manualshive.com logo in svg

SMC Networks 7724M/VSW - annexe 1, Руководство пользователя

Поделиться
Скачать
SMC Networks 7724M/VSW - annexe 1 Скачать руководство пользователя страница 59

CLI 

Management Guide 

TigerAccess™ EE

 

58 

SMC7824M/VSW

 

4.5 802.1x 

Authentication 

To enhance security and portability of network management, there are two ways of au-
thentication based on MAC address and port-based authentication which restrict clients 
attempting to access to port. 

Port-based authentication (802.1x) is used to authenticate the port self to access without 
users’ count to access the network. 

802.1x authentication adopts EAP (Extensible Authentication Protocol) structure. In EAP 
system, there are EAP-MD5 (Message Digest 5), EAP-TLS (Transport Level Security), 
EAP-SRP (Secure Remote Password), EAP-TTLS (Tunneled TLS) and the switch sup-
ports EAP-MD5 and EAP-TLS. Accessing with user’s ID and password, EAP-MD5 is 1-
way Authentication based on the password. EAP-TLS accesses through the mutual au-
thentication system of server authentication and personal authentication and it is possible 
to guarantee high security because of mutual authentication system. 

At a request of user Authentication, from user’s PC EAPOL-Start type of packets are 
transmitted to authenticator and authenticator again requests identification. After getting 
respond about identification, request to approve access to RADIUS server and be au-
thenticated by checking access through user’s information. 

The following figure explains the process of 802.1x authentication. 

[Suppliant]

[Authenticator]

[Authentication Server]

EAPOL

(EAP over LAN)

EAP over RADIUS

EAPOL-Start

EAP-Request / Identity

EAP-Response / Identity

RADIUS-Access-Request

RADIUS-Access-Challenge

EAP-Request

EAP-Response

RADIUS-Access-Request

EAP-Success

RADIUS-Access-Accept

RADIUS
Server

 

Fig. 4.1 

Process of 802.1x Authentication 

 

 

 

 

Содержание 7724M/VSW - annexe 1

Страница 1: ......

Страница 2: ...No license is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright C 2009 by SMC Networks Inc 20 Mason Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerAccess TigerStack and TigerSwitch are trade marks of SMC Networks Inc Othe...

Страница 3: ... Guide TigerAccess EE 2 SMC7824M VSW Warranty and Product Registration To register SMC products and to review the detailed warranty statement please refer to the Support Section of the SMC Website at http www smc com ...

Страница 4: ...Access EE SMC7824M VSW 3 Reason for Update Summary Initial release Details Chapter Section Reason for Update All Initial release Issue History Issue Number Date of Issue Reason for Update 01 05 2009 Initial release nos 5 01 3001 ...

Страница 5: ...nfiguration Mode 29 3 1 9 Rule Configuration Mode 30 3 1 10 RMON Configuration Mode 30 3 2 Configuration Mode Overview 31 3 3 Useful Tips 32 3 3 1 Listing Available Command 32 3 3 2 Calling Command History 34 3 3 3 Using Abbreviation 35 3 3 4 Using Command of Privileged EXEC Enable Mode 35 3 3 5 Exit Current Command Mode 35 4 System Connection and IP Address 36 4 1 System Connection 36 4 1 1 Conne...

Страница 6: ...Interface Description 53 4 3 5 Displaying Interface 54 4 4 Secure Shell SSH 55 4 4 1 SSH Server 55 4 4 1 1 Enabling SSH Server 55 4 4 1 2 Displaying On line SSH Client 55 4 4 1 3 Disconnecting SSH Client 55 4 4 1 4 Assigning Specific Authentication Key 56 4 4 1 5 Displaying Connection History of SSH Client 56 4 4 2 SSH Client 56 4 4 2 1 Login to SSH Server 56 4 4 2 2 File Copy 56 4 4 2 3 Authentic...

Страница 7: ...tus of VDSL Port 77 5 3 2 2 Enabling VDSL Port 77 5 3 2 3 Profile of VDSL Port 78 5 3 2 4 Controlling Power according to Connection Distance 79 5 3 2 5 PSD Level 83 5 3 2 6 PSD Mask Level 84 5 3 2 7 Interleave 84 5 3 2 8 Impulse Noise Protection 86 5 3 2 9 Trellis Coded Modulation TCM 86 5 3 2 10 Ham band 87 5 3 2 11 SNR Margin 88 5 3 2 12 Bitloading Per Tone 90 5 3 2 13 G handshake Tone 91 5 3 3 ...

Страница 8: ...y 120 6 1 13 6 SFP Module optional uplink port 121 6 2 Configuration Management 123 6 2 1 Displaying System Configuration 123 6 2 2 Writing System Configuration 123 6 2 3 Auto Saving 124 6 2 4 System Configuration File 124 6 2 5 Restoring Default Configuration 125 6 3 System Management 126 6 3 1 Network Connection 126 6 3 2 IP ICMP Source Routing 128 6 3 3 Tracing Packet Route 129 6 3 4 Displaying...

Страница 9: ... SNMP Configuration 148 7 1 11 Disabling SNMP 148 7 2 Operation Administration and Maintenance OAM 149 7 2 1 OAM Loopback 149 7 2 2 Local OAM Mode 150 7 2 3 OAM Unidirection 150 7 2 4 Remote OAM 150 7 2 5 Displaying OAM Configuration 151 7 3 Link Layer Discovery Protocol LLDP 152 7 3 1 LLDP Operation 152 7 3 2 Enabling LLDP 152 7 3 3 LLDP Operation Type 153 7 3 4 Basic TLV 153 7 3 5 LLDP Message 1...

Страница 10: ...nfiguration 167 7 6 Quality of Service QoS 168 7 6 1 How to Operate QoS 169 7 6 2 Packet Classification 171 7 6 2 1 Flow Creation 171 7 6 2 2 Configuring Flow 171 7 6 2 3 Applying and modifying Flow 174 7 6 2 4 Class Creation 174 7 6 3 Packet Conditioning 175 7 6 3 1 Policer Creation 175 7 6 3 2 Packet Counter 176 7 6 3 3 Average Packet Counter 176 7 6 3 4 Rate limit 177 7 6 3 5 Applying and modif...

Страница 11: ...2 Adding Policy of MAC Filter 211 7 11 3 Deleting MAC Filter Policy 212 7 11 4 Listing of MAC Filter Policy 212 7 12 Address Resolution Protocol ARP 213 7 12 1 ARP Table 213 7 12 1 1 Registering ARP Table 213 7 12 1 2 Displaying ARP Table 214 7 12 2 ARP Alias 214 7 12 3 ARP Inspection 215 7 12 3 1 ARP Access List 215 7 12 3 2 Enabling ARP Inspection Filtering 218 7 12 3 3 ARP Address Validation 21...

Страница 12: ...36 8 1 2 Protocol based VLAN 237 8 1 3 MAC based VLAN 237 8 1 4 Subnet based VLAN 238 8 1 5 Tagged VLAN 238 8 1 6 VLAN Description 239 8 1 7 VLAN Precedence 240 8 1 8 Displaying VLAN Information 240 8 1 9 QinQ 241 8 1 9 1 Double Tagging Operation 242 8 1 9 2 Double Tagging Configuration 242 8 1 9 3 TPID Configuration 243 8 1 10 Layer 2 Isolation 243 8 1 10 1 Shared VLAN 244 8 1 11 VLAN Translation...

Страница 13: ...3 Port Priority 274 8 3 7 4 MST Region 274 8 3 7 5 Enabling MSTP configuration 276 8 3 7 6 Displaying Configuration 276 8 3 8 Configuring PVSTP 277 8 3 8 1 Enabling PVSTP 277 8 3 8 2 Root Switch 278 8 3 8 3 Path cost 278 8 3 8 4 Port Priority 279 8 3 8 5 Displaying Configuration 279 8 3 9 Root Guard 280 8 3 10 Restarting Protocol Migration 281 8 3 11 Loop Back Detection 281 8 3 12 BPDU Configurati...

Страница 14: ... of DHCP Client 308 8 6 1 12 IP Address Validation 308 8 6 1 13 Authorized ARP 309 8 6 1 14 Prohibition of 1 N IP Address Assignment 309 8 6 1 15 Ignoring BOOTP Request 310 8 6 1 16 DHCP Packet Statistics 310 8 6 1 17 Setting DHCP Pool Size 311 8 6 1 18 Displaying DHCP Pool Configuration 311 8 6 2 DHCP Address Allocation with Option 82 311 8 6 2 1 DHCP Class Capability 312 8 6 2 2 DHCP Class Creat...

Страница 15: ...8 IP Source Guard 331 8 6 8 1 Enabling IP Source Guard 332 8 6 8 2 Static IP Source Binding 332 8 6 8 3 Displaying IP Source Guard Configuration 333 8 6 9 DHCP Client 334 8 6 9 1 Enabling DHCP Client 334 8 6 9 2 DHCP Client ID 334 8 6 9 3 DHCP Class ID 334 8 6 9 4 Host Name 334 8 6 9 5 IP Lease Time 335 8 6 9 6 Requesting Option 335 8 6 9 7 Forcing Release or Renewal of DHCP Lease 335 8 6 9 8 Disp...

Страница 16: ...P Snooping Querier Configuration 358 9 2 3 2 IGMP Snooping Last Member Query Interval 360 9 2 3 3 IGMP Snooping Immediate Leave 361 9 2 3 4 IGMP Snooping Report Suppression 362 9 2 3 5 IGMP Snooping S Query Report Agency 362 9 2 3 6 Explicit Host Tracking 363 9 2 3 7 Multicast Router Port Configuration 364 9 2 3 8 TCN Multicast Flooding 366 9 2 4 IGMPv3 Snooping 367 9 2 5 Displaying IGMP Snooping ...

Страница 17: ... 198 Fig 7 12 Deficit Weighted Round Robin 199 Fig 7 13 WRED Packet Drop Probability 203 Fig 7 14 NetBIOS Filtering 205 Fig 7 15 Proxy ARP 222 Fig 7 16 ICMP Message Structure 223 Fig 7 17 sFlow Structure 229 Fig 7 18 sFlow Agent Diagram 229 Fig 8 1 Port based VLAN 235 Fig 8 2 Subnet based VLAN 238 Fig 8 3 Example of QinQ Configuration 241 Fig 8 4 QinQ Frame 241 Fig 8 5 Outgoing Packets under Layer...

Страница 18: ...xample of Layer 2 Network Design in MSTP Environment 288 Fig 8 29 ERP Operation in case of Linnk Failure 291 Fig 8 30 Ring Protection 291 Fig 8 31 Link Failure Recovery 292 Fig 8 32 Ring Recovery 292 Fig 8 33 Shared Link 293 Fig 8 34 DHCP Service Structure 302 Fig 8 35 Example of DHCP Relay Agent 315 Fig 8 36 DHCP Option 82 Operation 321 Fig 8 37 DHCP Server Packet Filtering 337 Fig 8 38 Example o...

Страница 19: ...0 Tab 3 10 Main Command of RMON Configuration Mode 31 Tab 3 11 Command Abbreviation 35 Tab 5 1 Information displayed by Command show lre 77 Tab 5 2 Profile of VDSL Port 78 Tab 5 3 Option band of VDSL Port 79 Tab 5 4 Value of PBO Length 81 Tab 5 5 The frequency of PSD Level per band 83 Tab 5 6 The Value of PSD Mask Level 84 Tab 5 7 Bandwidth of Ham band Frequency 88 Tab 5 8 Sub commands in Bitloadi...

Страница 20: ...w Introduces the switch system It also lists the features of the system 3 Command Line Interface CLI Describes how to use the Command Line Interface CLI 4 System Connection and IP Address Describes how to manage the system account and IP address 5 Port Configuration Describes how to configure the Ethernet or VDSL ports 6 System Environment Describes how to configure the system environment and mana...

Страница 21: ...azards in volved with electrical circuitry and be familiar with standard practices for preventing acci dents by making quick guide based on this guide 1 4 Document Notation The following table shows commands used in guide book Please be aware of each command to use them correctly Notation Description a Commands you should use as is NAME PROFILE VALUE Variables for which you supply values PORTS For...

Страница 22: ...ram is always available This program has to be supplied with regular updates by a certified software It is recommended that you make periodic checks against viruses in your OS At the LCT it is recommended to integrate the virus scanning program into the startup sequence 1 6 CE Declaration of Conformity The CE declaration of the product will be fulfilled if the construction and cabling is under tak...

Страница 23: ...users in apartments buildings and hotels The switch supports maximum 100Mbps of upload and 100Mbps down load in case of Symmetric and up to 50 Mbps of upload and 100 Mbps of download or 10VLR Mbps of upload 50VLR Mbps of download in case of Asymmetric The switch offers 24 Port VDSL2 service interface and fixed 2 Port 10 100 1000Base T and 1 slot for option uplink module Note The uplink module is n...

Страница 24: ...cit Round Robin IP Multicast Because broadcasting in a LAN is restricted if possible multicasting could be used in stead of broadcasting by forwarding multicast packets only to the member hosts who joined multicast group The switch provides IGMPv2 and IGMP snooping for host mem bership management SNMP Simple network management protocol SNMP is to manage Network Elements using TCP IP protocol The s...

Страница 25: ...ation of network timeout because the packets occupy most of transmit ca pacity switch supports broadcast and multicast storm control which disuses flooding packet that exceed the limit during the time configured by user Outband Management Interface The switch can connect to equipments at remote place by assigning IP address to MGMT interface Since MGMT interface is operated regardless of status of...

Страница 26: ... cascading switch to the management network through the outband interface The switch also provides the RS232 console interface to simply access the system with a provided RJ45 to DB9 cable This chapter describes a basic instruction for using the command line interface CLI which is used for managing the system Configuration Mode Configuration Mode Overview Useful Tips 3 1 Configuration Mode You can...

Страница 27: ...XEC Enable mode with the enable command then the system prompt will changes from SWITCH to SWITCH Command Mode Description enable View Opens Privileged EXEC Enable mode You can set a password to Privileged EXEC Enable mode to enhance security Once set ting a password you should enter a configured password when you open Privileged EX EC Enable mode Tab 3 2 shows main commands of Privileged EXEC Ena...

Страница 28: ...imer help Shows a description of the interactive help system hostname Sets a host name of the system interface Opens Interface Configuration mode to configure a specified interface mvr Configures MVR ntp Configures NTP passwd Sets a system password qos Configures QoS rmon alarm Opens RMON Configuration mode to configure RMON alarm snmp Configures SNMP ssh Configures SSH stack Configures a system s...

Страница 29: ...the ip dhcp pool command then the sys tem prompt will be changed from SWITCH config to SWITCH config dhcp POOL Command Mode Description ip dhcp pool POOL Global Opens DHCP Pool Configuration mode to configure DHCP To open DHCP Pool Configuration mode use the service dhcp command in the Global Configuration mode first Tab 3 5 shows main commands of DHCP Pool Configuration mode Command Description d...

Страница 30: ...ommand then the system prompt will be changed from SWITCH config to SWITCH config opt82 Command Mode Description ip dhcp option82 Global Opens DHCP Option 82 Configuration mode to config ure DHCP option 82 To open DHCP Option 82 Configuration mode use the service dhcp command in the Global Configuration mode first Tab 3 7 is the main commands of DHCP Option 82 Configuration mode Command Descriptio...

Страница 31: ...ITCH config to SWITCH config flow NAME SWITCH config policer NAME and SWITCH config policy NAME Command Mode Description flow NAME create Opens Flow Configuration mode policer NAME create Opens Policer Configuration mode policy NAME create Global Opens Policy Configuration mode Tab 3 9 shows the commands of Rule Configuration mode Command Description cos Classifies an IEEE 802 1p priority mac Clas...

Страница 32: ...n mode SWITCH config if RMON Configuration mode SWITCH config rmonalarm N SWITCH config rmonevent N SWITCH config rmonhistory N DHCP Pool Configuration mode SWITCH config dhcp POOL enable configure terminal bridge interface INTERFACE INTERFACE interface name ip dhcp pool POOL POOL pool name rmon alarm 1 65535 rmon event 1 65535 rmon history 1 65535 exit end Back to previous mode Back to Privileged...

Страница 33: ...mode copy Copy from one file to another debug Debugging functions default os Select default OS disconnect Disconnect user connection enable Turn on privileged mode command erase Erase saved configuration exit End current mode and down to previous mode halt Halt process help Description of the interactive help system no Negate a command or set its defaults ping Send echo messages quote Execute exte...

Страница 34: ... source A B C D clear ip route kernel clear lacp statistic clear lldp statistics PORTS clear lre error stat all PORTS more Press the ENTER key to skip to the next list In case that the switch installed command shell you can find out commands starting with a specific alphabet Input the first letter and question mark without space The following is an example of finding out the commands starting s in...

Страница 35: ...ommands will be displayed in the latest order The following is an example of calling command history after using several commands After using these commands in order show clock configure terminal interface 1 exit press the arrow key and then you will see the commands from latest one exit interface 1 configure terminal show clock SWITCH config exit SWITCH show clock Mon 5 Jan 1970 23 50 12 0000 SWI...

Страница 36: ...le mode as show ping telnet traceroute and so on regardless of which mode you are located on To execute the commands of Privileged EXEC Enable mode on different mode use the following command Command Mode Description do COMMAND All Executes the commands of Privileged EXEC Enable mode 3 3 5 Exit Current Command Mode To exit to the previous command mode use the following command Command Mode Descrip...

Страница 37: ...ting to the Console Port To begin setup you must connect the Console to the RJ45 Console port To connect the cable perform the following steps Step 1 Attach the RJ45 connector on the cable to the RJ45 connector on the console port of the switch Step2 Connect the other end of the cable to one of the serial ports on your workstation Step3 Open your terminal emulation software and configure the COM p...

Страница 38: ...lobal Configures an encrypted password password enable does not support encryption at default value Therefore it shows the string or password as it is when you use the show running config command In this case the user s password is shown to everyone and has unsecured environment To encrypt the password which will be shown at running config you should use the ser vice password encryption command An...

Страница 39: ...de Description no service password encryption Global Disables password encryption 4 1 4 Changing Login Password To configure a password for created account use the following command Command Mode Description passwd NAME Global Configures a password for created account The following is an example of changing the current password SWITCH config passwd Changing password for admin Enter the new password...

Страница 40: ...t the current password returns to the default setting Step 4 Check password restore to default on the booting messages It means that the current password returns to the default setting By default setting the password is configured as nsn switch Boot Loader Version 5 43 SMC Networks Inc Press s key to go to Boot Mode 0 Load Address 0x01000000 Image Size 0x00bac000 Start Address 0x01000000 console t...

Страница 41: ...ss to Privileged EXEC Enable mode The account with the highest level 15 has a read write authority To delete the created account use the following command Command Mode Description user del NAME Global Delete the created account To display a created account use the following command Command Mode Description show user Enable Global Bridge Shows a created account 4 1 6 2 Security Level For the switch...

Страница 42: ...mon history level 0 15 COMMAND all Uses the specific command of RMON Configuration mode in the level privilege dhcp pool level 0 15 COMMAND all Uses the specific command of DHCP Pool Configura tion mode in the level privilege dhcp pool class level 0 15 COMMAND all Uses the specific command of DHCP Pool Class Con figuration mode in the level privilege dhcp option82 level 0 15 COMMAND all Uses the s...

Страница 43: ...e rmon event level 0 15 COM MAND all no privilege rmon history level 0 15 COM MAND all no privilege dhcp pool level 0 15 COM MAND all no privilege dhcp pool class level 0 15 COMMAND all no privilege dhcp option82 level 0 15 COMMAND all no privilege dhcp class level 0 15 COM MAND all Global Delete a configured security level on each mode To display a configured security level use the following comm...

Страница 44: ...iew level 0 enable SWITCH config privilege enable level 0 show SWITCH config privilege enable level 1 configure terminal SWITCH config show privilege Command Privilege Level Configuration Node All Level Command EXEC ENABLE 1 configure terminal EXEC VIEW 0 enable EXEC ENABLE 0 show 3 entry s found SWITCH config In the above configuration as level 0 it is possible to use only show command in Privi l...

Страница 45: ...t 10 minutes 0 59 time unit in seconds exec timeout 0 Global Disables auto log out To display a configuration of auto logout function use the following command Command Mode Description show exec timeout Enable Global Bridge Shows a configuration of auto logout function The following is an example of configuring auto log out function as 60 seconds and view ing the configuration SWITCH config exec t...

Страница 46: ...or 6 minutes 44 12 seconds SWITCH 4 1 10 System Rebooting 4 1 10 1 Manual System Rebooting When installing or maintaining the system some tasks require rebooting the system by various reasons Then you can reboot the system with a selected system OS To restart the system manually use the following command Command Mode Description reload os1 os2 Enable Restarts the system If you reboot the system wi...

Страница 47: ...stem to restart automatically in case an average of CPU or interrupt load exceeds the con figured value during the user defined time 50 100 average of CPU load 1 100 average of interrupt load auto reset memory 1 120 1 10 Configures the system to restart automatically in case memory low occurs as the configured value 1 120 time of memory low 1 10 count of memory low no auto reset cpu memory Bridge ...

Страница 48: ...hentication method 4 2 2 Authentication Interface If more than 2 interfaces exist in the switch you can set one interface to access RADIUS or TACACS server To set an authentication interface use the following command Command Mode Description login radius tacacs interface INTERFACE A B C D Sets an authentication interface radius RADIUS authentication tacacs TACACS authentication INTERFACE interface...

Страница 49: ...ove A B C D 1 5 Global Specifies a priority of RADIUS server A B C D IP address 1 5 priority of RADIUS server 4 2 4 3 Timeout of Authentication Request After an authentication request the switch waits for a response from a RADIUS server for specified time To specify a timeout value use the following command Command Mode Description login radius timeout 1 100 Specifies a timeout value 1 100 timeout...

Страница 50: ...dress 1 5 priority of TACACS server 4 2 5 3 Timeout of Authentication Request After the authentication request the switch waits for the response from the TACACS server for specified time To specify a timeout value use the following command Command Mode Description login tacacs timeout 1 100 Specifies a timeout value 1 100 timeout value for the response default 5 no login tacacs timeout Global Dele...

Страница 51: ...or mation for the order of priority no login tacacs priority level Global Deletes a defined priority level The order of priority is root max user min 4 2 6 Accounting Mode The switch provides the accounting function of AAA Authentication Authorization and Accounting Accounting is the process of measuring the resources a user has consumed Typically accounting measures the amount of system time a us...

Страница 52: ...ou need to enable the interface first If the inter face is not enabled you cannot access it from a remote place even though an IP address has been assigned To configure an interface you need to open Interface Configuration mode first To open Interface Configuration mode use the following command Command Mode Description interface INTERFACE Global Interface Opens Interface Configuration mode to con...

Страница 53: ...ing an interface as a DHCP client For the detail of configuring a DHCP client see Section 8 6 9 To display an assigned IP address use the following command Command Mode Description show ip Interface Shows an IP address assigned to an interface 4 3 3 Static Route and Default Gateway The static route is a predefined route to a specific network and or device such as a host Unlike a dynamic routing pr...

Страница 54: ...lowing command Command Mode Description show ip route A B C D A B C D M Shows configured routing information show ip route database Enable Global Bridge Shows configured routing information with IP routing table database 4 3 4 Interface Description To specify a description on an interface use the following command Command Mode Description description DESCRIPTION Specifies a description on an inter...

Страница 55: ...ng Interface To display an interface status and configuration use the following command Command Mode Description show interface INTERFACE Enable Global Bridge Interface Shows an interface status and configuration INTERFACE interface name show ip interface INTERFACE brief Enable Global Bridge Shows brief information of interface INTERFACE interface name The following is the sample output of the sho...

Страница 56: ...h the following procedure Enabling SSH Server Displaying On line SSH Client Disconnecting SSH Client Assigning Specific Authentication Key Displaying Connection History of SSH Client 4 4 1 1 Enabling SSH Server To enable disable SSH server use the following command Command Mode Description ssh server enable Enables SSH server ssh server disable Global Disables SSH server 4 4 1 2 Displaying On line...

Страница 57: ...H client use the following command Command Mode Description show ssh history Enable Global Bridge Shows the connection history of SSH clients who are connected to SSH server up to now 4 4 2 SSH Client The switch can be used as SSH client with the following procedure Login to SSH Server File Copy Authentication Key 4 4 2 1 Login to SSH Server To login to SSH server after configuring the switch as S...

Страница 58: ... SSH ver 2 authentication FILENAME key file name To configure authentication key and connect to SSH server with the authentication key perform the following procedure Step 1 Configure the authentication key in the switch SWITCH_A config ssh keygen dsa Generating public private dsa key pair Enter file in which to save the key etc ssh id_dsa Enter passphrase empty for no passphrase networks Enter sa...

Страница 59: ...ation based on the password EAP TLS accesses through the mutual au thentication system of server authentication and personal authentication and it is possible to guarantee high security because of mutual authentication system At a request of user Authentication from user s PC EAPOL Start type of packets are transmitted to authenticator and authenticator again requests identification After getting ...

Страница 60: ...other s IP address The data is key and should be the same value for each other For the key value every kinds of character can be used except the space or special character Suppliant Authenticator Authentication Server RADIUS Server RADIUS Servers A 10 1 1 1 B 20 1 1 1 C 30 1 1 1 J 100 1 1 1 Response Authentication request in order Designate as default RADIUS server Fig 4 2 Multiple Authentication ...

Страница 61: ...authentication information between the authenticator and RADIUS server The authenticator and RADIUS server must have a same key value and you can use alphabetic characters and numbers for the key value The space or special character is not allowed To set priority to a registered RADIUS server use the following command Command Mode Description dot1x radius server move A B C D NAME priority PRIOR IT...

Страница 62: ...s a configured authentication port state 4 5 1 6 Interval for Retransmitting Request Identity Packet In the switch it is possible to specify how long the device waits for a client to send back a response identity packet after the device has sent a request identity packet If the client does not send back a response identity packet during this time the device retransmits the request identity packet ...

Страница 63: ...he distance from the server for configuring the interval of requesting the authentication to RADIUS server If you configure the interval too short the authenti cation couldn t be realized If it happens you d better to reconfigure the interval longer 4 5 2 802 1x Re Authentication In the switch it is possible to update the authentication status on the port periodically To enable re authentication o...

Страница 64: ... sponse is received from the suppliant for the number of seconds the authenticator re transmits the request to the suppliant In the switch you can set the number of seconds that the authenticator should wait for a response to request identity packet from the sup pliant before retransmitting the request To set reattempt interval for requesting request identity packet use the following com mand Comm...

Страница 65: ...02 1x configuration use the following command Command Mode Description show dot1x Shows 802 1x configuration on the system show dot1x PORTS Enable Global Bridge Shows 802 1x configuration on the port 4 5 6 802 1x User Authentication Statistics It is possible for user to make reset state by showing and deleting the statistics of 802 1x user authentication To display the statistics about the process...

Страница 66: ...3 RADIUS Server 10 1 1 1 Auth key test 1 2 3 802 1x 123456789012345678901234567890123 PortEnable p PortAuthed u MacEnable MacAuthed p port based m mac based a authenticated u unauthenticated SWITCH config The following is the example of setting the interval of requesting reauthentication to 1000 sec and the interval of reauthentication to 1800 sec SWTICH config dot1x timeout quiet period 1000 25 S...

Страница 67: ...CH config dot1x auth mode mac base 25 SWTICH config show dot1x 802 1x authentication is enabled RADIUS Server TimeOut 1 S RADIUS Server Retries 3 RADIUS Server 10 1 1 1 Auth key test 1 2 3 802 1x 123456789012345678901234567890123 PortEnable PortAuthed MacEnable m MacAuthed u p port based m mac based a authenticated u unauthenticated SWITCH config ...

Страница 68: ...ace 5 2 Ethernet Port Configuration 5 2 1 Enabling Ethernet Port To enable disable the Ethernet port use the following command Command Mode Description port enable disable PORTS Bridge Enables disables a port enter a port number default enable The following is an example of disabling the Ethernet port 25 SWITCH bridge port disable 25 SWITCH bridge show port 25 NO TYPE PVID STATUS MODE FLOWCTRL INS...

Страница 69: ...dge show port 25 26 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 25 Ethernet 1 Up Up Auto Full 1000 Off Y 26 Ethernet 1 Up Up Auto Full 1000 Off Y SWITCH bridge port nego 25 26 off SWITCH bridge show port 25 26 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 25 Ethernet 1 Up Up Force Full 1000 Off Y 26 Ethernet 1 Up Up Force Full 1000 Off Y SWITCH bridge 5 2 3 Transmit Rate To set...

Страница 70: ... channels on the same connection for an aggregate bandwidth of twice that of half duplex mode Full duplex networks are very effi cient since data can be sent and received simultaneously To set the duplex mode on an Ethernet port use the following command Command Mode Description port duplex PORTS full half Bridge Sets full duplex or half duplex mode on a specified port enter a port number The foll...

Страница 71: ...e Description port flow control PORTS on off Bridge Enables the flow control on a specified port enter a port number default off The following is an example of enabling the flow control on the Ethernet port 25 SWITCH bridge show port 25 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 25 Ethernet 2 Up Up Auto Full 1000 Off Off Y SWITCH bridge port flow control 25 on SWITCH bridge ...

Страница 72: ...t statistics rmon PORTS Shows the RMON MIB counters of a specified Ethernet port show port statistics media adaptor PORTS Enable Global Bridge Shows the traffic statics per media adaptor unit of CO VDSL port The following is the sample output of the show port statistics avg pkt command with the Ethernet port 25 SWITCH config show port statistics avg pkt 25 Slot Port Tx Rx Time pkts s bytes s bits ...

Страница 73: ...rt 25 SWITCH config show cpu statistics total 25 Port Tx Rx Time pkts bytes bits pkts bytes bits port 25 Ucast 43 3074 24592 0 0 0 Mcast 348025 2088 167052000 0 0 0 Bcast 0 0 0 1349 80940 647520 SWITCH config The switch can be configured to generate a syslog message when the number of the packets handled by CPU exceeds a specified value This function allows system adminis trators to monitor the sw...

Страница 74: ...statistics limit Enable Global Bridge Shows a configured value to generate a syslog mes sage according to the number of the packets handled by CPU 5 2 7 3 Protocol Statistics To enables disables the system to collect the statistics of the protocols use the following command Command Mode Description protocol statistics enable dis able arp icmp ip tcp udp Global Bridge Enables disables the system to...

Страница 75: ...mmand is only valid for Ethernet optical port In case of using the command on the VDSL interface the system shows the state as Uninstalled The following is an example of displaying the port information for port 20 to 26 SWITCH config show port 20 26 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 20 VDSL 1 Up Down Force Full 100 On On Y 21 VDSL 1 Up Down Force Full 100 On On Y 22...

Страница 76: ...tem Fig 5 1 Transmission in DSL System In the above picture Modulator converts digital signal into analog signal to be sent over the channel Also the analog signal is returned into digital signal at the Demodulator 5 3 1 1 DMT Modulation DMT builds on some of the ideas of QAM Imagine having more than one constellation encoder Each encoder receives a set of bits that are encoded using a constellati...

Страница 77: ...ssible to process many digi tal signals Although its fundamental is complicated processing speed is faster than QAM 5 3 2 Configuring VDSL Port You can configure profile interleave of VDSL port This chapter describes the following lists Displaying Status of VDSL Port Enabling VDSL Port Profile of VDSL Port Controlling Power according to Connection Distance PSD Level PSD Mask Level Interleave Impul...

Страница 78: ...nd Description bitload Shows Bitloading Per Tone ewl Shows Electronic Wire Length ham band Shows HAM Band inp Shows Upstream Downstream Protection interleave Shows interleave delay pbo config Shows Power Back Off Length configuration profile Shows Profile psd Shows PSD rate info Shows rate information snr Shows SNR Margin Tab 5 1 Information displayed by Command show lre 5 3 2 2 Enabling VDSL Port...

Страница 79: ... exclude Bridge Configures profile of VDSL port Each profile provides the following bandwidth Profile Type asym100_998 PLAN 998 Asymmetric for 6Band DMT 50 100M not support option b and asym50_998 PLAN 998 Asymmetric for DMT 50M asym50_998_4b PLAN 998 Asymmetric for 4Band DMT 50M 8k tone sym100_100_998 PLAN 998 Symmetric for 6Band DMT 100 100M not support option b and VDSL 1 sym25_997 PLAN 997 Sym...

Страница 80: ...e use the following command Command Mode Description show lre profile Enable Global Bridge Displays the configured lre profile The following is an example of displaying the configured lre profile SWITCH bridge show lre profile 1 8 Port Status Standard Profile Tone disable Option ADM OPR mode Band 1 Up Down VDSL2 17A NORMAL ANNEX_A 2 Up Down VDSL2 17A NORMAL ANNEX_A 3 Up Down VDSL2 17A NORMAL ANNEX...

Страница 81: ...ITCH bridge lre 1 3 upbo disable SWITCH bridge show lre psd 1 5 Port Status Up Stream PBO Length PSD MASK ADM OPR PBO 10 Custom Level u0 u1 u2 u3 1 Up Up disable 2 2 2 2 11 2 Up Up disable 2 2 2 2 11 3 Up Down disable 2 2 2 2 11 4 Up Down Enable 2 2 2 2 11 5 Up Down Enable 2 2 2 2 11 SWITCH bridge If you control power according to VDSL line it is applied to all ports You cannot configure power con...

Страница 82: ...of 1 9 in the above command Each variable means as the below No Distance Unit m No Distance Unit m 1 100 6 600 2 200 7 700 3 300 8 800 4 400 9 900 5 500 10 User Definition Tab 5 4 Value of PBO Length You should control supplied power of VDSL port according to distance of VDSL line The following is an example of configuring power consumption as 400m SWITCH bridge lre 1 5 pbo length 4 SWITCH bridge ...

Страница 83: ...ser config ured the most appropriate PBO Length inner value could be unfit according to detailed environment To improve this point in switch it is possible that user configure the attribute of PBO Length The attribute of PBO Length is appointed as PBO Config user s default PBO Config is appointed as PBO Length 10 To configure PBO config use the following command Command Mode Description lre pbo co...

Страница 84: ...p down 3 648 1 100 down 11 8 508 12 000 up down 4 1 108 2 000 down 12 12 008 16 700 up down 5 2 008 3 000 down 13 16 708 17 600 up down 6 3 008 3 750 down 14 17 608 18 100 up down 7 3 758 4 500 up down 15 18 108 30 000 up down Tab 5 5 The frequency of PSD Level per band To display PSD level use the following command Command Mode Description show lre psd level PORTS Enable Global Bridge Shows PSD l...

Страница 85: ...K Level of VDSL line it is applied to all ports 5 3 2 7 Interleave There is Interleave process to correct data error before modulation digital signal into ana log signal Interleave gathers certain size of data re organize the gathered data and transmit the data divided by certain size In the below image you can see disperse errors by re organizing gathered data through Interleave By the way Interl...

Страница 86: ...ion delay caused of waiting data gathered To configure Interleave delay use the following command Command Mode Description lre PORTS interleave delay 1 100 Configures Interleave delay PORTS VDSL port number 1 100 interleave delay value default 2 ms lre PORTS interleave delay 1 100 upㅣdown Bridge Configures Interleave delay with specifying Upstream or Downstream The unit of Interleave delay is and ...

Страница 87: ... 50 50 SWITCH bridge 5 3 2 8 Impulse Noise Protection Use the following command to configure minimum protection value of port provision Command Mode Description lre PORTS inp 0 255 Configures INP 0 255 INP value default 0 lre PORTS inp 0 255 up down Bridge Configures INP with specifying Upstream or Down stream The unit of value is 125 usec and configured 0 as default To display a configured INP us...

Страница 88: ...ied Ham band for a port use the following command Command Mode Description lre PORTS ham band band1ㅣband2ㅣband3 ㅣband4ㅣband5ㅣband6ㅣband7ㅣband8ㅣ band9ㅣband10ㅣband11ㅣband12ㅣband13ㅣ band14ㅣband15ㅣband16ㅣband17ㅣband18 ㅣband19ㅣband20ㅣband21 Bridge Disables specified Ham band If you configure Ham band at VDSL port it is applied to all ports To enable Ham band of a port use the following command Command ...

Страница 89: ...000 14 350 ANNEX F ETSI T1E1 band17 18 068 18 168 ANNEX F ETSI T1E1 band18 21 000 21 450 ANNEX F ETSI T1E1 band19 24 890 24 990 ANNEX F ETSI T1E1 band20 28 000 29 100 ETSI band21 28 000 29 700 ANNEX F ETSI T1E1 Tab 5 7 Bandwidth of Ham band Frequency The following is an example of disabling Ham band 1 and Ham band 3 of VDSL port 1 and 2 SWITCH bridge lre 1 2 ham band band1 band3 SWITCH bridge show...

Страница 90: ...ugh noise is suddenly increased Fig 5 3 Deciding Transmit Rate according to SNR Margin When you configure estimate SNR the difference between estimate SNR and current SNR is call SNR Margin The switch applies the SNR margin to transmit rate In other word if you configure SNR margin as 6 the difference that subtracts 6 from current SNR will be applied to transmit rate as the above picture In you th...

Страница 91: ...ows bit loading SNR attenuation FEQ fine coeff noise margin and so on To display the table of each parameter in the range of tone use the following command Command Mode Description show lre pertoneinfo PORT rx bit neㅣtx bit ne snr ne noise margin ne atten ne feq ne tx pwr ne tx gi ne qln ne coarse feq ne 0 4095 0 4095 graph 1 4095 Enable Global Bridge Shows the table of each parameter bit loading ...

Страница 92: ...port use the following command Command Mode Description lre PORTS ghs a43 i43 v43 lre PORTS ghs b43 i43 v43 lre PORTS ghs none Bridge Configures G hs tone carrier of each port a43 b43 i43 v43 A43 B43 I43 V43 Carrier Set none None G hs Carrier mode You can not configure A43 G hs carrier with B43 at the same time To display the G hs Carrier configuration of each port use the following command Comman...

Страница 93: ...can be correctable show lre stat lof PORTS Shows the numbers of Frame loss show lre stat los PORTS Shows the numbers of Signal loss show lre stat lol PORTS Shows the numbers of Link loss show lre stat lpr PORTS Shows the numbers of CPE s Power loss show lre stat crc PORTS Shows the numbers of CRC errors show lre stat uncorrectable crc PORTS Enable Global Bridge Shows the numbers of CRC errors that...

Страница 94: ... bridge You can check how many times each port is disconnected and how long it is discon nected As the same way with counting times of CRC error and Frame loss of VDSL port it is counted every 15 minutes and each day To check how long have the errors in downstream of VDSL line been lasted use the fol lowing command Command Mode Description show lre stat crc sec PORTS Shows how long CRC error has b...

Страница 95: ...al loss use the following command Command Mode Description clear lre stat crc sec PORTS clear lre stat es sec PORTS clear lre stat ses sec PORTS clear lre stat lof sec PORTS clear lre stat los sec PORTS clear lre stat lol sec PORTS clear lre stat lpr sec PORTS clear lre stat uncorrectable crc PORTS Enable Global Bridge Resets the data of error count SES Severely Errored Seconds means how long serv...

Страница 96: ...ible to change Interleave delay or SNR margin To change it you should delete the member of Line config profile first If you try to configure interleave delay of the port which is included as Line config profile member the error message will be displayed SWITCH bridge lre 5 interleave delay 50 VDSL Port 5 is line config profile DEFVAL member SWITCH bridge To configure Line config profile in detail ...

Страница 97: ...s 0 25dBm 4 1dBm up snr min mgn 0 124 Line config Configures minimum SNR margin of Upstream The unit is 0 25dBm 4 1dBm The default of Interleave delay is 2 and speed of service is not configured by default setting The default of SNR margin is 24 6dBm in case of Downstream and 32 8dBm in case of Upstream Transmit rate should be configured using the unit of Mbps Therefore you can input in terms of 1...

Страница 98: ...ving Profile after going back to Global configuration mode or Enable mode SWITCH config write memory Building configuration OK SWITCH config Besides when switch has been stacking Line config profile configured in Master will be automatically configured in Slave Although it is configured before stacking Master s con figuration will be configured in Slave by finding any difference However you have t...

Страница 99: ...d every 15 minutes and SNMP trap is sent when it meets configured threshold To configure an alarm config profile perform the following steps Step 1 To configure alarm config profile you need to enter into Alarm config Profile mode Use the following command Command Mode Description alarm config profile NAME Bridge Opens alarm config profile mode NAME alarm config profile name The following is an ex...

Страница 100: ... config profile TEST thresh 15min loss 300 SWITCH bridge alarm config profile TEST thresh 15min sess 300 SWITCH bridge alarm config profile TEST thresh 15min uass 300 SWITCH bridge alarm config profile TEST To confirm the configuration use the following command Command Mode Description show lre alarm config profile PORTS Enable Global Bridge Shows the configuration of alarm config profiles The fol...

Страница 101: ... going back to Global configuration mode or Enable mode SWITCH config write memory Building configuration OK SWITCH config Besides when switch is been stacking Alarm config profile configured in Master will be automatically configured in Slave Although it is configured before stacking Master s con figuration will be configured in Slave by finding any difference However you have to save the configu...

Страница 102: ... the configuration after applying to port To disable the application of profile use the following command Command Mode Description alarm config profile NAME del PORTS Bridge Disables Profile applied to port Step 6 save the configuration SWITCH config write memory Building configuration OK SWITCH config To delete Profile use the following command Command Mode Description no alarm config profile NAM...

Страница 103: ... 5 3 5 1 Modem Port Reset When connection state of this switch and network is not normal there may be some prob lem in modem port connection of CPE In this case you can reset modem port of CPE To reset modem port of CPE use the following command Command Mode Description cpe modem reset PORTS Bridge Resets modem port of CPE The following is an example of resetting modem port of CPE connected to por...

Страница 104: ...Description get FILENAME Ftp Stores system image file as CPE of this switch To download as binary mode input bin command and input hash command to download as hash mark The following exemple shows how to store CPE file ftp bin 200 Type set to I ftp hash Hash mark printing on 1024 bytes hash mark ftp get cpe local cpe remote cpe 200 PORT command successful 150 Opening BINARY mode data connection fo...

Страница 105: ...default OS of the system To display the version of CPE system image and active OS use the following command Command Mode Description show cpe version PORTS Enable Global Bridge Shows the version and active software image of CPE which is connected with a port PORT VDSL port number Step 6 Reboot the CPE in which new system image file is installed 5 3 5 3 Installing CPE System Image File in Slave Wit...

Страница 106: ... Password 230 User root logged in Remote system type is UNIX Using binary mode to transfer files ftp Step 3 Store system image file as CPE of this switch by using the following command Command Mode Description get FILENAME Ftp Store system image file as CPE of this switch To download as binary mode input bin command and input hash command to download as hash mark The following example shows how to...

Страница 107: ... cpe nos cpe SWITCH Input the port number connected to CPE which is supposed to install system image Step 6 Install the system image file to the CPE Command Mode Description cpe nos download PORTS Bridge Installs the system image file to a CPE which is con nected through a port Step 7 Reboot the CPE in which new system image file is installed 5 3 5 4 Configuring AGC Auto Gain Control AGC is the fu...

Страница 108: ...RTS Enable Global Bridge Checks cable length from CO to CPE 5 3 5 6 Auto negotiation of CPE To enable or disable the auto negotiation of CPE Ethernet port use the following com mand Command Mode Description cpe nego PORTS on Enables the auto negotiation on CPE ethernet port default on cpe nego PORTS off Bridge Disables the auto negotiation CPE ethernet port 5 3 5 7 Transmit Rate of CPE To set the ...

Страница 109: ...ows the version and active software image of CPE show cpe auto upgrade PORTS Enable Global Bridge Shows the status of auto upgrading of CPE The following is an example of checking state of CPE connected to port 1 5 SWITCH config show cpe 1 5 No NOS Version NOS Ethernet Status Download Link Speed Duplex Loopback Agc 1 1 0 3r29IK105012 Yes 21 Down 10 Half Disable agc off 1 2 1 0 3r29IK105012 Yes 21 ...

Страница 110: ...It will be updated after resetting when you install new image In the above example NOS Download is indicated as the below Feature Command NO NOS is not downloaded yet Yes NOS is being downloaded Done NOS has been successfully downloaded Fail NOS downloading is failed Tab 5 9 NOS Download i ...

Страница 111: ...nd Monitor port connecting the computer that the watch program is installed to the port configured as Monitor port Mirrored Ports 1 2 3 Monitor Port Monitoring Fig 5 5 Port Mirroring To configure port mirroring designate mirrored ports and monitor port Then enable port mirroring function Monitor port should be connected to the watch program installed PC You can designate only one monitor port but ...

Страница 112: ...etes a port from the mirrored port Step 5 To disable monitoring function use the following command Command Mode Description mirror disable Bridge Deactivate monitoring To display a configured port mirroring use the following command Command Mode Description show mirror Enable Global Bridge Shows a configured port mirroring The following is an example of enabling the port mirroring on the port 2 an...

Страница 113: ...6 1 1 Host Name Host name displayed on prompt is necessary to distinguish each device connected to network To set a new host name use the following command Command Mode Description hostname NAME Creates a host name of the switch enter the name no hostname NAME Global Deletes a configured host name enter the name The following is an example of changing host name to TEST SWITCH config hostname TEST ...

Страница 114: ... Samoa GMT 2 Maryland GMT 7 Singapore GMT 10 Hawaii Honolulu GMT 1 Azores GMT 8 Hong Kong GMT 9 Alaska GMT 0 London Lisbon GMT 9 Seoul Tokyo GMT 8 LA Seattle GMT 1 Berlin Rome GMT 10 Sydney GMT 7 Denver GMT 2 Cairo Athens GMT 11 Okhotsk GMT 6 Chicago Dallas GMT 3 Moscow GMT 12 Wellington GMT 5 New York Miami GMT 4 Teheran GMT 4 George Town GMT 5 New Dehli Tab 6 1 World Time Zone To see a configure...

Страница 115: ...orithms being used by the client in the client server relationship The NTP algorithm is much more complicated than the SNTP algorithm NTP normally uses multiple time servers to verify the time and then controls the rate of adjustment or slew rate of the PC which provides a very high degree of accuracy The algorithm deter mines if the values are accurate by identifying time server that doesn t agre...

Страница 116: ...console terminal You can change the number of displayed lines by using the command terminal length The maximum line displaying is 512 lines To set the number of the lines displaying on terminal screen use the following command Command Mode Description terminal length 0 512 Sets the number of the lines displaying on a terminal screen enter the value no terminal length Enable Restores a default line...

Страница 117: ...rver no dns server A B C D Global Removes a DNS server To display a configured DNS server use the following command Command Mode Description show dns Enable Global Bridge Shows a configured DNS server If a specific domain name is registered instead of IP address user can do telnet FTP TFTP and ping command to the hosts on the domain with domain name To search domain name use the following command ...

Страница 118: ...nd Mode Description halt PID Enable Disables the daemon operation You can display the PID of each running processs with the show process command SWITCH show process USER PID CPU MEM VSZ RSS TTY STAT START TIME COMMAND admin 1 0 2 0 2 1448 592 S Feb23 0 05 init 3 admin 2 0 0 0 0 0 0 S Feb23 0 00 keventd admin 3 0 0 0 0 0 0 SN Feb23 0 00 ksoftirqd_CPU0 admin 4 0 0 0 0 0 0 S Feb23 0 00 kswapd admin 5...

Страница 119: ...e the following command Command Mode Description ftp bind address A B C D Specifies an IP address to bind it to be the ftp client no ftp bind address Global Deletes a specified IP address as the ftp client Please be careful that the FTP bind address is also applied to TFTP server s bind address 6 1 13 System Threshold You can configure the system with various kinds of the system threshold such as ...

Страница 120: ...et a timer to block incoming traffic through specific port use the following command Command Mode Description threshold port PORTS block timer 10 3600 Set a timer to block the traffic which goes over its threshold 10 3600 expire timer unit second no threshold port PORTS block Global Deletes the configured threshold of port traffic To show the configured threshold of port traffic use the following ...

Страница 121: ... threshold of system temperature in the unit of centigrade C 40 100 system temperature default 80 no threshold temp Global Deletes a configured threshold of system temperature To show the configured threshold of system temperature use the following command Command Mode Description show status temp Enable Global Bridge Shows the status and configured threshold of system temperature 6 1 13 5 System ...

Страница 122: ...of SFP module depend ing on voltage and monitors the module The range of voltage 0 6 5535 V To delete the threshld of module operation depending on specified monitoring type use the following command Command Mode Description no threshold module rxpower voltage txbias txpower tem per alarm warning PORTS Global Deletes the configured threshold of SFP module To display the configuration of SFP module...

Страница 123: ...when using the show port module info command To display the configuration of DMI module use the following command Command Mode Description show module dmi Enable Global Bridge Displays the configuration result of DMI module This is an example of disabling the DMI module and displaying the setting result SWITCH config module dmi disable SWITCH config show module dmi Module Diagnostics Monitoring mo...

Страница 124: ... event rmon history policer policy snmp syslog time out time zone All Shows a configuration of the system with the specific option The following is an example to display the configuration of the syslog SWITCH show running config syslog syslog start syslog output info local volatile syslog output info local non volatile SWITCH 6 2 2 Writing System Configuration If you change the configuration of th...

Страница 125: ...NAME configuration file name copy FILENAME startup config Copies a specified configuration file to the startup con figuration file FILENAME configuration file name copy FILENAME1 FILENAME2 Enable Copies a specified configuration file to another configu ration file To back up a system configuration file using FTP or TFTP use the following command Command Mode Description copy ftp tftp config upload...

Страница 126: ...d Command Mode Description show startup config Shows a current startup configuration show config list Enable Global Bridge Shows a list of configuration files 6 2 5 Restoring Default Configuration To restore a default configuration of the system use the following command Command Mode Description restore factory defaults Restores a factory default configuration restore layer2 defaults Enable Restor...

Страница 127: ...work use the ping command For IP network this command transmits a message to internet control message protocol ICMP ICMP is an internet protocol that notifies fault situation and provides information on the location where IP packet is received When the ICMP echo message is received at the location its replying message is returned to the place where it came from To perform a ping test to verify net...

Страница 128: ...itted 5 received 0 packet loss time 8008ms rtt min avg max mdev 0 058 0 581 1 632 0 542 ms SWITCH When multiple IP addresses are assigned to the switch sometimes you need to verify the connection status between the specific IP address and network status In this case use the same process as ping test and then input the followings after ex tended commands It is possible to verify the connection betw...

Страница 129: ...om 172 16 1 254 icmp_seq 1 ttl 255 time 30 4 ms 108 bytes from 172 16 1 254 icmp_seq 2 ttl 255 time 11 9 ms 108 bytes from 172 16 1 254 icmp_seq 3 ttl 255 time 21 9 ms 108 bytes from 172 16 1 254 icmp_seq 4 ttl 255 time 11 9 ms 108 bytes from 172 16 1 254 icmp_seq 5 ttl 255 time 30 1 ms 172 16 1 254 ping statistics 5 packets transmitted 5 received 0 packet loss time 8050ms rtt min avg max mdev 11 ...

Страница 130: ...urce routing function from the equipment connected to PC which the PING test is going to be performed To enable disable IP source routing in the switch use the following command Command Mode Description ip icmp source route Enable IP source routing function no ip icmp source route Global Disable IP source routing function Step 2 Perform the ping test from PC as the designate route with the ping co...

Страница 131: ...d as successful ping test if reply returns within the con figured time interval Default is 2 seconds Probe count 3 Set the frequency of probing UDP packets Maximum time to live 30 The TTL field is reduced by one on every hop Set the time to trace hop transmission The number of maximum hops Default is 30 sec onds Port Number 33434 Selects general UDP port to be used for performing to trace the rout...

Страница 132: ...dynamic 4 95 3 00 0b 5d 51 3a a8 OK dynamic 6 05 SWITCH config 6 3 6 Running Time of System To display running time of the system use the following command Command Mode Description show uptime Enable Global Bridge Shows running time of the system The following is an example of displaying running time of the system SWITCH show uptime 10 41am up 15 days 10 55 0 users load average 0 05 0 07 0 01 SWIT...

Страница 133: ...with this command can be very useful to manage the switch To display information of the running processes use the following command Command Mode Description show process Enable Global Bridge Shows information of the running processes The following is an example of displaying information of the running processes SWITCH show process USER PID CPU MEM VSZ RSS TTY STAT START TIME COMMAND admin 1 0 2 0 ...

Страница 134: ...s the current usage of the system flash memory 6 3 12 Default OS The switch supports the dual OS feature You can verify the running OS in the flash memory with the show flash command When two system OSs are installed you can set one of those as the default OS To set the default OS of the system use the following command Command Mode Description default os os1 os2 Enable Sets the default OS of the ...

Страница 135: ...tion on a console screen tech support all crash info remote A B C D ftp tftp Enable Generates the tech support information in the remote place via FTP or TFTP The name of the generated information file is a info This is not changeable In case of generating the tech support information on a console screen the contents will be displayed without the screen pause regardless of your terminal configurat...

Страница 136: ...gent gets data from MIB which saves information on system and network SNMP agent sends a trap to administrator for specific cases Trap is a warning message to alert network status to SNMP administrator The switch enhances access management of SNMP agent and limits the range of OID opened to agents The following is how to configure SNMP SNMP Community Information of SNMP Agent SNMP Com2sec SNMP Gro...

Страница 137: ...ic information of the SNMP agent use the following command Command Mode Description snmp contact NAME Sets the name of the administrator snmp location LOCATION Sets the location of the SNMP agent snmp agent address A B C D Sets an IP address of the SNMP agent no snmp contact no snmp location no snmp agent address Global Deletes the specified basic information for each item The following is an exam...

Страница 138: ...eletes a specified security name enter the security name SECURITY security name show snmp com2sec Enable Global Bridge Shows a specified security name The following is an example of configuring SNMP com2sec SWITCH config snmp com2sec TEST 10 1 1 1 PUBLIC SWITCH config show snmp com2sec Com2Sec List SecName Source Community TEST 10 1 1 1 PUBLIC SWITCH config 7 1 4 SNMP Group You can create an SNMP ...

Страница 139: ...ow snmp view Enable Global Bridge Shows a created SNMP view record The following is an example of creating an SNMP view record SWITCH config snmp view TEST included 410 SWITCH config show snmp view View List ViewName Type SubTree Mask TEST included 410 SWITCH config 7 1 6 Permission to Access SNMP View Record To grant an SNMP group to access to a specific SNMP view record use the following command...

Страница 140: ... user To display a current SNMP version 3 user use the following command Command Mode Description show snmp user Enable Global Bridge Displays an SNMP version 3 user 7 1 8 SNMP Trap SNMP trap is an alert message that SNMP agent notifies SNMP manager about certain problems If you configure the SNMP trap the system transmits pertinent information to network management program In this case trap messa...

Страница 141: ... 1 5 SWITCH config snmp trap host 30 1 1 2 SWITCH config 7 1 8 3 SNMP Trap in Event Mode The system provides various kind of SNMP trap but it may inefficiently work if all these trap messages are sent very frequently Therefore you can select each SNMP trap sent to an SNMP trap host auth fail is shown to inform wrong community is input when user trying to access to SNMP inputs wrong community cold ...

Страница 142: ...res the system to send SNMP trap when mem ory usage exceeds or falls below the threshold snmp trap cpu threshold Configures the system to send SNMP trap when CPU load exceeds or falls below the threshold snmp trap port threshold Configures the system to send SNMP trap when the port traffic exceeds or falls below the threshold snmp trap temp threshold Configures the system to send SNMP trap when sy...

Страница 143: ...MP trap show snmp alarm report Enable Global Bridge Shows a collected alarm report based trap The following is an example of configuring the trap v1 host trap v2 host and inform trap host SWITCH config snmp trap host 10 1 1 1 SWITCH config snmp trap2 host 20 1 1 1 SWITCH config snmp inform trap host 30 1 1 1 SWITCH config show snmp trap snmp trap mode event Trap Host List Type Host Community infor...

Страница 144: ... has been changed via CLI To enable disable the alarm notify activity use the following command Command Mode Description snmp notify activity enable disable Global Enables disables the alarm notify activity default disable If you manage the system via the ACI E the alarm notify activity should be enabled 7 1 9 2 Alarm Severity Criterion You can set an alarm severity criterion to make an alarm be s...

Страница 145: ...severity of an alarm for illegal DHCP entry snmp alarm severity fan remove critical major minor warning intermediate Sets severity of an alarm for system fan removed snmp alarm severity ipconflict critical major minor warning intermediate Sets severity of an alarm for IP address conflict snmp alarm severity memory over critical major minor warning intermediate Sets severity of an alarm for system ...

Страница 146: ...rity use the following command Command Mode Description no snmp alarm severity fan fail no snmp alarm severity cold start no snmp alarm severity broadcast over no snmp alarm severity cpu load over no snmp alarm severity dhcp lease no snmp alarm severity dhcp illegal no snmp alarm severity fan remove no snmp alarm severity ipconflict no snmp alarm severity memory over no snmp alarm severity mfgd bl...

Страница 147: ...arning intermedi ate Sets ADVA severity of an alarm for SFP module mismatched snmp alarm severity adva psu fail critical major minor warning intermediate Sets ADVA severity of an alarm for PSU failure snmp alarm severity adva temperature critical major minor warning intermediate Sets ADVA severity of an alarm for sys tem temperature high snmp alarm severity adva voltage high criti cal major minor ...

Страница 148: ...omain ulotp critical major minor warning intermediate Global Sets severity of an alarm for loss of test packet LOTP in ERP port To delete configured severity of an alarm for ERP use the following command Command Mode Description no snmp alarm severity erp domain lotp no snmp alarm severity erp domain multi rm no snmp alarm severity erp domain reach fail no snmp alarm severity erp domain ulotp Glob...

Страница 149: ...show snmp alarm severity Enable Global Bridge Shows configured severity of alarm 7 1 10 Displaying SNMP Configuration To display all configurations of SNMP use the following command Command Mode Description show snmp Enable Global Bridge Shows all configurations of SNMP To deletes a recorded alarm in the system use the following command Command Mode Description snmp clear alarm history Global Dele...

Страница 150: ...ties to Ethernet like interfaces These manage ment capabilities were introduced to provide some basic OAM function on Ethernet media EFM OAM is complementary not competitive with SNMP management in that it provides some basic management functions at Layer 2 rather than using Layer 3 and above as required by SNMP over an IP infrastructure OAM provides single hop functionality in that it works only ...

Страница 151: ...ORTS Sends the information by using TX oam local unidirection disable PORTS Bridge Disables to transmit the information by using TX 7 2 4 Remote OAM To configure remote OAM use the following command Command Mode Description oam remote oam admin 1 2 enable disable PORTS Enables disable remote OAM oam remote oam mode 1 2 active passive PORTS Bridge Selects remote OAM mode To display the information ...

Страница 152: ... Description show oam Shows OAM configuration show oam local PORTS Shows local OAM configuration show oam remote PORTS Shows remote OAM configuration show oam remote variable 0 255 0 255 PORTS Shows remote OAM variable 0 255 branch number 0 255 leaf number show oam remote variable spe cific 0 255 0 255 0 4 PORTS Enable Global Bridge Shows remote OAM specific variable 0 255 branch number 0 255 leaf...

Страница 153: ...witches The information carries the management information that can recognize the network elements and the function This information is saved in internal Management In formation Base MIB When LLDP starts to operate the switches send their information to near switches If there is some change in local status it sends their changed information to near switch to inform their status For example if the ...

Страница 154: ...zed specific TLV can be added according to the feature of the switch For the switch the administrator can enable and disable basic TLV by selecting it To en able basic TLV by selecting it use the following command Command Mode Description lldp PORTS portdescription sysname sysdescription syscap Selects basic TLV that is sent in the port no lldp PORTS portdescription sysname sysdescription syscap B...

Страница 155: ...isplaying LLDP Configuration To display LLDP configuration use the following command Command Mode Description show lldp config PORTS Shows LLDP configuration show lldp remote PORTS Show statistics for remote entries show lldp statistics PORTS Enable Global Bridge Shows LLDP operation and statistics To delete an accumulated statistics on the port use the following command Command Mode Description c...

Страница 156: ...performance degradation and not to overload network transmission caused by RMON There are nine RMON MIB groups de fined in RFC 1757 Statistics History Alarm Host Host Top N Matrix Filter Packet Cap ture and Event The switch supports two MIB groups of them most basic ones Statistics only for uplink ports and History 7 4 1 RMON History RMON history is periodical sample inquiry of statistical data ab...

Страница 157: ...ne the bucket count for the interval show Show running system information write Write running configuration to memory or terminal SWITCH config rmonhistory 5 7 4 1 1 Source Port of Statistical Data To specify a source port of statistical data use the following command Command Mode Description data source NAME RMON Specifies a data object ID NAME enters a data object ID ex ifindex n1 port1 7 4 1 2 ...

Страница 158: ...vating RMON history check if your configuration is correct After RMON history is activated you cannot change its configuration If you need to change configuration you need to delete the RMON history and configure it again 7 4 1 6 Deleting Configuration of RMON History When you need to change a configuration of RMON history you should delete an existing RMON history To delete an RMON history use th...

Страница 159: ...ntify subject of alarm use the following command Command Mode Description owner NAME RMON Identifies subject using relevant data enter the name max 32 characters 7 4 2 2 Object of Sample Inquiry To assign object used for sample inquiry use the following command Command Mode Description sample variable MIB OBJECT RMON Assigns MIB object used for sample inquiry 7 4 2 3 Absolute and Delta Comparison ...

Страница 160: ...threshold VALUE 0 2147483647 After configuring upper bound of threshold configure to generate RMON event when ob ject is more than configured threshold Use the following command Command Mode Description rising event 1 65535 RMON Configures to generate RMON event when object is more than configured threshold 1 65535 event index 7 4 2 5 Lower Bound of Threshold If you need to occur alarm when object...

Страница 161: ...p type rising RMON Configures the first Alarm to occur when object is firstly more than upper bound of threshold To configure the first alarm to occur when object is firstly more than threshold or less than threshold use the following command Command Mode Description startup type rising and falling RMON Configures the first Alarm to occur when object is firstly more than threshold or less than thr...

Страница 162: ...tion rmon event 1 65535 Global Opens RMON Event Configuration mode 1 65535 index number 7 4 3 1 Event Community When RMON event is happened you need to input community to transmit SNMP trap message to host Community means a password to give message transmission right To configure community for trap message transmission use the following command Command Mode Description community NAME RMON Configur...

Страница 163: ...nt type as log type Event of log type is sent to the place where the log file is made type trap Configures event type as trap type Event of trap type is sent to SNMP administrator and PC type log and trap Configures event type as both log type and trap type type none RMON Configures none event type 7 4 3 5 Activating RMON Event After finishing all configurations you should activate RMON event To a...

Страница 164: ...crit err warning notice info debug console Generates a syslog message of selected level or higher and forwards it to the console syslog output emerg alert crit err warning notice info debug local volatile non volatile Generates a syslog message of selected level or higher in the system memory volatile deletes a syslog message after restart non volatile reserves a syslog message syslog output emerg...

Страница 165: ...ves a syslog message syslog output priority auth authpriv kern local0 local1 local2 local3 local4 local5 local6 local7 syslog user emerg alert crit err warning notice info remote A B C D Global Generates a user defined syslog message with a prior ity and forwards it to a remote host To disable a user defined syslog output level use the following command Command Mode Description no syslog output pr...

Страница 166: ...mote 10 1 1 1 local1 info console SWITCH config 7 5 2 Facility Code You can set a facility code of the generated syslog message to send them remote syslog server This code make a syslog message distinguished from others so network adminis trator can handle various syslog messages efficiently Facility code is only used with sys log messages to send to remote syslog server To set a facility code use...

Страница 167: ...tion 7 5 5 Disabling Syslog To disable the syslog use the following command Command Mode Description no syslog Global Disables the syslog The syslog is basically enabled in the system 7 5 6 Displaying Syslog Message To display the received syslog message in the system memory use the following com mand Command Mode Description show syslog local volatile non volatile NUMBER Shows the received syslog...

Страница 168: ... is Fault Aug 28 04 16 21 system Power A is Ok Aug 28 04 16 21 system Power A is Fault Aug 28 04 16 27 system Power A is Ok Aug 28 04 16 34 system Power A is Fault Aug 28 04 19 14 system Power A is Ok Aug 28 04 19 15 system Power A is Fault Aug 28 06 14 12 system Power A is Ok Aug 28 06 14 13 system Power A is Fault Aug 28 11 52 03 login 222 admin login on ttyp0 from 10 100 158 158 Aug 28 11 54 21...

Страница 169: ...ing traffic QoS can apply processing order to traffic by reorganizing priorities according to its importance By favor of QoS you can predict network performance in advance and manage bandwidth more efficiently The QoS provides the following benefits Control over network resources Bandwidth delay and packet loss can be effectively controlled by QoS feature The net work administrator can limit the b...

Страница 170: ... CoS Differentiated Services Code Point DSCP and so on A unique name needs to be assigned to each flow Class Includes more than 2 flows for the efficient traffic management in the application of rule to this set of flows Additionally a unique name needs to be assigned to each class Policer Defines the packet counter coloring rate limit including metering function which will be applied to specified...

Страница 171: ...Round Robin DWRR An already applied rule can not be modified It needs to be deleted and then created again with changed values Weight can be used to additionally adjust the scheduling mode per queue in DWRR mode Weight controls the scheduling precedence of the internal packet queues Fig 7 1 shows the relationship of Flow Class Policer and Policy on basic structure of Rule Flow Class Policer Policy...

Страница 172: ...ges from SWITCH config to SWITCH config flow NAME To delete configured Flow or all Flows use the following command Command Mode Description no flow NAME Deletes specified flow no flow all Global Deletes all flows After opening Flow Configuration mode a flow can be configured by user The packet classification can be configured for each flow The flow name must be unique Its size is limited to 32 sig...

Страница 173: ...stination IP address A B C D M source destination IP address with mask any any source destination IP address ip A B C D A B C D M any A B C D A B C D M any tcp udp 1 65535 any 1 65535 any Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 65535 TCP UDP source destination port range any an...

Страница 174: ...re tos 0 255 any Classifies all ToS field 0 255 ToS value any any ToS value ignore ip precedence 0 7 any Classifies IP precedence 0 7 IP precedence value any any IP precedence value ignore length 21 65535 any Classifies a packet length This can be used only in the extension mode 21 65535 IP packet length any any IP packet length ignore ethtype TYPE NUM arp any Classifies the Ethernet type TYPE NUM...

Страница 175: ... configurations on Flow Configuration mode will be lost To save and apply a flow use the following command Command Mode Description apply Flow Applies a flow to the system To modify a flow use the following command Command Mode Description flow NAME modify Global Modifies a flow enter a flow name You should save and apply the flow to system whenever you modify or configure the flow 7 6 2 4 Class C...

Страница 176: ...classified packets according to the policer settings you need to create a policer and open Policer Configuration mode To open Policer Configuration mode use the following command Command Mode Description policer NAME create Global Creates a policer and opens Policer Configuration mode NAME policer name After opening Policer Configuration mode the prompt changes from SWITCH config to SWITCH config ...

Страница 177: ...them These packets on null port are eventually eliminated from the network To count a number of dropped packets use the following command Command Mode Description action match redirect blackhole Policer Sends the dropped packets to Null port for the packet counter To reset a collected policy counter use the following command Command Mode Description clear policy counter NAME all Enable Global Brid...

Страница 178: ...sified packets in specified policer use the follow ing command Command Mode Description rate limit BANDWIDTH Policer Sets the bandwidth for classified packets belonging to specified policer unit kbps Rate limiting is able to use a token bucket algorithm of metering If some traffic exceeds the rate limit because of its burst size you can control burst capability of incoming or out going traffic by ...

Страница 179: ...the following command Command Mode Description policer NAME modify Global Modifies a policer enter a policer name 7 6 4 Rule Action 7 6 4 1 Policy Creation To configure a policy you need to open Policy Configuration mode first To open Policy Configuration mode use the following command Command Mode Description policy NAME create Global Creates a policy and opens Policy Configuration mode NAME poli...

Страница 180: ...w name include class NAME Includes specified class in policy NAME class name include policer NAME Policy Includes specified policer in policy NAME policer name One policy is not able to include both flow and class at the same time Either flow or class can belong to one policy Only one policer can belong to one policy To remove flow or class policer from the policy use the following command Command...

Страница 181: ...erated at a given rate CIR PIR CBS EBS PBS Token Fig 7 3 Token Bucket Meter Single Rate Three Color Marker srTCM The srTCM meters an IP packet stream and marks its packet the one among green yel low and red using Committed Information Rate CIR and two associated burst sizes Committed Burst Size CBS and Excess Burst Size EBS A packet is marked green if it does not exceed the CBS yellow if it exceed...

Страница 182: ...or of the srTCM Token Packet Token CBS EBS Bucket C Bucket E Green Color Marking Tokens are regenerated based on CIR Tokens are regenerated based on CIR Tokens are decremented by the size of the packet Token Fig 7 4 Behavior of srTCM 1 Empty Packet Token CBS EBS Bucket C Bucket E Yellow Color Marking Tokens are regenerated based on CIR Tokens are regenerated based on CIR If the bucket C is empty t...

Страница 183: ...nerating rate of tokens for PBS and CBS respectively which is measured in bytes of IP packets per second PIR must be equal to or greater than CIR PBS and CBS are the maximum size for each token bucket P and C measured in bytes Both of them must be configured with the values equal to or greater than the size of the largest possible IP packet in the stream The token buckets P and C are initially ful...

Страница 184: ...th buckets are decremented by the size of the packet Token Tokens are regenerated based on PIR faster than CIR Fig 7 7 Behavior of trTCM 1 Token Packet Empty PBS CBS Bucket P Bucket C Yellow Color Marking Tokens are regenerated based on PIR faster than CIR Tokens are regenerated based on CIR Token If the bucket C is empty the tokens in the bucket P are decremented by the size of the packet Fig 7 8...

Страница 185: ...n the color aware mode the meter assumes that some preceding entity has pre colored the in coming packet stream so that each packet is the one among green yellow and red To specify the value for metering parameters use the following command Command Mode Description color cir BANDWIDTH cbs BURST Specifies CIR and CBS BANDWIDTH regenerating rate of token unit Kbps BURST maximum size of token bucket ...

Страница 186: ...t number action match mirror Sends a copy of classified packets to mirror monitoring port action match vlan VLANS Specifies a VLAN ID of classified packets VLANS VLAN ID 1 4094 action match copy to cpu Sends classified packets to CPU action match route next hop A B C D Policy Specifies next hop address of classified packets A B C D In this switch redirect command cannot be configured when MAC filt...

Страница 187: ... In this switch you can configure some parameters such as CoS DSCP and queue for Bridge based CoS Marking To configure Bridge based CoS Marking use the following command Command Mode Description qos mark inbound port cos port PORTS cos 0 7 Marks 802 1p class of service for incoming packets through a port enter CoS value port cos port based user priority marking for untagged packets 0 7 CoS value q...

Страница 188: ... inbound port queue Enable Global Bridge Shows the bridge based CoS marking configuration of specified parameter Policy based CoS Marking To configure Policy based CoS Marking with specified values use the following command Command Mode Description action match queue 0 7 Policy Marks the packets with queue number 0 7 queue number Command Mode Description action match cos 0 7 Marks the packets with...

Страница 189: ...a configured remarking function by different parameter In this switch L3 table has a higher priority than L2 table in Traffic Policing based CoS Remarking status L2 table has a lower priority than L3 all the time except when user does not select L3 table It follows the configuration of L3 table when both L3 and L2 ta bles are selected by user If the remarking function is enabled in this switch it ...

Страница 190: ...n yellow red dscp 0 63 dp no qos remark color green yellow red dscp 0 63 dscp no qos remark color green yellow red dscp 0 63 queue no qos remark color green yellow red queue 0 7 no qos remark color green yellow red queue 0 7 cos no qos remark color green yellow red queue 0 7 dp no qos remark color green yellow red queue 0 7 dscp no qos remark color green yellow red queue 0 7 queue Global Deletes t...

Страница 191: ...ode Description no interface binding port in gress PORTS Removes an attached policy from ingress port no interface binding vlan Policy Removes an attached policy from vlan 7 6 4 7 Applying and Modifying Policy After configuring a policy using the above commands apply it to the system with the fol lowing command If you do not apply the policy to the system all specified configurations from Policy C...

Страница 192: ...of a certain type use the following command Command Mode Description show flow class policer policy NAME show flow class policer policy detail NAME Enable Global Bridge Shows the information relating to each rule enter a rule name show running config flow policer policy All Shows all configurations of each rule ...

Страница 193: ...nges from SWITCH config to SWITCH config admin flow NAME To delete configured admin flow or all admin flows use the following command Command Mode Description no flow admin NAME Deletes specified admin flow no flow admin all Global Deletes all admin flows After opening Admin Flow Configuration mode a flow can be configured by user The packet classification can be configured for each admin flow The...

Страница 194: ...message code number ip A B C D A B C D M any A B C D A B C D M any tcp udp Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address ip A B C D A B C D M any A B C D A B C D M any tcp udp 0 65535 any 0 65535 any Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M sour...

Страница 195: ...low admin NAME modify Global Modifies a flow enter an admin flow name You should save and apply the admin flow to system using apply command whenever you modify any configuration of the admin flow 7 6 6 4 Class Creation One class can include several flows You can simply handle and configure the packets on several flows at once To create a class including more than 2 flows use the following command...

Страница 196: ...s in each admin policy The admin policy name must be unique Its size is limited to 32 significant characters The admin policy name cannot start with the alphabet a or A The order in which the following configuration commands are entered is arbitrary The configuration of an admin policy being configured can be changed as often as wanted until the apply command is entered Use the show policy profile...

Страница 197: ...y the rule action action match for the packets matching configured classifying patterns use the following command Command Mode Description action match deny Denies a packet action match permit Admin Policy Permits a packet To delete a specified rule action action match use the following command Command Mode Description no action match deny no action match permit Admin Policy Deletes a specified ru...

Страница 198: ...cy admin NAME modify Global Modifies an admin policy NAME admin policy name 7 6 8 Displaying Admin Rule To show an admin rule profile configured by user use the follwing command Command Mode Description show flow profile admin Admin Flow Shows a profile of admin flow show policy profile admin Admin Policy Shows a profile of admin policy The following command can be used to show a certain rule by i...

Страница 199: ...y Queuing SP and Deficit Weighted Round Robin DWRR Strict Priority Queuing SP SPQ processes first more important data than the others Since all data are processed by their priority data with high priority can be processed fast but data without low priority might be delayed and piled up This method has a strong point of providing the distin guished service with a simple way However if the packets h...

Страница 200: ...cheduling algorithm keeps the re mainder of packet length from previous round and compensates for it in the next round If a queue is not able to send a packet because its packet size is larger than the available bytes then the unused bytes are credited to the next round Fig 7 12 Deficit Weighted Round Robin Different queues have different weights and the packet length assigned to each queue in its...

Страница 201: ...rnally by DWRR However if you select SP packet scheduling mode for one port and make one group include several queues on DWRR packet scheduling mode this group implements as if it is one single queue The scheduling mode of all queues is SP but a group including several queues operates in DWRR 7 6 9 2 Weight To set a weight for DWRR scheduling mode use the following command Command Mode Description...

Страница 202: ...nit of kbps min bandwidth BANDWIDTH max bandwidth BANDWIDTH Policer Sets a minimum maximum bandwidth for each flow BANDWIDTH bandwidth in the unit of kbps To reset a minimum and maximum bandwidth allocated for each flow use the following command Command Mode Description no min max bandwidth BAND WIDTH Policer Resets a minimum maximum bandwidth for each flow BANDWIDTH bandwidth in the unit of MB Th...

Страница 203: ...display the total number of buffers for a port and queue use the following command Command Mode Description show qos max queue length port PORTS Global Shows the total number of buffers for a port and queue PORTS port number 7 6 9 5 Queue Status To display a current queue status use the following command Command Mode Description show queue status cpu PORTS 0 7 Enable Global Bridge Shows a current ...

Страница 204: ...ty of packets Unlike RED WRED is not as ran dom when dropping packets WRED combines the capabilities of the RED algorithm with the IP precedence feature to provide for preferential traffic handling of high priority pack ets To utilize WRED function start queue length value end queue length value and drop probability are necessary Start queue length represents the starting point of random packet dr...

Страница 205: ...e unit of 256 bytes 1 15 drop probability qos wred profile 0 3 weight 0 7 1 15 Global Creates and configures a WRED profile with specific queue number and weight 0 7 queue number 1 15 WRED queue weight default 9 WRED function needs to be enabled on specific port to apply WRED profile to port To enable WRED function and apply it to a port use the following command Command Mode Description qos wred ...

Страница 206: ...ltering function Without NetBIOS filtering customer s data may be opened to each other even though the data should be kept To keep customer s information and prevent sharing information in the above case NetBIOS filtering is necessary Internet Information Shared Needs to prevent sharing information between customers LAN environment for Internet Service Fig 7 14 NetBIOS Filtering To enable disable ...

Страница 207: ...esses that can be learned on the system has the priority To configure max new hosts use the following command Command Mode Description max new hosts PORTS VALUE The number of MAC addresses that can be learned on the port for a second VALUE maximum MAC number 1 2147483646 max new hosts system VALUE Bridge The number of MAC addresses that can be learned on the system for a second VALUE maximum MAC n...

Страница 208: ... of the port 7 9 1 Port Security on Port Step 1 Enable port security on the port Command Mode Description port security PORTS Bridge Enables port security on the port Step 2 Set the maximum number of secure MAC addresses for the port Command Mode Description port security PORTS maximum 1 16384 Bridge Sets the maximum number of secure MAC addresses for the port default 1 Step 3 Set the violation mo...

Страница 209: ... MAC addresses while still limiting the number of secure addresses on a port Command Mode Description port security PORTS aging static Enables aging for configured secure addresses port security PORTS aging time 1 1440 Configures aging time in minutes for the port All the secure addresses age out exactly after the time port security PORTS aging type absolute inactivity Bridge Configures aging type...

Страница 210: ...ered by user This will not be removed regardless of the MAC aging time before remov ing it manually To manage a MAC table in the system use the following command Command Mode Description mac NAME PORT MAC ADDR Specifies a static MAC address in the MAC table NAME bridge name PORT port number MAC ADDR MAC address mac aging time 10 21474830 Bridge Specifies MAC aging time 10 21474830 aging time defau...

Страница 211: ... And it is difficult to find information you need at one sight So the system shows a certain amount of addresses displaying more on standby status Press any key to search more After you find the in formation you can go back to the system prompt without displaying the other table by pressing q 7 11 MAC Filtering It is possible to forward frame to MAC address of destination Without specific perform ...

Страница 212: ...19 PERMIT 20 PERMIT 21 PERMIT 22 PERMIT 23 PERMIT 24 PERMIT 25 PERMIT 26 PERMIT 27 PERMIT 28 PERMIT 29 PERMIT 30 PERMIT 31 PERMIT 32 PERMIT 33 PERMIT SWITCH config 7 11 2 Adding Policy of MAC Filter You can add the policy to block or to allow some packets of specific address after config uring the basic policy of MAC Filtering To add this policy use the following command in Bridge Configuration mo...

Страница 213: ... bridge 7 11 3 Deleting MAC Filter Policy To delete MAC filtering policy use the following command Command Mode Description mac filter del SOURCE MAC ADDRESS Bridge Deletes filtering policy for specified MAC address To delete MAC filtering function use the following command Command Mode Description no mac filter Bridge Deletes all MAC filtering functions 7 11 4 Listing of MAC Filter Policy If you ...

Страница 214: ...uitous ARP Proxy ARP 7 12 1 ARP Table Hosts typically have an ARP table which is a cache of IP MAC address mappings The ARP Table automatically maps the IP address to the MAC address of a switch In addition to address information the table shows the age of the entry in the table the encapsula tion method and the switch interface VLAN ID where packets are forwarded The switch saves IP MAC addresses...

Страница 215: ...terface name default br2 7 12 2 ARP Alias Although clients are joined in the same client switch it may be impossible to communi cate between them for security reasons When you need to make them communicate each other the switch supports ARP alias which responses the ARP request from client net through the concentrating switch To register the address of client net range in ARP alias use the followi...

Страница 216: ...ple Host B generates a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP ad dress of Host A If Host C responses with an IP address of Host A or B and a MAC ad dress of Host C Host A and Host B can use Host C s MAC address as the destination MAC address for traffic intended for Host A and Host B ARP Inspection is a security feature that val...

Страница 217: ...ch have not learned before on ARP inspection table or a specific MAC address any ignores sender IP MAC address host sender host MACADDR sender MAC address deny ip host A B C D mac any host MACADDR Discards ARP packets from a specific host MACADDR MAC address deny ip range A B C D A B C D mac any Discards ARP packets of a given range of IP ad dresses A B C D start end IP address of sender deny ip A...

Страница 218: ...ode Description no permit ip any mac any host MACADDR no permit ip host A B C D mac any host MACADDR no permit ip range A B C D A B C D mac any no permit ip A B C D A mac any host MACADDR ARP ACL Deletes a configured range of IP address to permit ARP packets any ignores sender MAC address host sender host MACADDR sender MAC address A B C D start end IP address of sender A B C D A sender IP network...

Страница 219: ...ecific VLAN using the ip arp inspection filter command 7 12 3 3 ARP Address Validation The switch also provides the ARP validation feature Regardless of a static ARP table the ARP validation will discard ARP packets in the following cases In case a sender MAC address of ARP packet does not match a source MAC address of Ethernet header In case a target MAC address of ARP reply packet does not match...

Страница 220: ...3 5 ARP Inspection Log buffer Log buffer function shows the list of subscribers who have been used invalid fixed IP ad dresses This function saves the information of users who are discarded by ARP inspec tion and generates periodic syslog messages Log buffer function is automatically enabled with ARP inspection If this switch receives invalid or denied ARP packets by ARP inspection it creates the ...

Страница 221: ...isplay a status of the ARP inspection use the following command Command Mode Description show ip arp inspection vlan VLANS Shows a status of the ARP inspection show ip arp inspection statistics vlan VLANS Enable Global Bridge Shows collected statistics of the ARP inspection To clear collected statistics of the ARP inspection use the following command Command Mode Description clear ip arp inspectio...

Страница 222: ...tuitous ARP TIME transmit interval COUNT transmit count no arp patrol Global Disables a gratuitous ARP The following is an example of configuring the transmission interval as 10 sec and trans mission times as 4 and showing it SWITCH config arp patrol 10 4 SWITCH config show running config Building configuration Current configuration hostname SWITCH Omitted arp patrol 10 4 no snmp SWITCH config ...

Страница 223: ...quest on Subnet A including the switch s Br1 interface but does not reah Host D This switch does not forward broadcasts by default Since the switch knows that the target address Host D s IP address is on another subnet and can reach Host D it will reply with its own MAC address to Host A The Proxy ARP reply that switch sends to Host A The proxy ARP reply packet is encap sulated in an Ethernet fram...

Страница 224: ...to distinguish each different ICMP message and code field value helps to distinguish each type in detail The following table shows explanation for fifteen values of ICMP message type Type Value Type Value ICMP_ECHOREPLY 0 ICMP_DEST_UNREACH 3 ICMP_SOURCE_QUENCH 4 ICMP_REDIRECT 5 ICMP_ECHO 8 ICMP_TIME_EXCEEDED 11 ICMP_PARAMETERPROB 12 ICMP_TIMESTAMP 13 ICMP_TIMESTAMPREPLY 14 ICMP_INFO_REQUEST 15 ICM...

Страница 225: ... be sent within 1 second after the last message has been sent To configure interval to transmit ICMP message the administrator should configure the type of message and the interval time Use the following command to configure the interval for transmit ICMP message Command Mode Description ip icmp interval rate mask MASK Global Configures the interval for transmit ICMP message MASK user should input...

Страница 226: ...7 2 Mask Calculation of Default Value To configure the limited ICMP transmission time use the following command Command Mode Description ip icmp interval rate limit IN TERVAL Global Configures a limited ICMP transmission time INTERVAL 0 2000000000 unit 10 ms The default ICMP interval is 1 second 100 ms To return to default ICMP configuration use the following command Command Mode Description ip ic...

Страница 227: ...ch transmits cookies with SYN to a person who tries to make TCP connection And only when transmitted cookies are returned it is pos sible to permit TCP connection This function prevents connection overcrowding because of accessed users who are not using and helps the other users use service To permit connection only when transmitted cookies are returned after sending cookies with SYN use the follo...

Страница 228: ...options using the following command Command Mode Description debug packet OPTION Enable Shows packet dump using options Tab 7 3 shows the options for packet dump Option Description a Change Network Broadcast address to name d Change the complied packet matching code to readable letters and close it e Output link level header of each line f Output outer internet address as symbol l Buffer output da...

Страница 229: ...nformation can be leaked as the amount Therefore user should adjust the size as header size of protocol T TYPE Display the selected packets by conditional expression as the intended type rpc Remote Procedure Call rtp Real time Transport Protocol rtcp Real time Transport Control Protocol vat Visual Audio Tool wb distributed White Board EXPRESSION Conditional expression Tab 7 3 Options for Packet Du...

Страница 230: ...yzes the packet transmission and sFlow agent collects packets in flow interface statistics and sends them to sFlow collector The following diagram illustrates how the object instances of Agent Sampler Poller and Receiver are linked together in memory when the agent is running sFlow Receiver sFlow Device Packet sample from switch fabric sFlow Agent ASIC RMON ASIC sFlow Sampler Interface counter sFl...

Страница 231: ...agent can hold multiple samplers and pollers but each sampler and poller points to only one receiver Sampler This is used to collect packet samples for each interface Poller This is used to collect counter samples for each interface Receiver This is used to encode the flow and counter samples into UDP data grams sFlow implementation of the switch has the following restrictions so you should keep i...

Страница 232: ... Mode Description sflow port PORTS max header size 16 256 Configures the maximum header size of incoming sample packets to specific port 16 256 maximum IP header size value default 128 no sflow port PORTS max header size Global Deletes configured maximum header size of sample packets 7 16 5 Counter Interval To set the interval to send interface counter information to sFlow poller use the following...

Страница 233: ...ector use the following command Command Mode Description collect port 1 65535 Specifies UDP port of sFlow collector 1 65535 UDP port number default 6343 no collect port Receiver Deletes specified UDP port of sFlow collector 7 16 7 3 Maximum Datagram Size To set the maximum datagram size of sampling packets which are transmitted through re ceiver use the following command Command Mode Description m...

Страница 234: ... when sFlow function of specific port was already enabled in the system you should assign the configured receiver index of that port for transmitting sampling packets to sFlow collector To specify configured receiver index to port use the following command Command Mode Description sflow port PORTS receiver index 1 65535 Specifies a receiver index of port to transmit sampling packets to sFlow colle...

Страница 235: ...cessary traffic loading because of broadcast you can get cost effective network composition since switch is not needed Enhanced Security When using a shared bandwidth LAN there is no inherent protection provided against unwanted eavesdropping In addition to eavesdropping a malicious user on a shared LAN can also induce problems by sending lots of traffic to specific targeted users or net work as a...

Страница 236: ...rs of the architec ture for example by using a Network layer router with connections to two or more VLANs Multicast traffic or traffic destined for an unknown unicast address arriving on any port will be flooded only to those ports that are part of the same VLAN This provides the de sired traffic isolation and bandwidth preservation The use of port based VLANs effec tively partitions a single swit...

Страница 237: ...ge Configures a PVID PORTS port numbers PVIDS PVID 1 4094 multiple entries possible 8 1 1 3 Assigning Port to VLAN To assign a port to VLAN use the following command Command Mode Description vlan add VLANS PORTS tagged untagged Assigns a port to VLAN VLANS VLAN ID 1 4094 PORTS port number vlan del VLANS PORTS Bridge Deletes associated ports from specified VLAN VLANS VLAN ID 1 4094 PORTS port numbe...

Страница 238: ... ID 1 4094 no vlan pvid PORTS ethertype ETHERTYPE Bridge Deletes a port from a protocol based VLAN Because Protocol Based VLAN and normal VLAN run at the same time Protocol Based VLAN operates only matched situation comparing below two cases 1 When Untagged Frame comes in and matches with Protocol VLAN Table tags PVID which configured on Protocol VLAN But in no matched situation tags PVID which co...

Страница 239: ...rk the boundaries of its IP subnet can automatically adjust to accommodate the station s ad dress VLAN 1 IP Subnet 192 168 10 0 VLAN 2 IP Subnet 192 168 20 0 VLAN 3 IP Subnet 192 168 30 0 Fig 8 2 Subnet based VLAN To configure subnet based VLAN use the following command Command Mode Description vlan subnet A B C D M VLANS Bridge Configures subnet based VLAN VLANS VLAN ID 1 4094 To clear subnet bas...

Страница 240: ...es recalculation of the FCS possibly compromising frame integrity VLAN aware end stations can further reduce the performance load of edge switches Tag insertion may increase the length of a frame be yond the maximum allowed by legacy equipment Tab 8 1 Advantages and Disadvantages of Tagged VLAN Mapping Frames to VLAN From the perspective the VLAN aware devices the distinguishing characteristic of ...

Страница 241: ...onfigure precedence between MAC based VLAN and Subnet based VLAN 8 1 8 Displaying VLAN Information User can display the VLAN information about Port based VLAN Protocol based VLAN MAC based VLAN Subnet based VLAN and QinQ Command Mode Description show vlan Shows all VLAN configurations show vlan VLANS Shows a configuration for specific VLAN show vlan description Shows a description for specific VLA...

Страница 242: ...agging part Double tagging is implemented with another VLAN tag in Ethernet frame header Preamble Destination Source 802 1Q VLAN Tag Type Length LLC Data FCS TPID 8100 Priority Canonical 12 bit identifier VLAN Ethernet Frame Preamble Destination Source 802 1Q VLAN Tag Type Length LLC Data FCS VLAN Tag TPID 8100 9100 Priority Canonical 12 bit identifier TPID 8100 Priority Canonical 12 bit identifie...

Страница 243: ...put port Step 2 If received packet is tagged with CVLAN the switch transmits it to uplink port changing to SPVLAN CVLAN When TPID value of received packet is same with TPID of port it recognizes as SPVLAN and if not as CVLAN Step 3 If Egress port is Access port Access port is configured as Untagged remove SPVLAN If egress port is uplink port transmit as it is Step 4 The switch switch has 0x8100 TP...

Страница 244: ...owing command to set TPID on a QinQ port Command Mode Description vlan dot1q tunnel tpid TPID Bridge Configures TPID 8 1 10 Layer 2 Isolation Private VLAN is a kind of LAN Security function using by Cisco products and it can be classified to Private VLAN and Private edge Until now there is no standard document of it Private VLAN Edge Private VLAN edge protected port is a function in local switch T...

Страница 245: ...10 1 Shared VLAN This chapter is only for Layer 2 switch operation Because there is no routing information in Layer 2 switch each VLAN cannot communicate Especially the uplink port should re ceive packets from all VLANs Therefore when you configure the switch as Layer 2 switch the uplink ports must be included in all VLANs default br2 br3 br4 br5 Outer Network Uplink Port SWITCH bridge show vlan u...

Страница 246: ...dentification Because the same FID is managed in the same MAC table it can recognize how to process packet forwarding If the FID is not same the system cannot know the information from MAC table and floods the packets default br2 br3 br4 br5 Outer Network Uplink Port SWITCH bridge show vlan u untagged port t tagged port 1 2 3 4 Name VID FID 123456789012345678901234567890123456789012 default 1 6 u ...

Страница 247: ...nfiguration mode using the flow NAME create command See Section 7 6 2 1 Step 2 Classify the packet that VLAN Translation will be applied by flow See Section 7 6 2 2 Step 3 Designate the VLAN ID that will be changed in the first step by the match vlan 1 4094 command Step 4 Open Bridge Configuration mode using the bridge command Step 5 Add the classified packet to VLAN members of the VLAN ID that wi...

Страница 248: ...Port based VLAN The following is deleting br3 among configured VLAN SWITCH bridge vlan del br3 3 SWITCH bridge exit SWITCH config interface br3 SWITCH interface shutdown SWITCH interface exit SWITCH config bridge SWITCH bridge no vlan br3 SWITCH bridge show vlan u untagged port t tagged port 1 2 3 Name VID FID 123456789012345678901234567890123 default 1 1 u uuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2 2 2 u ...

Страница 249: ...ng to the port based VLAN Sample Configuration 4 Configuring QinQ Port 10 of SWITCH 1 and port 11 of SWITCH 2 are connected to the network where dif ferent VLANs are configured To communicate without changing VLAN configuration of SWITCH 1 and SWITCH 2 which communicate with PVID 10 configure it as follows You should configure the ports connected to network communicating with PVID 11 as Tagged VLA...

Страница 250: ... Configure br2 br3 br4 in the switch configured Layer 2 environment and port 24 as Up link port is configured To transmit untagged packet through Uplink port rightly follow be low configuration default br2 br3 br4 br5 Outer Network Uplink Port SWITCH bridge vlan create br2 SWITCH bridge vlan create br3 SWITCH bridge vlan create br4 SWITCH bridge vlan del default 3 8 SWITCH bridge vlan add br2 3 4 ...

Страница 251: ...vlan add br5 1 42 untagged SWITCH bridge vlan fid 1 5 5 SWITCH bridge show vlan u untagged port t tagged port 1 2 3 Name VID FID 123456789012345678901234567890123 default 1 5 uu uuuuuuuuuuuuuuuuuuuuuuuuu br2 2 5 uu u br3 3 5 uu u br4 4 5 uu u br5 5 5 uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu SWITCH bridge ...

Страница 252: ... the other hand in case of LACP once you specify LACP member ports between the switches the ports will be automatically aggre gated by LACP without manually configuring the aggregated ports 8 2 1 Port Trunk Port trunking enables you to dynamically group the similarly configured interfaces into a single logical link aggregate port to increase bandwidth while reducing the traffic con gestion 8 2 1 1...

Страница 253: ...LAN Therefore if the member port and aggregated port exist in different VLAN each other VLAN configuration should be changed for their aggregation 8 2 1 2 Disabling Port Trunk To disable the configured port trunk use the following command Command Mode Description no trunk 0 4 PORTS Bridge Releases a configured trunk port 0 4 trunk group ID If a port is deleted from a logical port or the port trunk...

Страница 254: ...es LACP of designated Aggregator number AGGREGATIONS select aggregator ID that should be enabled for LACP valid value from 0 to 4 Step 2 Configure the physical port that is a member of aggregated port To configure the member port use the following command Command Mode Description lacp port PORTS Bridge Configures physical port that is member port of aggre gator select the port number s that should...

Страница 255: ...mand Mode Description no lacp port activity PORTS Bridge Deletes the configured operation mode of the member port 8 2 2 3 Priority of Switch In case the member ports of connected switches are configured as Active mode LACP system enabled it is required to configure which switch would be a standard for it For this case the user could configure the priority on switch The following is the command of ...

Страница 256: ... Configures BPDU transmission rate PORTS select the port number short short timeout 1 sec long long timeout 30 sec default To delete BPDU transmission rate use the following command Command Mode Description no lacp port timeout PORTS Bridge Clears BPDU transmission rate of configured member port select the port number 8 2 2 6 Administrational Key Member port of LACP has key value All member ports ...

Страница 257: ...selected mem ber port select the member port number 8 2 2 8 Displaying LACP Configuration To display a configured LACP use the following command Command Mode Description show lacp aggregator Shows the information of aggregated port show lacp aggregator AGGRE GATIONS Shows the information of selected aggregated port show lacp port Shows the information of member port show lacp port PORTS Shows the ...

Страница 258: ...st packet that causes endless packet floating on the LAN like loop topology That superfluous traffic eventually can result in network fault It causes superfluous data transmission and network fault Switch A Switch B PC A PC B Fig 8 9 Example of Loop The spanning tree protocol STP is the function to prevent the loop in LAN with more than two paths and to utilize the double paths efficiently It is d...

Страница 259: ... compatibil ity with IEEE 802 1d The switch provides STP RSTP and MSTP For more detail description of STP and RSTP refer to the following sections STP Operation RSTP Operation MSTP Operation Enabling STP Function Required Configuring MSTP PVSTP Mode STP Basic Configuration Configuring MSTP Configuring PVSTP Root Guard Restarting Protocol Migration Loop Back Detection BPDU Configuration Sample Conf...

Страница 260: ...1 Root Switch After configuring STP switches exchange their information The priority of SWITCH A is 8 the priority of SWITCH B is 9 and the priority of SWITCH C is 10 In this case SWITCH A is automatically configured as root switch Designated Switch After deciding a root switch when SWITCH A transmits packet to SWITCH C SWITCH A compares the exchanged BPDU to decide a path The critical information...

Страница 261: ...re same bridge ID is compared Designated Port and Root Port A root port is the port in the active topology that provides connectivity from the designated switch toward the root A designated port is a port in the active topology used to forward traffic away from the root onto the link for which this switch is the designated switch That is except root port in each switch the selected port to communi...

Страница 262: ...t be active BPDUs indicate port should not be active Forwarding timer expired Disabled Fig 8 14 Port State Blocking a port that is enabled but that is neither a Designated port nor a Root port will be in the blocking state A blocking port will not receive or forward data frames nor will it transmit BPDUs but instead it will listen for other s BPDUs to determine if and when the port should consider...

Страница 263: ... than STP at the stage of reaching to the last topology This sec tion describes how the RSTP more improved than STP works It contains the below sec tions Port States BPDU Policy Rapid Network Convergence Compatibility with 802 1d 8 3 2 1 Port States RSTP defines port states as discarding learning and forwarding Blocking of 802 1d and listening is combined into discarding Same as STP root port and ...

Страница 264: ...ted For example suppose that root switch is disconnected to SWITCH B Then SWITCH B is considered to be root because of the disconnection and forwards BPDU However SWITCH C recognizes root existing so it transmits BPDU including information of root to Bridge B Thus SWITCH B configures a port connected to SWITCH C as new root port Switch B Switch A Switch C BPDU including Root information ROOT New R...

Страница 265: ...cted to switch D and SWITCH C is blocked Then right after the connection it is possible to transmit BPDU al though packet cannot be transmitted between switch A and root Switch B Switch C ROOT Switch D 1 New link created 2 Negotiate between Switch A and ROOT Traffic Blocking Switch A Fig 8 18 Network Convergence of 802 1w 1 SWITCH A negotiates with root through BPDU To make link between SWITCH A a...

Страница 266: ... Switch A and Switch B Traffic Blocking Fig 8 19 Network Convergence of 802 1w 2 SWITCH B has only edge designated port Edge designated does not cause loop so it is defined in 802 1w to be changed to forwarding state Therefore SWITCH B does not need to block specific port to forwarding state of SWITCH A However since SWITCH C has a port connected to SWITCH D you should make blocking state of the p...

Страница 267: ... SWITCH A is connected to SWITCH C as designated switch Since SWITCH C which is 802 1d ignores RSTP BPDU it is interpreted that switch C is not connected to any switch or segment Switch A 802 1w Switch B 802 1w Switch C 802 1d STP BPDU RSTP BPDU Fig 8 21 Compatibility with 802 1d 1 However SWITCH A converts a port received BPDU into RSTP of 802 1d because it can read BPDU of SWITCH C Then SWITCH C...

Страница 268: ...ame VLAN classi fied with same configuration ID is called an MST region In a region there is only one STP so that it is possible to reduce the number of STP comparing to PVSTP There s no limitation for region in a network environment but it is possible to generate Instances up to 64 Therefore instances can be generated from 1 to 64 Spanning tree which operates in each region is IST Internal Spanni...

Страница 269: ...g 8 24 CST and IST of MSTP 2 In the above situation if SWITCH B operates with MSTP it will send its BPDU to the CST root and IST root in order to request itself to be a CST root However if any BPDU having higher priority than that of SWITCH B is sent SWITCH B cannot be a CST root 8 3 4 Enabling STP Function Required First of all you need to enable STP function You cannot configure any parameters r...

Страница 270: ...configure STP use the following steps Step 1 Enable STP function using the spanning tree command Step 2 Configure detail options if specific commands are required 8 3 6 1 Path cost Method After deciding a root switch you need to decide to which route you will forward the packet To do this the standard is a path cost Generally a path cost depends on the transmission speed of LAN interface in the sw...

Страница 271: ...he following command Command Mode Description no spanning tree pathcost method Bridge Deletes the configured method of path cost default short When the route decided by path cost gets overloading you would better take another route Considering these situations it is possible to configure the path cost of root port so that user can configure a route manually To configure the path cost use the follo...

Страница 272: ...nd Command Mode Description spanning tree transmit hold count 0 20 Sets the number of BPDUs that can be sent before pausing for 1 second 0 20 BPDU transmit hold count value default 6 no spanning tree transmit hold count Bridge Deletes a configured transmit hold count value and returns to the default setting If you change this parameter to a higher value can have a significant impact on CPU utili z...

Страница 273: ... tree Enable Global Bridge Shows all configurations of STP show spanning tree active detail Shows STP information on active inter face detail detailed STP information as option show spanning tree blockedport Shows information of the blocked ports show spanning tree detail active Shows detailed information of STP show spanning tree inconsistentports Shows information of root inconsistency state sho...

Страница 274: ...y for an MSTP instance number use the following command Command Mode Description spanning tree mst 0 64 prior ity 0 61440 Configures the priority of the switch 0 64 MSTP instance ID number 0 61440 priority value in increments of 4096 default 32768 no spanning tree mst 0 64 priority Bridge Clears the Priority of the switch enter the instance number If you configure a priority of STP or RSTP in the ...

Страница 275: ...guration mode After opening MSTP Configuration mode the prompt changes from SWITCH bridge to SWITCH config mst To delete all configations from MSTP Configuration mode use the following command Command Mode Description no spanning tree mst configuation Bridge Deletes all configurations on MSTP Configuration mode returns to the default values If MSTP is established in the switch decide a MSTP region...

Страница 276: ...itch If not it does not being reflected into the switch To apply the configuration to the system use the following command Command Mode Description apply MST config Apllies the configuration of the region to the system After deleting the configured configuration ID apply it to the system using the above command To display the current and edited configuration on MSTP Configuation mode use the fol l...

Страница 277: ...ormation of the specific MSTP in stance 1 64 MSTP instance ID number show spanning tree mst 1 64 inconsistentports Shows information of root inconsistency state 1 64 MSTP instance ID number show spanning tree mst 1 64 bridge address detail for ward time hello time id max age protocol priority system id Shows information of the bridge status and configura tion of a specific MSTP instance 1 64 MSTP ...

Страница 278: ...runk and other VLANs PVRSTP provides the same functionality as PVSTP with enhancement Switch B Switch C Switch D Switch A VLAN 1 Blocking VLAN 3 VLAN 2 Blocking Blocking Fig 8 25 Example of PVSTP To configure PVSTP use the following steps Step 1 Enable STP function using the spanning tree command Step 2 Decide PVSTP mode using the spanning tree mode rapid pvst command Step 3 Enable PVSTP function ...

Страница 279: ...h hav ing the lowest priority becomes the root switch for that VLAN To configure the switch priority for a VLAN use the following command Command Mode Description spanning tree vlan VLANS prior ity 0 61440 Configures a priority for specified VLAN VLANS VLAN ID 1 4094 0 61440 priority value in increments of 4096 default 32768 no spanning tree vlan VLANS priority Bridge Deletes a configured priority...

Страница 280: ...ation of a specific vlan id on active inter face detail detailed PVSTP information as option show spanning tree vlan VLANS blockedport Shows information of the blocked ports show spanning tree vlan VLANS detail active Shows detailed information of the specific vlan id VLANS VLAN ID 1 4094 show spanning tree vlan VLANS inconsistentports Shows information of root inconsistency state VLANS VLAN ID 1 ...

Страница 281: ...mer to a service provider network can be elected as root switches If the priority of bridge B is zero or any value lower than that of the root bridge device B will be elected as a root bridge for this VLAN As a result network topology could be changed This may lead to sub optimal switching But by configuring root guard on switch A no switches be hind the port connecting to switch A can be elected ...

Страница 282: ...fied port PORTS port number 8 3 11 Loop Back Detection The problem occurs because the keepalive packet is looped back to the port that sent the keepalive Keepalives are sent on the switches in order to prevent loops in the network You see this problem on the device that detects and breaks the loop but not on the de vice that causes the loop To enable error disable detection for loop back cause use...

Страница 283: ...ssage in LAN in order to configure and maintain the configu ration for STP RSTP MSTP Switches that STP is configured exchange their information BPDU to find the best path MSTP BPDU is a general STP BPDU having additional MST data on its end MSTP part of BPDU does not rest when it is out of region Hello Time Hello time is an interval of which a switch transmits BPDU It can be configured from 1 to 1...

Страница 284: ...RSTP and MSTP no spanning tree vlan VLANS hello time Bridge Returns to the default hello time value of PVSTP 8 3 12 2 Forward Delay Time It is possible to configure forward delay which means time to take port status from listen ing to forwarding To configure forward delay use the following command Command Mode Description spanning tree mst forward time 4 30 Sets the forward delay time for all MST ...

Страница 285: ...set less than twice of forward delay time and more than twice of hello time To delete a configured maximum aging time use the following command Command Mode Description no spanning tree mst max age Returns to the default maximum aging time value of MSTP no spanning tree vlan VLANS max age Bridge Returns to the default maximum aging time value of PVSTP VLANS VLAN ID 1 4094 8 3 12 4 BPDU Hop Count I...

Страница 286: ...t If the port is removed from VLAN membership correspond BPDU filter will be automatically deleted To enable or disable the BPDU filtering function on the edge port use the following com mand Command Mode Description spanning tree edgeport bpdufil ter default Enables a BPDU filtering function by default on all edge ports no spanning tree edgeport bpdufilter default Bridge Disables a BPDU filtering...

Страница 287: ...ever BPDU Guard can be corrupted by unexpected cause In this case the edge port is blocked immediately and remains at this state until user recovers it To prevent this problem the switch provides error disable recovery function for BPDU guard cause When an edge port is down for BPDU packet which came from other switch the port is recovered automatically after configured time To enable the recovery...

Страница 288: ...ackets go to Root switch A through the blue path The black ar rows describe the routine path to the Aggregation Switch And the dot lines are in blocking state But if there is a broken between Switch A and Switch B the data from PC A should find another route at Switch D Switch D can send the data to Switch C and Switch E Be cause Switch E has shorter hop count than Switch B the data may go through...

Страница 289: ...Name sample Revision 5 MST Region 4 Instance 6 VLAN 200 Region Name test Revision 1 Fig 8 28 Example of Layer 2 Network Design in MSTP Environment The following is an example of configuring MSTP in the switch SWITCH bridge spanning tree SWITCH bridge spanning tree mode mst SWITCH bridge spanning tree mst configuration SWITCH config mst instance 2 vlan 1 50 SWITCH config mst name test SWITCH config...

Страница 290: ...omain should have one RM node Normal nodes are responsible to inform RM node of Link failures recovery Both RM node and normal node have a primary and secondary port You need to specify primary and secondary port which is directly connected to the node within an Ethernet ring A secondary port of RM node is blocked as unused link for traffic while it runs without the link failure detection ERP Oper...

Страница 291: ...form the normal nodes of re blocking status of its secondary port caused by link recovery ERP implementation of the switch has the following restrictions so you should keep in mind those before configuring ERP ERP can not be configured with STP If ERP is enabled in the system STP is automatically disabled A primary and secondary port number should not be same ERP mechanism should be used for Ether...

Страница 292: ...eration in case of Linnk Failure After RM node receives Link Down messages from other nodes it unblocks its secondary port for traffic transmission with Node B directly connected to the secondary port RM node sends RM Link Down messages and informs the other nodes that its secondary port begins forwarding the traffic Fig 8 30 shows an example of a ring protection after a link failure Node A Node B...

Страница 293: ...de P S Fig 8 31 Link Failure Recovery After RM node receives Link Up message it blocks its own secondary port RM node sends RM Link UP message that informs other nodes the blocking status of secondary port If the nodes receives RM Link Up message they unblocks the ports which are de tected a Link Failure recovery The Ethernet ring is back to normal state Fig 8 32 shows an example of a Ring Recover...

Страница 294: ...ty When a link is shared by two or more rings one RM node with the highest priority is responsible to protect failures of the shared link Two normal nodes of a shared link belong to both ERP domains The control packets TPs can be transmitted from the lower priority domain to higher priority domain only Fig 8 33 shows the example of ring interconnection using one shared link Node 4 Node 3 Node 2 RM...

Страница 295: ...ndary port of a specific domain ID use the following command Command Mode Description primary port PORT Configures primary port of an ERP domain secondary port PORT ERP Domain Configures secondary port of an ERP domain Primary port and secondary port should be different To delete ERP domain ID s primary or secondary port use the following command Command Mode Description no primary port Deletes pr...

Страница 296: ...control packets of a domain with lower ring priority can be transmitted to another domain with higher priority to prevent the super loop It means that the higher ring priority domain guarantees the detour path against a shared link of lower ring priority domain To specify ERP ring priority use the following command Command Mode Description ring priority 1 255 ERP Domain Specifies ERP ring priority...

Страница 297: ...ate an ERP domain use the following command Command Mode Description no erp domain DOMAIN ID activation erp domain DOMAIN ID activa tion deactivate Bridge Deactivates an ERP domain default 8 4 7 Manual Switch to Secondary A secondary port is supposed to be blocked as unused link for traffic while ERP runs without any link failure While a primary port forwards the traffic to other nodes But you can...

Страница 298: ...terval e g 1 3 seconds 1 second 10 milliseconds x 3 To configure Wait to Restore Time use the following command Command Mode Description erp domain DOMAIN ID wait to restore 1 720 Bridge Configures ERP wait to restore time 1 720 Wait to restore time in second To return the configured Wait to Restore Time as Default use the following command Command Mode Description no erp domain DOMAIN ID wait to ...

Страница 299: ...rval of ERP test packet 8 4 11 LOTP Hold Off Time It is necessary to prevent lower priority rings to trigger protection because of loss of test packets before the protection of the higher priority ring and transmission of test packets over this ring LOTP hold off time determines the hold off time for ERP switching in case of detection of LOTP This parameter provides independence between ERP rings ...

Страница 300: ...stem to generate ERP trap The following options hold the configuration of the ability to transmit LOTP ULOTP Multi ple RM or RMNode reachability Traps lotp Enables disables an RM node to transmit the LOTP traps ulotp Enables disables an RM node to transmit the ULOTP Undirectional Loss Of Test Packets traps multiple rm Enables disables an RM node to transmit the trap in case of Multiple RM nodes rm...

Страница 301: ...do not all the commands concerning the loop detection will show an error message To enable disable the loop detection on a specified port use the following command Command Mode Description loop detect PORTS Enables the loop detection on a specified port no loop detect PORTS Bridge Disables the loop detection on a specified port To define the behavior on a specified port when a loop is occurred use...

Страница 302: ... address type of the loop detecting packet use the following command Command Mode Description loop detect srcmac laa Uses LAA as the source MAC address of the loop detecting packet loop detect srcmac system Bridge Uses the system s MAC address as the source MAC address of the loop detecting packet default If you would like to change the source MAC address of the loop detecting packet you should di...

Страница 303: ...dress must be changed DHCP allows you to dy namically assign an IP address to a client from a DHCP server IP address database on the local network The DHCP provides the following benefits Saving Cost Numerous users can access the IP network with a small amount of IP resources in the environment that most users do not have to access the IP network at the same time all day long This allows the netwo...

Страница 304: ...eation DHCP Subnet Range of IP Address Default Gateway IP Lease Time DNS Server Manual Binding Domain Name DHCP Server Option Static Mapping Recognition of DHCP Client IP Address Validation Authorized ARP Prohibition of 1 N IP Address Assignment Ignoring BOOTP Request DHCP Packet Statistics Setting DHCP Pool Size Displaying DHCP Pool Configuration To activate deactivate the DHCP function in the sy...

Страница 305: ... SWITCH config ip dhcp pool sample SWITCH config dhcp sample 8 6 1 2 DHCP Subnet To specify a subnet of the DHCP pool use the following command Command Mode Description network A B C D M Specifies a subnet of the DHCP pool A B C D M network address no network A B C D M DHCP Pool Deletes a specified subnet The following is an example of specifying the subnet as 100 1 1 0 24 SWITCH config service dh...

Страница 306: ...CP pool A B C D default gateway IP address no default router A B C D1 A B C D2 A B C D8 Deletes a specified default gateway no default router all DHCP Pool Deletes all the specified default gateways The following is an example of specifying the default gateway 100 1 1 254 SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp ...

Страница 307: ...CP Pool Deletes all the specified DNS servers The following is an example of specifying a DNS server SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sample default router 100 1 1 254 SWITCH config dhcp sample range 100 1 1 1 100 1 1 100 SWITCH config dhcp sample lease time default 5000 SWITCH config dhcp sample lease ti...

Страница 308: ...ve any DHCP option that is configured in the DHCP pool mode Then DHCP server finds the DHCP default option If it exists DHCP server sends DHCP clients a DHCP reply packet Offer ACK with the default option information To specify a DHCP server default option use the following command Command Mode Description ip dhcp default option code 1 254 format NAME Specifies a DHCP default option format for a D...

Страница 309: ...HCP server will realize that the IP address is not used then will assign the IP address to the DHCP client To select an IP address validation method use the following command Command Mode Description ip dhcp validate arp ping Global Selects an IP address validation method You can also set a validation value of how many responses and how long waiting time out for the responses from an IP address fo...

Страница 310: ...ed ARP function You can verify the valid and invalid list for the authorized ARP The valid list includes the IP addresses currently in lease while the invalid list includes the IP addresses not in lease Both lists include IP addresses of a DHCP pool but the authorized ARP only al lows the ARP response of the IP addresses in the valid list To display a list of valid and invalid IP addresses use the...

Страница 311: ...ription ip dhcp bootp ignore Ignores BOOTP request packets no ip dhcp bootp ignore Global Permits BOOTP request packets 8 6 1 16 DHCP Packet Statistics To display DHCP packet statistics of the DHCP server use the following command Command Mode Description show ip dhcp server statistics Shows DHCP packet statistics clear ip dhcp statistics Enable Global Bridge Deletes collected DHCP packet statisti...

Страница 312: ... Abandon 0 0 00 of total Bound 0 0 00 of total Offered 0 0 00 of total Fixed 0 0 00 of total sample Total 0 0 00 of the pool 0 00 of total Available 0 0 00 of the pool 0 00 of total Abandon 0 0 00 of the pool 0 00 of total Bound 0 0 00 of the pool 0 00 of total Offered 0 0 00 of the pool 0 00 of total Fixed 0 0 00 of the pool 0 00 of total SWITCH config 8 6 2 DHCP Address Allocation with Option 82...

Страница 313: ... 82 information for IP assignment use the following command Command Mode Description relay information remote id ip A B C D circuit id hex HEXSTRING index 0 65535 text STRING relay information remote id hex HEXSTRING circuit id hex HEXSTRING index 0 65535 text STRING relay information remote id text STRING cir cuit id hex HEXSTRING index 0 65535 text STRING DHCP Class Specifies option 82 informati...

Страница 314: ...ass To specify a range of IP addresses for a DHCP class use the following command Command Mode Description address range A B C D A B C D Specifies a range of IP addresses A B C D start end IP address no address range A B C D A B C D DHCP Pool Class Deletes a specified range of IP addresses A range of IP addresses specified with the address range command is valid only for a current DHCP pool Even i...

Страница 315: ...he DHCP database agent 8 6 3 2 Displaying DHCP Lease Status To display current DHCP lease status use the following command Command Mode Description show ip dhcp lease all bound abandon offer fixed free POOL show ip dhcp lease detail A B C D Enable Global Bridge Shows current DHCP lease status all all IP addresses bound assigned IP address abandon illegally assigned IP address offer IP address bein...

Страница 316: ...t after removing the DHCP option 82 information Relay Agent 1 DHCP Server Relay Agent 2 Subnet 1 Subnet 2 PC DHCP Client Fig 8 35 Example of DHCP Relay Agent To activate deactivate the DHCP function in the system use the following command Command Mode Description service dhcp Activates the DHCP function in the system no service dhcp Global Deactivates the DHCP function in the system Before configu...

Страница 317: ...X helper address A B C D Specifies a DHCP helper address with an OUI More than one address is possible XX XX XX OUI first 24 bits of a MAC address in the form of hexadecimal A B C D DHCP server address no ip dhcp oui XX XX XX helper address A B C D Interface Deletes a specified DHCP helper address 8 6 4 2 Smart Relay Agent Forwarding Normally a DHCP relay agent forwards DHCP_DISCOVER message to a ...

Страница 318: ... relay agent to recognize the DHCP server ID option in the for warded DHCP_REQUEST message use the following command Command Mode Description ip dhcp relay aware server id Enables the system to recognize the DHCP server ID in the DHCP_REQUEST message no ip dhcp relay aware server id Global Disables the DHCP server ID recognition option 8 6 4 4 DHCP Relay Statistics To display DHCP relay statistics...

Страница 319: ...54 is site specific A length can be variable according to value or can be fixed A value contains actual informa tion such an IP address string or index which is inserted into the DHCP packet Administrators can configure a DHCP option format in DHCP Option mode which is glob ally used over the DHCP functions The DHCP option format can be applied in other DHCP software modules and the following figu...

Страница 320: ...e hex index ip string VALUE Sets the length and value of an attribute for a DHCP option attr 1 32 length hidden vari able value hex index ip string VALUE attr 1 32 length hidden 1 64 value hex index ip string VALUE DHCP Option Sets the value of an attribute for a DHCP option no attr 1 32 DHCP Option Deletes the given attribute The value should be within 64 bytes A hidden length variable should be ...

Страница 321: ...e with an IP address hardware address and remote ID The DHCP server should implement poli cies that restrict the number of IP addresses to be assigned to a single remote ID Static Assignment A DHCP server may use the remote ID to select the IP address to be assigned It may permit static assignment of IP addresses to particular remote IDs and disallow an ad dress request from an unauthorized remote...

Страница 322: ...HCP relay agent to include information about itself when forwarding client originated DHCP packets to a DHCP server The DHCP server can use this information to implement security and IP address assignment policies There are 2 sub options for the DHCP option 82 information as follows Remote ID This sub option may be added by DHCP relay agents which terminate switched or permanent circuits and have ...

Страница 323: ...command Command Mode Description no system remote id no system remote id option format no system circuit id PORT option format no system circuit id port type physical Option 82 Deletes a specified remote and circuit ID 8 6 6 3 Option 82 Reforwarding Policy A DHCP relay agent may receive a DHCP packet from a DHCP server or another DHCP relay agent that already contains relay information You can spe...

Страница 324: ...ID use the following command Command Mode Description no trust remote id hex HEXSTRING no trust remote id ip A B C D no trust remote id text STRING Option 82 Deletes a specified trusted remote ID Trusted Physical Port To specify a trusted physical port use the following command Command Mode Description trust port PORTS normal option82 all Specifies a trusted physical port normal DHCP packet option...

Страница 325: ...e following command Command Mode Description ip dhcp snooping Enables the DHCP snooping globally no ip dhcp snooping Global Disables the DHCP snooping globally default Upon enabling the DHCP snooping the DHCP_OFFER and DHCP_ACK messages from all the ports will be discarded before specifying a trusted port To enable the DHCP snooping on a VLAN use the following command Command Mode Description ip d...

Страница 326: ...interfaces and 15 pps is recom mended for a proper value However if you want to set a rate limit for trusted interfaces keep in mind that trusted interfaces aggregate all DHCP traffic in the switch and you will need to adjust the rate limit to a higher value 8 6 7 4 DHCP Lease Limit The number of entry registrations in DHCP snooping binding table can be limited If there are too many DHCP clients o...

Страница 327: ...ooping table 1 4094 VLAN ID PORT port number A B C D IP address MAC ADDR MAC address 120 2147483637 lease time unit second ip dhcp snooping binding 1 4094 PORT A B C D MAC ADDR infinite Configures infinite binding on DHCP snooping table clear ip dhcp snooping binding PORT A B C D all Global Deletes a specified static DHCP snooping binding all all DHCP snooping bindings 8 6 7 7 DHCP Snooping Databa...

Страница 328: ... snooping binding table and filters these packets whether their information is regis tered in the table or not DHCP snooping filtering function supports three modes that are classified into filter bypass and permit Filter mode permits the registered packets only according to DHCP snooping binding table Both permit and bypass mode permits all packets irrespective of DHCP snooping binding table Both...

Страница 329: ...filtering use the following command Command Mode Description show ip dhcp snooping filter Shows a DHCP snooping filter show ip dhcp snooping filter entry Enable Global Shows DHCP snooping binding entries 8 6 7 9 Authorized ARP This function sets the time before ARP inspection starts to run Before setting this ARP inspection should be enabled ARP inspection checks validity of incoming ARP packets b...

Страница 330: ... various different options from clients which cause DHCP server hard to manage client s inform tion in the perspective of data consistency That s why this function is necessay The switch operating DHCP snooping can modify or attach an option field of the DHCP messages Discover Request with a defined snooping option and can forward them to DHCP server The snooping option can be applied on a port ba...

Страница 331: ... code 1 254 Global Removes the DHCP snooping default option for a given port 8 6 7 12 DHCP User Class ID The switch can send the packets based on the policy or value of DHCP user class ID in the DHCP message sent by the client The user class ID on DHCP option 77 field identi fies the type of client sending the DHCP Discover Request message If switch receives DHCP message from a client it forwards ...

Страница 332: ...er 2 port Basically except for DHCP packets that are allowed by DHCP snooping process all IP traffic comes into a port is blocked If an authorized IP address from the DHCP server is assigned to a DHCP client or if a static IP source binding is con figured the IP source guard restricts the IP traffic of client to those source IP addresses configured in the binding any IP traffic with a source IP ad...

Страница 333: ... DHCP snooping needs to be enabled To enable IP source guard with a source IP address filtering on a port use the following command Command Mode Description ip dhcp verify source PORTS Enables IP source guard with a source IP address filtering on a port no ip dhcp verify source PORTS Global Disables IP source guard To enable IP source guard with a source IP address and MAC address filtering on a p...

Страница 334: ...pecifies a static IP source binding entry 1 4094 VLAN ID A B C D IP address MAC ADDR MAC address no ip dhcp verify source binding A B C D all Global Deletes a specified static IP source binding 8 6 8 3 Displaying IP Source Guard Configuration To display IP source binding table use the following command Command Mode Description show ip dhcp verify source binding Enable Global Shows IP source bindin...

Страница 335: ...n an interface no ip address dhcp Interface Disables a DHCP client 8 6 9 2 DHCP Client ID To specify a client ID use the following command Command Mode Description ip dhcp client client id hex HEXSTRING ip dhcp client client id text STRING Specifies a client ID no ip dhcp client client id Interface Deletes a specified client ID 8 6 9 3 DHCP Class ID To specify a class ID use the following command ...

Страница 336: ... to request an option use the following command Command Mode Description no ip dhcp client request domain name dns Interface Configures a DHCP client not to request a specified option 8 6 9 7 Forcing Release or Renewal of DHCP Lease The switch supports two independent operation immediate release a DHCP lease for a DHCP client and force DHCP renewal of a lease for a DHCP client To force a release o...

Страница 337: ...Host Configuration Protocol DHCP makes DHCP server assign IP address to DHCP clients automatically and manage the IP address Most ISP operators provide the service as such a way At this time if a DHCP client connects with the equipment that can be the other DHCP server such as Internet access gateway router communication failure might be occurred DHCP filtering helps to operate DHCP service by blo...

Страница 338: ...ring use the following command Command Mode Description dhcp server filter PORTS Enables the DHCP server packet filtering no dhcp server filter PORTS Bridge Disables the DHCP server packet filtering To display a status of the DHCP server packet filtering use the following command Command Mode Description show dhcp server filter Enable Global Bridge Show a status of the DHCP server packet filtering...

Страница 339: ...Master Switch Slave Switch Slave Switch Switch Switch Switch A Switch B Switch C Manage with the same IP address Internet Fig 8 38 Example of Single IP management A switch which is supposed to manage the other switches in stacking is named as Mas ter switch and the other switches managed by Master switch are named as Slave switch Regardless of installed place or connection state Master switch can ...

Страница 340: ... slave switch MACADDR MAC address stack del MAC ADDR Global Deletes slave switch To make stacking operate well it is required to enable the interface of Slave switch The switches in different VLANs cannot be added to the same switch group You should designate Slave switch registered in Master Switch as Slave Switch To des ignate Slave switch use the following command Command Mode Description stack...

Страница 341: ...witch is down 8 7 6 Sample Configuration Sample Configuration 1 Configuring Stacking The following is a stacking configuration by designating SWITCH A as a master and SWITCH B as a slave Switch A Master Switch Switch B Slave Switch Manages with the same IP address Step 1 Assign IP address in Interface configuration mode of Switch and enable interface using no shutdown command In order to enter int...

Страница 342: ...configuration The information you can check in Master switch and Slave switch is different as below Switch A Master Switch SWITCH_A config show stack device default node ID 1 node MAC address status type name port 1 00 d0 cb 0a 00 aa active SWITCH 26 2 00 d0 cb 22 00 11 active SWITCH 26 SWITCH_A config Switch B Slave Switch SWITCH_B config show stack device default node ID 2 SWITCH_B config Sample...

Страница 343: ... and support ingress po licing and egress shaping To set a port bandwidth use the following command Command Mode Description rate PORTS RATE egress in gress Sets port bandwidth If you input egress or ingress you can configure outgoing packet or incoming packet The unit is 64 Kbps RATE 64 1 000 000 no rate PORTS egress ingress Bridge Clears rate configuration of a specific port by transmit ting dir...

Страница 344: ...guard to allow packets as many as n per a second n packets allowed for a second Packets over thrown away Fig 8 39 Rate Limit and Flood Guard 8 9 1 MAC Flood Guard To configure the number of packets which can be transmitted in a second use the follow ing command Command Mode Description mac flood guard PORTS 1 6000 Limits the number of packets which can be transmitted to the port for 1 second no ma...

Страница 345: ...e Sets the time for protecting from incoming broadcast packets 10 3600 time value default 60 seconds To allow a specified port to be received the broadcast packet flooding manually use the following command Command Mode Description cpu flood guard PORTS unblock Bridge Limits the number of packets which can be transmitted to the port for 1 second To enable or disable CPU flood guard function use th...

Страница 346: ... 600 Sets the threshold of port traffic PORTS port number 1 2 3 THRESHOLD threshold value the number of packets per 1 second 5 60 600 time interval unit second no pps control port PORTS Global Deletes the configured threshold of port traffic To set the timer for blocking traffic use the following command Command Mode Description pps control port PORTS block timer 10 3600 Sets the time of changing ...

Страница 347: ... respectively To display a configuration of the storm control use the following command Command Mode Description show storm control Enable Global Bridge Displays a configuration of the storm control 8 11 Jumbo Frame Capacity The packet range that can be capable to accept is from 64 bytes to 1518 bytes Therefore packets not between these ranges will not be taken However the switch can accept jumbo ...

Страница 348: ...lowing command Command Mode Description bandwidth BANDWIDTH Interface Configures bandwidth of interface enter the value of bandwidth The bandwidth can be from 1 to 10 000 000 Kbits This bandwidth is only valid for routing information implement and it does not concern any physical bandwidth To delete a configured bandwidth use the following command Command Mode Description no bandwidth BANDWIDTH In...

Страница 349: ...implementing multicast is how to deliver source traffic to specific destinations without any burden on the sources or receivers using the minimized network bandwidth The solution is to create a group of hosts with addressing the group and to let the net work determine how to replicate the source traffic to the receivers The traffic will then be addressed to the multicast address and replicated to ...

Страница 350: ...eport to the hosts A multicast router called as a querier is responsible for keeping track of the membership state of the multicast groups by sending periodic general query messages to current in terested hosts If there are no responses to the query from the hosts for a given time leave a group the router then stops forwarding the traffic During the above transaction between hosts and routers they...

Страница 351: ...roup all IGMP group A B C D IGMP group address 9 1 1 2 IGMP Debug To enable debugging of all IGMP or a specific feature of IGMP use the following com mand Command Mode Description debug igmp all decode en code events fsm tib Enables IGMP debugging all all IGMP decode IGMP decoding encode IGMP encoding events IGMP events fsm IGMP Finite State Machine FSM tib IGMP Tree Information Base TIB no debug ...

Страница 352: ...t joins multicast groups by sending unsolicited membership report messages indi cating its wish to receive multicast traffic for those groups indicating that the host wants to become a member of the groups The querier sends general query messages periodically to discover which multicast groups have members on the attached networks of the router The messages are ad dressed to the all hosts multicas...

Страница 353: ... static group A B C D vlan VLAN port PORT reporter A B C D Configures the IGMP static join A B C D IGMP group address VLANS VLAN ID 1 4094 reporter host address no ip igmp static group no ip igmp static group A B C D vlan VLAN no ip igmp static group A B C D vlan VLAN port PORT no ip igmp static group A B C D vlan VLAN port PORT reporter A B C D Global Deletes the configured IGMP static join all a...

Страница 354: ... information of the filter mode and source list The re port can contain multiple group records allowing reporting of full current state using fewer packets The switch runs IGMPv3 by default and there are no additional IGMPv3 parameters you need to configure IGMPv3 snooping features are provided IGMPv3 Messages There are two types of IGMPv3 messages of concern to the host router interaction as show...

Страница 355: ...various multicast functions including Layer 2 multicast forwarding which allow you to achieve the fully effective and flexible multicast deployment This section describes the following features Multicast Forwarding Database IGMP Snooping Basic IGMPv2 Snooping IGMPv3 Snooping Displaying IGMP Snooping Information Multicast VLAN Registration MVR IGMP Filtering and Throttling 9 2 1 Multicast Forwardin...

Страница 356: ...DB use the following com mand Command Mode Description ip mcfdb aging time 10 10000000 Specifies the aging time for forwarding entries on the McFDB 10 10000000 aging time default 300 no ip mcfdb aging time Global Deletes the specified aging time for forwarding entries To specify the maximum number of forwarding entries on the McFDB use the following command Command Mode Description ip mcfdb aging ...

Страница 357: ...mission To avoid such flooding IGMP snooping feature has been developed The purpose of IGMP snooping is to constrain the flooding of multicast traffic at Layer 2 IGMP snooping as implied by the name allows a switch to snoop the IGMP transaction between hosts and routers and maintains the multicast forwarding table which contains the information acquired by the snooping When the switch receives a j...

Страница 358: ...oop ing version of the interface If you statically specify the version on a certain interface the reports are always sent out only with the specified version If you do not statically specify the version and a version 1 query is received on the interface the interface dynamically sends out a version 1 report If no version 1 query is received on the interface for the ver sion 1 router present timeou...

Страница 359: ... Command Mode Description no ip igmp snooping robust ness variable no ip igmp snooping vlan VLANS robustness variable Global Deletes a specified robustness variable 9 2 3 IGMPv2 Snooping 9 2 3 1 IGMP Snooping Querier Configuration IGMP snooping querier should be used to support IGMP snooping in a VLAN where PIM and IGMP are not configured When the IGMP snooping querier is enabled the IGMP snooping...

Страница 360: ...ral query messages use the following command Command Mode Description ip igmp snooping querier query interval 1 1800 Specifies an IGMP snooping query interval in the unit of second 1 1800 query interval default 125 ip igmp snooping vlan VLANS querier query interval 1 1800 Global Specifies an IGMP snooping query interval on a VLAN VLANS VLAN ID 1 4094 To delete a specified interval to send general ...

Страница 361: ... mand Command Mode Description show ip igmp snooping vlan VLANS querier detail Enable Global Bridge Shows IGMP querier information and configured pa rameters 9 2 3 2 IGMP Snooping Last Member Query Interval Upon receiving a leave message a switch with IGMP snooping then sends out a group specific IGMPv2 or group source specific query IGMPv3 message to determine if there is still any host intereste...

Страница 362: ... Description ip igmp snooping immediate leave Enables the IGMP snooping immediate leave globally ip igmp snooping port PORTS immediate leave Enables the IGMP snooping immediate leave on a port PORTS port number ip igmp snooping vlan VLANS immediate leave Global Enables the IGMP snooping immediate leave on a VLAN VLANS VLAN ID 1 4094 To disable the IGMP snooping immediate leave use the following co...

Страница 363: ...MP snooping report suppression use the following command Command Mode Description no ip igmp snooping report suppression no ip igmp snooping vlan VLANS report suppression Global Disables the IGMP snooping report suppression The IGMP snooping report suppression is supported only IGMPv1 and IGMPv2 reports In case of an IGMPv3 report a single membership report can contain the information for all the ...

Страница 364: ...ng Enables explicit host tracking globally ip igmp snooping vlan VLANS explicit tracking Global Enables explicit host tracking on a VLAN VLANS VLAN ID 1 4094 To disable explicit host tracking use the following command Command Mode Description no ip igmp snooping explicit tracking Disables explicit host tracking globally no ip igmp snooping vlan VLANS explicit tracking Global Disables explicit host...

Страница 365: ...multicast router A switch adds multicast router ports to the forwarding table to forward membership reports only to those ports Multicast router ports can be statically specified or dynamically learned by incoming IGMP queries and PIM hello packets Static Multicast Router Port You can statically configure Layer 2 port as the multicast router port which is directly con nected to a multicast router ...

Страница 366: ...rce informa tion To enable the switch to forward the traffic to multicast router ports use the following command Command Mode Description ip multicast mrouter pass through Enables to forward multicast traffic to the multicast router ports no ip multicast mrouter pass through Global Disables to forward multicast traffic to the multicast router ports To disable the switch to learn multicast router p...

Страница 367: ...ption ip igmp snooping tcn flood Enables the switch to flood multicast traffic when TCN is received ip igmp snooping tcn vlan VLANS flood Global Enables the switch to flood multicast traffic on a VLAN when TCN is received VLANS VLAN ID 1 4094 To disable the switch to flood multicast traffic when TCN is received use the following command Command Mode Description no ip igmp snooping tcn flood no ip ...

Страница 368: ...nd Command Mode Description ip igmp snooping tcn query solicit address A B C D Enables the switch to send a query solicitation when TCN is received address source IP address for query solicitation no ip igmp snooping tcn query solicit address Global Disables the switch to send a query solicitation when TCN is received 9 2 4 IGMPv3 Snooping Immediate Block IGMPv3 immediate block feature allows a ho...

Страница 369: ...the following command Command Mode Description show ip igmp snooping groups A B C D mac based Shows the IGMP snooping table globally mac based lists groups on a MAC address basis show ip igmp snooping groups port PORTS cpu mac based Shows the IGMP snooping table per port PORTS port number show ip igmp snooping groups vlan VLANS mac based Enable Global Bridge Shows the IGMP snooping table per VLAN ...

Страница 370: ...ictions so you must keep in mind those before configuring MVR All receiver ports must belong to the both subscriber and multicast VLANs as un tagged IGMP snooping must be enabled before enabling MVR A single MVR group address cannot belong to more than two groups MVR and multicast routing cannot be enabled together MVR only supports IGMPv2 9 2 6 1 Enabling MVR To enable MVR on the system use the f...

Страница 371: ...elper Address When being in a different network from an MVR group s a multicast router sends the mul ticast traffic to each MVR group In such an environment when an IGMP packet from a subscriber is transmitted to the multicast router via the MVR group multicast VLAN inter face the source address of the IGMP packet may not match the network address of the MVR group In this case the multicast router...

Страница 372: ...re an IGMP profile for IGMP filtering in IGMP Profile Configuration mode The system prompt will be changed from SWITCH config to SWITCH config igmp profile N To create modify an IGMP profile use the following command Command Mode Description ip igmp profile 1 2147483647 Creates modifies an IGMP profile 1 2147483647 IGMP profile number no ip igmp profile 1 2147483647 Global Deletes a created IGMP p...

Страница 373: ...mit or deny the IGMP packets by referring to its DHCP snooping binding table This reference enables the system to permit IGMP messages only when the source IP address and MAC address of host have identified from the DHCP snooping binding table To permit discard IGMP packets for the hosts authorized by the DHCP snooping use the following command Command Mode Description ip igmp filter port PORTS pe...

Страница 374: ...mber of IGMP groups for the system 1 2147483647 number of IGMP groups no ip igmp max groups system Global Deletes a specified maximum number of IGMP groups 9 2 7 3 Displaying IGMP Filtering and Throttling To display a configuration for IGMP filtering and throttling use the following command Command Mode Description show ip igmp filter port PORTS Enable Global Bridge Shows a configuration for IGMP ...

Страница 375: ...se it sends the multicast traffic to specic hosts which want to receive the traffic To configure a specified port as a multicast source trust port use the following command Command Mode Description ip multicast source trust port PORTS Specifies multicast source trust ports no ip multicast source trust port PORTS Global Deletes the configured multicast source trust ports ...

Страница 376: ...ng command Command Mode Description copy ftp tftp os download os1 os2 Enable Upgrades the system software of the switch via FTP or TFTP os1 os2 the area where the system software is stored To upgrade the system software FTP or TFTP server must be set up first Using the copy command the system will download the new system software from the server To reflect the downloaded system software the system...

Страница 377: ... the following restrictions A terminal must be connected to the system via the console interface To open the boot mode you should press S key when the boot logo is shown up The boot mode upgrade supports TFTP only You must set up TFTP server before upgrading the system software in the boot mode In the boot mode the only interface you can use is MGMT interface So the system must be connected to the...

Страница 378: ... A B C D Configures a default gateway gateway Boot Shows a currently configured default gateway To display a configured IP address subnet mask and gateway use the following com mand Command Mode Description show Boot Shows a currently configured IP address subnet mask and gateway The configured IP address subnet mask and gateway on the MGMT interface are limited to the boot mode only The following...

Страница 379: ...software in the boot mode TFTP server must be set up first Us ing the load command the system will download the new system software from the serv er The following is an example of upgrading the system software stored in os1 in the boot mode Boot load os1 10 27 41 82 V5924C R 5 01 x TFTP from server 10 27 41 82 our IP address is 10 27 41 83 Filename V5924C R 5 01 x Load address 0xffffe0 Loading Omi...

Страница 380: ...e using FTP perform the following step by step instruction Step 1 Connect to the switch with your FTP client software To login the system you can use the system user ID and password Note that you must use the command line based interface FTP client software when up grading the switch If you use the graphic based interface FTP client software the system cannot recognize the upgraded software Step 2...

Страница 381: ...ws XP Version 5 1 2600 C Copyright 1985 2001 Microsoft Corp C ftp 10 27 41 91 Connected to 10 27 41 91 220 FTP Server 1 2 4 FTPD User 10 27 41 91 none admin 331 Password required for admin Password 230 User admin logged in ftp bin 200 Type set to I ftp hash Hash mark printing On ftp 2048 bytes hash mark ftp put V5924C R 5 01 x os1 200 PORT command successful 150 Opening BINARY mode data connection...

Страница 382: ...äische Norm European Standard ERP Ethernet Ring Protection FDB Filtering Data Base FE Fast Ethernet FTP File Transfer Protocol GB Gigabyte GE Gigabit Ethernet HW Hardware ID Identifier IEC International Electrotechnical Commission IEEE 802 Standards for Local and Metropolitan Area Networks IEEE 802 1 Glossary Network Management MAC Bridges and Internetworking IEEE Institute of Electrical and Elect...

Страница 383: ...ogical Link ID MAC Medium Access Control McFDB Multicast Forwarding Database MFC Multicast Forwarding Cache MTU Maximum Transmission Unit MVR Multicast VLAN Registration NE Network Element NTP Network Time Protocol OAM Operation Administration and Maintenance ORL Output Rate Limiter OS Operating System PC Personal Computer PVID Port VLAN ID QoS Quality of Service QRV Querier s Robustness Variable ...

Страница 384: ...col SW Software TCN Topology Change Notification TCP Transmission Control Protocol TFTP Trivial FTP TIB Tree Information Base TOS Type of Service UDP User Datagram Protocol UMN User Manual VID VLAN ID VLAN Virtual Local Area Network VoD Video on Demand VPI Virtual Path Identifier VPN Virtual Private Network xDSL Any form of DSL ...

Страница 385: ...CLI Management Guide TigerAccess EE 384 SMC7824M VSW ...

Страница 386: ...02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 216 712 36616 Fax 216 71751415 North West Africa 34 93 477 4920 Fax 34 93 477 3774 CIS 7 095 7893573 Fax 7 095 789 35 73 PRC 86 10 6235 4958 Fax 86 10 6235 4962 Taiwan 886 2 8797 8...

Страница 387: ......

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды