Zte ZXR10 ZSR V2 Configuration Manual (System Management
  1. Manuals
  2. Brands
  3. Zte Manuals
  4. Network Router
  5. ZXR10 ZSR
  6. Configuration manual (system management
Zte ZXR10 ZSR V2 Configuration Manual (System Management

Zte ZXR10 ZSR V2 Configuration Manual (System Management

Intelligent integrated multi-service router
Hide thumbs Also See for ZXR10 ZSR V2:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Product Description
ZXR10 ZSR V2
Intelligent Integrated Multi-Service Router
Configuration Guide (System Management)
Version: 2.00.10
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn

Advertisement

Table of Contents
loading

Related Manuals for Zte ZXR10 ZSR V2

Summary of Contents for Zte ZXR10 ZSR V2

  • Page 1 ZXR10 ZSR V2 Intelligent Integrated Multi-Service Router Configuration Guide (System Management) Version: 2.00.10 ZTE CORPORATION No. 55, Hi-tech Road South, ShenZhen, P.R.China Postcode: 518057 Tel: +86-755-26771900 Fax: +86-755-26770801 URL: http://ensupport.zte.com.cn E-mail: support@zte.com.cn...
  • Page 2 ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners.

  • Page 3: Table Of Contents

    1.5 FTP Connection Configuration ................1-10 1.5.1 Configuring the ZXR10 ZSR V2 as an FTP Server........1-10 1.5.2 Configuring the ZXR10 ZSR V2 as an FTP Client ........1-12 1.6 Configuring TFTP Connection ................1-15 1.7 SFTP Connection Configration ................1-17 1.7.1 Configuring the ZXR10 ZSR V2 as an SFTP Server .........
  • Page 4 Chapter 10 Clock and Clock Synchronization ........10-1 10.1 NTP Configuration ..................10-1 10.1.1 NTP Overview..................10-1 10.1.2 Configuring NTP................... 10-2 10.1.3 NTP Configuration Examples ..............10-4 10.2 Physical POS Interface Clock Configuratio ............10-6 10.2.1 Physical POS Interface Clock..............10-6 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 5 15.2 Configuring IP Source Route Option Processing..........15-4 15.3 Configuring ICMP Unreachable Packet Function ..........15-6 15.4 Enabling an Interface to Send ICMP Unreachable Packets ....... 15-7 15.5 Configuring IP Ping..................15-9 15.6 Configuring IP Trace..................15-12 15.7 Configuring LSP Ping ..................15-15 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 6 15.8 Configuring LSP Trace...................15-21 15.9 Configuring Multicast Ping................15-26 15.10 Configuring Multicast Trace ................15-30 15.11 Configuring MAC Ping..................15-32 15.12 Configuring MAC Trace................15-34 15.13 IP Performance Maintenance ...............15-37 Figures......................I Glossary ......................V SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 7: About This Manual

    About This Manual Purpose This manual describes functional principles, configuration commands and examples related to ZXR10 ZSR V2 system management. Intended Audience This manual is intended for the following engineers: Network planning engineers Commissioning engineers Maintaining engineers What Is in This Manual...
  • Page 8 Caution: indicates a potentially hazardous situation. Failure to comply can result in moderate injury, equipment damage, or interruption of minor services. Note: provides additional information about a certain topic. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 9: Chapter 1 Device Connection Management

    Console port mode: This is the primary configuration mode used by users. Telecommunication Network Protocol (TELNET)/Secure Shell (SSH) mode: Users can use this mode to configure the ZXR10 ZSR V2 at any accessible place of a network. SJ-20140504150128-007|2014-05-10 (R1.0)

  • Page 10: Configuring Console Port Connection

    1.2 Configuring Console Port Connection This procedure describes how to connect to the ZXR10 ZSR V2 through the Console port. Steps 1. Configure a Hyperterminal. For how to configure a Hyperterminal, refer to the "Configuring the Device Through a Console Port"...

  • Page 11: Figure 1-2 Run Dialog Box

    Telnet, a user name and password have to be set on the router for Telnet accessing. Only the user who has the preset user name and password can access the router. For how to configure a user name and password on the ZXR10 ZSR V2 for Telnet login, refer to 4.2 Configuring User...
  • Page 12 ZXR10 ZSR V2 Configuration Guide (System Management) On the ZXR10 ZSR V2, run the following commands to configure optional Telnet parameters: Command Function line console idle-timeout <idle-time> Configures the maximum idle ZXR10(config)# timeout period of the serial port. Unit: minute, range: 0–1000, default: 30.
  • Page 13 3. (Optional) Run the telnet command on the ZXR10 ZSR V2 to log in to another device through the local client. For the format of the telnet command, refer to the following table:...

  • Page 14: Configuring Ssh Connection

    If an ACL is configured, only PCs whose IP addresses are in the Permit column of the ACL can be connected to R1. 1.4 Configuring SSH Connection This procedure describes how to connect to the ZXR10 ZSR V2 through SSH. Prerequisite The local terminal can access the remote router network.
  • Page 15 The following uses Putty as an example to describe how to configure an SSH client. a. Enable Putty.exe on the SSH host. Type the IP address of the remote router (such as 192.168.5.3) in the Host Name text box, see Figure 1-4. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 16: Figure 1-4 Putty Configuration Dialog Box

    ZXR10 ZSR V2 Configuration Guide (System Management) Figure 1-4 PuTTY Configuration Dialog Box b. Select 2 for the SSH version, see Figure 1-5. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 17: Figure 1-5 Putty Configuration Dialog Box

    ************************************************************ Welcome to ZXR10 Intelligent Integrated Multi-Service Router of ZTE Corporation ************************************************************ ZXR10# 4. Verify the configurations. Command Description Shows the configuration state of SSH. show ssh ZXR10# – End of Steps – SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 18: Ftp Connection Configuration

    ACL can be connected to R1. 1.5 FTP Connection Configuration 1.5.1 Configuring the ZXR10 ZSR V2 as an FTP Server This procedure describes how to configure the ZXR10 ZSR V2 as an FTP server. Prerequisite The local terminal can access the remote router network.
  • Page 19 The following gives an FTP server configuration example. Configuration Description As shown in Figure 1-7, ZXR10 ZSR V2 is connected to a PC and operates as an FTP server. The PC functions as an FTP client that uploads and downloads files. 1-11 SJ-20140504150128-007|2014-05-10 (R1.0)

  • Page 20: Configuring The Zxr10 Zsr V2 As An Ftp Client

    Figure 1-7 FTP Server Configuration Example Configuration Flow 1. Enable the FTP server function and listening port 21 of the ZXR10 ZSR V2. 2. Set the FTP server root directory to /datadisk0/LOG/. 3. Set both the FTP server user name and password to zte.

  • Page 21: Figure 1-8 Wftpd Window

    Type a directory such as D: \IMG in the Home Directory text box for saving version files or configuration files. After the configuration is completed, the user name and home directory are displayed in the User/Rights Security Dialog dialog box, seeFigure 1-10. 1-13 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 22: Figure 1-10 User/Rights Security Dialog Box

    V2 functions as an FTP client. A user whose user name is who and password is who uploads the startrun.dat file from the sysdisk0/DATA0 directory of the ZXR10 ZSR V2 file system to the FTP server whose IP address is 192.168.109.6.

  • Page 23: Configuring Tftp Connection

    By means of TFTP, router version files and configuration files can be backed up and restored. Prerequisite The ZXR10 ZSR V2 can access the TFTP server network as a TFTP client. Steps 1. Configure and start a TFTP server. The following takes the TFTP server software tftpd as an example to describe how to configure a TFTP server.

  • Page 24: Figure 1-12 Tftpd Settings Dialog Box

    – End of Steps – Example The following example describes how to upload the startrun.dat file from the datad isk0 directory of the ZXR10 ZSR V2 file system to the TFTP server whose IP address is 192.168.4.244. ZXR10#copy tftp root: /datadisk0/startrun.dat //192.168.4.244/startrun.dat Starting copying file File copying successfully.

  • Page 25: Sftp Connection Configration

    The following gives an example of how to configure an SFTP server. Configuration Description When the ZXR10 ZSR V2 functions as an SFTP server, the client can be a PC or another type of device that supports the SFTP client function. Two ZXR10 ZSR V2s...

  • Page 26: Configuring The Zxr10 Zsr V2 As An Sftp Client

    4. Download a file from the SFTP server to verify the SFTP server function. Configuration Commands Run the following commands on the ZXR10 ZSR V2. For how to configure a user name and password, refer to “Chapter 4 User Management”.
  • Page 27 A user whose user name is who and password is who uploads the startrun.dat file in the /sysdisk0/DATA0 directory of the ZXR10 ZSR V2 file system to the SFTP server whose IP address is 192.168.109.6. The encryption algorithm is aes128, compression algorithm is zlib, and MAC check method is sha1.
  • Page 28 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 1-20 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 29: Chapter 2 File System Management

    Users have read and write permissions. Service and alarm log files are stored in the /datadisk0/LOG directory, but the command log file (that is, the cmdlog file) is stored in the /sysdisk0/usrcmd_log/ directory. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 30: Configuring File System Management

    IP address of an FTP server, and configuration loading mode. 2.2 Configuring File System Management This procedure describes how to manage files and directories, format the hard disk user partition, and save configuration information on the ZXR10 ZSR V2. Steps Manage files and directories.

  • Page 31: File System Management Configuration Examples

    <line>: configures the filtering character string. Modify the configuration loading mode when the ZXR10 ZSR V2 starts up. Command Function...

  • Page 32: Configuration Example Of Backing Up A Configuration File On A Usb

    ZXR10 ZSR V2 Configuration Guide (System Management) <DIR> 01-15-2014 08:43 <DIR> 01-15-2014 08:43 <DIR> 01-15-2014 08:43 <DIR> 01-02-2014 07:03 <DIR> 01-02-2014 07:03 license ZXR10# Delete files in the directory, as shown below. ZXR10#delete /datadisk0/techspt/techspt_cpu-info.txt Are you sure to delete file(s)?[yes/no]:y Delete file(s) successfully.

  • Page 33: Flash Drive

    Chapter 2 File System Management Copy file successfully. 4. After the backup is completed, run the unmount command, and then remove the USB flash drive. ZXR10#umount usb1 MPFU-8/0: usb1 unmounted successfully! SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 34 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 35: Chapter 3 Mim Configuration

    MIM object operations. Figure 3-1 MIM Application 3.2 Configuring MIM This procedure describes how to configure the MIM function on the ZXR10 ZSR V2. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 36 ZXR10 ZSR V2 Configuration Guide (System Management) Steps 1. Configure MIM. Command Function configure exclusive Configures the exclusive ZXR10# function. commit-mode {automatic | manual} Sets the commit mode ZXR10# (automatic-commit mode or manual-commit mode) for configuration commands. Default: automatic-commit. commit Commits the configuration.
  • Page 37 %Info 140359: Allow others to configure, must avoid conflict. ZXR10(config)#commit-mode manual /*Enters configuration commands by running a script. The process is omitted.*/ ZXR10(config)#commit Configuration Verification Check whether all the commands have been committed and become effective by running the show command. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 38 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 39: Chapter 4 User Management

    User Management Configuration Examples..............4-7 4.1 User Management Overview To maintain and manage the ZXR10 ZSR V2, users need to log in to it in SSH, Telnet, or FTP mode. User management implements the configuration, authentication, and authorization of users who have logged in to the ZXR10 ZSR V2.

  • Page 40: Configuring User Management

    ZXR10 ZSR V2 Configuration Guide (System Management) 4.2 Configuring User Management This procedure describes how to configure user management functions. Steps 1. Enter ADM_MGR configuration mode, and configure user management parameters. Step Command Function Enters user management system-user ZXR10(config)# configuration mode.
  • Page 41 Configures an authorization aaa-authorizati ZXR10(config-aaa-author-template)# on-type {none | local-radius | local-tacacs | local | radius type under the AAA | tacacs | tacacs-local | radius-local } authorization template. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 42 ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function Enters user management system-user ZXR10(config)# configuration mode. Configures a user authorization-template ZXR10(config-system-user)# – <1 128> management authorization template, and enters the configuration mode of this template. Binds an AAA authorization...
  • Page 43 <failure-tries>] or Trap information when failed login attempts exist. 6. Verify the configurations. Command Function show running-config adm-mgr [all] Displays user management configurations. ZXR10# show user-group [special <usergroup-name>] Displays configured user group information. ZXR10# SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 44 ZXR10 ZSR V2 Configuration Guide (System Management) Command Function Displays information on locked users and show authen-restriction userinfo ZXR10# users who have failed authentication. The information includes user names, numbers of authentication failure times, status (locked or not locked), and remnant locking time.

  • Page 45: User Management Configuration Examples

    As shown in Figure 4-1, PC logs in to the router by serial port or Telnet, enters configuration mode and creates a user who uses local authentication mode. Figure 4-1 Local Authentication and Authorization Configuration SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 46 ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Flow 1. Configure an authentication template. 2. Configure an authorization template. 3. Create a user, bind authentication and authorization templates. Configuration Command R1(config)#aaa-authentication-template 2001 R1(config-aaa-authen-template)#aaa-authentication-type local R1(config-aaa-authen-template)#exit R1(config)#aaa-authorization-template 2001 R1(config-aaa-author-template)#aaa-authorization-type local R1(config-aaa-author-template)#exit...

  • Page 47: Figure 4-2 Radius-Local Authentication And Authorization User Configuration

    2. Configure an authentication template. 3. Configure an authorization template. 4. Create a user, bind authentication and authorization templates. Configuration Command /*This configures radius*/ R1(config)#radius authentication-group 1 R1(config-authgrp-1)#server 1 10.1.1.1 master key zte R1(config-authgrp-1)#nas-ip-address 10.1.1.100 R1(config-authgrp-1)#algorithm round-robin R1(config-authgrp-1)#max-retries 3 R1(config-authgrp-1)#timeout 30 R1(config-authgrp-1)#deadtime 0 R1(config-authgrp-1)#exit /*This configures authentication template.*/...

  • Page 48: Tacacs+ Authentication And Authorization User Configuration

    ZXR10 ZSR V2 Configuration Guide (System Management) R1(config-system-user)#authentication-template 1 R1(config-system-user-authen-temp)#bind aaa-authentication-template 2001 R1(config-system-user-authen-temp)#exit /*This binds authentication template.*/ R1(config-system-user)#authorization-template 1 R1(config-system-user-author-temp)#bind aaa-authorization-template 2001 R1(config-system-user-author-temp)#local-privilege-level 15 R1(config-system-user-author-temp)#exit /*This creates user.*/ R1(config-system-user)#user-name zte R1(config-system-user-username)#bind authentication-template 1 R1(config-system-user-username)#bind authorization-templat 1 R1(config-system-user-username)#password zte R1(config-system-user-username)#exit R1(config-system-user)#exit 4.3.3 TACACS+ Authentication and Authorization User...

  • Page 49: Configuring A Password Prompt Question For Resetting A Password

    As shown in Figure 4-4, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create an authentication user. Users of any authentication mode can configure password recovery information, but password recovery only takes effect for locally authenticated users.

  • Page 50: Figure 4-4 Configuring A Password Prompt Question For Resetting A Password

    2. Configure an authorization template. 3. Create a user. 4. Configure a password prompt question and an answer. 5. Log in for password recovery. Configuration Commands Run the following commands on the ZXR10 ZSR V2: R1(config)#aaa-authentication-template 2001 R1(config-aaa-authen-template)#aaa-authentication-type local R1(config-aaa-authen-template)#exit R1(config)#aaa-authorization-template 2001...

  • Page 51: Configuring Oam Security Management

    As shown in Figure 4-5, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create an authentication user. To prevent user passwords from being cracked or stolen, the ZXR10 ZSR V2 supports setting password strength.
  • Page 52 ZXR10 ZSR V2 Configuration Guide (System Management) 6. A user who fails authentication consecutively for the set number of times is locked. Configuration Commands Run the following commands on the ZXR10 ZSR V2: R1(config)#system-user R1(config-system-user)#strong-password length 6 character special-character /*Configures the minimum password length as 6 characters, and configures that a password should contain special characters.*/...

  • Page 53: Configuring A Password Validity Period

    As shown in Figure 4-6, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create another user. By default, the password of this account never expires. You can set a validity period (90–360 days) for this account by running a configuration command, and test whether the validity period is effective by changing the system time.
  • Page 54 ZXR10 ZSR V2 Configuration Guide (System Management) R1(config-system-user-author-temp)#local-privilege-level 15 R1(config-system-user-author-temp)#exit R1(config-system-user)#user-name zte R1(config-system-user-username)#bind authentication-template 1 R1(config-system-user-username)#bind authorization-templat 1 R1(config-system-user-username)#password zte R1(config-system-user-username)#password-duration 90 /*Configures a password validity period.*/ R1(config-system-user-username)#exit R1(config-system-user)#exit R1(config)#aaa-authentication-template 2001 R1(config-aaa-authen-template)#aaa-authentication-type local R1(config-aaa-authen-template)#exit R1(config)#aaa-authorization-template 2001 R1(config-aaa-author-template)#aaa-authorization-type none R1(config-aaa-author-template)#end Configuration Verification...

  • Page 55: Configuring First-Login Password Modification

    As shown in Figure 4-7, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create another user, and configures once-password (only valid for locally authenticated users). During the next login, the user can use the self-configured password.

  • Page 56: Relations Between Raising Privilege Levels And The Enable Command

    Configuration Description Figure 4-8, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create another user and give the user a privilege level. If the privilege level is too low, the enable command can be used to raise the level.
  • Page 57 2. Configure an authentication template. 3. Configure an authorization template. 4. Configure an "enable" password to raise the user's privilege level. Configuration Commands Run the following commands on the ZXR10 ZSR V2: R1(config)#tacacs enable R1(config)#tacacs-server host 10.1.1.1 key zte R1(config)#tacplus group-server ztegroup R1(config-sg)#server 10.1.1.1...
  • Page 58 “Chapter 5 Command Privilege Level Classification”. In global configuration mode, run the nvram enable-password command. For details, refer to the Setting Configurations Kept in NVRAM section the ZXR10 ZSR V2 Initial Configuration Guide. You can configure the recovery function for a password configured in the NVRAM.

  • Page 59: Chapter 5 Command Privilege Level Classification

    Command Privilege Level Configuration Example ............5-2 5.1 Command Privilege Level Overview The ZXR10 ZSR V2 supports the command privilege level function. Command privilege level management is used to configure command privileges. Users can run the privilege command to configure the privilege of a command.

  • Page 60: Command Privilege Level Configuration Example

    It is required to configure different privilege levels for two types of users who operate the ZXR10 ZSR V2. The privilege level of Type A users is 15, and these users can do all operations, such as view and configuration. The privilege level of Type B users is 5. They need to use the show clock command to view the system clock.
  • Page 61 ZXR10(config-system-user-username)#password ZTE_B_5 ZXR10(config-system-user-username)#exit ZXR10(config-system-user)#exit /*Create ZTE_B and configure the user's authorization level.*/ ZXR10(config)#aaa-authentication-template 2001 ZXR10(config-aaa-authen-template)#aaa-authentication-type local ZXR10(config-aaa-authen-template)#exit ZXR10(config)#aaa-authorization-template 2001 ZXR10(config-aaa-author-template)#aaa-authorization-type radius-local ZXR10(config-aaa-author-template)#exit /*Configure the authentication and authorization templates of ZTE_A*/ ZXR10(config)#aaa-authentication-template 2002 ZXR10(config-aaa-authen-template)#aaa-authentication-type local SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 62 ZXR10 ZSR V2 Configuration Guide (System Management) ZXR10(config-aaa-authen-template)#exit ZXR10(config)#aaa-authorization-template 2002 ZXR10(config-aaa-author-template)#aaa-authorization-type radius-local ZXR10(config-aaa-author-template)#exit /*Configure the authentication and authorization templates of ZTE_B*/ ZXR10(config)#enable secret level 8 level-8 /*Configure the password of the level-8 user login privilege.*/ Configuration Verification Run the following commands to view ZTE_A's privilege level. The execution result is...
  • Page 63 Send echo messages ping6 Send IPv6 echo messages show Show running system information trace Trace route to destination trace6 Trace route to destination using IPv6 ZXR10(config)# ZXR10(config)#show ? clock Show current system clock SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 64 Trace route to destination using IPv6 ZXR10(config)#clock ? timezone Configure time zone View the configurations on the ZXR10 ZSR V2, as shown below: ZXR10#enable /*Raises the user's privilege level to the default level, level 15.*/ Password: /*The input password is not displayed.*/ ZXR10#show running-config adm-mgr ! <ADM_MGR>...
  • Page 65 2001 aaa-authorization-type radius-local aaa-authorization-template 2002 aaa-authorization-type radius-local ! </AAA> ZXR10#show running-config oam ! <OAM> privilege show all level 5 show clock privilege configure level 7 clock privilege configure level 7 clock timezone ! </OAM> SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 66 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 67: Chapter 6 Snmp Configuration

    By default, SNMP uses as the transmission protocol. 6.1.2 Configuring SNMP This procedure describes how to configure SNMP during equipment management by using SNMP. Steps 1. Enable SNMP V1, V2c, and V3. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 68 ZXR10 ZSR V2 Configuration Guide (System Management) Command Function snmp-server version {v1 | v2c | v3} Enables SNMP V1, V2, and V3 for ZXR10(config)# receiving packets from and sending enable packets to clients. There are two states: enable and disable. Default: disable.
  • Page 69 <udp-port>: number of the UDP port for sending Trap or inform messages, range: 1–65535. <Trap-type>: Trap or Inform type. The Trap type can be all or one of the bgp, ospf, rmon, snmp, stalarm and vpn types. 7. Enable the system log function. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 70 ZXR10 ZSR V2 Configuration Guide (System Management) Command Function Enables the system log function. logging on ZXR10(config)# 8. Set the level of the alarm message sent to the Trap server. Command Function logging Trap-enable <alarmlevel> Sets the level of the alarm message ZXR10(config)# sent to the Trap server.
  • Page 71 <auth-key>: authentication password or authentication key, range: 1–30 characters. If it is an encrypted password, its range is 32–40 characters. des56: uses CBC-DES as the encryption mode. <priv-key>: cipher text encryption password, range: 1–32 characters. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 72: Snmp Configuration Example

    ZXR10 ZSR V2 Configuration Guide (System Management) <auth-password>: authentication password (or authentication key), range: 1–31 characters. If it is an encrypted password, its range is 32–40 characters. <priv-password>: clear text encryption password, range: 1–32 characters. 11. Verify the configurations. Command...
  • Page 73 By default, all types of Trap messages are sent. Configuration Commands Ran the following commands on the ZXR10 ZSR V2: R1(config)#snmp-server version v2c enable R1(config)#location No.68 Zijinghua Rd. Yuhuatai District, Nanjing, China...
  • Page 74 ZXR10 ZSR V2 Configuration Guide (System Management) snmp-server enable inform rmon snmp-server enable inform udld snmp-server enable inform cfm snmp-server enable inform efm snmp-server enable inform lacp snmp-server enable inform mc-elam snmp-server enable inform tcp snmp-server enable inform sctp snmp-server enable inform stalarm...
  • Page 75 Trap ssm snmp-server enable Trap sqa snmp-server enable Trap ipsec snmp-server enable Trap cgn snmp-server enable Trap vrrp snmp-server enable Trap ftp_tftp snmp-server enable Trap ping-trace snmp-server enable Trap gm snmp-server engine-id is 830900020300010289d64401 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 76: Snmp Anti-Violence Attack

    In quiet mode, the ZXR10 ZSR V2 only allows to handle requests from trusted user (if an ACL is configured in advance, the requests still need to be filtered through the ACL first).

  • Page 77: Configuring Snmp Anti-Brute Force Attack

    In monitoring period, the total failure times is counted (IP addresses are not distinguished). If the number of times exceeds the limit, the ZXR10 ZSR V2 enters quiet mode. In any state, when community string attempts fail, logs and self-defined Trap messages are generated by default.
  • Page 78 ZXR10 ZSR V2 Configuration Guide (System Management) Steps 1. Activate the SNMP security function. Command Function snmp-server security block < The SNMP security protection function ZXR10(config)# block-seconds><detect-tries>< detect-seconds>[when is disabled by default. This command <tries><startup-seconds>] is used to activate this function.

  • Page 79: Snmp Anti-Brute Force Attack Configuration Example

    6.2.3 SNMP Anti–Brute Force Attack Configuration Example It is required to configure the SNMP anti–brute force attack function on the ZXR10 ZSR V2, see Figure 6-3. Figure 6-3 SNMP Anti–Brute Force Attack Configuration Example 6-13 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 80 4. Configure a Trap message and log that is generated when user attempts fail and a state is switched. Configuration Command Run the following commands on the ZXR10 ZSR V2: R1(config)#snmp-server security block 180 3 180 when 50 60 R1(config)#snmp-server security dynamic-trust-user idle-timeout 100 R1(config)#snmp-server security static-trust-user 169.1.110.6...

  • Page 81: Chapter 7 Alarm Management Configuration

    Notification is only to notify the happening of some event, so there is no current and history notifications. On ZXR10 ZSR V2, you can configure the following alarms: CPU, memory, and storage device alarms The basic principles of CPU, memory and storage device alarms are the same. If the current usage exceeds the configured alarm threshold, the alarms are reported.

  • Page 82: Configuring The Alarm Function

    ZXR10 ZSR V2 Configuration Guide (System Management) different. The device compares the temperature information obtained at specified time with the corresponding alarm threshold. If the temperature exceeds the threshold, the alarm is reported. If the temperature is lower than the threshold, the alarm at the corresponding level is cleared.
  • Page 83 (level 7), NOTIFICATIONS (level 6), WARNINGS (level 5), ERRORS (level 4), CRITICAL (level 3), ALERTS (level 2), and EMERGENCIES (level 1). <time1>: interval of reporting to FTP, range: 1:00:00–23:59:59. <time2>: daily time for reporting to FTP, range: 00:00:00–23:59:59. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 84 ZXR10 ZSR V2 Configuration Guide (System Management) <weekday>: day in each week for reporting to FTP, range: Monday, Tuesday, Thursday, Wednesday, Friday, Saturday, and Sunday. <time3>: time in the day of each week for reporting to FTP, range: 00:00:00–23:59:59. <mothday>: date in each month for reporting to FTP, range: 1–31.
  • Page 85 <date>: 01-01-2001 to 12-31-2037, format of <time>: hh:mm:ss, range of <time>: 00:00:00 to 23:59:59. typeid <type>: alarm type, range: ACL, BFD, BGP, LDP, and so on (more than 60 types). username <username>: login username, string type, range: 1–32 characters. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 86 You cannot configure thresholds for temperature alarms and power voltage alarms. Only querying temperature alarms and power voltage alarms by running commands is supported. On the ZXR10 ZSR V2, run the following commands to view shelf management temperature alarms and power voltage alarms.

  • Page 87: Alarm Function Configuration Example

    R1(config)#logging level warnings R1(config)#logging console warnings R1(config)#logging buffer 200 R1(config)#logging mode fullcycle R1(config)#logging cmdlog-interval 2880 R1(config)#logging ftp warnings 192.168.154.253 zte zte ztelog R1(config)#logging timestamps datetime localtime R1(config)#logging Trap-enable notifications R1(config)#snmp-server enable Trap R1(config)#snmp-server version v2c enable R1(config)#snmp-server host 192.168.154.253 Trap version 2c zte SJ-20140504150128-007|2014-05-10 (R1.0)
  • Page 88 ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Verification Run the following commands to check alarm configurations. The execution results are displayed as follows: R1(config)#show logging configuration logging on logging level warnings logging console warnings logging Trap-enable notifications logging buffer 200...
  • Page 89 Trap gm snmp-server engine-id is 830900020300010289d64401 snmp-server host 192.168.154.253 Trap version 2c zte udp-port 162 snmp bgp mac ospf stp ppp arp rmon udld cfm efm lacp mc-elam tcp sctp stalarm cps interface acl fib pim isis rip msdp aps config am um system ldp pwe3 vpn...
  • Page 90 ZXR10 ZSR V2 Configuration Guide (System Management) snmp-server security dynamic-trust-user idle-timeout 1800 snmp-server version v2c enable snmp-server input-limit 200 R1(config)#show logging alarm An alarm 100401 ID 100 level 5 cleared at 06:37:35 03-10-2000 sent by R1 MPFU-8/0 %CPS% The upsend packet flow of control plane reached quota limit!

  • Page 91: Chapter 8 Syslog Configuration

    <level> Sets the level in global ZXR10(config)# configuration mode for reporting alarms to the Syslog server. Alarms whose levels are higher than or equal to the set level are reported to the Syslog server. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 92: Syslog Configuration Example

    8.3 Syslog Configuration Example Configuration Description The function of Syslog is sending alarms to the Syslog server in the specified format. After the Syslog function is configured on the ZXR10 ZSR V2, alarms will be sent to the Syslog server, see Figure 8-1.

  • Page 93: Figure 8-1 Syslog Configuration Example Topology

    Configuration Flow 1. Connect the Syslog server to the ZXR10 ZSR V2. 2. Configure the interface on the Syslog server and the interface on the ZXR10 ZSR V2, which are directly connected in the same network segment. 3. Configure the Syslog server alarm level.
  • Page 94 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 95: Chapter 9 Rmon Configuration

    Trap server and a community string for SNMP and to enable the SNMP Trap sending function. 9.2 Configuring RMON This chapter describes how to configure the RMON function. Steps 1. Configure an event that triggers the RMON alarm. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 96 ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function Enters RMON mode from rmon ZXR10(config)# configuration mode. rmon event <index-nu Configures an event to log alarms ZXR10(config-rmon)# mber>[{[log],[Trap <snmp-name>],[description or/and send Trap messages. <event-description>],[owner <event-owner>]}] rmon alarm <index-number Sets a MIB object and alarm events ZXR10(config-rmon)# ><mib-subtree-id><monitor-seconds>{delta | absolute}...

  • Page 97: Rmon Configuration Example

    9.3 RMON Configuration Example Configuration Description As shown in Figure 9-1, it is required to enable the RMON function, monitor the traffic of the gei-3/2 interface on the ZXR10 2800-4, and provide the following functions: SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 98: Figure 9-1 Rmon Configuration Example

    ZXR10(config-rmon)#interface gei-3/2 ZXR10(config-rmon-if)#rmon collection statistics 1 owner zte /* Configures the RMON statistics table. */ ZXR10(config-rmon-if)#rmon collection history 1 buckets 10 interval 60 owner zte /* Configures the ROMN history table with the 60 s sampling period. */ ZXR10(config-rmon-if)#exit ZXR10(config-rmon)#rmon event 1 description outboundocts log owner zte ZXR10(config-rmon)#rmon event 2 description inboundnonuni Trap zte owner zte /* Configures the ROMN event table.
  • Page 99 1 log description outboundocts owner zte rmon event 2 Trap zte description inboundnonuni owner zte interface gei-3/2 rmon collection history 1 buckets 10 interval 60 owner zte rmon collection statistics 1 owner zte !</rmon> Run the following command to view information on the RMON statistics table. The...
  • Page 100 ZXR10 ZSR V2 Configuration Guide (System Management) historyControlEntry 1 is valid, and owned by zte Monitors ifEntry.1.12 (gei-3/2) every 60 seconds Requested buckets is 10 Granted buckets is 10 Sample #1 began measuring at 0w4d,03:55:43 Received 131180 octets, 1519 packets,...
  • Page 101 Chapter 9 RMON Configuration 0w4d,03:56:54 outboundocts Event 2 is valid, and owned by zte Description is inboundnonuni Event firing causes trap to community/user zte, last fired 0w4d,03:57:12 Current log entries: Index Time Description Run the following command to view information on the RMON alarm table. The execution...
  • Page 102 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 103: Chapter 10 Clock And Clock Synchronization

    1. The client sends NTP time request packets to the configured clock server regularly and waits responses. 2. After receiving NTP response packet, NTP client inspects the packet, extracts the corresponding time, calculates the time offset and configures the local clock. 10-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 104: Configuring Ntp

    ZXR10 ZSR V2 can act as NTP server and client and the same time. That is to say, it can receive time request packets coming from other servers and send its own time information...
  • Page 105 Configures the trusted ZXR10(config)# key number for NTP authentication. <key-number>: encrypted key number, range: 1–4294967295. <clear-word>: MD5 clear text authentication code, range: 1–16 characters. <encrypted-word>: MD5 cipher text authentication code, range: 1–24 characters. 10-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 106: Ntp Configuration Examples

    ZXR10 ZSR V2 Configuration Guide (System Management) The NTP authentication function consists of two parts: server and client. When configuring this function, comply with the following rules: If the NTP authentication function is enabled, an NTP MD5 key should be configured, and the key should be set to a trusted key.

  • Page 107: Figure 10-4 Ntp Working As A Server

    Enable NTP on R2, and configure a level of the NTP server. Configuration Command The configuration on R1: R1(config)#ntp enable R1(config)#ntp server 192.168.5.93 priority The configuration on R2: R2(config)#ntp enable R2(config)#ntp master 1 10-5 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 108: Physical Pos Interface Clock Configuratio

    ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Verification Use the show running-config ntp command on the client and the server to view configuration. Use the show ntp status command on the client to view the IP address and the clock of the reference clock (R2). Use the show clock command on the client. The clock has been synchronized with the clock on the server.

  • Page 109: Configuring A Physical Pos Interface Clock

    POS interface clock. – End of Steps – 10.2.3 Physical POS-Interface Clock Configuration Instance Configuration Description The purpose of configuring a POS-interface clock is to synchronize the clock between different network members, see Figure 10-5. 10-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 110: Figure 10-5 Physical Pos Interface Clock Configuration Instance

    ZXR10 ZSR V2 Configuration Guide (System Management) Figure 10-5 Physical POS Interface Clock Configuration Instance Configuration Flow 1. Inter-connect the routers. 2. Enter POS-interface clock configuration mode. Configuration Command Configurations on router R1: R1(config)#interface pos3-1/1 R1(config-if-pos3-1/1)#no shutdown R1(config-if-pos3-1/1)#clock mode line...
  • Page 111 Last Clear Time : 2000-04-02 01:49:43 Last Refresh Time:2000-04-02 01:49:43 120s input rate : 0Bps 0Pps 120s output rate: 0Bps 0Pps Intf utilization: input 0% output 0% HardWareCounters: In_Bytes 0 In_Packets 0 In_Abort 0 In_OverFlow N/A In_Runt 0 In_Giant 0 10-9 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 112 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 10-10 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 113: Chapter 11 Performance Statistics

    11.2 Performance Management Configuration This procedure describes how to configure the performance management function. Steps 1. Configure performance management. 11-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 114 ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function Enters interface statistic intf-statistics ZXR10(config)# configuration mode. Enables or disables the switch to one_minute_pe ZXR10(config-intf-statistics)# ak_value {disable | enable}{<interface-name>| default} control the one-minute peak-value counter on a specific Ethernet interface or all Ethernet interfaces.

  • Page 115: Performance Management Configuration Example

    2. Set count update time of physical port such as gei-2/1 as 30 seconds. ZXR10(config)#performance update-interval 30s ethernet Configuration Verification Check whether the configuration is valid. ZXR10(config)#show running-config performance ! <performance > performance update-interval 30s ethernet ! </performance > 11-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 116 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 11-4 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 117 For example, if the sample rate is 2000:1, then sample one packet from every 2000 packets. NetFlow can sample unicast, multicast or Multi Protocol Label Switching (MPLS) packets respectively or hybridly. NetFlow analyzes the sampled packet to obtain the following information, 12-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 118 à while. The interval is called inactive aging time. It can be configured by user. At present, ZXR10 ZSR V2 can record flow information in NetFlow v5, NetFlow v8, NetFlow v9 and IPFIX packets to send to the server. Since the format of NetFlow v5 is fixed, Netflow v5 only output the fixed field flow à...

  • Page 119: Chapter 12 Netflow Configuration

    <packets>: the number of output netflow packets, according to which the module is resent, range: 1–600, default: 20. timeout <seconds>: time, according to which the module is resent, range: 1–86400, default: 600 seconds. 12-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 120 ZXR10 ZSR V2 Configuration Guide (System Management) 2. Creates a flow record policy, and sets key and non-key fields. Step Command Function flow record <record-name> Creates a flow record policy, ZXR10(config)# and names the policy. You can configure up to 100 different flow record policies.
  • Page 121 Unit: ms. sys-uptime last: sets the system power-up time when the flow is updated in the cache for the last time as the collected non-key field. Unit: ms. 12-5 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 122 ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function Sets transport layer information collect transport ZXR10(config-flow-record)# {destination-port | icmp {ipv4 | ipv6}{code | type}| as a non-key field. source-port | tcp flags} collect ip {cos| Sets IP information as a non-key...
  • Page 123 ZXR10(config-if-interface-name)# flow monitor <monitor-name>[sampler sampling on the interface. <sampler-name>][unicast | multicast | ipv6–access-list <name>]{input | output} Configures MPLS packet mpls flow ZXR10(config-if-interface-name)# monitor <monitor-name>[sampler <sampler-name>] sampling on the interface. unicast {input | output} 12-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 124 ZXR10 ZSR V2 Configuration Guide (System Management) ip flow monitor <monitor-name>: applies a pre-set netflow monitoring policy on the interface. After the command is run, configurations related to the monitor policy, the cache size, template in use, and collected fields of the template cannot be modified. To modify the configurations, the flow monitoring policy must be deleted from the interface first.

  • Page 125: Netflow Configuration Examples

    5. Bind flow monitor policy to interface, configure sampling type and direction. Configuration Command Configuration on R1: R1#configure terminal R1(config)#flow exporter exp R1(config-flow-exporter)#destination ipv4-address 169.1.109.60 R1(config-flow-exporter)#transport udp 2055 R1(config-flow-exporter)#export-protocol netflow-v5 R1(config-flow-exporter)#exit 12-9 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 126 ZXR10 ZSR V2 Configuration Guide (System Management) R1(config)#sampler sam R1(config-sampler)#mode deterministic 1-out-of 1024 R1(config-sampler)#exit R1(config)#flow monitor mo R1(config-flow-monitor)#cache entries 4096 R1(config-flow-monitor)#exporter exp R1(config-flow-monitor)#record netflow-original R1(config-flow-monitor)#cache timeout inactive 60 R1(config-flow-monitor)#cache timeout active 10 R1(config-flow-monitor)#exit R1(config)#interface gei-6/6 R1(config-if-gei-6/6)#no shutdown R1(config-if-gei-6/6)#ip flow monitor mo sampler sam unicast input...

  • Page 127: Netflow V8 Configuration Example

    R1(config-flow-exporter)#transport udp 2055 R1(config-flow-exporter)#export-protocol netflow-v8 R1(config-flow-exporter)#exit R1(config)#sampler sam R1(config-sampler)#mode deterministic 1-out-of 1024 R1(config-sampler)#exit R1(config)#flow monitor mo R1(config-flow-monitor)#cache entries 4096 R1(config-flow-monitor)#exporter exp R1(config-flow-monitor)#record netflow ipv4 protocol-port R1(config-flow-monitor)#cache timeout inactive 60 R1(config-flow-monitor)#cache timeout active 10 R1(config-flow-monitor)#exit 12-11 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 128: Netflow V9 Configuration Example

    ZXR10 ZSR V2 Configuration Guide (System Management) R1(config)#interface gei-6/6 R1(config-if-gei-6/6)#no shutdown R1(config-if-gei-6/6)#ip flow monitor mo sampler sam unicast input R1(config-if-gei-6/6)#exit Configuration Verification Verify the configuration on R1 as shown below. R1#show running-config ipflow ! < ipflow > sampler sam mode deterministic 1-out-of 1024 flow exporter exp destination ipv4-address 169.1.109.60...
  • Page 129 R1(config-flow-record)#collect counter packets R1(config-flow-record)#exit R1(config)#flow monitor mo R1(config-flow-monitor)#cache entries 4096 R1(config-flow-monitor)#cache timeout active 60 R1(config-flow-monitor)#cache timeout inactive 10 R1(config-flow-monitor)#exporter exp R1(config-flow-monitor)#record rec R1(config-flow-monitor)#exit R1(config)#interface gei-6/6 R1(config-if-gei-6/6)#no shutdown R1(config-if-gei-6/6)#ip flow monitor mo sampler sam unicast input 12-13 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 130 ZXR10 ZSR V2 Configuration Guide (System Management) R1(config-if-gei-6/6)#end Configuration Verification Check the configuration on R1, as shown below. R1#show running-config ipflow !<ipflow> sampler sam mode deterministic 1-out-of 1024 flow exporter exp destination ipv4-address 169.1.109.60 #export-protocol netflow-v9 flow record rec match ipv4 source address...

  • Page 131: Chapter 13 Sqa Configuration

    SQA can also be used to detect the network qualities of operators periodically to reflect the network qualities in real time, so that operators can master the overall network qualities. 13.2 Configuring SQA This procedure describes how to configure the SQA function. Steps 1. Configure an SQA instance. 13-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 132 ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function sqa-test <number> Selects a test instance ZXR10(config)# number and enters SQA configuration mode. The range of the instance number is 1–150. type-icmp [vrf <vrf-name>]<des Configures an ICMP test ZXR10(config-sqa)# tination-address>[source <source-address>][repeat <...
  • Page 133 1–100. 3. Configure an SQA TCP or UDP server. Command Function sqa-tcp-server <ipaddress><port> Configures an SQA TCP server. (This ZXR10(config)# configuration is required when you select a TCP test.) 13-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 134: Sqa Configuration Examples

    ZXR10 ZSR V2 Configuration Guide (System Management) Command Function sqa-udp-server <ipaddress><port> Configures an SQA UDP server. (This ZXR10(config)# configuration is required when you select a UDP test.) 4. Verify the configurations. Command Function show running-config sqa [all][|begin | exclude Displays SQA configurations.

  • Page 135: Ftp-Type Sqa Configuration Example

    13-2, there is a link between the FTP server and R1. Packets between them can be forwarded properly. It is required to enable the FTP server function on FTP server, and configure a user name and password. Figure 13-2 FTP-Type SQA Configuration Example 13-5 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 136: Tcp-Type Sqa Configuration Example

    3. Set the SQA test start time to now or a scheduled time. 4. Check the test result. Configuration Command Run the following commands on the ZXR10 ZSR V2: R1(config)#sqa-test 2 R1(config)#type-ftp copy 1.1.1.1 filename abc.txt root /datadisk0/abc.txt R1(config)#type-ftpusername whopassword who R1(config-sqa-2)#sqa-begin now %Info 757: The sqa test is starting now, please wait a moment for test result..

  • Page 137: Figure 13-3 Tcp-Type Sqa Configuration Example

    R1#show sqa-test 3 test number:1 test type: TCP destination IP:10.1.0.2 desitnation port:10000 interval time:1000 repeat:1 send trap:disable R1#show sqa-result tcp tcp test[3] result SendPackets:1 ResponsePackets:1 Completion:success Destination Ip Address:10.1.0.2 Min/Max/Avg/Sum RTT:5/5/5/5ms Last Probe Time:2012-07-29 09:45:49 13-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 138: Udp-Type Sqa Configuration Example

    ZXR10 ZSR V2 Configuration Guide (System Management) 13.3.4 UDP-Type SQA Configuration Example Configuration Description As shown in Figure 13-4, there is a link between R1 and R3. Packets between R1 and R3 can be forwarded properly. Enable a monitoring port of SQA-UDP-server on R3.

  • Page 139: Dns-Type Sqa Configuration Example

    As shown in Figure 13-5, configure an SQA test instance on ZXR10 ZSR V2, connect the server to R1, and configure an IP address. Configure a route to the server if necessary so that DNS packets can be sent to the server.
  • Page 140 ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Verification The configuration information and test result are shown below. R1#show sqa-test 5 test number:1 test type: DNS destination-url:abc.cn dns-ip:10.1.0.1 repeat:1 send trap:disable R1#show sqa-result dns dns test[5] result SendPackets:1 ResponsePackets:1 Completion:success Destination-url:abc.cn...
  • Page 141 If necessary, the device can send update information to the neighbor devices that are connected directly, and the neighbor devices store the information in standard SNMP MIBs. 14-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 142: Figure 14-1 Lldp System Structure

    ZXR10 ZSR V2 Configuration Guide (System Management) Figure 14-1 LLDP System Structure Network management systems can query the L2 connection information in the MIB. LLDP does not configure or control network elements or traffic. It just reports the position of L2. Another function defined in 802.1AB is that network management software can use the information provided by LLDP to find conflicts at L2 network.

  • Page 143: Chapter 14 Lldp Configuration

    LLDPPDU. 14.2 Configuring LLDP This procedure describes how to configure basic attributes and functions for the LLDP. Steps 1. Configure LLDP. To configure LLDP on ZXR10 ZSR V2, perform the following steps. Step Command Function lldp This enters LLDP configuration ZXR10(config)# mode.
  • Page 144 ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function hellotime <times> This configures the interval to ZXR10(config-lldp)# send LLDP neighbor discovery packets. It is in the unit of second, and it is in the range of 5–32768, the default value is 30.

  • Page 145: Lldp Configuration Examples

    – End of Steps – 14.3 LLDP Configuration Examples 14.3.1 LLDP Neighbor Configuration Example Configuration Description As shown in Figure 14-2, it is required to configure LLDP on gei-1/1 of R1. 14-5 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 146: Lldp Attribute Configuration Example

    ZXR10 ZSR V2 Configuration Guide (System Management) Figure 14-2 LLDP Neighbor Configuration Example Configuration Flow 1. Enter LLDP configuration mode. 2. Enter an interface. 3. Enable LLDP. Configuration Command Enter an interface in LLDP configuration mode and then configure LLDP, as shown below.
  • Page 147 R1(config-lldp)#clearstatistic /*Clear LLDP statistical information*/ R1(config-lldp)#end Configuration Verification Use the show running-config lldp command to check the configuration result. ZXR10#show running-config lldp ! <LLDP> lldp hellotime 30000 holdtime 8 maxneighbor 3 ! </LLDP> 14-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 148 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 14-8 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 149 Reply packets. To reduce delays, the ICMP fast response function directly returns Reply packets. Configuration Commands To configure the ICMP fast response function, run the following command on the ZXR10 ZSR V2: 15-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 150 ZXR10 ZSR V2 Configuration Guide (System Management) Command Function Enables the ICMP fast response (ping) ip icmp-fast-reply ZXR10(config)# function. This function is enabled by default. Maintenance Commands To maintain the ICMP fast response function, run the following commands on the ZXR10...

  • Page 151: Chapter 15 Network Layer Detection

    Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/21 ms. Note: The ICMP fast response function is enabled by default. If the corresponding debug function is enabled and then ping is performed, the ICMP fast response (ping) function is disabled. 15-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 152: Configuring Ip Source Route Option Processing

    ZXR10 ZSR V2 Configuration Guide (System Management) 15.2 Configuring IP Source Route Option Processing Overview IP allows a source host to specify a path through an IP network in advance. This path is called a source route. If a source route is specified, the software forwards packets according to the source route.

  • Page 153: Figure 15-3 Ip Source Route Option Processing Configuration Example

    Chapter 15 Network Layer Detection Maintenance Commands To display the IP source route option configuration, run the following command on the ZXR10 ZSR V2: Command Function Displays whether the IP source route option show running-config ip all ZXR10# processing function is configured.

  • Page 154: Configuring Icmp Unreachable Packet Function

    ZXR10 ZSR V2 Configuration Guide (System Management) R2(config)#interface gei-1/1 R2(config-if-gei-1/1)#no shutdown R2(config-if-gei-1/1)#ip address 10.10.20.2 255.255.255.0 R2(config-if-gei-1/1)#exit R2(config)#router ospf 1 R2(config-ospf-1)#network 10.10.20.0 0.0.0.255 area 0 R2(config-ospf-1)#network 10.10.50.0 0.0.0.255 area 0 R2(config-ospf-1)#exit Configuration Verification When the source sends IP packets with correct IP options, the traffic is forwarded properly.

  • Page 155: Enabling An Interface To Send Icmp Unreachable Packets

    The control plane returns an ICMP unreachable packet to the source node. This function is disabled by default. 15-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 156: Figure 15-5 Configuration Example Of An Interface Sending Icmp Unreachable Packets

    Ethernet and POS interfaces are supported. Maintenance Commands To view information on packet sending and receiving after the configuration is performed, run the following command on the ZXR10 ZSR V2. For other commands, refer to 15.1 Configuring ICMP Fast Response.

  • Page 157: Configuring Ip Ping

    The kernels of most Transfer Control Protocol/Internet Protocol (TCP/IP) functions support a ping server directly. The server is not a user process. The format of an ICMP Echo Request and an ICMP Echo Reply is shown in Figure 15-6. 15-9 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 158: Figure 15-6 Format Of An Icmp Echo Request/Reply

    The ping program displays the serial number of each returning packet, which allows users to check whether packets are lost, in disorder or duplicated. Configuration Commands To configure IP ping on the ZXR10 ZSR V2, run the following commands: Command Function ping [vrf <vrf-name>]{<ip-address>|domain...

  • Page 159: Figure 15-7 Ip Ping Configuration Example

    <record-hops>: maximum number of hops that needs to be recorded, range: 1–9. timestamp <record-timestamps>: maximum number of timestamps that needs to be recorded, range: 1–9. Maintenance Commands To maintain IP Ping, run the following command on the ZXR10 ZSR V2: Command Function Displays the information on ICMP packets...

  • Page 160: Configuring Ip Trace

    ZXR10 ZSR V2 Configuration Guide (System Management) 2. Run the ping command in privileged mode. Configuration Commands Run the following commands on R1: R1(config)#interface 1/1 R1(config-if-gei-1/1)#no shutdown R1(config-if-gei-1/1)#ip address 100.0.0.15 255.255.255.0 R1(config-if-gei-1/1)#exit Run the following commands on R2: R2(config)#interface gei-1/1 R2(config-if-gei-1/1)#no shutdown R2(config-if-gei-1/1)#ip address 100.0.0.20 255.255.255.0...

  • Page 161: Figure 15-8 Interfaces Between The "Trace" Module And Sub-Modules

    The interfaces between the "trace" module and sub-modules are shown in Figure 15-8. Figure 15-8 Interfaces Between the "Trace" Module and Sub-Modules Configuration Commands To configure IP trace on ZXR10 ZSR V2, run the following commands: Command Function trace [vrf <vrf-name>]<ip-address> Traces an IP address in user ZXR10>...

  • Page 162: Figure 15-9 Ip Trace Configuration Example

    ZXR10 ZSR V2 Configuration Guide (System Management) Maintenance Commands The following example shows the output of the trace command used in privileged mode. The trace command traces the path to 168.1.10.100. ZXR10#trace 168.1.10.100 tracing the route to 168.1.10.100 168.1.10.100 2 ms...

  • Page 163: Configuring Lsp Ping

    Packets sent by LSP ping are not ICMP packets but UDP packets whose port number is 3503. On an MPLS network, 1. A source device sends a UDP Echo Request packet whose port number is 3503. 2. LSRs forward the Echo Request packet through label switching. 15-15 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 164 Echo Reply packet may be different. The destination address and destination port of the Echo Reply packet are the source address and source port of the Echo Request packet respectively. Configuration Commands To configure LSP ping on the ZXR10 ZSR V2, run the following commands: Command Function ping mpls ipv4 <ip-address><mask-length Configures IPv4 LDP LSP ping.

  • Page 165: Figure 15-10 Ldp Lsp Ping Configuration Example

    Success rate is 100 percent(5/5),round-trip min/avg/max= 5/38/151 ms. Ping R3 (unmatching FEC) on R1. The result is displayed as follows: R1#ping mpls ipv4 10.28.0.4 30 sending 5,120-byte MPLS echo(es) to 10.28.0.4,timeout is 2 second(s). 15-17 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 166 ZXR10 ZSR V2 Configuration Guide (System Management) Codes: '!' - success, 'Q' - request not sent, '.' - timeo 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC m...

  • Page 167: Figure 15-11 Rsvp Lsp Ping Configuration Example

    'd' - DDMAP !!!!! Success rate is 100 percent(5/5),round-trip min/avg/max= 2/3/6 ms. R1#ping mpls traffic-eng te_tunnel4000 /*TE tunnel of LSP Ping DOWN on R1*/ sending 5,120-byte MPLS echos to te_tunnel4000,timeout is 2 seconds. 15-19 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 168: Figure 15-12 Pwe3 Lsp Ping Configuration Example

    ZXR10 ZSR V2 Configuration Guide (System Management) Codes: '!' - success, 'Q' - request not sent, '.' - timeo 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC m...

  • Page 169: Configuring Lsp Trace

    127.0.0.1, which is used to prevent the packet from being forwarded according to an IP route when a fault occurs on an LSP of an intermediate LSR. The principle of LSP trace is shown in Figure 15-13. 15-21 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 170: Figure 15-13 Lsp Trace Work Flow

    ZXR10 ZSR V2 Configuration Guide (System Management) Figure 15-13 LSP Trace Work Flow The MPLS LSP trace procedure between LSR1 and LSR4 is described below: 1. LSR1: LSR1 sends an MPLS Echo Request packet to LSR2. The destination address of the packet is the FEC on LSR4.
  • Page 171 After the procedure, LSR1 knows the address and label information on LSRs along the LSP. Configuration Commands To configure LSP trace on the ZXR10 ZSR V2, run the following commands: Command Function trace mpls ipv4 <ip-address><mask-length>[output-interf Enables the IPv4 LDP LSP trace ZXR10# ace <interface-name>][destination <start-ipv4-address>[<end-ip...

  • Page 172: Figure 15-14 Ldp Lsp Trace Configuration Example

    ZXR10 ZSR V2 Configuration Guide (System Management) multisegment: enables the ping multisegment pseudowire function. Maintenance Commands To maintain LSP trace, run the following command on the ZXR10 ZSR V2: Command Function debug lspv {error | event | packet | tlv | all}...

  • Page 173: Figure 15-15 Rsvp Lsp Trace Configuration Example

    R1, R2 and R3. Build an OSPF-TE network. It is required to configure LSP trace on R1 to check connectivity. Figure 15-15 RSVP LSP Trace Configuration Example Configuration Flow 1. Build an OSPF-TE network. 2. Perform RSVP LSP trace on R1. 15-25 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 174: Configuring Multicast Ping

    ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Commands For RSVP configuration, refer to the OSPF-TE configuration example. Configuration Verification Run the following commands on R1 to view configurations. The execution result is displayed as follows: R1#show mpls traffic-eng tunnels brief...

  • Page 175: Figure 15-16 Work Flow Of Multicast Ping

    3. A leaf node where the receiver is located sends and processes the packet, and responds with a reply packet through unicast. 4. The initiator displays the multicast ping result. Configuration Commands To configure multicast ping on the ZXR10 ZSR V2, run the following command: Command Function ping [vrf <vrf-name>]<ip-address>{[df-bit <don't-fr...

  • Page 176: Figure 15-17 Multicast Ping Configuration Example

    <record-hops>: maximum number of hops that needs to be recorded, range: 1–9. <record-timestamps>: maximum number of timestamps that needs to be recorded, range: 1–9. Maintenance Commands To maintain multicast ping on the ZXR10 ZSR V2, run the following command: Command Function mtrace <source-address>[<destination-address...
  • Page 177 Reply to request 3 received from 17.1.1.1, 2 ms Reply to request 4 received from 17.1.1.1, 2 ms Reply to request 5 received from 17.1.1.1, 2 ms Success rate is 100 percent(5/5),round-trip min/avg/max= 2/2/2 ms. 15-29 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 178: Configuring Multicast Trace

    (S, G) or (*, G) entity. (S, G) is preferred. Until finding that the next hop route 1.1.1.3 is a source direct-connected route, R1 unicasts the destination route 2.2.2.2. Configuration Commands To configure multicast trace on ZXR10 ZSR V2, use the following command. Command Function mtrace <source-address>[<destination-address>][<g...

  • Page 179: Multicast Protocol

    R2#mtrace 12.131.1.2 17.1.1.1 225.0.0.1 Type escape sequence to abort. Mtrace from 12.131.1.2 to 17.1.1.1 via group 225.0.0.1 0 17.1.1.1 PIM 21 ms -1 17.1.1.2 PIM 76 ms -2 12.131.1.1 PIM 76 ms [finished] 15-31 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 180: Configuring Mac Ping

    ZXR10 ZSR V2 Configuration Guide (System Management) 15.11 Configuring MAC Ping Overview MAC ping provides a method of monitoring performance and detecting errors at the MAC layer. It determines link-layer connectivity by sending and receiving EOAM MAC ping packets. OAM information contained in IEEE802.3 is called Ethernet Operation, Administration and Maintenance (EOAM).

  • Page 181: Figure 15-21 Mac Ping Configuration Example

    PE2 sends a reply packet. If PE1 receives the reply packet within a specified period, the link layer is operating properly. Configuration Commands To configure MAC ping on the ZXR10 ZSR V2, run the following command: Command Function mac-ping <destination-mac>{interface <out-port>| vpls...

  • Page 182: Configuring Mac Trace

    ZXR10 ZSR V2 Configuration Guide (System Management) Run the following commands on PE1: PE1(config)#interface loopback1 PE1(config-if-loopback1)#ip address 100.10.10.1 255.255.255.255 PE1(config-if-loopback1)#exit PE1(config)#interface gei-1/1 PE1(config-if-gei-1/1)#no shutdown PE1(config-if-gei-1/1)#ip address 10.1.1.1 255.255.255.0 PE1(config-if-gei-1/1)#exit PE1(config)#router ospf 1 PE1(config-ospf-1)#network 100.10.10.1 0.0.0.0 area 0 PE1(config-ospf-1)#network 10.1.1.1 0.0.0.255 area 0...

  • Page 183: Figure 15-22 Network Structure Of Mac Trace

    PE1 sends a MAC trace request. If the link is operating properly, MAC addresses of corresponding interfaces on PE1, PE2 and CE2 are recorded. Configuration Commands To configure MAC trace on ZXR10 ZSR V2, run the following command: Command Function mac-trace <destination-mac>{interface <out-port>|[vpls...

  • Page 184: Figure 15-23 Mac Trace Configuration Example

    ZXR10 ZSR V2 Configuration Guide (System Management) Maintenance Commands To maintain MAC trace on the ZXR10 ZSR V2, run the following command: Command Function debug macping {all |error | event | info | packet} Displays errors, events, information and ZXR10# packets or all information when MAC trace packets are received and sent.

  • Page 185: Ip Performance Maintenance

    :gei-1/1 [002e.33d5.3f51]-> :gei-1/1 [00d0.d000.0500] ! [finished] 15.13 IP Performance Maintenance ZXR10 ZSR V2 provides the following commands to maintain IP performance. Command Function This enables IP debug function. It displays the debug debug ip ZXR10# information of IP processing and whether the route is sending or receiving IP packets.
  • Page 186 ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 15-38 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 187: Figures

    Figures Figure 1-1 ZXR10 ZSR V2 Configuration Modes............1-1 Figure 1-2 Run Dialog Box..................1-3 Figure 1-3 Telnet Connection Configuration Example..........1-6 Figure 1-4 PuTTY Configuration Dialog Box ............. 1-8 Figure 1-5 PuTTY Configuration Dialog Box ............. 1-9 Figure 1-6 SSH Configuration Example ..............1-10 Figure 1-7 FTP Server Configuration Example............
  • Page 188 ZXR10 ZSR V2 Configuration Guide (System Management) Figure 10-3 NTP Working as a Client ..............10-4 Figure 10-4 NTP Working as a Server ..............10-5 Figure 10-5 Physical POS Interface Clock Configuration Instance ......10-8 Figure 11-1 Performance Management Configuration Example Topology Diagram....................
  • Page 189 Figures Figure 15-20 MAC Ping Network Structure ............15-32 Figure 15-21 MAC Ping Configuration Example ............ 15-33 Figure 15-22 Network Structure of MAC Trace............15-35 Figure 15-23 MAC Trace Configuration Example ..........15-36 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 190 Figures This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...

  • Page 191: Glossary

    - Link Layer Discovery Protocol Data Unit - Label Switched Path - Label Switch Router - Media Access Control - Metropolitan Area Network - Management Information Base MPLS - Multiprotocol Label Switching - Network Management System SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
  • Page 192 ZXR10 ZSR V2 Configuration Guide (System Management) - Network Time Protocol - Packet Data Unit - Points Of Presence - Point-to-Point Protocol RADIUS - Remote Authentication Dial In User Service - Request For Comments - Service Level Agreement SNMP - Simple Network Management Protocol...

Table of Contents