13 show interface dsl slot portlist igmp mld Displays IGMP MLD settings on the specified DSL ports E 13 show igmp mld group Displays all joined multicast groups E 13 show igmp mld statistics Di...

Page 138: ...uery interval 60 robustness 1 max response time 5 ras config exit ras show igmp mld mode snooping version igmpv3 leavemode fast leave general query timer interval 60 sec robustness 1 max response time...

Page 139: ...7f ff ff which identifies the multicast group Table 93 Static multicast commands summary Command Description M P interface dsl slot portlist Enters the sub command mode for configuring the specified...

Page 140: ...AN 10 tagged frames received on DSL slot 2 port 1 to VLAN 20 tagged frames This example also sets the DSL port to only accept multicast frames of group 01 00 11 00 00 01 with VLAN 10 tags sysname conf...

Page 141: ...client C 13 ip inband address dhcp enable release renew Controls the DHCP client function on the inband management MGMT port interface enable turn the DHCP client function on release release the dynam...

Page 142: ...device ip address 0 0 0 0 223 255 255 255 a domain name is permitted for a VOIP interface voip ping via VoIP interface rtp ping via RTP interface size 0 1472 t ping continuously until Ctrl C is presse...

Page 143: ...refix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x w...

Page 144: ...ders The subnet ID is a number that identifies the subnet of a site Multicast Address In IPv6 multicast addresses provide the same functionality as IPv4 broadcast addresses Broadcasting is not support...

Page 145: ...Engineers is an interface ID format designed to adapt with IPv6 It is derived from the 48 bit 6 byte Ethernet MAC address as shown next EUI 64 inserts the hex digits fffe between the third and fourth...

Page 146: ...UDP Each DHCP client and server has a unique DHCP Unique IDentifier DUID which is used for identification when they are exchanging DHCPv6 messages The DUID is generated from the MAC address time vend...

Page 147: ...om the Relay Reply messages before the relay agent sends the packets to the clients The DHCP server copies the interface ID option from the Relay Forward message into the Relay Reply message and sends...

Page 148: ...ip ipv6 Displays the link local addresses the IES generated automatically This also shows the manually configured inband out of band management IPv6 address and default gateway address E 3 show ip ipv...

Page 149: ...n unit 20 1 MTU Commands Summary This table describes the commands Table 102 MTU Commands Summary COMMAND DESCRIPTION M P mtu mtu Configures the maximum transmission unit mtu 512 2000 bytes C 13 no mt...

Page 150: ...Chapter 20 MTU IES4005M User s Guide 150...

Page 151: ...a VLAN the IES adds a vendor specific tag to PADI PPPoE Active Discovery Initialization and PADR PPPoE Active Discovery Request packets from the VLAN s PPPoE clients This tag is defined in RFC 2516 a...

Page 152: ...at where X 0 F cmac2 MAC address of a PPPoE client in XXXXXXXXXXXX format where X 0 F cmac3 MAC address of a PPPoE client in Bytes dmac1 MAC address of the host device in XX XX XX XX XX XX format wher...

Page 153: ...nfo up to 127 ASCII characters of additional information for the IES to add to the VLAN s PPPoE packets See Table 104 on page 152 for more information C 13 no pppoe intermediate agent remote id vlan v...

Page 154: ...2 and the uplink PPPoE server The result shows the IES failed to receive a PADO PPPoE Active Discovery Offer from the PPPoE In this case you would check the connection between the IES and the PPPoE se...

Page 155: ...e paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going DSCP and Per Hop Behavio...

Page 156: ...ping command summary COMMAND DESCRIPTION M P dscp dscp priority Maps the specified DSCP to the specified IEEE 802 1p priority bit dscp 0 63 priority 0 7 C 13 show dscp Displays the DSCP to IEEE 802 1p...

Page 157: ...sent SP does not automatically adapt to changing network requirements Weighted Fair Queuing is used to guarantee each queue s minimum bandwidth based on its bandwidth weight portion the number you co...

Page 158: ...eing Queues 5 0 are scheduled by WFQ first and the output of WFQ queue 7 and queue 6 are scheduled by Strict Priority Queue 7 has the highest priority and the output of WFQ has the lowest priority sha...

Page 159: ...maximum number of packets queue 2 allows C 13 queue1 weight weight depth depth Configures the weight and maximum number of packets queue 1 allows C 13 queue0 weight weight depth depth Configures the...

Page 160: ...0 1 2 3 4 5 6 7 ras config ras config qos queue mapping ras config QosQueueMapping pbit0 2 ras config QosQueueMapping pbit1 2 ras config QosQueueMapping pbit6 5 ras config QosQueueMapping pbit7 5 ras...

Page 161: ...rofile EXAMPLE queue2 weight 3 depth 255 ras config wrr wfq profile EXAMPLE queue1 weight 2 depth 255 ras config wrr wfq profile EXAMPLE queue0 weight 1 depth 255 ras config wrr wfq profile EXAMPLE ex...

Page 162: ...nfig QosVcShaping EXAMPLE 75M max rate 75000 ras config QosVcShaping EXAMPLE 75M depth 100 ras config QosVcShaping EXAMPLE 75M exit ras config exit ras show qos vc shaping profile VC shapingProfile Na...

Page 163: ...ice that is not reachable through the default gateway for example when sending SNMP traps or using ping to test IP connectivity The following section lists the commands for this feature Table 111 Stat...

Page 164: ...Chapter 23 Static Route IES4005M User s Guide 164...

Page 165: ...configure Power Spectrum Density Power Spectrum Density PSD mask PSD defines the distribution of a line s power in the frequency domain A PSD mask is a template that specifies the maximum allowable PS...

Page 166: ...reduces transfer speeds It is recommended you use a non zero setting for real time traffic that has no error correction such as video conferencing The number of DMT Discrete Multi Tone symbols specif...

Page 167: ...stalk DPBO Downstream Power Back Off can reduce performance degradation by changing the PSD level on the VDSL switch es at street cabinet level ISDN in Europe uses a frequency range of up to 80 kHz wh...

Page 168: ...quality improves or deteriorates The switch determines line quality using the Signal to Noise Ratio SNR SNR is the ratio of the amplitude of the actual signal to the amplitude of noise signals at a g...

Page 169: ...to configure DSL profiles Alarm Profiles Alarm profiles define DSL port alarm thresholds The system sends an alarm trap and generates a syslog entry when the thresholds of the alarm profile are excee...

Page 170: ...max delay us delay Configure the minimum downstream latency delay 0 63 in ms C 13 min inp ds min inp Configures the downstream minimum Impulse Noise Protection INP for a 4 3125 KHz carrier space DSL l...

Page 171: ...ds target snrm max snrm min snrm Configures the downstream target maximum and minimum Signal to Noise Ratio SNR margins C 13 snrm us target snrm max snrm min snrm Configures the upstream target maxim...

Page 172: ...n step Maximum total aggregate power reduction in dB 0 15 per power trim in L2 mode default 1 l2 power down max Maximum total aggregate power reduction in dB 0 15 in L2 mode default 6 C 13 rfiband sta...

Page 173: ...l ESCM parameter C used for VDSL2 protocol escm c 0 640 0 1 640 1 5 in steps of 2 8 default 256 C 13 dpbo esel esel Configures DPBO E side cable Electrical Length used for VDSL2 protocol esel 0 511 0...

Page 174: ...iles used for VDSL2 protocol vdsl2_profile_list list of 8a 8b 8c 8d 12a 12b 17a 30a default 8a 8b 8c 8d 12a 12b 17a C 13 limit mask limit mask Configures the standard PSD mask limit mask d32 d48 d64 d...

Page 175: ...hin 15 minutes 0 900 default 0 C 13 xtur 15min lprs threshold threshold Configures the number of Loss of Power Seconds LPRS allowed on subscriber devices within 15 minutes 0 900 default 0 C 13 xtur 15...

Page 176: ...DSL alarm template C 13 exit Leaves the DSL alarm template configuration sub command mode C 13 alarm channel profile name Configures the referenced DSL alarm channel profile Default DEFVAL C 13 alarm...

Page 177: ...lays the number of bits transmitted for each DMT tone for the specified DSL ports The better or shorter the line the higher the number of bits transmitted for a DMT tone The maximum is 15 E 13 dsl dia...

Page 178: ...slot portlist statistics Clears the packet statistics for the specified DSL ports E 13 show interface dsl slot portlist statistics Displays the packet statistics for the specified DSL ports E 13 Tabl...

Page 179: ...previously untagged frames going out through a port with a specified VLAN ID Packets on the NNI Network Node Interface side uplink ports can be any of the following untagged tagged with a service prov...

Page 180: ...ider Tag Protocol Identifier S TPID is on the NNI side and a Customer TPID C TPID is on the UNI side The IES only forwards traffic for VLANs configured on the UNI side If you configure the UNI side as...

Page 181: ...on and aggregation can co exist with other VLAN modes except transparent VLAN Table 119 Stacking VLAN Tagging and Trunk CLI Examples VLAN MODE NNI VLAN UNI VLAN CLI EXAMPLES Stacking VLAN Tagging and...

Page 182: ...t of other modes VLAN TLS can co exist with other VLAN modes except transparent VLAN Table 121 Stacking VLAN Translation and Aggregation CLI Examples VLAN MODE NNI VLAN UNI VLAN CLI EXAMPLES Stacking...

Page 183: ...join one of the 4 VLAN modes before it can join a MVLAN The UNI VLAN in the joined VLAN modes and MVLAN must be the same Add the ATM VC to MVLAN see Section 14 1 on page 126 25 1 8 Management and VoIP...

Page 184: ...vid list Displays S tag TPID single tag mode and the member ports of specified VLANs or all VLANs vid list list of 1 4093 for example 1 3 or 1 3 5 21 or E 13 show interface dsl slot portlist vlan Disp...

Page 185: ...behavior appears truly transparent A port configured as transparent VLAN cannot join other VLAN modes See Section 25 1 1 on page 180 for more on transparent VLAN and command examples Note Use the inte...

Page 186: ...a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags to traffic The service provider Table 126 Transparent VLAN Command Parameters NOTA...

Page 187: ...a DSL port is a logical Ethernet port The IES adds the S tag SVID to packets from the DSL ports before forwarding them through an uplink interface spbit 0 7 if a priority bit is not assigned the S pr...

Page 188: ...ing table describes commonly used parameter notation for these commands This table describes the commands ras config ras config interface dsl 2 4 ras config interface dsl 2 4 active ras config interfa...

Page 189: ...uni vid tagged packets from the specified DSL ports C 13 vlan translation atm vc vpi vci uni vlan uni vid svlan svid cvlan cvid Cross connects uni vid tagged packets from the specified DSL ATM virtual...

Page 190: ...in the specified ports to the specified S VLAN or S C VLAN on uplink ports C 13 no vlan trunk uni untag Removes the cross connection of untagged packets on the specified DSL ports C 13 vlan trunk uni...

Page 191: ...s the ether type based cross connection of untagged packets on the specified DSL ATM virtual circuits C 13 vlan trunk atm vc vpi vci uni vlan uni vid svlan svid Cross connects uni vid tagged packets i...

Page 192: ...Chapter 25 VLAN IES4005M User s Guide 192...

Page 193: ...248 protocol also known as MEGACO MEdia GAteway COntrol or the Gateway Control Protocol defines a VoIP network in which basic functions such as voice coding and decoding are performed by one device a...

Page 194: ...P Commands The following table describes commonly used parameter notation for these commands H 248 POTS Ethernet PSTN Table 134 VoIP Command Parameters NOTATION DESCRIPTION profile name The name of a...

Page 195: ...ew Zealand 4 Belgium 27 Hong Kong 5 Bulgaria 28 Singapore 6 Czech 29 Morocco 7 Denmark 30 Ireland 8 Finland 31 Malaysia 9 France 32 Russia 10 Hungary 33 Thailand 11 Iceland 34 Israel 12 Italy 35 UAE 1...

Page 196: ...on E 13 voip h248 Enters the sub command mode for configuring the global H 248 settings C 13 exit Leaves the global H 248 settings configuration sub command mode C 13 clear statistics Clears control p...

Page 197: ...ip dn Configures the H 248 secondary MGC IP address or domain name mgc ip dn 0 0 0 0 223 255 255 255 or domain name default Note This is not available when the secondary MGC is disabled C 13 mgc2 port...

Page 198: ...ets out of band according to the MGC s configuration C 13 no t38 Disables support for the T 38 fax relay standard The system uses T 30 to transmit faxes as voice in band C 13 transport udp tcp Sets wh...

Page 199: ...ip default gateway gateway ip Configures the default gateway of the VoIP RTP interface gateway ip 0 0 0 1 223 255 255 255 C 13 no voip rtp Removes all VoIP RTP configuration C 13 show voip rtp ip addr...

Page 200: ...0ohm_680ohm_100nf 7 220ohm_820ohm_115nf 8 900ohm 9 200ohm_680ohm_100nf 10 900ohm_2160nf Default not specified use the impedance value defined in the currently selected country code C 13 no impedance H...

Page 201: ...e voip slot port list service stat Displays the service state for the specified VoIP ports E 13 no voip dsp profile name Removes the specified VoIP DSP profile C 13 show voip dsp profile name Displays...

Page 202: ...nfigures the voice packet interval for the G 726 codec for normal voice service vpi 10 20 30 or 40 milliseconds default 20 C 13 g729vpi vpi Configures the voice packet interval for the G 729 codec for...

Page 203: ...nterface ge nni exit ras config voip ip address 192 168 2 10 24 vlan 200 pbit 7 ras config voip h248 ras config voip h248 mgc ip 192 168 2 100 ras config voip h248 mg MG1_2U ras config voip h248 mg ra...

Page 204: ...Chapter 26 VoIP IES4005M User s Guide 204...

Page 205: ...pecial characters except _ equals character 0x00 0xFF represents byte value pname configured port name pid port index chvpi channel VPI chvci channel VCI slotid slot index of the logic port svlan SVLA...

Page 206: ...y can access the network through the port s auth allow all connected users to access the network through the port s without authentication unauth deny all subscribers access to the network through the...

Page 207: ...haracters password up to 31 printable characters C 13 no dot1x userprofile name name Deletes the specified 802 1x user account name up to 31 printable characters C 13 show dot1x userprofile Displays a...

Page 208: ...w interface dsl 2 1 2 10 dot1x status port status control radius index auth once reauth period circuit id option info 1 V auto 2 28800 2 V auto 2 28800 3 V auto 2 28800 4 V auto 2 28800 5 V auto 2 288...

Page 209: ...e the local database for subscriber user authentication sysname config sysname config dot1x userprofile name user password 0000 sysname config dot1x userprofile name manager password 0000 sysname conf...

Page 210: ...Chapter 27 IEEE 802 1x Authentication IES4005M User s Guide 210...

Page 211: ...211 PART III Troubleshooting Specifications Appendices and Index...

Page 212: ...212...

Page 213: ...age 61 and power connections Chapter 5 on page 39 The ALM LED is on An alarm has been detected Examples of an alarm on the IES are when the IES s voltage or temperature is outside of the normal range...

Page 214: ...rns on and off intermittently 1 Check the copper or fiber optic Ethernet cable and connections between the uplink or subtending interface and the Ethernet switch or router 2 Make sure that the peer Et...

Page 215: ...ne telnet session at a time or a total of four Telnet and SSH sessions with multiple login enabled 2 Make sure that your computer s IP address matches a configured secured client IP address if configu...

Page 216: ...ed to an IES port but the IES port still does not send or receive data The port may have the loop guard feature enabled Loop guard shuts down a port if it detects a network loop on it After resolving...

Page 217: ...he slot and re installing it 3 If neither of these steps work use the lcman disable command Then connect to the line card s console port and recover the firmware The procedure to recover the line card...

Page 218: ...other method to upload firmware Note This procedure is for emergency situations only 1 Obtain the firmware file unzip it and save it in a folder on your computer 2 Connect your computer to the console...

Page 219: ...oting STEP CORRECTIVE ACTION 1 Make sure the subscriber has a POTS splitter properly installed 2 Check the telephone wire connections between the subscriber and the MDF s 3 Check the telephone wire an...

Page 220: ...Chapter 28 Hardware Troubleshooting IES4005M User s Guide 220...

Page 221: ...re that specifies its thickness As the thickness of the wire increases the AWG number decreases Make sure you use wires of the specified wire gauge Ground wire 18 AWG Telephone wire 26 AWG Power wire...

Page 222: ...A 240 V AC Certifications RoHS Compliance CE Conformity FCC ITU T K 20 Safety EN 60950 1 CSA 60950 1 UL 60950 1 IEC 60950 1 EMC FCC Part 15 Class B EN55022 Class B EN55024 Class B ETSI 300 386 Compli...

Page 223: ...have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the pr...

Page 224: ...om pk Philippines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com Thailand ZyXEL Thailand Co...

Page 225: ...ations Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxel fi France ZyXEL Franc...

Page 226: ...L Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyxel ru Slovakia ZyXEL Communicatio...

Page 227: ...tin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Ecuador ZyXEL Communication Corporation http www zyxel com ec es Middle East Egypt ZyXEL Communication Corporation http w...

Page 228: ...Appendix A Customer Support IES4005M User s Guide 228 Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za...

Page 229: ...is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certific...

Page 230: ...wish to view from this page ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this product is free from any defects in material or workmanship for a specific period the War...

Page 231: ...all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America...

Page 232: ...g these products other than a cordless type during an electrical storm There may be a remote risk of electric shock from lightning Always disconnect all telephone lines from the wall outlet before ser...

Page 233: ...70 slot parameter 70 subnet mask parameter 70 UDP or TCP port number 70 VCI parameter 71 122 186 187 188 190 VLAN ID parameter 71 VPI parameter 71 122 186 187 188 190 command modes See also modes 75 c...

Page 234: ...I installation fan module 44 line cards 61 management switch card 61 rack 59 interleave delay 169 Internet telephony service provider 193 introduction 17 43 IP address 70 IPQoS 157 ITSP 193 L latch 2...

Page 235: ...ion 168 recovering firmware 218 registration product 231 related documentation 2 removing fan module 44 line cards 63 management switch card 63 removing a transceiver 27 resetting the defaults 217 RFI...

Page 236: ...mode 75 V VC Mux 125 VCI 71 122 186 187 188 190 VDSL Limit PSD Mask 166 VDSL2 165 Very High Speed Digital Subscriber Line 2 see VDSL2 Virtual Channel Indicator see VCI Virtual Path Indicator see VPI...

Reviews:

No comments

Related manuals for IES4005M

Network Card-MS

Brand: Eaton Pages: 89

Brand: Ubiquiti Pages: 40

Brand: D-Link Pages: 213

Brand: REXROTH Pages: 68

Brand: Abocom Pages: 63

Compact NVR-AS 4000

Brand: IndigoVision Pages: 38

UniFi WiFi BaseStation XG

Brand: Ubiquiti Pages: 19

Emotron OSTO 100

Brand: CG Pages: 112

Brand: Pakedge Device & Software Pages: 14

Brand: LevelOne Pages: 3

Brand: ADTRAN Pages: 20

VAR-SOM-MX8M-PLUS

Brand: Variscite Pages: 2

Brand: Honeywell Home Pages: 36

Brand: Proxim Pages: 65

3C13755-US - Router 5642

Brand: 3Com Pages: 104

Brand: Valcom Pages: 4

Brand: ZyXEL Communications Pages: 1

Vigor 3200 Series

Brand: Draytek Pages: 356

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands