Siemens S223 User Manual

Siemens single-board fast ethernet switch operators user manual

page of 381

/ 381
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

User Manual

SURPASS hiD 6615 S223/S323 R1.5

UMN:CLI

A50010-Y3-C150-2-7619

Table of Contents

Summary of Contents for Siemens S223

Page 1: User Manual
User Manual SURPASS hiD 6615 S223/S323 R1.5 UMN:CLI A50010-Y3-C150-2-7619...
Page 2 Issued by the Communications Group Hofmannstraße 51 D-81359 München Technical modifications possible. Technical specifications and features are binding only insofar as they are specifically and expressly agreed upon in a written contract. User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 3 User Manual SURPASS hiD 6615 S223/S323 R1.5 Reason for Update Summary: System software upgrade added Details: Chapter/Section Issue History Issue Number A50010-Y3-C150-2-7619 Reason for Update System software upgrade added Date of Issue Reason for Update 07/2006 Initial release 08/2006 System software upgrade added...
Page 4: Table Of Contents
Limiting Number of User... 47 Telnet Access... 47 Auto Log-out ... 48 System Rebooting ... 48 Manual System Rebooting ... 48 Auto System Rebooting... 49 System Authentication ... 49 Authentication Method... 50 User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 5 User Manual SURPASS hiD 6615 S223/S323 R1.5 4.2.2 4.2.3 4.2.4 4.2.4.1 4.2.4.2 4.2.4.3 4.2.4.4 4.2.5 4.2.5.1 4.2.5.2 4.2.5.3 4.2.5.4 4.2.6 4.2.7 4.2.8 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.3.7 4.3.8 4.4.1 4.4.1.1 4.4.1.2 4.4.1.3 4.4.1.4 4.4.1.5 4.4.2 4.4.2.1 4.4.2.2 4.4.2.3 4.5.1...
Page 6 Configuration Management ... 91 Displaying System Configuration... 91 Saving System Configuration ... 92 Auto-Saving ... 92 System Configuration File ... 92 Restoring Default Configuration ... 93 System Management... 94 Network Connection ... 94 User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 7 User Manual SURPASS hiD 6615 S223/S323 R1.5 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.3.8 6.3.9 6.3.10 6.3.11 6.3.12 6.3.13 6.3.14 6.3.15 6.3.16 6.3.17 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.1.6 7.1.7 7.1.8 7.1.8.1 7.1.8.2 7.1.8.3 7.1.8.4 7.1.8.5 7.1.9 7.1.9.1 7.1.9.2 7.1.9.3 7.1.9.4...
Page 8 How to Operate Rule and QoS... 139 Rule Configuration ... 140 Rule Creation... 140 Rule Priority ... 140 Packet Classification ... 141 Rule Action... 143 Applying Rule... 145 Modifying and Deleting Rule... 145 Displaying Rule... 146 QoS... 146 User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 9 User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.3.1 7.6.3.2 7.6.3.3 7.6.3.4 7.6.3.5 7.6.4 7.6.4.1 7.6.4.2 7.6.4.3 7.6.4.4 7.6.4.5 7.6.4.6 7.6.4.7 7.9.1 7.10 7.10.1 7.10.2 7.11 7.12 7.12.1 7.12.2 7.12.3 7.12.4 7.12.5 7.13 7.13.1 7.13.1.1 Registering ARP Table...166 7.13.1.2 Displaying ARP Table ...166 7.13.2...
Page 10 Configuring STP/RSTP/MSTP/PVSTP/PVRSTP Mode (Required) ...211 Configuring STP/RSTP/MSTP... 212 Activating STP/RSTP/MSTP ... 212 Root Switch... 212 Path-cost... 212 Port-priority ... 213 MST Region... 214 MSTP Protocol... 215 Point-to-point MAC Parameters... 215 Edge Ports ... 215 User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 11 User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.5.9 8.3.6 8.3.6.1 8.3.6.2 8.3.6.3 8.3.6.4 8.3.7 8.3.8 8.3.9 8.3.9.1 8.3.9.2 8.3.9.3 8.3.9.4 8.3.9.5 8.3.9.6 8.3.9.7 8.3.9.8 8.3.10 8.4.1 8.4.1.1 8.4.1.2 8.4.1.3 8.4.1.4 8.4.1.5 8.4.1.6 8.4.1.7 8.5.1 8.5.2 8.6.1 8.6.2 8.8.1 8.8.1.1 8.8.1.2 8.8.1.3...
Page 12 DHCP Server Packet Filtering ... 263 Debugging DHCP ... 264 Ethernet Ring Protection (ERP)... 265 ERP Operation... 265 Loss of Test Packet (LOTP)... 267 Configuring ERP ... 267 ERP Domain ... 267 User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 13 User Manual SURPASS hiD 6615 S223/S323 R1.5 8.9.3.2 8.9.3.3 8.9.3.4 8.9.3.5 8.9.3.6 8.9.3.7 8.9.3.8 8.9.3.9 8.9.3.10 Displaying ERP Configuration ...270 8.10 8.10.1 8.10.2 8.10.3 8.10.4 8.10.5 8.10.6 8.11 8.12 8.13 8.14 9.1.1 9.1.2 9.1.3 9.1.4 9.1.5 9.1.6 9.1.7 9.2.1 9.2.1.1 9.2.1.2...
Page 14 Candidate RP Message with Cisco BSR... 314 Excluding GenID Option ... 314 PIM-SSM Group ... 315 PIM Snooping ... 315 Displaying PIM-SM Configuration... 316 IP Routing Protocol... 317 Border Gateway Protocol (BGP) ... 317 User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 15 User Manual SURPASS hiD 6615 S223/S323 R1.5 10.1.1 10.1.1.1 Configuration Type of BGP...318 10.1.1.2 Enabling BGP Routing...318 10.1.1.3 Disabling BGP Routing...319 10.1.2 10.1.2.1 Summary of Path...320 10.1.2.2 Automatic Summarization of Path ...320 10.1.2.3 Multi-Exit Discriminator (MED) ...321 10.1.2.4 Choosing Best Path...321 10.1.2.5 Graceful Restart ...323...
Page 16 UDP Buffer Size of RIP... 371 Monitoring and Managing RIP ... 372 System Software Upgrade... 373 General Upgrade ... 373 Boot Mode Upgrade ... 374 FTP Upgrade ... 377 Abbreviations ... 379 User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 17: A50010-Y3-C150-2-7619
Fig. 8.33 Fig. 8.34 Fig. 8.35 Fig. 8.36 Fig. 8.37 A50010-Y3-C150-2-7619 Network Structure with hiD 6615 S223/S323...23 Software mode structure ...28 Process of 802.1x Authentication...64 Multiple Authentication Servers...65 hiD 6615 S223/S323 Interface ...73 Port Mirroring...81 Ping Test for Network Status ...97 IP Source Routing ...97...
Page 18 IGMP Snooping and PIM-SM Configuration Network ... 279 IP Multicasting ... 290 RPT of PIM-SM ... 304 STP of PIM-SM... 304 In Case Multicast Source not Directly Connected to Multicast Group ... 313 User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 19 User Manual SURPASS hiD 6615 S223/S323 R1.5 Tables Tab. 1.1 Tab. 1.2 Tab. 3.1 Tab. 3.2 Tab. 3.3 Tab. 3.4 Tab. 3.5 Tab. 3.6 Tab. 3.7 Tab. 3.8 Tab. 3.9 Tab. 3.10 Tab. 3.11 Tab. 3.12 Tab. 3.13 Tab. 6.1 Tab.
Page 20: Introduction
UMN:CLI 1 Introduction Audience This manual is intended for SURPASS hiD 6615 S223/S323 single-board Fast Ethernet switch operators and maintenance personnel for providers of Ethernet services. This manual assumes that you are familiar with the following: • Ethernet networking technology and standards •...
Page 21: Document Convention
User Manual SURPASS hiD 6615 S223/S323 R1.5 Document Convention This guide uses the following conventions to convey instructions and information. Information This information symbol provides useful information when using commands to configure and means reader take note. Notes contain helpful suggestions or references.
Page 22: Gpl/Lgpl Warranty And Liability Exclusion
Open Source Software contained in this product, please consult the GPL and LGPL. You have no warranty claims against Siemens when a defect in the product is or could- have been caused by changes made by you in any part of the software or its configura- tion.
Page 23: System Overview
SURPASS hiD 6615 L3 switch supports routing based on VLAN, IP multicasting, and pro- vides Layer 3 switching service such as IP packet filtering or DHCP. The Fig. 2.1 shows network construction with using hiD 6615 S223/S323. Fig. 2.1 A50010-Y3-C150-2-7619...
Page 24: System Features
UMN:CLI System Features Main features of hiD 6615 S223/S323, having Fast Ethernet switch and Layer 3 switching function which supports both Ethernet switching and IP routing, are follow. Routing functionalities such as RIP, OSPF, BGP and PIM-SM are only available for hiD 6615 S323.
Page 25 DHCP relay and Option 82 function. Spanning Tree Protocol (STP) To prevent loop and preserve backup route in layer 2 network, the hiD 6615 S223/S323 supports STP (802.1D). Between STP enabled switches, a root bridge is automatically selected and the network remains in tree topology. But the recovery time in STP is very slow (about 30 seconds), RSTP (Rapid Spanning Tree Protocol) is also provided.
Page 26 UMN:CLI RADIUS and TACACS+ hiD 6615 S223/S323 supports client authentication protocol, that is RADIUS(Remote Au- thentication Dial-In User Service) and TACACS+(Terminal Access Controller Access Con- trol System Plus). Not only user IP and password registered in switch but also authentica- tion through RADIUS server and TACACS+ server are required to access.
Page 27: Command Line Interface (Cli)
Useful Tips • Command Mode You can configure and manage the hiD 6615 S223/S323 by console terminal that is in- stalled on user’s PC. For this, use the CLI-based interface commands. Connect RJ45-to- DB9 console cable to the hiD 6615 S223/S323.
Page 28: Fig. 3.1 Software Mode Structure
UMN:CLI Fig. 3.1 shows hiD 6615 S323 software mode structure briefly. Fig. 3.1 Software mode structure User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 29: Privileged Exec View Mode
User Manual SURPASS hiD 6615 S223/S323 R1.5 3.1.1 Privileged EXEC View Mode When you log in to the switch, the CLI will start with Privileged EXEC View mode that is a read-only mode. In this mode, you can see a system configuration and information with several commands.
Page 30: Bridge Configuration Mode
Opens Router Configuration mode.(OSPF. RIP, VRRP, PIM, BGP) Configures SNMP. Configures SNTP Configures syslog. Configures time zone. Main Commands of Global Configuration Mode Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Description Opens Bridge Configuration mode. A50010-Y3-C150-2-7619 User Manual...
Page 31: Rule Configuration Mode
User Manual SURPASS hiD 6615 S223/S323 R1.5 Tab. 3.4 shows a couple of main commands of Bridge Configuration mode. auto-reset dhcp-server-filter lacp lldp mac-flood-guard mirror port trunk vlan Tab. 3.4 3.1.5 Rule Configuration Mode You can open Rule Configuration mode using the command, rule NAME create, on Global Configuration mode.
Page 32: Dhcp Configuration Mode
Configures a remote ID. Configures the remote ID of the system. Configures the circuit ID of the system. Main Commands of DHCP Option 82 Configuration Mode SURPASS hiD 6615 S223/S323 R1.5 Description Opens DHCP Configuration mode to configure DHCP. Description...
Page 33: Interface Configuration Mode
User Manual SURPASS hiD 6615 S223/S323 R1.5 3.1.8 Interface Configuration Mode To open Interface Configuration mode, enter the command, interface INTERFACE, on Global Configuration mode, and then the prompt is changed from SWITCH(config)# to SWITCH(config-if)#. interface INTERFACE Interface Configuration mode is to assign IP address in Ethernet interface and to activate or deactivate interface.
Page 34: Router Configuration Mode
IP-PROTOCOL Routing functionalities such as RIP, OSPF, BGP, VRRP and PIM-SM are only available for hiD 6615 S323. (Unavailable for hiD 6615 S223) According to routing protocol way, Router Configuration mode is divided into BGP, RIP, and OSPF. They are used to configure each IP routing protocol.
Page 35: Route-Map Configuration Mode
User Manual SURPASS hiD 6615 S223/S323 R1.5 3.1.12 Route-Map Configuration Mode To open Route-map Configuration mode, use the following command. The prompt is changed from SWITCH(config)# to SWITCH(config-route-map)#. route-map NAME {permit | deny} <1-65535> On Route-map Configuration mode, you can configure the place where information is from and sent in routing table.
Page 36: Useful Tips
Send echo messages Execute external command Management stacking node Release the acquired address of the interface Reload the system Re-acquire an address for the interface Restore configurations Show running system information Configure secure shell User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 37: Calling Command History
-- more – Press the <ENTER> key to skip to the next list. In case of the hiD 6615 S223/S323 installed command shell, you can find out commands starting with specific alphabet. Input the first letter and question mark without space. The following is an example of finding out the commands starting “s”...
Page 38: Using Abbreviation
SWITCH# exit (arrow key ↑) SWITCH# interface 1 (arrow key ↑) SWITCH# configure terminal (arrow key ↑) SWITCH# show clock (arrow key ↑) The hiD 6615 S223/S323 also provides the command that shows the commands used before up to 100 lines. show history 3.2.3 Using Abbreviation Most of the commands can be used also with abbreviated form.
Page 39: Exit Current Command Mode
User Manual SURPASS hiD 6615 S223/S323 R1.5 3.2.5 Exit Current Command Mode To exit to the previous command mode, use the following command. exit If you use the command, exit, on Privileged EXEC View mode or Privileged EXEC En- able mode, you will be logged out!
Page 40: System Connection And Ip Address
4 System Connection and IP Address System Connection After installing switch, the hiD 6615 S223/S323 is supposed to examine that each port is rightly connected to network and management PC. And then, user connects to system to configure and manage the hiD 6615 S223/S323. This section provides instructions how to change password for system connection, connect to system through telnet as the follow- ing order.
Page 41: Password For Privileged Exec Mode
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.1.2 Password for Privileged EXEC Mode You can configure a password to enhance the security for Privileged EXEC Enable mode. To configure a password for Privileged EXEC Enable mode, use the following command.
Page 42: Changing Login Password
4.1.4.1 Creating System Account For the hiD 6615 S223/S323, the administrator can create a system account. In addition, it is possible to set the security level from 0 to 15 to enhance the system security. To create a system account, use the following command.
Page 43: Configuring Security Level
4.1.4.2 Configuring Security Level For the hiD 6615 S223/S323, it is possible to configure the security level from 0 to 15 for a system account. The level 15, as the highest level, has a read-write authority. The ad- ministrator can configure from level 0 to level 14. The administrator decides which level user uses which commands in which level.
Page 44 For example, if you input show, all the commands starting with show are applied. Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Uses the specific command of RMON Configuration mode in the level. Uses the specific command of RMON Configuration mode in the level.
Page 45 User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete a configured security level, use the following command. no privilege no privilege bgp level <0-15> {COMMAND | all} no privilege bridge level <0-15> {COMMAND | all} no privilege configure level <0-15> {COMMAND | all} no privilege dhcp-option82 level <0-15>...
Page 46 In the above configuration, as level 0, it is possible to use only show command in Privi- Command Mode View Enable Global Description level0user level1user Level Command configure terminal enable show SURPASS hiD 6615 S223/S323 R1.5 Description Shows a configured security level. Shows a security level of current mode. Level A50010-Y3-C150-2-7619 User Manual...
Page 47: Limiting Number Of User
4.1.5 Limiting Number of User For hiD 6615 S223/S323, you can limit the number of user accessing the switch through both console port and telnet. In case of using the system authentication with RADIUS or TACACS+, the configured number includes the number of user accessing the switch via the authentication server.
Page 48: Auto Log-Out
UMN:CLI 4.1.7 Auto Log-out For security reasons of the hiD 6615 S223/S323, if no command is entered within the configured inactivity time, the user is automatically logged out of the system. Administra- tor can configure the inactivity timer. To enable auto-logout function, use the following command.
Page 49: Auto System Rebooting
4.1.8.2 Auto System Rebooting The hiD 6615 S223/S323 reboots the system according to user’s configuration. There are two basises for system rebooting. These are CPU and memory. CPU is rebooted in case CPU Load or Interrupt Load continues for the configured time. Memory is automatically rebooted in case memory low occurs as the configured times.
Page 50: Authentication Method
| host | all} disable 4.2.2 Authentication Interface If more than 2 interfaces are specified to the hiD 6615 S223/S323, you can designate one specific interface to access RADIUS or TACACS server. To designate an authentication interface, use the following command.
Page 51: Radius Server
A.B.C.D <1-5> 4.2.4.3 Timeout of Authentication Request After the authentication request, the hiD 6615 S223/S323 waits for the response from the RADIUS server for specified time. To specify a timeout value, use the following command. login radius timeout <1-100>...
Page 52: Frequency Of Retransmit
UMN:CLI 4.2.4.4 Frequency of Retransmit If there is no response from RADIUS server, the hiD 6615 S223/S323 is supposed to re- transmit an authentication request. To set the frequency of retransmitting an authentica- tion request, use the following command. login radius retransmit <1-10>...
Page 53: Additional Tacacs+ Configuration
<1-100> 4.2.5.4 Additional TACACS+ Configuration The hiD 6615 S223/S323 provides several additional options to configure the system au- thentication via TACACS server. TCP Port for the Authentication To specify TCP port for the system authentication, use the following command.
Page 54: Accounting Mode
4.2.6 Accounting Mode The hiD 6615 S223/S323 provides the accounting function of AAA (Authentication, Au- thorization, and Accounting). Accounting is the process of measuring the resources a user has consumed. Typically, accounting measures the amount of system time a user has used or the amount of data a user has sent and received.
Page 55: Sample Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.2.8 Sample Configuration [Sample Configuration 1] Configuration RADIUS server The following is an example of configuring authorization method in SURPASS hiD 6615. It is configured to add RADIUS to default method in case of clients connecting through con- sole and telnet.
Page 56: Assigning Ip Address
The switch uses only the data’s MAC address to determine where traffic needs to come from and which ports should receive the data. Switches do not need IP addresses to transmit packets. However, if you want to access to the hiD 6615 S223/S323 from remote SURPASS hiD 6615 S223/S323 R1.5...
Page 57: Enabling Interface
User Manual SURPASS hiD 6615 S223/S323 R1.5 place with TCP/IP through SNMP or telnet, it requires IP address. You can enable interface to communicate with switch interface on network and assign IP address as the following: • Enabling Interface Disabling Interface •...
Page 58: Assigning Ip Address To Network Interface
Command Command Mode Interface Command Mode Interface Command Command SURPASS hiD 6615 S223/S323 R1.5 Mode Description Assigns IP address to an interface. Interface Assigns secondary IP address to an interface. Description Removes assigned IP address to an interface. Removes assigned secondary IP address to an inter- face.
Page 59: Displaying Forwarding Information Base(Fib) Table
User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of configuring static route to reach three destinations, which are not directly connected. SWITCH(config)# ip route 100.1.1.0/24 10.1.1.2 SWITCH(config)# ip route 200.1.1.0/24 20.1.1.2 SWITCH(config)# ip route 172.16.1.0/24 30.1.1.2 To display configured static route, use the following command.
Page 60: Displaying Interface
SWITCH(config)# ip route default 192.168.1.254 SWITCH(config)# Command Mode Enable Global Interface Enable Global Scope Status global SURPASS hiD 6615 S223/S323 R1.5 Description Shows interface status and configuration. INTERFACE: interface name Shows brief information of interface. INTERFACE: interface name A50010-Y3-C150-2-7619 User Manual...
Page 61: Ssh (Secure Shell)
So, transmit rate becomes faster, and tunnel for existing ftp and pop, which are not safe in security, is supported. 4.4.1 SSH Server The hiD 6615 S223/S323 can be operated as SSH server. You can configure the switch as SSH server with the following procedure. Enabling SSH Server •...
Page 62: Assigning Specific Authentication Key
File Copy • Configuring Authentication Key • 4.4.2.1 Login to SSH Server To login to SSH server after configuring the hiD 6615 S223/S323 as SSH client, use the following command. ssh login DESTINATION [PUBLIC_KEY] 4.4.2.2 File Copy To copy a file from/to SSH server, use the following command.
Page 63 User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure authentication key in the hiD 6615 S223/S323, use the following command. ssh keygen {rsa1 | rsa | dsa} To configure authentication key and connect to SSH server with the authentication key, perform the following procedure.
Page 64: Authentication
The following figure explains the process of 802.1x authentication. [Suppliant] EAPOL-Start EAP-Response / Identity EAP-Response Fig. 4.1 To enable 802.1x authentication on port of the hiD 6615 S223/S323, you should be able to perform the following tasks. EAPOL (EAP over LAN) [Authenticator] EAP-Request / Identity...
Page 65: Authentication
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.5.1 802.1x Authentication 4.5.1.1 Enabling 802.1x To configure 802.1x, the user should enable 802.1x daemon first. In order to enable 802.1x daemon, use the following command. dot1x system-auth-control no dot1x system-auth-control 4.5.1.2 Configuring RADIUS Server As RADIUS server is registered in authenticator, authenticator also can be registered in RADIUS server.
Page 66: Configuring Authentication Mode
Mode Global Command Mode auth-mode mac-base Global SURPASS hiD 6615 S223/S323 R1.5 Description Registers RADIUS server with key value and UDP port of radius server. IP-ADDRESS: Ip address of radius server NAME: host name 0-65535: UDP port number KEY: the value of key Configures IP address of RADIUS server and key value.
Page 67: Authentication Port
4.5.1.6 Configuring Interval for Retransmitting Request/Identity Packet In hiD 6615 S223/S323, it is possible to specify how long the device waits for a client to send back a response/identity packet after the device has sent a request/identity packet. If the client does not send back a response/identity packet during this time, the device re- transmits the request/identity packet.
Page 68: Configuring Number Of Request To Radius Server
Configuring Interval of Request to RADIUS Server For the hiD 6615 S223/S323, it is possible to set the time for the retransmission of pack- ets to check RADIUS server. If there’s a response from other packets, the switch waits for a response from RADIUS server during the configured time before resending the request.
Page 69: Configuring The Interval Of Re-Authentication
In hiD 6615 S223/S323, you can set the number of seconds that the authenticator should wait for a response to request/identity packet from the suppliant before retransmitting the request.
Page 70: Initializing Authentication Status
Mode Enable Global Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Implement re-authentication regardless of the config- ured time interval. Description Initializes the authentication status on the port. Description Applies the default value. Description Shows 802.1x configuration.
Page 71: Sample Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 4.5.7 Sample Configuration The following is to show the configuration after configuring pot number 4 as the authenti- cation port and registering IP address of authentication port and information of RADIUS server. SWTICH(config)# dot1x system-auth-control...
Page 72 UMN:CLI PortAuthed |... MacEnable |...m... MacAuthed |...u... ------------------------------------------------------- p = port-based, m = mac-based, a = authenticated, u = unauthenticated SWTICH(config)# User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 73: Port Configuration
5 Port Configuration It is possible for user to configure basic environment such as auto-negotiate, transmit rate, and flow control of the hiD 6615 S223/S323 port. Also, it includes instructions how to con- figure port mirroring and port as basic.
Page 74: Ethernet Port Configuration
TYPE PVID STATUS (ADMIN/OPER) Down/Down Auto/Half/0 Down/Down Auto/Half/0 Down/Down Auto/Half/0 Up/Down Auto/Half/0 Up/Down Auto/Half/0 SURPASS hiD 6615 S223/S323 R1.5 Description Selects port type (Default: RJ45) Description Shows port type Description Enables/disables a port, enter a port number. (Default: enable) MODE...
Page 75: Auto-Negotiation
To enable/disable the auto-negotiation on an Ethernet port, use the following command. port nego PORTS { on | off } For the hiD 6615 S223/S323, you can configure transmit rate and duplex mode as stan- dard to configure transmit rate or duplex mode of connected equipment even when auto- negotiation is enabled.
Page 76: Duplex Mode
PVID STATUS (ADMIN/OPER) Up/Up Force/Full/100 TYPE PVID STATUS (ADMIN/OPER) Up/Down Force/Half/100 SURPASS hiD 6615 S223/S323 R1.5 MODE FLOWCTRL INSTALLED MODE FLOWCTRL INSTALLED Description Sets full or half duplex mode of specified port, enter the port number. MODE FLOWCTRL INSTALLED MODE...
Page 77: Port Description
User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure flow control of the Ethernet port, use the following command. port flow-control PORTS { on | off } The following is an example of configuring flow control to port 25. SWITCH(bridge)# show port 25...
Page 78: Traffic Statistics
3,242 5,669,264 165,438 12,949 1,662 31,177 SURPASS hiD 6615 S223/S323 R1.5 Description Shows traffic statistics of average packet for a specified Ethernet port. Shows traffic statistics of average packet type for a specified Ethernet port. Shows interface MIB counters of a specified Ethernet port.
Page 79: The Cpu Statistics
User Manual SURPASS hiD 6615 S223/S323 R1.5 Otherwise, to clear all recorded statistics of port and initiate, use the following command. clear port statistics {PORTS | all } 5.2.7.2 The CPU statistics To display CPU statistics of Ethernet port, use the following command.
Page 80: Port Status
Up/Down Ethernet Up/Down Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Shows configured state of port, enter the port number. Shows port specific description (max. number of char- acters is 100), enter the port number. Shows port module information.
Page 81: Fig. 5.2 Port Mirroring
User Manual SURPASS hiD 6615 S223/S323 R1.5 Fig. 5.2 To configure port mirroring, designate mirrored ports and monitor port. Then enable port mirroring function. Monitor port should be connected to the watch program installed PC. You can designate only one monitor port but many mirrored ports for one switch.
Page 82 Monitor port = SWITCH(bridge)# Command Mode Bridge Command Mode Bridge ----------------------------------- |123456789012 ----------------------------------- Ingress Mirrored Ports|... Egress Mirrored Ports|... SURPASS hiD 6615 S223/S323 R1.5 Description Deactivate monitoring. Delete a port from the mirrored ports. Description Disable port mirroring function. A50010-Y3-C150-2-7619 User Manual...
Page 83: System Environment
User Manual SURPASS hiD 6615 S223/S323 R1.5 6 System Environment Environment Configuration You can configure a system environment of the hiD 6615 S223/S323 with the following items: Host Name • Time and Date • Time Zone • Network Time Protocol •...
Page 84: Time Zone
6.1.3 Time Zone The hiD 6615 S223/S323 provides three kinds of time zone, GMT, UCT and UTC. The time zone of the switch is predefined as GMT (Greenwich Mean Time). Also you can set the time zone where the network element belongs.
Page 85: Ntp (Network Time Protocol)
SWITCH(config)# 6.1.5 NTP (Network Time Protocol) The hiD 6615 S223/S323 sends and receives the messages constantly with NTP server in order to adjust the recent time. NTP bind-address help NTP server classify the user’s swith. To assign IP address that transmitting the message with NTP server, use the following command.
Page 86: Terminal Configuration
6.1.7 Terminal Configuration By default, the hiD 6615 S223/S323 is configured to display 24 lines composed by 80 characters on console terminal. The maximum line displaying is 512 lines. To set the number of line displaying on terminal screen, use the following command.
Page 87: Login Banner
User Manual SURPASS hiD 6615 S223/S323 R1.5 6.1.8 Login Banner It is possible to set system login and log-out banner. Administrator can leave a message to other users with this banner. To set system login and log-out banner, use the following command.
Page 88: Fan Operation
6.1.10 Fan Operation In hiD 6615 S223/S323, it is possible to control fan operation. To control fan operation, use the following command. fan operation { on | off } It is possible to configure to start and stop fan operation according to the system tempera- ture.
Page 89: Port Traffic
User Manual SURPASS hiD 6615 S223/S323 R1.5 To show a configured threshold of CPU load, use the following command. show cpuload 6.1.12.2 Port Traffic To set a threshold of port traffic, use the following command. threshold THRESHOLD { 5 | 60 | 600 } { rx |...
Page 90: System Temperature
6.1.13 Enabling FTP Server FTP server is enabled on hiD 6615 S223/S323 by default. But this configuration can’t provide the security serveice becaue it’s easy to access to the port #23 by others. If the default configuration is unnecessary on sysem, user can disable the system as FTP server.
Page 91: Assigning Ip Address Of Ftp Client
Serveral IP addresses can be assigned on hiD 6615 S223/S323. But user can specify one source IP address connecting FTP server when the switch is a client. To configure FTP binding address as a source IP address when hiD 6615 S223/S323 as a client con- nects to FTP server, use the following command.
Page 92: Saving System Configuration
When you use the command, write memory, make sure there is no key input until [OK] message appears. 6.2.3 Auto-Saving In hiD 6615 S223/S323, it is possible to save the configuration automatically. To configure the con-figuration periodically, use the following command. write interval <10-1440> no write interval 6.2.4...
Page 93: Restoring Default Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 To back up a system configuration file using FTP or TFTP, use the following command. copy { ftp | tftp } config upload {FILE-NAME | startup-config } copy { ftp | tftp } config download...
Page 94: System Management
To perform a ping test to verify network status, use the following command. ping [IP-ADDRESS] Command Mode Enable SURPASS hiD 6615 S223/S323 R1.5 Description Performs a ping test to verify network status. A50010-Y3-C150-2-7619 User Manual...
Page 95: Tab. 6.2 Options For Ping
User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is the basic information to operate ping test. Protocol [ip] Target IP address Repeat count [5] Datagram size [100] Timeout in seconds [2] Extended commands [n] Tab. 6.2 The following is an example of ping test 5 times to verify network status with IP address 172.16.1.254.
Page 96: Tab. 6.3 Options For Ping For Multiple Ip Addresses
Fragment. Therefore there could be error mes- sage. Configures data pattern. Default is OxABCD. Options for Ping for Multiple IP Addresses User Manual SURPASS hiD 6615 S223/S323 R1.5 Description A50010-Y3-C150-2-7619...
Page 97: Ip Icmp Source-Routing
In the above figure, if you perform ping test from PC to C, it goes through the route of 「A→B→C」. This is the general case. But, the hiD 6615 S223/S323 can enable to per- form ping test from PC as the route of「A→E→D→C」.
Page 98: Tracing Packet Route
Step 1 Enable IP source-routing function from the equipment connected to PC which the PING test is going to be performed. To enable/disable IP source-routing in the hiD 6615 S223/S323, use the following com- mand. ip icmp source-route no ip icmp source-route...
Page 99: Displaying User Connecting To System
User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of tracing packet route sent to 10.2.2.20. SWITCH# traceroute 10.2.2.20 traceroute to 10.2.2.20 (10.2.2.20), 30 hops max, 38 byte packets 1 10.2.2.20 (10.2.2.20) 0.598 ms 0.418 ms 0.301 ms SWITCH# 6.3.4...
Page 100: Configuring Ageing Time
10:41am up 15 days, 10:55, 0 users, load average: 0.05, 0.07, 0.01 SWITCH# 6.3.8 System Information To display the system information, use the following command. show system The following is an example of displaying the system information of hiD 6615 S223/S323. SWITCH(config)# show system SWITCH(config)# Command Mode <10-...
Page 101: System Memory Information
6.3.12 Running Process The hiD 6615 S223/S323 provides a function that shows information of the running proc- esses. The information with this command can be very useful to manage the switch. To display information of the running processes, use the following command.
Page 102: Displaying System Image
To display utilization of flash memory, use the followng command. show flash 6.3.15 Default OS The hiD 6615 S223/S323 supports dual OS You can show the flash memory by using show system command. When there are two kinds of system images installed, user can PID %CPU %MEM 1448...
Page 103: Switch Status
SURPASS hiD 6615 S223/S323 R1.5 configure one of two as default OS what user wants. In hiD 6615 S223/S323, a system image saved in os1 is configured as default OS by default. To desgnate a default OS, use the following command.
Page 104: Network Management
SNMP agent sends trap to administrator for specific cases. Trap is a warning message to alert network status to SNMP administrator. The hiD 6615 S223/S323 enhances accessing management of SNMP agent more and limit the range of OID opened to agents.
Page 105: Information Of Snmp Agent
User Manual SURPASS hiD 6615 S223/S323 R1.5 To display a configured SNMP community, use the following command. show snmp community The following is an example of creating 2 SNMP communities. SWITCH(config)# snmp community ro public SWITCH(config)# snmp community rw private...
Page 106: Snmp Com2Sec
TEST 10.1.1.1 PUBLIC Command Mode Global Enable Global SURPASS hiD 6615 S223/S323 R1.5 Description Specifies the mapping from the identity of the host and community name to security name, enter security and community name. SECURITY: security name COMMUNITY: community name Deletes a specified security name, enter the security name.
Page 107: Snmp View Record
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.5 SNMP View Record You can create an SNMP view record to limit access to MIB objects with object identity (OID) by an SNMP manager. To configure an SNMP view record, use the following command.
Page 108: Snmp Version 3 User
TEST Command Mode Global Command Mode Enable Global SURPASS hiD 6615 S223/S323 R1.5 Description Shows a granted an SNMP group to access a specific SNMP view record WriteView none Description Creates SNMP version 3 user. USER : enters user name...
Page 109: Snmp Trap Host
“alarm-report” trap-mode will be used form SLE MIB OID which is Siemens private OID. In order to manage hiD 6615 S223/S323 using ACI-E, the trap-mode must be set as “alarm-report”. Otherwise, ACI-E would not recognize any traps set from the hiD 6615 S223/S323.
Page 110: Enabling Snmp Trap
PORTS Global Command Mode SURPASS hiD 6615 S223/S323 R1.5 Description Configures the system to send SNMP trap when SNMP authentication is fail. Configures the system to send SNMP trap when SNMP agent restarts. Configures the system to send SNMP trap when a port is connected to network.
Page 111: Disabling Snmp Trap
User Manual SURPASS hiD 6615 S223/S323 R1.5 snmp trap dhcp-lease snmp trap fan snmp trap power snmp trap module 7.1.8.4 Disabling SNMP Trap To disable SNMP trap, use the following command. no snmp trap auth-fail no snmp trap cold-start no snmp trap link-up PORTS...
Page 112: Displaying Snmp Trap
7.1.9 SNMP Alarm The hiD 6615 S223/S323 provides an alarm notification function. The alarm will be sent to a SNMP trap host whenever a specific event in the system occurs through CLI and ACI-E. You can also set the alarm severity on each alarm and make the alarm be shown only in case of selected severity or higher.
Page 113: Default Alarm Severity
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.1.9.2 Default Alarm Severity To configure a priority of alarm, use the following command. snmp { critical | major | minor | warning | intermediate } 7.1.9.3 Alarm Severity Criterion You can set an alarm severity criterion to make an alarm be shown only in case of se- lected severity or higher.
Page 114: Generic Alarm Severity
{ critical | major | minor | warning | intermediate } Command Mode Global User Manual SURPASS hiD 6615 S223/S323 R1.5 Description Configures the priority of fan-fail alarm Configures the priority of cold-start alarm Configures the priority of broadcast-...
Page 115: Adva Alarm Severity
User Manual SURPASS hiD 6615 S223/S323 R1.5 If you want to delete a configured alarm severity, use the following command. no snmp alarm-severity fan-fail no snmp alarm-severity cold-start no snmp alarm-severity broadcast-over no snmp alarm-severity cpu-load-over no snmp alarm-severity dhcp-lease...
Page 116: Erp Alarm Severity
} Command Command Command alarm-severity erp-domain-multi-rm User Manual SURPASS hiD 6615 S223/S323 R1.5 Mode Description Sends alarm notification with the sever- ity when ADVA informs to fail to transmit the packets. Sends alarm notification with the sever- ity when ADVA informs there’s any problem on the power.
Page 117: Stp Guard Alarm Severity
User Manual SURPASS hiD 6615 S223/S323 R1.5 snmp { critical | major | minor | warning | intermedi- ate } snmp alarm-severity erp-domain-ulotp { critical | major | minor | warning | intermediate } To delete a configured severity of alarm for ERP status, use the following command.
Page 118: Disabling Snmp
Global Command Mode Enable Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Shows a configured severity of alarm. Description Deletes a recorded alarm in the system. Description Shows a current alarm report. Description Deletes a recorded alarm report in the system.
Page 119: Operation, Administration And Maintenance (Oam)
User Manual SURPASS hiD 6615 S223/S323 R1.5 Operation, Administration and Maintenance (OAM) In the enterprise, Ethernet links and networks have been managed via Simple Network Management Protocol (SNMP). Although SNMP provides a very flexible management so- lution, it is not always efficient and is sometimes inadequate to the task.
Page 120: Local Oam Mode
Mode Bridge Command Mode Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Configures the mode of local OAM. Description Sends the information by using TX. Disables to transmit the information by using TX. Description Enables remote OAM. Disables remote OAM.
Page 121: Displaying Oam Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 To display the information of peer host using OAM function, use the following command. oam remote alarm optical <1-3> <0-65535> PORTS oam remote alarm temperature <0-255> PORTS oam remote alarm voltage { min | max } <0-65535>...
Page 122 SWITCH(bridge)# oam remote loopback start 25 PORT[25]: The remote DTE loopback is success. SWITCH(bridge)# item value ENABLE ACTIVE FORWARD DISCARD UNSUPPORT UNSUPPORT SUPPORT(disable) UNSUPPORT(disable) item value ACTIVE 00:d0:cb:27:00:94 UNSUPPORT UNSUPPORT SUPPORT(enable) UNSUPPORT User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 123: Link Layer Discovery Protocol (Lldp)
7.3.1 LLDP Operation The hiD 6615 S223/S323 supporting LLDP transmits the management information be- tween near switches. The information carries the management information that can rec- ognize the switches and the function. This information is saved in internal MIB (Manage- ment Information Base) When LLDP starts to operate, the switches send their information to near switches.
Page 124: Lldp Message
| syscap } 7.3.4 LLDP Message In hiD 6615 S223/S323, it is possible to configure the interval time and times of sending LLDP message. To configure the interval time and times of LLDP message, use the fol- lowing command.
Page 125: Displaying Lldp Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.3.6 Displaying LLDP Configuration To display LLDP configuration, use the following command. show lldp config PORTS show lldp remote PORTS show lldp statistics PORTS To delete an accumulated statistics on the port, use the following command.
Page 126: Remote Monitoring (Rmon)
Input a question mark <?> at the system prompt on RMON Configuration mode if you : 0/1 (1) : 50 : 50 : 1800 : none : under create Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Opens RMON-history Configuration mode. 1-65535: index number A50010-Y3-C150-2-7619 User Manual...
Page 127: Source Port Of Statistical Data
User Manual SURPASS hiD 6615 S223/S323 R1.5 want to list available commands. The following is an example of listing available commands on RMON Configuration mode. SWITCH(config-rmonhistory[5])# ? RMON history configuration commands: active data-source exit help interval owner requested-buckets show SWITCH(config-rmonhistory[5])# 7.4.1.1...
Page 128: Activating Rmon History
Command Mode RMON Command Mode RMON Command Mode running-config rmon- SURPASS hiD 6615 S223/S323 R1.5 Description Activates RMON history. Description Deletes RMON history of specified number, enter the value for deleting. Description Shows a configured RMON history. A50010-Y3-C150-2-7619 User Manual...
Page 129: Rmon Alarm
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.4.2 RMON Alarm There are two ways to compare with the threshold: absolute comparison and delta com- parison. Absolute Comparison: Comparing sample data with the threshold at configured in- • terval, if the data is more than the threshold or less than it, alarm is occurred •...
Page 130: Object Of Sample Inquiry
RMON Command Mode RMON Command Mode RMON SURPASS hiD 6615 S223/S323 R1.5 Description Assigns MIB object used for sample inquiry. Description Compares object with the threshold directly. Description Compares difference between current data and the latest data with the threshold.
Page 131: Lower Bound Of Threshold
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.4.2.5 Lower Bound of Threshold If you need to occur alarm when object used for sample inquiry is less than lower bound of threshold, you should configure lower bound of threshold. To configure lower bound of threshold, use the following command.
Page 132: Activating Rmon Alarm
Command Mode Global Command Mode running-config rmon- Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Configures interval of sample inquiry. (unit: second) Description Activates RMON alarm. Description Deletes RMON history of specified number, enter the value for deleting. Description Shows a configured RMON alarm.
Page 133: Event Description
User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure community for trap message transmission, use the following command. community NAME 7.4.3.2 Event Description It is possible to describe event briefly when event is happened. However, the description will not be automatically made. Thus administrator should make the description.
Page 134: Deleting Configuration Of Rmon Event
To display RMON alarm, use the following command. show event Command Mode RMON Command Mode Global Command Mode running-config rmon- SURPASS hiD 6615 S223/S323 R1.5 Description Activates RMON event. Description Delete RMON event of specified number. Description Shows a configured RMON event. A50010-Y3-C150-2-7619 User Manual...
Page 135: Syslog
User Manual SURPASS hiD 6615 S223/S323 R1.5 Syslog The syslog is a function that allows the network element to generate the event notification and forward it to the event message collector like a syslog server. This function is enabled as default, so even though you disable this function manually, the syslog will be enabled again.
Page 136 Mode Global Command Mode Global User Manual SURPASS hiD 6615 S223/S323 R1.5 Description Generates a user-defined syslog mes- sage with a priority and forwards it to the console. Generates a user-defined syslog mes- sage with a priority in the system mem- ory.
Page 137: Facility Code
User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of configuring syslog message to send all logs higher than notice to remote host 10.1.1.1 and configuring local1.info to transmit to console. SWITCH(config)# syslog output notice remote 10.1.1.1...
Page 138: Debug Message For Remote Terminal
Enable Global Enable Global Command Mode Enable Global SURPASS hiD 6615 S223/S323 R1.5 Description Enables a terminal monitor function. Disables a terminal monitor function. Description Disables the syslog. Description Shows a received syslog message. volatile: removes a syslog message after restart.
Page 139: Rule And Qos
SURPASS hiD 6615 S223/S323 R1.5 Rule and QoS The hiD 6615 S223/S323 provides rule and QoS feature for traffic management. The rule classifies incoming traffic, and then processes the traffic according to user-defined poli- cies. You can use the physical port, 802.1p priority (CoS), VLAN ID, DSCP, and so on to classify incoming packets.
Page 140: Rule Configuration
Rule Configuration 7.6.2.1 Rule Creation For the hiD 6615 S223/S323, you need to open Rule Configuration mode first. To open Rule Configuration mode, use the following command. rule NAME create After opening Rule Configuration mode, the prompt changes from SWITCH(config)# to SWITCH(config-rule[name])#.
Page 141: Packet Classification
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.2.3 Packet Classification After configuring a packet classification for a rule, then configure how to process the packets. To specify a packet-classifying pattern, use the following command. When specifying a source and destination IP address as a packet-classifying pattern, the destination IP address must be after the source IP address.
Page 142 Command Mode Rule Command Mode Rule SURPASS hiD 6615 S223/S323 R1.5 Description Classifies an IP protocol (ICMP): A.B.C.D: source/destination IP address A.B.C.D/M: source/destination IP address with mask any: any source/destination IP address icmp: ICMP Classifies an IP protocol (ICMP): A.B.C.D: source/destination IP address...
Page 143: Rule Action
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.2.4 Rule Action To specify a rule action (match) for the packets matching configured classifying patterns, use the following command. match deny match permit match redirect PORT match mirror match dscp <0-63> match cos <0-7>...
Page 144 Command Mode Rule Command Mode Rule SURPASS hiD 6615 S223/S323 R1.5 Description Deletes a specified rule action. Description Denies a packet. Redirects to specified egress port: PORT: uplink port number (e.g. 25-28) Sends a copy to mirror monitoring port.
Page 145: Applying Rule
User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete a specified rule action (no-match), use the following command. no no-match deny no no-match redirect no no-match mirror no no-match dscp no no-match cos no no-match ip-prec no no-match copy-to-cpu 7.6.2.5...
Page 146: Displaying Rule
SWITCH(config-rule[jean]) 7.6.3 For hiD 6615 S223/S323, it is possible to use Strict Priority Queuing, Weighted Round Robin and Weighted Fair Queuing for a packet scheduling mode. The following steps explain how QoS can be configured. •...
Page 147: Scheduling Algorithm
SURPASS hiD 6615 S223/S323 R1.5 7.6.3.1 Scheduling Algorithm To process incoming packets by the queue scheduler, the hiD 6615 S223/S323 provides the scheduling algorithm as Strict Priority Queuing (SP), Weighted Round Robin (WRR) and Weighted Fair Queuing (WFQ). Weighted Round Robin (WRR) WRR processes packets as much as weight.
Page 148: Fig. 7.2 Weighted Fair Queuing
The processing order in Strict Priority Queuing in case of entering packets having the Queue numbers as below Lowest priority Fig. 7.3 Weighted Fair Queuing Output Scheduler Strict Priority Queuing SURPASS hiD 6615 S223/S323 R1.5 highest priority A50010-Y3-C150-2-7619 User Manual...
Page 149: Qos Weight
15> | unlimited } 7.6.3.3 802.1p Priory-to-queue Mapping For the hiD 6615 S223/S323, it is possible to configure how packets having a certain 802.1p priority will be stored into which queue. Default mapping is shown as below (de- fault values).
Page 150: Queue Parameter
PORTS show qos cpu 7.6.4 Admin Access Rule For the hiD 6615 S223/S323, it is possible to block a specific service connection like tel- net, FTP, ICMP, etc with an admin access rule function. Command Mode Global...
Page 151: Rule Creation
SURPASS hiD 6615 S223/S323 R1.5 7.6.4.1 Rule Creation For the hiD 6615 S223/S323, you need to open Admin Access Rule Configuration mode first. After opening Admin Access Rule Configuration mode, the prompt changes from SWITCH(config)# to SWITCH(config-admin-rule[NAME])#. To open Rule Configuration mode, use the following command.
Page 152: Packet Classification
{<0-65535> | any } {<0-65535> | any } {TCP-FLAG | any } Command Mode Admin-rule SURPASS hiD 6615 S223/S323 R1.5 Description Classifies an IP address: A.B.C.D: source/destination IP address A.B.C.D/M: source/destination IP address with mask any: any source/destination IP address...
Page 153: Rule Action
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.6.4.4 Rule Action To specify a rule action (match) for the packets matching configured classifying patterns, use the following command. match deny match permit To delete a specified rule action (match), use the following command.
Page 154: Modifying And Deleting Rule
Global Command Mode Enable Global Admin-rule SURPASS hiD 6615 S223/S323 R1.5 Description Modifies an admin access rule, enter a rule name. Description Deletes an admin access rule, enter a rule name op- tionally. Deletes all rules and admin access rules.
Page 155: Netbios Filtering
But the more computers are used recently, the more strong security is required. To secure individual customer’s information and prevent information leakages in the LAN environ- men, the hiD 6615 S223/S323 provides NetBIOS filtering function. LAN environment for Internet Service Fig.
Page 156: Martian Filtering
For the hiD 6615 S223/S323, you have to lock the port like MAC filtering before configur- ing max hosts. In case of ISPs, it is possible to arrange billing plan for each user by using this configuration.
Page 157: Max New Hosts
User Manual SURPASS hiD 6615 S223/S323 R1.5 max-hosts PORTS <1-16> no max-hosts PORTS The following is an example of configuring to allow two MAC addresses to port 3, and five addresses to port 1, 2, and to ten addresses to port 7.
Page 158: Port Security
Global Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description The number of MAC address that can be learned on the port for a second. The number of MAC address that can be learned on the system for a second.
Page 159 User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 2 Set the maximum number of secure MAC address for the port. port security PORTS maximum <1-16384> Step 3 Set the violation mode and the action to be taken. port security PORTS violation...
Page 160: Port Security Aging
00:02:a5:74:9b:17 enabled shutdown absolute vlan secure-mac-addr Command Mode PORTS aging Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Shows port security on the port. type static maximum current 10000 status in use static type static maximum current status...
Page 161: Mac Table
User Manual SURPASS hiD 6615 S223/S323 R1.5 To disable the configuration of port secure aging, use the following command. no port security PORTS aging static no port security PORTS aging time no port security PORTS aging type To display the configuration of port security, use the following command.
Page 162 Command Mode Bridge Command Mode Enable Global Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Clears dynamic MAC addresses. Clears dynamic MAC addresses. Clears dynamic MAC addresses. NAME: enter the bridge name. PORT: enter the port number. Clears dynamic MAC addresses.
Page 163: Mac Filtering
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.12 MAC Filtering It is possible to forward frame to MAC address of destination. Without specific perform- ance degradation, maximum 4,096 MAC addresses can be registered. 7.12.1 Default Policy of MAC Filtering The basic policy of filtering based on system is set to allow all packets for each port.
Page 164: Deleting Mac Filter Policy
Bridge Command Mode Bridge Command Mode Enable / Global / Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Allows or blocks packet which brings configured mac address to specified port. Description Deletes filtering policy for specified MAC address. Description Deletes all MAC filtering functions.
Page 165: Address Resolution Protocol (Arp)
IP address is called as address resolution. On the other hand, the progress of finding proper IP address from MAC address is called as reverse address resolution. Siemens switches find MAC address from IP address through address resolution protocol (ARP).
Page 166: Registering Arp Table
Enable Global HWaddress 00:bb:cc:dd:ee:05 00:00:cd:01:82:d0 SURPASS hiD 6615 S223/S323 R1.5 Description Sets a static ARP entry, enter the IP address and the MAC address. MACADDR: enter the MAC address. Sets a static ARP entry, enter the IP address, the MAC address and enter an interface name.
Page 167: Arp Alias
Although clients are joined in same client switch, it may be impossible to communicate between clients for their private security. When you need to make them communicate each other, the hiD 6615 S223/S323 supports ARP alias, which responses ARP request from client net through concentrating switch.
Page 168 Global Bridge Command Mode Global Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Inspects specific check on incoming ARP packets. src-mac: checks the source MAC address. Packets with different MAC addresses are classified as invalid are dropped. dst-mac: checks the destination MAC address. Packets with different MAC addresses are classified as invalid are dropped.
Page 169: Gratuitous Arp
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.13.4 Gratuitous ARP Gratuitous ARP is a broadcast packet like an ARP request. It containing IP address and MAC address of gateway, and the network is accessible even though IP addresses of specific host’s gateway are repeatedly assigned to the other.
Page 170: Blocking Echo Reply Message
ICMP Message Type 15 16 8-bit Code (Contents Depend on Type and Code) Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Type ICMP_DEST_UNREACH ICMP_REDIRECT ICMP_TIME_EXCEEDED ICMP_TIMESTAMP ICMP_INFO_REQUEST ICMP_ADDRESS 16-bit Checksum Description Blocks echo reply message to all partners who are taking ping test to device.
Page 171: Tab. 7.3 Mask Calculation Of Default Value
User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure interval to transmit ICMP message, the administrator should configure the type of message and the interval time. Use the following command, to configure the interval for transmit ICMP message. ip icmp interval rate-mask MASK If mask that is input as hexadecimal number is calculated as binary number “1”...
Page 172: Transmitting Icmp Redirect Message
Mode Global Command Mode Enable Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Configures a limited ICMP transmission time. INTERVAL: 0-2000000000 (unit: 10 ms) Description Returns to default configuration. Description Shows ICMP interval configuration. Description Activates the function transmitting ICMP Redirect...
Page 173: The Policy Of Unreached Messages
7.15 IP TCP Flag Control TCP (Transmission Control Protocol) header includes six kinds of flags that are URG, ACK, PSH, RST, SYN, and FIN. For the hiD 6615 S223/S323, you can configure RST and SYN as the below. 7.15.1 RST Configuration RST sends a message when TCP connection can not be done to a person who tries to make it.
Page 174: Syn Configuration
7.15.2 SYN Configuration SYN sets up TCP connection. The hiD 6615 S223/S323 transmits cookies with SYN to a person who tries to make TCP connection. And only when transmitted cookies are re- turned, it is possible to permit TCP connection. This function prevents connection over- crowding because of accessed users who are not using and helps the other users use service.
Page 175: Packet Dump By Protocol
User Manual SURPASS hiD 6615 S223/S323 R1.5 7.16.1.1 Packet Dump by Protocol You can see packets about BOOTPS, DHCP, ARP and ICMP using the following com- mand. debug packet { interface INTER- FACE | port PORTS} protocol { bootps | dhcp | arp | icmp } { src- ip A.B.C.D | dest-ip A.B.C.D}...
Page 176: Tab. 7.4 Options For Packet Dump
Display the selected packets by conditional expression as the intended type. rpc (Remote Procedure Call) rtp (Real-time Transport Protocol) rtcp (Real-time Transport Control Protocal) vat (Visual Audio Tool) wb (distributed White Board) Conditional expression Options for Packet Dump User Manual SURPASS hiD 6615 S223/S323 R1.5 Description A50010-Y3-C150-2-7619...
Page 177: Debug Packet Dump
7.16.2 Debug Packet Dump The hiD 6615 S223/S323 provides network debugging function to prevent system over- head for unknown packet inflow. Monitoring process checks CPU load per 5 seconds. If there is more traffic than threshold, user can capture packets using TCP Dump and save it to file.
Page 178: System Main Functions
Unicast and multicast traffic (including server advertisements) will propagate to all members of the VLAN so that they can communicate freely among themselves. User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 179: Port-Based Vlan
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1.1 Port-Based VLAN The simplest implicit mapping rule is known as port-based VLAN. A frame is assigned to a VLAN based solely on the switch port on which the frame arrives. In the example de-...
Page 180: Creating Vlan
Bridge Command Mode Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Creates new VLAN by assigning VLAN ID: VLANS: enter the number of VLAN ID (from 1 to 4094). Description Configures VLAN PVID: PORTS: enter the port numbers.
Page 181: Displaying Vlan
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1.1.5 Displaying VLAN To display a configuration of VLAN, use the following command. show vlan [VLANS] 8.1.2 Protocol-Based VLAN User can use a VLAN mapping that associates a set of processes within stations to a VLAN rather than the stations themselves.
Page 182: Subnet-Based Vlan
Command Mode Bridge Command Mode Bridge User Manual SURPASS hiD 6615 S223/S323 R1.5 Description Configure VLAN based on MAC address Clears configured VLAN based on MAC address. Description Configure VLAN based on Subnet Clears configured VLAN based on Subnet. Description Configure precedence between MAC based VLAN and Subnet based VLAN.
Page 183: Vlan Description
User Manual SURPASS hiD 6615 S223/S323 R1.5 VLAN association rules only need to be applied once. Only edge switches need to know the VLAN as- sociation rules. Core switches can get higher performance by operating on an explicit VLAN identifier.
Page 184: Qinq
Customer B Fig. 8.2 If QinQ is configured on the hiD 6615 S223/S323, it transmits packets adding another Tag to original Tag. Customer A group and customer B group can guarantee security because telecommunication is done between each VLANs at Double Tagging part.
Page 185: Double Tagging Operation
If Egress port is Access port (Access port is configured as Untagged), remove SPVLAN. If egress port is uplink port, transmit as it is. Step 4 The hiD 6615 S223/S323 switch has 0x8100 TPID value as default and other values are used as hexadecimal number. 8.1.8.2...
Page 186: Tpid Configuration
And because PVLAN edge can work on local switch, the isolation between two switches is impossible. The hiD 6615 S223/S323 provides Private VLAN function like Private VLAN edge of Cisco product. Because it does not create any sub-VLAN, port security is provided by port...
Page 187: Port Isolation
8.1.9.2 Shared VLAN This chapter is only for Layer 2 switch operation. The hiD 6615 S223/S323 is Layer 3 switch, but it can be used for Layer 2 also. Because there is no routing information in Layer 2 switch, each VLAN cannot communicate. Especially, the uplink port should re- ceive packets from all VLANs.
Page 188: Fig. 8.5 In Case External Packets Enter Under Layer 2 Environment (1)
In Case External Packets Enter under Layer 2 environment (2) Fig. 8.6 In conclusion, to use the hiD 6615 S223/S323 as Layer 2 switch, user should add the up- link port to all VLANs and create new VLAN including all ports. If the communication be- tween each VLAN is needed, FID should be same.
Page 189: Vlan Translation
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.1.10 VLAN Translation VLAN Translation is simply an action of Rule. This function is to translate the value of specific VLAN ID which classified by Rule. The switch makes Tag adding PVID on Untagged packets, and use Tagged Packet as it is.
Page 190 ----------------------------------------------------------------- Name( VID| FID) |123456789012345678901234567890123456789012 ----------------------------------------------------------------- default( 1) |u.u.uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2( 2) |.u... br4( 4) |...u... 0x900 packet among the packets entering to Port 4 default br2 br3 br4 SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 User Manual...
Page 191 SWITCH(bridge)# [Sample Configuration 5] Configuring Shared VLAN with FID Configure br2, br3, br4 in the hiD 6615 S223/S323 configured Layer 2 environment and 24 ports as Uplink port is configured. To transmit untagged packet through Uplink port rightly, follow below configuration.
Page 192: Link Aggregation
Outer Network Uplink Port u: untagged port, t: tagged port ----------------------------------------------------------------- Name( VID| FID) |123456789012345678901234567890123456789012 ----------------------------------------------------------------- default( 5) |uu...uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2( 5) |..uu...u... br3( 5) |...uu...u... br4( 5) |...uu...u... br5( 5) |uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619 User Manual...
Page 193: Port Trunk
1 port Fig. 8.7 The hiD 6615 S223/S323 supports two kinds of link aggregation as port trunk and LACP. There’s a little difference in these two ways. In case of port trucking, it is quite trouble- some to set the configuration manually and the rate to adjust to the network environment changes when connecting to the switch using logical port.
Page 194: Disabling Port Trunk
0 to 13, and group ID of port trunk and aggregator number of LACP cannot be configured repeatedly. The following explains how to configure LACP. Command Mode Bridge Command Mode Enable Global Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Releases a configured trunk port. Description Shows a configuration for trunk. A50010-Y3-C150-2-7619 User Manual...
Page 195: Configuring Lacp
Therefore the hiD 6615 S223/S323 is configured to decide the way of packet route in or- der to divide on member port effectively when packets are transmitted. It can be selected with Source IP address, destination IP address, source MAC address, destination MAC address and the user could get the information of packets to decided packet route.
Page 196: Operating Mode Of Member Port
• srcmac: Source MAC address. • For the hiD 6615 S223/S323, srcdstmac (source MAC address and destination MAC ad- dress) is basically used to decide packet route. After configuring aggregator, you should configure packets transmitting aggregator port. The following is the command of configuring packets transmitting aggregator port.
Page 197: Identifying Member Ports Within Lacp
PORTS 8.2.2.5 BPDU Transmission Rate Member port transmits BPDU with its information. For the hiD 6615 S223/S323, it is pos- sible to configure the BPDU transmission rate, use the following command. lacp port timeout PORTS { short | long } To clear BPDU transmission rate, use the following command (clear means long timeout).
Page 198: Priority Of Member Port
Bridge Command Mode Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Deletes key value of selected member port, select the member port number. Description Sets the LACP priority of member port, select the port number. (default: 32768) Description Deletes port priority of selected member port, select the member port number.
Page 199: Displaying Lacp Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.2.2.9 Displaying LACP Configuration To display a configured LACP, use the following command. show lacp aggregator show lacp aggregator AGGRE- GATIONS show lacp port show lacp port PORTS show lacp statistics To clear LACP statistics information, use the following command.
Page 200: Spanning-Tree Protocol (Stp)
1 is chosen and path 2 is blocked. Switch B PC-A Fig. 8.9 Switch B PC-A Example of Loop Switch A Blocking Path 1 Path 2 Switch C Principle of Spanning Tree Protocol User Manual SURPASS hiD 6615 S223/S323 R1.5 PC-B PC-B VLAN 1 Switch D A50010-Y3-C150-2-7619...
Page 201: Stp Operation
User Manual SURPASS hiD 6615 S223/S323 R1.5 Meanwhile, RSTP (Rapid Spanning-Tree Protocol) defined in IEEE 802.1w innovate re- duces the time of network convergence on STP (Spanning-Tree Protocol). It is easy and fast to configure new protocol. Also, 802.1w includes 802.1d inside, so it can provide compatibility with 802.1d. For more detail description of STP and RSTP, refer to the following.
Page 202: Fig. 8.11 Designated Switch
ID is compared. Switch A Priority : 8 Path-cost Switch B Priority : 9 Path-cost Path 1 Path 2 Switch D Designated Switch User Manual SURPASS hiD 6615 S223/S323 R1.5 Root Switch Path-cost Switch C Priority : 10 Path-cost A50010-Y3-C150-2-7619...
Page 203: Fig. 8.12 Port Priority
User Manual SURPASS hiD 6615 S223/S323 R1.5 Designated Port and Root Port A Root Port is the port in the active topology that provides connectivity from the Desig- nated Switch toward the root. A Designated Port is a port in the active topology used to forward traffic away from the root onto the link for which this switch is the Designated Switch.
Page 204: Fig. 8.13 Port State
Potential to become active BPDUs indicate port should not be active Blocking BPDUs indicate port should not be active Forwarding Port State SURPASS hiD 6615 S223/S323 R1.5 Forwarding timer expired BPDUs indicate port Learning should not be active Forwarding timer expired...
Page 205: Rstp Operation
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.2 RSTP Operation STP or RSTP is configured on network where Loop can be created. However, RSTP is more rapidly progressed than STP at the stage of reaching to the last topology. This sec- tion describes how the RSTP more improved than STP works.
Page 206: Fig. 8.15 Example Of Receiving Low Bpdu
BPDU from SWITCH C makes port connected to SWITCH C Blocking state to prevent loop after new link. Switch A New Root Port Low BPDU BPDU including Root information Example of Receiving Low BPDU SURPASS hiD 6615 S223/S323 R1.5 ROOT Switch C A50010-Y3-C150-2-7619 User Manual...
Page 207: Fig. 8.16 Convergence Of 802.1D Network
User Manual SURPASS hiD 6615 S223/S323 R1.5 Switch B Fig. 8.16 This is very an epochal way of preventing a loop. The matter is that communication is disconnected during two times of BPDU Forward-delay till a port connected to switch D and SWITCH C is blocked.
Page 208: Fig. 8.18 Network Convergence Of 802.1W (2)
Switch A 4. Forwarding state Switch C 4. Block to make Forwarding state of Switch A Network Convergece of 802.1w (3) SURPASS hiD 6615 S223/S323 R1.5 ROOT 3. Negotiate between Switch A and Switch C (Traffic Blocking) Switch C Switch D...
Page 209: Mstp Operation
8.3.3 MSTP Operation To operate the network more effectively, the hiD 6615 S223/S323 uses MSTP (Multiple Spanning-Tree Protocol). It constitutes the network with VLAN subdividing existing LAN domain logically and configure the route by VLAN or VLAN group instead of existing rout- ing protocol.
Page 210: Fig. 8.22 Cst And Ist Of Mstp (1)
CST Root & IST Root Instance 2 Instance 2 Instance 3 Switch D CST and IST of MSTP (1) User Manual SURPASS hiD 6615 S223/S323 R1.5 Region B (IST) Switch C Instance 1 IST Root Region A (IST) Switch E...
Page 211: Configuring Stp/Rstp/Mstp/Pvstp/Pvrstp Mode (Required)
CST root. However, if any BPDU having higher priority than that of B is sent, B cannot be CST root. For the hiD 6615 S223/S323, the commands configuring MSTP are also used to config- ure STP and RSTP.
Page 212: Configuring Stp/Rstp/Mstp
Please be careful not to make mistake. Command Mode Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Enables/disables STP, RSTP or MSTP function. Description Configures the priority of the switch: MSTID-RANGE: select instance number 0. 0-61440: priority value in steps of 4096 (default: 32768) Clears the Priority of the switch, enter the instance number.
Page 213: Port-Priority
User Manual SURPASS hiD 6615 S223/S323 R1.5 100M Tab. 8.2 100M Tab. 8.3 When the route decided by path-cost gets overloading, you would better take another route. Considering these situations, it is possible to configure path-cost of root port so that user can configure route manually.
Page 214: Mst Region
UMN:CLI 8.3.5.5 MST Region If MSTP is established in the hiD 6615 S223/S323, decide which MST region the switch is going to belong to by configuring MST configuration ID. Configuration ID contains region name, revision, VLAN map. To set configuration ID, use the following command.
Page 215: Mstp Protocol
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.5.6 MSTP Protocol MSTP protocol has a backward compatibility. MSTP is compatible with STP and RSTP. If some other bridge runs with STP mode and send BPDU version of STP or RSTP, MSTP automatically changes to STP mode.
Page 216: Displaying Configuration
MSTID-RANGE { all | PORTS} [ detail ] In case STP or RSTP is configured in the SURPASS hiD 6615 S223/S323, you should configure MSTID-RANGE as 0. To display a configured MSTP of the switch, use the following command.
Page 217: Configuring Pvstp/Pvrstp
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.6 Configuring PVSTP/PVRSTP STP and RSPT are designed with one VLAN in the network. If a port becomes blocking state, the physical port itself is blocked. But PVSTP (Per VLAN Spanning Tree Protocol) and PVRSTP (Per VLAN Rapid Spanning Tree Protocol) maintains spanning tree in- stance for each VLAN in the network.
Page 218: Root Switch
VLAN-RANGE PORTS Command Mode Bridge Command Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Configures a priority of switch. Clears a priority of switch. Mode Description Configures path-cost to configure route on user’s own. Bridge Clears path-cost configuration.
Page 219: Root Guard
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.7 Root Guard The standard STP does not allow the administrator to enforce the position of the root bridge, as any bridge in the network with lower bridge ID will take the role of the root bridge.
Page 220: Bridge Protocol Data Unit Configuration
VLAN-RANGE <1-10> Command Mode Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Configures restarting protocol migration function. Description Configures hello time to transmit the message in STP, RSTP and MSTP: 1-10: set the hello time. (default: 2) Configures hello time to transmit the message in PVSTP and PVRSTP: 1-10: set the hello time.
Page 221: Forward Delay
User Manual SURPASS hiD 6615 S223/S323 R1.5 To clear configured hello-time, use the following command. no stp mst hello-time no stp pvst hellow-time VLAN- RANGE 8.3.9.2 Forward Delay It is possible to configure forward delay, which means time to take port status from listen- ing to forwarding.
Page 222: Bpdu Hop
Bridge Command Mode Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Returns to the default max-age value of STP, RSTP and MSTP. Returns to the default max-age value of PVSTP and PVRSTP. Description Configures the number of hop for BPDU, set the num- ber of possible hops in the region.
Page 223: Self Loop Detection
To prevent this, the hiD 6615 S223/S323 has self loop detection to perceive that outgoing packet is got back. Through the self loop detection, you can prevent packet, which comes back because it blocks the port.
Page 224: Displaying Bpdu Configuration
Bridge Command Mode Enable Global Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Enables/disables self loop detection function. Description Shows status of self loop detection and a port where loop is happed. Shows self loop detection status on specified ports:...
Page 225: Sample Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.3.10 Sample Configuration Backup Route When you design layer 2 network, you must consider backup route for stable STP net- work. This is to prevent network corruption when just one additional path exits.
Page 226: Fig. 8.27 Example Of Layer 2 Network Design In Mstp Environment
20.00 2.00 15.00 8000.00d0cb000183 TEST 51-4094 1-50 User Manual SURPASS hiD 6615 S223/S323 R1.5 MST Region 2 Instance 1 VLAN 170 Instance 2 VLAN 180~190 Instance 3 VLAN 191~195 Region Name : test Revision :2 MST Region 3 Instance 4 VLAN 150~160...
Page 227: Virtual Router Redundancy Protocol (Vrrp)
Routers also get orders depending on priority. Routing functionalities such as RIP, OSPF, BGP, VRRP and PIM-SM are only available for hiD 6615 S323. (Unavailable for hiD 6615 S223) Fig. 8.28 In case routers have same priorities, then a router, which has lower IP address, gets the precedence.
Page 228: Configuring Vrrp
Global Bridge VRRP Command Mode Global Command Mode VRRP SURPASS hiD 6615 S223/S323 R1.5 Description Configures Virtual Router (VRRP Group). GROUP-ID: 1-255 Description Shows current configuration of VRRP. Shows current configuration of specified interface VRRP. Description Configures Virtual Router (VRRP Group).
Page 229: Access To Associated Ip Address
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.4.1.2 Access to Associated IP Address If you configure the function of accessing Associated IP address, you can access to As- sociated IP address by the commands such as ping. To configure the function of accessing Associated IP address, use the following command.
Page 230 The following is an example of configuring Master Router and Backup Router by comparing IP addresses: Virtual Routers, Layer 3 SWITCH 1 – 10.0.0.1 and Layer 3 SWITCH 2 – 10.0.0.2. SURPASS hiD 6615 S223/S323 R1.5 backup 00:00:5E:00:01:01...
Page 231: Vrrp Track Function
User Manual SURPASS hiD 6615 S223/S323 R1.5 <Layer 3 SWITCH1: IP address - 10.0.0.1/24> SWTICH1(config)# router vrrp default 1 SWITCH1(config-router)# associate 10.0.0.5 SWITCH1(config-router)# exit SWITCH1(config)# show vrrp default - virtual router 1 ---------------------------------------------- state virtual mac address advertisement interval preemption...
Page 232: Authentication Password
Link down. VRRP Track Command Mode VRRP Command Mode VRRP SURPASS hiD 6615 S223/S323 R1.5 Backup Router 2 IP : 10.0.0.1/24 Description Configures VRRP Track. The Priority becomes lower as the configured value. Description Disables VRRP Track configuration.
Page 233: Preempt
User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure an authentication password for security of Virtual Router, use the following command on VRRP configuration mode. authentication clear_text PASSWORD no authentication Authentication password can be configured with maximum 7 digits. The following is an example of configuring Authentication password in Virtual Router as network and showing it.
Page 234: Vrrp Statistics
Egress and ingress can be configured both to be same and to be dif- ferent. The hiD 6615 S223/S323 can apply the rate limit and support ingress policing and egress shaping. Command...
Page 235: Configuring Rate Limit
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.5.1 Configuring Rate Limit To set a port bandwidth, use the following command. rate PORTS RATE [ egress | in- gress ] no rate PORTS no rate PORTS [ egress | ingress ] Unless you input neither egress nor ingress, they are configured to be same.
Page 236: Flood Guard
Rate Limit and Flood Guard Command Mode <1- PORTS Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 <Flood Guard> Configure Flood-guard to allow packets as many as ‘n’ per a second ‘n’ packets allowed for a second Packets over thrown...
Page 237: Sample Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.6.2 Sample Configuration The following is an example of showing the configuration after limiting the number of packets transmitted to the port number 1 as 10,000. SWITCH(bridge)# mac-flood-guard 1 10000 SWITCH(bridge)# show mac-flood-guard...
Page 238: Dynamic Host Configuration Protocol (Dhcp)
(leased) rather than static (permanently assigned), addresses no longer in use are auto- matically returned to the pool for reallocation. IP Packet (Broadcast) ※ PC=DHCP Client Fig. 8.31 DHCP Packet (Unicast) DHCP Service Structure SURPASS hiD 6615 S223/S323 R1.5 DHCP Server or Relay Agent Subnet A50010-Y3-C150-2-7619 User Manual...
Page 239: Dhcp Server
User Manual SURPASS hiD 6615 S223/S323 R1.5 The hiD 6615 S223/S323 flexibly provides the functions as the DHCP server or DHCP re- lay agent according to your DHCP configuration. This chapter contains the following sections: DHCP Server • DHCP Address Allocation with Option 82 •...
Page 240: Dhcp Pool Creation
Global Command Mode DHCP Pool Command Mode DHCP Pool SURPASS hiD 6615 S223/S323 R1.5 Description Creates a DHCP pool and opens DHCP Pool Configu- ration mode. Deletes a created DHCP pool. Description Specifies a subnet of the DHCP pool. A.B.C.D/M: network address Deletes a specified subnet.
Page 241: Default Gateway
User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example for specifying the range of IP addresses. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# default-router 100.1.1.254 SWITCH(config-dhcp[sample])# range 100.1.1.1 100.1.1.100 SWITCH(config-dhcp[sample])# You can also specify several inconsecutive ranges of IP addresses in a single DHCP pool, e.g.
Page 242: Dns Server
Command Mode DHCP Pool Command Mode DHCP Pool SURPASS hiD 6615 S223/S323 R1.5 Description Specifies a DNS server. Up to 8 DNS servers are pos- sible. A.B.C.D: DNS server IP address Deletes a specified DNS server. Deletes all the specified DNS servers.
Page 243: Domain Name
82. 8.8.1.10 Static Mapping The hiD 6615 S223/S323 provides a static mapping function that enables to assign a static IP address without manually specifying static IP assignment by using a DHCP lease database in the DHCP database agent.
Page 244: Ip Address Validation
Global Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Selects a recognition method of DHCP clients Description Selects an IP address validation method. Description Sets a validation value of how many responses. 0-20: response value (default: 2)
Page 245: Prohibition Of 1:N Ip Address Assignment
IP address. In this case, you can configure the hiD 6615 S223/S323 to prohibit assigning plural IP addresses to a single DHCP client. To prohibit assigning plural IP addresses to a DHCP client, use the following command.
Page 246: Displaying Dhcp Pool Configuration
0.00% of the pool 0.00% of the pool 0.00% of the pool 0.00% of the pool 0.00% of the pool SURPASS hiD 6615 S223/S323 R1.5 Description Shows a DHCP pool configuration. Shows a summary of a DHCP pool configuration. POOL: pool name 0.00 of total...
Page 247: Dhcp Address Allocation With Option 82
8.8.2 DHCP Address Allocation with Option 82 The DHCP server provided by the hiD 6615 S223/S323 can assign dynamic IP addresses based on DHCP option 82 information sent by the DHCP relay agent. The information sent via DHCP option 82 will be used to identify which port the DHCP_REQUEST came in on.
Page 248: Associating Dhcp Class
Command HEX- Command Command Mode DHCP Pool Command Mode DHCP Pool Class SURPASS hiD 6615 S223/S323 R1.5 Mode Description DHCP Deletes specified option 82 information Class for IP assignment. Mode Description Deletes all specified option 82 informa- tion that contains only a remote ID.
Page 249: Dhcp Lease Database
8.8.3.1 DHCP Database Agent The hiD 6615 S223/S323 provides a feature that allows to a DHCP server automatically saves a DHCP lease database on a DHCP database agent. The DHCP database agent should be a TFTP server, which stores a DHCP lease data- base as numerous files in the form of leasedb.MAC-ADDRESS, e.g.
Page 250: Deleting Dhcp Lease Database
Subnet 1 Example of DHCP Relay Agent Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Deletes a DHCP lease database a specified subnet. Deletes a DHCP lease database of a specified DHCP pool. Deletes the entire DHCP lease database.
Page 251: Packet Forwarding Address
{A.B.C.D | all } If a packet forwarding address is specified on an interface, the hiD 6615 S223/S323 will enable a DHCP relay agent. You can also specify an organizationally unique identifier (OUI) when configuring a packet forwarding address.
Page 252: Dhcp Option 82
By associating a MAC address with a remote ID, a DHCP server can prevent offering an IP address to an attacker spoofing the same MAC address on a different remote ID. Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Enables a smart relay. Disables a smart relay. A50010-Y3-C150-2-7619...
Page 253: Enabling Dhcp Option 82
User Manual SURPASS hiD 6615 S223/S323 R1.5 Client Identifier Spoofing By using the agent-supplied remote ID option, the untrusted and as-yet unstandardized client identifier field need not be used by the DHCP server. Fig. 8.33 shows how the DHCP relay agent with the DHCP option 82 operates.
Page 254: Option 82 Reforwarding Policy
{ deny | permit } Command Command Command Command Mode Option 82 Command Mode Option 82 SURPASS hiD 6615 S223/S323 R1.5 Mode Description Specifies a remote ID. Option 82 (default: system MAC address) Mode Description Specifies a circuit ID. Option 82...
Page 255: Simplified Dhcp Option 82
User Manual SURPASS hiD 6615 S223/S323 R1.5 If you specify the default trust policy as deny, the DHCP packet that carries the informa- tion you specifies below will be permitted, and vice versa. Trusted Remote ID To specify a trusted remote ID, use the following command.
Page 256: Dhcp Client
8.8.6 DHCP Client An interface of the hiD 6615 S223/S323 can be configured as a DHCP client, which can obtain an IP address from a DHCP server. The configurable DHCP client functionality al- lows a DHCP client to use a user-specified client ID, class ID or suggested lease time when requesting an IP address from a DHCP server.
Page 257: Ip Lease Time
8.8.6.7 Forcing Release or Renewal of DHCP Lease The hiD 6615 S223/S323 supports two independent operation: immediate release a DHCP lease for a DHCP client and force DHCP renewal of a lease for a DHCP client. To force a release or renewal of a DHCP release for a DHCP client, use the following command.
Page 258: Dhcp Snooping
8.8.7 DHCP Snooping For enhanced security, the hiD 6615 S223/S323 provides the DHCP snooping feature. The DHCP snooping filters untrusted DHCP messages and maintains a DHCP snooping binding table. An untrusted message is a message received from outside the network, and an untrusted interface is an interface configured to receive DHCP messages from outside the network.
Page 259: Dhcp Rate Limit
8.8.7.5 Source MAC Address Verification The hiD 6615 S223/S323 can verify that the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet. To enable the source MAC address verification, use the following command.
Page 260: Dhcp Snooping Database Agent
Global Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Specifies a DHCP snooping database agent and back- up interval. A.B.C.D: DHCP snooping database agent address INTERVAL: 120-2147483637 (unit: second) Deletes a specified DHCP snooping database agent.
Page 261: Displaying Dhcp Snooping Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 The DHCP snooping database agent should be TFTP server. 8.8.7.7 Displaying DHCP Snooping Configuration To display DHCP snooping table, use the following command. show ip dhcp snooping show ip dhcp snooping binding 8.8.8 IP Source Guard IP source guard is similar to DHCP snooping.
Page 262: Static Ip Source Binding
Mode Global Command Mode Enable Global SURPASS hiD 6615 S223/S323 R1.5 Description Enables IP source guard with a source IP address filtering on a port. Disables IP source guard. Description Enables IP source guard with a source IP address and MAC address filtering on a port.
Page 263: Dhcp Filtering
8.8.9.1 DHCP Packet Filtering For the hiD 6615 S223/S323, it is possible to block the specific client with MAC address. If the blocked MAC address by administrator requests IP address, the server does not assign IP. This function is to strength the security of DHCP server.
Page 264: Debugging Dhcp
Command Mode Enable Global Bridge Command Mode Enable SURPASS hiD 6615 S223/S323 R1.5 Client 3 The device that can be a DHCP server 10.1.1.1 ~ 10.1.1.10 IP assigned Description Enables the DHCP server packet filtering. Disables the DHCP server packet filtering.
Page 265: Ethernet Ring Protection (Erp)
SURPASS hiD 6615 S223/S323 R1.5 Ethernet Ring Protection (ERP) The ERP is a Siemens protection protocol and procedure to protect Ethernet ring topolo- gies. It is a fast failure detection and recovery so that it decreases the time to prevent Loop under 50ms.
Page 266: Fig. 8.36 Ring Protection
2. Nodes detecting Link Failure send Link Down message Normal Node 1. Link Failure recover blocks the port recovered from Link Failure Normal Node Link Failure Recovery SURPASS hiD 6615 S223/S323 R1.5 2. Send Link Down Message Normal Node RM Node A50010-Y3-C150-2-7619 User Manual...
Page 267: Loss Of Test Packet (Lotp)
User Manual SURPASS hiD 6615 S223/S323 R1.5 Normal Node Normal Node Fig. 8.38 8.9.2 Loss of Test Packet (LOTP) ERP recognizes the Link Failure using Loss of Test Packet (LOTP). RM Node regularly sends RM Test Packet message. If the message is not retransmitted to RM Node through Ethernet Ring, it means that Loop doesn’t occur.
Page 268: Rm Node
Bridge Command Mode Bridge Command Mode Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Configures RM node of ERP node mode. Configures ERP node mode as normal node. Description Configures ports of ERP domain Description Configures protected VLAN of ERP domain...
Page 269: Manual Switch To Secondary
User Manual SURPASS hiD 6615 S223/S323 R1.5 8.9.3.6 Manual Switch to Secondary To configure Manual Switch to Secondary, use the following command. erp ms-s DOMAIN-ID To disable Manual Switch to Secondary, use the following command. no erp ms-s DOMAIN-ID 8.9.3.7 Wait-to-Restore Time To configure Wait-to-Restore Time, use the following command.
Page 270: Displaying Erp Configuration
The second benefit is the ability to interconnect two or more switches to create a distributed fabric, which behaves in the network as a unified system. The hiD 6615 S223/S323 provides the stacking technology’s benefits for the customer. It is possible to configure stacking function for switches from 2 to 16.
Page 271: Switch Group
User Manual SURPASS hiD 6615 S223/S323 R1.5 A switch, which is supposed to manage the other switches in stacking is named as Mas- ter switch and the other switches managed by Master switch are named as Slave switch. Regardless of installed place or connection state, Master switch can check and manage all Slave switches.
Page 272: Disabling Stacking
Command Mode Enable Global Command Mode Global Manage with the same IP address SURPASS hiD 6615 S223/S323 R1.5 Description Disables the stacking function Description Shows a configuration of stacking Description Accesses to a slave switch. NODE: node number A50010-Y3-C150-2-7619 User Manual...
Page 273 User Manual SURPASS hiD 6615 S223/S323 R1.5 open Interface configuration mode of VLAN to register as a switch group for stacking. The following is an example of configuring Interface of switch group as 1. SWITCH_A# configure terminal SWITCH_A(config)# interface 1 SWITCH_A(interface)# ip address 192.168.10.1/16...
Page 274: Broadcast Storm Control
The hiD 6615 S223/S323 provides not only broadcast storm but also control of multicast and DLF (Destination Lookup Fail) storm. In order to use control of multicast and DLF storm, use the following commands.
Page 275: Jumbo-Frame Capacity
The packet range that can be capable to accept is from 64 bytes to 1518 bytes. Therefore, packets not between these ranges will not be taken. However, the hiD 6615 S223/S323 can accept Jumbo-frame larger than 1518 bytes through user’s configuration.
Page 276: Blocking Direct Broadcast
: 1518/ 1518 Command Mode Global Command Mode Interface SURPASS hiD 6615 S223/S323 R1.5 Description Enables blocking Direct broadcast packet. (Default) Disables blocking Direct broadcast packet. Description Configures maximum MTU size. Returns to the default MTU size. A50010-Y3-C150-2-7619 User Manual...
Page 277 User Manual SURPASS hiD 6615 S223/S323 R1.5 The following is an example of configuration to mtu size as 100. SWITCH(config-if)# mtu 100 SWITCH(config-if)# show running-config interface 1 interface default mtu 100 bandwidth 1m ip address 10.27.41.181/24 SWITCH(config-if) A50010-Y3-C150-2-7619 UMN:CLI...
Page 278: Ip Multicast
6615 S223/S323 is configured only for IGMP Snooping. Fig. 9.1 If the hiD 6615 S323 is installed within Layer 3 network, PIM-SM should be configured. Below the hiD 6615 S223/S323, there is a switch that performs IGMP snooping function for subscribers. IGMP Join/Leave message Fig.
Page 279: Multicast Routing Information Base
User Manual SURPASS hiD 6615 S223/S323 R1.5 ing and PIM-SM should be configured at the same time. Fig. 9.3 Multicast Routing Information Base In this chapter, you can configure the common multicast commands for multicast routing information base. 9.1.1 Enabling Multicast Routing (Required) To provide multicast service on the hiD 6615 S323, you should use the ip multicast- routing command necessarily.
Page 280: Clearing Mrib Information
Mode Enable Global Bridge Command Command Mode Enable Global SURPASS hiD 6615 S223/S323 R1.5 Description Deletes all multicast routes entries. Deletes specific multicast routes entries. GROUP-ADDR: group IP address SRC-IP-ADDRESS: source IP address Mode Description Deletes all multicast routes statistics entries.
Page 281: Displaying Mrib Information
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.1.4 Displaying MRIB Information To display MRIB information, use the following commands show ip mroute { dense | sparse } { count | summary } show ip mroute GROUP-ADDR [SRC-IP-ADDRESS] sparse } { count | summary }...
Page 282: Multicast Aging
Command Mode Global Command Mode Enable Global Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Configures Aging tiem for Multicast Stream (Default:300sec) Configures Maximun Multicast Stream for Aging (Default:5000) Restores it as a default Description Deletes Multicast Stream Entry after Aging per vlan or...
Page 283: Internet Group Management Protocol (Igmp)
This is bandwidth waste. To solve this problem, one group list of members is maintained. IGMP helps multicast router to create and renew the list. The hiD 6615 S223/S323 supports IGMP Version 1, 2 and 3. 9.2.1 IGMP Basic Configuration This chapter explains how to configure basic IGMP features such as IGMP version, IGMP DB and Debugging method.
Page 284: Removing Igmp Entry
Mode Enable Command Mode Enable Command Mode Interface SURPASS hiD 6615 S223/S323 R1.5 Description Clears IGMP interface entries on an interface. Deletes IGMP group cache entries. *: all IGMP group A.B.C.D: IGMP group address Description Enables debugging of IGMP. all: debug all IGMP...
Page 285: Maximum Number Of Groups
User Manual SURPASS hiD 6615 S223/S323 R1.5 IGMP cache, but the switch is not a member. Therefore it can support fast switching. To configure IGMP static Join, use the following command. ip igmp static-group A.B.C.D vlan VLAN port PORT reporter A.B.C.D...
Page 286 Interface Command Mode last-member-query- Interface SURPASS hiD 6615 S223/S323 R1.5 Description Configures the IGMP queier timeout. 60-300: number of seconds that router waits after the previous querier has stopped querying before it takes over as the querier Returns to the default value. (255) Description Configures the IGMP queier timeout.
Page 287: Igmp V2 Fast Leave
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.2.4 IGMP v2 Fast Leave In IGMP version 2, you can minimize the leave latency of IGMP memberships. This com- mand is used when only one receiver host is connected to each interface.
Page 288: L2 Mfib
IGMP Snooping Basic Configuration 9.2.4.1 Enabling IGMP Snooping per VLAN The hiD 6615 S223/S323 supports 256 Snooping Membership Group Table that are managed by each VLAN. Snooping supports Enable/Disable by VLAN independently. By default, IGMP snooping is globally disabled on the switch.
Page 289: Robustness Count For Igmp V2 Snooping
User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 3 Enable IGMP snooping on a VLAN interface. ip igmp snooping vlan VLANS Step 4 Return to Privileged EXEC Enable mode using the exit command. To diable IGMP snooping on a VLAN interface, use the no ip igmp snooping vlan VLANS command for the specified VLAN number.
Page 290: Igmp V2 Snooping Fast Leave
VLANS immediate-leave Multicast Packet Multicast Router 1. Request the Multicast Packet IP Multicasting Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 hiX 5430 Description Configures the fast-leave on the system. Configures the fast-leave on a VLAN interface. A50010-Y3-C150-2-7619 User Manual...
Page 291: Igmp V2 Snooping Querier
9.2.5.2 IGMP v2 Snooping Querier You can use the hiD 6615 S223/S323 as IGMP querier without multicast router, because IGMP query daemon has been installed in the hiD 6615 S223/S323. Legacy equipments used IGMP Querier of PIM but not developed Querier for IGMP Snooping. Because of this, to operate Querier on IGMP Snooping, IP Address was mandatory and Specific Query was operated by IGMP Querier.
Page 292 Command Mode Global igmp snooping vlan SURPASS hiD 6615 S223/S323 R1.5 Description Configures the IGMP snooping querier query interval on the system. 1-1800: IGMP snooping querier query interval in sec- onds Enables the IGMP snooping querier on a VLAN inter- face.
Page 293: Igmp V2 Snooping Last-Member-Interval
User Manual SURPASS hiD 6615 S223/S323 R1.5 To display IGMP query parameter, use the following command. show ip igmp snooping [ vlan VLANS] querier [ detail ] 9.2.5.3 IGMP v2 Snooping Last-Member-Interval When receive Leave Message from host in IGMP v2, Querier sends Specific Query and check whether there is Multicast Group Member.
Page 294: Igmp V2 Snooping Report Method
Mode Enable Global Bridge Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Configures the IGMP report suppression on the sys- tem. Configures the IGMP report suppression on a VLAN interface. Description Deletes the IGMP report suppression on the system.
Page 295: Multicast Tcn Flooding
The hiD 6615 S223/S323 switch helps to deliver multicast traffic is de- livered to all multicast receivers in that VLAN when the topology changes. When the spanning tree protocol is running in a VLAN, a spanning tree topology change notification (TCN) is issued by the root switch in the VLAN.
Page 296 Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Designates the port where multicast router is con- nected to on the system. Designates the port where multicast router is con- nected to on a VLAN interface. Description Configures IGMP snooping TCN flood query count.
Page 297: Igmp V3 Snooping
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.6 IGMP v3 Snooping This chapter consists of these sections IGMP Snooping Version • Join Host Management • Immediate Block • 9.2.6.1 IGMP Snooping Version The reports sent to the multicast router are sent based on the version of that interface. A user can administratively configure the version of the port as 1 or 2.
Page 298: Immediate Block
IGMP snooping. Command Mode Enable Global Bridge Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Shows a configuration. Description Enables immediate block on the system. Enables immediate block on a VLAN interface. A50010-Y3-C150-2-7619 User Manual...
Page 299: Enabling Mvr
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.7.1 Enabling MVR To use the MVR, enable the MVR function with the following command. no mvr 9.2.7.2 MVR Group Address Statically configure a VLAN interface to receive multicast traffic sent to the multicast VLAN and the IP multicast address.
Page 300: Send And Receive Port
Command Mode Global Command Mode Global Command Mode Enable Global SURPASS hiD 6615 S223/S323 R1.5 Description Deletes a MVR group address. IP ADDRESS: specific IP address Description Configures MVR port. PORTS: port number Description Deletes a MVR port. Description Shows a configuration.
Page 301: Creating Igmp Profile
User Manual SURPASS hiD 6615 S223/S323 R1.5 dropped, and the port is not allowed to receive IP multicast traffic from that group. If the filtering action permits access to the multicast group, the IGMP report from the port is forwarded for normal processing.
Page 302: Applying Igmp Profile To The Filter Port
Enable Global Bridge Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Configures IGMP profile. PORTS: port number 1-2147483647: number of configured IGMP profile Description Disables an applied IGMP profile. PORTS: port number Description Shows a configuration.
Page 303: Displaying Igmp Snooping Table
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.2.9 Displaying IGMP Snooping Table To display an IGMP snooping table, use the following command. show ip igmp snooping groups [IP-ADDRESS] show ip igmp snooping groups port [PORT| cpu ] show ip igmp snooping groups...
Page 304: Pim Common Configuration
Fig. 9.6 9.3.1 PIM Common Configuration Routing functionalities such as RIP, OSPF, BGP and PIM-SM are only available for hiD 6615 S323. (Unavailable for hiD 6615 S223) (Rendezvous Point) RPT of PIM-SM Optimized route by deleting unnecessary hops when traffic exceeds certain limit 1.
Page 305: Pim-Sm And Passive Mode
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.1.1 PIM-SM and Passive Mode You need to open Interface Configuration mode of specified interface for activating PIM- SM on Ethernet interface. To open Interface Configuration mode, use the following com- mand. interface INTERFACE To disable Interface Configuration mode, use the following command.
Page 306: Filters Of Neighbor In Pim
Interface Command Mode Interface Command Mode Interface SURPASS hiD 6615 S223/S323 R1.5 Description Configures the filtering of neighbor in PIM. 1-99: simple access list ACESS-LIST: IP named standard access list Disables the filtering configuration. Description Configures the query hold time.
Page 307: Pim Debug
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.1.5 PIM Debug To activate PIM-SM debugging, use the following command. debug pim { all | events | nexthop | mib | mfc | nsm | packet [ in | out ] | state | timer }...
Page 308: Rp Information
Global Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Gives the switch the candidate BSR status. INTERFACE: interface name 0-32: hash mask length for RP selection 0-255: priority for candidate bootstrap switch Description Disables .the configuration of BSR-candidate.
Page 309: Enabling Transmission Of Candidate Rp Message
User Manual SURPASS hiD 6615 S223/S323 R1.5 decide which IP address to be used as candidate-RP. This command is used to statically configure the RP address for multicast groups. To configure IP address to be used in candidate-RP, use the following command.
Page 310: Kat (Keep Alive Time) Of Rp
Command Mode Global Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Configures Keep Alive Time. 1-65535: time Disables a KAT configuration. Description Ignores the PR-SET priority value. Deletes the priority ignoring configuration. Description Configures the rate of register packets.
Page 311: Filters For Register Message From Rp
User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure the registration suppression time, use the following command. ip pim register-suppression <1-65535> no ip pim register-suppression 9.3.5.3 Filters for Register Message from RP One network may include different multicast groups and routers that are not members of multicast group.
Page 312: Reachability For Pim Register Process
Mode Global register-rp-reach- Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Configures the source address of register message. A.B.C.D: IP address to be used as source INTERFACE: interface address to be used as source Disables the registration suppression time.
Page 313: Pim Join/Prune Interoperability
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.7 PIM Join/Prune Interoperability To configure the TX interval of PIM/Join/Prune Message, use the following command. ip pim message-interval <1-65535> no ip pim message-interval 9.3.8 Cisco Router Interoperability 9.3.8.1 Checksum of Full PIM Register Message Although source of multicast is not connected to multicast group, multicast communica- tion is possible.
Page 314: Candidate Rp Message With Cisco Bsr
Mode Global Command Mode Interface SURPASS hiD 6615 S223/S323 R1.5 Description Configures the option to calculate the Register check- sum over the whole packet. Configures the option to calculate the Register check- sum over the whole packet on multicast group speci- fied by the access list.
Page 315: Pim-Ssm Group
User Manual SURPASS hiD 6615 S223/S323 R1.5 9.3.9 PIM-SSM Group To define the Source Specific Multicast (SSM) range of IP multicast addresses, use the following command. When an SSM range of IP multicast addresses is defined by the ip pim ssm command, no Multicast Source Discovery Protocol (MSDP) Source-Active (SA) messages will be accepted or originated in the SSM range.
Page 316: Displaying Pim-Sm Configuration
Command Mode local-members Enable Global Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Shows the PIM snooping configuration such as en- able/disable status and the enabled VLANs. Shows the multicast router address and DR of a speci- fied VLAN. Shows the PIM snooping group, source addresses of a specified VLAN, port or multicast group address.
Page 317: 10 Ip Routing Protocol
SURPASS hiD 6615 S223/S323 R1.5 10 IP Routing Protocol Routing functionalities such as RIP, OSPF, BGP and PIM-SM are only available for hiD 6615 S323. (Unavailable for hiD 6615 S223) 10.1 Border Gateway Protocol (BGP) The Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP) that is used to exchange routing information among routers in different autonomous systems (AS).
Page 318: Basic Configuration
<1-65535> Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Sets the BGP configuration type between standard and ZebOS. Deletes the recent BGP configuration type and returns to default. Description Assigns AS number to configure BGP routing and opens Router Configuration mode.
Page 319: Disabling Bgp Routing
User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 2 To specify a network to operate with BGP, use the following command. network A.B.C.D/M network MASK 10.1.1.3 Disabling BGP Routing Step 1 To delete a specified network to operate with BGP, use the following command.
Page 320: Summary Of Path
Mode Router Command Mode Router Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Summarizes the information of routes and transmits it to the other routers. A.B.C.D/M: network address summary-only: transmits IP prefix only. as-set: transmits one AS-path information. Description Disables the summarization function of routes.
Page 321: Multi-Exit Discriminator (Med)
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.1.2.3 Multi-Exit Discriminator (MED) During the best-path selection process, the switch compares weight, local preference and as-path in turn among the similar parameters of BGP routers. Then, the MED is consid- ered when selecting the best path among many alternative paths.
Page 322 Command Mode Router bestpath compare- SURPASS hiD 6615 S223/S323 R1.5 Description Ignores the information of AS-path as a factor in the algorithm for choosing the best route. Considers the information of AS-path as a factor in the algorithm for choosing the best route.
Page 323: Graceful Restart
User Manual SURPASS hiD 6615 S223/S323 R1.5 To compare MED values on the exchange of path information between Confederation Peers, use the following command. bgp bestpath med confed [ miss- ing-as-worst ] bgp bestpath med missing-as- worst [ confed ] To ignore MED values of paths on the exchange of information between confederation peers, use the following command.
Page 324: Ip Address Family
Command Mode Router Address- Family SURPASS hiD 6615 S223/S323 R1.5 Description Sets the restart time of Graceful Restart configuration in the unit of second. 1-3600: restart time (default: 120) Sets the stalepath-time of Graceful Restart configura- tion in the unit of second.
Page 325: Bgp Neighbor
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.1.4 BGP Neighbor To assign IP address or peer group name for BGP Neighboring router within specified AS number, use the following command. neighbor {NEIGHBOR-IP | WORD} remote-as <1-65535> no neighbor {NEIGHBOR-IP | WORD} remote-as <1-65535>...
Page 326: Route Map
Mode NEIGHBOR-IP peer- Router Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Create a BGP peer group. NAME: peer group name Delete the BGP peer group created before. Description Includes BGP neighbor to specified peer group using IP address.
Page 327: Bgp Session Reset
User Manual SURPASS hiD 6615 S223/S323 R1.5 To disable the exchange information with a specified router or peer group, use the follow- ing command. neighbor {NEIGHBOR-IP | WORD} shutdown neighbor ADDRESS | WORD} shutdown 10.1.5 BGP Session Reset When you manage BGP network, you can use the command to reset the session for all peers occasionally.
Page 328: Session Reset Of Peers Within Particular As
Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Resets the session of specific group under * condition. in: clears incoming advertised routes. prefix-filter: pushes out prefix-list ORF and does in- bound soft reconfiguration. *: the conditional option (peer group name or AS num- ber or IP address) Resets the session of specific group under * condition.
Page 329: Session Reset Of Specific Route
User Manual SURPASS hiD 6615 S223/S323 R1.5 clear ip bgp <1-65535> soft [ in | out ] clear ip bgp <1-65535> ipv4 { unicast | multicast } soft [ in | out ] 10.1.5.3 Session Reset of Specific Route To reset the sessions of BGP neighboring router with specified IP address, use the follow- ing command.
Page 330: Session Reset Of Peer Group
Global Command Mode Global Command Mode Global SURPASS hiD 6615 S223/S323 R1.5 Description Resets the session of BGP router connected to exter- nal AS. in: clears incoming advertised routes. prefix-filter: pushes out prefix-list ORF and does in- bound soft reconfiguration.
Page 331: Displaying And Managing Bgp
User Manual SURPASS hiD 6615 S223/S323 R1.5 clear ip bgp peer-group GROUP clear ip bgp peer-group GROUP ipv4 { unicast | multicast } out clear ip bgp peer-group GROUP soft [ in | out ] clear ip bgp peer-group GROUP...
Page 332 Command Mode neighbors Enable Global neighbors SURPASS hiD 6615 S223/S323 R1.5 Description The received-routes option displays all received routes (both accepted and rejected) from the specified neighbor. To implement this feature, BGP soft recon- figuration is set. The routes option displays the available routes only that are received and accepted.
Page 333: Open Shortest Path First (Ospf)
• OSPF Monitoring and Management Routing functionalities such as RIP, OSPF, BGP and PIM-SM are only available for hiD 6615 S323. (Unavailable for hiD 6615 S223) 10.2.1 Enabling OSPF To use OSPF routing protocol, it must be activated as other routing protocols. After activa- tion, configures network address and ID which is operated by OSPF.
Page 334 Command Mode Router Command Mode Enable Global Bridge SURPASS hiD 6615 S223/S323 R1.5 Description Opens Router Configuration mode with enabling OSPF. Disables OSPF routing protocol. Description Assigns a router ID with enabling OSPF. Deletes a configured router ID. Description Changes only a router ID without changing related configurations.
Page 335: Abr Type Configuration
User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 3 Use the network command to specify a network to operate with OSPF. There are two ways to show network information configurations. Firstly, shows IP address with bitmask like “10.0.0.0/8”. Secondly, shows IP address with wildcard bit information like “10.0.0.0 0.0.0.255”.
Page 336: Authentication Type
Command Mode Interface Command Mode Interface Command Mode Interface SURPASS hiD 6615 S223/S323 R1.5 Description Enables authentication on OSPF interface. message-digest: MD5 encoding null: no encoding A.B.C.D: IP address for authentication Description Deletes configured authentication. Description Configures the authentication which is based on text encoding.
Page 337: Interface Cost
User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure an authentication key which is based on MD5 encoding, use the following command. ip ospf message-digest-key <1- 255> md5 KEY [ active ] ip ospf message-digest-key <1- 255> md5 [ active ] ip ospf A.B.C.D message-digest-...
Page 338: Blocking Transmission Of Route Information Database
Command Mode Interface Command Mode Interface Command Mode Interface SURPASS hiD 6615 S223/S323 R1.5 Description Deletes a configured an interface cost for OSPF. Description Blocks the transmission of routing information to other router. Description Releases a blocked interface. A50010-Y3-C150-2-7619 User Manual...
Page 339 User Manual SURPASS hiD 6615 S223/S323 R1.5 Transmit delay is considering of the configuration for LSA transmission time. The interval explained as above must be consistent across all routers in an attached net- work. To configure a Hello interval, use the following command.
Page 340: Ospf Maximum Transmission Unit (Mtu)
Mode Interface Command Mode Interface Command Mode Interface SURPASS hiD 6615 S223/S323 R1.5 Description Configures an MTU on OSPF interface. Deletes a configured MTU on OSPF interface. Description Configures the switch to skip the MTU verification in DD process. Description Configures the switch not to skip the MTU verification in DD process.
Page 341: Ospf Network Type
User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete a configured priority of OSPF router, use the following command. no ip ospf priority no ip ospf A.B.C.D priority 10.2.4.8 OSPF Network Type There are 4 types of OSPF network. Broadcast network, NBMA (Non-broadcast-multiple- access) network, Point-to-multipoint network and Point-to-point network.
Page 342: Ospf Area
<0-4294967295> authen- tication Command Command Mode Router Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Mode Description Deletes a configured neighbor router of Router NBMA type. Description Configures authentication information which is based on text encoding in the Area.
Page 343: Default Cost Of Area
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.6.2 Default Cost of Area The default cost of Area is configured only in ABR. ABR function is for delivering the summary default route to stub area or NSSA, in that cases the default cost of area must be required.
Page 344: Not So Stubby Area (Nssa)
The following is explaining options of command: default-information-originate or • default-information-originate metric <0-16777214> or default-information-originate metric-type <1-2> • no-redistribution • no-summary translator-role {candidate | never | always} • Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Configures NSSA. A50010-Y3-C150-2-7619 User Manual...
Page 345 User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure NSSA with one option, use the following command. area <0-4294967295> nssa default-information- originate area <0-4294967295> nssa default-information- originate metric <0-16777214> area <0-4294967295> nssa default-information- originate metric-type <1-2> area <0-4294967295> nssa no-redistribution area <0-4294967295>...
Page 346: Area Range
{ advertise not- Command Mode Router Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Configures to use summarized information for assigned path. Description Releases the configuration to use summarized informa- tion for assigned path Description Configures the shortcut option.
Page 347: Stub Area
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.6.7 Stub Area Stub Area is that ABR is connected to Backbone Area. If it is assigned as Stub Area, ABR will notify the default path to Stub Area and other routing protocol information will not transmit to Stub Area.
Page 348 The following example shows how to configure virtual link with more than 2 options: area <0-4294967295> virtual-link A.B.C.D authentication-key KEY authentication • [message-digest | null] area <0-4294967295> virtual-link A.B.C.D hello-interval <1-65,535> dead-interval • <1-65535> Command Mode Router virtual-link A.B.C.D User Manual SURPASS hiD 6615 S223/S323 R1.5 Description Configures a virtual link. A50010-Y3-C150-2-7619...
Page 349: Default Metric
User Manual SURPASS hiD 6615 S223/S323 R1.5 To delete a configured virtual link, use the following command. no area <0-4294967295> virtual-link A.B.C.D authentication [ message-digest | null ] no area <0-4294967295> virtual-link A.B.C.D authentication-key KEY no area <0-4294967295> virtual-link A.B.C.D message-digest-key KEY md5 KEY no area <0-4294967295>...
Page 350 <1-1800> ospf restart helper only-upgrade max-grace- period <1-1800> [ only-reload ] Command Mode Router Command SURPASS hiD 6615 S223/S323 R1.5 Description Configures the Graceful Restart. Releases the configuration. Mode Description Configures the additional options for Global Graceful Restart.
Page 351: Opaque-Lsa Support
User Manual SURPASS hiD 6615 S223/S323 R1.5 To release the configuration, use the following command. no ospf restart grace-period <1-1800> ospf restart helper never no ospf restart helper max-grace-period <1- 1800> 10.2.9 Opaque-LSA Support Opaque-LSA is LSA Type-9, Type-10, Type-11. The hiD 6615 S323 enables Opaque-LSA as a default but it can be released by user.
Page 352: Finding Period
OSFP start to find the shortest path as soon as got a notification of changing the network component. You can configure the period to find the path. Command Mode Router Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Configures the default route with one option. Description Deletes the configuration. A50010-Y3-C150-2-7619 User Manual...
Page 353: External Routes To Ospf Network
User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure the period of finding, use the following command. timers HOLD To release the configuration, use the following command. no timers spf 10.2.12 External Routes to OSPF Network If other routing protocol redistribute into OSPF network, these routes become OSPF ex- ternal routes.
Page 354: Ospf Distance
<1-255> Command Mode Router Command Mode Router Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Configures the default metric. Description Deletes the default metric. Description Configures the distance of OSPF route. (default: 110) A50010-Y3-C150-2-7619 User Manual...
Page 355: Host Route
User Manual SURPASS hiD 6615 S223/S323 R1.5 The following example shows how to configure the distance with more than 2 options: distance ospf external <1-255> inter-area <1-255> • distance ospf inter-area <1-255> intra-area <1-255> • To make it as a default, use the following command.
Page 356: Blocking Routing Information
Router Command Mode Router Command Mode A.B.C.D/M Router SURPASS hiD 6615 S223/S323 R1.5 Description Blocks the routing information in access-list Description Releases the configuration. Description Configures the summary routing information. Blocks the transmission of summarized routing infor- mation to outside...
Page 357: Displaying Ospf Protocol Information
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.18.1 Displaying OSPF Protocol Information You can verify several information about OSPF protocol. To display the information about OSPF protocol, use the following command. show ip ospf show ip ospf <0-65535> To display OSPF routing table to ABR and ASBR, use the following command.
Page 358 To display the information of virtual link, use the following command. show ip ospf virtual-links Command Command Command Mode Enable Global Command Mode Enable Global SURPASS hiD 6615 S223/S323 R1.5 Mode Description Enable Shows the interface information of Global OSPF. Mode Description Enable Shows the information of neighbor Global router.
Page 359: Displaying Debugging Information
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.2.18.2 Displaying Debugging Information The hiD 6615 S323 uses debug command to find the reason of problem. Use the follow- ing command. debug ospf all debug ospf events [ abr | asbr |...
Page 360: Maximum Process Of Lsa
Command Mode Router Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Assigns the number of LSA for internal route. Assigns the number of LSA for external route. Description Releases the configuration for OSPF internal route. Releases the configuration for OSPF external route.
Page 361: Routing Information Protocol (Rip)
If an interface's network is not specified, it will not be advertised in any RIP update. The hiD 6615 S323 supports RIP version 1 and 2. Routing functionalities such as RIP, OSPF, BGP and PIM-SM are only available for hiD 6615 S323. (Unavailable for hiD 6615 S223) 10.3.1 Enabling RIP To use RIP protocol, you should enable RIP.
Page 362: Rip Neighbor Router
To configure neighbor router to transmit RIP information, use the following command on Router Configuration mode. Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Establishes the network to operate as RIP. A.B.C.D/M: IP prefix (e.g. 35.0.0.0/8) INTERFACE: interface name Removes a specified network to operate as RIP.
Page 363: Rip Version
User Manual SURPASS hiD 6615 S223/S323 R1.5 neighbor A.B.C.D no neighbor A.B.C.D You can block the routing information to specific interface by using the passive-interface command. 10.3.3 RIP Version Basically, the hiD 6615 S323 supports RIP version 1 and 2. However, you can configure to receive either RIP v1 type packets only or RIP v2 type packets only.
Page 364: Creating Available Static Route Only For Rip
1 2 10.3.4 Creating available Static Route only for RIP This feature is provided only by Siemens’ route command creates static route available only for RIP. If you are not familiar with RIP protocol, you would better use redistribute static command.
Page 365 User Manual SURPASS hiD 6615 S223/S323 R1.5 redistribute { kernel | connected | static | ospf | bgp } redistribute { kernel | connected | static | ospf | bgp } metric <0-16> redistribute { kernel | connected | static | ospf | bgp } route-map...
Page 366: Metrics For Redistributed Routes
Command Mode Route-map Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Transmits the information to specified interface only. INTERFACE: interface name Transmits the information matched with access-list. 1-199: IP access list number 1300-2699: IP access list number (expanded range) NAME: IP access list name Transmits the information matched with prefix-list.
Page 367: Administrative Distance
User Manual SURPASS hiD 6615 S223/S323 R1.5 10.3.7 Administrative Distance Administrative distance is a measure of the trustworthiness of the source of the routing in- formation. In large scaled network, Administrative distance is the feature that routers use in order to select the best path when there are two or more different routes to the same destination from two different routing protocols.
Page 368: Filtering Access List And Prefix List
Command Mode Router Command Mode Router SURPASS hiD 6615 S223/S323 R1.5 Description Apply a specific access list or prefix list to incoming or outgoing RIP route updates on interface in order to block the route. INTERFACE: interface name ACCESS-LIST: access list name...
Page 369: Maximum Number Of Rip Routes
User Manual SURPASS hiD 6615 S223/S323 R1.5 To add the value of routing metrics, use the following command. offset-list ACCESS-LIST { in | out } <0-16> [INTERFACE] no offset-list ACCESS-LIST { in | out } <0-16> [INTERFACE] 10.3.10 Maximum Number of RIP Routes You can set the maximum number of RIP routes for using on RIP protocol.
Page 370: Split Horizon
Command Mode Router Command Mode Interface SURPASS hiD 6615 S223/S323 R1.5 Description Adjusts RIP network timers. Restores the default timers. Description Enables the split horizon mechanism. poisoned: performs poisoned reverse. Disables the split horizon mechanism.
Page 371: Restarting Rip
User Manual SURPASS hiD 6615 S223/S323 R1.5 To configure RIP authentication, use the following command. ip rip authentication key-chain NAME ip rip authentication mode { text | md5 } STRING To disable RIP authentication, use the following command. no ip rip authentication key-...
Page 372: Monitoring And Managing Rip
Enable Global Command Mode Enable Global SURPASS hiD 6615 S223/S323 R1.5 Description Sets the UDP Buffer size value for using RIP. 8196-2147483647: UDP buffer size value Restore the default value of UDP buffer size. Description Shows RIP information being used in router.
Page 373: 11 System Software Upgrade
11 System Software Upgrade For the system enhancement and stability, new system software may be released. Using this software, the hiD 6615 S223/323 can be upgraded without any hardware change. You can simply upgrade your system software with the provided upgrade functionality via the CLI.
Page 374: Boot Mode Upgrade
Step 1 To open the boot mode, press <S> key when the boot logo is shown up. ************************************************************ ************************************************************ Press 's' key to go to Boot Mode: 0 Boot> SURPASS hiD 6615 S223/S323 R1.5 total used 16777216 13661822 16777216 13661428...
Page 375 User Manual SURPASS hiD 6615 S223/S323 R1.5 Step 2 To enable the MGMT interface to communicate with TFTP server, you need to configure a proper IP address, subnet mask and gateway on the interface. To configure an IP address, use the following command.
Page 376 : 0x01D00000 - 0x01D1FFFF : 0x01D00000 - 0x01D1FFFF OS size Default-OS 13661806 13661412 SURPASS hiD 6615 S223/S323 R1.5 Description Downloads the system software. os1 | os2: the area where the system software is stored A.B.C.D: TFTP server address FILENAME: system software file name Description Shows the system software in the system.
Page 377: Ftp Upgrade
To upgrade the system software using FTP, perform the following step-by-step instruction: Step 1 Connect to the hiD 6615 S223/323 with your FTP client software. To login the system, you can use the system user ID and password. Note that you must use the command line-based interface FTP client software when up- grading the hiD 6615 S223/323.
Page 378 To reflect the downloaded system software, the system must restart using the reload command! For more information, see Section 4.1.8.1. The following is an example of upgrading the system software of the hiD 6615 S223/323 using the FTP provided by Microsoft Windows XP in the remote place.
Page 379: 12 Abbreviations
User Manual SURPASS hiD 6615 S223/S323 R1.5 12 Abbreviations CIDR DHCP DSCP IEEE 802 IEEE 802.1 IEEE A50010-Y3-C150-2-7619 Access Control List Address Resolution Protocol Border Gateway Protocol Committed Burst Size Communauté Européenne Classless Inter Domain Routing Committed Information Rate Command Line Interface...
Page 380 Personal Computer Point to Point Protocol Quality of Service Request for Comments Routing Information Protocol Rapid Spanning Tree Protocol Real Time Clock Source Address Small Form Factor Pluggable Simple Network Management Protocol User Manual SURPASS hiD 6615 S223/S323 R1.5 A50010-Y3-C150-2-7619...
Page 381 User Manual SURPASS hiD 6615 S223/S323 R1.5 TFTP VLAN A50010-Y3-C150-2-7619 Spanning Tree Protocol Software Transmission Control Protocol Time Division Multiplexing Trivial FTP Telecommunication Management Network Type of Service User Datagram Protocol User Manual VLAN ID Virtual Local Area Network Video on Demand...

This manual is also suitable for:

S323 Surpass hid 6615 s223 Surpass hid 6615 s323 r1.5

Siemens S223 User Manual

1 Introduction

2 System Overview

3 Command Line Interface (CLI)

4 System Connection and IP Address

5 Port Configuration

6 System Environment

7 Network Management

Quick Links

User Manual

Related Manuals for Siemens S223

Summary of Contents for Siemens S223