Page 2
ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners.
1.5 FTP Connection Configuration ................1-10 1.5.1 Configuring the ZXR10 ZSR V2 as an FTP Server........1-10 1.5.2 Configuring the ZXR10 ZSR V2 as an FTP Client ........1-12 1.6 Configuring TFTP Connection ................1-15 1.7 SFTP Connection Configration ................1-17 1.7.1 Configuring the ZXR10 ZSR V2 as an SFTP Server .........
About This Manual Purpose This manual describes functional principles, configuration commands and examples related to ZXR10 ZSR V2 system management. Intended Audience This manual is intended for the following engineers: Network planning engineers Commissioning engineers Maintaining engineers What Is in This Manual...
Page 8
Caution: indicates a potentially hazardous situation. Failure to comply can result in moderate injury, equipment damage, or interruption of minor services. Note: provides additional information about a certain topic. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Console port mode: This is the primary configuration mode used by users. Telecommunication Network Protocol (TELNET)/Secure Shell (SSH) mode: Users can use this mode to configure the ZXR10 ZSR V2 at any accessible place of a network. SJ-20140504150128-007|2014-05-10 (R1.0)
1.2 Configuring Console Port Connection This procedure describes how to connect to the ZXR10 ZSR V2 through the Console port. Steps 1. Configure a Hyperterminal. For how to configure a Hyperterminal, refer to the "Configuring the Device Through a Console Port"...
Telnet, a user name and password have to be set on the router for Telnet accessing. Only the user who has the preset user name and password can access the router. For how to configure a user name and password on the ZXR10 ZSR V2 for Telnet login, refer to 4.2 Configuring User...
Page 12
ZXR10 ZSR V2 Configuration Guide (System Management) On the ZXR10 ZSR V2, run the following commands to configure optional Telnet parameters: Command Function line console idle-timeout <idle-time> Configures the maximum idle ZXR10(config)# timeout period of the serial port. Unit: minute, range: 0–1000, default: 30.
Page 13
3. (Optional) Run the telnet command on the ZXR10 ZSR V2 to log in to another device through the local client. For the format of the telnet command, refer to the following table:...
If an ACL is configured, only PCs whose IP addresses are in the Permit column of the ACL can be connected to R1. 1.4 Configuring SSH Connection This procedure describes how to connect to the ZXR10 ZSR V2 through SSH. Prerequisite The local terminal can access the remote router network.
Page 15
The following uses Putty as an example to describe how to configure an SSH client. a. Enable Putty.exe on the SSH host. Type the IP address of the remote router (such as 192.168.5.3) in the Host Name text box, see Figure 1-4. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
************************************************************ Welcome to ZXR10 Intelligent Integrated Multi-Service Router of ZTE Corporation ************************************************************ ZXR10# 4. Verify the configurations. Command Description Shows the configuration state of SSH. show ssh ZXR10# – End of Steps – SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ACL can be connected to R1. 1.5 FTP Connection Configuration 1.5.1 Configuring the ZXR10 ZSR V2 as an FTP Server This procedure describes how to configure the ZXR10 ZSR V2 as an FTP server. Prerequisite The local terminal can access the remote router network.
Page 19
The following gives an FTP server configuration example. Configuration Description As shown in Figure 1-7, ZXR10 ZSR V2 is connected to a PC and operates as an FTP server. The PC functions as an FTP client that uploads and downloads files. 1-11 SJ-20140504150128-007|2014-05-10 (R1.0)
Figure 1-7 FTP Server Configuration Example Configuration Flow 1. Enable the FTP server function and listening port 21 of the ZXR10 ZSR V2. 2. Set the FTP server root directory to /datadisk0/LOG/. 3. Set both the FTP server user name and password to zte.
Type a directory such as D: \IMG in the Home Directory text box for saving version files or configuration files. After the configuration is completed, the user name and home directory are displayed in the User/Rights Security Dialog dialog box, seeFigure 1-10. 1-13 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
V2 functions as an FTP client. A user whose user name is who and password is who uploads the startrun.dat file from the sysdisk0/DATA0 directory of the ZXR10 ZSR V2 file system to the FTP server whose IP address is 192.168.109.6.
By means of TFTP, router version files and configuration files can be backed up and restored. Prerequisite The ZXR10 ZSR V2 can access the TFTP server network as a TFTP client. Steps 1. Configure and start a TFTP server. The following takes the TFTP server software tftpd as an example to describe how to configure a TFTP server.
– End of Steps – Example The following example describes how to upload the startrun.dat file from the datad isk0 directory of the ZXR10 ZSR V2 file system to the TFTP server whose IP address is 192.168.4.244. ZXR10#copy tftp root: /datadisk0/startrun.dat //192.168.4.244/startrun.dat Starting copying file File copying successfully.
The following gives an example of how to configure an SFTP server. Configuration Description When the ZXR10 ZSR V2 functions as an SFTP server, the client can be a PC or another type of device that supports the SFTP client function. Two ZXR10 ZSR V2s...
4. Download a file from the SFTP server to verify the SFTP server function. Configuration Commands Run the following commands on the ZXR10 ZSR V2. For how to configure a user name and password, refer to “Chapter 4 User Management”.
Page 27
A user whose user name is who and password is who uploads the startrun.dat file in the /sysdisk0/DATA0 directory of the ZXR10 ZSR V2 file system to the SFTP server whose IP address is 192.168.109.6. The encryption algorithm is aes128, compression algorithm is zlib, and MAC check method is sha1.
Page 28
ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 1-20 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Users have read and write permissions. Service and alarm log files are stored in the /datadisk0/LOG directory, but the command log file (that is, the cmdlog file) is stored in the /sysdisk0/usrcmd_log/ directory. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
IP address of an FTP server, and configuration loading mode. 2.2 Configuring File System Management This procedure describes how to manage files and directories, format the hard disk user partition, and save configuration information on the ZXR10 ZSR V2. Steps Manage files and directories.
Chapter 2 File System Management Copy file successfully. 4. After the backup is completed, run the unmount command, and then remove the USB flash drive. ZXR10#umount usb1 MPFU-8/0: usb1 unmounted successfully! SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 34
ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
MIM object operations. Figure 3-1 MIM Application 3.2 Configuring MIM This procedure describes how to configure the MIM function on the ZXR10 ZSR V2. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 36
ZXR10 ZSR V2 Configuration Guide (System Management) Steps 1. Configure MIM. Command Function configure exclusive Configures the exclusive ZXR10# function. commit-mode {automatic | manual} Sets the commit mode ZXR10# (automatic-commit mode or manual-commit mode) for configuration commands. Default: automatic-commit. commit Commits the configuration.
Page 37
%Info 140359: Allow others to configure, must avoid conflict. ZXR10(config)#commit-mode manual /*Enters configuration commands by running a script. The process is omitted.*/ ZXR10(config)#commit Configuration Verification Check whether all the commands have been committed and become effective by running the show command. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 38
ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
User Management Configuration Examples..............4-7 4.1 User Management Overview To maintain and manage the ZXR10 ZSR V2, users need to log in to it in SSH, Telnet, or FTP mode. User management implements the configuration, authentication, and authorization of users who have logged in to the ZXR10 ZSR V2.
ZXR10 ZSR V2 Configuration Guide (System Management) 4.2 Configuring User Management This procedure describes how to configure user management functions. Steps 1. Enter ADM_MGR configuration mode, and configure user management parameters. Step Command Function Enters user management system-user ZXR10(config)# configuration mode.
Page 41
Configures an authorization aaa-authorizati ZXR10(config-aaa-author-template)# on-type {none | local-radius | local-tacacs | local | radius type under the AAA | tacacs | tacacs-local | radius-local } authorization template. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 42
ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function Enters user management system-user ZXR10(config)# configuration mode. Configures a user authorization-template ZXR10(config-system-user)# – <1 128> management authorization template, and enters the configuration mode of this template. Binds an AAA authorization...
Page 43
<failure-tries>] or Trap information when failed login attempts exist. 6. Verify the configurations. Command Function show running-config adm-mgr [all] Displays user management configurations. ZXR10# show user-group [special <usergroup-name>] Displays configured user group information. ZXR10# SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 44
ZXR10 ZSR V2 Configuration Guide (System Management) Command Function Displays information on locked users and show authen-restriction userinfo ZXR10# users who have failed authentication. The information includes user names, numbers of authentication failure times, status (locked or not locked), and remnant locking time.
As shown in Figure 4-1, PC logs in to the router by serial port or Telnet, enters configuration mode and creates a user who uses local authentication mode. Figure 4-1 Local Authentication and Authorization Configuration SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 46
ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Flow 1. Configure an authentication template. 2. Configure an authorization template. 3. Create a user, bind authentication and authorization templates. Configuration Command R1(config)#aaa-authentication-template 2001 R1(config-aaa-authen-template)#aaa-authentication-type local R1(config-aaa-authen-template)#exit R1(config)#aaa-authorization-template 2001 R1(config-aaa-author-template)#aaa-authorization-type local R1(config-aaa-author-template)#exit...
As shown in Figure 4-4, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create an authentication user. Users of any authentication mode can configure password recovery information, but password recovery only takes effect for locally authenticated users.
2. Configure an authorization template. 3. Create a user. 4. Configure a password prompt question and an answer. 5. Log in for password recovery. Configuration Commands Run the following commands on the ZXR10 ZSR V2: R1(config)#aaa-authentication-template 2001 R1(config-aaa-authen-template)#aaa-authentication-type local R1(config-aaa-authen-template)#exit R1(config)#aaa-authorization-template 2001...
As shown in Figure 4-5, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create an authentication user. To prevent user passwords from being cracked or stolen, the ZXR10 ZSR V2 supports setting password strength.
Page 52
ZXR10 ZSR V2 Configuration Guide (System Management) 6. A user who fails authentication consecutively for the set number of times is locked. Configuration Commands Run the following commands on the ZXR10 ZSR V2: R1(config)#system-user R1(config-system-user)#strong-password length 6 character special-character /*Configures the minimum password length as 6 characters, and configures that a password should contain special characters.*/...
As shown in Figure 4-6, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create another user. By default, the password of this account never expires. You can set a validity period (90–360 days) for this account by running a configuration command, and test whether the validity period is effective by changing the system time.
As shown in Figure 4-7, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create another user, and configures once-password (only valid for locally authenticated users). During the next login, the user can use the self-configured password.
Configuration Description Figure 4-8, a user logs in to the ZXR10 ZSR V2 from a PC through a serial port or Telnet. The user enters configuration mode to create another user and give the user a privilege level. If the privilege level is too low, the enable command can be used to raise the level.
Page 57
2. Configure an authentication template. 3. Configure an authorization template. 4. Configure an "enable" password to raise the user's privilege level. Configuration Commands Run the following commands on the ZXR10 ZSR V2: R1(config)#tacacs enable R1(config)#tacacs-server host 10.1.1.1 key zte R1(config)#tacplus group-server ztegroup R1(config-sg)#server 10.1.1.1...
Page 58
“Chapter 5 Command Privilege Level Classification”. In global configuration mode, run the nvram enable-password command. For details, refer to the Setting Configurations Kept in NVRAM section the ZXR10 ZSR V2 Initial Configuration Guide. You can configure the recovery function for a password configured in the NVRAM.
Command Privilege Level Configuration Example ............5-2 5.1 Command Privilege Level Overview The ZXR10 ZSR V2 supports the command privilege level function. Command privilege level management is used to configure command privileges. Users can run the privilege command to configure the privilege of a command.
It is required to configure different privilege levels for two types of users who operate the ZXR10 ZSR V2. The privilege level of Type A users is 15, and these users can do all operations, such as view and configuration. The privilege level of Type B users is 5. They need to use the show clock command to view the system clock.
Page 61
ZXR10(config-system-user-username)#password ZTE_B_5 ZXR10(config-system-user-username)#exit ZXR10(config-system-user)#exit /*Create ZTE_B and configure the user's authorization level.*/ ZXR10(config)#aaa-authentication-template 2001 ZXR10(config-aaa-authen-template)#aaa-authentication-type local ZXR10(config-aaa-authen-template)#exit ZXR10(config)#aaa-authorization-template 2001 ZXR10(config-aaa-author-template)#aaa-authorization-type radius-local ZXR10(config-aaa-author-template)#exit /*Configure the authentication and authorization templates of ZTE_A*/ ZXR10(config)#aaa-authentication-template 2002 ZXR10(config-aaa-authen-template)#aaa-authentication-type local SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 62
ZXR10 ZSR V2 Configuration Guide (System Management) ZXR10(config-aaa-authen-template)#exit ZXR10(config)#aaa-authorization-template 2002 ZXR10(config-aaa-author-template)#aaa-authorization-type radius-local ZXR10(config-aaa-author-template)#exit /*Configure the authentication and authorization templates of ZTE_B*/ ZXR10(config)#enable secret level 8 level-8 /*Configure the password of the level-8 user login privilege.*/ Configuration Verification Run the following commands to view ZTE_A's privilege level. The execution result is...
Page 63
Send echo messages ping6 Send IPv6 echo messages show Show running system information trace Trace route to destination trace6 Trace route to destination using IPv6 ZXR10(config)# ZXR10(config)#show ? clock Show current system clock SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 64
Trace route to destination using IPv6 ZXR10(config)#clock ? timezone Configure time zone View the configurations on the ZXR10 ZSR V2, as shown below: ZXR10#enable /*Raises the user's privilege level to the default level, level 15.*/ Password: /*The input password is not displayed.*/ ZXR10#show running-config adm-mgr ! <ADM_MGR>...
By default, SNMP uses as the transmission protocol. 6.1.2 Configuring SNMP This procedure describes how to configure SNMP during equipment management by using SNMP. Steps 1. Enable SNMP V1, V2c, and V3. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 68
ZXR10 ZSR V2 Configuration Guide (System Management) Command Function snmp-server version {v1 | v2c | v3} Enables SNMP V1, V2, and V3 for ZXR10(config)# receiving packets from and sending enable packets to clients. There are two states: enable and disable. Default: disable.
Page 69
<udp-port>: number of the UDP port for sending Trap or inform messages, range: 1–65535. <Trap-type>: Trap or Inform type. The Trap type can be all or one of the bgp, ospf, rmon, snmp, stalarm and vpn types. 7. Enable the system log function. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 70
ZXR10 ZSR V2 Configuration Guide (System Management) Command Function Enables the system log function. logging on ZXR10(config)# 8. Set the level of the alarm message sent to the Trap server. Command Function logging Trap-enable <alarmlevel> Sets the level of the alarm message ZXR10(config)# sent to the Trap server.
Page 71
<auth-key>: authentication password or authentication key, range: 1–30 characters. If it is an encrypted password, its range is 32–40 characters. des56: uses CBC-DES as the encryption mode. <priv-key>: cipher text encryption password, range: 1–32 characters. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) <auth-password>: authentication password (or authentication key), range: 1–31 characters. If it is an encrypted password, its range is 32–40 characters. <priv-password>: clear text encryption password, range: 1–32 characters. 11. Verify the configurations. Command...
Page 73
By default, all types of Trap messages are sent. Configuration Commands Ran the following commands on the ZXR10 ZSR V2: R1(config)#snmp-server version v2c enable R1(config)#location No.68 Zijinghua Rd. Yuhuatai District, Nanjing, China...
In quiet mode, the ZXR10 ZSR V2 only allows to handle requests from trusted user (if an ACL is configured in advance, the requests still need to be filtered through the ACL first).
In monitoring period, the total failure times is counted (IP addresses are not distinguished). If the number of times exceeds the limit, the ZXR10 ZSR V2 enters quiet mode. In any state, when community string attempts fail, logs and self-defined Trap messages are generated by default.
Page 78
ZXR10 ZSR V2 Configuration Guide (System Management) Steps 1. Activate the SNMP security function. Command Function snmp-server security block < The SNMP security protection function ZXR10(config)# block-seconds><detect-tries>< detect-seconds>[when is disabled by default. This command <tries><startup-seconds>] is used to activate this function.
6.2.3 SNMP Anti–Brute Force Attack Configuration Example It is required to configure the SNMP anti–brute force attack function on the ZXR10 ZSR V2, see Figure 6-3. Figure 6-3 SNMP Anti–Brute Force Attack Configuration Example 6-13 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 80
4. Configure a Trap message and log that is generated when user attempts fail and a state is switched. Configuration Command Run the following commands on the ZXR10 ZSR V2: R1(config)#snmp-server security block 180 3 180 when 50 60 R1(config)#snmp-server security dynamic-trust-user idle-timeout 100 R1(config)#snmp-server security static-trust-user 169.1.110.6...
Notification is only to notify the happening of some event, so there is no current and history notifications. On ZXR10 ZSR V2, you can configure the following alarms: CPU, memory, and storage device alarms The basic principles of CPU, memory and storage device alarms are the same. If the current usage exceeds the configured alarm threshold, the alarms are reported.
ZXR10 ZSR V2 Configuration Guide (System Management) different. The device compares the temperature information obtained at specified time with the corresponding alarm threshold. If the temperature exceeds the threshold, the alarm is reported. If the temperature is lower than the threshold, the alarm at the corresponding level is cleared.
Page 83
(level 7), NOTIFICATIONS (level 6), WARNINGS (level 5), ERRORS (level 4), CRITICAL (level 3), ALERTS (level 2), and EMERGENCIES (level 1). <time1>: interval of reporting to FTP, range: 1:00:00–23:59:59. <time2>: daily time for reporting to FTP, range: 00:00:00–23:59:59. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 84
ZXR10 ZSR V2 Configuration Guide (System Management) <weekday>: day in each week for reporting to FTP, range: Monday, Tuesday, Thursday, Wednesday, Friday, Saturday, and Sunday. <time3>: time in the day of each week for reporting to FTP, range: 00:00:00–23:59:59. <mothday>: date in each month for reporting to FTP, range: 1–31.
Page 85
<date>: 01-01-2001 to 12-31-2037, format of <time>: hh:mm:ss, range of <time>: 00:00:00 to 23:59:59. typeid <type>: alarm type, range: ACL, BFD, BGP, LDP, and so on (more than 60 types). username <username>: login username, string type, range: 1–32 characters. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 86
You cannot configure thresholds for temperature alarms and power voltage alarms. Only querying temperature alarms and power voltage alarms by running commands is supported. On the ZXR10 ZSR V2, run the following commands to view shelf management temperature alarms and power voltage alarms.
<level> Sets the level in global ZXR10(config)# configuration mode for reporting alarms to the Syslog server. Alarms whose levels are higher than or equal to the set level are reported to the Syslog server. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
8.3 Syslog Configuration Example Configuration Description The function of Syslog is sending alarms to the Syslog server in the specified format. After the Syslog function is configured on the ZXR10 ZSR V2, alarms will be sent to the Syslog server, see Figure 8-1.
Configuration Flow 1. Connect the Syslog server to the ZXR10 ZSR V2. 2. Configure the interface on the Syslog server and the interface on the ZXR10 ZSR V2, which are directly connected in the same network segment. 3. Configure the Syslog server alarm level.
Page 94
ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Trap server and a community string for SNMP and to enable the SNMP Trap sending function. 9.2 Configuring RMON This chapter describes how to configure the RMON function. Steps 1. Configure an event that triggers the RMON alarm. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 96
ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function Enters RMON mode from rmon ZXR10(config)# configuration mode. rmon event <index-nu Configures an event to log alarms ZXR10(config-rmon)# mber>[{[log],[Trap <snmp-name>],[description or/and send Trap messages. <event-description>],[owner <event-owner>]}] rmon alarm <index-number Sets a MIB object and alarm events ZXR10(config-rmon)# ><mib-subtree-id><monitor-seconds>{delta | absolute}...
9.3 RMON Configuration Example Configuration Description As shown in Figure 9-1, it is required to enable the RMON function, monitor the traffic of the gei-3/2 interface on the ZXR10 2800-4, and provide the following functions: SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10(config-rmon)#interface gei-3/2 ZXR10(config-rmon-if)#rmon collection statistics 1 owner zte /* Configures the RMON statistics table. */ ZXR10(config-rmon-if)#rmon collection history 1 buckets 10 interval 60 owner zte /* Configures the ROMN history table with the 60 s sampling period. */ ZXR10(config-rmon-if)#exit ZXR10(config-rmon)#rmon event 1 description outboundocts log owner zte ZXR10(config-rmon)#rmon event 2 description inboundnonuni Trap zte owner zte /* Configures the ROMN event table.
Page 99
1 log description outboundocts owner zte rmon event 2 Trap zte description inboundnonuni owner zte interface gei-3/2 rmon collection history 1 buckets 10 interval 60 owner zte rmon collection statistics 1 owner zte !</rmon> Run the following command to view information on the RMON statistics table. The...
Page 100
ZXR10 ZSR V2 Configuration Guide (System Management) historyControlEntry 1 is valid, and owned by zte Monitors ifEntry.1.12 (gei-3/2) every 60 seconds Requested buckets is 10 Granted buckets is 10 Sample #1 began measuring at 0w4d,03:55:43 Received 131180 octets, 1519 packets,...
Page 101
Chapter 9 RMON Configuration 0w4d,03:56:54 outboundocts Event 2 is valid, and owned by zte Description is inboundnonuni Event firing causes trap to community/user zte, last fired 0w4d,03:57:12 Current log entries: Index Time Description Run the following command to view information on the RMON alarm table. The execution...
Page 102
ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
1. The client sends NTP time request packets to the configured clock server regularly and waits responses. 2. After receiving NTP response packet, NTP client inspects the packet, extracts the corresponding time, calculates the time offset and configures the local clock. 10-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 can act as NTP server and client and the same time. That is to say, it can receive time request packets coming from other servers and send its own time information...
Page 105
Configures the trusted ZXR10(config)# key number for NTP authentication. <key-number>: encrypted key number, range: 1–4294967295. <clear-word>: MD5 clear text authentication code, range: 1–16 characters. <encrypted-word>: MD5 cipher text authentication code, range: 1–24 characters. 10-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) The NTP authentication function consists of two parts: server and client. When configuring this function, comply with the following rules: If the NTP authentication function is enabled, an NTP MD5 key should be configured, and the key should be set to a trusted key.
Enable NTP on R2, and configure a level of the NTP server. Configuration Command The configuration on R1: R1(config)#ntp enable R1(config)#ntp server 192.168.5.93 priority The configuration on R2: R2(config)#ntp enable R2(config)#ntp master 1 10-5 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Verification Use the show running-config ntp command on the client and the server to view configuration. Use the show ntp status command on the client to view the IP address and the clock of the reference clock (R2). Use the show clock command on the client. The clock has been synchronized with the clock on the server.
POS interface clock. – End of Steps – 10.2.3 Physical POS-Interface Clock Configuration Instance Configuration Description The purpose of configuring a POS-interface clock is to synchronize the clock between different network members, see Figure 10-5. 10-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
11.2 Performance Management Configuration This procedure describes how to configure the performance management function. Steps 1. Configure performance management. 11-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 114
ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function Enters interface statistic intf-statistics ZXR10(config)# configuration mode. Enables or disables the switch to one_minute_pe ZXR10(config-intf-statistics)# ak_value {disable | enable}{<interface-name>| default} control the one-minute peak-value counter on a specific Ethernet interface or all Ethernet interfaces.
2. Set count update time of physical port such as gei-2/1 as 30 seconds. ZXR10(config)#performance update-interval 30s ethernet Configuration Verification Check whether the configuration is valid. ZXR10(config)#show running-config performance ! <performance > performance update-interval 30s ethernet ! </performance > 11-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 116
ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 11-4 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 117
For example, if the sample rate is 2000:1, then sample one packet from every 2000 packets. NetFlow can sample unicast, multicast or Multi Protocol Label Switching (MPLS) packets respectively or hybridly. NetFlow analyzes the sampled packet to obtain the following information, 12-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 118
à while. The interval is called inactive aging time. It can be configured by user. At present, ZXR10 ZSR V2 can record flow information in NetFlow v5, NetFlow v8, NetFlow v9 and IPFIX packets to send to the server. Since the format of NetFlow v5 is fixed, Netflow v5 only output the fixed field flow à...
<packets>: the number of output netflow packets, according to which the module is resent, range: 1–600, default: 20. timeout <seconds>: time, according to which the module is resent, range: 1–86400, default: 600 seconds. 12-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 120
ZXR10 ZSR V2 Configuration Guide (System Management) 2. Creates a flow record policy, and sets key and non-key fields. Step Command Function flow record <record-name> Creates a flow record policy, ZXR10(config)# and names the policy. You can configure up to 100 different flow record policies.
Page 121
Unit: ms. sys-uptime last: sets the system power-up time when the flow is updated in the cache for the last time as the collected non-key field. Unit: ms. 12-5 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 122
ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function Sets transport layer information collect transport ZXR10(config-flow-record)# {destination-port | icmp {ipv4 | ipv6}{code | type}| as a non-key field. source-port | tcp flags} collect ip {cos| Sets IP information as a non-key...
Page 123
ZXR10(config-if-interface-name)# flow monitor <monitor-name>[sampler sampling on the interface. <sampler-name>][unicast | multicast | ipv6–access-list <name>]{input | output} Configures MPLS packet mpls flow ZXR10(config-if-interface-name)# monitor <monitor-name>[sampler <sampler-name>] sampling on the interface. unicast {input | output} 12-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 124
ZXR10 ZSR V2 Configuration Guide (System Management) ip flow monitor <monitor-name>: applies a pre-set netflow monitoring policy on the interface. After the command is run, configurations related to the monitor policy, the cache size, template in use, and collected fields of the template cannot be modified. To modify the configurations, the flow monitoring policy must be deleted from the interface first.
SQA can also be used to detect the network qualities of operators periodically to reflect the network qualities in real time, so that operators can master the overall network qualities. 13.2 Configuring SQA This procedure describes how to configure the SQA function. Steps 1. Configure an SQA instance. 13-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 132
ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function sqa-test <number> Selects a test instance ZXR10(config)# number and enters SQA configuration mode. The range of the instance number is 1–150. type-icmp [vrf <vrf-name>]<des Configures an ICMP test ZXR10(config-sqa)# tination-address>[source <source-address>][repeat <...
Page 133
1–100. 3. Configure an SQA TCP or UDP server. Command Function sqa-tcp-server <ipaddress><port> Configures an SQA TCP server. (This ZXR10(config)# configuration is required when you select a TCP test.) 13-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) Command Function sqa-udp-server <ipaddress><port> Configures an SQA UDP server. (This ZXR10(config)# configuration is required when you select a UDP test.) 4. Verify the configurations. Command Function show running-config sqa [all][|begin | exclude Displays SQA configurations.
13-2, there is a link between the FTP server and R1. Packets between them can be forwarded properly. It is required to enable the FTP server function on FTP server, and configure a user name and password. Figure 13-2 FTP-Type SQA Configuration Example 13-5 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
3. Set the SQA test start time to now or a scheduled time. 4. Check the test result. Configuration Command Run the following commands on the ZXR10 ZSR V2: R1(config)#sqa-test 2 R1(config)#type-ftp copy 1.1.1.1 filename abc.txt root /datadisk0/abc.txt R1(config)#type-ftpusername whopassword who R1(config-sqa-2)#sqa-begin now %Info 757: The sqa test is starting now, please wait a moment for test result..
ZXR10 ZSR V2 Configuration Guide (System Management) 13.3.4 UDP-Type SQA Configuration Example Configuration Description As shown in Figure 13-4, there is a link between R1 and R3. Packets between R1 and R3 can be forwarded properly. Enable a monitoring port of SQA-UDP-server on R3.
As shown in Figure 13-5, configure an SQA test instance on ZXR10 ZSR V2, connect the server to R1, and configure an IP address. Configure a route to the server if necessary so that DNS packets can be sent to the server.
Page 140
ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Verification The configuration information and test result are shown below. R1#show sqa-test 5 test number:1 test type: DNS destination-url:abc.cn dns-ip:10.1.0.1 repeat:1 send trap:disable R1#show sqa-result dns dns test[5] result SendPackets:1 ResponsePackets:1 Completion:success Destination-url:abc.cn...
Page 141
If necessary, the device can send update information to the neighbor devices that are connected directly, and the neighbor devices store the information in standard SNMP MIBs. 14-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) Figure 14-1 LLDP System Structure Network management systems can query the L2 connection information in the MIB. LLDP does not configure or control network elements or traffic. It just reports the position of L2. Another function defined in 802.1AB is that network management software can use the information provided by LLDP to find conflicts at L2 network.
LLDPPDU. 14.2 Configuring LLDP This procedure describes how to configure basic attributes and functions for the LLDP. Steps 1. Configure LLDP. To configure LLDP on ZXR10 ZSR V2, perform the following steps. Step Command Function lldp This enters LLDP configuration ZXR10(config)# mode.
Page 144
ZXR10 ZSR V2 Configuration Guide (System Management) Step Command Function hellotime <times> This configures the interval to ZXR10(config-lldp)# send LLDP neighbor discovery packets. It is in the unit of second, and it is in the range of 5–32768, the default value is 30.
– End of Steps – 14.3 LLDP Configuration Examples 14.3.1 LLDP Neighbor Configuration Example Configuration Description As shown in Figure 14-2, it is required to configure LLDP on gei-1/1 of R1. 14-5 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) Figure 14-2 LLDP Neighbor Configuration Example Configuration Flow 1. Enter LLDP configuration mode. 2. Enter an interface. 3. Enable LLDP. Configuration Command Enter an interface in LLDP configuration mode and then configure LLDP, as shown below.
Page 147
R1(config-lldp)#clearstatistic /*Clear LLDP statistical information*/ R1(config-lldp)#end Configuration Verification Use the show running-config lldp command to check the configuration result. ZXR10#show running-config lldp ! <LLDP> lldp hellotime 30000 holdtime 8 maxneighbor 3 ! </LLDP> 14-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 148
ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 14-8 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 149
Reply packets. To reduce delays, the ICMP fast response function directly returns Reply packets. Configuration Commands To configure the ICMP fast response function, run the following command on the ZXR10 ZSR V2: 15-1 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 150
ZXR10 ZSR V2 Configuration Guide (System Management) Command Function Enables the ICMP fast response (ping) ip icmp-fast-reply ZXR10(config)# function. This function is enabled by default. Maintenance Commands To maintain the ICMP fast response function, run the following commands on the ZXR10...
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/21 ms. Note: The ICMP fast response function is enabled by default. If the corresponding debug function is enabled and then ping is performed, the ICMP fast response (ping) function is disabled. 15-3 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) 15.2 Configuring IP Source Route Option Processing Overview IP allows a source host to specify a path through an IP network in advance. This path is called a source route. If a source route is specified, the software forwards packets according to the source route.
Chapter 15 Network Layer Detection Maintenance Commands To display the IP source route option configuration, run the following command on the ZXR10 ZSR V2: Command Function Displays whether the IP source route option show running-config ip all ZXR10# processing function is configured.
The control plane returns an ICMP unreachable packet to the source node. This function is disabled by default. 15-7 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Ethernet and POS interfaces are supported. Maintenance Commands To view information on packet sending and receiving after the configuration is performed, run the following command on the ZXR10 ZSR V2. For other commands, refer to 15.1 Configuring ICMP Fast Response.
The kernels of most Transfer Control Protocol/Internet Protocol (TCP/IP) functions support a ping server directly. The server is not a user process. The format of an ICMP Echo Request and an ICMP Echo Reply is shown in Figure 15-6. 15-9 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
The ping program displays the serial number of each returning packet, which allows users to check whether packets are lost, in disorder or duplicated. Configuration Commands To configure IP ping on the ZXR10 ZSR V2, run the following commands: Command Function ping [vrf <vrf-name>]{<ip-address>|domain...
<record-hops>: maximum number of hops that needs to be recorded, range: 1–9. timestamp <record-timestamps>: maximum number of timestamps that needs to be recorded, range: 1–9. Maintenance Commands To maintain IP Ping, run the following command on the ZXR10 ZSR V2: Command Function Displays the information on ICMP packets...
ZXR10 ZSR V2 Configuration Guide (System Management) 2. Run the ping command in privileged mode. Configuration Commands Run the following commands on R1: R1(config)#interface 1/1 R1(config-if-gei-1/1)#no shutdown R1(config-if-gei-1/1)#ip address 100.0.0.15 255.255.255.0 R1(config-if-gei-1/1)#exit Run the following commands on R2: R2(config)#interface gei-1/1 R2(config-if-gei-1/1)#no shutdown R2(config-if-gei-1/1)#ip address 100.0.0.20 255.255.255.0...
The interfaces between the "trace" module and sub-modules are shown in Figure 15-8. Figure 15-8 Interfaces Between the "Trace" Module and Sub-Modules Configuration Commands To configure IP trace on ZXR10 ZSR V2, run the following commands: Command Function trace [vrf <vrf-name>]<ip-address> Traces an IP address in user ZXR10>...
ZXR10 ZSR V2 Configuration Guide (System Management) Maintenance Commands The following example shows the output of the trace command used in privileged mode. The trace command traces the path to 168.1.10.100. ZXR10#trace 168.1.10.100 tracing the route to 168.1.10.100 168.1.10.100 2 ms...
Packets sent by LSP ping are not ICMP packets but UDP packets whose port number is 3503. On an MPLS network, 1. A source device sends a UDP Echo Request packet whose port number is 3503. 2. LSRs forward the Echo Request packet through label switching. 15-15 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 164
Echo Reply packet may be different. The destination address and destination port of the Echo Reply packet are the source address and source port of the Echo Request packet respectively. Configuration Commands To configure LSP ping on the ZXR10 ZSR V2, run the following commands: Command Function ping mpls ipv4 <ip-address><mask-length Configures IPv4 LDP LSP ping.
Success rate is 100 percent(5/5),round-trip min/avg/max= 5/38/151 ms. Ping R3 (unmatching FEC) on R1. The result is displayed as follows: R1#ping mpls ipv4 10.28.0.4 30 sending 5,120-byte MPLS echo(es) to 10.28.0.4,timeout is 2 second(s). 15-17 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
127.0.0.1, which is used to prevent the packet from being forwarded according to an IP route when a fault occurs on an LSP of an intermediate LSR. The principle of LSP trace is shown in Figure 15-13. 15-21 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) Figure 15-13 LSP Trace Work Flow The MPLS LSP trace procedure between LSR1 and LSR4 is described below: 1. LSR1: LSR1 sends an MPLS Echo Request packet to LSR2. The destination address of the packet is the FEC on LSR4.
Page 171
After the procedure, LSR1 knows the address and label information on LSRs along the LSP. Configuration Commands To configure LSP trace on the ZXR10 ZSR V2, run the following commands: Command Function trace mpls ipv4 <ip-address><mask-length>[output-interf Enables the IPv4 LDP LSP trace ZXR10# ace <interface-name>][destination <start-ipv4-address>[<end-ip...
R1, R2 and R3. Build an OSPF-TE network. It is required to configure LSP trace on R1 to check connectivity. Figure 15-15 RSVP LSP Trace Configuration Example Configuration Flow 1. Build an OSPF-TE network. 2. Perform RSVP LSP trace on R1. 15-25 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) Configuration Commands For RSVP configuration, refer to the OSPF-TE configuration example. Configuration Verification Run the following commands on R1 to view configurations. The execution result is displayed as follows: R1#show mpls traffic-eng tunnels brief...
3. A leaf node where the receiver is located sends and processes the packet, and responds with a reply packet through unicast. 4. The initiator displays the multicast ping result. Configuration Commands To configure multicast ping on the ZXR10 ZSR V2, run the following command: Command Function ping [vrf <vrf-name>]<ip-address>{[df-bit <don't-fr...
<record-hops>: maximum number of hops that needs to be recorded, range: 1–9. <record-timestamps>: maximum number of timestamps that needs to be recorded, range: 1–9. Maintenance Commands To maintain multicast ping on the ZXR10 ZSR V2, run the following command: Command Function mtrace <source-address>[<destination-address...
Page 177
Reply to request 3 received from 17.1.1.1, 2 ms Reply to request 4 received from 17.1.1.1, 2 ms Reply to request 5 received from 17.1.1.1, 2 ms Success rate is 100 percent(5/5),round-trip min/avg/max= 2/2/2 ms. 15-29 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
(S, G) or (*, G) entity. (S, G) is preferred. Until finding that the next hop route 1.1.1.3 is a source direct-connected route, R1 unicasts the destination route 2.2.2.2. Configuration Commands To configure multicast trace on ZXR10 ZSR V2, use the following command. Command Function mtrace <source-address>[<destination-address>][<g...
R2#mtrace 12.131.1.2 17.1.1.1 225.0.0.1 Type escape sequence to abort. Mtrace from 12.131.1.2 to 17.1.1.1 via group 225.0.0.1 0 17.1.1.1 PIM 21 ms -1 17.1.1.2 PIM 76 ms -2 12.131.1.1 PIM 76 ms [finished] 15-31 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 ZSR V2 Configuration Guide (System Management) 15.11 Configuring MAC Ping Overview MAC ping provides a method of monitoring performance and detecting errors at the MAC layer. It determines link-layer connectivity by sending and receiving EOAM MAC ping packets. OAM information contained in IEEE802.3 is called Ethernet Operation, Administration and Maintenance (EOAM).
PE2 sends a reply packet. If PE1 receives the reply packet within a specified period, the link layer is operating properly. Configuration Commands To configure MAC ping on the ZXR10 ZSR V2, run the following command: Command Function mac-ping <destination-mac>{interface <out-port>| vpls...
PE1 sends a MAC trace request. If the link is operating properly, MAC addresses of corresponding interfaces on PE1, PE2 and CE2 are recorded. Configuration Commands To configure MAC trace on ZXR10 ZSR V2, run the following command: Command Function mac-trace <destination-mac>{interface <out-port>|[vpls...
ZXR10 ZSR V2 Configuration Guide (System Management) Maintenance Commands To maintain MAC trace on the ZXR10 ZSR V2, run the following command: Command Function debug macping {all |error | event | info | packet} Displays errors, events, information and ZXR10# packets or all information when MAC trace packets are received and sent.
:gei-1/1 [002e.33d5.3f51]-> :gei-1/1 [00d0.d000.0500] ! [finished] 15.13 IP Performance Maintenance ZXR10 ZSR V2 provides the following commands to maintain IP performance. Command Function This enables IP debug function. It displays the debug debug ip ZXR10# information of IP processing and whether the route is sending or receiving IP packets.
Page 186
ZXR10 ZSR V2 Configuration Guide (System Management) This page intentionally left blank. 15-38 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 188
ZXR10 ZSR V2 Configuration Guide (System Management) Figure 10-3 NTP Working as a Client ..............10-4 Figure 10-4 NTP Working as a Server ..............10-5 Figure 10-5 Physical POS Interface Clock Configuration Instance ......10-8 Figure 11-1 Performance Management Configuration Example Topology Diagram....................
Page 189
Figures Figure 15-20 MAC Ping Network Structure ............15-32 Figure 15-21 MAC Ping Configuration Example ............ 15-33 Figure 15-22 Network Structure of MAC Trace............15-35 Figure 15-23 MAC Trace Configuration Example ..........15-36 SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 190
Figures This page intentionally left blank. SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
- Link Layer Discovery Protocol Data Unit - Label Switched Path - Label Switch Router - Media Access Control - Metropolitan Area Network - Management Information Base MPLS - Multiprotocol Label Switching - Network Management System SJ-20140504150128-007|2014-05-10 (R1.0) ZTE Proprietary and Confidential...
Page 192
ZXR10 ZSR V2 Configuration Guide (System Management) - Network Time Protocol - Packet Data Unit - Points Of Presence - Point-to-Point Protocol RADIUS - Remote Authentication Dial In User Service - Request For Comments - Service Level Agreement SNMP - Simple Network Management Protocol...