Zte ZXR10 5200 series Скачать руководство пользователя страница 77

Страница: 77 / 208

Chapter 7 ACL Configuration

Configuring Hybrid ACL

Step Command

Function

ZXR10(config)#

acl hybrid

{

number

acl-number

ame

acl-name

This enters the hybrid ACL
configuration.

ZXR10(config-hybd-acl)#

rule

rule-no

permit

eny

}{<

ip-number

}{<

source

source-wildc

ard

any

}{<

dest

dest-wildcard

any

}{[

any

ether protocol

>]}[

cos

0-7

>][<

vlan-id

>][

ingress

source-mac

source-mac-wildcard

egress

dest-mac

dest-mac-wildcard

>][

time-range

timerange-name

This configures the rules
based on IP or IP protocol
number (excluded ICMP, TCP,
UDP).

ZXR10(config-hybd-acl)#

rule

rule-no

rmit

deny

}{<

source

source-wildcard

any

}{[<

dest-ip

dest-wildcard

any

{

ethe

r-protocol

}[<

vlan-id

>][

cos

value

>][

egress

dst-mac

dst-wildcard

>][

ingress

sor-mac

or-wildcard

>][

time-range

range-name

>]][

port-number

>{<

dst-mac

dst-wildcard

any

ether-protocol

>[<

vlan-id

>][

cos

value

>][

egress

dst-mac

dst-wildcard

>][

ingress

sor-mac

sor-wildcard

>][

time-range

range-name

>]]}

This configures the rules
based on TCP.

ZXR10(config-hybd-acl)#

rule

rule-no

rmit

deny

}{<

source

source-wildcard

any

}{[<

dest-ip

dest-wildcard

any

{

ethe

r-protocol

}[<

vlan-id

>][

cos

value

>][

egress

dst-mac

dst-wildcard

>][

ingress

sor-mac

or-wildcard

>][

time-range

range-name

>]][

port-number

>{<

dst-mac

dst-wildcard

any

ether-protocol

>[<

vlan-id

>][

cos

value

>][

egress

dst-mac

dst-wildcard

>][

ingress

sor-mac

sor-wildcard

>][

time-range

range-name

>]]}

This configures the rules
based on UDP.

ZXR10(config-hybd-acl)#

move

rule-no

after

before

rule-no

This moves a rule behind
another rule.

Example

This shows an extended ACL to perform the following functions:

1. Permit

UDP

packets

from

the

network

segment

210.168.1.0/24, the destination IP address 210.168.2.10,
destination MAC address 00d0.d0c0.5741, the source port
100 and the destination port 200 to pass.

2. Forbid

the

BGP

packets

from

the

network

segment

192.168.3.0/24 passing.

3. Forbid all packets with the MAC address 0100.2563.1425.

ZXR10(config)#acl hybrid number 300
ZXR10(config-hybd-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq
100 210.168.2.10 0.0.0.0 eq 200 any Egress

00d0.d0c0.5741 0000.0000.0000

ZXR10(config-hybd-acl)#rule 2 deny tcp 192.168.3.0 0.0.0.255
Eq BGP any any
ZXR10(config-hybd-acl)#rule 3 deny any any any ingress

0100.2563.1425 0000.0000.0000

Confidential and Proprietary Information of ZTE CORPORATION

Содержание ZXR10 5200 series

Страница 1: ...tch User Manual Basic Configuration Volume Version 2 8 23 A ZTE CORPORATION ZTE Plaza Keji Road South Hi Tech Industrial Park Nanshan District Shenzhen P R China 518057 Tel 86 755 26771900 Fax 86 755 26770801 URL http ensupport zte com cn E mail support zte com cn ...

Страница 2: ...erchantability fitness for a particular purpose title or non in fringement ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the information contained herein ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject matter of this document Except as expressly provided in an...

Страница 3: ...iation 14 History Commands 14 System Management 17 File System 17 Introduction to File System 17 Operating File System Management 18 FTP TFTP Overview 19 Configuring Switch as an FTP Client 19 Configuring Switch as an TFTP Client 20 Backing up Data and Restoring Data 22 Backing Up Configuration File 22 Restoring Configuration File 22 Backing Up Version File 22 Restoring Version File 22 Software Ve...

Страница 4: ... on an Ethernet Port 31 Configuring Automatic Negotiation Notification on an Ethernet Port 31 Setting Ethernet port Duplex Mode 32 Setting Ethernet Port Speed 32 Setting Flow Control on an Ethernet Port 32 Allowing Prohibiting Jumbo Fame on an Ethernet Port 33 Setting Port Alias on an Ethernet Port 33 Setting Broadcast Storm Suppression on an Ethernet Port 33 Setting Multicast Packet Suppression o...

Страница 5: ... 49 ARP Configuration 49 ARP Overview 49 Configuring ARP 50 ARP Configuration Example 50 Switch Stack System 53 Switch Stack System Introduction 53 Member Specification of Switch Stack System 54 Stack System Main Device Election and Renewed Election 54 Stack System Member ID 55 Stack System MAC Address 55 Stack Member Device Priority 55 Stack Member Device Software Version Check and Automatic Upgr...

Страница 6: ...eue Scheduling and Default 802 1p 71 Redirection and Policy Routing 72 Priority Marking 72 Marking Outside Vlan Value 73 Traffic Mirroring 73 Traffic Statistics 73 Configuring QoS 73 Configuring Traffic Polices 73 Configuring Traffic Shaping 74 Configuring Queue Bandwidth Limit 74 Configuring Queue Scheduling and Default 802 1p of the Port 75 Configuring Redirection and Policy Routing 75 Configuri...

Страница 7: ...Example 102 DHCP Maintenance and Diagnosis 103 VRRP Configuration 105 VRRP Overview 105 Configuring VRRP 106 VRRP Configuration Example 107 Basic VRRP Configuration Example 107 Symmetric VRRP Configuration Example 108 VRRP Maintenance and Diagnosis 109 Network Management Configuration 111 NTP Configuration 111 NTP Overview 111 Configuring NTP 111 NTP Configuration Example 112 RADIUS Configuration ...

Страница 8: ...137 Dot1x Radius Authentication Application 137 Dot1x Trunk Authentication Application 138 Dot1x Local Authentication Application 139 DOT1X Multiple Domains Function 140 DOT1X Maintenance and Diagnosis 140 Cluster Management Configuration 143 Cluster Management Overview 143 Configuring Cluster Management 145 Configuring ZDP Neighbor Discovery Protocol 145 Configuring ZTP Topology Collection Protoc...

Страница 9: ...tection Instance 162 Configuring Major level Ring ZESR 162 Configuring Access Ring ZESR 164 Configuring ZESR Restart Time 165 ZESR ZESR Configuration Example 165 ZESR Configuration Example 165 ZESR and ZESR Hybrid Configuration Example 168 Security Configuration 171 IP Source Guard 171 IP Source Guard Overview 171 Configuring IP Source Guard 171 IP Source Guard Configuration Example 172 IP Source ...

Страница 10: ...AI Configuration Example 179 MFF Configuration 180 MFF Overview 180 Configuring MFF 180 MFF Configuration Example 181 MFF maintenance and diagnosis 182 POE Configuration 185 POE Overview 185 Configuring PoE 186 PoE Configuration Example 187 PoE Maintenance 188 Figures 189 Tables 191 Glossary 193 ...

Страница 11: ...site Skill and Knowledge To use the Basic Configuration Volume effectively users should have a general understanding of OSI Model Familiarity with the following is helpful Protocols Routing concepts and Data Communication Terminologies What Is in This Manual The Basic Configuration Volume contains the following chapters TABLE 1 CHAPTER SUMMARY Chapter Summary Chapter 1 Safety Description This chap...

Страница 12: ...and related configuration Chapter 15 VBAS Configuration This chapter introduces VBAS configuration Chapter 16 ZESR Configuration This chapter introduces ZESR configuration Chapter 17 Security Configuration This chapter introduces Security configuration Chapter 18 POE Configuration This chapter describes the content and related knowledge of POE and related configuration Related Documentation The fo...

Страница 13: ...ter Ethernet Switch Command Manual Functional System Volume III ZXR10 Router Ethernet Switch Command Manual Functional System IV ZXR10 Router Ethernet Switch Command Manual Protocol Stack I ZXR10 Router Ethernet Switch Command Manual Protocol Stack II ZXR10 Router Ethernet Switch Command Manual Protocol Stack III ZXR10 Router Ethernet Switch Information Manual Confidential and Proprietary Informat...

Страница 14: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank iv Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 15: ...to pre vent personal injury or equipment damage Safety precautions introduced in this manual are supplementary to the local safety codes ZTE bears no responsibility in case of universal safety operation requirements violation and safety standards violation in designing manufacturing and equipment usage Symbol Descriptions Contents deserving special attention during ZXR10 5900 5200 configuration ar...

Страница 16: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 2 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 17: ...5900 5200 offers multiple configu ration modes A user can select configuration mode based on the connected network 1 Configuration of Console Port Connection 2 TELNET Connection Configuration 3 SSHSecure Shell Connection Configuration 4 SNMP Connection Configuration FIGURE 1 ZXR10 5900 5200 CONFIGURATION MODES Confidential and Proprietary Information of ZTE CORPORATION 3 ...

Страница 18: ...ort connection The console port connection configura tion adopts the VT100 terminal mode 1 Select Start Programs Accessories Communica tions HyperTerminalon the PC screen to start the Hyper Terminal as shown in Figure 2 FIGURE 2 STARTING THE HYPERTERMINAL 2 Input the related local information in the interface as shown in Figure 3 FIGURE 3 LOCATION INFORMATION 4 Confidential and Proprietary Informa...

Страница 19: ...ame and choose an icon for the new connection as shown in Figure 4 FIGURE 4 SETTING UP A CONNECTION 4 Based on serial port connection to the console cable choose COM1 or COM2 as the serial port is to be connected as shown in Figure 5 Confidential and Proprietary Information of ZTE CORPORATION 5 ...

Страница 20: ...NNECTION CONFIGURATION 5 Enter the properties of the selected serial port as shown in Figure 6 The port property configuration includes Bits per Second 9600 Data bit 8 Parity None Stop bit 1 Data flow control None 6 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 21: ...and password This enables unauthorized users from accessing the switch through Telnet Use the following command to configure the user name and password username username password password To strengthen the security of the switch switch can limit telnet login of the users Use the following command to admit or refuse telnet s IP address line telnet access class basic access list 1 Connect the host d...

Страница 22: ...o one in the same network seg ment as that of the VLAN interface so that the host can ping the IP address of the VLAN interface v Run the telnet command on the host and input the IP ad dress of the VLAN interface to log in to the switch as shown inFigure 7 FIGURE 7 RUN TELNET vi Click OK to enter the interface as shown inFigure 8 FIGURE 8 TELNET LOGIN vii Type the correct user name and password at...

Страница 23: ...security authentication is that it is easily attacked by the man in the middle This imitates the server to receive the data sent by the client and imitates the client to transmit the data to the real server SSH can solve this hidden trouble The SSH sets up a security channel for the remote login on non security network and other network to encrypt and compress all transmitted data In this way no u...

Страница 24: ... Series User Manual Basic Configuration Volume FIGURE 9 SETTING IP ADDRESS AND PORT NUMBER OF SSH SERVER ii Set the SSH version numberas shown inFigure 10 10 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 25: ...ork protocols An NM server can manage all devices on the network through this protocol SNMP adopts the management That is based on the server and client Background NM server serves as SNMP server and the foreground network device ZXR10 5900 5200 serves as the SNMP client Foreground and background shares one MIB management database and the SNMP is used for communications NMS software supporting the...

Страница 26: ...n vlan vlan id vlan name global configuration mode VLAN interface configuration mode ZXR10 config if interface vlan vlan id vlan if global configuration mode MSTP configuration mode ZXR10 config mstp spanning tree mst configurationglobal configuration mode Standard ACL configuration mode ZXR10 config std acl acl standard number acl number name acl name global configuration mode Extended ACL config...

Страница 27: ...turn to the user mode In the user mode and privileged mode execute the exit command to exit the switch In other command mode execute the exit com mand to return to the previous mode In command modes other than the user mode and privileged mode execute the end command or press Ctrl z to return to the privileged mode Command Line Function Online Help Command 1 Input a mark behind the prompt of any c...

Страница 28: ...he is below the first character of the input incorrect command keyword or parameter An example is given below ZXR10 von ter Invalid input detected at marker ZXR10 An example of system clock is given below ZXR10 cl clear clock ZXR10 clock set Set the time and date ZXR10 clock set hh mm ss Current Time ZXR10 clock set 13 32 00 Incomplete command At the end of the above example the system prompts tha...

Страница 29: ...e 3 TABLE 3 INVOKING A COMMAND Command Function Ctrl P or Invoke a history command in the buffer forward Ctrl N or Invoke a history command in the buffer backward In the privileged mode execute the show history command to list the commands input the latest in this mode Confidential and Proprietary Information of ZTE CORPORATION 15 ...

Страница 30: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 16 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 31: ...mage files is zar The image files are dedicated compression files Version upgrade means to change the corresponding image files under the directory 2 CFGThis directory is for saving configuration files whose name is startrun dat Information is saved in the Memory when using command to modify the switch configuration To prevent the configuration information loss at the time of switch restart use wr...

Страница 32: ...odify the name of directory in flash use the following com mand rename source filename destination filename 1 This example shows how to view the current files in the Flash ZXR10 dir Directory of flash attribute size date time name 1 drwx 512 MAY 17 2004 14 22 10 IMG 2 drwx 512 MAY 17 2004 14 38 22 CFG 3 drwx 512 MAY 17 2004 14 38 22 DATA 65007616 bytes total 48863232 bytes free ZXR10 cd img Enter ...

Страница 33: ... 65007616 bytes total 48863232 bytes free FTP TFTP Overview ZXR10 5900 5200 can server as an FTP TFTP client Files can be used as backup and restore purpose Files can also be used as import export configurations Configuring Switch as an FTP Client Enable FTP server on the background host and access the ZXR10 5900 5200 as an FTP client from the FTP server 1 Run wftpd on the background host and an i...

Страница 34: ...e Home Directory text box such as D IMG After these setting dialog box appears as shown in Figure 12 FIGURE 12 USER RIGHTS SECURITY DIALOG BOX 3 Click Done to finish the settings Configuring Switch as an TFTP Client Start TFTP server on the background host and access the ZXR10 5900 5200 as a TFTP client from the TFTP server 1 Run tftpd on the background host and an interface as shown in Figure 13 ...

Страница 35: ...figuration file such as D IMG The following dialog box will appear as shown in Figure 14 FIGURE 14 CONFIGURING DIALOG BOX 3 Click OK to finish the settings Background of TFTP server is implemented Start the TFTP server and run copy on the switch to backup restore files or import ex port configurations Confidential and Proprietary Information of ZTE CORPORATION 21 ...

Страница 36: ... to restore the backup of the configu ration file from the background TFTP server ZXR10 copy tftp 168 1 1 1 startrun dat flash cfg startrun dat Backing Up Version File Take a backup of the running version file to the background server prior to version upgrade so that the original version can be re stored in case the new version loading fails To backup the soft ware version file is similar to backi...

Страница 37: ...normally due to some special reasons If version upgrade op erations are performed improperly upgrade failure may occur or the system fails to start Therefore before version upgrade the maintenance personnel must be familiar with the principles and operations of the ZXR10 5900 5200 and learn the upgrade steps earnestly Upgrading the Version at Abnormality To upgrade the version for ZXR10 5900 5200 ...

Страница 38: ...22273 Omitted Welcome to ZXR10 5928 Switch of ZTE Corporation ZXR10 5 If the system starts successfully the user can use the show version command to check whether the new version is running in the memory If not booting from the background server failed The user must repeat steps 1 to 5 6 Delete the old version file zxr10 zar from the Flash s IMG directory with the delete command If there is enough...

Страница 39: ... control board to the serial port of the background host with a console cable attached to the switch connect the management Ethernet port 10 100 M Ethernet port on the main control board to the background host s network port with a straight through network cable Make sure that both connections are correct 2 Set the background host for upgrade to be in the network seg ment as the switch s managemen...

Страница 40: ...em boot Welcome message begins and ends with custom character The example is as follows ZXR10 config banner incoming C Enter TEXT message End with the character C Welcome to ZXR10 Switch World C ZXR10 config Setting Privileged Mode Key To prevent an unauthorized user from modifying the configuration use the following command Command Function ZXR10 config enable secret 0 password 5 password passwor...

Страница 41: ...t idle timeout This configures dle timeout time ZXR10 config line telnet absolute timeout absolute timeout This configures absolute timeout time There are parameters absolute timeout and absolute timeout af ter line console and line telnet absolute timeout refers to the time which is from the begin of connection to connection timeout idle timeout refers to the idle timeout that after user last ope...

Страница 42: ...952 Software Version ZXR10 5900 V2 8 23 A 12 RELEASE SOFTWARE Copyright c 2000 2007 by ZTE Corporation Compiled Jun 14 2009 11 47 14 System image files are flash flash img zxr10 zar System uptime is 2 days 18 hours 19 minutes MPU Main processor ZXR10 MPC8270 450M PCI with 256M bytes of memory 512K bytes of non volatile configuration memory 16M bytes of processor board System flash Read Write ROM S...

Страница 43: ...al port supports 10000M full duplex it can t be configured to work in auto negotiation duplex mode and rate The XGE optical port supports 10000M full duplex it can t be configured to work in auto negotiation duplex mode and rate The system automatically adds ports When you insert an inter face board to a proper slot and start the board ports of the board are automatically added to the port list No...

Страница 44: ...he back of switch are arranged from left to right corresponding to xgei_2 1 xgei_3 1xgei_4 1xgei_5 1 2 ZXR10 5952 5252 The 48 ports correspond to gei_1 1gei_1 48 The 4 xgei Ethernet interface board at the back of switch are arranged from left to right corresponding to xgei_2 1 xgei_3 1xgei_4 1xgei_5 1 3 ZXR10 5924 5224 The 24 ports in the front of the switch correspond to gei_1 1 to gei_1 24 Disab...

Страница 45: ... auto speed 10 100 This configures automatic negotiation notification on an Ethernet port to 10M or 100M When working mode of PHY is electrical interface GE FE 10M half duplex and full duplex can be set if it can be notified When working mode of PHY is optical port only half duplex and full duplex can be set if it can be notified The notification of speed can t be set Description negotiation auto ...

Страница 46: ...s duplex mode and rate Disable auto negotiation on the port before the configuration Setting Flow Control on an Ethernet Port Step Command Function 1 ZXR10 config interface port name This enters interface configuration mode 2 ZXR10 config gei_1 x flowcontrol enable disable This sets flow control on an Ethernet port Flow control is to restrict packet count sent to the Ethernet port within certain t...

Страница 47: ...gei_1 x byname by name This sets port alias on an Ethernet port Port alias is set to uniquely identify a port with a mnemonic name Port can be accessed with its alias instead of the port name Setting Broadcast Storm Suppression on an Ethernet Port Step Command Function 1 ZXR10 config interface port name This enters interface configuration mode 2 ZXR10 config gei_1 x broadcast limit value This sets...

Страница 48: ...ing to configured allowed number of multicast packet on an Ethernet port every second Setting Unknowcast Packet Suppression on an Ethernet Port Step Command Function 1 ZXR10 config interface port name This enters interface configuration mode 2 ZXR10 config gei_1 x unknowcast limit value This sets unknowcast storm suppression on an Ethernet port When unknowcast packet suppression function of ZXR10 ...

Страница 49: ...espectively Only all three states are up is interface in normal working status At the interface configuration mode input shutdown the Admin state of the interface will turn down lists some abnormal interface conditions and handling procedures TABLE 4 INTERFACE STATE ABNORMAL CONDITION Interface State Analysis and Solution Admin is DOWN Phy is UP Prot is DOWN This indicates that physical connection...

Страница 50: ... Bps output 0 Bps Interface utilization input 0 output 0 Forward packets input output statistics including error packet statistics Input Packets 19 Bytes 1501 Unicasts 19 Multicasts 0 Broadcasts 0 Undersize 0 Oversize 0 CRC ERROR 0 Dropped 0 Fragments 0 Jabber 0 MacRxErr 0 Output Packets 0 Bytes 0 Unicasts 0 Multicasts 0 Broadcasts 0 Collision 0 LateCollision 0 Total 64B 0 65 127B 19 128 255B 0 25...

Страница 51: ...etect the line of port gei_1 2 ZXR10 config show vct int gei_1 2 CableStatus Good Pair 1 2 3 6 4 5 7 8 Status Good Good Good Good Length 50m 50m 50m 50m Caution Line diagnosis and analysis will restart the tested port when links of the port is broken and then restored This function is used only for faulty ports and is not recommended for ports connected to users Port Mirroring Configuration Port M...

Страница 52: ...ession number desination This sets monitor port 3 ZXR10 config gei_1 x monitor session session number desination rspan vlanid vlanid priority priorityid This sets RSPAN monitor port 4 ZXR10 config gei_1 x show monitor session session number This displays statistics of port mirroring 5 ZXR10 config gei_1 x no monitor session This deletes port from port mirroring Port Mirroring Configuration Example...

Страница 53: ...nation Show Port Mirroring Configuration ZXR10 config show monitor session 1 Session 1 Source Ports Port gei_1 1 Monitor Direction rx Port gei_1 2 Monitor Direction both Destination Port Port gei_1 3 Rspan_vlanid 0 Rspan_priority 0 ZXR10 config 2 The following example shows RSPAN mirroring configuration As shown in Figure 16 port gei_1 3 is connected to other equipment s mirroring out port data re...

Страница 54: ...ection Overview ZXR10 5900 5200 supports single port loopback detection This function can detect the loopback of user which connects to the switch and switch itself Then it can solve this problem It can avoid broadcast storm in result of loopback ZXR10 5900 5200 detects loopback of a few ports or all ports By default it is not detected It supports loopback detection in Vlan One port supports up to...

Страница 55: ...t of loopback detection 5 ZXR10 config show loop detect interface This enables the loopback detection function 6 ZXR10 config show loop detect interface detail port name This displays detail of port which enables loopback detection 7 ZXR10 config show loop detect protect interface This displays the port which enables loopback detection protection 8 ZXR10 config show loop detect reopen time This di...

Страница 56: ...detect interface detail gei_1 1 isUp isMonitor isLoop isProtected Yes Yes Yes Yes reopenTime loopvlan vlanRange 300 2 1 2 DOM Configuration DOM Function Overview DOMdigital optical monitoring is a part of optical module specifica tion The optical module with DOM function can read temperature voltage current sending and receiving power of optical module In addition each optical module sets some thr...

Страница 57: ...nt sending and receiving power This supports single interface view and single board view Only support physical interface Example This views optical module information of an interface ZXR10 Show optical inform brief Optical Optical Interface Temperature Voltage Current Tx Power Rx Power Name Celsius Volts mA mW mW gei_2 1 21 12 00 5 00 60 00 0 00 1 00 gei_2 1 22 12 00 5 00 60 00 0 00 1 00 gei_2 1 2...

Страница 58: ...tical module tx power sending power of optical module Only support physical interface Example This views threshold information of interface optical module ZXR10 show optical inform detail temperature High Alarm High Warn Low Warn Low Alarm Temperature Threshold Threshold Threshold Threshold Port Celsius Celsius Celsius Celsius Celsius gei_1 1 48 1 100 0 100 0 0 0 0 0 gei_1 2 34 9 100 0 100 0 0 0 0...

Страница 59: ...rning l a low alarm Interface Time in slot Threshold Violation Type s of Last Known Name DDDD HH MM SS DDDD HH MM SS Threshold Violation gei_2 1 22 14 57 27 04 29 2008 14 57 07 04 29 2008 tem h w 52 00C 52 00C 14 57 07 04 29 2008 vol h w 5 00V 5 00V 14 57 07 04 29 2008 cur l w 60 00mA 80 00mA 14 57 07 04 29 2008 rx l a 440 00dBm 333 01dBm 14 57 07 04 29 2008 rx l a 440 00dBm 333 01dBm gei_2 1 23 1...

Страница 60: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 46 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 61: ...rtain host in the network IP addresses are divided into five classes Class A Class B Class C Class D and Class E Classes A B and C are the most common ones Class D is the network multicast address and Class E is reserved for future use Table 5lists range of each class TABLE 5 IP ADDRESS RANGE FOR EACH CLASS Class Prefix Characteristic Bit Network Bit Host Bit Range Class A 0 8 24 0 0 0 0 127 255 2...

Страница 62: ...Thus the structure of an IP address consists of three parts Network bits subnet bits and host bits The network bits and subnet bits are used to uniquely identify a network Use the subnet mask to find which part in the IP address indicates network bits and subnet bits and which part stands for host bits The part with subnet mask of 1 corresponds to the network bits and subnet bits of the IP address...

Страница 63: ...dminStatus is up PhyStatus is up line protocol is up Internet address is 10 1 1 1 24 Broadcast address is 255 255 255 255 IP MTU is 1500 bytes ICMP unreachables are always sent ICMP redirects are never sent ARP Timeout 00 10 00 ARP Configuration ARP Overview Network device when sends data to another network device It should know the IP address and physical address MAC address of the destination de...

Страница 64: ...e 4 ZXR10 config if vlanX arp timeout timeout This configures the aging time of ARP entry in the ARP buffer area 5 ZXR10 config if vlanX set arp static permanent ip address hardware address This adds arp entry in static permanent binding To delete arp entry use the following command Command Function ZXR10 clear arp cache interface supervlan id vlan i d ipaddress dynamic permanet static This delete...

Страница 65: ...h vlan interface The arp is generated in the process of configuring switch vlan interface address s indicates that it is a static ARP and P indicates that it is a permanent ARP added manually The number means the time since ARP updates last time Confidential and Proprietary Information of ZTE CORPORATION 51 ...

Страница 66: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 52 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 67: ...figuration fill will be copied to all stack member for backup When stack system acts as layer 3 device the MAC address of stack system is the unique ID in the network The MAC address of main device in stack system is that of the whole stack system Each stack member is identified by its stack member ID Any one of stack members can be main device When main de vice isn t applicable a new main device ...

Страница 68: ...hich fails in selection will restart and join this stack system During this joining process these switch member IDs will possibly be allocated again After joining they will implement the configuration of the main device selected again If neither original main device nor original standby device is in the separate stack system all members of this stack system will restart In addition because the con...

Страница 69: ... If a device hasn t configured ID before joining stack system it will has default ID 1 In a stack system two or multiple devices can t have the same IDs The command nvram stack machine id modifies stack device ID which is valid after restarting the device When a device joins a stack system if its ID is different from the ID of any member in this stack system the ID can be saved Otherwise it will b...

Страница 70: ...ile The configuration file of stack system applies configuration file of main device The name of configuration file is stackcfg dat When system starts it reads configuration file from flash of main de vice and recovers according to the record of this configuration file When write is used configuration file is not only saved in this device but also synchronized to other devices that is the same con...

Страница 71: ... system Now a time delay 1 300s can be configured by MAC switching function after device leaves In this time if the orig inal main device joins this stack system again the MAC address of original main device will become that of stack system and whole system MAC address is not switched If original main device doesn t join this stack system the MAC address of new main device will become that of stac...

Страница 72: ...he whole stack system neighbor relationship 3 ZXR10 show switch neighbours stack member nu mber This views neighbor relationship of designated device The parameter is device ID 4 ZXR10 show switch stack ports This views current device stack interface information including sending receiving packet statistics 5 ZXR10 show switch stack ports stack member nu mber This views specific device stack inter...

Страница 73: ...fter the first match The order of conditions in the list is critical If no conditions match the switch rejects the packets If there are no restrictions the switch forwards the packet otherwise the switch drops the packet Packet matching rules defined by the ACL are also used in other conditions where distinguishing traffic is needed For instance the matching rules can define the traffic classifica...

Страница 74: ...o 100 Configuring ACL Configuring Time Range Command Function ZXR10 config time range timerange name hh mm ss to hh mm ss days of the week from hh mm ss mm dd yyyy to hh mm ss mm dd yyyy This enables time range There are several conditions in time range configuration Configure time range for each day Specify the exact start time and end time in a day Configure period range Specify the period to be...

Страница 75: ...but reject packets with the source IP address of 192 168 1 100 ZXR10 config acl standard number 10 ZXR10 config std acl rule 1 deny 192 168 1 100 0 0 0 0 ZXR10 config std acl rule 2 permit 192 168 1 0 0 0 0 255 Configuring Extended ACL Step Command Function 1 ZXR10 config acl extend number acl number n ame acl name This enters the extended ACL configuration 2 ZXR10 config ext acl rule rule no perm...

Страница 76: ...R10 config ext acl rule 1 permit udp 210 168 1 0 0 0 0 255 eq 100 210 168 2 10 0 0 0 0 eq 200 ZXR10 config ext acl rule 2 deny tcp 192 168 2 0 0 0 0 255 eq bgp any ZXR10 config ext acl rule 3 deny icmp any any ZXR10 config ext acl rule 4 deny 8 any any Configuring L2 ACL Step Command Function 1 ZXR10 config acl link number acl number This enters the L2 ACL configuration mode 2 ZXR10 config link ac...

Страница 77: ...ildcard any ethe r protocol vlan id cos value egress dst mac dst wildcard ingress sor mac s or wildcard time range range name eq port number dst mac dst wildcard any ether protocol vlan id cos value egress dst mac dst wildcard ingress sor mac sor wildcard time range range name This configures the rules based on UDP 5 ZXR10 config hybd acl move rule no after before rule no This moves a rule behind ...

Страница 78: ...y icmp source prefix any destination prefix any protocol source prefix any destination prefix any tcp source prefix any rule 0 m axPortNo tcpporttype destination prefix any rule 0 maxPortNo tcpporttype udp source prefix any rule 0 max PortNo udpporttype destination prefix any rule 0 maxPortNo udpporttype ingress Source mac address Source wildcard bits egress Destination mac address Destination wil...

Страница 79: ... in Only ACL 100 takes effects Applying ACL on VLAN ACL can be applied on both physical port and VLAN after it is de fined Step Command Function 1 ZXR10 config vlan vlan id This enters VLAN configuration mode 2 ZXR10 config vlanX ip access group acl numbe r acl name in This applies ACL on VLAN Note 1 Currently ACL type that VLAN binds only supports IPv4 hybrid ACL 2 One VLAN can only apply one ACL...

Страница 80: ...ption 1 test1 ZXR10 config std acl rule 2 permit 192 168 1 0 0 0 0 255 ZXR10 config std acl rule description 2 test2 Note Currently only IPv4 standard ACL IPv4 extended ACL IPv4 hybrid ACL and IPv4 layer 2 ACL support ACL renaming function ACL Configuration Example A company has an Ethernet switch to which users of both de partment A and department B and servers are connected This is shown in Figu...

Страница 81: ...ime ZXR10 config ext acl rule 4 deny ip any 192 168 3 100 0 0 0 0 time range working time ZXR10 config ext acl rule 5 permit ip any any Define an extended ACL to limit users of department B ZXR10 config acl extend number 101 ZXR10 config ext acl rule 1 permit ip 192 168 2 100 0 0 0 0 any ZXR10 config ext acl rule 2 deny ip 192 168 2 0 0 0 0 255 192 168 4 60 0 0 0 0 time range working time ZXR10 co...

Страница 82: ...0 5900 5200 provides related view commands 1 To display the contents of all ACLs with specified list number use the following command show acl acl number name acl name 2 To show whether an ACL is applied on a physical port use the following command show running config interface port name 68 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 83: ...the VoIP service and real time image transmission normally if packet transfer delay is too long To solve the problem provide the system with the capa bility of supporting QoS QoS is designed to provide different qualities of service for differ ent demands from various applications such as providing specific bandwidth reducing packet loss ratio shortening packet transfer delay and delay jitter To a...

Страница 84: ...eding amount of traffics conduct the following operation Discard or forward Modify its DSCP value Modify its drop precedence packets with higher drop prece dence will be dropped preferentially when congestion occurs Traffic policing will not introduce extra delay Its working process is shown in Figure 19 FIGURE 19 TRAFFIC POLICING WORKING FLOW ZXR10 5900 5200 implements the Single Rate Three Color...

Страница 85: ...ize is less than CIR Traffic Shaping Traffic shaping is used to control the rate of output packets thus sending packets at even speed Traffic shaping is used to match packet rate with downlink equipment to avoid congestion and packet discarding The difference between traffic shaping and traffic policing is that traffic shaping is to cache packets whose rate exceeds the limited value and send packe...

Страница 86: ...s not marked with an 802 1P label a default 802 1p value will be assigned by the switch Redirection and Policy Routing Redirecting is used to make the decision again about the forward ing of packets with certain features according to traffic classifica tion Redirection changes transmission direction of packets and export messages to the specific port CPU or next hop IP address Redirect packets to ...

Страница 87: ...ctual condition of the network and reasonably allocate network resources The main content of traffic statistics contains the number of packets received from the incoming direction of the port Configuring QoS Configuring Traffic Polices Command Function ZXR10 config traffic limit in acl number rule id rule no cir cir value cbs cbs value ebs ebs value pir pir value mode mode drop yellow forward red ...

Страница 88: ...desti nation IP address of 168 2 5 5 on port of gei_1 1 and bandwidth is set to 10M ZXR10 config acl extended number 100 ZXR10 config ext acl rule 1 permit ip any 168 2 5 5 0 0 0 0 ZXR10 config ext acl exit ZXR10 config traffic limit in rule id 1 cir 10000 cbs 2000 pir 10000 pbs 2000 mode blind ZXR10 config interface gei_1 1 ZXR10 config gei_1 1 ip access group 100 in Configuring Traffic Shaping C...

Страница 89: ...r Queue number Queue weight This configures queue scheduling and default 802 1p priority of the port Example This example shows the implementing of SP scheduling on the port gei_1 1 This implements WRR scheduling on port gei_1 2 and configures the weight of queue 0 to queue 7 sequentially as 10 5 8 10 5 8 9 and 10 Default 802 1p is configured on the port gei_1 2 as 5 ZXR10 config interface gei_1 1...

Страница 90: ... port gei_1 1 to 34 and selects the output queue to 4 ZXR10 config acl standard number 10 ZXR10 config std acl rule 1 permit 168 2 5 5 ZXR10 config std acl exit ZXR10 config priority mark in 10 rule id 1 dscp 34 cos 4 drop precedence low ZXR10 config interface gei_1 1 ZXR10 config gei_1 1 ip access group 10 in Configuring Outer VLAN Value To configure outer VLAN value of traffic which matches ACL ...

Страница 91: ...nd Function ZXR10 config qos tail drop session index queue id queue id all threshold yellow threshold red threshold This configures the tail drop parameter To enable the tail drop function on the port use the following com mand drop mode tail drop session id Example This example shows the configuration of tail drop In queue 1 Red packets tail drop value is 120 Yellow packets tail drop value is 120...

Страница 92: ...Configuration Example Network A Network B and internal servers are all connected to an Ethernet switch as shown in Figure 20 One of internal servers is the VOD server with the IP address of 192 168 4 70 To guar antee service quality of the VOD configure it as one with high priority The internal user can access the Internet over the agent 192 168 3 100 but the bandwidth of Network A and Network B s...

Страница 93: ...s 7 drop precedence low Restrict the bandwidth of Network B to access Internet ZXR10 config traffic limit in 101 rule id 2 cir 10000 cbs 2000 ebs 3000 mode blind Sum up traffic of Network B ZXR10 config traffic statistics in 101 rule id 2 ZXR10 config interface gei_1 1 ZXR10 config gei_1 1 ip access group 100 in ZXR10 config gei_1 1 exit ZXR10 config interface gei_1 2 ZXR10 config gei_1 2 ip acces...

Страница 94: ... the corresponding port ZXR10 config interface gei_1 1 ZXR10 config gei_1 1 ip access group 10 in ZXR10 config gei_1 1 exit ZXR10 config interface gei_1 2 ZXR10 config gei_1 2 ip access group 10 in QoS Maintenance and Diagnosis ZXR10 5900 5200 provides the following commands of QoS main tenance and diagnosis 1 To display QoS configuration use the following command show qos 2 To displayconfiguratio...

Страница 95: ...ule id 1 cir 10000 cbs 2000 ebs 2000 mode blind ZXR10 config show qos traffic limit in 1 rule id 1 cir 10000 cbs 2000 ebs 2000 mode blind ZXR10 config qos conform dscp 1 0 7 2 ZXR10 config show qos conform dscp qos conform dscp 1 0 7 2 ZXR10 config qos cos local map 1 2 3 4 5 6 7 0 ZXR10 config show qos cos local map qos cos local map 1 2 3 4 5 6 7 0 ZXR10 config qos cos drop map 2 1 0 2 1 1 0 1 Z...

Страница 96: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 82 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 97: ...nicast DHCPRequest to the server indicating to accept relevant configuration 4 Selected DHCP server returns a unicast packet DHCPAck for confirmation By now the host can use the IP address and relevant configuration obtained from the DHCP server for communication DHCP supports three mechanisms for IP address allocation 1 Automatic allocation DHCP assigns a permanent IP address to a client 2 Dynami...

Страница 98: ... is designated le gal IP address subnet mask and gateway can access network nor mally But DHCP server will still allocate this IP address to other hosts possibly It will lead to address collision and affect the nor mal distribution of IP address DHCP snooping function is enabled for ZXR10 5900 5200 to prevent bogus DHCP server from being laid in network and in this case the port connecting to DHCP...

Страница 99: ...ol 2 ZXR10 config ip pool no exclude low_ip_addr h ig_ip_addr This deletes the original configuration low_ip_addr the begin low address of reserving address or a specific address Hig_ip_add r the highest address of reserving address range This command parameter must be a subset of this address pool 4 To add all suitable ip addresses to ip pool or delete the corre sponding IP address range use the ...

Страница 100: ...gure a DHCP pool or delete a DHCP pool use the fol lowing command Step Command Function 1 ZXR10 config ip dhcp pool word This configures a DHCP pool word DHCP pool name 2 ZXR10 config no ip dhcp pool word This deletes a DHCP pool 2 To configure binding table between MAC address and ip ad dress or delete the original configuration use the following commands Step Command Function 1 ZXR10 config dhcp...

Страница 101: ...ing configuration 5 To bind the specific ip pool with dhcp pool or delete binding relationship use the following command Step Command Function 1 ZXR10 config dhcp pool ip pool ip_pool_name This binds the specific ip pool with dhcp pool ip_pool_namer ip pool address pool name 1 16 characters 2 ZXR10 config dhcp pool no ip pool This deletes binding relationship 6 To configure ip address lease time o...

Страница 102: ...1 16 characters priority priority 2 ZXR10 config no ip dhcp policy policy_name pri ority This deletes name corresponding policy configuration 2 To bind the policy to a dhcp pool or delete binding relationship use the following command Step Command Function 1 ZXR10 config dhcp pool dhcp pool pool_name This binds the policy to a dhcp pool pool_name name of dhcp pool 2 ZXR10 config dhcp pool no dhcp ...

Страница 103: ...sses IP address request sent from DHCP client on the interface and allocate IP address for DHCP Client dynamically by external DHCP Server configured in the interface After enabling built in DHCP Proxy process system will process IP address request sent from DHCP client on the interface allocate IP address for DHCP Client dynamically by external DHCP Server configured in the interface and replace ...

Страница 104: ... DHCP users on an interface thus limiting the num ber of IP addresses assigned on the interface As for DHCP Relay DHCP Relay standard mode doesn t support DHCP user quota thus user quota doesn t take effect But if DHCP Relay is configured forwarding in safety mode DHCP Relay will make DHCP user quota configuration valid 5 To configure the interface select outside DHCP Server policy or cancel this ...

Страница 105: ...n Configuring DHCP Snooping 1 To add the binding entry to binding database manually or delete binding entry from DHCP SNOOPING binding database use the following commands Step Command Function 1 ZXR10 config ip dhcp snooping binding mac vlan vlan ip address interface number expiry 2147483647 This adds user binding entry to binding database manually mac user MAC address vlan the VLAN user belongs t...

Страница 106: ...ommand Step Command Function 1 ZXR10 config ip dhcp snooping information option This inserts 82 option 2 ZXR10 config no ip dhcp snooping information option This doesn t insert 82 option 5 To configure the 82 option format or delete the configured 82 option format and restore the default format use the following command Step Command Function 1 ZXR10 config ip dhcp snooping information format china...

Страница 107: ...n 2 ZXR10 config no ip dhcp snooping ramble This disables DHCP SNOOPING ramble function 8 To configure the interface connects to DHCP SERVER as trust interface use the following command Step Command Function 1 ZXR10 config ip dhcp snooping trust interface number This configures DHCP SERVER interface as trust interface interface number physical interface numbersuch as fei gei and smartgroup 2 ZXR10...

Страница 108: ...ting to the subnet where DHCP Agent locates needs to be configured on external DHCP Server 2 To configure the outside DHCP server ip address on the inter face or delete outside DHCP Server address on the interface use the following command Step Command Function 1 ZXR10 config if vlanX ip dhcp relay server ip address standard security ip address outside DHCP Server ip address in dotted decimal nota...

Страница 109: ... ZXR10 config no ip dhcp relay server retry This recovers default retry time 4 To configure the specific domain name DHCP CLient applies from outside DHCP Server use the following command Step Command Function 1 ZXR10 config ip dhcp relay server vclass id domain name ip address standard security domain name domain name that DHCP Client request packet carries ip address outside DHCP Server ip addre...

Страница 110: ... configures the insert 82 option when the DHCP process is in relay forwarding The default 82 option is not inserted 2 ZXR10 config no ip dhcp relay information option This cancels the insert 82 option 7 To configure the DHCP process when the insert 82 option has been configured in the DHCP process in relay forwarding data and host should configure the insert 82 option or delete con figured 82 opti...

Страница 111: ...reply on the interface use the following command Step Command Function 1 ZXR10 config if vlanX ip dhcp relay snooping packet reply This enables DHCP network packet that all reply on the interface 2 ZXR10 config if vlanX no ip dhcp relay snooping packet reply This command disables DHCP network packet that all reply on the interface 11 To enable DHCP network packet that all request on the inter face...

Страница 112: ...d of dhcp client on the interface use the fol lowing command Command Function ZXR10 config if vlanX ip dhcp client class id WORD hex This enables class id of dhcp client on the interface 2 This configures class id of dhcp client on the interface Step Command Function 1 ZXR10 config if vlanX ip dhcp client client id This configures dhcp client id on the interface 2 ZXR10 config if vlanX no ip dhcp ...

Страница 113: ...mmand Command Function ZXR10 config if vlanX ip dhcp client request dns nameserver domain name router static route tftp server address This configures request information of dhcp client on the interface DHCP Configuration Example DHCP Server Configuration Example R1 acts as the DHCP server and default gateway and the host ob tains IP addresses through the DHCP dynamically as shown in Figure 22 Con...

Страница 114: ...dhcp pool exit ZXR10 config ip dhcp policy p1 1 ZXR10 config dhcp policy dhcp pool dhcp1 ZXR10 config dhcp policy default route 10 10 1 1 ZXR10 config dhcp policy exit ZXR10 config interface vlan 10 ZXR10 config if vlan10 ip dhcp policy p1 ZXR10 config ip dhcp enable DHCP Relay Configuration Example Router at the user end is connected directly as DHCP relay when the DHCP client and server are not ...

Страница 115: ...P Snooping Configuration Example DHCP server 1 connects to the interface gei_1 1 in switch R1 Man ager configures the DHCP The server 2 connects to the interface gei_1 2 in switch R1 This is configured by the user it is illegal DHCP server Both ports gei_1 1 and gei_1 2 are in vlan 100 Enable the DHCP snooping function in the switch can prevent set illusive DHCP server Now it is needed to enable D...

Страница 116: ... exit ZXR10 config ip dhcp snooping enable ZXR10 config ip dhcp snooping vlan 100 ZXR10 config ip dhcp snooping trust gei_1 1 DHCP Snooping Prevent Static IP Configuration Example DHCP server belongs to vlan 100 and PC belongs to vlan 200 PC gets the IP address use by DHCP Now it is required to forbid the PC to configure the static IP address through the DHCP snooping and dynamic ARP inspection te...

Страница 117: ... server snooping user 2 To display configuration information of the local address pool use the following command show ip local pool pool name 3 To display configuration information of interface related DHCP server relay use the following command show ip interface 4 To display the DHCP snooping configuration use the following command show ip dhcp snooping configure 5 To view the DHCP snooping Vlan ...

Страница 118: ...ew dynamic arp inspection use the following command show ip arp inspection vlan vlanl id 9 To display DHCP pool use the following command show ip dhcp pool pool name 10 To display DHCP policy use the following command show ip dhcp policy policy_name To handle DHCP server relay processes use debug ip dhcpcom mand 104 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 119: ...s of one of router interfaces or the third party address The router is used as the master router if its interface address is used and other routers are used as the backup ones The router with high priority is used as the master router if the third party address is used If two routers have the same priority the one with the greater interface address wins For ZXR10 5900 5200 if the two routers prior...

Страница 120: ...ZXR10 config if vlanX vrrp group preempt delay milliseconds To configure whether preemption is enabled on the interface use the following command 4 To configure the time interval for sending VRRP notifications on the interface use the following command Command Function ZXR10 config if vlanX vrrp group advertise msec interval This configures the time interval for sending VRRP notifications on the i...

Страница 121: ...onfig if vlanX vrrp group mode private standard This configures the mode of virtual device 9 To configure virtual device vrrp protocol message out inter face use the following command Command Function ZXR10 config if vlanX vrrp group out interface interfacename This configures virtual device vrrp protocol message out interface VRRP Configuration Example Basic VRRP Configuration Example This exampl...

Страница 122: ... 0 0 2 255 255 0 0 ZXR10_R2 config if vlan1 vrrp 1 ip 10 0 0 1 Symmetric VRRP Configuration Example Two VRRP groups are booted in this example where PC1 and PC2 use the virtual router in Group 1 as default gateway with the ad dress 10 0 0 1 PC3 and PC4 use the virtual router in Group 2 as default gateway with the address 10 0 0 2 R1 and R2 serve as mutual backup Four hosts cannot communicate with ...

Страница 123: ...if vlan1 ip address 10 0 0 2 255 255 0 0 ZXR10_R2 config if vlan1 vrrp 1 ip 10 0 0 1 ZXR10_R2 config if vlan1 vrrp 2 ip 10 0 0 2 VRRP Maintenance and Diagnosis To perform VRRP maintenance and diagnosis ZXR10 5900 5200 provides the following commands to view all VRRP configuration information show vrrp group brief interface interface name all ZXR10 5900 5200 provides debug vrrp command to display V...

Страница 124: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 110 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 125: ... their network and applications to function properly In practice ZXR10 5900 5200 can act as the NTP client and support the configuration of at most 5 NTP time servers Configuring NTP 1 To define a time server use the following command Command Function ZXR10 config rmon collection statistics index owner string This defines a time server Priority must be selected Each server priority is different an...

Страница 126: ... the NTP in the process of sending a synchronization time request 4 To configure time zone of the switch use the following com mand Command Function ZXR10 config clock timezone This configures time zone of the switch 5 To view the NTP running state use the following command Command Function ZXR10 config router show ntp status This views the NTP running state NTP Configuration Example This example ...

Страница 127: ...icate Telnet users accessing the routing switch ZXR10 5900 5200 supports multiple RADIUS server groups Three authentication servers can be configured in each RADIUS group The server timeout time and times of timeout retransmission can be set for each group The administrator can configure different RADIUS groups to select a specific RADIUS server Configuring RADIUS 1 To configure RADIUS accounting ...

Страница 128: ...figures radius server and its parameter 9 ZXR10 config authgrp 1 user name format include domain strip domain This configures format of user name which BRAS sends to RADIUS server 10 ZXR10 config authgrp 1 vendor enable disable This configures whether self definition attribute of manufacturer is in a sending RADIUS protocol packet 4 To perform RADIUS maintenance and diagnosis execute the following...

Страница 129: ...his protocol SNMP is managed based on server and client The background NMS server serves as the SNMP server and the foreground network device serves as SNMP client The foreground and background share an MIB and communicate with each other through the SNMP protocol It is required to configure the specific SNMP server for the rouging switch as the SNMP agent and define contents and au thorities avai...

Страница 130: ...l of the managed equipment 4 To set the location SysLocation of the MIB object use the following command Command Function ZXR10 config snmp server location mib syslocation text This sets the location SysLocation of the MIB object SysLocation is a management variable of the system group in the MIB II and is used to indicate the location of the managed equipment 5 To set the types of TRAP allowed fo...

Страница 131: ... config snmp server engine id engine id This sets local engine id of SNMPv3 10 To configure safe mode group of user use the following com mand Command Function ZXR10 config snmp server group groupname v3 auth noauth priv context context name match prefix match exact read readview write writeview notify notifyview This configures safe mode group of user 11 To set the maximum packet size of SNMP use...

Страница 132: ... the following command Command Function ZXR10 config show snmp user This displays users of SNMPv3 17 To display information of SNMPv3 group use the following command Command Function ZXR10 config show snmp group This displays information of SNMPv3 group 18 To display SNMP engine ID use the following command Command Function ZXR10 config show engine id This displays SNMP engine ID SNMP Configuratio...

Страница 133: ...ly for Ethernet 2 To set an alarm and MIB object use the following command Command Function ZXR10 config rmon alarm index variable interval delta absolute rising thershold value event index falling threshold value event index owner string This sets an alarm and MIB object 3 To enable the history collection function of the interface use the following command Command Function ZXR10 config gei_1 x rm...

Страница 134: ...4479 512 1023 85856 1024 1518 2547 ZXR10 2 This example shows how to configure and start history control entries of the RMON ZXR10 config interface gei_1 1 ZXR10 config gei_1 1 rmon collection history 1 bucket 10 interval 10 owner rmontest ZXR10 config gei_1 1 View RMON history information with the show command ZXR10 show rmon history Entry 1 is active and owned by rmontest Monitors ifEntry 1 1 ev...

Страница 135: ...nd query functions Log information provides convenient routine maintenance of the routing switch User can view alarm infor mation and port state change condition on the routing switch through log information Log information can be displayed on the configuration terminal in real time or can be saved to a file on the routing switch or background log server The syslog protocol can be enabled on ZXR10...

Страница 136: ...ing ftp level mng ftp server us ername password filename This sets the background FTP log server parameter 7 To set parameters of alarm information which is sent to trap server use the following command Command Function ZXR10 config logging trap level community mng host address This sets parameters of alarm information which is sent to trap server 8 To set parameters to pack information in alarm b...

Страница 137: ...ing This saves alarm logging information in location flash data log dat 12 To configure packets use the following command Command Function ZXR10 syslog server facility This distinguishes different servers by this field 13 To designate source address in syslog use the following com mand Command Function ZXR10 syslog server source ip address This designates source address in syslog Syslog Configurat...

Страница 138: ...TACACS security server to complete TACACS AAA function TACACS client also provides the operation that TACACS configuration needs to configure TACACS environment At present ZXR10 5900 5200 supports TACACS authentication to provide authentication of Telnet users accessing the routers ZXR10 5900 5200 supports multiple TACACS server groups Each TACACS group permits the configuration of four authen tic...

Страница 139: ...eter description is as follows Parameter Description ip addr Client IP 1025 65535 Client layer 4 port 5 To configure TACACS server parameter use the following com mand Command Function ZXR10 config tacacs server host ip addr port integer timeout integer key string This configures TACACS server parameter Configuration is deleted with no command Command parameter description is as follows Parameter ...

Страница 140: ...the fol lowing command Command Function ZXR10 config tacacs server packet 1024 4096 This configures TACACS maximum packet length The default configuration 1024 is restored with no command Command parameter description is as follows Parameter Description 1024 4096 Packet maximum length The default is 1024 8 To configure connection timeout for TACACS server use the following command Command Function...

Страница 141: ...cters TACACS Configuration Example ZXR10 config tacacs enable ZXR10 config tacacs server host 1 1 1 1 ZXR10 config tacacs client 1 1 1 2 ZXR10 config aaa authentication login default group zte ZXR10 config aaa authentication enable default local group zte ZXR10 config aaa authorization login default group zte ZXR10 config user authentication type tacacs ZXR10 config user authorization type tacacs ...

Страница 142: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 128 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 143: ...tication system is network equipment supporting the IEEE802 1x protocol such as the switch The equipment cor responds to different user ports physical port or MAC address VLAN and IP of the user equipment and has two logical ports composed of the controlled port and uncontrolled port Uncontrolled port is always in bidirectional connection state and delivers EAPOL protocol which ensures the client ...

Страница 144: ...other through the RA DIUS protocol Configuring DOT1X Configuring AAA 1 To create an AAA control entry use the following command Command Function ZXR10 config nas create aaa rule id port port name vlan vlan id This creates an AAA control entry 2 To clear an AAA control entry use the following command Command Function ZXR10 config nas clear aaa rule id This clears an AAA control entry 3 To enable di...

Страница 145: ...fig nas aaa rule id multiple hosts enable max hosts host number disable This configures whether multiple users are allowed and limitation on the number of users 9 To configure the default ISP server name use the following command Command Function ZXR10 config nas aaa rule id default isp isp name This configures the default ISP server name 10 To configure whether to conduct full name accounting use...

Страница 146: ...ntication mode as local or radius server mode 15 To configure authorization mode use the following command Command Function ZXR10 config nas aaa rule id authorization auto unauthorized authorized This configures authorization mode Configuring DOT1X Parameter 1 To configure dot1x period for re authentication use the follow ing command Command Function ZXR10 config nas dot1x re authentication enable...

Страница 147: ...on server timeout time 6 To configure the maximum times of requests for dot1x client use the following command Command Function ZXR10 config nas dot1x max requests count This configures the maximum times of requests for dot1x client Configuring Local Authentication User 1 To create a local user use the following command Command Function ZXR10 config nas create localuser user id name user name pass...

Страница 148: ...hether to charge the local user use the following command Command Function ZXR10 config nas localuser user id accounting enable disable This configures whether to charge the local user Managing DOT1X Authentication Access User 1 To display all dot1x authentication users use the following command Command Function ZXR10 config nas show clients device device numb er index client index mac mac address...

Страница 149: ... following command Command Function ZXR10 config domain domain id default This configures domain information ZXR10 config no domain domain id default This cancels domain information 4 To configure domain fullname authentication information use the following command Command Function ZXR10 config domain domain fullaccount enable This configures domain fullname authentication information ZXR10 config...

Страница 150: ...hentication server information 8 To configure ISP name in rule use the following command Command Function ZXR10 config nas aaa rule id default isp isp name default This configures ISP name in rule ZXR10 config nas no aaa rule id default isp isp name This deletes ISP name in rule 9 To configure domain name separator in rule use the following command Command Function ZXR10 config nas aaa rule id dom...

Страница 151: ...d access control mode All the AAA access users belong to the default domain zte163 net This authentication and RADIUS authentication are conducted at the same time Disconnect the user and make it offline if RADIUS accounting fails Do not add the domain name after the user name during ac cess Connect the server group composed of two RADIUS servers to the switch IP addresses of these servers are 10 ...

Страница 152: ...rp 1 server 1 10 1 1 1 key aaazte port acct server port num ZXR10 config acctgrp 1 server 2 10 1 1 2 key aaazte port acct server port num ZXR10 config acctgrp 1 exit ZXR10 config nas ZXR10 config nas dot1x re authentication enable period 5 ZXR10 config nas dot1x max request 5 ZXR10 config nas create aaa 1 port gei_1 1 ZXR10 config nas aaa 1 authentication radius ZXR10 config nas aaa 1 control dot1...

Страница 153: ... authorization auto ZXR10 config nas aaa 1 accounting disable ZXR10 config nas aaa 1 multiple hosts enable ZXR10 config nas aaa 1 default isp zte163 net ZXR10 config nas aaa 1 fullaccount disable ZXR10 config nas aaa 1 radius server authentication 1 Dot1x Local Authentication Application In the applications shown in Figure 29 and Figure 30 the enter prise wants to register the network card address...

Страница 154: ...e 29 andFigure 30 applicationsGuest Vlan function is based on interface When user authentication at the port succeeds in terface will be switched in authentication VLAN and other users which are not unauthorized can t visit Guest Vlan internal resource When all authentication users at the port are offline port can re cover attribute of Guest Vlan If one authentication user exists on the port the p...

Страница 155: ...n use the following command show localuser Command debug can be used to trace packet sending receiving and its processing during Dot1x Server Relay process 1 To trace the transceiving packet and handling processes of the dot1x use the following command debug nas 2 To trace the process of interacting with the radius use the following command debug radius Confidential and Proprietary Information of ...

Страница 156: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 142 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 157: ...switch with similar DHCP function of the command switch Command switch and member switch form a cluster private network It is suggested to isolate the broadcast domain of the public net work and that of the private network on the command switch and shield the direct access to the private address The command switch provides a management and maintenance channel to the outside to manage the cluster i...

Страница 158: ...ation Volume Cluster management network is formed as shown in Figure 31 FIGURE 31 CLUSTER MANAGEMENT NETWORKING Switching rule of four types switches in the cluster is shown in Figure 32 144 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 159: ...d Command Function ZXR10 config zdp enable This enables the ZDP function globally or in specific interface 2 To configure time interval of transmitting ZDP packets use the following command Command Function ZXR10 config zdp timer time This configures time interval of transmitting ZDP packets 3 To configure the valid holding time of ZDP information use the following command Confidential and Proprie...

Страница 160: ...Id This conducts ZTP topology collection on different VLANs 3 To set the hops of ZTP topology collection use the following command Command Function ZXR10 config ztp hop number This sets the hops of ZTP topology collection 4 To set each hop delay in sending ZTP protocol packets use the following command Command Function ZXR10 config ztp hop delay time This sets each hop delay in sending ZTP protoco...

Страница 161: ... independent switch and allocates an IP address pool to cluster 2 To change the cluster name use the following command Command Function ZXR10 config group name name This changes the cluster name 3 To set the cluster handshake time use the following command Command Function ZXR10 config group handtime time This sets the cluster handshake time 4 To set the holding time between the member and command...

Страница 162: ...roup save member all member_id This saves the configuration for member on the command switch 3 To delete the member configuration file from the command switch use the following command Command Function ZXR10 config group erase member all member_i d This deletes the member configuration file from the command switch 4 To configure the tftp server on the cluster use the following command Command Func...

Страница 163: ...ure DUT B as the member switch with group member device 1 command and then view Member 1 in the up state with the show group member command on DUT A 6 Log in to Member 1 with the rlogin member 1 command in the privilege mode and log in from Member 1 to the command switch with the rlogin commander command on DUT A Cluster Management Maintenance and Diagnosis When encountering cluster management pro...

Страница 164: ...pment information use the following command show ztp device list device mac mac address id 6 To display group member information use the following com mand show group member candidates mac mac address Command debug group management can be used to trace packet sending receiving of ZDP and ZTP and its processing during cluster management process 150 Confidential and Proprietary Information of ZTE CO...

Страница 165: ...eographically to watch a movie together while chatting and exchanging files si multaneously IPTV uses a two way broadcast signal sent through the provider s backbone network and servers allowing viewers to select content on demand and take advantage of other interactive TV options IPTV can be used through PC or IP machine box TV Configuring IPTV Configuring IPTV Global Parameters 1 To set the leas...

Страница 166: ...use the fol lowing command Command Function ZXR10 config nas iptv control prvcount reset period This sets the period of global reset preview counts 6 To enable disable IPTV use the following command Command Function ZXR10 config nas iptv control enable disable This enables disables IPTV Configuring IPTV Channels 1 To create channels of IPTV use the following command Command Function ZXR10 config c...

Страница 167: ...nd Command Function ZXR10 config create iptv cac rule 1 256 This creates rules of CAC 2 To set the name of CAC rule use the following command Command Function ZXR10 config iptv cac rule 1 256 name This sets the name of CAC rule 3 To set maximum preview counts of rules use the following command Command Function ZXR10 config iptv cac rule 1 256 prvcount This sets maximum preview counts of rules The ...

Страница 168: ... ID of this multicast group is 100 Configuration is shown below ZXR10 config nas iptv control enable ZXR10 config nas create iptv channel special 1 address 224 1 1 1 ZXR10 config nas iptv channel 1 mvlan 100 ZXR10 config nas iptv channel 1 name cctv1 ZXR10 config nas create iptv cac rule 1 port gei_1 1 ZXR10 config nas iptv cac rule 1 right order 1 2 User which connects to port gei_1 1 in Vlan 1 i...

Страница 169: ...nfiguration is shown below ZXR10 config nas iptv control enable ZXR10 config nas create iptv channel special 1 address 224 1 1 1 ZXR10 config nas iptv channel 1 mvlan 100 ZXR10 config nas create iptv cac rule 1 port gei_1 1 ZXR10 config nas iptv cac rule 1 right query 1 IPTV Maintenance and Diagnosis 1 To display the global configuration information of IPTV use the following command show iptv cont...

Страница 170: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 156 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 171: ... in layer 2 Ethernet data frame The principle is to configure DSLAMDigital Subscriber Line Access Multiplexer corresponding to VLAN on BAS During the procedure of PPPOE calling DSLAM applies VBAS protocol that is mapping to corresponding DSLAM according to VLAN of user BAS demand the user line identity inquiry from DSLAM In this user manual switch means DSLAM equipment VBAS protocol is implemented...

Страница 172: ...face Configuring VBAS Interface as User Interface or Network Interface Step Command Function 1 ZXR10 config interface interface name This enters interface configuration mode 2 ZXR10 config gei_1 x vbas port type user net This configures VBAS interface as user interface or network interface VBAS Configuration Example Enable VBAS on the switch and configure VBAS enable vlan as vlan 1 Configure gei_1...

Страница 173: ...ould include at least two interfaces one connection user and another BRAS enquip ment In this example gei_1 1 is used to connect BRAS equip ment VBAS Maintenance and Diagnosis On the privileged mode the command debug vbas is used to open VBAS debug function and send VBAS debug information Confidential and Proprietary Information of ZTE CORPORATION 159 ...

Страница 174: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 160 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 175: ... area Multi ring is designated that every level is an independent ring and low level has two entry points to connect with high level ring The highest level ring is named as major level ring and others are named as access rings Multi area is named that there are many protection instances on the same ring suitable to different service vlan Their logic routes are different and independent ZESR in dou...

Страница 176: ...houldn t be put into control vlan Example 1 This example shows how to configure control vlan as 4000 pro tection instance as 1 ZXR10 config zesr ctrl vlan 4000 protect instance 1 2 This example shows how to delete control vlan as 4000 pro tection instance ZXR10 config no zesr ctrl vlan 4000 protect instance Configuring Major level Ring ZESR To configure ZESR ZESR on major level ring use the follow...

Страница 177: ... and preup only can be used for master or zess tranist preup only can be configured as mas ter or zess master Interface must be configured in control vlan before it is configured Interface can use lacp interface but must be dynamic lacp and member interface must close stp Besides secondery interface of zess master node decides blocking location Therefore the interface must be placed on the uplink ...

Страница 178: ...he maximum time dalay that master or edge control hasn t received hello packet The unit is second The default value is 3s edge interface name edge node interface Switch could be in the entry that major ring and access ring con nect At that time it can be in major ring or access ring There are two interfaces in major ring and one interface in access ring Switch is named as entry node The entry node...

Страница 179: ...restart time as 60s ZXR10 config zesr restart time 60 ZESR ZESR Configuration Example ZESR Configuration Example As shown in Figure 34 FIGURE 34 ZESR CONFIGURATION EXAMPLE SW1 SW4 buildup ring network transparently transform 100 200 SW1 is core switch and the entire network exit SW2 SW4 are convergence switch Demand that service is not be affected if any link is down Confidential and Proprietary I...

Страница 180: ...runk vlan 4000 ZXR10_S1 config smartgroup2 exit ZXR10_S1 config interface gei_1 1 ZXR10_S1 config gei_1 1 negotiation auto ZXR10_S1 config gei_1 1 switchport mode trunk ZXR10_S1 config gei_1 1 switchport trunk vlan 100 200 ZXR10_S1 config gei_1 1 switchport trunk vlan 4000 ZXR10_S1 config gei_1 1 smartgroup 1 mode active ZXR10_S1 config gei_1 1 spanning tree disable ZXR10_S1 config gei_1 1 exit ZX...

Страница 181: ..._1 3 switchport mode trunk ZXR10_S2 config gei_1 3 switchport trunk vlan 100 200 ZXR10_S2 config gei_1 3 switchport trunk vlan 4000 ZXR10_S2 config gei_1 3 smartgroup 1 mode active ZXR10_S2 config gei_1 3 spanning tree disable ZXR10_S2 config gei_1 3 exit ZXR10_S2 config interface gei_1 4 ZXR10_S2 config gei_1 4 negotiation auto ZXR10_S2 config gei_1 4 switchport mode trunk ZXR10_S2 config gei_1 4...

Страница 182: ...s to ctrl vlan close port broadcast and unknown unicast suppression connect ZXR10 3 ZXR10_S1 config interface gei_1 1 configure interface working mode as auto negotiation ZXR10_S1 config gei_1 1 negotiation auto ZXR10_S1 config gei_1 1 switchport mode trunk ZXR10_S1 config gei_1 1 switchport trunk vlan 100 200 ZXR10_S1 config gei_1 1 switchport trunk vlan 4000 ZXR10_S1 config gei_1 1 exit connect ...

Страница 183: ...nterface decides blocking location therefore therefore Secondary interface can t be configured on corresponding interface of link between ZXR10 2 and ZXR10 3 or blocking interface faulty will occur ZXR10_S2 config zesr ctrl vlan 4000 level 1 seg 1 role edge assistant gei_2 3 configure ordinary ZESR border node role Node 3 configuration The configuration such as interface instance of node 3 is the ...

Страница 184: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 170 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 185: ...se the address that DHCP server dynamically distributes to access external network This prevents other users from using other IP address for deceit Configuring IP Source Guard To configure IP Source Guard or delete IP Source Guard use the following commands Step Command Function 1 ZXR10 config if vlanX ip dhcp snooping ip source guard ip base mac base mac ip base vlan default vlan id This configur...

Страница 186: ...fter getting IP address dynamically PC can only pass the data packet with source IP address that is distributed by DHCP server Configuration of R1 ZXR10 config ip dhcp snooping enable ZXR10 config ip dhcp snooping vlan 100 ZXR10 config ip dhcp snooping trust gei_1 1 XR10 config interface gei_1 2 ZXR10 config gei_1 2 ip dhcp snnoping ip source guard ip base IP Source Guard Configuration based on MA...

Страница 187: ... on R1 administra tor sets management DHCP gei_1 1 belongs to vlan100 DHCP Snooping function is enabled in VLAN100 and interface gei_1 1 is configured as trusted PC connects gei_1 2 of switch which be longs to vlan100 FIGURE 38 IP SOURCE GUARD CONFIGURATION IP Source Guard based on MAC address is configured on the gei_1 2 interface mode After getting IP address dynamically PC can only pass the dat...

Страница 188: ...nerate alarm on abnormal rate uploading packet and remind network manager to pay attention to possible packet attack to CPU So that network manager can decide if discard this packet on the interface or limit speed and filter unreasonable packet Command Configuration 1 To enable disable control plane security function use the fol lowing command Command Function ZXR10 config control plane security e...

Страница 189: ... speed or average speed of corresponding protocol packet on corresponding port The unit is pps peak speed can be configured 100 1000 and the default value is 300 average speed can be set 10 600 and the default is 100 5 To configure port type use the following command Command Function ZXR10 config gei_1 x protocol protect type nni uni This configures the type of a certain port is uni or nni This co...

Страница 190: ...500 Zxr10 config gei_1 1 protocol protocol average mode mode icmp 250 Maintenance and Diagnosis ZXR10 5900 5200 provides show command to help maintenance and diagnosis Common commands used in control plane security maintenance and diagnosis are as follows Step Command Function 1 ZXR10 config show protocol protect packet config interfacename This views a certain port type and the protocol packet co...

Страница 191: ...o malicious scanning only sends free ARP to A to inform that IP corresponding MAC address of B has been updated to that of C the flow from A to B is directly forwarded to C Based on the same principle the flow from B to A can be forwarded to C After doing malicious scanning on packet C mod ifies the destination address as the real MAC address of B or A and return the packet to switch The flow betw...

Страница 192: ...This configures global ARP validate inspection function 4 Zxr10 config gei_1 x ip arp inspection limit 1 100 This configures the limited speed of interface As for untrusted interface the default is 15pps As for trusted interface ARP packet speed is not limited 5 Zxr10 config vlanX ip arp inspection This configures DAI enabled of VLAN DAI Maintenance and Diagnosis ZXR10 5900 5200 provides show comm...

Страница 193: ..._1 1 is set as untrusted interface the default attribute is un trusted interface The legal ARP packet legal ARP packet consistent witch IP port MAC in DHCP binding table that host A sends to switch is broad cast in VLAN Host B can receive ARP packet The illegal packet is discarded and not forwarded Host B can t receive ARP packet If gei_1 1 is set as trusted interface host A sends ARP packet legal...

Страница 194: ...sers and ensure safety of network deployment MFF supports manual and automatic modes Manual mode is ap plied in user static IP address configuration scene Automatic mode is used in user dynamically getting IP address by DHCP pro tocol scene Configuring MFF 1 To set MFF mode use the following commands Step Command Function 1 ZXR10 config mff mode auto manus This configures MFF manual mode or automa...

Страница 195: ...lly use the following command Step Command Function 1 ZXR10 config mff user A B C D H H H vlan 1 4094 gateway A B C D This configures MFF user statically in manual mode 2 ZXR10 config no mff user A B C D vlan 1 4094 This clears statically configured MFF user 6 To enable MFF gateway MAC address detection function use the following commands Step Command Function 1 ZXR10 config mff gateway detect ena...

Страница 196: ... gei_1 2 ZXR10 config gei_1 2 set mff network port ZXR10 config gei_1 2 exit ZXR10 config interface gei_1 4 ZXR10 config gei_1 4 set mff user port MFF maintenance and diagnosis When MFF encounters problem we can locate the fault and re move them with relevant debugging commands The mostly used command is show command 1 This displays MFF global configuration information show mff configure Example T...

Страница 197: ...ation information of the designated in terface ZXR10 show mff interface gei_1 1 Interface MFF Type gei_1 1 Network port 4 This views MFF corresponding relationship table show mff table vlan vlan id A B C D Command Illustration i The command without option will view all MFF correspond ing relationship ii The command with VLAN option will view all MFF corre sponding relationship in this VLAN iii The...

Страница 198: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 184 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 199: ... implementing remote power supply Ethernet remote power supply sometimes is called network power supply It is the technology that transfers power through 10 BaseT and 100 Base TX When the current Ethernet Cat 5 infrastructure doesn t change data signal can be transmitted to the terminals based on IP such as IP phone AP and network camera and DC power can be supplied to those at the same time PoE t...

Страница 200: ...oe pd max power 15 4 7 0 4 0 ext 18 ext 27 ext 30 0 This configures port maximum power This command only can be used when this interface doesn t be enabled PoE function The default is 15 4 3 ZXR10 config if poe priority critical high low This configures interface priority This command only can be used when this interface doesn t be enabled PoE function The default is low 186 Confidential and Propr...

Страница 201: ...ture recovery When device works at stack mode the command format is poe overtemperature auto recovery enable device id device id The default is disabled 6 ZXR10 config poe power threshold 40 90 This configures switch power occupancy alarm threshold When device works in stack mode this command format is poe power threshold 40 90 device id device id The default is 80 7 ZXR10 config poe upgrade firmw...

Страница 202: ...ice id 2 PoE Maintenance ZXR10 5900 5200 provides show command to help maintenance and diagnosis of PoE Common commands used in PoE mainte nance and diagnosis are as follows Step Command Function 1 ZXR10 config show poe config interface infterface name This views interface PoE configuration 2 ZXR10 config show poe interface infterface name This views interface PoE status configuration 3 ZXR10 conf...

Страница 203: ...RRORING EXAMPLE 40 Figure 17 Port Loopback Detection Example 42 Figure 18 ACL Configuration Example 67 Figure 19 TRAFFIC POLICING WORKING FLOW 70 Figure 20 QOS CONFIGURATION EXAMPLE 78 Figure 21 POLICY ROUTING EXAMPLE 80 Figure 22 DHCP SERVER CONFIGURATION 100 Figure 23 DHCP RELAY CONFIGURATION 101 Figure 24 DHCP SNOOPING CONFIGURATION 102 Figure 25 DHCP SNOOPING PREVENT STATIC IP CONFIGURATION 10...

Страница 204: ... Topology Figure 168 Figure 36 IP SOURCE GUARD Configuration 172 Figure 37 IP Source Guard Configuration 173 Figure 38 IP Source Guard Configuration 173 Figure 39 Man in the middle Attack 177 Figure 40 DAI Configuration Example 179 Figure 41 Manual Mode Basic MFF Function Configuration Example 182 Figure 42 POE Power Supply 186 190 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 205: ...TER SUMMARY i Table 2 COMMAND MODES 12 Table 3 INVOKING A COMMAND 15 Table 4 Interface State Abnormal Condition 35 Table 5 IP ADDRESS RANGE FOR EACH CLASS 47 Confidential and Proprietary Information of ZTE CORPORATION 191 ...

Страница 206: ...ZXR10 5900 5200 Series User Manual Basic Configuration Volume This page is intentionally blank 192 Confidential and Proprietary Information of ZTE CORPORATION ...

Страница 207: ...rotocol ICMP Internet Control Message ProtocolInternet MIB Management Information Base NTP Network Time Protocol EBS Excess Burst Size SP Strict Priority SNMP Simple Network Management Protocol PVID Port VLAN ID SSH Secure Shell PIR Peak Information Rate PBS Peak Burst Size RADIUS Remote Authentication Dial In User Service RMON Remote Monitoring QoS Quality of Service STP Spanning Tree Protocol TE...

Страница 208: ...and Access Server VLAN Virtual Local Area Network WRR Weighted Round Robin ACL Access Control List BAS Broadband Access Server AAA Authentication Authorization and Accounting ARP Address ResolutionProtocol CoS Class of Service DSLAM Digital Subscriber Line Access Multiplexer 194 Confidential and Proprietary Information of ZTE CORPORATION ...

Результаты поиска

Содержание ZXR10 5200 series

Отзывы:

Похожие инструкции для ZXR10 5200 series

Бренды по названию

Популярные бренды

Zte ZXR10 5200 series, Руководство пользователя

Результаты поиска

Содержание ZXR10 5200 series

Отзывы:

Похожие инструкции для ZXR10 5200 series

Бренды по названию

Популярные бренды