Download Print this page

Edge-Core ES3628EA User Manual

Edge-Core ES3628EA User Manual

L3 24 10/100 ports + 4ge

Hide thumbs Also See for ES3628EA:

Installation manual (62 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

See also: Installation Manual

ES3628EA L3 24 10/100

Ports + 4GE Fast Ethernet

Switch

1

www.edge-core.com

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the ES3628EA and is the answer not in the manual?

Questions and answers

Summary of Contents for Edge-Core ES3628EA

Page 1 ES3628EA L3 24 10/100 Ports + 4GE Fast Ethernet Switch www.edge-core.com...
Page 2 Preface ES3628EA L3 Fast Ethernet Switch is a high performance routing switch released by Edge-Core that can be deployed as an aggregation device for enterprise and campus networks.ES3628EA L3 Fast Ethernet Switch support a variety of network interfaces from 100Mb to 1000Mb Ethernet.
Page 3: Table Of Contents
Content CHAPTER 1 SWITCH MANAGEMENT ..................17 1.1 M ................... 17 ANAGEMENT PTIONS 1.1.1 Out-Of-Band Management................17 1.1.2 In-band Management ..................21 1.1.3 Management Via Telnet .................. 21 1.1.4 Management Via HTTP................... 23 1.2 M ..................26 ANAGEMENT NTERFACE 1.2.1 CLI Interface ....................26 1.2.2 Configuration Modes ..................
Page 4 2.4.1 Introduction To SNMP ..................69 2.4.2 SNMP Configuration Task List................. 71 2.4.3 Commands For SNMP ..................73 2.4.4 Typical SNMP Configuration Examples............83 2.4.5 SNMP Troubleshooting ................... 84 2.5 S ....................85 WITCH PGRADE 2.5.1 Switch System Files ..................85 2.5.2 BootROM Upgrade ..................
Page 5 3.3.3 Commands for Mirroring Configuration ............127 3.3.4 Device Mirroring Troubleshooting ..............128 3.4 P ................129 ONFIGURATION XAMPLE 3.5 P ..................130 ROUBLESHOOTING 3.6 W ....................130 ANAGEMENT 3.6.1 Ethernet port configuration................130 3.6.2 Physical port configuration ................130 3.6.3 Bandwidth control ..................
Page 6 5.2.2 GVRP Configuration Task List............... 158 5.2.3 Commands for GVRP ................... 159 5.2.4 Typical GVRP Application ................162 5.2.5 GVRP Troubleshooting ................. 164 5.3 D ................164 TUNNEL ONFIGURATION 5.3.1 Dot1q-tunnel Introduction................164 5.3.2 Dot1q-tunnel Configuration ................166 5.3.3 Dot1q-Tunnel Configuration Command............166 5.3.4 Typical Applications Of The Dot1q-tunnel .............
Page 7 7.3.5 revision-level ....................195 7.3.6 spanning-tree ....................195 7.3.7 spanning-tree format ..................196 7.3.8 spanning-tree forward-time ................197 7.3.9 spanning-tree hello-time................197 7.3.10 spanning-tree link-type p2p................. 197 7.3.11 spanning-tree maxage................. 198 7.3.12 spanning-tree max-hop ................198 7.3.13 spanning-tree mcheck................. 199 7.3.14 spanning-tree mode ..................
Page 8 8.3.6 mls qos cos ....................229 8.3.7 mls qos aggregate-policer................230 8.3.8 mls qos trust....................231 8.3.9 mls qos dscp-mutation .................. 231 8.3.10 mls qos map....................232 8.3.11 police......................233 8.3.12 police aggregate ..................234 8.3.13 policy-map....................234 8.3.14 queue mode ....................235 8.3.15 service-policy ....................
Page 9 10.2.2 DHCP Server Configuration Commands............. 286 10.3 DHCP R ................294 ELAY ONFIGURATION 10.3.1 DHCP Relay Configuration Task List............295 10.3.2 DHCP Relay Configuration Commands ............296 10.4 DHCP C ................ 298 ONFIGURATION XAMPLE 10.5 DHCP T .................. 301 ROUBLESHOOTING 10.5.1 Commands for Monitor and Debug .............
Page 10 12.3.6 ipv6 nd-security convert ................321 12.3.7 clear ip arp dynamic ..................321 12.3.8 clear ipv6 nd dynamic ................. 321 12.4 P ARP, ND S ............... 322 REVENT POOFING XAMPLE CHAPTER 13 ROUTING PROTOCOL ..................324 13.1 R ................324 OUTING ROTOCOL VERVIEW 13.1.1 Routing Table ....................
Page 11 13.7.1 Introduction to OSPFv3................447 13.7.2 OSPFv3 Configuration Task List ..............451 13.7.3 Commands for OSPFV3 ................455 13.7.4 OSPFv3 Examples..................465 13.7.5 OSPFv3 Troubleshooting ................467 13.8 BGP ........................475 13.8.1 BGP Introduction..................475 13.8.2 BGP Configuration Task List ............... 478 13.8.3 Commands for BGP ..................
Page 12 15.3.1 multicast-vlan ....................566 15.3.2 multicast-vlan association<vlan-list>............566 15.4 E VLAN................567 XAMPLES ULTICAST CHAPTER 16 IPV4 MULTICAST PROTOCOL ................569 16.1 IP ..............569 ULTICAST ROTOCOL VERVIEW 16.1.1 Introduction to Multicast ................569 16.1.2 Multicast Address..................570 16.1.3 IP Multicast Packet Transmission..............571 16.1.4 IP Multicast Application ................
Page 13 16.6.5 IGMP Troubleshooting ................637 CHAPTER 17 IPV6 MULTICAST PROTOCOL ................641 17.1 PIM-DM6......................641 17.1.1 Introduction to PIM-DM6 ................641 17.1.2 PIM-DM Configuration Task List..............642 17.1.3 Commands for PIM-DM6 ................644 17.1.4 PIM-DM Typical Application ................ 647 17.1.5 PIM-DM Troubleshooting ................648 17.2 PIM-SM6......................
Page 14 18.5.6 Firewall configuration .................. 728 18.5.7 ACL port binding..................728 CHAPTER 19 802.1X CONFIGURATION ..................730 19.1 I 802.1 ..................730 NTRODUCTION TO 19.2 802.1 ............... 731 ONFIGURATION 19.3 C 802.1 ..................735 OMMANDS FOR 19.3.1 aaa enable ....................735 19.3.2 aaa-accounting enable................735 19.3.3 dot1x accept-mac..................
Page 15 20.3.1 advertisement-interval................. 761 20.3.2 circuit-failover....................761 20.3.3 debug vrrp....................762 20.3.4 disable......................762 20.3.5 enable ......................763 20.3.6 interface ...................... 763 20.3.7 preempt-mode..................... 763 20.3.8 priority ......................764 20.3.9 router vrrp ....................764 20.3.10 show vrrp ....................765 20.3.11 virtual-ip..................... 765 20.4 T VRRP S ...................
Page 16 21.3.9 node-mode....................779 21.3.10 primary-port....................779 21.3.11 secondary-port ..................779 21.3.12 show mrpp ....................780 21.3.13 show mrpp statistics.................. 780 21.4 MRPP ..................780 TYPICAL SCENARIO 21.4.1 MRPP typical scenario 1 ................780 21.4.2 MRPP typical scenario 2 ................782 21.4.3 MRPP typical scenario 3 ................
Page 17: Chapter 1 Switch Management
Chapter 1 Switch Management 1.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. ES3628EA Switch provides management options: in-band management and out-of-band management. 1.1.1 Out-Of-Band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
Page 18 Serial port cable One end attach to the RS-232 serial port, the other end to the Console port. ES3628EA Functional Console port required. Step 2 Entering the HyperTerminal Open the HyperTerminal included in Windows after the connection established. The example below is based on the HyperTerminal included in Windows XP.
Page 19 COM1, and click “OK”. Fig 1-4 Opening HyperTerminal 4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity checksum”, “1” for stop bit and “none” for traffic control; or, you can also click “Restore default” and click “OK”. Fig 1-5 Opening HyperTerminal Step 3 Entering switch CLI interface: Power on the switch, the following appears in the HyperTerminal windows, that is the...
Page 20 CLI configuration mode for ES3628EA Switch. ES3628EA Management Switchcol on Interface Ethernet1 Copyright (c) 2001-2006 by Accton Technology Corporation.to DOWNs 2, chan %Jan 01 00:00:23 2006 All rights reserved.rface Ethernet0/0/28 Testing RAM...ttime=0. msrne 67,108,864 RAM OK. to U Initializing... ----192 Attaching to file system ...
Page 21: In-Band Management
3) If not 2), Telnet client can connect to an IP address of the switch via other devices, such as a router. ES3628EA Switch is a Layer 3 switch that can be configured with several IP addresses. The following example assumes the shipment status of the switch where only VLAN1 exists in the system.
Page 22 “ping 10.1.128.251” from the host and verify the result, check for reasons if ping failed. The IP address configuration commands for VLAN1 interface are listed below. Before in-band management, the switch must be configured with an IP address by out-of-band management (i.e. Console mode), The configuration commands are as follows (All switch configuration prompts are assumed to be “switch”...
Page 23: Management Via Http
Enter valid login name and password in the Telnet configuration interface, Telnet user will be able to enter the switch’s CLI configuration interface. The commands used in the Telnet CLI interface after login is the same as that in the Console interface. Fig 1-8 Telnet Configuration Interface 1.1.4 Management Via HTTP To manage the switch via HTTP, the following conditions should be met:...
Page 24 server in the global mode as below: Switch >en Switch#config Switch(Config)#ip http server Step 2: Run HTTP protocol on the host. Open the Web browser on the host and type the IP address of the switch. Or run directly the HTTP protocol on the Windows. For example, the IP address of the switch is “10.1.128.251”.
Page 25 Fig 1-10 Web Login Interface Input the right username and password, and then the main Web configuration interface is shown as below. Fig 1-11 Main Web Configuration Interface...
Page 26: Management Interface
1.2 Management Interface 1.2.1 CLI Interface CLI interface is familiar to most users. As before mentioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands.
Page 27 Or, when exit command is run under Global Mode, it will also return to the Admin Mode. ES3628EA Switch also provides a shortcut key sequence "Ctrl+z”, this allows an easy way to exit to Admin Mode from any configuration mode (except User Mode).
Page 28 Interface switch IPs, etc command to vlan <Vlan-id> Vlanx)# command under return to Global Mode. Global Mode. Ethernet Port Type Configure Use the exit interface Switch(Config- supported command to ethernet ethernetxx)# duplex mode, return <interface-list> command under speed, etc. Global Mode. Global Mode.
Page 29: Configuration Syntax
1.2.3 Configuration Syntax ES3628EA Switch provides various configuration commands. Although all the commands are different, they all abide by the syntax for ES3628EA Switch configuration commands. The general commands format of ES3628EA Switch is shown below: cmdtxt <variable> { enum1 | … | enumN } [option] Conventions: cmdtxt in bold font indicates a command keyword;...
Page 30: Shortcut Key Support
<string> rw 1.2.4 Shortcut Key Support ES3628EA Switch provides several shortcut keys to facilitate user configuration, such as up, down, left, right and Blank Space. If the terminal does not recognize Up and Down keys, ctrl +p and ctrl +n can be used instead.
Page 31: Input Verification
There are two ways in ES3628EA Switch for the user to access help information: the “help” command and the “?”. Access to Help Usage and function Help Under any command line prompt, type in “help” and press Enter will get a brief description of the associated help system.
Page 32: Web Management
ES3628EA switch shell support fuzzy match in searching command and keyword. Shell will recognize commands or keywords correctly if the entered string causes no conflict. For example: 1. For command “show interfaces status Ethernet 0/0/1”, typing “sh in status E 0/0/1”...
Page 33 Fig 1-13 Module Front Panel...
Page 34: Chapter 2 Basic Switch Configuration
Chapter 2 Basic Switch Configuration 2.1 Basic Switch Configuration Commands Basic switch configuration includes commands for entering and exiting the admin mode, commands for entering and exiting interface mode, for configuring and displaying the switch clock, for displaying the version information of the switch system, etc. Command Explanation Normal User Mode/ Admin Mode...
Page 35 no authentication login Function: Configure the authentication mode and priority on Telnet Server for remote login users; the “no authentication login” command restores to the default login authentication mode. Default: Default login authentication mode is local. Command mode: Global mode Usage guide: When using authentication modes combinations, the mode at the first of the queue is with the highest priority which receding accordingly.
Page 36 2.1.1.4 debug ssh-server Command: debug ssh-server no debug ssh-server Function: Display SSH server debugging information; the “no debug ssh-server” command stops displaying SSH server debugging information. Default: This function is disabled by default. Command mode: Admin Mode 2.1.1.5 dir Command: dir Function: Display the files and their sizes in the Flash memory.
Page 37 The “no enable password” command deletes this password Parameter: password is the configured code. Encryption will be performed by entering 8. Command mode: Global Mode Default: This password is empty by system default Usage Guide: Configure this password to prevent unauthorized entering Admin Mode. It is recommended to set the password at the initial switch configuration.
Page 38 Parameter <hostname> is the string for the prompt, up to 30 characters are allowed. Command mode: Global Mode Default: The default prompt is ES3628EA switch. Usage Guide: With this command, the user can set the CLI prompt of the switch according to their own requirements.
Page 39 2.1.1.13 ipv6 host Command: ipv6 host <hostname> <ipv6_addr> no ipv6 host <hostname> Function: Configure the mapping relationship between the IPv6 address and the host; the “no ipv6 host <hostname>” command deletes this mapping relationship name host,containing Parameter ： <hostname> characters;<ipv6_addr> is the IPv6 address corresponding to the host name. Command Mode: Global Mode Usage Guide: Configure a fixed corresponding relationship between the host and the IPv6 address, applicable in commands such as “traceroute6 <host>”, etc.
Page 40 Command mode: Admin Mode Default: The default setting is English display. Usage Guide: ES3628EA switch provides help information in two languages, the user can select the language according to their preference. After the system restart, the help information display will revert to English.
Page 41 Example: Switch(Config)#password 8 test Switch(Config)#login 2.1.1.19 ping Command: ping [<ip-addr> | <host>|vrf|] Function: The switch send ICMP packet to remote devices to verify the connectivity between the switch and remote devices. Parameter: <ip-addr> is the target host IP address for ping, in dot decimal format. <host>...
Page 42 Target IP address: Target IP address Repeat count [5] Packet number, the default is 5 Datagram size in byte [56] ICMP packet size the default is 56 bytes Timeout in milli-seconds [2000]: Timeout (in milliseconds,) the default is 2 seconds. Extended commands [n]: Whether to change the other options or not 2.1.1.20 ping6...
Page 43 Output Interface: vlan1 Use source address option[n]:y Source IPv6 address: fe80::203:fff:fe0b:16e3 Repeat count [5]: Datagram size in byte [56]: Timeout in milli-seconds [2000]: Extended commands [n]: Type ^c to abort. Sending 5 56-byte ICMP Echos to fe80::2d0:59ff:feb8:3b27, using src address fe80::203:fff:fe0b:16e3, timeout is 2 seconds.
Page 44 Function: Warm reset the switch. Command mode: Admin Mode Usage Guide: The user can use this command to restart the switch without power off. 2.1.1.22 service password-encryption Command: service password-encryption no service password-encryption Function: Encrypt system password. The “no service password-encryption” command cancels the encryption Command mode: Global mode Default: no service password-encryption by system default...
Page 45 2.1.1.25 setup Command: setup Function: Enter the Setup Mode of the switch. Command mode: Admin Mode Usage Guide: ES3628EA switch provides a Setup Mode, in which the user can configure IP addresses, etc. 2.1.1.26 terminal length Command: terminal length <0-512>...
Page 46 Usage guide: Configures whether the current debugging messages is displayed on this terminal. If this command is configured on telnet or ssh clients, debug messages will be sent to that client. The debug message is displayed on console by default Example: Switch#terminal monitor 2.1.1.28 traceroute Command: traceroute {<ip-addr>...
Page 47 Notice： The user can log in use name and priority after the command configures, before login local command is executed (Enable username and password), it insures that priority of one user is maximum 15, so that users could log in by this username and access in admin mode and global mode to modify system configuration, otherwise, users only access in common mode, not admin mode to take the users effect.
Page 48: Monitor And Debug Command
ES3628EA switch provides various debug commands including ping, telnet, show and debug, etc. to help the users to check system configuration, operating status and locate problem causes.
Page 49 Telnet employs the Client-Server mode, the local system is the Telnet client and the remote host is the Telnet server. ES3628EA switch can be either the Telnet Server or the Telnet client.
Page 50 Command Explanation Admin Mode Login to a remote host with the telnet [<ip-addr>] [<port>] Telnet client included in the switch. 2.2.3.3 Commands for Telnet 2.2.3.3.1 telnet Command: telnet {<ip-addr> | <ipv6-addr> | host <hostname>} [<port>] Function: Log on the remote host by Telnet Parameter：<ip-addr>...
Page 51: Ssh
Default: Telnet server function is enabled by default. Command mode: Global Mode Usage Guide: This command is available in Console only. The administrator can use this command to enable or disable the Telnet client to login to the switch. Example: Disable the Telnet server function in the switch. Switch(Config)#no ip telnet server 2.2.3.3.3 telnet-server securityip Command: telnet-server securityip <ip-addr>...
Page 52 SSH Server Configuration Command Explanation Global Mode Enable SSH function on the switch; the ssh-server enable “no command ssh-server enable” no ssh-server enable disables SSH function. Configure the username and password of SSH client software for logging on the ssh-user <user-name> password {0|7} switch;...
Page 53 Default: The number of times for retrying SSH authentication is 3 by default. Example: Set the number of times for retrying SSH authentication to 5. Switch(Config)#ssh-server authentication-retries 5 2.2.4.3.2 ssh-server enable Command: ssh-server enable no ssh-server enable Function: Enable SSH function on the switch; the “no ssh-server enable” command disables SSH function.
Page 54: Traceroute
Default: SSH authentication timeout is 180 seconds by default. Example: Set SSH authentication timeout to 240 seconds. Switch(Config)#ssh-server timeout 240 2.2.4.3.5 ssh-user Command: ssh-user <username> password {0|7} <password> no ssh-user <username> Function: Configure the username and password of SSH client software for logging on the switch;...
Page 55: Traceroute6
Trace route command is for testing the gateways through which the data packets travels from the source device to the destination device, so to check the network accessibility and locate the network failure. Execution procedure of the Trace route command consists of: first a data packet with TTL at 1 is sent to the destination address, if the first hop returns an ICMP error message to inform this packet can not be sent (due to TTL timeout), a data packet with TTL at 2 will be sent.
Page 56 Display the files and the sizes saved in the flash Display recent user input history show history command Display content in specified memory area show memory Display the switch parameter configuration show running-config validating at current operation state. Display the switch parameter configuration written in the Flash Memory at current operation state,...
Page 57 the system clock can be adjusted in time if inaccuracy occurs. Example: Switch#show calendar Current time is TUE AUG 22 11: 00: 01 2002 2.2.7.1.2 show debugging Command: show debugging Function: Display the debug switch status. Usage Guide: If the user need to check what debug switches have been enabled, show debugging command can be executed.
Page 58 address, Hex view of the information and character view. Example: Switch#show memory start address : 0x2100 number of words[64]: 002100: 0000 0000 0000 0000 0000 0000 0000 0000 *....* 002110: 0000 0000 0000 0000 0000 0000 0000 0000 *....* 002120: 0000 0000 0000 0000 0000 0000 0000 0000 *....* 002130: 0000 0000 0000 0000 0000 0000 0000 0000 *....*...
Page 59 Example: Switch#show ssh-user test 2.2.7.1.8 show startup-config Command: show startup-config Function: Display the switch parameter configurations written into the Flash memory at the current operation; those are usually also the configuration files used for the next power-up. Default: If the configuration parameters read from the Flash are the same as the default operating parameter, nothing will be displayed.
Page 60 Mac addr num Number of interfaces with MAC address learning ability Mode :Access Current interface VLAN mode Port VID :1 Current VLAN number the interface belongs Trunk allowed Vlan :ALL VLAN permitted by Trunk. 2.2.7.1.10 show users Command: show users Function: Display all user information that can login the switch .
Page 61: Debug
Uptime is 0 weeks, 0 days, 0 hours, 43 minutes 2.2.8 Debug All the protocols ES3628EA switch supports have their corresponding debug commands. The users can use the information from debug commands for troubleshooting. Debug commands for their corresponding protocols will be introduced in the later chapters.
Page 62 The system log takes all information output under it control, while making detailed catalogue, so to select the information effectively. Combining with Debug programs, it will provide a powerful support to the network administrator and developer in monitoring the network operation state and locating the network failures. The switch system log has following characteristics Log output from four directions (or log channels) of the Console, Telnet terminal and monitor, log buffer zone, and log host.
Page 63 2.2.9.1.2 Format And Severity Of The Log Information The log information format is compatible with the BSD syslog protocol, so we can record and analyze the log by the syslog (system log protect session) on the UNIX/LINUX, as well as syslog similar applications on PC. The log information is classified into eight classes by severity or emergency procedure.
Page 64 transmitted to the Telnet terminal. Warnings information can be sent to all terminal with also saved in the SDRAM log buffer zone. And the critical information can be save both in SDRAM and the NVRAM (if exists) besides sent to all terminals. To check the log save in SDRAM and the NVRAM, we can use the show logging buffered command.
Page 65 displayed to the terminal, their display format should be: index ID time <level> module ID [mission name] log information. 2.2.9.2.2.2 clear logging Command: clear logging { sdram | nvram } Function: This command is used to clear all the information in the log buffer zone. Command Mode:Admin Mode Usage Guide: When the old information in the log buffer zone is no longer concerned, we can use this command to clear all the information...
Page 66: Configurate Switch Ip Addresses
Switch(Config)#logging 3ffe:506::4 facility local7 level warnings 2.3 Configurate Switch IP Addresses All Ethernet ports of ES3628EA switch is default to Data Link layer ports and perform layer 2 forwarding. VLAN interface represent a Layer 3 interface function which can be assigned an IP address, which is also the IP address of the switch.
Page 67: Switch Ip Addresses Configuration Task List
2.3.1 Switch IP Addresses Configuration Task List 1. Manual configuration 2. BootP configuration 3. DHCP configuration 1. Manual configuration Command Explanation Configure the VLAN interface IP address; address <ip_address> <mask> the “no ip address <ip_address> <mask> [secondary] [secondary]” command deletes VLAN no ip address <ip_address>...
Page 68 address. Default: No IP address is configured upon switch shipment. Command mode: Interface Mode Usage Guide: A VLAN interface must be created first before the user can assign an IP address to the switch. Example: Set 10.1.128.1/24 as the IP address of VLAN1 interface. Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.1 255.255.255.0 Switch(Config-If-Vlan1)#exit...
Page 69: Snmp Configuration
mutually exclusive, enabling any 2 methods for obtaining an IP address is not allowed. Example: Getting an IP address through DHCP. Switch (Config)#interface vlan 1 Switch (Config-If-Vlan1)#ip address dhcp-client Switch (Config-If-Vlan1)#exit 2.4 SNMP Configuration 2.4.1 Introduction To SNMP SNMP (Simple Network Management Protocol) is a standard network management protocol widely used in computer network management.
Page 70 Get-Bulk-Request and Set-Request messages; and the Agent, upon receiving the requests, replies with Get-Response message. On some special situations, like network device ports are on Up/Down status or the network topology changes, Agents can send Trap messages to NMS to inform the abnormal events. Besides, NMS can also be set to alert to some abnormal events by enabling RMON function.
Page 71: Snmp Configuration Task List
In this figure, the OID of the object A is 1.2.1.1. NMS can locate this object through this unique OID and gets the standard variables of the object. MIB defines a set of standard variables for monitored network devices by following this structure. If the variable information of Agent MIB needs to be browsed, the MIB browse software needs to be run on the NMS.
Page 72 3. Configure IP address of SNMP management base 4. Configure engine ID 5. Configure user 6. Configure group 7. Configure view 8. Configuring TRAP 9. Enable/Disable RMON 1. Enable or disable SNMP Agent server function Command Explanation Enable the SNMP Agent function on the snmp-server switch;...
Page 73: Commands For Snmp
SNMP v3. {md5|sha} <password-string>}] snmp-server user <user-string> <group-string> 6. Configure group Command Explanation Set the group information on the switch. snmp-server group <group-string> This command is used to configure VACM {NoauthNopriv|AuthNopriv|AuthPriv} for SNMP v3. [[read <read-string>] [write <write-string>] [notify <notify-string>]] no snmp-server group <group-string>...
Page 74 Command: rmon enable no rmon enable Function: Enable RMON; the “no rmon enable” command disables RMON. Command mode: Global Mode Default: RMON is disabled by default. Example 1: Enable RMON Switch(config)#rmon enable Example 2: Disable RMON Switch(config)#no rmon enable 2.4.3.2 show snmp Command: show snmp Function: Display all SNMP counter information.
Page 75 packets. illegal operation for community name Number of permission for community supplied name error packets. encoding errors Number of encoding error packets. number of requested variables Number of variables requested by NMS. number of altered variables Number of variables set by NMS. get-request PDUs Number of packets received by “get”...
Page 76 Displayed information Description Community string Community string Community access Community access permission Trap-rec-address IP address which is used to receive Trap. Trap enable Enable or disable to send Trap. SecurityIP IP address of the NMS which is allowed to access Agent 2.4.3.4 snmp-server community Command: snmp-server community <string>...
Page 77 Switch(Config)#snmp-server 2.4.3.6 snmp-server enable traps Command: snmp-server enable traps no snmp-server enable traps Function: Enable the switch to send Trap message; the “no snmp-server enable traps” command disables the switch to send Trap message. Command mode: Global Mode Default: Trap message is disabled by default. Usage Guide: When Trap message is enabled, if Down/Up in device ports or of system occurs, the device will send Trap messages to NMS that receives Trap messages.
Page 78 will be applied when sending the Trap of RMON, and if the community character string is configured, its configuration will be applied when sending the RMON trap. Example: Configure an IP address to receive Trap Switch(config)#snmp-server host 1.1.1.5 v1 usertrap Delete a Trap receiving IP address Switch(config)#no snmp-server host 1.1.1.5 v1 usertrap Configure a Trap receiving IPv6 address...
Page 79 Example: Switch#show snmp engineid SNMP engineID:3138633303f1276c Engine Boots is:1 Displayed Information Explanation SNMP engineID Engine number Engine Boots Engine boot counts 2.4.3.11 show snmp group Command: show snmp group Function: Display the group information commands Command Mode: Admin Mode Example: Switch#show snmp group Group Name:initial Security Level:noAuthnoPriv...
Page 80 Engine ID: 1234567890 Auth Protocol:MD5 Priv Protocol:DES-CBC Row status:active Displayed Information Explanation User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state 2.4.3.14 show snmp view Command: show snmp view Function:Display the view information commands.
Page 81 Example: Set current engine ID to A66688999F Switch(config)#snmp-server engineid A66688999F Restore the default engine ID Switch(config)#no snmp-server engineid A66688999F 2.4.3.16 snmp-server group Command: snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv} [[read <read-string>] [write <write-string>] [notify <notify-string>]] no snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv} Function:This command is used to configure a new group; the “no” form of this command deletes this group.
Page 82 2.4.3.18 snmp-server view Command: snmp-server view <view-string> <oid-string> {include|exclude} no snmp-server view <view-string> Function: This command is used to create or renew the view information; the “no" form of this command deletes the view information Command Mode:Global Mode Parameter: <view-string> view name, containing 1-32 characters; <oid-string>is OID number or corresponding node name, containing 1-255 characters.
Page 83: Typical Snmp Configuration Examples
HMAC md5 for authentication, the password is hello. Switch (Config)#snmp-server user tester UserGroup encrypted auth md5 hello deletes an User Switch (Config)#no snmp-server user tester UserGroup 2.4.3.20 snmp-server securityip Command：snmp-server securityip {<ipv4-address>| <ipv6-address>} no snmp-server securityip {<ipv4-address>| <ipv6-address>} Function： Configure to permit to access security IPv4 or IPv6 address of the switch NMS administration station;...
Page 84: Snmp Troubleshooting
Fig 2-2 Typical SNMP Configuration The IP address of the NMS is 1.1.1.5; the IP address of the switch (Agent) is 1.1.1.9 Scenario 1: The NMS network administrative software uses SNMP protocol to obtain data from the switch. The configuration on the switch is listed below: Switch(config)#snmp-server Switch(Config)#snmp-server community private rw Switch(Config)#snmp-server community public ro...
Page 85: Switch Upgrade
If users still can’t solve the SNMP problems, Please contact our technical and service center. 2.5 Switch Upgrade ES3628EA switch provides two ways for switch upgrade: BootROM upgrade and the TFTP/FTP upgrade under Shell. 2.5.1 Switch System Files The system files includes system image file and boot file. The updating of the switch is to update the two files by overwrite the old files with the new ones.
Page 86: Bootrom Upgrade
FTP/TFTP server software installed and has the image file required for the upgrade. Step 2: Press “ctrl+b” on switch boot up until the switch enters BootROM monitor mode. The operation result is shown below: ES3628EA Management Switch Copyright (c) 2001-2006 by Accton Technology Corporation. All rights reserved. Testing RAM...
Page 87 Attached TCP/IP interface to sc0. [Boot]: Step 3: Under BootROM mode, run “setconfig” to set the IP address and mask of the switch under BootROM mode, server IP address and mask, and select TFTP or FTP upgrade. Suppose the switch address is 192.168.1.2/24, and PC address is 192.168.1.66/24, and select TFTP upgrade, the configuration should like: [Boot]: setconfig Host IP Address: 10.1.1.1 192.168.1.2...
Page 88: Ftp/Tftp Upgrade
Other commands in BootROM mode DIR command Used to list existing files in the FLASH. [Boot]: dir boot.rom 327,440 1900-01-01 00: 00: 00 --SH boot.conf 83 1900-01-01 00: 00: 00 --SH nos.img 2,431,631 1980-01-01 00: 21: 34 ---- startup-config 2,922 1980-01-01 00: 09: 14 ---- temp.image 2,431,631 1980-01-01 00: 00: 32 ---- CONFIG RUN command...
Page 89 Boot file: refers to the file initializes the switch, also referred to as the ROM upgrade file (Large size file can be compressed as IMAGE file). In ES3628EA switch, the boot file is allowed to save in ROM only. ES3628EA switch mandates the name of the boot file to be boot.rom.
Page 90 ES3628EA switch mandates the name of start up configuration file to be startup-config. Running configuration file: refers to the running configuration sequence use in the switch. In ES3628EA switch, the running configuration file stores in the RAM. In the current version, the running configuration sequence running-config can be saved from...
Page 91 Command Explanation Admin Mode copy <source-url> <destination-url> FTP/TFTP client upload/download file [ascii | binary] （2）For FTP client, server file list can be checked. Global Mode For FTP client, server file list can be checked. dir <ftpServerUrl> FtpServerUrl format looks like: ftp: //user: password@IP Address 2.
Page 92 Global Mode tftp-server Set maximum retransmission time within retransmission-number < timeout interval. number > 2.5.3.2.2 Commands for Switch Upgrade 2.5.3.2.2.1 copy（FTP） Command: copy <source-url> <destination-url> [ascii | binary] Function: Download files to the FTP client. Parameter ： <source-url> is the location of the source files or directories to be copied;<destination-url>...
Page 93 Examples: （1）Save images in the FLASH to the FTP server of 2004:1:2:3::6 Switch#copy nos.img ftp://username:password@2004:1:2:3::6/ nos.img （2）Obtain system file nos.img from the FTP server 2004:1:2:3::6 Switch#copy ftp:// username:password@2004:1:2:3::6/nos.img nos.img （3）Save the running configuration files Switch#copy running-config startup-config 2.5.3.2.2.2 copy（TFTP） Command: copy <source-url> <destination-url> [ascii | binary] Function: Download files to the TFTP client Parameter：<source-url>...
Page 94 （1）Save images in the FLASH to the TFTP server of 2004:1:2:3::6 Switch#copy nos.img tftp:// 2004:1:2:3::6/ nos.img （2）Obtain system file nos.img from the TFTP server 2004:1:2:3::6 Switch#copy tftp:// 2004:1:2:3::6/nos.img nos.img （3）Save running configuration files Switch#copy running-config startup-config 2.5.3.2.2.3 dir Command: dir <ftp-server-url> Function: Browse the file list on the FTP server.
Page 95 Usage Guide: When FTP data connection idle time exceeds this limit, the FTP management connection will be disconnected. Example: Modify the idle threshold to 100 seconds. Switch#config Switch(Config)#ftp-server timeout 100 2.5.3.2.2.6 show ftp Command: show ftp Function: display the parameter settings for the FTP server Command mode: Admin Mode Default: No display by default.
Page 96: Ftp/Tftp Configuration Examples
Usage Guide: When TFTP server function is enabled, the switch can still perform tftp client functions. TFTP server is not started by default. Example: enable TFTP server service. Switch#config Switch(Config)#tftp-server enable 2.5.3.2.2.9 tftp-server retransmission-number Command: tftp-server retransmission-number <number> Function: Set the retransmission time for TFTP server Parameter: <...
Page 97 Switch 10.1.1.2 computer 10.1.1.1 Fig 2-4 Download nos.img file as FTP/TFTP client Scenario 1: The switch is used as FTP/TFTP client. The switch connects from one of its ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; the switch acts as a FTP/TFTP client, the IP address of the switch management VLAN is 10.1.1.2.
Page 98 Switch (Config-If-Vlan1)#exit Switch (Config)#exit Switch#copy tftp: //10.1.1.1/12_30_nos.img nos.img Scenario 2: The switch is used as FTP server. The switch operates as the FTP server and connects from one of its ports to a computer, which is a FTP client. Transfer the “nos.img”...
Page 99 Switch#copy tftp: //10.1.1.1/ boot.rom boot.rom Switch#copy tftp: //10.1.1.1/ startup-config startup-config Scenario 5: ES3628EA switch acts as FTP client to view file list on the FTP server. Synchronization conditions: The switch connects to a computer by an Ethernet port, the computer is a FTP server with an IP address of 10.1.1.1; the switch acts as a FTP client, and the IP address of the switch management VLAN1 interface is 10.1.1.2.
Page 100: Ftp/Tftp Troubleshooting
Switch (Config-If-Vlan1)#exit Switch (Config)#dir ftp: //Switch: Admin@10.1.1.1 220 Serv-U FTP-Server v2.5 build 6 for WinSock ready... 331 User name okay, need password. 230 User logged in, proceed. 200 PORT Command successful. 150 Opening ASCII mode data connection for /bin/ls. recv total = 480 nos.img nos.rom parsecommandline.cpp...
Page 101 226 Transfer complete. close ftp client. The following is the message displays when files are successfully received. Otherwise, please verify link connectivity and retry “copy” command again. 220 Serv-U FTP-Server v2.5 build 6 for WinSock ready... 331 User name okay, need password. 230 User logged in, proceed.
Page 102: Jumbo Configuration
close tftp client. If the switch is upgrading system file or system start up file through TFTP, the switch must not be restarted until “close tftp client” is displayed, indicating upgrade is successful, otherwise the switch may be rendered unable to start. If the system file and system start up file upgrade through TFTP fails, please try upgrade again or use the BootROM mode to upgrade 2.6 Jumbo Configuration...
Page 103: Tacacs+ Configuration
Default：Jumbo function not enabled by default Command Mode：Global Mode Example： Switch(Config)#jumbo enable Switch(Config)#no jumbo enable 2.7 TACACS+ Configuration 2.7.1 TACACS+ Introduction TACACS+ terminal access controller access control protocol is a protocol similar to the radius protocol for control the terminal access to the network. Three independent functions of Authentication, Authorization, Accounting are also available in this protocol.
Page 104: Commands For Tacacs
Configure the IP address and listen port tacacs-server authentication host number of the TACACS+ authentication <IPaddress> [[port {<portNum>}] server; the “no” form of this command [primary]] deletes the TACACS+ authentication no tacacs-server authentication host server <IPaddress> 3) Configure the TACACS+ authentication timeout time Command Explanation Global Mode...
Page 105 Command: tacacs-server key <string> no tacacs-server key Function: Configure the key of TACACS+ authentication server; the “no tacacs-server key” command deletes the TACACS+ server key. Parameter: <string> is the character string of the TACACS+ server key, containing maximum 16 characters. Command Mode: Global Mode Usage Guide: The key is used on encrypted packet communication between the switch and the TACACS+ server.
Page 106: Typical Tacacs+ Scenarios
Usage Guide: Enable the TACACS+ debugging messages to check the negotiation process of the TACACS+ protocol which can help detecting the failure. Example: Enable the debugging messages of the TACACS+ protocol Switch#debug tacacs-server 2.7.4 Typical TACACS+ Scenarios Switch 10.1.1.2 10.1.1.1 Tacacs Server 10.1.1.3 Fig 2-5 TACACS Configuration...
Page 107: Web Management
other debugging command and copy the DEBUG message within 3 minutes, send the recorded message to the technical server center of our company. 2.8 Web Management 2.8.1 Switch Basic Configuration Users should click “Switch basic configuration” table and configure the switch’s clock, prompts of command-line interface, timeout of quitting Admin mode, etc.
Page 108 Users should click “Switch basic configuration” and “SNMP configuration” to configure the SNMP relating functions. 2.8.2.1 SNMP Manager Configuration Users should click “Switch basic configuration”, “SNMP configuration”, and “SNMP manager configuration” to configure the community string of the switch. Community string (0-255 characters) -for configuration of the community string. Access priority -specifies access rights to MIB, including “Read only”...
Page 109 2.8.2.3 Configure IP address of SNMP manager User should click “Switch basic configuration”, “SNMP configuration”, and “Configure ip address of snmp manager” to configure the security IP address which will be allowed to access to the NMS management station of the switch. 5.4.4.2.6. Security ip address -Security IP address of NMS State –”Valid”...
Page 110: Switch Upgrade
2.8.2.5 RMON and trap configuration Users should click “Switch basic configuration”, “SNMP configuration” and “RMON and TRAP configuration” to configure the RMON function of the switch. Snmp Agent state –open/close the switch to be SNMP agent server function. RMON state -open/close RMON function of the switch. Trap state -allows device to send Trap messages Example: choose Snmp Agent state as “Open”, choose RMON state as “Open”, and choose Trap state as “Open”.
Page 111 FTP server service -to configure FTP server 2.8.3.1 TFTP client configuration Users should click “Switch basic configuration” and “TFTP client service” to enter into the configuration page. Words and phrases are explained in the following: Server IP address-IP address of the server. Local file name-the local file name Server file name-the file name of the server Operation type-”Upload”...
Page 112 configuration page. Words and phrases are explained in the following: Server IP address-IP address of the server User name-the name of the user Password-the specific password Operation type-”Upload” means to upload files; “Download” means to download files Transmission type-”ascii” means to transit files by using ASCII standard. “binary” means the files are transmitted in binary standard.
Page 113: Commands For Monitor And Debug
2.8.4 Commands for Monitor And Debug Users should click “Switch basic configuration” and “Basic configuration debug” to enter into the configuration page and make configuration nodes, which include the following segments: Debug command-a debugging command. Show calendar-to display the current time. Dir-to display FLASH files.
Page 114: Switch Maintenance
2.8.4.2 Show vlan port property Users should click “Switch basic configuration”, “Basic configuration debug” and “show switchport interface” to enter into the configuration page and make configuration nodes. “Port” means the port table. Example: User finds a VLAN port’s properties by choosing port0/0/1 and click “Apply.” 2.8.4.3 Others Other parts are easier to configure.
Page 115: Telnet Server Configuration
Users should save the current running-config by clicking “Switch maintenance”, “Save current running-config” and “Apply”. 2.8.5.2 Reboot Users should reboot the switch by clicking “Switch maintenance.” 2.8.5.3 Reboot with the default configuration Users should clear all current configurations and reboot the switch again by clicking “Switch maintenance”...
Page 116 Users should click “Telnet server configuration” and “Telnet security IP” to configure the security IP address of an allowed Telnet client for when the switch functions as the Telnet server. Words and phrases are explained in the following: Security IP address-a specific security IP address Operation-to choose from the drop-down list.
Page 117: Chapter 3 Port Configuration
Chapter 3 Port Configuration 3.1 Introduction to Port ES3628EA Switch comes with 24 10/100Base-TX ports, 2 10/100/1000Base-TX ports, and 2 1000M-SFP ports. If the user needs to configure some network ports, he/she can use the “interface ethernet <interface-list>” command to enter the appropriate Ethernet port configuration mode, where <interface-list>...
Page 118 Explanation Command Interface Mode Enters the network port configuration interface ethernet <interface-list> mode. 2. Configure the properties for the Ethernet ports Explanation Command Interface Mode shutdown Enables/Disables specified ports no shutdown Names or cancels the name of specified name <string> ports no name mdi { auto | across | normal }...
Page 119 Usage Guide: After the flow control function is enabled, the port will notify the sending device to slow down the sending speed to prevent packet loss when traffic received exceeds the capacity of port cache. ES3628EA’s ports support IEEE802.3X flow control;...
Page 120 the ports work in half-duplex mode, supporting back-pressure flow control. If flow control results in serious HOL, the switch will automatically start HOL control (discarding some packets in the COS queue that may result in HOL) to prevent drastic degradation of network performance.
Page 121 Function: Sets the cable types supported by the Ethernet port; the “no mdi” command sets the cable type to auto-identification. This command is not supported on ES3628EA’s ports of 1000Mbps or more, these ports have auto-identification set for cable types.
Page 122 switch receives data from out side, while output refers to the function will be perform on sending only. Command Mode：Interface mode Default：Bandwidth limit disabled by default Usage Guide：When the bandwidth limit is enabled with a size set, the max bandwidth of the port is determined by this size other than by 10/100/1000M Note: The bandwidth limit can not exceed the physic maximum speed possible on the port.
Page 123 3.2.1.2.10 show interface status Command：show interface status[{ethernet <interface-number> | vlan <vlan-id> | port-channel <port-channel-number> | <interface-name>}] Function：Show information of specific port on the switch Parameter：<interface-number> is the port number of the Ethernet, < vlan-id > is the VLAN interface number, <port-channel-number> is the number of the aggregation interface, <interface-name>...
Page 124: Vlan Interface Configuration
3.2.1.2.12 speed-duplex Command: speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | { {force1g-half | force1g-full} [nonegotiate [master | slave]] } } no speed-duplex Function: Sets the speed and duplex mode for 1000Base-TX or 100Base-TX ports; the “no speed-duplex” command restores the default speed and duplex mode setting, i.e., auto speed negotiation and duplex.
Page 125 Enter VLAN Mode Configure the IP address for VLAN interface and enable VLAN interface. 1. Enter VLAN Mode Command Explanation Global Mode Enters Interface Mode; the “no interface vlan <vlan-id> interface vlan <vlan-id>“ command no interface vlan <vlan-id> deletes specified VLAN interface. 2.
Page 126: Port Mirroring Configuration
VLAN interface. A VLAN interface can have one primary IP address but multiple secondary IP addresses. Both primary IP address and secondary IP addresses can be used for SNMP/Web/Telnet management. In addition, ES3628EA allows IP addresses to be obtained through BootP/DHCP.
Page 127: Port Mirroring Configuration Task List
RMON monitoring instrument is often attached to the mirror destination port to monitor and manage the network and diagnostic. ES3628EA switch support one mirror destination port only. The number of mirror source ports are not limited, one or more may be used. Multiple source ports can be within the same VLAN or across several VLANs.
Page 128: Device Mirroring Troubleshooting
limitation on the switch to the mirror source port, which can be one port or many ports, and not only can the bilateral flow be sent out from or received into the mirror source port, but also the sent and received flows are available on single mirror source port. While mirroring several ports, their direction can vary but have to be configured by several times.
Page 129: Port Configuration Example
3.4 Port Configuration Example SwitchA 0/0/7 0/0/9 SwitchB 0/0/12 0/0/10 SwitchC Fig 3-1 Port Configuration Example No VLAN has been configured in the switches, default VLAN1 is used. Switch Port Property SwitchA 0/0/7 Ingress bandwidth limit: 150 M SwitchB 0/0/8 Mirror source port 0/0/9 100Mbps full, mirror source port...
Page 130: Port Troubleshooting
3.5 Port Troubleshooting Here are some situations that frequently occurs in port configuration and the advised solutions: Two connected fiber interfaces won’t link up if one interface is set to auto-negotiation but the other to forced speed/duplex. This is determined by IEEE 802.3.
Page 131: Bandwidth Control
enabled flow control. Loopback: Sets up Ethernet port to enable loopback testing function. Example: Assign port to be Ethernet 0/0/1 and set up MDI as normal; Admin control status as no shutdown, speed/duplex as auto, port flow control status as disabled flow control and Loopback as no loopback.
Page 132: Vlan Interface Configuration
3.6.4 Vlan interface configuration Click Port configuration, vlan interface configuration to open the VLAN port configuration management list to allocate IP address and mask on L3 port and so on. 3.6.5 Allocate IP address for L3 port Click “Port configuration”, “vlan interface configuration”, Allocate IP address for L3 port to allocate IP address for L3 port.
Page 133: Port Mirroring Configuration
3.6.7 Port mirroring configuration Click “Port configuration”, “Port mirroring configuration” to enter port mirroring configuration management table to do port mirroring configurations. 3.6.8 Mirror configuration Click Port configuration, Port mirroring configuration, Mirror configuration to configure port mirroring function including configuring mirroring source port and mirroring destination port functions.
Page 134 Click “Port configuration”, “Port debug” and “maintenance”, Show port information to check the statistic information of the receiving/sending data packet information of the port.
Page 135: Chapter 4 Port Channel Configuration
Channel fails, the other ports will undertake traffic of that port through a traffic allocation algorithm. This algorithm is carried out by the hardware. ES3628EA switch offers 2 methods for configuring port aggregation: manual Port Channel creation and LACP (Link Aggregation Control Protocol) dynamic Port Channel...
Page 136: Port Channel Configuration Task List
8 port groups and 8 ports in each port group are supported. Once ports are aggregated, they can be used as a normal port. ES3628EA switch have a built-in aggregation interface configuration mode, the user can perform related configuration in this mode just like in the VLAN and physical port configuration mode.
Page 137: Commands For Port Channel
Command Explanation Interface Mode port-group <port-group-number> mode Adds ports to the port group and sets their {active|passive|on} mode. no port-group <port-group-number> 3. Enter port-channel configuration mode. Command Explanation Global Mode interface port-channel Enters port-channel configuration mode. <port-channel-number> 4.3 Commands for port channel 4.3.1 debug lacp Command: debug lacp no debug lacp...
Page 138: Port-Group Mode
otherwise, the group will be deleted. Parameters: <port-group-number> is the group number of a port channel from 1 to 8, if the group number is already exist, an error message will be given. dst-mac performs load balancing according to destination MAC; src-mac performs load balance according to source MAC;...
Page 139: Interface Port-Channel
both ends are added in “passive” mode, the ports will never aggregate. Example: Under the Port Mode of Ethernet0/0/1, add current port to “port-group 1” in “active” mode. Switch(C onfig-Ethernet0/0/1)#port-group 1 mode active 4.3.4 interface port-channel Command: interface port-channel <port-channel-number> Function: Enters the port channel configuration mode Command mode: Global Mode Usage Guide: On entering aggregated port mode, configuration to GVRP or spanning...
Page 140 Number of port-channels : 0 Max port-channels : 1 Displayed information Explanation Number of ports in group Port number in the port group Maxports Maximum number of ports allowed in a group Number of port-channels Whether aggregated to port channel or not Max port-channels Maximum port channel number can be formed by port group.
Page 141 partner_oper_port_state: _TA___F_ Displayed information Explanation portnumber Port number actor_port_agg_id The channel number to add the port to. If the port cannot be added to the channel due to inconsistent parameters between the port and the channel, 3 will be displayed. partner_oper_sys System ID of the other end.
Page 142 Distributing Defaulted Expired Partner part Administrative Operational system 000000-000000 000000-000000 system priority 0x8000 0x8000 0x0001 0x0001 port number port priority 0x8000 0x8000 port state LACP activity LACP timeout Aggregation Synchronization Collecting Distributing Defaulted Expired Selected Unselected Displayed information Explanation portnumber Port number port priority Port Priority...
Page 143: Port Channel Example
SwitchB Fig 4-2 Configuring Port Channel in LACP Example: The switches in the description below are all ES3628EA switch and as shown in the figure, ports 1, 2, 3, 4 of SwitchA are access ports that belong to vlan1. Add...
Page 144 that also belong to vlan1. Add these four ports to group2 in passive mode. All the ports should be connected with cables (shown as the four connecting lines in the figure) The configuration steps are listed below: SwitchA#config SwitchA (Config)#interface Eth 0/0/1-4 SwitchA (Config-Port-Range)#port-group 1 mode active SwitchA (Config-Port-Range)#exit SwitchA (Config)#interface port-channel 1...
Page 145: Port Channel Troubleshooting
SwitchA#config SwitchA (Config)#interface Eth 0/0/1 SwitchA (Config-Ethernet0/0/1)# port-group 1 mode on SwitchA (Config-Ethernet0/0/1)#exit SwitchA (Config)#interface Eth 0/0/2 SwitchA (Config-Ethernet0/0/2)# port-group 1 mode on SwitchA (Config-Ethernet0/0/2)#exit SwitchA (Config)#interface Eth 0/0/3 SwitchA (Config-Ethernet0/0/3)# port-group 1 mode on SwitchA (Config-Ethernet0/0/3)#exit SwitchA (Config-Ethernet0/0/4)# port-group 1 mode on SwitchA (Config-Ethernet0/0/4)#exit SwitchB#config SwitchB (Config)#port-group 2...
Page 146: Web Management
When port-channel is forced, as the aggregation is triggered manually, the port group will stay unaggregated if aggregation fails due to inconsistent VLAN information. Ports must be added to or removed from the group to trigger another aggregation, if VLAN information inconsistency persists, the aggregation will fail again.
Page 147 Click LACP port configuration to enter configuration page Click Apply button to add port into the group. Display port member Select a group num in port configuration and the information of port member will be shown under the configuration table. Port: name of port member Port mode: active or passive...
Page 148: Chapter 5 Vlan Configuration
By this way, virtual workgroups can be formed regardless of the physical location of the devices. IEEE announced IEEE 802.1Q protocol to direct the standardized VLAN implementation, and the VLAN function of ES3628EA switch is implemented following IEEE 802.1Q.
Page 149: Vlan Configuration Task List
Lowering network cost Enhancing network security VLAN and GVRP (GARP VLAN Registration Protocol) defined by 802.1Q are implemented in ES3628EA switch. The chapter will describe the use and configuration of VLAN and GVRP in details. 5.1.2 VLAN Configuration Task List 1.
Page 150: Commands For Vlan Configuration
Command Explanation Interface Mode Set/delete VLAN allowed to be crossed by Trunk. The “no” switchport trunk allowed vlan {<vlan-list>|all} command restores the default no switchport trunk allowed vlan <vlan-list> setting. switchport trunk native vlan <vlan-id> Set/delete PVID for Trunk port. no switchport trunk native vlan 5.
Page 151 5.1.3.1 vlan Command: vlan <vlan-id>[name <vlan-name>] no vlan <vlan-id>[name] Function: Create a VLAN and enter VLAN configuration mode, and can set VLAN name. In VLAN Mode, the user can assign the switch ports to the VLAN. The “no vlan <vlan-id>“ command deletes specified VLANs. Parameter: <vlan-id>...
Page 152 Example: Set VLAN100、 200、 300 to private vlans, with respectively primary、 Isolated、 Community types. Switch(Config)#vlan 100 Switch(Config-Vlan100)#private-vlan primary Switch(Config-Vlan100)#exit Switch(Config)#vlan 200 Switch(Config-Vlan200)#private-vlan isolated Switch(Config-Vlan200)#exit Switch(Config)#vlan 300 Switch(Config-Vlan300)#private-vlan community Switch(Config-Vlan300)#exit 5.1.3.3 private-vlan association Command: private-vlan association <secondary-vlan-list> no private-vlan association Function: Set Private VLAN association; the “no private-vlan association” command cancels Private VLAN association.
Page 153 Command mode: Admin Mode Usage Guide: If no <vlan-id> or <vlan-name> is specified, then information for all VLANs in the switch will be displayed. Example: Display the status for the current VLAN; display statistics for the current VLAN. Switch#show vlan VLAN Name Type Media...
Page 154 Default: All ports belong to VLAN1 by default. Usage Guide: Only ports in Access mode can join specified VLANs, and an Access port can only join one VLAN at a time. Example: Add some Access port to VLAN100. Switch(Config)#interface ethernet 0/0/8 Switch(Config-Ethernet0/0/8)#switchport mode access Switch(Config-Ethernet0/0/8)#switchport access vlan 100 Switch(Config-Ethernet0/0/8)#exit...
Page 155 Switch(Config)#interface ethernet 0/0/8 Switch(Config-Ethernet0/0/8)#switchport mode access Switch(Config-Ethernet0/0/8)#exit 5.1.3.8 switchport trunk allowed vlan Command: switchport trunk allowed vlan {<vlan-list>|all} no switchport trunk allowed vlan Function: Set trunk port to allow VLAN traffic; the “no switchport trunk allowed vlan” command restores the default setting. Parameter: <vlan-list>...
Page 156: Typical Vlan Application
5.1.3.10 switchport ingress-filtering Command: switchport ingress-filtering no switchport ingress-filtering Function: Enable the VLAN ingress rule for a port; the “no vlan ingress disable” command disables the ingress rule. Command mode: Interface Mode Default: VLAN ingress rules are enabled by default. Usage Guide: When VLAN ingress rules are enabled on the port, when the system receives data it will check source port first, and forwards the data to the destination port if it is a VLAN member port.
Page 157 cross-location requirement can be met if VLAN traffic can be transferred between the two switches. Configuration Configuration description Item VLAN2 Site A and site B switch port 2 -4. VLAN100 Site A and site B switch port 5 -7. VLAN200 Site A and site B switch port 8 -10.
Page 158: Gvrp Configuration
Switch(Config-Ethernet0/0/11)#switchport mode trunk Switch(Config-Ethernet0/0/11)#exit 5.2 GVRP Configuration 5.2.1 Introduction to GVRP GARP (Generic Attribute Registration Protocol) can be used to dynamically distribute, populate and register property information between switch members within a switch network, the property can be VLAN information, Multicast MAC address of the other information.
Page 159: Commands For Gvrp
Command Explanation Interface Mode bridge-ext garp timer join <timer-value> no bridge-ext garp timer join Configure the hold, join bridge-ext garp timer leave <timer-value> and leave timers for GARP. no bridge-ext garp timer leave bridge-ext garp timer hold <timer-value> no bridge-ext garp timer hold Global Mode Configure the leave all bridge-ext garp timer leave all <timer-value>...
Page 160 Switch(Config)#exit 5.2.3.2 debug gvrp Command: debug gvrp no debug gvrp Function: Enable the GVRP debugging function: the “ no debug gvrp” command disables the function. Command mode: Admin Mode Default: GVRP debug information is disabled by default. Usage Guide: Use this command to enable GVRP debugging, GVRP packet processing information can be displayed.
Page 161 Usage Guide: GARP application entity sends a join message after join timer over, other GARP application entities received the join message will register this message. Example: Set the GARP join timer value of port 0/0/10 to 1000 ms. Switch(Config-Ethernet0/0/10)#bridge-ext garp timer join 1000 5.2.3.5 bridge-ext garp timer leave Command:bridge-ext garp timer leave <timer-value>...
Page 162: Typical Gvrp Application
5.2.3.7 show garp timer Command: show garp timer [<interface-name>] Function: Display the global and port information for GARP. Parameter: <interface-nam> stands for the name of the Trunk port to be displayed. Command mode: Admin Mode Usage Guide: N/A. Example: Display global GARP information. Switch #show garp timer 5.2.3.8 show gvrp configuration Command: show gvrp configuration [<interface-name>]...
Page 163 Switch A Switch B Switch C Fig 5-3 Typical GVRP Application Topology To enable dynamic VLAN information register and update among switches, GVRP protocol is to be configured in the switch. Configure GVRP in Switch A, B and C, enable Switch B to learn VLAN100 dynamically so that the two workstation connected to VLAN100 in Switch A and C can communicate with each other through Switch B without static VLAN100 entries.
Page 164: Gvrp Troubleshooting
The GARP counter setting in for Trunk ports in both ends of Trunk link must be the same, otherwise GVRP will not work properly.It is recommended to avoid enabling GVRP and RSTP at the same time in ES3628EA switch. If GVRP is to be enabled, RSTP function for the ports must be disabled first.
Page 165 Dot1q-tunnel is also called QinQ (802.1Q-in-802.1Q), which is an expansion of 802.1Q. Its dominating idea is encapsulating the customer VLAN tag (CVLAN tag) to the service provider VLAN tag (SPVLAN tag). Carrying the two VLAN tags the packet is transmitted through the backbone network of the ISP internet, so to provide a simple layer-2 tunnel for the users.
Page 166: Dot1Q-Tunnel Configuration
Detailed description on the application and configuration of dot1q-tunnel of ES3628EA will be provided in this section 5.3.2 Dot1q-tunnel Configuration 5.3.2.1 Configuration task sequence of Dot1q-tunnel...
Page 167 (referred to as tag) will be packed with a tag when entering through the port; those with tag will be packed with an external tag. The TPID in the tag is 8100 and the VLAN ID is the VLAN ID the port belongs to. Data packets with double tags will be forwarded according to MAC address and external tag, till the external tag is removed when transmitted outside from the access port.
Page 168: Typical Applications Of The Dot1Q-Tunnel
Usage Guide: This command is used for displaying the information of the ports at dot1q-tunnel state. Example: Display current dot1q-tunnel state. Switch#show dot1q-tunnel Interface Ethernet0/0/1: dot1q-tunnel is enable Interface Ethernet0/0/3: dot1q-tunnel is enable 5.3.4 Typical Applications Of The Dot1q-tunnel Scenario Edge switch PE1 and PE2 of the ISP internet forward the VLAN200~300 data between CE1 and CE2 of the client network with VLAN3.
Page 169: Dot1Q-Tunnel Troubleshooting
Switch (Config-Ethernet0/0/1)# exit Switch (Config)#interface ethernet 0/0/10 Switch (Config-Ethernet0/0/10)#switchport mode trunk Switch (Config-Ethernet0/0/10)#dot1q-tunnel tpid 9100 Switch (Config-Ethernet0/0/10)#exit Switch (Config)# PE2: Switch (Config)#vlan 3 Switch (Config-Vlan3)#switchport interface ethernet 0/0/1 Switch (Config-Vlan3)#exit Switch (Config)#interface ethernet 0/0/1 Switch (Config-Ethernet0/0/1)# dot1q-tunnel enable Switch (Config-Ethernet0/0/1)# exit Switch (Config)#interface ethernet 0/0/10 Switch (Config-Ethernet0/0/10)#switchport mode trunk Switch (Config-Ethernet0/0/10)#exit...
Page 170: Dynamic Vlan Configuration
VLAN). Dynamic VLAN supported by the ES3628EA switch includes Protocol-based VLAN only. Detailed description is as follows The VLAN is divided by the network layer protocol, assigning different protocol to different VLANs. This is very attractive to the network administrators who wish to organize the user by applications and services.
Page 171: Dynamic Vlan Troubleshooting
Parameter: Mode is the encapsulate type of the configuration which is ethernetii、llc、 snap;the encapsulate type of the ethernetii is EthernetII;etype-id is the type of the packet protocol, with a valid range of 1536~65535;llc is LLC encapsulate format;dasp-id is the access point of the destination service, the valid range is 0~255;aasp-id is the access point of the source service with a valid range of 0~255;snap is SNAP encapsulate format;etype-id is the type of the packet protocol, the valid range is 1536~65535;vlan-id is the ID of VLAN, the valid range is 1~4094;all indicates all the encapsulate protocols.
Page 172 equipment positively send data packet to the switch (such as ping), to let the switch learn their source MAC, then the two equipment will be able to communicate freely within the dynamic VLAN...
Page 173: Chapter 6 Mac Table Configuration
Chapter 6 MAC Table Configuration 6.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses. Static MAC addresses are manually configured by the user, have the highest priority and are permanently effective (will not be overwritten by dynamic MAC addresses);...
Page 174 The topology of the figure above: 4 PCs connected to ES3628EA switch, where PC1 and PC2 belongs to a same physical segment (same collision domain), the physical segment connects to port 0/0/5 of ES3628EA switch; PC3 and PC4 belongs to the same physical segment that connects to port 0/0/12 of ES3628EA switch.
Page 175: Forward Or Filter
MAC address entry in ES3628EA switch. Aging time can be modified in ES3628EA switch. 6.1.2 Forward or Filter The switch will forward or filter received data frames according to the MAC table. Take the above figure as an example, assuming ES3628EA switch have learnt the MAC address of PC1 and PC3, and the user manually configured the mapping relationship for PC2 and PC4 to ports.
Page 176: Mac Address Table Configuration Task List
switch MAC table, the switch will directly forward the frames to the associated ports; when the destination MAC address in a unicast frame is not found in the MAC table, the switch will broadcast the unicast frame. When VLANs are configured, the switch will forward unicast frame within the same VLAN.
Page 177: Commands For Mac Address Table Configuration
6.3 Commands for MAC address table configuration 6.3.1 mac-address-table Command：mac-address-table static <mac-address> {interface <interface-name >| discard} vlan <vlan-id> mac-address-table static <mac-address> {interface <interface-name >| discard} vlan <vlan-id> Function：Add or modify static address entries and filter address entries. The “no mac-address-table static <mac-address> {interface <interface-name >| discard} vlan <vlan-id>”...
Page 178: Typical Configuration Examples
entry’s interface name Command mode: Admin mode Default: MAC address table is not displayed by default. Usage guide: This command can display various sorts of MAC address entries. Users can also use show mac-address-table to display all the MAC address entries. Example: Display all the filter MAC address entries.
Page 179: Troubleshooting
6.5 Troubleshooting Using the show mac-address-table command, a port is found to be failed to learn the MAC of a device connected to it. Possible reasons: The connected cable is broken. Spanning Tree is enabled and the port is in “discarding” status; or the device is just connected to the port and Spanning Tree is still under calculation, wait until the Spanning Tree calculation finishes, and the port will learn the MAC address.
Page 180 MAC address binding property configuration Enable MAC address binding function for the ports Command Explanation Interface Mode Enable MAC address binding function for the port and lock the port. When a port is locked, the MAC address learning function for the port will be disabled: the port security “no port-security”...
Page 181 Set the violation mode for the port; port-security violation {protect the “no port-security violation” shutdown} command restores default no port-security violation setting. 6.6.1.3 Commands for Mac Address Binding configuration 6.6.1.3.1 clear port-security dynamic Command:clear port-security dynamic[address<mac-addr>|interface <interface-id> ] Function: Clear the Dynamic MAC addresses of the specified port. Command mode: Admin Mode Parameter: <mac-addr>...
Page 182 Function: Converts dynamic secure MAC addresses learned by the port to static secure MAC addresses, and disables the MAC address learning function for the port. Command mode: Interface Mode Usage Guide: The port dynamic MAC convert command can only be executed after the secure port is locked.
Page 183 Example: Set the maximum secure MAC address number for port 1 to 4. Switch(Config)#interface Ethernet 0/0/1 Switch(Config-Ethernet0/0/1)# port-security maximum 4 6.6.1.3.6 port-security timeout Command: port-security timeout <value> no port-security timeout Function: Set the timer for port locking; the “no port-security timeout” command restores the default setting.
Page 184 Command mode: Admin Mode Parameter: <interface-list> stands for the port to be displayed. Usage Guide: This command displays the secure port MAC address information, if no port is specified, secure MAC addresses of all ports are displayed. The following is an example: Switch# show port-security interface Ethernet 0/0/3 Ethernet0/0/3 Security Mac Address Table...
Page 185 Type Secure MAC address type Ports The port that the secure MAC address belongs to Total Addresses Current secure MAC address number in the system. 6.6.1.3.10 show port-security interface Command: show port-security interface <interface-id> Function: display the configuration of secure port. Command mode: Admin Mode Parameter: <interface-list>...
Page 186 6.6.1.4 Binding MAC Address Binding Troubleshooting Enabling MAC address binding for ports may fail in some occasions. Here are some possible causes and solutions: If MAC address binding cannot be enabled for a port, make sure the port is not enabling Spanning tree or port aggregation and is not configured as a Trunk port.
Page 187: Chapter 7 Mstp Configuration
Chapter 7 MSTP Configuration 7.1 MSTP Introduction The MSTP (Multiple STP) is a new spanning-tree protocol which is based on the STP and the RSTP. It runs on all the bridges of a bridged-LAN. It calculates a common and internal spanning tree (CIST) for the bridge-LAN which consists of the bridges running the MSTP, the RSTP and the STP.
Page 188 Fig 7-1 Example of CIST and MST Region In the above network, if the bridges are running the STP other the RSTP, one port between Bridge M and Bridge B should be blocked. But if the bridges in the yellow range run the MSTP and are configured in the same MST region, MSTP will treat this region as a bridge.
Page 189: Port Roles
region to become the CST. The MSTI is only valid within its MST region. An MSTI has nothing to do with MSTIs in other MST regions. The bridges in a MST region receive the MST BPDU of other regions through Boundary Ports. They only process CIST related information and abandon MSTI information.
Page 190 Global Mode spanning-tree mode {mstp|stp} Set MSTP running mode no spanning-tree mode Interface Mode Force port migration to run under MSTP spanning-tree mcheck 2. Configure instance parameters Command Explanation Global Mode spanning-tree mst <instance-id> priority bridge priority specified <bridge-priority> instance spanning-tree <instance-id>...
Page 191 Command Explanation Global Mode Enter MSTP region mode. The “ no spanning-tree mst configuration spanning-tree mst configuration” command restores default no spanning-tree mst configuration setting. MSTP region mode instance <instance-id> vlan <vlan-list> Create Instance and set mapping instance <instance-id> [vlan between VLAN and Instance <vlan-list>] name <name>...
Page 192 Command Explanation Interface Mode spanning-tree link-type Set the port link type {auto|force-true|force-false} no spanning-tree link-type spanning-tree portfast Set the port to be an boundary port no spanning-tree portfast 6. Configure the format of MSTP Command Explanation Interface Mode Configure format port spanning-tree packet ，...
Page 193: Commands For Mstp
Command Explanation Global Mode Enable: the spanning-tree flush once the topology changes. Disable:the spanning tree don’t flush spanning-tree tcflush enable when the topology changes. spanning-tree tcflush disable Protect: spanning-tree flush spanning-tree tcflush protect every ten seconds no spanning-tree tcflush “no spanning-tree tcflush”...
Page 194: Instance Vlan
to global mode. Command mode: MSTP Region Mode Usage Guide: This command is to quit MSTP region mode with saving the current configuration. Example: Quit MSTP region mode with saving the current configuration. Switch(Config-Mstp-Region)#exit Switch(Config)# 7.3.3 instance vlan Command: instance <instance-id> vlan <vlan-list> no instance <instance-id>...
Page 195: Revision-Level
restores the default setting. Parameter: <name> is the MSTP region name. The length of the name should less than 32 characters. Command mode: MSTP Region Mode Default: Default MSTP region name is the MAC address of this bridge. Usage Guide: This command is to set MSTP region name. The bridges with same MSTP region name and same other attributes are considered in the same MSTP region.
Page 196: Spanning-Tree Format
Switch(Config)#spanning-tree Switch(Config)#interface Ethernet 0/0/2 Switch(Config-Ethernet0/0/2)#no spanning-tree 7.3.7 spanning-tree format Command:spanning-tree format standard | privacy | auto no spanning-tree format Function:Configure the format of the port packet so to be interactive with products of other companies. Parameter：standard：The packet format provided by IEEE privacy：Privacy packet format, which is compatible with CISCO equipments.
Page 197: Spanning-Tree Forward-Time
7.3.8 spanning-tree forward-time Command: spanning-tree forward-time <time> no spanning-tree forward-time Function: Set the switch forward delay time; The command “no spanning-tree forward-time” restores the default setting. Parameter: <time> is forward delay time in seconds. The valid range is from 4 to 30. Command mode: Global Mode Default: The forward delay time is 15 seconds by default.
Page 198: Spanning-Tree Maxage
no spanning-tree link-type Function: Set the link type of the current port; The command “no spanning-tree link-type” restores link type to auto-negotiation. Parameter: auto sets auto-negotiation, force-true forces the link as point-to-point type, force-false forces the link as non point-to-point type. Command mode: Interface Mode Default: The link type is auto by default, The MSTP detects the link type automatically.
Page 199: Spanning-Tree Mcheck
Default: The max hop is 20 by default. Usage Guide: The MSTP uses max-age to count BPDU lifetime. In addition, MSTP also uses max-hop to count BPDU lifetime. The max-hop is degressive in the network. The BPDU has the max value when it initiates from MSTI root bridge. Once the BPDU is received, the value of the max-hop is reduced by 1.
Page 200: Spanning-Tree Mst Configuration
7.3.15 spanning-tree mst configuration Command: spanning-tree mst configuration no spanning-tree mst configuration Function: Enter the MSTP mode. Under the MSTP mode, the MSTP attributes can be set. The command “no spanning-tree mst configuration” restores the attributes of the MSTP to their default values. Command mode: Global Mode Default: The default values of the attributes of the MSTP region are listed as below: Attribute of MSTP...
Page 201: Spanning-Tree Mst Port-Priority
Port Type Allowed Number Default Port Cost Aggregation Ports 10Mbps 2000000/N 100Mbps 200000/N 1Gbps 20000/N Usage Guide: By setting the port cost, users can control the cost from the current port to the root bridge in order to control the elections of root port and the designated port of the instance.
Page 202: Spanning-Tree Portfast
Command mode: Global Mode Default: The default bridge priority is 32768. Usage Guide: By setting the bridge priority, users can change the bridge ID for the specified instance. And the bridge ID can influence the elections of root bridge and designated port for the specified instance.
Page 203: Spanning-Tree Tcflush (Global Mode)
command may cause recognizing the equipment that with different instance and VLAN relation as in the same region. Before the command is executed, make sure that instance and VLAN relation is accord for all the equipment. If there are more than one equipment connected , all the connected ports should executed this command.
Page 204: Mstp Example
Function: Configure the spanning-tree flush mode for port once the topology changes . “no spanning-tree tcflush” restores to default setting Parameter: Enable:the spanning-tree flush once the topology changes. Disable:the spanning tree don’t flush when the topology changes. Protect: the spanning-tree flush every ten seconds Default: Global configuration Command mode: Interface mode Usage Guide: According to MSTP , when topology changes, the port that send change...
Page 205 run in the MSTP mode by default, their bridge priority, port priority and port route cost are all in the default values (equal). The default configuration for switches is listed below: Bridge Name SwitchA SwitchB SwitchC SwitchD Bridge MAC …00-00-01 …00-00-02 …00-00-03 …00-00-04...
Page 206 SwitchB: SwitchB(Config)#vlan 20 SwitchB(Config-Vlan20)#exit SwitchB(Config)#vlan 30 SwitchB(Config-Vlan30)#exit SwitchB(Config)#vlan 40 SwitchB(Config-Vlan40)#exit SwitchB(Config)#vlan 50 SwitchB(Config-Vlan50)#exit SwitchB(Config)#spanning-tree mst configuration SwitchB(Config-Mstp-Region)#description mstp SwitchB(Config-Mstp-Region)#instance 3 vlan 20;30 SwitchB(Config-Mstp-Region)#instance 4 vlan 40;50 SwitchB(Config-Mstp-Region)#exit SwitchB(Config)#interface E0/0/1-7 SwitchB(Config-Port-Range)#switchport mode trunk SwitchB(Config-Port-Range)#exit SwitchB(Config)#spanning-tree SwitchC: SwitchC(Config)#vlan 20 SwitchC(Config-Vlan20)#exit SwitchC(Config)#vlan 30 SwitchC(Config-Vlan30)#exit SwitchC(Config)#vlan 40 SwitchC(Config-Vlan40)#exit...
Page 207 SwitchC(Config)#spanning-tree mst 3 priority 0 SwitchD: SwitchD(Config)#vlan 20 SwitchD(Config-Vlan20)#exit SwitchD(Config)#vlan 30 SwitchD(Config-Vlan30)#exit SwitchD(Config)#vlan 40 SwitchD(Config-Vlan40)#exit SwitchD(Config)#vlan 50 SwitchD(Config-Vlan50)#exit SwitchD(Config)#spanning-tree mst configuration SwitchD(Config-Mstp-Region)#description mstp SwitchD(Config-Mstp-Region)#instance 3 vlan 20;30 SwitchD(Config-Mstp-Region)#instance 4 vlan 40;50 SwitchD(Config-Mstp-Region)#exit SwitchD(Config)#interface E0/0/1-7 SwitchD(Config-Port-Range)#switchport mode trunk SwitchD(Config-Port-Range)#exit SwitchD(Config)#spanning-tree SwitchD(Config)#spanning-tree mst 4 priority 0 After the above configuration, SwitchA is the root bridge of the instance 0 of the entire network.
Page 208 SwitchA SwitchB SwitchC SwitchD Fig 7-3 The Topology Of the Instance 0 after the MSTP Calculation SwitchB SwitchC SwitchD Fig 7-4 The Topology Of the Instance 3 after the MSTP Calculation SwitchB SwitchC SwitchD Fig 7-5 The Topology Of the Instance 4 after the MSTP Calculation...
Page 209: Mstp Troubleshooting
7.5 MSTP Troubleshooting In order to run the MSTP on the switch port, the MSTP has to be enabled globally. If the MSTP is not enabled globally, it can’t be enabled on the port. The MSTP parameters co work with each other, so the parameters should meet the following conditions.
Page 210 Ext.RootPathCost : 200000 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID : 128.1 Current port list in Instance 0: Ethernet0/0/1 Ethernet0/0/2 (Total 2) PortName ExtRPC IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --------- --- ---- ------------------ ------- Ethernet0/0/1 128.001 0 FWD ROOT 16384.00030f010f52...
Page 211 Version of STP Force Version Instance Information The priority and the MAC address of the current bridge for Self Bridge Id current instance The priority and the MAC address of the root bridge for the Root Id current instance Total cost from the current bridge to the root of the entire Ext.RootPathCost network Cost from the current bridge to the region root of the current...
Page 212 1-29, 31-39, 41-4094 ---------------------------------- 7.5.1.3 show mst-pending Command: show mst-pending Function: In the MSTP region mode, display the configuration of the current MSTP region. Command mode: MSTP Region Mode Usage Guide: In the MSTP region mode, display the configuration of the current MSTP region such as MSTP name, revision, VLAN and instance mapping.
Page 213: Web Management
Example: Enable to receive the debugging information of BPDU messages on the port 0/0/1 Switch#debug spanning-tree Switch#debug spanning-tree bpdu rx interface E0/0/1 7.6 Web Management Click “MSTP control” to enter MSTP control configuration mode to manage MSTP features for the switch. 7.6.1 MSTP field operation Click “MSTP control”...
Page 214: Mstp Port Operation
Set the revision level to 2000. 7.6.2 MSTP port operation 7.6.2.1 Edge port setting Click “MSTP control” to enter MSTP field operation, then "PortFast Config". Set the port to be an edge port Configure port 0/0/5 to be edge ports. 7.6.2.2 Port priority setting Click “MSTP control”...
Page 215: Mstp Global Control
7.6.2.5 Link type configuration Click “MSTP control” to enter MSTP port operation, then "Link_Type Config". Set the link type of the current port. Set the link of port 0/0/7 to be forced point-to-point type. 7.6.2.6 MSTP port configuration Click “MSTP control” to enter MSTP port operation, then "MSTP Agreement Port Config". Run the command to enable MSTP under the switch port configuration mode.
Page 216: Show Mstp Setting
7.6.3.3 Hello_time configuration Click “MSTP control” to enter MSTP Global control, then "Hello_time Config". Set the Hello time for the switch. Set MSTP Hello time to 5 seconds in Global Mode. 7.6.3.4 Set the max age time for BPDU information in the switch Click “MSTP control”, MSTP Global Control, then enter the switch BPDU message "Max Age Time Config".
Page 217 Click MSTPL control, “show MSTP settings”, enter "Instance Information". Display MSTP and instances information. Display Instance0 MSTP information. 7.6.4.2 MSTP field information Click “MSTP control”, “show MSTP setting”, enter "MSTP Field Information". Display effective MSTP field parameter configurations.
Page 218: Chapter 8 Qos Configuration
Chapter 8 QoS Configuration 8.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.
Page 219: Qos Implementation
DSCP: Differentiated Services Code Point, classification information carried in Layer 3 IP packet header, occupying 6 bits, in the range of 0 to 63, and is downward compatible with IP Precedence. Classification: The entry action of QoS, classifying packet traffic according to the classification information carried in the packet and ACLs.
Page 220: Basic Qos Model
If devices of each hop in a network support differentiated service, an end-to-end QoS solution can be created. QoS configuration is flexible, the complexity or simplicity depends on the network topology and devices and analysis to incoming/outgoing traffic. 8.1.3 Basic QoS Model The basic QoS consists of five parts: Classification, Policing, Remark, Queuing and Scheduling, where classification, policing and remark are sequential ingress actions, and Queuing and Scheduling are QoS egress actions.
Page 221 Fig 8-4 Classification process Policing and remark: Each packet in classified ingress traffic is assigned an internal DSCP value and can be policed and remarked. Policing can be performed based on DSCP value to configure different policies that allocate bandwidth to classified traffic. If the traffic exceeds the bandwidth set in the policy (out of profile), the out of profile traffic can be allowed, discarded or remarked.
Page 222 Fig 8-5 Policing and Remarking process Queuing and scheduling: Packets at the egress will re-map the internal DSCP value to CoS value, the queuing operation assigns packets to appropriate queues of priority according to the CoS value; while the scheduling operation performs packet forwarding according to the prioritized queue weight.
Page 223: Qos Configuration Task List
Fig 8-6 Queuing and Scheduling process 8.2 QoS Configuration Task List 1． Enable QoS QoS can be enabled or disabled in Global Mode. QoS must be enabled first in Global Mode to configure the other QoS commands. 2． Configure class map. Set up a classification rule according to ACL, VLAN ID, IP Precedence or DSCP to classify the data stream.
Page 224 different policies. 3． Configure a policy map. After data steam classification, a policy map can be created to associate with the class map created earlier and enter class mode. Then different policies (such as bandwidth limit, priority degrading, assigning new DSCP value) can be applied to different data streams.
Page 225 map mode; the “no policy-map no policy-map <policy-map-name> command <policy-map-name>” deletes the specified policy map. After a policy map is created, it can be class <class-map-name> associated to a class. Different policy no class <class-map-name> or new DSCP value can be applied to different data streams in class mode;...
Page 226 Interface Mode Configure port trust; the “no mls qos trust [cos trust” command disables the current [pass-through-dscp]|dscp trust status of the port. [pass-through-cos]|ip-precedence [pass-through cos]|port priority <cos>] no mls qos trust Configure the default CoS value of the mls qos cos {<default-cos> } port;...
Page 227: Commands For Qos
Command Explanation Global Mode Set CoS to DSCP mapping, DSCP to mls qos map {cos-dscp <dscp1...dscp8> | mapping, DSCP DSCP dscp-cos <dscp-list> <cos> mutation mapping, IP precedence to dscp-mutation DSCP and policed DSCP mapping; <dscp-mutation-name> <in-dscp> the “no mls qos map {cos-dscp | <out-dscp>...
Page 228: Match
Function: Creates a class map and enters class map mode; the “no class-map <class-map-name>“ command deletes the specified class map. Parameters: <class-map-name> is the class map name. Default: No class map is configured by default. Command mode: Global Mode Usage Guide: Example: Creating and then deleting a class map named “c1”.
Page 229: Set
Switch(config-ClassMap)#match ip precedence 0 1 Switch(config-ClassMap)#exit 8.3.4 set Command: set {ip dscp <new-dscp> | ip precedence <new-precedence>|ipv6 dscp <new-dscp> | ipv6 flowlabel <new-flowlabel|cos<new cos>>} no set {ip dscp | ip precedence|ipv6 dscp | ipv6 flowlabel |cos<new cos>} Function: Assign a new DSCP, IP Precedence, IPv6 DSCP or IPv6 FL for the classified traffic;...
Page 230: Mls Qos Aggregate-Policer
Command: mls qos cos {<default-cos> } no mls qos cos Function: Configures the default CoS value of the port; the “no mls qos cos” command restores the default setting. Parameters: < default-cos> is the default CoS value for the port, the valid range is 0 to Default: The default CoS value is 0.
Page 231: Mls Qos Trust
Switch(Config)#mls qos aggregate-policer agg1 20000 2000 exceed-action drop 8.3.8 mls qos trust Command:mls qos trust [cos [pass-through-dscp]|dscp [pass-through-cos]| ip-precedence [pass-through-cos] |port priority <cos>] [no] mls qos trust Function: Configures port trust; the “no mls qos trust” command disables the current trust status of the port.
Page 232: Mls Qos Map
trust status of that port must be “trust DSCP”. Applying DSCP mutation mapping allows DSCP values specified directly to be converted into new DSCP values without class and policy process. DSCP mutation mapping is effective to the local port only. The “trust DSCP”...
Page 233: Police
DSCP values containing up to 8 DSCP values, <mark-down-dscp> are DSCP value after mark down. Default: Default mapping values are: Default CoS-to-DSCP Map CoS Value 16 24 32 40 48 56 DSCP Value Default DSCP-to-CoS Map 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63 DSCP Value CoS Value Default IP-Precedence-to-DSCP Map...
Page 234: Police Aggregate
setting exceeds the actual speed of the port, the policy map applying this policy will not bind to switch ports. Example: Setting the bandwidth for packets that matching c1 class rule to 20 Mbps, with a burst value of 2 MB, all packets exceed this bandwidth setting will be dropped. Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#class c1 Switch(Config-Policy-Class)#police 20000 2000 exceed-action drop...
Page 235: Queue Mode
Example: Creating and deleting a policy map named “p1”. Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#exit Switch(Config)#no policy-map p1 8.3.14 queue mode Command: queue mode {strict|wrr} Function:Configure the queue out mode. Parameter: strict configure queue out method to strict priority-queue method; wrr restores the default wrr queue out method. Default: wrr out queue mode Command mode: Interface Mode Usage Guide: When priority-queue queue out mode is used, packets are no longer sent...
Page 236: Queue Bandwidth
8.3.16 queue bandwidth Command: queue bandwidth <weight1 weight2 weight3 weight4 > no queue bandwidth Function: Sets the WRR weight for specified egress queue; the “no queue bandwidth” command restores the default setting. Parameters: <weight1 weight2 weight3 weight4 > are WRR weights, ranging from 0 to 100.
Page 237 Enable QoS function, change the queue out weight of port Ethernet 0/0/1 to 1:2:4:8, and set the port in trust QoS mode without changing DSCP value, and set the default QoS value of the port to 5. The configuration steps are listed below: SWITCH # CONFIG Switch(Config)#mls qos Switch(Config)#interface Ethernet 0/0/1...
Page 238 An ACL name 1 is set to matching segment 192.168.1.0. Enable QoS globally, create a class map named c1, matching ACL1 in class map; create another policy map named p1 and refer to c1 in p1, set appropriate policies to limit bandwidth and burst value.
Page 239: Qos Troubleshooting
queues and get different bandwidth. The configuration steps are listed below: QoS configuration in SwitchA: SWITCH#CONFIG Switch(Config)#access-list 1 permit 192.168.1.0 0.0.0.255 Switch(Config)#mls qos Switch(Config)#class-map c1 Switch(Config-ClassMap)#match access-group 1 Switch(Config-ClassMap)# exit Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#set ip precedence 5 Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit Switch(Config)#interface Ethernet 0/0/1 Switch(Config-Ethernet0/0/1)#service-policy input p1 QoS configuration in SwitchB:...
Page 240: Commands For Monitor And Debug
8.5.1 Commands for Monitor And Debug 8.5.1.1 show class-map Command: show class-map [<class-map-name>] Function: Displays class map of QoS. Parameters: < class-map-name> is the class map name. Default: N/A. Command mode: Admin Mode Usage Guide: Displays all configured class-map or specified class-map information. Example: Switch # show class-map Class map name:c1...
Page 241 Function: Displays policy set configuration information for QoS. Parameters: <aggregate-policer-name> is the policy set name. Default: N/A. Command mode: Admin Mode Usage Guide: Example: Switch #show mls qos aggregate-policer policer1 aggregate-policer policer1 80000 80 exceed-action drop Not used by any policy map Displayed information Explanation aggregate-policer...
Page 242 Attached policy-map for Ingress: p1 Policy name bound to port. Switch # show mls qos interface buffers Ethernet 0/0/2 Ethernet0/0/2 packet number of 4 queue: 0x200 0x200 0x200 0x200 Displayed information Explanation packet number of 8 queue: Available packet number for all 4 0x200 0x200 0x200 0x200 queues out on the port, this is a fixed...
Page 243 8.5.1.5 show mls qos maps Command: show mls qos maps [cos-dscp | dscp-cos | dscp-mutation <dscp-mutation-name> | ip-prec-dscp | policed-dscp] Function: Displays mapping configuration information for QoS. Parameters: cos-dscp CoS for CoS-DSCP; dscp-cos DSCP for DSCP-CoS, DSCP-DSCP mutation, dscp-mutation <dscp-mutation-name> name mutation;...
Page 244 8.5.1.6 show mls-qos Command: show mls-qos Function: Displays global configuration information for QoS. Parameters: N/A. Default: N/A. Command mode: Admin Mode Usage Guide: This command indicates whether QoS is enabled or not. Example: Switch #show mls-qos Qos is enabled Displayed information Explanation Qos is enabled QoS is enabled.
Page 245: Chapter 9 L3 Forward Configuration
9.1 Layer 3 Interface 9.1.1 Introduction to Layer 3 Interface Layer 3 interface can be created on ES3628EA switch. The Layer 3 interface is not a physical interface but a virtual interface. Layer 3 interface is built on VLANs. The Layer 3 interface can contain one or more layer2 interfaces which belongs to the same VLAN, or no layer2 interfaces.
Page 246: Commands For Layer 3 Interface
Command Explanation Global Mode Creates a VLAN interface (VLAN interface is a Layer 3 interface); the “no interface interface vlan <vlan-id> vlan <vlan-id>” command deletes the no interface vlan <vlan-id> VLAN interface (Layer 3 interface) created in the switch. 9.1.3 Commands for Layer 3 Interface 9.1.3.1 interface vlan Command:interface vlan <vlan-id>...
Page 247 and Internet application services continue boosting, IPv4 has shown its deficiency when facing the present scale and complexity of Internet. IPv6 refers to the sixth version of Internet protocol which is the next generation Internet protocol designed by IETF to replace the current Internet protocol version 4 (IPv4).
Page 248 IPv4 broadcast in the sense of function. Multicast not only saves network bandwidth, but enhances network efficiency as well. Note: ES3628EA implements IPv6 via software, and CPU forwards IPv6 packed. Its performance of IPv6 should be low, and only be used for...
Page 249: Ip Configuration
9.2.2 IP Configuration It can configure three-layer interface as IPv4 interface or IPv6 interface. 9.2.2.1 IPv4 Address Configuration Configure the IPv4 address of three-layer interface Command Explanation Interface Mode Configure IP address of VLAN interface; the no ip address ip address <ip-address> <mask> [secondary] [<ip-address>...
Page 250 1. IPv6 basic configuration Globally enable IPv6 （1） Configure interface IPv6 address （2） Configure IPv6 static routing （3） 2. IPv6 Neighbor Discovery Configuration Configure DAD neighbor query message number （1） Configure send neighbor query message interval （2） Enable and forbid router announce （3）...
Page 251 Configure IPv6 address, including aggregatable global unicast addresses, local site addresses local link ipv6 address <ipv6-address/prefix-length> addresses. [eui-64] ipv6 no ipv6 address <ipv6-address/prefix-length> address <ipv6-address/prefix-length> command cancels IPv6 address. (3). Set IPv6 Static Routing Command Description Global mode [no] ipv6 route <iPv6-prefix/prefix-length> Configure IPv6 static routing.
Page 252 Interface Configuration Mode Configure Router Announce Lifespan. The NO command resumes default value (1800 [no] ipv6 nd ra-lifetime <seconds> seconds). （5）Configure Router Announce Minimum Interval Command Description Interface Configuration Mode Configure the minimum interval for router [no] ipv6 nd min-ra-interval announce.
Page 253 Command Admin Mode Global mode Create a tunnel. The NO command deletes a [no] interface tunnel <tnl-id> tunnel. （2）Configure tunnel source Command Admin Mode Tunnel Configuration Mode Configure tunnel source end IPv4 address. [no] tunnel source The NO command deletes the IPv4 address <ipv4-daddress>...
Page 254 [no] ipv6 route Configure tunnel routing. The NO command <ipv6-address/prefix-length> clears tunnel routing. {<interface-type interface-number> | tunnel <tnl-id>} 9.2.2.4 Commands For IPv6 Configuration 9.2.2.4.1 ipv6 enable Command：[no] ipv6 enable Function：This command enables functions such as Unicast IPv6 Data Packet Transmit, Neighbor Discover, Router Bulletin and Routing Protocol, etc.
Page 255 9.2.2.4.3 ipv6 route Command：[no] ipv6 route <ipv6-prefix/prefix-length> {<ipv6-address> |<interface-type interface-number>|{<ipv6-address> <interface-type interface-number>}|tunnel <tunnel no> }} [<precedence>] Function：Set IPv6 static router Parameters：Parameter <ipv6-prefix> is the destination address of IPv6 network static router, parameter length IPv6 prefix, parameter <prefix-length> <ipv6-address> is the next hop IPv6 address of the reachable network, parameter <interface-type interface-number>...
Page 256 Address Check to be sent, value being 0 means no Repeat Address Check is executed. Example：The Neighbor Request Message number sent in succession by interface when setting Repeat Address Check is 3.. Switch(Config-if-Vlan1)# ipv6 nd dad attempts 3 9.2.2.4.5 ipv6 nd ns-interval Command：ipv6 nd ns-interval <seconds>...
Page 257 otherwise the value should not be smaller than the maximum time interval of sending router announcement. If no configuration is made, this value is equal to 3 times of the maximum time interval of sending routing announcement. Example：Set the lifetime of routing announcement is 100 seconds. Switch (Config-if-Vlan1)#ipv6 nd ra-lifetime 100 9.2.2.4.8 ipv6 nd min-ra-interval Command：ipv6 nd min-ra-interval <seconds>...
Page 258 Function：Configure the address prefix and relative parameters for router announcement. Parameter： Parameter < ipv6-prefix> is the address prefix of the specified announcement, parameter < prefix-length> is the length of the address prefix of the specified announcement, parameter < valid-lifetime> is the valid lifetime of the prefix, parameter <...
Page 259 value of preferred-lifetime is 604800 seconds (7 days). off-link is off by default, no-autoconfig is off by default. Usage Guide：This command allows controlling the router announcement parameters of every IPv6 prefix. Note that valid lifetime and preferred lifetime must be configured simultaneously.
Page 260 9.2.2.4.14 ping6 Command：ping6 [ipv6-address] Function：Validate the reachability of the network. Parameter：Parameter ipv6-address is destination IPv6 address. Default：None Command Mode：Admin Mode Usage Guide：ping6 being followed by IPv6 address is the default situation, ping6 function can make settings for parameters of ping packets based on user choice. When ipv6-address is local link address, it is required to specify port number.
Page 261 Usage Guide：None Example：Configure tunnel source IPv4 address 202.89.176.6 Switch {Config-if-Tunnel1}#tunnel source 202.89.176.6 9.2.2.4.16 tunnel destination Command： [no] tunnel destination <ipv4-daddress> Function：Configure tunnel destination. Parameter：<ipv4-daddress> is the ipv4 address of tunnel destination Command Mode： Tunnel Configuration Mode Default Situation：None Usage Guide： None Example：Configure tunnel destination 203.78.120.5 Switch {Config-if-Tunnel1}#tunnel destination 203.78.120.5 9.2.2.4.17 tunnel nexthop...
Page 262: Ip Configuration Examples
Parameter：None Command Mode：Tunnel Configuration Mode Default：None Usage Guide：In configuring tunnel mode, only specifying ipv6ip indicates configuring tunnel. Ipv6ip 6to4 indicates it is 6to4 tunnel, ipv6ip isatap indicates it is ISATAP tunnel. Example：Configure tunnel mode 1、Switch {Config-if-Tunnel1}#tunnel mode ipv6ip 2、Switch {Config-if-Tunnel1}#tunnel mode ipv6ip 6to4 3、Switch {Config-if-Tunnel1}#tunnel mode ipv6ip isatap 9.2.2.4.20 clear ipv6 neighbor Command：clear ipv6 neighbors...
Page 263 1、 Configure two vlans on SwitchA, namely, vlan1 and vlan2. 2、 Configure IPv6 address 192.168.1.1 255.255.255.0 in vlan1 of SwitchA, and configure IPv4 address 192.168.2.1 255.255.255.0 in vlan2. 3、 Configure two vlans on SwitchB, respectively vlan2 and vlan3 4、 Configure IPv4 address 192.168.2.2 255.255.255.0 in vlan2 of SwitchB, and configure IPv4 address 192.168.3.1 255.255.255.0 in vlan2.
Page 264 SwitchB PC-A PC-B SwitchA Fig 9-2 IPv6 configuration example The user’s configuration requirements are: Configure IPv6 address of different network segments on SwitchA and SwitchB, configure static routing and validate reachability using ping6 function. Configuration Description: 1、 Configure two vlans on SwitchA, namely, vlan1 and vlan2. 2、...
Page 265 SwitchB(Config-if-Vlan2)#ipv6 address 2002::1/64 SwitchB(Config)#interface vlan 3 SwitchB(Config-if-Vlan3)#ipv6 address 2003::1/64 SwitchB(Config-if-Vlan3)#exit SwitchB(Config)#ipv6 route 2001::33/64 2002::1 SwitchA#ping6 2003::33 Configuration results: SwitchA#show run interface Vlan1 ipv6 address 2001::1/64 interface Vlan2 ipv6 address 2002::2/64 interface Loopback mtu 3924 ipv6 route 2003::/64 2002::2 no login SwitchB#show run interface Vlan2 ipv6 address 2002::2/64...
Page 266 Example 2: SwitchC SwithA SwitchB PC-A PC-B Fig 9-3 IPv6 tunnel This case is IPv6 tunnel with the following user configuration requirements: SwitchA and SwitchB are tunnel nodes, dual-stack is supported. SwitchC only runs IPv4, PC-A and PC-B communicate. Configuration Description: 1、...
Page 267: Ip Troubleshooting
SwitchA(Config-if-Vlan1)#exit SwitchA(config)# interface tunnel 1 SwitchA(Config-if-Tunnel1)#tunnel source 202.202.202.1 SwitchA(Config-if-Tunnel1)#tunnel destination 203.203.203.1 SwitchA(Config-if-Tunnel1)#tunnel mode ipv6ip SwitchA(config)#ipv6 route ::/0 tunnel1 SwitchB(config)#ipv6 enable SwitchB(Config-if-Vlan4)#ipv6 address 2002:cbcb:cb01::2/64 SwitchB(Config-if-Vlan4)#no ipv6 nd suppress-ra SwitchB (Config-if-Vlan3)#interface vlan 3 SwitchB (Config-if-Vlan2)#ipv4 address 203.203.203.1 255.255.255.0 SwitchB (Config-if-Vlan1)#exit SwitchB(Config)#interface tunnel 1 SwitchB(Config-if-Tunnel1)#tunnel source 203.203.203.1 SwitchB(Config-if-Tunnel1)#tunnel destination 202.202.202.1 SwitchB(Config-if-Tunnel1)#tunnel mode ipv6ip...
Page 268 IP statistics: Rcvd: 128 total, 128 local destination 0 header errors, 0 address errors 0 unknown protocol, 0 discards Frags: 0 reassembled, 0 timeouts 0 fragment rcvd, 0 fragment dropped 0 fragmented, 0 couldn't fragment, 0 fragment sent Sent: 0 generated, 0 forwarded 0 dropped, 0 no route ICMP statistics: Rcvd: 0 total 0 errors 0 time exceeded...
Page 269 Frags： 0 reassembled, 0 timeouts Fragmentation statistics: number of 0 fragment rcvd, 0 fragment dropped packets reassembled, timeouts, 0 fragmented, 0 couldn't fragment, 0 fragments received, fragments fragment sent discarded, packets that cannot be fragmented, number of fragments sent, etc. Sent：...
Page 270 Switch# Switch# Switch# Switch#%Apr 19 15:56:33 2005 IP PACKET: rcvd, src 192.168.2.100, dst 192.168.2.1 , size 60, Ethernet0 9.2.4.1.3 debug ipv6 packet Command：[no] debug ipv6 packet Function：IPv6 data packets receive/send debug message. Parameter：None Default：None Command Mode：Admin Mode Usage Guide： Example： Switch#debug ipv6 packet IPv6 PACKET: rcvd, src <fe80::203:fff:fe01:2786>, dst <fe80::1>, size <64>, proto <58>, from Vlan1...
Page 271 Dst <2003::20a:ebff:fe26:8a49> Destination IPv6 address from Vlan1 Layer 3 port being sent 9.2.4.1.5 debug ipv6 nd Command：[no] debug ipv6 nd Function：ND data packets receive/send debug message. Parameter：None Default：None Command Mode：Admin Mode Example： Switch#debug ipv6 nd IPv6 ND: rcvd, type <136>, src <fe80::203:fff:fe01:2786>, dst <fe80::203:fff:fe01:59ba> Displayed information Explanation IPv6 ND: rcvd...
Page 272 Parameter：Parameter brief is the brief summarization of IPv6 status and configuration, and parameter interface-name is Layer 3 interface name. Default：None Command Mode：Admin Mode Usage Guide：If only brief is specified, then information of all three layers is displayed, and you can also specify a specific Layer 3 interface. Example：...
Page 273 Displayed information Explanation Vlan1 Layer 3 interface name [up/up] Layer 3 interface status dev index Internal index No. fe80::203:fff:fe00:10 Automatically configured IPv6 address of Layer 3 interface 3001::1 Configured IPv6 address of Layer 3 interface 9.2.4.1.8 show ipv6 route Command：show ipv6 route [<destination>|<destination >/<length>| database| fib [local]| nsm [connected | static | rip| ospf | bgp | isis| kernel| database]|statistics [vrf <vrfnum>]] Function：Display IPv6 routing table...
Page 274 3ffe:501:ffff:1::/64 via ::, Vlan4 3ffe:501:ffff:100::/64 via ::, Vlan5 1024 3ffe:3240:800d:1::/64 via ::, Vlan1 1024 3ffe:3240:800d:2::/64 via ::, Vlan2 1024 3ffe:3240:800d:10::/64 via ::, Vlan12 1024 3ffe:3240:800d:20::/64 via fe80::20c:ceff:fe13:eac1, Vlan12 1024 fe80::/64 via ::, Vlan1 fe80::5efe:0:0/96 via ::, tunnel26 ff00::/8 via ::, Vlan1 Displayed information Explanation...
Page 275 3ffe:3240:800d:1::8888 00-02-01-00-00-00 Vlan1 permanent 3ffe:3240:800d:1:250:baff:fef2:a4f4 00-50-ba-f2-a4-f4 Vlan1 reachable 3ffe:3240:800d:2::8888 00-02-01-00-01-01 Vlan2 permanent 3ffe:3240:800d:2:203:fff:fefe:3045 00-03-0f-fe-30-45 Vlan2 reachable fe80::203:fff:fe01:2786 00-03-0f-01-27-86 Vlan1 reachable fe80::203:fff:fefe:3045 00-03-0f-fe-30-45 Vlan2 reachable fe80::20c:ceff:fe13:eac1 00-0c-ce-13-ea-c1 Vlan12 reachable fe80::250:baff:fef2:a4f4 00-50-ba-f2-a4-f4 Vlan1 reachable IPv6 neighbour table: 11 entries Displayed information Explanation IPv6 Address Neighbor IPv6 address Link-layer Addr.
Page 276 0 fragmented, 0 couldn't fragment, 0 fragment sent Sent: 110 generated, 0 forwarded 0 dropped, 0 no route ICMP statistics: Rcvd: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies Displayed information Explanation IP statistics IPv6 data report statistics Rcvd:...
Page 277: Ip Forwarding
Gateway devices can forward IP packets from one subnet to another; such forwarding uses routes to find a path. IP forwarding of ES3628EA switch is done with the participation of hardware, and can achieve wire speed forwarding . In addition, flexible management is provided to adjust and monitor forwarding.
Page 278: Arp
9.4.1 Introduction to ARP ARP (Address Resolution Protocol) is mainly used to resolve IP address to Ethernet MAC address. ES3628EA switch supports both dynamic ARP and static ARP configuration. Furthermore, ES3628EA switch supports the configuration of proxy ARP for some applications. For instance, when an ARP request is received on the port,...
Page 279: Commands For Arp Configuration
Command Explanation Configures a static ARP entry; the “no arp <ip_address> <mac_address> <ip_address>” command deletes a static {[ethernet] <portName>} ARP entry. no arp <ip_address> 2. Configure proxy ARP Command Explanation Enables the proxy ARP function for ip proxy-arp Ethernet ports: the “no ip proxy-arp” no ip proxy-arp command disables the proxy ARP.
Page 280 Example： Switch#clear arp-cache 9.4.3.3 ip proxy-arp Command: ip proxy-arp no ip proxy-arp Function: Enables proxy ARP for VLAN interface; the “no ip proxy-arp” command disables proxy ARP. Default: Proxy ARP is disabled by default. Command mode: Interface Mode Usage Guide: When an ARP request is received on the layer 3 interface, requesting an IP address in the same IP segment of the interface but not the same physical network, and the proxy ARP interface has been enabled, the interface will reply to the ARP with its own MAC address and forward the actual packets received.
Page 281 Usage Guide: Display contents for ARP packets received/sent, including type, source and destination address, etc. Example: Enabling ARP debugging Switch#debug arp ip arp debug is on Switch#%Apr 19 15:59:42 2005 IP ARP: rcvd, type 1, src 192.168.2.100, 000A.EB5B. 780C, dst 192.168.2.1, 0000.0000.0000 flag 0x0. %Apr 19 15:59:42 2005 IP ARP: sent, type 2, src 192.168.2.1, 0003.0F02.310A, dst 192.168.2.100, 000A.EB5B.780C.
Page 282 Flag Describes whether ARP entry is dynamic or static.
Page 283: Chapter 10 Dhcp Configuration
Chapter 10 DHCP Configuration 10.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway, DNS server, and default route and host image file position within the network.
Page 284: Dhcp Server Configuration
DHCP packets so that the DHCP packets exchange can be completed between the DHCP client and server. ES3628EA switch can act as both a DHCP server and a DHCP relay. DHCP server supports not only dynamic IP address assignment, but also manual IP address binding (i.e.
Page 285 Global Mode ip dhcp pool <name> Configures DHCP Address pool no ip dhcp pool <name> (2) Configure DHCP address pool parameters Command Explanation DHCP Address Pool Mode network-address <network-number> Configures the address scope that can be [mask | prefix-length] allocated to the address pool no network-address default-router Configures default gateway for DHCP...
Page 286: Dhcp Server Configuration Commands
dhcp excluded-address Excludes the addresses in the address <low-address> [<high-address>] pool that are not for dynamic allocation. dhcp excluded-address <low-address> [<high-address>] (3) Configure manual DHCP address pool parameters Command Explanation DHCP Address Pool Mode hardware-address Specifies the hardware address when <hardware-address>...
Page 287 Command Mode: DHCP Address Pool Mode Usage Guide: Specify the name of the file to be imported for the client. This is usually used for diskless workstations that need to download a configuration file from the server on boot up. This command is together with the “next sever”. Example: The path and filename for the file to be imported is “c:\temp\nos.img”...
Page 288 Parameters: address1…address8 are IP addresses, in decimal format. Default: No default gateway is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: The IP address of default gateway(s) should be in the same subnet as the DHCP client IP, the switch supports up to 8 gateway addresses.
Page 289 IEEE802|<type-number>}] no hardware-address Function: Specifies the hardware address of the user when binding address manually; the “no hardware-address” command deletes the setting. Parameters: <hardware-address> is the hardware address in Hex; Ethernet | IEEE802 is the Ethernet protocol type, <type-number> should be the RFC number defined for protocol types, from 1 to 255, e.g., 0 for Ethernet and 6 for IEEE 802.
Page 290 Command: ip dhcp conflict logging no ip dhcp conflict logging Function: Enables logging for address conflicts detected by the DHCP server; the “no ip dhcp conflict logging” command disables the logging. Default: Logging for address conflict is enabled by default. Command mode: Global Mode Usage Guide: When logging is enabled, once the address conflict is detected by the DHCP server, the conflicting address will be logged.
Page 291 DHCP, while too short duration results in increased network traffic and overhead. The default lease duration of ES3628EA switch is 1 day. Example: Setting the lease of DHCP pool “1” to 3 days 12 hours and 30 minutes.
Page 292 Function: Configures WINS servers’ address; the “no netbios-name-server” command deletes the WINS server. Parameters: address1…address8 are IP addresses, in decimal format. Default: No WINS server is configured by default. Command Mode: DHCP Address Pool Mode Usage Guide: This command is used to specify WINS server for the client, up to 8 WINS server addresses can be configured.
Page 293 Usage Guide: This command sets the scope of addresses that can be used for dynamic assignment by the DHCP server; one address pool can only have one corresponding segment. This command is exclusive with the manual address binding command “hardware address” and “host”. Example: Configuring the assignable address in pool 1 to be 10.1.128.0/24.
Page 294: Dhcp Relay Configuration
Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP services are enabled, both DHCP server and DHCP relay are enabled. ES3628EA switch can only assign IP address for the DHCP clients and enable DHCP relay when DHCP server function is enabled.
Page 295: Dhcp Relay Configuration Task List
DHCP relay forwards the packet to the DHCP server after processing. On receiving DHCPREPLY, the DHCP server responds with a DHCPACK packet via DHCP relay to the DHCP client. DHCP relay can not only send DHCP broadcasting packets to the specified DHCP servers, but can also send other specified UDP broadcast packet to specified servers.
Page 296: Dhcp Relay Configuration Commands
When layer 3 switches are used as DHCP ip dhcp relay information policy relays, this command sets relay drop forwarding policy to drop DHCP packets; the no ip dhcp relay information “no ip dhcp relay information policy drop” policy drop command allows DHCP packets forwarding.
Page 297 Example: The network administrator finds 10.1.128.160 that has a conflict record in the log and is no longer used by anyone, so he deletes the record from the address conflict log. Switch#clear ip dhcp conflict 10.1.128.160 10.3.2.3 clear ip dhcp server statistics Command: clear ip dhcp server statistics Function: Deletes the statistics for DHCP server, clears the DHCP server count.
Page 298: Dhcp Configuration Example
To save configuration efforts of network administrators and users, a company is using ES3628EA switch as a DHCP server. The Admin VLAN IP address is 10.16.1.2/16. The local area network for the company is divided into network A and B according to the office locations.
Page 299 Default gateway 10.16.1.200 Default gateway 10.16.1.200 10.16.1.201 10.16.1.201 DNS server 10.16.1.202 DNS server 10.16.1.202 WINS server 10.16.1.209 WINS server 10.16.1.209 WINS node type H-node WINS node type H-node Lease 3 days Lease 3 days In location A, a machine with MAC address 00-03-22-23-dc-ab is assigned with a fixed IP address of 10.16.1.210 and named as “management”.
Page 300 Fig 10-3 DHCP Relay Configuration As shown in the above figure, route switch is configured as a DHCP relay. The DHCP server address is 10.1.1.10, TFTP server address is 10.1.1.20, the configuration steps is as follows: Switch (Config)#service dhcp Switch (Config)#interface vlan 1 Switch (Config-if-Vlan1)#ip address 192.168.1.1 255.255.255.0 Switch (Config-if-Vlan1)#exit Switch (Config)#vlan 2...
Page 301: Dhcp Troubleshooting
In such case, DHCP server should be examined for an address pool that is in the same segment of the switch VLAN, such a pool should be added if not present, and (This does not indicate ES3628EA switch cannot assign IP address for different segments, see solution 2 for details.) In DHCP service, pools for dynamic IP allocation and manual binding are conflicting, i.e.,...
Page 302 Command: show ip dhcp binding [ [<ip-addr>] + [type {all | manual | dynamic}] [count] ] Function: Displays IP-MAC binding information. Parameters: <ip-addr> is a specified IP address in decimal format; “all” stands for all binding types (manual binding and dynamic assignment); “manual” for manual binding; “dynamic”...
Page 303 Command mode: Admin Mode Example: Switch# show ip dhcp server statistics Address pools Database agents Automatic bindings Manual bindings Conflict bindings Expired bindings Malformed message Message Received BOOTREQUEST 3814 DHCPDISCOVER 1899 DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Message Send BOOTREPLY 1911 DHCPOFFER DHCPACK DHCPNAK DHCPRELAY...
Page 304: Web Management
DHCPDISCOVER Number of DHCPDISCOVER packets DHCPREQUEST Number of DHCPREQUEST packets DHCPDECLINE Number of DHCPDECLINE packets DHCPRELEASE Number of DHCPRELEASE packets DHCPINFORM Number of DHCPINFORM packets Message Send Statistics for DHCP packets sent BOOTREPLY Total packets sent DHCPOFFER Number of DHCPOFFER packets DHCPACK Number of DHCPACK packets DHCPNAK...
Page 305 to 3 day 12 hour 30 minute, and then click Apply. The configuration is applied on the switch. 10.6.1.3 Client's default gateway configuration Click DHCP configuration, DHCP server configuration, Client's default gateway configuration. Users can configure DHCP client’s default gateway. The default gateway IP address should be in the same subnet as DHCP clients.
Page 306 10.6.1.5 Client WINS server configuration Click DHCP configuration, DHCP server configuration, Client WINS server configuration. Users can configure Wins server. Users can configure maximum eight WINS server. WINS server 1 has the highest priority and WINS server 8 has the lowest priority.
Page 307 10.6.1.7 DHCP network parameter configuration Click DHCP configuration, DHCP server configuration, DHCP network parameter configuration. Users can specify DHCP network parameters. 1.128.240; set Operation type to Set network parameter, and then click Apply. The configuration is applied on the switch. 10.6.1.8 Manual address pool configuration Click DHCP configuration, DHCP server configuration, Manual address pool configuration.Users can configure DHCP manual address pool:...
Page 308 10.6.1.9 Excluded address Click DHCP configuration, DHCP server configuration, Manual address pool configuration.Users can configure the exclusive addresses on the DCHP pool. 12.1.128.1; set Ending address to 10.1.128.10; set Operation type to Add address not for allocating dynamically, and then click Apply. The configuration is applied on the switch.
Page 309: Dhcp Debugging
switch; click Default, DHCP relay is enabled on the switch. 10.6.2 DHCP debugging Click DHCP configuration, DHCP debugging. Users can display DHCP debug information. 10.6.2.1 Delete binding log Click DHCP configuration, DHCP debugging, Delete binding log. Users can delete specified binding log or all binding logs. For example: Set Delete all binding log to Yes, and then click Apply.
Page 310 10.6.2.5 Show conflict-logging Click DHCP configuration, DHCP debugging, Show conflict-logging. Users can display conflict logging.
Page 311: Chapter 11 Sntp Configuration
Chapter 11 SNTP Configuration 11.1 Introduction to SNTP The Network Time Protocol (NTP) is widely used for clock synchronization for global computers connected to the Internet. NTP can assess packet sending/receiving delay in the network, and estimate the computer’s clock deviation independently, so as to achieve high accuracy in network computer clocking.
Page 312: Commands For Sntp
Campus users router Campus users Fig 11-1 Working Scenario ES3628EA switch implements SNTPv4 and supports SNTP client unicast as described in RFC2030; SNTP client multicast and unicast are not supported, nor is the SNTP server function. 11.2 Commands for SNTP 11.2.1 Clock timezone...
Page 313: Sntp Server
11.2.2 sntp server Command:sntp server {<server_address> | < server_ipv6_addr> } [version <version_no>] no sntp server {<server_address> | < server_ipv6_addr>} Function: Configure the IPv4/IPv6 addresses and the version of the SNTP/NTP server; the “no” form of this command cancels the configured SNTP/NTP server addresses. Parameter ：...
Page 314: Show Sntp
SwitchC Fig 11-2 Typical SNTP Configuration All ES3628EA switch in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured. There should be reachable route...
Page 315: Web Management
Example: Assume the IP addresses of the SNTP/NTP servers are 10.1.1.1 and 20.1.1.1, respectively, and SNTP/NTP server function (such as NTP master) is enabled, then configurations for any ES3628EA switch should like the following: Switch#config Switch (Config)#sntp server 10.1.1.1 Switch (Config)#sntp server 20.1.1.1 From now on, SNTP would perform time synchronization to the server according to the default setting (polltime 64s, version 1).
Page 316: Show Sntp
Time zone-configures time zone Time difference -configures time difference before-utc -means the configured time zone is the + UTC time after-utc -means the configured time zone is the - UTC time Example: Configure time zone as Beijing, select Add, set the time difference as 8, and then, click Apply to set the configuration in the switch .
Page 317: Chapter 12 Prevent Arp, Nd Spoofing Configuration
Chapter 12 Prevent ARP, ND Spoofing Configuration 12.1 Overview 12.1.1 ARP ( Address Resolution Protocol) Generally speaking, ARP (RFC-826) protocol is mainly responsible of mapping IP address to relevant 48-bit physical address, that is Mac address, for instance, IP address is 192.168.0.1, network card Mac address is 00-03-0F-FD-1D-2B.
Page 318: How To Prevent Void Arp/Nd Spoofing For Our Layer 3 Switch
12.1.3 How to prevent void ARP/ND Spoofing for our Layer 3 Switch There are many sniff, monitor and attack behaviors based on ARP protocol in networks, and most of attack behaviors are based on ARP spoofing, so it is very important to prevent ARP spoofing.
Page 319: Commands For Preventing Arp, Nd Spoofing
ip arp-security updateprotect Disable and enable ARP, Nd automatic no ip arp-security updateprotect update function ipv6 nd-security updateprotect no ipv6 nd-security updateprotect 2. Disable ARP, ND automatic learning function Command Explanation Admin mode and Interface Mode ip arp-security learnprotect Disable and enable ARP, ND automatic no Ip arp-security learnprotect learning function ipv6 nd-security learnprotect...
Page 320: Ipv6 Nd-Security Updateprotect
Example：Switch(Config-if-Vlan1)# ip arp-security updateprotect Switch(Config)# ip arp-security updateprotect 12.3.2 ipv6 nd-security updateprotect Command：ipv6 nd-security updateprotect no ipv6 nd-security updateprotect Function ： Forbid ND automatic learning function of IPv6 Version, the “no ipv6 nd-security updateprotect ” command re-enables ND automatic learning function. Parameter：...
Page 321: Ip Arp-Security Convert
Example：Switch(Config-if-Vlan1)#ipv6 nd -security learnprotect Switch(Config)#ipv6 nd -security learnprotect 12.3.5 ip arp-security convert Command：ip arp-security convert Function： Change all of dynamic arp to static arp Parameter： None Command Mode：Global Mode/ Interface configuration Example：Switch(Config-if-Vlan1)# ip arp -security convert Switch(Config)# ip arp -security convert 12.3.6 ipv6 nd-security convert Command：ipv6 nd-security convert Function：...
Page 322: Prevent Arp, Nd Spoofing Example
12.4 Prevent ARP, ND Spoofing Example Fig 12-1 Prevent ARP ,ND Spoofing Equipment Explanation Equipment Configuration Quality switch IP:192.168.2.4; IP:192.168.1.4; mac: 04-04-04-04-04-04 IP:192.168.2.1; mac: 01-01-01-01-01-01 IP:192.168.1.2; mac: 02-02-02-02-02-02 IP:192.168.2.3; mac: 03-03-03-03-03-03 some There is a normal communication between B and C on above diagram. A wants switch to forward packets sent by B to itself, so need switch sends the packets transfer from B to A.
Page 323 If the environment changing, it enable to forbid ARP refresh, once it learns ARP property, it wont be refreshed by new ARP reply package, and protect use data from sniffing. Switch#config Switch(config)#ip arp-security updateprotect...
Page 324: Chapter 13 Routing Protocol
Exterior Gateway protocol (EGP). IGP is the protocol used to calculate the route to a destination inside an autonomous system. IGP supported by ES3628EA switch include RIP and OSPF, RIP and OSRF can be configured according to the requirement. ES3628EA switch supports running several IGP dynamic routing protocols at the same...
Page 325: Routing Table
EGP is used to exchange routing information among different autonomous systems, such as BGP protocol. EGP supported by ES3628EA switch include BGP-4, BGP-4+.. 13.1.1 Routing Table As mentioned before, layer3 switch is mainly used to establish the route from the current layer3 switch to a network or a host, and to forward packages according to the route.
Page 326: Ip Routing Policy
The matching rules can be previously configured to be applied in the routing publishing, receiving and distributing policies. Five filters are provided in ES3628EA switch: route-map, acl, as-path, community-list and ip-prefix for use. We will introduce each filter in following sections: 1. route-map For matching certain properties of the specified routing information and setting some routing properties when the conditions are fulfilled.
Page 327 sequence-number. Match clauses define matching rules. The matching objects are some properties of routing messages. Different match clause in the same node is “and” relation logically, which means the matching test of a node, will not be passed until conditions in its entire match clause are matched.
Page 328: Ip Routing Policy Configuration Task List
As for relevant Community-list configuration, please refer to the ip as-path command in BGP configuration 13.2.2 IP Routing Policy Configuration Task List 1、 Define route-map 2、Define the match clause in route-map 3、Define the set clause in route-map 4、Define address prefix list 1.Define route-map Command Explanation...
Page 329 Match by ports; The no match interface match interface <interface-name > [<interface-name >] no match interface [<interface-name >] command deletes match condition Match the address or next-hop; The no match match ip <address | next-hop> <ip-acl-name | ip <address | next-hop> ip-acl-num | prefix-list list-name>...
Page 330 Distribute an AS No. for BGP aggregator; The no set aggregator as <as-number> <ip_addr> aggregator no set aggregator as [<as-number> <ip_addr>] [<as-number> command <ip_addr>] deletes the configuration Add a specified AS No. set as-path prepend <as-num> before the BGP routing no set as-path prepend [<as-num>] messages as-path series;...
Page 331 Configure BGP extended set extcommunity <rt | soo> <AA:NN> community list property; no set extcommunity <rt | soo> [<AA:NN>] extcommunity <rt | soo> command [<AA:NN>] deletes the configuration Set next-hop IP address; set ip next-hop <ip_addr> The no set ip next-hop no set ip next-hop [<ip_addr>] command [<ip_addr>]...
Page 332: Commands For Routing Policy
Set BGP VPNv4 next-hop set vpnv4 next-hop <ip_addr> address; no set vpnv4 next-hop [<ip_addr>] vpnv4 next-hop command [<ip_addr>] deletes the configuration Set BGP routing weight; set weight < weight_val> The no set weight [< no set weight [< weight_val>] command weight_val>] deletes the configuration 4.
Page 333 Default: None. Command Mode: Global Mode Usage Guide: This command can be used for explaining and describing a prefix-list, e.g. the application and attention matters of the prefix-list Example: Switch#config terminal Switch(config)#ip prefix-list 3 description This list is used by BGP 13.2.3.2 ip prefix-list seq Command: ip prefix-list <list_name>...
Page 334 so to grant the passage for all other routing messages. Example: Switch#config terminal Switch(config)# ip prefix-list mylist seq 12345 deny 10.0.0.0/8 le 22 ge 14 13.2.3.3 match as-path Command:match as-path <list-name> no match as-path [<list-name>] Function: Configure the AS path domain for matching the BGP routing messages. The “no match as-path [<list-name>]”...
Page 335 Switch(config-route-map)#match community 100 exact-match 13.2.3.5 match interface Command: match interface <interface-name > no match interface [<interface-name > Function: Configure to match the interfaces. The “no match interface [<interface-name >“ deletes this configuration. Parameter:“<interface-name >“ is the name of the interface. Command Mode: route-map mode Usage Guide: This command matches according to the next-hop messages in the route.
Page 336 13.2.3.7 match metric Command: match metric <metric-val > no match metric [<metric-val >] Function: Match the metric value in the routing message. The “no match metric [<metric-val >]” deletes the configuration. Parameter: <metric-val > is the metric value, ranging between 0～4294967295. Command Mode: route-map mode Usage Guide: This command matches according to metric value in the route.
Page 337 match with the OSPF type 1 external route. Command Mode: route-map mode Usage Guide: This command matches according to the type of OSPF routes （OSPF AS-external LSA type is either type 1or type 2）. If the matching succeeded, then the “permit”...
Page 338 The check sequence among nodes is identified by sequence-number. “permit” means the node filter will be passed if all match subs are obtained by current route and then further all the set sub of this node will be executed without entering the check in the next node; if the match subs can not be met, the proceed to the check in next node.
Page 339 Command Mode: route-map mode Usage Guide: To add AS number in the As domain of the BGP, the AS path length should be lengthened so to affect the best neighbor path option. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5...
Page 340 Switch(config-route-map)#set comm-list 100 delete 13.2.3.16 set community Command: set community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive] community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive] Function: Configure the community attributes of the BGP routing message. The “no set community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive]”...
Page 341 Command: set ip next-hop <ip_addr> no set ip next-hop [<ip_addr>] Function: Configure the next-hop of the route. The “no set ip next-hop [<ip_addr>]” command deletes the configuration. Parameter: <ip_addr > is the ip address of next-hop shown with dotted decimal notation. Command Mode: route-map mode Usage Guide: Example:...
Page 342 local AS. The less the metric value is the higher is the priority. Under normal circumstances only the path metric value of the neighbors of the same AS will be compared. To extend the comparison to the metric values of different neighbor path, the bgp always-compare-med command should be configured.
Page 343 13.2.3.23 set originator-id Command: set originator-id <ip_addr> no set originator-id [<ip_addr>] Function: Configure the origin ip address of the BGP routing message. The “no set originator-id [<ip_addr>]” command deletes the configuration. Parameter: <ip_addr> is the ip address of the route source shown by dotted decimal notation.
Page 344: Configuration Examples
Usage Guide: To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set vpnv4 next-hop 10.1.1.1 13.2.3.26 set weight Command: set weight <weight_val> no set weight [<weight_val>] Function: Configure the weight value of BGP routing message. The “no set weight [<weight_val>]”...
Page 345: Troubleshooting
192.68.11.1 VLAN1 VLAN3 192.68.10.1 VLAN2 SwitchA 192.68.6.1 SwitchB VLAN2 VLAN3 VLAN1 192.68.6.2 192.68.5.2 172.16.20.1 VLAN1 VLAN3 192.68.5.1 172.16.20.2 SwitchC SwitchD VLAN2 VLAN2 172.16.1.1 172.16.1.2 Fig 13-1 Policy routing Configuration configuration procedure: (only SwitchA is listed,configurations for other switches are omitted.) The configuration of Layer 3 switchA: SwitchA#config SwitchA (config) #router bgp 1...
Page 346 Items in address prefix list should at least have one item set to permit mode. The deny mode items can be defined first to fast remove the unmatched routing messages, however if all the items are set to deny mode, any route will not be able to pass the filtering of this address prefix list.
Page 347 Parameter: Detail means show detailed messages, summary means show summary messages, <list-name> is the name of prefix-list. Default: None Command Mode: all modes Usage Guide: All prefix-lists will be shown if no prefix-list name is specified. Example: Switch#show ip prefix-list detail mylist ip prefix-list mylist: count: 2, range entries: 0, sequences: 5 - 10 deny 1.1.1.1/8 (hit count: 0, recount: 0)
Page 348: Static Route
Displayed information Explanation route-map a, deny, sequence 10 route-map a means the name of route map is a, deny means the deny mode, sequence means sequence number is 10 Match clauses: Match sub as-path 60 Detailed contents in the Match sub Set clauses: Set sub metric 10...
Page 349: Static Route Configuration Task List
network is unreachable. 13.3.3 Static Route Configuration Task List 1．Static route configuration 2．Default route configuration 1. static route configuration Command Explanation Global mode Set static routing; the no ip route {<ip-prefix> <mask> route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} {<gateway-address> <ip-prefix>/<prefix-length>} | <gateway-interface>} [<distance>] [<gateway-address>...
Page 350 Function: Configure the static route. The “no ip route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} [<gateway-address> <gateway-interface>] [<distance>]” command deletes the static route. Parameter: The <ip-prefix> and <mask> are respectively destination IP address and subnet mask, shown in dotted decimal notation; <ip-prefix> and <prefix-length> are respectively the destination IP address and the length of prefix;...
Page 351 route; kernel is kernel route; statistics shows the number of routes; database route database; fib is kernel route table. Command Mode: all modes Usage Guide: Show all the contents in the route table including: route type, destination network, mask, next-hop address, interface, etc Example: Switch#show ip route fib Codes: C - connected, S - static, R - RIP derived, O - OSPF derived...
Page 352 Usage Guide: With show ip route command, contents about static route in the route table can be shown, including destination IP address, network mask and next-hop IP address or forwarding interfaces. Example: Switch#show ip route fib Codes: C - connected, S - static, R - RIP derived, O - OSPF derived A - OSPF ASE, B - BGP derived Destination Mask...
Page 353: Configuration Examples
address and prefix length; <gateway-address> is the next-hop IP address show in dotted decimal notation; <gateway-interface> is the next-hop interface, < distance > is the route managing distance value ranging between 1～255. Default: Default static route managing value is 1. Command Mode: Global mode Usage Guide: VPN route forwarding instances have to be successfully configured before using this command.
Page 354: Rip
Switch(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.1 Configuration of layer3 SwitchB Switch#config Switch(config)#ip route 0.0.0.0 0.0.0.0 10.1.3.2 In this way, ping connectivity can be established between PC-A and PC-C, and PC-B and PC-C 13.4 RIP 13.4.1 Introduction to RIP RIP is first introduced in ARPANET, this is a protocol dedicated to small, simple networks.
Page 355 MD5 password authentication are supported), and support variable length subnet mask. RIP-II used some of the zero field of RIP-I and require no zero field verification. ES3628EA switch send RIP-II packets in multicast by default, both RIP-I and RIP-II packets will be accepted.
Page 356: Rip Configuration Task List
The Layer3 switch modifies its local route table on receiving the reply packets and sends triggered update packets to the neighbor devices to advertise route update information. On receiving the triggered update package, the neighbor lay3 switches send triggered update packages to their neighbor lay3 switches. After a sequence of triggered update package broadcast, all layer3 switches get and maintain the latest route information.
Page 357 Configure the RIP VPN command. 1. Enable RIP protocol Applying RIP route protocol with basic configuration in ES3628EA switch is simple. Normally you only have to open the RIP switch and configure the segments running RIP, namely send and receive the RIP data packet by default RIP configuration. The version of data packet sending and receiving is variable when needed, allow/deny sending, receiving RIP data packet.
Page 358 Router configuration mode Sets the default route metric for route to be default-metric <value> introduced; the “no default-metric” command no default-metric restores the default setting. redistribute {kernel |connected| Redistribute the routes distributed in other static| ospf| isis| bgp} routing protocols into the RIP data packet; the [metric<value>] [route-map<word>] no redistribute {kernel |connected| static| no redistribute {kernel |connected|...
Page 359 Configure the password used by the key, the key-string <text> no key-string <text> command deletes the no key-string <text> password accept-lifetime <start-time> Configure a key on the key chain and accept {<end-time>| duration<seconds>| authorized time; infinite} accept-lifetime command delete it no accept-lifetime send-lifetime <start-time>...
Page 360 （3）Configure other RIP protocol parameters 1）Configure RIP routing priority 2）Configure the RIP route capacity limit in route table 3）Configure timer for RIP update, timeout and hold-down 4）Configure RIP UDP receiving buffer size Command Explanation Router configuration mode Specify the route administratively distance of distance <number>...
Page 361: Commands For Rip
Sets the version of RIP packets to send on all ip rip send version { 1 | 1-compatible interfaces; the no ip rip send version | 2 } command set the version to the one no ip rip send version configured by the version command Sets the version of RIP packets to receive on all interfaces;...
Page 362 no accept-lifetime Function: Use this command to specify a key accept on the key chain as a valid time period. The “no accept-lifetime” command deletes this configuration. Parameter: <start-time> parameter specifies the start time of the time period, of which the form should be: <start-time>={<hh:mm:ss>...
Page 363 Function: Configure this command to enable the routing message switching among VRF enter address-family mode. “no address-family ipv4 <vrf-name>“ command deletes the RIP instances related to this VPN routing/forwarding instances Parameter: <vrf-name> specifies the name of VPN routing/forwarding instances Command Mode: router mode Usage Guide:This command is only used on PE router.
Page 364 Command: [no] debug rip [events| nsm| packet[recv|send][detail]| all] Function: Open various RIP adjustment switches and show various adjustment debugging messages. The “[no] debug rip [events| nsm| packet[recv|send][detail]| all]” command close corresponding debugging switch. Parameter : events shows the debugging messages of RIP events nsm shows the communication messages between RIP and NSM.
Page 365 of the routes from other routing protocols when distributed into the RIP routes. When using the redistribute commands for introducing routes from other protocols, the default route metric value specified by default-metric will be adopted if no specific route metric value is set.
Page 366 Parameter:<access-list-number |access-list-name> is the name or access-list number to be applied. <prefix-list-name> is the name of the prefix-list to be applied. <ifname> specifies the name of interface to be applied with route filtering. Default: The function in default situation is disabled. Command Mode: Router mode and address-family mode Usage Guide: The filter will be applied to all the interfaces in case no specific interface is set.
Page 367 Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip authentication key my key 13.4.3.11 ip rip authentication mode Command:ip rip authentication mode {text|md5} no ip rip authentication mode {ext|md5} Function: Configure the authentication mode; the “no ip rip authentication mode {ext|md5}” command restores to the default authentication mode namely text authentication mode.
Page 368 Switch(Config-if-Vlan1)# ip rip authentication string guest 13.4.3.13 ip rip authentication cisco-compatible Command:ip rip authentication cisco-compatible no ip rip authentication cisco-compatible Function: After configured this command, the cisco RIP packets will be receivable by configuring the plaintext authentication or MD5 authentication. Parameter: None Default: Not configured Command Mode: Interface mode...
Page 369 Command Mode: Interface Mode Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip receive version 1 2 13.4.3.16 ip rip send-packet Command: ip rip send-packet no ip rip send-packet Function: Set the Interface to be able to receive the RIP packets; the “no ip rip send-packet”...
Page 370 the layer 3 switches from broadcasting the routes which is learnt from the same interface on which the route to be broadcasted Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip split-horizon poisoned 13.4.3.19 key Command:key <keyid> no key <keyid> Function: This command is for managing and adding keys in the key chain.
Page 371 RIP authentication only the first 16 characters will be used. Command Mode: Keychain-key mode Usage Guide: This command is for configure different passwords for keys with different Example: Switch# config terminal Switch(config)# key chain mychain Switch(config-keychain)# key 1 Switch(config-keychain-key)# key-string prime 13.4.3.22 maximum-prefix Command: maximum-prefix <maximum-prefix>[<threshold>] no maximum-prefix...
Page 372 Usage Guide: When used accompany with passive-interface command it can be configured to only sending routing messages to specific neighbor. Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# neighbor 1.1.1.1 13.4.3.24 network Command: [no] network <A.B.C.C/M|ifname> Function: Configure the RIP protocol network Parameter: <A.B.C.C/M|>...
Page 373 Switch(config-router)# offset-list 1 in 5 vlan 1 13.4.3.26 passive-interface Command: passive-interface <ifname> no passive-interface <ifname> Function: Set the RIP layer 3 switch blocks RIP broadcast on specified interface, on which the RIP data packets will only be sent to layer 3 switches configured with neighbor. Parameter: <ifname>...
Page 374 ospf introduce from OSPF routes isis introduce from ISIS routes bgp introduce from BGP routes <value> is the metric value assigned to the introduced route, ranging between 0-16 <word> is the probe pointing to the route map for introducing routes. Command Mode: Router mode and address-family mode.
Page 375 Enable the RIP protocol mode Switch(config)#router rip Switch(config-router)# 13.4.3.31 send-lifetime Command: send-lifetime <start-time> {<end-time>| duration<seconds>| infinite} no send-lifetime Function: Use this command to specify a key on the keychain as the time period of sending keys. The “no send-lifetime” cancels this configuration. Parameter: <start-time>...
Page 376 Switch(config)# key chain mychain Switch(config-keychain)# key 1 Switch(config-keychain-key)# send-lifetime 03:03:01 Dec 3 2004 04:04:02 Oct 6 2006 13.4.3.32 timers basic Command: timers basic <update> <invalid> <garbage> no timers basic Function: Adjust the RIP timer update, timeout, and garbage collecting time. The “no timers basic”...
Page 377: Rip Examples
13.4.4 RIP Examples 13.4.4.1 Typical RIP Examples SwitchB Interface Interface vlan1:10.1.1.2/24 vlan1:10.1.1.1/24 SwitchC Interface SwitchA Interface vlan2:20.1.1.1/24 Vlan2:20.1.1.2/24 Fig 13-3 RIP example In the figure shown above, a network consists of three Layer 3 switches, in which SwitchA connected with SwitchB and SwitchC, and RIP routing protocol is running in all of the three switches.
Page 378 SwitchA(config-router)#network vlan 2 SwitchA(config-router)#exit Configure that the interface vlan 2 do not transmit RIP messages to SwitchC SwitchA(config)#router rip SwitchA(config-router)#passive-interface vlan 2 SwitchA(config-router)#exit SwitchA (config) # Layer 3 SwitchB Configure the IP address of interface vlan 1 SwitchB#config SwitchB(config)# interface vlan 1 SwitchB(Config-if-Vlan1)# ip address 10.1.1.2 255.255.255.0 SwitchB (Config-if-Vlan1)exit Initiate RIP protocol and configure the RIP segments...
Page 379 In the figure shown above, a network consists of three Layer 3 switches, in which the SwitchA as PE, SwitchB and SwitchC as CE1 and CE2. The PE is connected to CE1 and CE2 through vlan 1 and vlan 2. The routing messages are exchanged between PE and CE through RIP protocol.
Page 380: Rip Troubleshooting
SwitchB(config)# interface Vlan1 SwitchB(config-if-Vlan1)# ip address 10.1.1.2 255.255.255.0 SwitchB (config-if-Vlan1)exit Initiate RIP protocol and configure the RIP segments SwitchB(config)#router rip SwitchB(config-router-rip)#network Vlan1 SwitchB(config-router-rip)#exit SwitchC Configure the IP address of Ethernet port E 0/0/2 SwitchC#config SwitchC(config)# interface Vlan1 SwitchC(config-if-vlan1)# ip address 20.1.1.2 255.255.255.0 SwitchC (config-if-vlan1)#exit Initiate RIP protocol and configure the RIP segments SwitchC(config)#router rip...
Page 381 corresponding interfaces. Then enter the RIP address family mode configuring corresponding parameters. If the RIP routing problem remains unresolved, please use debug rip command to record the debug message in three minutes, and send them to our technical service center. 13.4.5.1 Commands for Monitor And Debug 13.4.5.1.1 show debugging rip Command: show debugging rip...
Page 382 Gateway Distance Last Update Bad Packets Bad Routes 20.1.1.1 120 00:00:31 Distance: (default is 120) Displayed information Explanation Sending updates every 30 seconds with +/-50%, next Sending update every 30 due in 8 seconds secs Timeout after 180 seconds, garbage collect after 120 route time-out event...
Page 383 Example: show ip rip Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP Network Next Hop Metric From Time R 12.1.1.0/24 20.1.1.1 2 20.1.1.1 Vlan1 02:51 R 20.1.1.0/24 Vlan1 Amongst R stands for RIP route, namely a RIP route with the destination network address 12.1.1.0, the network prefix length as 24, next-hop address at 20.1.1.1.
Page 384 Command Mode: Any mode Example: Switch# show ip rip interface vlan 1 Vlan1 is up, line protocol is up Routing Protocol: RIP Receive RIP packets Send RIP packets Passive interface: Disabled Split horizon: Enabled with Poisoned Reversed IP interface address: 10.1.1.1/24 13.4.5.1.7 show ip rip interface vrf Command: show ip rip interface vrf <vrf-name>[<ifname>]...
Page 385: Ripng
13.4.5.1.8 show ip vrf Command: show ip vrf [<vrf-name>] Function: This command shows the RIP instances messages related to the VPN routing/forwarding instances Parameter: Specifies the name of the VPN routing/forwarding instances Command Mode: Any mode Usage Guide: The command also exist in other routing protocols, when using this command, messages of other routing protocol processes related to this VPN routing/forwarding instances will also be displayed Example: Switch# show ip vrf IPI...
Page 386 Then, it will send this information to its own neighbor layer3 switches. As a result, the route selection table is built on second hand information, route beyond 15 hops will be deemed as unreachable. RIPng is an optional routing protocol based on UDP. Hosts using RIPng send and receive packets on UDP port 521.
Page 387: Ripng Configuration Task List
The operation of RIP protocol is shown below: Enable RIPng The switch sends request packets to the neighbor layer3 switches by broadcasting; on receiving the request, the neighbor devices reply with the packets containing their local routing information. The Layer3 switch modifies its local route table on receiving the reply packets and sends triggered update packets to the neighbor devices to advertise route update information.
Page 388 （4） 1. Enable RIPng protocol Applying RIPng route protocol with basic configuration in ES3628EA switch is simple. Normally you only have to open the RIPng switch and configure the segments running RIPng, namely send and receive the RIPng data packet by default RIPng configuration.
Page 389 Configure the default metric of distributed route; the default-metric <value> default-metric <value> no default-metric command restores the no default-metric default configuration 1 Redistribute the routes distributed in other route protocols into the RIPng data packet; [no]redistribute {kernel the [no]redistribute {kernel |connected| |connected| static| ospf| isis| bgp} [metric<value>] static| ospf| isis| bgp} [metric<value>]...
Page 390: Commands For Ripng
Configure route aggregation, [no]aggregate-address [no]aggregate-address <IPv6-address <IPv6-address> command cancels the route aggregation. 3）configure split horizon Command Explanation Interface configuration mode Configure that take the split-horizon when the port sends data packets, poisoned means IPv6 rip split-horizon [poisoned] with poison reverse Cancel the split-horizon.
Page 391 Command Mode: Router mode Usage Guide: none Example: Switch# config terminal Switch(config)# router ipv6 rip Switch(config-router)# aggregate-address 3ffe:8088::/32 13.5.3.2 clear ipv6 route Command: clear ipv6 rip route { <ipv6-address >| kernel |static | connected |rip |ospf |isis | bgp |all } Function: Clear specific route from the RIPng route table Parameter: Clears the route exactly match with the destination address from the RIP route table...
Page 392 Switch(config-router)# default-information originate 13.5.3.4 default-metric Command: default-metric <value> no default-metric Function: Set the default metric route value of the introduced route; the “no default-metric” restores the default value. Parameter: <value> is the route metric value to be set, ranging between 1～16. Default: Default route metric value is 1.
Page 393 Function: This command uses access-list or prefix-list to filter the route renews messages sent received. “[no]distribute-list{access-list-name> |prefix<prefix-list-name>} {in|out} [<ifname>]” command cancels this filter function Parameter: <access-list-name> is the name or access-list number to be applied. <prefix-list-name> is the name of the prefix-list to be applied. <ifname> specifies the name of interface to be applied with route filtering Default: Function disabled by RIPng by default Command Mode: Router mode...
Page 394 send routing messages to specified neighbor only. Example: Switch# config terminal Switch(config)# router ipv6 rip Switch(config-router)# neighbor FE80:506::2 Vlan1 13.5.3.9 Offset-list Command: [no] offset-list <access-list-number |access-list-name> {in|out }<number >[<ifname>] Function: Add an offset value on the routing metric value learnt by RIPng. The “|access-list-name>...
Page 395 Function: Introduce the routes learnt from other routing protocols into RIP Parameter: kernel introduce from kernel routes connected i ntroduce from direct routes static introduce from static routes ospf introduce from IPv6 OSPF routes isis introduce from IPv6 ISIS routes bgp introduce from IPv6 BGP routes <value>...
Page 396: Ripng Configuration Examples
Command Mode: Global mode Usage Guide: This command is for enabling the RIPng routing protocol, this command should be enabled before performing other global configuration of the RIPng protocol. Example: Enable the RIPng protocol mode Switch(Config)#router ipv6 rip Switch(Config-Router)# 13.5.4 RIPng Configuration Examples SwitchB Interface VLAN 1 Interface VLAN 1...
Page 397: Ripng Troubleshooting
SwitchA (config)# interface Vlan2 SwitchA (config-if-Vlan2)# IPv6 address 2001:1:1::1/64 SwitchA (config-if-Vlan2)#IPv6 router rip SwitchA (config-if-Vlan2)#exit Configure the interface vlan1 do not send RIPng messages to SwitchC SwitchA (config)# SwitchA (config-router)#passive-interface Vlan1 SwitchA (config-router)#exit Layer 3 SwitchB Enable RIPng protocol SwitchB (config)#router IPv6 rip SwitchB (config-router-rip)#exit Configure the IPv6 address and interfaces of Ethernet port vlan1 to run RIPng SwitchB #config...
Page 398 then initiate the RIPng protocol (use router IPv6 rip command) and configure the port (use IPv6 router command) ,and set RIPng protocol parameter on corresponding interfaces. After that, a RIPng protocol feature should be noticed ---the Layer 3 switch running RIPng transmits the route updating messages every 30 seconds.
Page 399 13.5.5.1.2 show debugging ipv6 rip Command: show debugging ipv6 rip Function: Show RIPng debugging status for following debugging options: nsm debugging, RIPng event debugging, RIPng packet debugging and RIPng nsm debugging Command Mode: Any mode Example: Switch# show debugging rip RIP debugging status: RIPng event debugging is on RIPng packet detail debugging is on...
Page 400 Command Mode: Any mode Example: Routing Protocol is "RIPng" Sending updates every 30 seconds with +/-50%, next due in 1 second Timeout after 180 seconds, garbage collect after 120 seconds Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Ethernet0/0/10 filtered by dclist Default redistribute metric is 1...
Page 401: Ospf
B - BGP, a - aggregate, s - suppressed Network Next Hop Met Tag Time R 2000:1:1::/64 Vlan2 R 2001:1:1::/64 fe80::203:fff:fe01:257c Vlan2 02:40 R 3000:1:1::/64 Vlan10 1 R 3010:1:1::/64 Amongst R stands for RIP route, namely a RIP route with the destination network address 2001:1:1::/64, next-hop address at fe80::203:fff:fe01:257c.
Page 402 protocol for autonomous system based on link-state. The protocol creates a link-state database by exchanging link-states among layer3 switches, and then uses the Shortest Path First algorithm to generate a route table basing on that database. Autonomous system (AS) is a self-managed interconnected network. In large networks, such as the Internet, a giant interconnected network is broken down to autonomous systems.
Page 403 impossible, this is because of the way link-state routing protocols build up their routing table. The second advantage is that converging in a link-state interconnected network is very fast, once the routing topology changes, updates will be flooded throughout the network very soon.
Page 404 the autonomous system. The first type of exterior route corresponds to the information introduced by OSPF from the other interior routing protocols, the costs of those routes are comparable with the costs of OSPF routes; the second type of exterior route corresponds to the information introduced by OSPF from the other exterior routing protocols, but the costs of those routes are far greater than that of OSPF routes, so OSPF route cost is ignored when calculating route costs.
Page 405: Ospf Configuration Task List
RFC2328. 13.6.2 OSPF Configuration Task List The OSPF configuration for Edge-core series switches may be different from the configuration procedure to switches of the other manufacturers. It is a two-step process: 1、Enable OSPF in the Global Mode;...
Page 406 Disable OSPF protocol 1. Enable OSPF protocol Basic configuration of OSPF routing protocol on ES3628EA switch is quite simple, usually only enabling OSPF and configuration of the OSPF area for the interface are required. The OSPF protocol parameters can use the default settings. If OSPF protocol parameters need to be modified, please refer to “2.
Page 407 2.Configure OSPF protocol parameters （1）Configure OSPF package sending mechanism parameters 1）Configure OSPF package verification 2）Set the OSPF interface to receive only 3）Configure the cost for sending packages from the interface Command Explanation Interface configuration mode Configures the authentication method by the ip ospf authentication interface to accept OSPF packages;...
Page 408 Sets interval retransmission link-state advertisement among neighbor ip ospf retransmit <time> layer3 switches; the “no ip ospf retransmit” no ip ospf retransmit command restores the default setting. （2）Configure OSPF route introduction parameters Configure the routes of the other protocols to introduce to OSPF. Command Explanation OSPF protocol configuration mode...
Page 409: Commands For Ospf
Configure the parameters in OSPF area <id> {authentication area (STUB area, NSSA area and [message-digest] | default-cost <cost> | virtual links); the no area <id> filter-list {access | prefix} <WORD> {in | out} | nssa [default-information-originate {authentication default-cost | no-redistribution | no-summary | filter-list {access | prefix} <WORD>...
Page 410 Parameter: <id> is the area number which could be shown in digit, ranging between 0～ 4294967295, or in IP address. Default: No authentication Command Mode: OSPF protocol mode Usage Guide: Set the authentication mode to plaintext authentication or MD5 authentication. The authentication mode is also configurable under interface mode of which the priority is higher than those in the area.
Page 411 Command Mode: OSPF protocol mode Usage Guide: This command is used for restraining routes from specific area from spreading between this area and other areas. Example: Set a filter on the area 1 Switch(config)#access-list 1 deny 172.22.0.0 0.0.0.255 Switch(config)#access-list 1 permit any-source Switch(config)#router ospf 100 Switch(config-router)#area 1 filter-list access 1 in 13.6.3.4 area nssa...
Page 412 Command: area <id> range <address> [advertise| not-advertise| substitute] no area <id> range <address> Function: Aggregate OSPF route on the area border. The “no area <id> range <address>“ cancels this function. Parameter: <id> is the area number which could be digits ranging between 0 ～ 4294967295, and also as an IP address.
Page 413 Switch# config terminal Switch(config)# router ospf Switch(config-router)# area 1 shortcut default Switch(config-router)area 52 shortcut disable Switch(config-router)no area 42 shortcut enable 13.6.3.7 area stub Command: area <id> stub [no-summary] no area <id> stub [no-summary] Function: Define a area to a stub area. The “no area <id> stub [no-summary]” command cancels this function.
Page 414 authentication : Enable authentication on this virtual link message-digest: Authentication with MD-5 null : Overwrite password or packet summary with null authentication. AUTH_KEY= authentication-key <key> <key>: A password consists of less than 8 characters INTERVAL= [dead-interval|hello-interval|retransmit-interval|transmit-delay] <value> <value>:>: The delay or interval seconds, ranging between 1~65535 <dead-interval>: A neighbor is considered offline for certain dead interval without its group messages which the default is 40 seconds.
Page 415 If several high bandwidth links exist, their cost can be assorted by configuring a larger reference bandwidth value. Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#auto-cost reference-bandwidth 50 13.6.3.10 capability opaque Command: [no] capability opaque Function: This command enables opaque-LSA. The “[no] capability opaque” command closes this function.
Page 416 Example: Switch#clear ip ospf process 13.6.3.13 distance Command: distance {<value>|ROUTEPARAMETER} no distance ospf Function: Configure OSPF manage distance base on route type. The “no distance ospf” command restores the default value. Parameter: <value>, OSPF routing manage distance, ranging between 1~235 ROUTEPARAMETER= ospf {ROUTE1|ROUTE2|ROUTE3} ROUTE1= external <external-distance>, Configure the distance learnt from other routing area.
Page 417 rip RIP route isis ISIS route bgp BGP route Default: None Command Mode: OSPF protocol mode Usage Guide: When distributing route from other routing protocols into0 the OSPF routing table, we can use this command Example: Example below is the advertisement based on the access-list list 1 of the BGP route.
Page 418 no ip ospf [<ip-address>] authentication Function:Specify the authentication mode required in sending and receiving OSPF packets on the interfaces; the “no ip ospf [<ip-address>] authentication” command cancels the authentication Parameter: <ip-address> is the interface IP address, shown in dotted decimal notation.
Page 419 Default: Default OSPF cost on the interface is 10. Command Mode: Interface Mode Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf cost 3 13.6.3.19 ip ospf database-filter Command: ip ospf [<ip-address>] database-filter all out no ip ospf [<ip-address>] database-filter Function: The command opens LSA database filter switch on specific interface; the “no ip ospf [<ip-address>] database-filter”...
Page 420 Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf dead-interval 80 13.6.3.21 ip ospf disable all Command: [no]ip ospf disable all Function: Stop OSPF group process on the interface Command Mode: Interface Mode Usage Guide: This command resets the network area command and stops group process on specific interface.
Page 421 13.6.3.23 ip ospf message-digest-key Command: ip ospf [<ip-address>] message-digest-key <key_id> MD5 <LINE> no ip ospf [<ip-address>] message-digest-key <key_id> Function: Specify the key id and value of MD5 authentication on the interface; the “no ip ospf [<ip-address>] message-digest-key <key_id>“ restores the default value Parameter: <ip-address>...
Page 422 Function: Use this command so that the mtu size is not checked when switching DD; the “no ip ospf <ip-address> mtu-ignore” will ensure the mtu size check when performing DD switch Parameter: <ip-address> is the interface IP address show in dotted decimal notation Default: Check mtu size in DD switch Command Mode: Interface Mode...
Page 423 Command Mode: Interface Mode Usage Guide: When two layer 3 switches connected to the same segments both want to be the “Defined layer 3 switch”, the priority will decide which one should be chosen. Normally the one with higher priority will be elected, or the one with larger router-id number if the priorities are the same.
Page 424 Parameter: <ip-address> is the interface IP address show in dotted decimal notation <time> is the transmit delay value of link state announcements between the interface and adjacent layer 3 switches, shown in seconds and ranging between 1～65535 Default: Default transmit delay value of link state announcements is 1 second Command Mode: Interface Mode Usage Guide:The LSA ages with time in the layer 3 switches, but not in the network transmitting process.
Page 425 Default: No default configuration Command Mode: OSPF protocol mode Usage Guide: Use this command on NBMA network to configure neighbor manually. Every known non-broadcasting neighbor router should be configured with a neighbor entry. The configured neighbor address should be the main address of the interface. The poll-interval should be much larger than the hello-interval Example: Switch#config terminal...
Page 426 Parameter: cisco, Realize through cisco ABR; ibm, Realize through ibm ABR; shortcut, Specify a shortcut-ABR; standard, Realize with standard（RFC2328）ABR. Default: Cisco by default Command Mode: OSPF protocol mode Usage Guide: For Specifying the realizing type of abr. This command is good for interactive operation among different OSPF realizing method and is especially useful in the multiple host environment.
Page 427 Switch(config)#router ospf Switch(config-router)#overflow database 10000 soft 13.6.3.36 overflow database external Command: [no]overflow database external [<maxdbsize > <maxtime>] Function: The command is for configuring the size of external link database and the waiting time before the route exits overflow state. The “[no]overflow database external [<maxdbsize >...
Page 428 bgp introduce from BGP route metric <value> is the introduced metric value, ranging between 0-16777214 metric-type {1|2} is the metric value type of the introduced external route, which can be 1 or 2, and it is 2 by default route-map <word> point to the probe of the route map for introducing route tag<tag-value>...
Page 429 METRIC = metric <value>: METRIC = metric <value>: Set the metric value for creating default route, <value> ranges between 0~16777214 , default metric value is 0 METRICTYPE = metric-type {1|2} set the OSPF external link type of default route. 1 Set the OSPF external type 1 metric value 2 Set the OSPF external type 2 metric value ROUTEMAP = route-map <WORD>...
Page 430: Ospf Example
13.6.4.1 Configuration Example of OSPF Scenario 1: OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five ES3628EA switch for example, where layer3 SwitchA and SwitchE make up OSPF area 0, layer3 SwitchB and SwitchC form OSPF area 1 (assume vlan1 interface of layer3 SwitchA belongs to...
Page 431 belongs to area 0). Switch1 and SwitchE are backbone layer3 switches, Switch2 and SwitchD are area edge layer3 switches, and SwitchC is the inside-area layer3 switch. SwitchA SwitchE Area 0 SWITCHD E0/0/1:100.1.1.2 E0/0/2:10.1.1.1 E0/0/1:100.1.1.1 E0/0/2:30.1.1.1 vlan2 vlan1 vlan2 vlan3 E0/0/1:10.1.1.2 vlan1 Area 1 E0/0/1:30.1.1.2...
Page 432 SwitchB(config)# interface vlan 3 SwitchB(config-if-vlan3)# ip address 20.1.1.1 255.255.255.0 SwitchB(config-if-vlan3)#no shut-down SwitchB(config-if-vlan3)#exit Enable OSPF protocol, configure the OSPF area interfaces vlan1 and vlan3 in SwitchB(config)#router ospf SwitchB(config-router)# network 10.1.1.0/24 area 0 SwitchB(config-router)# network 20.1.1.0/24 area 1 SwitchB(config-router)#exit SwitchB(config)#exit Layer 3 SwitchC Configuration of the IP address for interface vlan3 SwitchC#config SwitchC(config)# interface vlan 3...
Page 433 SwitchE#config SwitchE(config)# interface vlan 2 SwitchE(config-if-vlan2)# ip address 100.1.1.2 255.255.255.0 SwitchE(config-if-vlan2)#no shut-down SwitchE(config-if-vlan2)#exit Configuration of the IP address for interface vlan3 SwitchE(config)# interface vlan 3 SwitchE(config-if-vlan3)# ip address 30.1.1.1 255.255.255.0 SwitchE(config-if-vlan3)#no shut-down SwitchE(config-if-vlan3)#exit Enable OSPF protocol, configure the number of the area in which interface vlan2 and vlan3 reside in.
Page 434 area3 is defined as a STUB area). Layer3 SwitchA, SwitchB, SwitchE, SwitchF, SwitchH, SwitchI, SwitchL are in-area layer3 switches, SwitchC, SwitchD, SwitchG, SwitchJ and SwitchK are edge layer3 switches of the area, SwitchE and SwitchG are edge layer3 switches of the autonomous system. To area1, layer3 switches SwitchA and SwitchB are both in-area switches, area edge switches SwitchC and SwitchD are responsible for reporting distance cost to all destination outside the area, while they are also responsible for reporting the position of...
Page 435 for layer3 switches of the other areas are omitted. The following are the configurations of SwitchA SwitchB.SwitchC and SwitchD: 1)SwitchA： Configure IP address for interface vlan2 SwitchA#config SwitchA(config)# interface vlan 2 SwitchA(config-If-Vlan2)# ip address 10.1.1.1 255.255.255.0 SwitchA(config-If-Vlan2)#exit Enable OSPF protocol, configure the area number for interface vlan2. SwitchA(config)#router ospf SwitchA(config-router)#network 10.1.1.0/24 area 1 SwitchA(config-router)#exit...
Page 436 SwitchB(config-If-Vlan2)#ip ospf authentication-key DCS SwitchB(config-If-Vlan2)#exit Configure IP address and area number for interface vlan1. SwitchB(config)# interface vlan 1 SwitchB(config-If-Vlan1)#ip address 20.1.2.1 255.255.255.0 SwitchB(config-If-Vlan1)#exit SwitchB(config)#router ospf SwitchB(config-router)#network 20.1.2.0/24 area 1 SwitchB(config-router)#exit SwitchB(config)#exit SwitchB# 3)SwitchC： Configure IP address for interface vlan2 SwitchC#config SwitchC(config)# interface vlan 2 SwitchC(config-If-Vlan2)# ip address 10.1.1.3 255.255.255.0 SwitchC(config-If-Vlan2)#exit...
Page 437 SwitchC(config-router)#network 10.1.5.0/24 area 0 SwitchC(config-router)#exit Configure MD5 key authentication. SwitchC(config)#interface vlan 1 SwitchC (config-If-Vlan1)#ip ospf authentication message-digest SwitchC (config-If-Vlan1)#ip ospf authentication-key DCS SwitchC (config-If-Vlan1)#exit SwitchC(config)#exit SwitchC# 4)SwitchD： Configure IP address for interface vlan2 SwitchD#config SwitchD(config)# interface vlan 2 SwitchD(config-If-Vlan2)# ip address 10.1.1.4 255.255.255.0 SwitchD(config-If-Vlan2)#exit Enable OSPF protocol, configure the area number for interface vlan2.
Page 438 13.6.4.2 Configuration Examples of OSPF VPN SwitchB Interface Interface vlan1:10.1.1.2/24 vlan1:10.1.1.1/24 SwitchC Interface SwitchA Interface vlan2:20.1.1.1/24 Vlan2:20.1.1.2/24 Fig 13-8 OSPF VPN Example The above figure shows that a network consists of three Layer 3 switches in which the switchA as PE, SwitchB and SwitchC as CE1 and CE2. The PE is connected to CE1 and CE2 through vlan1 and vlan2.
Page 439: Ospf Troubleshooting
SwitchA(config)#router ospf 100 vpnb SwitchA(config-router)#network 10.1.1.0/24 area 0 SwitchA(config-router)#redistribute bgp SwitchA(config-router)#exit SwitchA(config)#router ospf 200 vpnc SwitchA(config-router)#network 20.1.1.0/24 area 0 SwitchA(config-router)#redistribute bgp The Layer 3 SwitchB of CE1： Configure the IP address of Ethernet E 0/0/2 SwitchB#config SwitchB(config)# interface Vlan1 SwitchB(config-if-vlan1)# ip address 10.1.1.2 255.255.255.0 SwitchB (config-if-vlan1)exit Enable OSPF protocol and configuring OSPF segments SwitchB(config)#router ospf...
Page 440 should be continuous and apply virtual link to ensure it is continuous. if not; all non 0 areas should only be connected to other non 0 area through 0 area; a border Layer 3 switch means that one part of the interfaces of this switch belongs to 0 area, the other part belongs to non 0 area;...
Page 441 13.6.5.1.4 debug ospf nfsm Command: [no]debug ospf nfsm [status|events|timers] Function: Open debugging switches showing OSPF neighbor state machine; the “[no]debug ospf nfsm [status|events|timers]”command closes this debugging switch Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf nfsm events 13.6.5.1.5 debug ospf nsm Command: [no]debug ospf nsm [interface|redistribute] Function: Open debugging switches showing OSPF NSM, the “[no]debug ospf nsm...
Page 442 Command Mode: All modes Example: Switch#show ip ospf Routing Process "ospf 0" with ID 192.168.1.1 Process bound to VRF default Process uptime is 2 days 0 hour 30 minutes Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs...
Page 443 Number of areas attached to this router: 1 Area 0 (BACKBONE) (Inactive) Number of interfaces in this area is 0(0) Number of fully adjacent neighbors in this area is 0 Area has no authentication SPF algorithm executed 0 times Number of LSA 0. Checksum Sum 0x000000 13.6.5.1.9 show ip ospf border-routers Command: show ip ospf [<process-id>] border-routers Function: Display ABR and ASBR under all OSPF instances...
Page 444 Command Mode: All modes Usage Guide: According to the output messages of this command, we can view the OSPF link state database messages Example: Switch#show ip ospf database Router Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# CkSum Link count 192.168.1.2 192.168.1.2 254 0x80000031 0xec21 1...
Page 445 Transmit Delay is 5 sec, State Waiting, Priority 1 No designated router on this network No backup designated router on this network Timer intervals configured, Hello 35, Dead 35, Wait 35, Retransmit 5 Hello due in 00:00:16 Neighbor Count is 0, Adjacent neighbor count is 0 13.6.5.1.12 show ip ospf neighbor Command: show ip ospf [<process-id>] neighbor [{<neighbor_id>...
Page 446 Parameter: <process-id> is the process ID ranging between 0~65535 Default: Not displayed Command Mode: All modes Example: Switch#show ip ospf route O 10.1.1.0/24 [10] is directly connected, Vlan1, Area 0.0.0.0 O 10.1.1.4/32 [10] via 10.1.1.4, Vlan1, Area 0.0.0.0 IA 11.1.1.0/24 [20] via 10.1.1.1, Vlan1, Area 0.0.0.0 IA 11.1.1.2/32 [20] via 10.1.1.1, Vlan1, Area 0.0.0.0 IA 12.1.1.0/24 [20] via 10.1.1.2, Vlan1, Area 0.0.0.0 IA 12.1.1.2/32 [20] via 10.1.1.2, Vlan1, Area 0.0.0.0...
Page 447: Ospfv
13.6.5.1.15 show ip protocols Command: show ip protocols Function: Display the running routing protocol messages Default: None Command Mode: All modes Example: show ip protocols Use show ip protocol command will show the messages of the routing protocol running on current layer 3 switch For example, the displayed messages are: Routing Protocol is "ospf 0"...
Page 448 autonomous system based on link-state. The protocol creates a link-state database by exchanging link-states among layer3 switches, then uses the Shortest Path First algorithm to generate a route table basing on that database. Autonomous system (AS) is a self-managed interconnected network. In large networks, such as the Internet, a giant interconnected network is broken down to autonomous systems.
Page 449 impossible, this is because of the way link-state routing protocols build up their routing table. The second advantage is that converging in a link-state interconnected network is very fast, once the routing topology changes, updates will be flooded throughout the network very soon.
Page 450 information to destination outside the autonomous system. The first type of exterior route corresponds to the information introduced by OSPFv3 from the other interior routing protocols, the costs of those routes are comparable with the costs of OSPFv3 routes; the second type of exterior route corresponds to the information introduced by OSPFv3 from the other exterior routing protocols, but the costs of those routes are far greater than that of OSPFv3 routes, so OSPFv3 route cost is ignored when calculating route costs.
Page 451: Ospfv3 Configuration Task List
generates a link-state advertisement according to its surrounding network topology structure (router LSA), and sends the LSA to other layer3 switches through link-state update (LSU) packages. Thus, each layer3 switches receives LSAs from other layer3 switches, and all LSAs combined to the link-state database. 2）...
Page 452 It is very simple to run the basic configurations of OSPFv3 routing protocol on the Layer 3 switch of ES3628EA switch, normally only enabling OSPFv3, implement OSPFv3 interface, the default value is defined to OSPFv3 protocol parameters. Refer to 2.
Page 453 Implement ospfv3 routing on the interface. [no] IPv6 router ospf {area <area-id> [no] IPv6 router ospf {area [instance-id <instance-id> | tag <tag> <area-id> [instance-id <instance-id> | [instance-id <instance-id>]] tag <tag> [instance-id <instance-id>]] | <tag> area <area-id> [instance-id tag <tag> area <area-id> [instance-id command cancels <instance-id>]}...
Page 454 .Sets the interval for retransmission of IPv6 ospf retransmit <time> link-state advertisement among neighbor [instance-id <id>] layer3 switches; “no IPv6 ospf IPv6 ospf retransmit retransmit [instance-id <id>]” command [instance-id <id>] restores the default setting. （2）Configure OSPFv3 route introduction parameters Configure OSPFv3 route introduction parameters Commands Explanation OSPF Protocol Configuration Mode...
Page 455: Commands For Ospfv3
Interface Configuration Mode Sets the priority of the interface in “designated IPv6 ospf priority <priority> layer3 switch” election; the “no IPv6 ospf [instance-id <id>] command no IPv6 ospf priority [instance-id priority [instance-id <id>]” restores the default setting. <id>] 3. Disable OSPFv3 Protocol Commands Explanation Global mode...
Page 456 not-advertise: Not advertise this area If both are not set, this area is defaulted for advertising Default: Function not configured Command Mode: OSPFv3 protocol mode Usage Guide: Use this command to aggregate routes inside an area. If the network IDs in this area are not configured continuously, a summary route can be advertised by configuring this command on ABR.
Page 457 Function: Configure a logical link between two backbone areas physically divided by non-backbone area. The “no area <id> virtual-link A.B.C.D [instance-id <instance-id> | |INTERVAL]” command removes this virtual-link. Parameter: <id> is the area number which could be digits ranging between 0 ～ 4294967295, and also as an IP address.
Page 458 Usage Guide: For Specifying the realizing type of abr. This command is good for interactive operation among different OSPF realizing method and is especially useful in the multiple host environment. Example: Configure abr as standard Switch#config terminal Switch(config)#router ipv6 ospf Switch(config-router)#abr-type standard 13.7.3.6 default-metric Command: default-metric <value>...
Page 459 Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 ospf cost 3 13.7.3.8 ipv6 ospf dead-interval Command: ipv6 ospf dead-interval <time > [instance-id <id>] no ipv6 ospf dead-interval [instance-id <id>] Function: Specify the dead interval for neighboring layer 3 switch; the “no ipv6 ospf dead-interval [instance-id <id>]”...
Page 460 Switch(config)#ipv6 ospf display route single-line 13.7.3.10 ipv6 ospf hello-interval Command: ipv6 ospf hello-interval <time> [instance-id <id>] no ipv6 ospf hello-interval [instance-id <id>] Function: Specify the hello-interval on the interface; the “no ipv6 ospf hello-interval [instance-id <id>]” restores the default value Parameter: <id>...
Page 461 elected as “Defined layer 3 switch” or “Backup Defined layer 3 switch”. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully. Example: Configure the priority of DR electing. Configure the interface vlan 1 to no election right, namely set the priority to 0.
Page 462 ranged between 1～65535. Default: The default delay time of send LSA on the interface is 1 second by default. Command Mode: Interface Mode Usage Guide: The LSA ages by time in the layer 3 switches but not in the transmission process. So by increasing the transmit-delay before sending LSA so that it will be sent out.
Page 463 Command:max-concurrent-dd <value> no max-concurrent-dd Function: Configure with this command the current dd max concurrent number in the OSPF processing. The “no max-concurrent-dd” command restores the default Parameter: <value> ranges between <1-65535>, the capacity of concurrent dd data packet processing. Default: No default configuration. No dd concurrent limit Command Mode: OSPFv3 protocol mode Usage Guide: Specify the current dd max concurrent number in the OSPF processing Example: Set the max concurrent dd to 20...
Page 464 route-map <word> targets to the probe of the route map for introducing route Command Mode: OSPFv3 protocol mode Usage Guide: Learn and introduce other routing protocol into OSPF area to generate AS-external_LSAs Example:Switch#config terminal Switch(config)#router ipv6 ospf Switch(config-router)#redistribute bgp metric 12 metric-type 1 13.7.3.18 router-id Command:router-id<router-id>...
Page 465: Ospfv3 Examples
13.7.4 OSPFv3 Examples Examples 1:OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five ES3628EA switch for example, where layer3 SwitchA and Switch Emake up OSPF area 0, layer3 SwitchB and SwitchC form OSPF area 1 (assume vlan1 interface of layer3 SwitchA belongs to area 0), layer3 SwitchD forms OSPF area2 (assume vlan2 interface of layer3 SwitchE belongs to area 0).
Page 466 SwitchA (config-router)#router-id 192.168.2.1 Configure interface vlan1 IPv6 address and affiliated OSPFv3 area SwitchA #config SwitchA (config)# interface vlan 1 SwitchA (config-if-vlan1)# IPv6 address 2010:1:1::1/64 SwitchA (config-if-vlan1)# IPv6 router ospf area 0 SwitchA (config-if-vlan1)#exit Configure interface vlan2 IP address and affiliated OSPFv3 area SwitchA (config)# interface vlan 2 SwitchA (config-if-vlan2)# IPv6 address 2100:1:1::1/64 SwitchA (config-if-vlan2)# IPv6 router ospf area 0...
Page 467: Ospfv3 Troubleshooting
SwitchC (config)#exit Layer 3 SwitchD: ! Enable OSPFv3 protocol, configure router ID SwitchD(config)#router IPv6 ospf SwitchD(config-router)#router-id 192.168.2.4 Configure interface vlan3 IPv6 address and affiliated OSPFv3 area SwitchD#config SwitchD(config)# interface vlan 3 SwitchD(config-if-vlan3)# IPv6 address 2030:1:1::2/64 SwitchD(config-if-vlan3)# IPv6 router ospf area 0 SwitchD(config-if-vlan3)#exit SwitchD(config)#exit Layer 3 SwitchE:...
Page 468 To startup OSPFv3 protocol (execute router IPv6 OSPF instruction), and configure affiliated OSPFv3 area on relative interface. And then, consider OSPFv3 protocol characteristic —— OSPFv3 backbone area (area 0) must be continuous. If it doesn’t ensure that virtual link is implemented continuously, all of not area 0 only can be connected by area 0 and other not area 0, not directly connected by not area 0;...
Page 469 Command Mode: Admin mode and global mod Switch#debug ipv6 ospf nfsm 1970/01/01 01:14:07 IMI: NFSM[192.168.2.3-000007d4]: LS update timer expire 1970/01/01 01:14:07 IMI: NFSM[192.168.2.1-000007d3]: LS update timer expire 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: Full (HelloReceived) 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: nfsm_ignore called 1970/01/01 01:14:08 IMI: NFSM[192.168.2.1-000007d3]: Full (2-WayReceived) 13.7.5.1.4 debug ipv6 ospf nsm Command: [no]debug ipv6 ospf nsm [interface|redistribute] Function: Open debugging switches showing showing OSPF NSM, the “[no]debug ipv6...
Page 470 Number of external LSA 0. Checksum Sum 0x0000 Number of AS-Scoped Unknown LSA 0 Number of LSA originated 6 Number of LSA received 14 Number of areas in this router is 1 Area BACKBONE(0) Number of interfaces in this area is 2 SPF algorithm executed 6 times Number of LSA 8.
Page 471 Router-LSA (Area 0.0.0.0) Link State ID ADV Router Age Seq# CkSum Link 0.0.0.0 192.168.2.1 1390 0x80000006 0x9fe2 0.0.0.0 192.168.2.2 1354 0x80000007 0x4af5 0.0.0.0 192.168.2.3 1308 0x80000004 0xbbc4 Network-LSA (Area 0.0.0.0) Link State ID ADV Router Age Seq# CkSum 0.0.7.211 192.168.2.1 1390 0x80000001 0x897e 0.0.7.211 192.168.2.2...
Page 472 Backup Designated Router (ID) 192.168.2.3 Interface Address fe80::203:fff:fe01:d28 Timer interval configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:10 Neighbor Count is 1, Adjacent neighbor count is 1 Vlan2 is up, line protocol is up Interface ID 2004 IPv6 Prefixes fe80::203:fff:fe01:257c/64 (Link-Local Address) 2000:1:1::1/64...
Page 473 192.168.2.3 Interface Address fe80::203:fff:fe01:d28 Timer interval configured, Hello 10, OSPF protocol timer; including hello Dead 40, Wait 40, Retransmit 5 packet, poll interval packets, router dead, Hello due in 00:00:10 router retransmission. Neighbor Count is 1, Adjacent neighbor Numbers of the adjacent layer 3 switch; count is 1 number of the layer 3 switches established with neighbor relation...
Page 474 Command Mode: All modes Example: Switch#show ipv6 ospf route Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2 Destination Metric Next-hop O 2000:1:1::/64 directly connected, Vlan2 O 2001:1:1::/64 directly connected, Vlan1...
Page 475: Bgp
Corporation. BGP has been used since1989, its earliest three versions are RFC1105（BGP-1）、 RFC1163 （BGP-2）and RFC1267（BGP-3）.Currently, the most popular one is RFC1771 （BGP-4）. The ES3628EA switch supports BGP-4. Characteristics of BGP-4 1． BGP-4 is suitable for the distributed structure and supports Classless InterDomain Routing (CIDR).
Page 476 By carrying AS routing information in the updating route, the problem of Routing Loops can be resolved BGP uses TCP on port 179 as its transport protocol, this could enhance the reliability of the protocol. BGP-4 supports CIDR (Classless InterDomain Routing), which is an important improvement to BGP-3.
Page 477 particular equipments. When detecting a neighbor, a TCP session is established and maintained. Then the exchanging and synchronization of the route table will be carried out. By sending the whole BGP route table the routing information is exchanged only when the system initiates. After that, the routing information is exchanged only when the updated routing information is available.
Page 478: Bgp Configuration Task List
BGP-4 can share and query inner IP route table through relevant mechanisms, but it has its own route table. In the BGP route table, each route has a network number, AS listing information (also called AS path) that it passed and some routing attributes (such as origin).
Page 479 3．Administrate the change of routing policy 4．Configure BGP Weights 5．Configure BGP Route Filtering policy basing on Neighbors 6．Configure Next-Hop of BGP 7．Configure Multi-Hop of EGBP 8．Configure BGP Session Identifier 9．Configure BGP Version Advanced BGP configuration tasks include the following: 1．Use Route Maps to Modify Route 2．Configure Route Aggregation 3．Configure BGP Community Filtering 4．Configure BGP Confederation...
Page 480 2. Configure BGP Neighbors Command Explanation Router configuration mode neighbor {<ip-address>|<TAG>} Specify a BGP neighbor, the no neighbor remote-as <as-id> {<ip-address>|<TAG>} [remote-as no neighbor {<ip-address>|<TAG>} <as-id>] command deletes the neighbor. [remote-as <as-id>] 3．Administrate the change of routing policy （1）Configure hard reconfiguration. Command Explanation Admin Mode...
Page 481 Router configuration mode Configure BGP neighbor weights; the no neighbor { <ip-address> | <TAG> } weight <weight> neighbor { <ip-address> | <TAG> } command recovers default weights. no neighbor { <ip-address> | <TAG> } 5．Configure BGP Route Filtering policy based on neighbor Command Explanation Router configuration mode...
Page 482 BGP configuration mode Configure the allowance of EBGP connection with other networks that are neighbor {<ip-address>|<TAG>} not connected directly; the no neighbor ebgp-multihop [<1-255>] no neighbor {<ip-address>|<TAG>} {<ip-address>|<TAG>} ebgp-multihop command cancels ebgp-multihop [<1-255>] [<1-255>] setting. 8．Configure BGP session identifier Command Explanation BGP configuration mode Configure the router-id value;...
Page 483 BGP configuration mode Create an aggregate entry in the routing table; aggregate-address <ip-address/M> [summary-only] [as-set] aggregate-address aggregate-address <ip-address/M> <ip-address/M> [summary-only] [as-set] command cancels the [summary-only] [as-set] aggregate entry. 3．Configure BGP Community Filtering Command Explanation BGP configuration mode Allow the routing updates with community attributes sending to neighbor {<ip-address>...
Page 484 Configure the current switch as route reflector and specify a client. the no neighbor <ip-address> route-reflector-client neighbor <ip-address> neighbor <ip-address> commands route-reflector-client route-reflector-client format deletes a client. （2） If there are more than one route reflectors in the cluster, the following commands can configure cluster-id Command Explanation...
Page 485 Make a neighbor a member of the peer group. neighbor <ip-address> peer-group <TAG> neighbor neighbor <ip-address> peer-group <ip-address> peer-group <TAG> command cancels specified <TAG> member. 7．Configure neighbors and peer Groups’ parameters Command Explanation BGP configuration mode Specify a BGP neighbor; format “no” neighbor {<ip-address>...
Page 486 Configure the allowance of EBGP connections with networks connected neighbor {<ip-address> <TAG>} indirectly; ebgp-multihop [<1-255>] neighbor neighbor {<ip-address> <TAG>} {<ip-address> <TAG>} ebgp-multihop command cancels ebgp-multihop this setting. Configure BGP neighbor weights; the neighbor { <ip-address> | <TAG> } weight <weight> neighbor <ip-address>...
Page 487 Store the route information from neighbor <ip-address> <TAG> neighbor or peers; the no neighbor soft-reconfiguration inbound <ip-address> <TAG> no neighbor { <ip-address> | <TAG> } soft-reconfiguration inbound soft-reconfiguration inbound command cancels the storage. Shutdown BGP neighbor or peers; neighbor <ip-address> <TAG>...
Page 488 10． Configure the Local Preference Value Command Explanation BGP configuration mode Change default local preference; the no bgp default local-preference <value> bgp default local-preference command no bgp default local-preference recovers the default value. 11． Enable sending default route Command Explanation BGP configuration mode Permit sending...
Page 489 Redistribute IGP routes to BGP and may redistribute { connected | static | rip | specify the redistributed metric and route ospf} [metric <metric>] [route-map reflector; <NAME>] redistribute no redistribute { connected | static | { connected | static | rip | ospf} command cancels the redistribution.
Page 490 neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh} no neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh} provides capability negotiation neighbor {<ip-address>|<TAG>} regulation and carry out this capability capability prefix-list match while establishing connection. The {<both>|<send>|<receive>} currently supported capabilities include no neighbor {<ip-address>|<TAG>} route update, dynamic capability, outgoing capability prefix-list route filtering capability and the address...
Page 491: Commands For Bgp
bgp always-compare-med no bgp always-compare-med BGP may change some path-select rules bgp bestpath as-path ignore by configuration to change the best no bgp bestpath as-path ignore selection and compare MED under EBGP bgp bestpath compare-confed-aspath environment through these command, bestpath ignore the AS-PATH length, compare the compare-confed-aspath confederation as-path length, compare...
Page 492 VPN, create neighbors for BGP with the VRF address family on the private network, and with VPNv4 address-family on the public network. Configuration performed with this command to specific VRF, is independent from IPv4 unicast address-family. The VRF configuration is performed by using ip vrf <NAME> command under global mode. The address-family configuration is only available after the VRF RD is set.
Page 493 Default: No aggregate configuration Command Mode:BGP route mode Usage Guide: Address aggregation reduces spreading routing messages outside. Use summary-only option so to spread aggregate route to the neighbors without spreading specific route. as-set option will list AS from each route covered by the aggregation only once without repeat.
Page 494 Announce the same route prefix through the two AS (100 and 300) to the same AS (200) while carrying different MED; Configure on the route 10.1.1.64 Switch(config-router)#bgp always-compare-med 13.8.3.7 bgp bestpath as-path ignore Command: bgp bestpath as-path ignore 　 no bgp bestpath as-path ignore Function: Set to ignore the AS-PATH length.
Page 495 cancels this configuration Parameter: None Default: Not configured Command Mode: BGP route mode Usage Guide: Normally the first arrived route from the same AS (with other conditions equal) will be chosen as the best route. By using this command, source router ID will also be compared.
Page 496 Clients and non-CLIENT is not disturbed.) Example: Switch(config-router)#no bgp client-to-client reflection 13.8.3.12 bgp cluster-id Command: bgp cluster-id {<ip-address>|<01-4294967295>} no bgp cluster-id {<[<ip-address>]|<0-4294967295>} Function: Configure the route reflection ID during the route reflection. The “no bgp cluster-id {<[<ip-address>]|<0-4294967295>}” command cancels this configuration Parameter: <ip-address>|<1-4294967295>: >: cluster-id which is shown in dotted decimal notation or a 32 digit number.
Page 497 identified as the large AS. Use this command to add/delete confederation members Example: Switch(config-router)# bgp confederation identifier 600 Switch(config-router)#bgp confederation peers 100 200 13.8.3.15 bgp dampening Command: bgp dampening [<1-45>] [<1-20000> <1-20000> <1-255>] [<1-45>] no bgp dampening [<1-45>] [<1-20000> <1-20000> <1-255>] [<1-45>] Function: Configure the route dampening.
Page 498 with no bgp default ipv4-unicast command so to not enable this address-family in default. Default local priority can be configured through bgp default local-preference command. Example: Configure on 10.1.1.66 Switch(config)#router bgp 200 Switch(config-router)# bgp default local-preference 500 13.8.3.17 bgp deterministic-med Command: bgp deterministic-med no bgp deterministic-med Function: Use the best MED for the same prefix in the AS to compare with other AS.
Page 499 configuration Parameter: None Default: Configured Command Mode: BGP route mode. Usage Guide: This command is for immediately cutting of the neighbor connection when the interface is DOWN. Example: Switch(config-router)# bgp fast-external-failover 13.8.3.20 bgp inbound-route-filter Command: bgp inbound-route-filter no bgp inbound-route-filter Function: The bgp do not install the RD routing message which does not exist locally.
Page 500 no bgp multiple-instance Function: Set that whether BGP supports multiple BGP instance or not; the “no bgp multiple-instance” command mean multiple BGP instance not supported Parameter: None Default: Multiple instance not supported Command Mode: Global mode Usage Guide: Set that whether BGP supports multiple BGP instance or not; this configuration should be set before the BGP instance configuration Example: Switch(config)#bgp multiple-instance 13.8.3.23 bgp network import-check...
Page 501 no bgp rfc1771-strict Function: Set wither strictly follows the rfc1771 restrictions. The “no bgp rfc1771-strict” command set to not strictly following Parameter: None Default: Not following rfc 1771 restrictions Command Mode: Global mode Usage Guide: With this attribute set, generation types of routes from protocols such as RIP, OSPF, ISIS, etc will be regarded as IGP (internal generated), or else as INCOMPLETE Example:...
Page 502 Command: clear ip bgp [view <NAME>] {<*>|<as-id>| external|peer-group <NAME>|<ip-address>} [<ADDRESS-FAMILY>] [in [prefix-filter] |out|soft [in|out]] Function: Clear up BGP links or states Parameter: all <as-id>: AS number; <NAME>: Respectively BGP instance name and peer group name. <ip-address>: IP address <ADDRESS-FAMILY>: “ipv4 unicast”.” Address family Default: None Command Mode: Admin mode Usage Guide: Clearing up BGP state in different parameters (such as AS number, peer...
Page 503 Function: For resetting BGP routing dampening statistics messages. Parameter: <ADDRESS-FAMILY>: address-family such as “ipv4 unicast” <ip-address/M>: IP address and mask Default: None Command Mode: Admin mode Usage Guide: It is possible to clear BGP routing dampening statistic messages and state by different parameters (such as address-family or IPv4 address) Example: Switch#clear ip bgp ipv4 unicast flap-statistics...
Page 504 Function: Exit the BGP address-family mode Parameter: None Default: None Command Mode: BGP address-family mode Usage Guide: Use this command to exit the mode so to end the address-family configuration when configuring address-family under BGP Example: Switch(config)#router bgp 100 Switch(config-router)#address-family ipv4 unicast Switch(config-router-af)# exit-address-family Switch(config-router)# 13.8.3.34 import map...
Page 505 *>i100.1.1.0/24 10.1.1.68 655 300 ? Route Distinguisher: 100:10 *>i15.1.1.0/24 10.1.1.68 0 300 ? *>i100.1.1.0/24 10.1.1.68 0 300 ? As we can see, the weight of the route from the VPN changes to 655 after introduced into VRF DC1. 13.8.3.35 ip as-path access-list Command: ip as-path access-list <.LINE>...
Page 506 Example: Switch(config)# ip community-list LN permit 100:10 13.8.3.37 ip extcommunity-list Command: extcommunity-list {<LISTNAME>|<1-199>|[expanded <WORD>]|[standard <WORD>]} {deny|permit} <.COMMUNITY> no ip extcommunity-list {<LISTNAME>|<1-199>|[expanded <WORD>]|[standard <WORD>]} {deny|permit} <.COMMUNITY> Configure the extended community-list. The “no ip extcommunity-list Function: {<LISTNAME>|<1-199>|[expanded <WORD>]|[standard <WORD>]} {deny|permit} <.COMMUNITY>“ command is for deleting the extended community list Parameter: <LISTNAME>: name of community-list <1-199>: Standard or extended community number <WORD>: Standard or extended community number...
Page 507 will be cancelled after this option is disabled. Example: Switch(config-router)#neighbor 10.1.1.64 activate Switch(config-router)#address-family ipv4 Switch(config-router-af)#no neighbor 10.1.1.64 activate Switch(config-router-af)# 13.8.3.39 neighbor advertisement-interval Command: neighbor {<ip-address>|<TAG>} advertisement-interval <0-600> no neighbor {<ip-address>|<TAG>} advertisement-interval [<0-600>] Function: Configure the update interval of specific neighbor route. the “no neighbor {<ip-address>|<TAG>} advertisement-interval [<0-600>]”...
Page 508 than one time. The system will deny a route when its AS number appears in the AS-PATH. However to support some special needs, especially the VPN support, the extended BGP allows the AS re-appear counts by configuration. This command is for configure the re-appear counts Example: Switch(config-router)#neighbor 10.1.1.66 allowas-in...
Page 509 Under this circumstance we can configure the as-override attribute of the CE neighbor on the VRF address-family of BGP on PE, replacing the remote as number with the global as number, so that CE will not filter this route due to discovering its own as number. Example: In CE1-PE1-P-PE2-CE2 environments, as numbers of two CE are all 200, as number of area P is 100.
Page 510 Command Mode: BGP route mode and address family mode Usage Guide: This is an extended BGP capability. With this configuration supported capabilities by both side will be negotiated in the OPEN messages, and the partner will respond if this capability is supported by the partner and send NOTIFICATION if not. The originating side will then send an OPEN excluded the capability to reestablish the connection.
Page 511 Command: neighbor {<ip-address>|<TAG>} collide-established no neighbor {<ip-address>|<TAG>} collide-established Function: Enable the collision check and settlement in the TCP connection collision. The “no neighbor {<ip-address>|<TAG>} collide-established” command disables the TCP connection collision settlement Parameter: <ip-address>: Neighbor IP address <TAG>: Name of the peer Usage Guide: This command is for settling the problem that multi-connection among peers due to TCP connection collision.
Page 512 13.8.3.47 neighbor description Command: neighbor {<ip-address>|<TAG>} description <.LINE> no neighbor {<ip-address>|<TAG>} description Function: Configure the description string of the peer or peer group. The “no neighbor {<ip-address>|<TAG>} description” command deletes the configurations of this string <ip-address>: Neighbor IP address Parameter: <TAG>: Name of peer group <.LINE>: Description string consists of displayable characters less than 80 Usage Guide: Configure the introduction of the peer or peer group...
Page 513 13.8.3.49 neighbor dont-capability-negotiate Command: neighbor {<ip-address>|<TAG>} dont-capability-negotiate no neighbor {<ip-address>|<TAG>} dont-capability-negotiate Function: Set to not perform capability negotiate in creating connections. The “no neighbor {<ip-address>|<TAG>} dont-capability-negotiate” command cancels this configuration. Parameter: <ip-address>: Neighbor IP address <TAG>: Name of the peer group Default: Capability negotiation performed Command Mode: BGP route mode and address-family mode Usage Guide: As the negotiation is the default, it can be disabled with this configuration...
Page 514 on 11.1.1.120 Switch(config-router)#neighbor 10.1.1.64 ebgp-multihop After this, switches in different segments will be able to create BGP neighbor relationship 13.8.3.51 neighbor enforce-multihop Command: neighbor {<ip-address>|<TAG>} enforce-multihop no neighbor {<ip-address>|<TAG>} enforce-multihop Function: Enforce the multihop connection to the neighbor. The “no neighbor {<ip-address>|<TAG>} enforce-multihop”...
Page 515 route with AS number of 100 will not be able to update to the partner due to the filter table control. Switch(config)#ip as-path access-list ASPF deny 100 Switch(config)#router bgp 100 Switch(config-router)# redistribute static Switch(config-router)neighbor 10.1.1.66 filter-list aspf out 13.8.3.53 neighbor interface Command: neighbor <ip-address>...
Page 516 if not, the connection to the neighbor will be cut till clear the records with clear ip bgp command. Example: Switch(config-router)#neighbor 10.1.1.64 maximum-prefix 12 50 In above configuration, it warns when the number of route prefix reaches 6, and the connection will be cut when the number hit 13.
Page 517 Command: neighbor {<ip-address>|<TAG>} passive no neighbor {<ip-address>|<TAG>} passive Function: Configure whether the connecting request is positively sent in the connection with specified neighbor; the “no neighbor {<ip-address>|<TAG>} passive” command restores to positively send the connecting request Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: Positively send the connecting request Command Mode: BGP mode and address-family mode...
Page 518 Function: Assign/delete peers in the group. The “no neighbor <ip-address> peer-group <TAG>“ command deletes the peers from the peer group Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: No peer group Command Mode: BGP mode and address-family mode Usage Guide: By configuring the peer group, a group of peers with the same attributes will be configured at the same time so to reduce the configuration staff labor.
Page 519 Default: No prefix restrictions applied Command Mode: BGP mode and address-family mode Usage Guide: Specify the prefix and its scope by configuring ip prefix-list and determines whether this scope is permitted or denied. Only the route with permitted prefix will be sent or received Example: Switch(config)#ip prefix-list prw permit 100.1.0.0/22 ge 23 le 25...
Page 520 Default: Not configured Command Mode: BGP mode and address-family mode. Usage Guide: Configure this attribute to avoid assigning the internal AS number to the external AS sometimes. The internal AS number ranges between 64512-65535, which the AS number could not be sent to the INTERNET since it is not a valid external AS number.
Page 521 <TAG>: Name of peer group Default: Not configured Command Mode: BGP mode and address-family mode. Usage Guide: The route reflection is used for reducing the peers when the internal IBGP routers inside AS are too much. The client only exchanges messages with route reflector while the reflector deals with message exchange among each client and other IBGP, EBGP routers.
Page 522 [both|extended|standard] neighbor {<ip-address>|<TAG>} send-community [both|extended|standard] Function: Configures whether sending the community attribute to the neighbors. The “no neighbor {<ip-address>|<TAG>} send-community [both|extended|standard]” command set to not sending. Parameter: <ip-address>: IP address of the neighbor <TAG>: Name of peer group [both|extended|standard]: Standard community only, extended community or both.
Page 523 {<ip-address>|<TAG>} soft-reconfiguration inbound” command set to not perform the inbound soft reconfiguration Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: Not perform inbound soft reconfiguration Command Mode: The system saves the inbound messages in the buffer after the soft reconfiguration is set, will applies as soon as it restarts so to reduce consumptions of switching with other routers.
Page 524 connections. The “no neighbor {<ip-address>|<TAG>} strict-capability-match” command set to not requiring strict match. Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: No strict capability match configured Command Mode: BGP mode and address-family mode. Usage Guide: With this command, the connection can only be established when the both side are perfectly matched on capabilities.
Page 525 form restores the default value. Example: Switch(config-router)#neighbor 10.1.1.64 timers connect 100 13.8.3.74 neighbor unsuppress-map Command: neighbor {<ip-address>|<TAG>} unsuppress-map <WORD> no neighbor {<ip-address>|<TAG>} unsuppress-map <WORD> Function: Configure or cancel the unsurprising to conditions meet the specified route map. The “no neighbor {<ip-address>|<TAG>} unsuppress-map <WORD>“ command cancels this configuration Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group...
Page 526 loop back interfaces. Note: the loop back interface should be maintained with its address accessibility to be able to establish connections when as the update source. Example:Switch(config-router)#neighbor 10.1.1.66 update-source 192.168.0.1 13.8.3.76 neighbor version 4 Command: neighbor {<ip-address>|<TAG>} version 4 Function: Configure the BGP version of the partner Parameter: <ip-address>: Neighbor IP address <TAG>: Name of the peer group 4: Allowed BGP version, 4 only...
Page 527 [route-map <WORD>] [backdoor]” command cancels this configuration Parameter: <ip-address/M>: Network prefix identifier <WORD>: Name of route-map Default: None Command Mode: BGP route mode. Usage Guide: As for BGP routes, specify the route through which the BGP advertisements go. With the network defined by this command, the peer will be spreader into the route map of the neighbor even if there is no route locally.
Page 528 be changed. So there is no form command to cancel this configuration and you have to reconfigure VRF Example: Switch(config)#ip vrf DC1 Switch(config-vrf)#rd 100:10 Switch(config-vrf)# Above example creates a VRF named DC1 with RD value at 100:10 13.8.3.81 router bgp Command: router bgp <as-id>...
Page 529 the route be spreader to specific VRF. Parameter: <rt-val> is the same as RD form, standing for the extended community attributes of the routes. Command Mode: vrf mode Usage Guide: Under VRF mode, the configured RT attributes decides which VRF will accept the route.
Page 530: Configuration Examples Of Bgp
Switch(config-router)#neighbor 10.1.1.68 route-map map1 in Switch(config-router)#address-family vpnv4 unicast Switch(config-router-af)#neighbor 10.1.1.68 activate Switch(config-router-af)#exit-address-family View the routing message after refresh Switch#show ip bgp vpn all Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:10 (Default for VRF DC1) *> 11.1.1.0/24 11.1.1.64 0 200 ? *>i15.1.1.0/24 10.1.1.250...
Page 531 SwitchC vlan1:12.1.1.3 vlan2:13.1.1.3 vlan1:11.1.1.2 vlan1:11.1.1.1 vlan2:12.1.1.2 vlan1:13.1.1.4 SwitchB SwitchA SwitchD AS200 AS100 BGP Network Topological Map Fig 13-10 The configurations of SwitchA are as following: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 11.1.1.2 remote-as 200 SwitchA(config-router-bgp)#exit The configurations of SwitchB are as following: SwitchB(config)#router bgp 200 SwitchB(config-router-bgp)#network 11.0.0.0 SwitchB(config-router-bgp)#network 12.0.0.0...
Page 532 Presently, the connection between SwitchB and SwitchA is EBGP, and other connections with SwitchC and SwitchD are IBGP. SwitchB and SwitchD may have BGP connection without physical connection. But there is a precondition that these two switches must have reachable route to each other. This route can be attained through static route or IGP.
Page 533 Switch(config)#route-map set-community permit 20 Switch(config-route-map)#match address 2 Switch(config-route-map)#exit Switch(config)#access-list 1 permit 11.1.0.0 0.0.255.255 Switch(config)#access-list 2 permit 0.0.0.0 255.255.255.255 Switch(config)#exit Switch#clear ip bgp 16.1.1.6 soft out In the following sample, configure the MED local preference of the routes from neighbor 16.1.1.6 selectively according to the route community value. All the routes that match the community list will set MED as 2000, community list com1 permits the route with community value “100 200 300”or”900 901”...
Page 534 SwitchA vlan1:11.1.1.1 AS300 AS100 SwitchB vlan1:11.1.1.2 vlan3:12.1.1.2 Vlan2:13.1.1.2 vlan1:13.1.1.4 SwitchD SwitchC vlan1:12.1.1.3 AS10 AS20 AS200 Fig 13-11 Confederation configuring topology The configurations are as following: SwitchA: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 11.1.1.2 remote-as 200 SwitchB: SwitchB(config)#router bgp 10 SwitchB(config-router-bgp)#bgp confederation identifier 200 SwitchB(config-router-bgp)#bgp confederation peers 20 SwitchB(config-router-bgp)#neighbor 12.1.1.3 remote-as 10 SwitchB(config-router-bgp)#neighbor 13.1.1.4 remote-as 20...
Page 535 SwitchD(config)#router bgp 20 SwitchD(config-router-bgp)#bgp confederation identifier 200 SwitchD(config-router-bgp)#bgp confederation peers 10 SwitchD(config-router-bgp)#neighbor 13.1.1.2 remote-as 10 13.8.4.5 Examples 5: configure BGP route reflector The following is the configuration of a route reflector. As the picture illustrated, SwitchA, SwitchB, SwitchC, SwitchD, SWE, SWF and SWG establish IBGP connection which is affiliated to AS100.
Page 536 SwitchC(config)#router bgp 100 SwitchC(config-router-bgp)#neighbor 1.1.1.1 remote-as 100 SwitchC(config-router-bgp)#neighbor 1.1.1.1 route-reflector-client SwitchC(config-router-bgp)#neighbor 2.2.2.2 remote-as 100 SwitchC(config-router-bgp)#neighbor 2.2.2.2 route-reflector-client SwitchC(config-router-bgp)#neighbor 7.7.7.7 remote-as 100 SwitchC(config-router-bgp)#neighbor 3.3.3.4 remote-as 100 SwitchC(config-router-bgp)#neighbor 8.8.8.8 remote-as 200 The configurations of SwitchD: SwitchD(config)#router bgp 100 SwitchD(config-router-bgp)#neighbor 5.5.5.5 remote-as 100 SwitchD(config-router-bgp)#neighbor 5.5.5.5 route-reflector-client SwitchD(config-router-bgp)#neighbor 6.6.6.6 remote-as 100 SwitchD(config-router-bgp)#neighbor 6.6.6.6 route-reflector-client...
Page 537 Metric=0 AS400 AS100 vlan1:4.4.4.4 Set metric 50 vlan1:4.4.4.3 SwitchA vlan2:2.2.2.2 vlan3:3.3.3.3 SwitchB Set metric 200 Set metric 120 vlan1:2.2.2.1 AS300 vlan1:3.3.3.2 vlan2:1.1.1.2 SwitchD vlan2:1.1.1.1 SwitchC Fig 13-13 MED Configuring Topological Map The configurations of SwitchA: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 2.2.2.1 remote-as 300 SwitchA(config-router-bgp)#neighbor 3.3.3.2 remote-as 300 SwitchA(config-router-bgp)#neighbor 4.4.4.3 remote-as 400 The configurations of SwitchC:...
Page 538: Bgp Troubleshooting
SwitchD (config-router-bgp)#neighbor 3.3.3.3 remote-as 100 SwitchD (config-router-bgp)#neighbor 3.3.3.3 route-map set-metric out SwitchD (config-router-bgp)#neighbor 1.1.1.1 remote-as 300 SwitchD (config-router-bgp)#exit SwitchD (config)#route-map set-metric permit 10 SwitchD (Config-Router-RouteMap)#set metric 200 The configurations of SwitchB SwitchB (config)#router bgp 400 SwitchB (config-router-bgp)#neighbor 4.4.4.4 remote-as 100 SwitchB (config-router-bgp)#neighbor 4.4.4.4 route-map set-metric out SwitchB (config-router-bgp)#exit SwitchB (config)#route-map set-metric permit 10...
Page 539 Notice BGP protocol itself can’t detect route, needs to import other routes to create BGP route. Only it enables these routes to announce IBGP and EBGP neighbors by importing routes. Direct-link routes, static route, and IGP route (RIP and OSPF) are included in these imported routes.
Page 540 Total number of prefixes 4 13.8.5.1.2 show ip bgp attribute-info Command: show ip bgp attribute-info Function: Display the BGP attributes messages Parameter: None Default: None Command Mode: All modes. Usage Guide: For displaying the attribute messages permitted by BGP Example: Switch#sh ip bgp attribute-info attr[1] nexthop 0.0.0.0 attr[1] nexthop 10.1.1.64...
Page 541 Function: For displaying the community messages permitted by BGP Parameter: None Default: None Command Mode: All modes Usage Guide: Messages in the same community multiply closable at the same time Example: Switch#show ip bgp community-info Address Refcnt Community [0x3312558] (3) 100:50 13.8.5.1.5 show ip bgp community-list Command:show [<ADDRESS-FAMILY>]...
Page 542 Command Mode: All mode Usage Guide: Only the surged routes will be displayed. The Parameters shows the display configuration other than specific routes. The other two options will respectively show the restrained route and the dampening (recently recovered from invalid) routing messages.
Page 543 Usage Guide: Configure AS access-list with ip as-path access-list command. This command can show the routes passed the access-list. Example: Switch#SH IP BGP filter-list FL BGP table version is 2, local router ID is 11.1.1.100 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network...
Page 544 Command Mode: All mode Usage Guide: Display detailed messages of all neighbors by this command without parameters. Specifying IP address will show the detailed information of the neighbors with specified IP address. The advertised-routes、received prefix-filter、received routes、 routes parameters will respectively displays the routes broadcast on local side, the received prefix filter, received routes (soft reconfiguration enabled) and the routing message from specific neighbor Example:...
Page 545 [0x331dad0:0] (1) [0x331d850:93] (1) 600 [0x331d8d8:249] (2) 200 300 13.8.5.1.11 show ip bgp prefix-list Command: show ip bgp [<ADDRESS-FAMILY>] prefix-list [<NAME>] Function: For displaying the route meet the specific prefix-list in BGP. Parameter: <ADDRESS-FAMILY>: Address family such as “ipv4 unicast” <NAME>: Name of prefix-list Default: None Command Mode: All mode...
Page 546 S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 100.1.1.0/24 10.1.1.68 0 300 ? Total number of prefixes 1 Switch#sh ip bgp quote-regexp 100 BGP table version is 2, local router ID is 11.1.1.100 Status codes: s suppressed, d damped, h history, * valid, >...
Page 547 13.8.5.1.14 show ip bgp route-map Command: show ip bgp [<ADDRESS-FAMILY>] route-map [<NAME>] Function: For displaying the BGP routes meets the specific related route map Parameter: <ADDRESS-FAMILY>: such as “ipv4 unicast” <NAME>: Name of route map Default: None Command Mode: All modes Usage Guide: Configure the route map with the route-map command, through which it can be displayed that process routes with route map.
Page 548 13.8.5.1.16 show ip bgp summary Command: show ip bgp [<ADDRESS-FAMILY>] summary Function: For displaying the BGP summary information Parameter: <ADDRESS-FAMILY>: Address-family such as “ipv4 unicast” Default: None Command Mode: All modes Usage Guide: Display some basic summary information of BGP Example: Switch#show ip bgp summary BGP router identifier 10.1.1.66, local AS number 200...
Page 549 13.8.5.1.18 show ip bgp view neighbors Command: show ip bgp view [<NAME>] neighbors [<ip-address>] Function: Display neighbor messages of specified BGP instance Parameter: <NAME>: Name of BGP instance <ip-address>: neighbor IP address Default: None Command Mode: All mode Usage Guide: Display neighbor messages of specified BGP instance Example: Switch#show ip bgp view as300 neighbors Relevant Commands: None...
Page 550: Mbgp4
13.9 MBGP4+ 13.9.1 MBGP4+ Introduction MBGP4+ is multi-protocol BGP (Multi-protocol Border Gateway Protocol) extension to IPv6, referring to BGP protocol chapter about BGP protocol introduction in this manual. Different from RIPng and OSPFv3, BGP has no corresponding independent protocol for IPv6, instead,it takes extensions to address families on the original BGP.
Page 551 SwitchC vlan1:2002::3 vlan2:2003::3 vlan1:2001::2 vlan1:2001::1 vlan2:2002::2 vlan1:2003::4 SwitchB SwitchA SwitchD AS200 AS100 Fig 13-14 BGP Network Topological Map Accordingly SwitchA configuration as follows: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 2001::2 remote-as 200 SwitchA(config-router-bgp)#address-family IPv6 unicast SwitchA(config-router-af)#neighbor 2001::2 activate SwitchA(config-router-af)#exit-address-family SwitchA(config-router-bgp)#exit SwitchA(config)# SwitchB configuration as follows: SwitchB(config)#router bgp 200 SwitchB(config-router-bgp)#neighbor 2001::1 remote-as 100 SwitchB(config-router-bgp)#neighbor 2002::3 remote-as 200...
Page 552: Mbgp4+ Troubleshooting
SwitchC(config-router-af)#neighbor 2003::4 activate SwitchC(config-router-af)#exit-address-family SwitchC(config-router-bgp)#exit SwitchD configuration as follows: SwitchD(config)#router bgp 200 SwitchD(config-router-bgp)#neighbor 2003::3 remote-as 200 SwitchD(config-router-bgp)#neighbor 2002::2 remote-as 200 SwitchD(config-router-bgp)#address-family IPv6 unicast SwitchD(config-router-af)#neighbor 2002::2 activate SwitchD(config-router-af)#neighbor 2003::3 activate SwitchD(config-router-af)#exit-address-family SwitchD(config-router-bgp)#exit Here the connection between SwitchB and SwitchA is EBGP, and the connection between SwitchC and SwitchD is IBGP.
Page 553: Chapter 14 Igmp Snooping
ES3628EA switch provides IGMP Snooping and is able to send a query from the switch so that the user can use ES3628EA switch in IP multicast.
Page 554 Command Explanation Global Mode Enables IGMP Snooping for specified ip igmp snooping vlan <vlan-id> VLAN no ip igmp snooping vlan <vlan-id> Sets the specified VLAN the port for igmp snooping vlan <vlan-id> connecting M-router mrouter interface <interface –name> no ip igmp snooping vlan <vlan-id> mrouter Enables IGMP Snooping in the specified igmp...
Page 555: Commands For Igmp Snooping
14.3 Commands for IGMP Snooping 14.3.1 ip igmp snooping vlan Command: ip igmp snooping vlan <vlan-id> no ip igmp snooping vlan <vlan-id> Function: Enable the IGMP Snooping function for the specified VLAN: the “no ip igmp snooping vlan <vlan-id>“ command disables the IGMP Snooping function for the specified VLAN.
Page 556: Ip Igmp Snooping Vlan Limit
Parameter: vlan-id: is ID number of the VLAN, ranging between <1-4094> Command Mode: Global mode Default: vlan is not as the IGMP Snooping layer 2 general querier Usage Guide: It is recommended to configure a layer 2 general querier on a segment. IGMP Snooping function will be enabled by this command if not enabled on this vlan before configuring this command, IGMP Snooping function will not be disabled when disabling the layer 2 general querier function.
Page 557: Ip Igmp Snooping Vlan Mrpt
Parameter: vlan-id: ranging between <1-4094> ethernet: Name of Ethernet port ifname: Name of interface port-channel: Port aggregation Command Mode: Global mode Default: No static mrouter port on vlan by default. Usage Guide: When a port is a static mrouter port while also a dynamic mrouter port, it should be taken as a static mrouter port.
Page 558: Ip Igmp Snooping Vlan Query-Mrsp
14.3.8 ip igmp snooping vlan query-mrsp Command: ip igmp snooping vlan <vlan-id> query-mrsp <value> no ip igmp snooping vlan <vlan-id> query-mrsp Function: Configure the maximum query response period. The “no ip igmp snooping vlan <vlan-id> query-mrsp” command restores to the default value Parameter: vlan-id: vlan id , ranging between <1-4094>...
Page 559: Igmp Snooping Example
Usage Guide: This command can only be configured on L2 general querier. The Suppression-query-time refers to the period of suppression state in which the querier enters when receives query from the layer 3 IGMP in the segments. Example: Switch(config)#ip igmp snooping vlan 2 suppression-query-time 270 14.4 IGMP Snooping Example Scenario 1.
Page 560 Suppose two programs are provided in the Multicast Server using multicast address Group1 and Group2, three of four hosts running multicast applications are connected to port 2, 6, 10 plays program1, while the host is connected to port 12 plays program 2. IGMP Snooping listening result: The multicast table built by IGMP Snooping in VLAN 100 indicates ports 1, 2, 6, 10 in Group1 and ports 1, 12 in Group2.
Page 561: Igmp Snooping Troubleshooting
The configuration steps are listed below: SwitchA#config SwitchA(Config)#ip igmp snooping SwitchA(Config)#ip igmp snooping vlan 60 query SwitchB#config SwitchB(Config)#ip igmp snooping SwitchB(Config)#ip igmp snooping vlan 100 SwitchB(Config)#ip igmp snooping vlan 100 mrouter interface Ethernet 0/0/1 Multicast Configuration The same as scenario 1. IGMP Snooping listening result: Similar to scenario 1.
Page 562 Command: debug ip igmp snooping no debug ip igmp snooping Function: Enable the IGMP Snooping debug function: the “ no debug ip igmp snooping” command disables this debug function. Command mode: Admin Mode Default: IGMP Snooping debug is disabled by default. Usage Guide: Use this command to enable IGMP Snooping debug, IGMP packet processing information can be displayed.
Page 563 Displayed Information Explanation Global igmp snooping status Whether the global igmp snooping switch on the switch is on L3 multicasting whether the layer 3 multicast protocol of the switch is running Igmp snooping is turned on for which vlans on the switch is enabled with igmp vlan 1(querier) snooping function, whether they are l2-general-querier 2.Display the IGMP Snooping summary messages of vlan1.
Page 564 keep-alive time Igmp snooping Suppression timeout of vlan when as l2-general-querier query-suppression time IGMP Snooping Connect Group membership this vlan, namely Group Membership correspondence between ports and (S,G) Igmp snooping vlan 1 mrouter mrouter port of the vlan, including both static and port dynamic 14.5.1.3 show mac-address-table multicast...
Page 565: Chapter 15 Multicast Vlan
Chapter 15 Multicast VLAN 15.1 Introductions To Multicast VLAN Based on current multicast order method, when orders from users in different VLAN, each VLAN will copy a multicast traffic in this VLAN, which is a great waste of the bandwidth. By configuration of the multicast VLAN, we add the switch port to the multicast VLAN, with the IGMP Snooping functions enabled, users from different VLAN will share the same multicast VLAN.
Page 566: Commands For Multicast Vlan
command disables the IGMP Snooping on the multicast vlan Enable the IGMP Snooping function. The ip igmp snooping “no” form of this command disables the no ip igmp snooping IGMP snooping function 15.3 Commands For Multicast VLAN 15.3.1 multicast-vlan Command:multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN;...
Page 567: Examples Of Multicast Vlan
Usage Guide: After a VLAN associated with the multicast VLAN, when there comes the join message in the port of this VLAN, then the multicast data will be sent from the multicast VLAN to this port, so to reduce the data traffic. The VLAN associated with the multicast VLAN should not be a Private VLAN.
Page 568 SwitchA (config-vlan10)exit SwitchA (config)#interface vlan 10 Switch(Config-if-Vlan10)#ip pim dense-mode Switch(Config-if-Vlan10)#exit SwitchA (config)#vlan 20 SwitchA (config-vlan20)#multicast-vlan SwitchA (config-vlan20)#exit SwitchA (config)#ip igmp snooping SwitchA (config)#ip igmp snooping vlan 20 SwitchA (config)#interface vlan 20 SwitchA(Config-if-Vlan20)#ip pim dense-mode SwitchA(Config-if-Vlan20)#exit SwitchA (config)#ip pim multicast SwitchA (config)# interface Ethernet0/0/10 SwitchA (Config-Ethernet0/0/10)switchport mode trunk SwitchB#config SwitchB (config)#vlan 100...
Page 569: Chapter 16 Ipv4 Multicast Protocol
Chapter 16 IPv4 Multicast Protocol 16.1 IPv4 Multicast Protocol Overview This chapter will give an introduction to the configuration of IPv4 Multicast Protocol. All IPs in this chapter are IPv4. 16.1.1 Introduction to Multicast Various transmission modes can be adopted when the destination of packet (including data, sound and video) transmission is the minority users in the network.
Page 570: Multicast Address
Optimize performance: reduce redundant traffic Distributed application: Enable Multipoint Application 16.1.2 Multicast Address The destination address of Multicast message uses class D IP address with range from 224.0.0.0 to 239.255.255.255. D class address can not appear in the source IP address field of an IP message.
Page 571: Ip Multicast Packet Transmission
224.0.0.10 IGRP Router 224.0.0.11 Active Agent 224.0.0.12 DHCP Server/Relay Agent 224.0.0.13 All PIM Routers 224.0.0.14 RSVP Encapsulation 224.0.0.15 All CBT Routers 224.0.0.16 Specified SBM 224.0.0.17 All SBMS 224.0.0.18 VRRP When Ethernet transmits Unicast IP messages, the destination MAC address it uses is the receiver’s MAC address.
Page 572: Ip Multicast Application
packet will be discarded elsewise. 16.1.4 IP Multicast Application IP Multicast technology has effectively solved the problem of sending in single point and receiving in multipoint. It has achieved the effective data transmission from a point to multiple points, saved a great deal of network bandwidth and reduced network load. Making use of the Multicast property of network, some new value-added operations can be supplied conveniently.
Page 573: Pim-Dm Configuration Task List
packet to all downstream PIM-DM nodes on the network (Flooding). If the RPF check fails, i.e. the Multicast packet is input from the incorrect interface, and then the message is discarded. After this procedure, in the PIM-DM Multicast domain, every node will create a (S, G) table entry.
Page 574 1、 Setup PIM-DM (Required) 2、 Configure PIM-DM auxiliary parameters (Optional) 3、 Configure PIM-DM interface parameters 4、 Configure PIM-DM hello message interval 1. Setup PIM-DM Protocol The basic configuration to function PIM-DM routing protocol on EDGECORE series Layer 3 switch is very simple. It is only required to turn on PIM Multicast switch in Global Mode and turn on PIM-DM switch under corresponding interface.
Page 575: Commands For Pim-Dm
Interface configuration mode Disable PIM-DM protocol on the interface no ip pim dense-mode Global Mode Disable PIM-DM Protocol in global mode. no ip pim multicast-routing 16.2.3 Commands for PIM-DM 16.2.3.1 ip pim dense-mode Command: ip pim dense-mode no ip pim dense-mode Function: Enable PIM-DM protocol on interface;...
Page 576: Pim-Dm Configuration Examples
Example: Configure PIM-DM hello interval on interface vlan1. Switch (Config)#interface vlan1 Switch(Config-if-Vlan1)#ip pim hello-interval 20 16.2.3.3 ip pim state-refresh origination-interval Command: ip pim state-refresh origination-interval <interval> no ip pim state-refresh origination-interval Function: Configure transmission interval of state-refresh message on interface. The “no ip pim state-refresh origination-interval”...
Page 577: Pim-Dm Troubleshooting
Switch(Config-if-Vlan1)# ip address 10.1.1.1 255.255.255.0 Switch(Config-if-Vlan1)# ip pim dense-mode Switch(Config-if-Vlan1)#exit Switch (Config)#interface vlan2 Switch(Config-if-Vlan2)# ip address 12.1.1.1 255.255.255.0 Switch(Config-if-Vlan2)# ip pim dense-mode (2) Configure SwitchB: Switch (Config)#ip pim multicast-routing Switch (Config)#interface vlan 1 Switch(Config-if-Vlan1)# ip address 12.1.1.2 255.255.255.0 Switch(Config-if-Vlan1)# ip pim dense-mode Switch(Config-if-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-if-Vlan2)# ip address 20.1.1.1 255.255.255.0...
Page 578 16.2.5.1.1 debug pim timer sat Command: debug pim timer sat no debug pim timer sat Function: Enable debug switch of PIM-DM source activity timer information in detail; the “no debug pim timer sat” command disenables the debug switch. Parameter: None. Default: Disabled.
Page 579 Example: Display all of PIM-DM message forwarding items. Switch(config)#show ip pim mroute dense-mode IP Multicast Routing Table (*,G) Entries: 1 (S,G) Entries: 1 (*, 226.0.0.1) Local ..l......(192.168.1.12, 226.0.0.1) RPF nbr: 0.0.0.0 RPF idx: Vlan2 Upstream State: FORWARDING Origin State: ORIGINATOR Local ........
Page 580: Pim-Sm
Pruned prunes interface, interface receives Prune messages Asserted Asserted state Outgoing Multicast data finally exported from interface is index number, index is 2 in this case. It can check interface information in detail commanding show interface 16.3 PIM-SM 16.3.1 Introduction to PIM-SM PIM-SM（Protocol Independent Multicast, Sparse Mode）is Protocol Independent Multicast Sparse Mode.
Page 581: Pim-Sm Configuration Task List
send join message to upper lever nodes in RP direction. Every router on the way from the leaf router to RP will generate a (*, G) table entry, where a message from any source to Multicast group applies to this entry. When RP receives the message sent to Multicast Group G, the message will get to the leaf router along the set up path and reach the host.
Page 582 （1） Configure PIM-SM interface parameters 2） Configure PIM-SM hello message interval 3） Configure interface as PIM-SM domain boundary （1） Configure PIM-SM global parameters 1) Configure Switch as candidate BSR 2) Configure switch as candidate RP 3、Disable PIM-SM Protocol 1. Enable PIM-SM Protocol The basic configuration to function PIM-SM Routing Protocol on EDGECORE series Layer 3 switch is very simple.
Page 583 Interface Configuration Mode Configure Neighbor Access-list. If a neighbor is filtered by the list and a connection has [no] ip pim been set up with this neighbor, then this neighbor-filter{<access-list-numb connection is cut off immediately; and if no er> } connection is set up yet, then this connection can’t be created.
Page 584: Commands For Pim-Sm
This command is the global candidate RP configuration command, which is used to configure information PIM-SM rp-address <A.B.C.D> candidate RP so that it can compete for RP [<A.B.C.D/M>] router with other candidate RPs. The “no ip no ip pim rp-address <A.B.C.D> {<all>|<A.B.C.D/M>} rp-address <A.B.C.D>...
Page 585 16.3.3.2 ip pim bsr-candidate Command: ip pim bsr-candidate {vlan <vlan-id>| <ifname>} [hash-mask-length] [priority] no ip pim bsr-candidate Function: This command is the candidate BSR configure command in global mode and is used to configure PIM-SM information about candidate BSR in order to compete the BSR router with other candidate BSRs.
Page 586 16.3.3.4 ip pim dr-priority Command: ip pim dr-priority <priority> no ip pim dr-priority Function: Configure, disable or change the interface’s DR priority. The neighboring nodes in the same net segment select the DR in their net segment according to hello packets.
Page 587 is 30s,so Hold time’s default value is 105s. Command Mode: Interface Configuration Mode Usage Guide: If this value is not configured, hellotime’s default value is 3.5*Hello_interval. If the configured holdtime is less than the current hello_interval , this configuration is denied. Every time hello_interval is updated, the Hello_holdtime will update according to the following rules: If hello_holdtime is not configured or hello_holdtime is configured but less than current hello_interval,hello_holdtime is modified to 3.5*hello_interval, otherwise the configured value is maintained.
Page 588 Default: Disabled Parameter: None Command Mode: Global Mode Usage Guide: When selecting RP, Pim usually will select according to RP priority. When this command is configured, pim will not select according to RP priority. Unless there are older routers in the net, this command is not recommended. Example: Switch (config)#ip pim ignore-rp-set-priority 16.3.3.9 ip pim jp-timer Command: ip pim jp-timer <value>...
Page 589 neighbors are created, this connections are cut off immediately. If no connection is created, this connection can’t be created. Parameter: <list-number>: <list-number> is the simple access-list number, it ranges from 1 to 99 Default: No neighbor filter configuration. Command Mode: Interface Configuration Mode Usage Guide: ACL’s default is DENY.
Page 590 registration. Parameter: None Default: Do not check Command Mode: Global Mode Usage Guide: This command configures DR whether or not to check the RP reachability. Example: Configure DR to check the RP reachability. Switch (config)#ip pim register-rp-reachability 16.3.3.14 ip pim register-source Command: ip pim register-source {<A.B.C.D>...
Page 591 command modifies Keepalive-period value. Example: Configure the value of register suppression timer to 10s. Switch (config)#ip pim register- suppression 10 16.3.3.16 ip pim rp-address Command: ip pim rp- address <A.B.C.D> <A.B.C.D/M> no ip pim rp-address <A.B.C.D> [<A.B.C.D/M>|<all>] Function: This command is to configure static RP globally or in a multicast address range.
Page 592 Switch (Config)# ip pim rp-candidate vlan1 100 16.3.3.18 ip pim rp-register-kat Command: ip pim rp-register-kat <vaule> no ip pim rp-register-kat Function: This command is to configure the KAT（KeepAlive Timer）value of the RP（S, G）items, the unit is second. The “no ip pim rp-register-kat” command restores the default value.
Page 593: Pim-Sm Configuration Examples
<access-list-number > is the applying access-list number, it ranges from 1 to 99. Default: Do not configure the range of pim ssm group address Command Mode: Global Mode Usage Guide: 1. Only this command is configured, pim ssm can be available. 2.
Page 594 Fig 16-2 PIM-SM Typical Environment The configuration procedure for SwitchA, SwitchB, switchC and switchD is as follows: (1) Configure SwitchA: Switch (Config)#ip pim multicast-routing Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip address 12.1.1.1 255.255.255.0 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-If-Vlan2)# ip address 13.1.1.1 255.255.255.0 Switch(Config-If-Vlan2)# ip pim sparse-mode (2) Configure SwitchB:...
Page 595: Pim-Sm Troubleshooting
(4) Configure SwitchD: Switch (Config)#ip pim multicast-routing Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip address 34.1.1.4 255.255.255.0 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-If-Vlan2)# ip address 24.1.1.4 255.255.255.0 Switch(Config-If-Vlan2)# ip pim sparse-mode Switch(Config-If-Vlan2)#exit Switch (Config)#interface vlan 3 Switch(Config-If-Vlan3)# ip address 40.1.1.1 255.255.255.0 Switch(Config-If-Vlan3)# ip pim sparse-mode At the same time, you should pay attention to the configuration of Unicast Routing Protocol, assure that each device can communicate with each other in the...
Page 596 16.3.5.1.1 debug pim event Command: debug pim event no debug pim event Function: Enable or Disable pim event debug switch Parameter: None Default: Disabled Command Mode: Enable or Disable pim event debug switch Usage Guide: Enable pim event debug switch and display events information about pim operation.
Page 597 Usage Guide: Inspect PIM NEXTHOP changing information by the pim nexthop switch. Example:Switch# debug ip pim nexthop 16.3.5.1.5 debug pim nsm Command: debug pim nsm no debug pim nsm Function: Enable or Disable pim debug switch communicating with Network Services Parameter: None Default: Disabled Command Mode: Admin Mode and Global Mode...
Page 598 16.3.5.1.8 debug pim timer Command: debug pim timer debug pim timer assert debug pim timer assert at debug pim timer bsr bst debug pim timer bsr crp debug pim timer bsr debug pim timer hello ht debug pim timer hello nlt debug pim timer hello tht debug pim timer hello debug pim timer joinprune et...
Page 599 no debug pim timer joinprune no debug pim timer register rst no debug pim timer register Function: Enable or Disable each pim timer Parameter: None Default: Disabled Command Mode: Admin Mode and Global Mode Usage Guide: Enable the specified timer’s debug information. Example: Switch# debug ip pim timer assert 16.3.5.1.9 show ip pim bsr-router Command: show ip pim bsr-router...
Page 600 Parameter: None Default: None Command Mode: Admin Mode and Global Mode Usage Guide: Display PIM interface information Example: testS2(config)#show ip pim interface Address Interface VIFindex Ver/ Mode Count Prior 10.1.4.3 Vlan1 v2/S 10.1.4.3 10.1.7.1 Vlan2 v2/S 10.1.7.1 Displayed Information Explanations Address Interface address Interface...
Page 601 RPF nbr: 10.1.4.10 RPF idx: Vlan1 Upstream State: JOINED Local ..l......Joined ........ Asserted ........ Outgoing ..o......Displayed Information Explanations Entries The counts of each item Share tree’s RP address RPF nbr RP direction or upneighbor of source direction. RPF idx RPF nbr interface Upstream State Upstream State, there are two state of...
Page 602 Example: s1(config)#show ip pim neighbor Neighbor Interface Uptime/Expires Address Priority/Mode 10.1.6.1 Vlan1 00:00:110:01:35 v2 10.1.6.2 Vlan1 00:00:13/00:01:32 v2 10.1.4.2 Vlan3 00:00:18/00:01:30 v2 10.1.4.3 Vlan3 00:00:17/00:01:29 v2 Displayed Information Explanations Neighbor Address Neighbor address Interface Neighbor interface Uptime/Expires Running time /overtime Pim version ,v2 usually DR Priority/Mode DR priority in the hello messages from the...
Page 603 direction S: source direction U: can’t reach Nexthop Num Nexthop number Nexthop Addr Nexthop address Nexthop Ifindex Nexthop interface index Nexthop Name Nexthop name Metric Metric to nexthop Pref Preference Route preference Refcnt Reference count 16.3.5.1.14 show ip pim rp-hash Command: show ip pim rp-hash <A.B.C.D>...
Page 604: Dvmrp
Priority Priority of Bootstrap messages 16.4 DVMRP 16.4.1 Introduction to DVMRP DVMRP Protocol, namely, is “Distance Vector Multicast Routing Protocol”. It is a Multicast Routing Protocol in dense mode, which sets up a Forward Broadcast Tree for each source in a manner similar to RIP, and sets up a Truncation Broadcast Tree, i.e. the Shortest Path Tree to the source, for each source through dynamic Prune/Graft.
Page 605: Configuration Task List
transmitter must be appointed. DVMRP achieves this goal by making use of routing exchange mechanism; when two switches on the multi-entrance network exchange routing information, they will be aware of the routing distance from each other to the source network, thus the switch with the shortest distance to the source network will become the specified transmitter of the sub-network.
Page 606 Configure DVMRP interface parameters 1） Configure the delay of transmitting report message on DVMRP interface and the message number each time it transmits. 2）Configure metric value of DVMRP interface 3）Configure if DVMRP is able to set up neighbors with DVMRP routers which can not Prune/Graft 4、...
Page 607: Commands For Dvmrp
Configure the delay of transmitting DVMRP report message on interface and the message ip dvmrp output-report-delay number each time it transmits, the “no ip <delay_val> [<burst_size>] command no ip dvmrp output-report-delay dvmrp output-report-delay” restores default value. Configure interface DVMRP report message ip dvmrp metric <metric_val>...
Page 608 16.4.3.2 ip dvmrp metric Command: ip dvmrp metric <metric_val> no ip dvmrp metric Function: Configure interface DVMRP report message metric value; the “no ip dvmrp metric” command restores default value. Parameter: <metric_val> is metric value, value range from 1 to 31 Default: Default: 1 Command Mode: Interface Configuration Mode Usage Guide:The routing information in DVMRP report messages includes a...
Page 609 command restores default value. Parameter: <delay_val> is the delay of periodically transmitted DVMRP report message, value range from 1s to 5s. <burst_size> is a quantity of transmitted message every time, value range from 1 to 65535 Default: Default the delay of transmitted DVMRP report message as 1s, default: transmitting two messages every time.
Page 610: Dvmrp Configuration Examples
DVMRP protocol equally deal with tunnel interface and general physical interface. After configuring no ip dv multicast-routing, all of the tunnel configurations are deleted. Example: Switch(Config)#ip dvmrp tunnel 1 12.1.1.1 24.1.1.1 16.4.4 DVMRP Configuration Examples As shown in the following figure, add the Ethernet interfaces of Switch A and Switch B to corresponding vlan, and enable DVMRP on each vlan interface.
Page 611: Dvmrp Troubleshooting
configure Unicast Routing Protocol. This is the difference from PIM-DM and PIM-SM. 16.4.5 DVMRP Troubleshooting In configuring and using DVMRP Protocol, DVMRP Protocol might not operate normally caused by physical connection or incorrect configuration. Therefore, the user should pay attention to the following issues: Firstly to assure that physical connection is correct.
Page 612 [events[neighbor|packet|igmp|kernel|prune [detail] |route]| nsm| mfc|mib|timer [probe[probe-timer|neigbor-expiry-timer]| prune[prune-expiry-timer|prune-retx-timer|graft-retx-timer]| route[report-timer|flash-upd-timer|route-expirytimer| route-holdown-timer|route-burst-timer]] |packet[[probe [in|out] | report [in|out | prune [in|out] raft [in|out] | graft-ack [in|out] |in|out]]| all]” command disenables this debugging switch. Parameter: None Default: Disabled Command Mode: Admin Mode Usage Guide: Enable this switch, and display DVMRP protocol executed relevant messages.
Page 613 Default: Do not display (Off) Command Mode: Any Configuration Mode Example: Switch #show ip dv in vlan4 Address Interface Ver. Nbr Type Remote Index Address 13.1.1.3 Vlan1 v3.ff 0 BCAST 10.1.35.3 Vlan2 v3.ff 0 BCAST N/ASwitch # Displayed Information Explanations Address Address Interface...
Page 614 Cap Flg Capacity flag 16.4.5.1.5 show ip dvmrp pr Command: show ip dvmrp pr [{group <A.B.C.D> [detail]}|{source <A.B.C.D/M> group <A.B.C.D> [detail]}|{source <A.B.C.D/M> [detail] }|detail] Function: Display DVMRP message forwarding item. Parameter: None Default: Do not display Command Mode: Any Configuration Mode Usage Guide: This command applies to display DVMRP multicast forwarding item, namely multicast forwarding table calculated by dvmrp protocol.
Page 615: Ecscm
Xface Neighbor 10.1.35.0/24 Vlan2 Directly Connected 00:11:16 00:00:00 13.1.1.0/24 Vlan1 Directly Connected 00:10:22 00:00:00 Displayed Information Explanations Network Target net segment or address and mask Flags Routing state flag Nexthop Xface Next hop interface address Nexthop Neighbor Next hop neighbor Metric Routing metric value Uptime...
Page 616: Ecscm Configuration Task List
is located at layer 3, it only takes control over the IP address transmitting packets. The Service-Oriented Priority Strategy Multicast of Security Controllable technology adopts the following mode: for multicast data in limit range, set the priority specified by the user at the join-in end so that data can be sent in a higher priority on TRUNK port, consequently guarantee the transmission is processed in user-specified priority in the entire network.
Page 617 [no] access-list <5000-5099> {deny|permit} {{<source> <source-wildcard>}|{host-source The rule used to configure source control. <source-host-ip>}|any-source} This rule does not take effect until it is applied {{<destination> to specified port. Using the NO form of it can <destination-wildcard>}|{host-de delete specified rule. stination <destination-host-ip>}|any-destin ation} The last is to configure the configured rule to specified port.
Page 618 Global Configuration Mode The rule used to configure source [no] access-list <6000-7999> {deny|permit} control. This rule does not take {{<source> effect until it is applied to source IP <source-wildcard>}|{host-source or VLAN-MAC and port. Using the <source-host-ip>}|any-source} NO form of it can delete specified {{<destination>...
Page 619: Commands For Ecscm
Configure multicast strategy, specify priority for sources and groups in [no] ip multicast policy <IPADDRESS/M> specific range, and the range is <IPADDRESS/M> cos <priority> <0-7> 16.5.3 Commands for ECSCM 16.5.3.1 access-list (Multicast Source Control) Command: access-list <5000-5099> {deny|permit} {{<source> <source-wildcard>}|{host-source <source-host-ip>}|any-source} {{<destination>...
Page 620 or all address. Remarkable, “all address” is 224.0.0.0/4 according to group IP address, not 0.0.0.1 in other access-list. Example:Switch(config)#access-list 5000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 16.5.3.2 access-list (Multicast Destination Control) Command: access-list <6000-7999> {deny|permit} {{<source> <source-wildcard>}|{host-source <source-host-ip>}|any-source} {{<destination> <destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination} access-list <6000-7999>...
Page 621 0.0.0.255 16.5.3.3 ip multicast destination-control access-group Command: ip multicast destination-control access-group <6000-7999> no ip multicast destination-control access-group <6000-7999> Function: Configure multicast destination-control access-list used on interface, the “no ip multicast destination-control access-group <6000-7999>“ command deletes the configuration. Parameter: <6000-7999>: destination-control access-list number. Default: None Command Mode: Interface Configuration Mode Usage Guide: The command is only working under global multicast destination-control...
Page 622 16.5.3.5 ip multicast destination-control access-group (sip) Command: ip multicast destination-control <IPADDRESS/M> access-group <6000-7999> multicast destination-control <IPADDRESS/M> access-group <6000-7999> Function: Configure multicast destination-control access-list used on specified net segment, the “no ip multicast destination-control <IPADDRESS/M> access-group <6000-7999>“ command deletes this configuration. Parameter: <IPADDRESS/M>: IP address and mask length;;...
Page 623 16.5.3.7 ip multicast policy Command:ip multicast policy <IPADDRESS/M> <IPADDRESS/M> cos <priority> no ip multicast policy <IPADDRESS/M> <IPADDRESS/M> cos Function: Configure multicast policy, the “no ip multicast policy <IPADDRESS/M> <IPADDRESS/M> cos” command deletes it. Parameter: <IPADDRESS>: are multicast source address, source adapter identifier, destination address, and destination adapter identifier separately.
Page 624: Ecscm Configuration Examples
Command: ip multicast source-control access-group <5000-5099> no ip multicast source-control access-group <5000-5099> Function: Configure multicast source control access-list used on interface, the “no ip multicast source-control access-group <5000-5099>“ command deletes the configuration. Parameter: <5000-5099>: Source control access-list number. Default: None Command Mode: Interface Configuration Mode Usage Guide: The command configures with only enabling global multicast source control.
Page 625: Ecscm Troubleshooting
Switch(config)#access-list 6000 deny ip any 238.0.0.0 0.255.255.255 Switch(config)#access-list 6000 permit ip any any Switch(config)#ip multicast destination-control Switch(config)#ip multicast destination-control 10.0.0.0/8 access-group 6000 In this way, users of this network segment can only join groups other than 238.0.0.0/8. Multicast strategy Server 210.1.1.1 is distributing important multicast data on group 239.1.2.3, we can configure on its join-in switch as follows: Switch(config)#ip multicast policy 210.1.1.1/32 239.1.2.3/32 cos 4 In this way, the multicast stream will have a priority of value 4 (Usually this is pretty higher,...
Page 626 ip multicast destination-control is enabled ip multicast destination-control 11.0.0.0/8 access-group 6003 ip multicast destination-control 1 00-03-05-07-09-11 access-group 6001 multicast destination-control access-group 6000 used on interface Ethernet 16.5.5.1.2 show ip multicast destination-control access-list Command: show ip multicast destination-control access-list show ip multicast destination-control access-list <6000-7999> Function: Display destination control multicast access-list of configuration.
Page 627: Igmp
Default: None Command Mode: Admin Mode and Global Mode Usage Guide: The command displays multicast source control rules of configuration, including detail option, and access-list information applied in detail Example: Switch#show ip multicast source-control detail ip multicast source-control is enabled Interface Ethernet use multicast source control access-list 5000 access-list 5000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 access-list 5000 deny ip 10.1.1.0 0.0.0.255 233.0.0.0 0.255.255.255...
Page 628 to save all relationships of all hosts. It only gets to know if there are receivers of some multicast group, i.e. group member, on the network segment each interface connects to. And the host only needs to save which multicast groups it joined. IGMP is asymmetric between host and router: the host needs to respond the IGMP query messages of multicast switches, i.e.
Page 629: Configuration Task List
4. IGMP version2 added the biggest response time field IGMP version2 added the biggest response time field to dynamically adjust the response time of the host to group query message. The main features of version3 is allowing the host to choose receiving from or rejecting a certain source, which is the basis of SSM （Source-Specific Multicast）...
Page 630 3）Configure time-out of IGMP query （3）Configure IGMP version 3、 Disable IGMP Protocol Enable IGMP Protocol There is not specific commands for enabling IGMP Protocol on the Layer 3 switch. Enabling any multicast protocol under corresponding interface will automatically enable IGMP. Command Explanation Global Mode...
Page 631: Commands For Igmp
Configure the interface to join in some IGMP ip igmp static-group <A.B.C.D > static group; the “no ip igmp static -group no ip igmp static -group <A.B.C.D <A.B.C.D >“ command cancels the join. > （2）Configure IGMP Query parameters 1）Configure interval for IGMP to send query messages 2）Configure the maximum response time of IGMP query 3）Configure the time-out of IGMP query Command...
Page 632 Command: ip igmp access-group {<acl_num | acl_name>} no ip igmp access-group Function: Configure interface to filter IGMP group; the “no ip igmp access-group” command cancels the filter condition Parameter: {<acl_num | acl_name>} is SN or name of access-list, value range of acl_name is from 1 to 99.
Page 633 25000ms; the value is integer times of 1000ms, namely if input value is not integer times of 1000ms, the system automatically changes to integer times of 1000ms. Default: Default: 1000ms Command Mode: Interface Configuration Mode Example: Configure interface vlan1 IGMP last-member-query-count to 2000. Switch (Config)#int vlan 1 Switch (Config-if-vlan1)#ip igmp last-member-query-interval 2000 16.6.3.4 ip igmp limit...
Page 634 member report including group 224.1.1.1 when the switch receives IGMP group query transmitted by other switches. Carefully, it is the difference between the command and ip igmp static-group command. Example: Configure join-group 224.1.1.1 on interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip igmp join-group 224.1.1.1 16.6.3.6 ip igmp query-interval Command: ip igmp query-interval <time_val>...
Page 635 Example: configure the maximum period responding to the IGMP query messages to Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip igmp query- max-response-time 20 16.6.3.8 ip igmp query-timeout Command: ip igmp query-timeout <time_val> no ip igmp query-timeout Function: Configure IGMP query timeout of interface; the “no ip igmp query-timeout” command restores default value.
Page 636: Igmp Configuration Example
Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip igmp static-group 224.1.1.1 16.6.3.10 ip igmp version Command: ip igmp version <version> no ip igmp version Function: Configure IGMP version on interface; the “no ip igmp version” command restores default value. Parameter: <version> is IGMP version of configuration, currently supporting version 1, 2 and 3.
Page 637: Igmp Troubleshooting
Switch(Config-If-Vlan1)#ip address 12.1.1.1 255.255.255.0 Switch(Config-If-Vlan1)#ip pim dense-mode (2) Configure SwitchB: Switch(Config)#ip pim multicast-routing Switch(Config)#interface vlan1 Switch(Config-If-Vlan1)#ip address 12.1.1.2 255.255.255.0 Switch(Config-If-Vlan1)#ip pim dense-mode Switch(Config-If-Vlan1)#exit Switch(Config)#interface vlan2 Switch(Config-If-Vlan1)#ip address 20.1.1.1 255.255.255.0 Switch(Config-If-Vlan2)#ip pim dense-mode Switch(Config-If-Vlan2)#ip igmp version 3 16.6.5 IGMP Troubleshooting In configuring and using IGMP Protocol, IGMP Protocol might not operate normally caused by physical connection or incorrect configuration.
Page 638 Usage Guide: Enable debugging switch if querying IGMP event information Example: Switch# debug igmp event igmp event debug is on Switch# 01:04:30:56: IGMP: Group 224.1.1.1 on interface vlan1 timed out 16.6.5.1.2 debug igmp packet Command: debug igmp packet no debug igmp packet Function: Enable debugging switch of IGMP message information;...
Page 639 Switch# Displayed Information Explanations Group Address Multicast group IP address Interface Interface affiliated with multicast group Uptime Multicast group uptime Expires Multicast group expire time Last Reporter Last reporter to the host of the multicast group Switch (config)#show ip igmp groups 234.1.1.1 detail IGMP Connect Group Membership (2 group(s) joined) Flags: SG - Static Group, SS - Static Source, SSM - SSM Group, V1 - V1 Host Pres ent, V2 - V2 Host Present...
Page 640 If the data of the source is forwarded or not. Flags Source property flag 16.6.5.1.4 show ip igmp interface Command: show ip igmp interface [<ifname>] Function: Display related IGMP information on interface. <ifname> is interface name, namely displaying IGMP information of Parameter: specified interface.
Page 641: Chapter 17 Ipv6 Multicast Protocol
Chapter 17 IPv6 Multicast Protocol 17.1 PIM-DM6 17.1.1 Introduction to PIM-DM6 PIM-DM6（Protocol Independent Multicast, Dense Mode）is the IPv6 version of Protocol Independent Multicast Dense Mode. It is a Multicast Routing Protocol in dense mode which adapted to small network. The members of multicast group are relatively dense under this kind of network environment.
Page 642: Pim-Dm Configuration Task List
forward data to this multicast group any more. After receiving Prune message, the corresponding interfaces will be deleted from the output interface list corresponding with the multicast-forwarding item (S, G). Through this process, a SPT (Shortest Path Tree) is established with source S as root. Prune process is started by a sub-router. The process above is called Flooding-Prune process.
Page 643 It’s easy to make basic configuration of the PIM-DM routing protocol in EdgeCore layer 3 switch, only need to turn on PIM multicast switch in Global Mode and turn on PIM-DM switch on relevant interface. Command Explanation Global Mode Enable PIM-DM Protocol (but...
Page 644: Commands For Pim-Dm6
17.1.3 Commands for PIM-DM6 17.1.3.1 ipv6 pim dense-mode Command: ipv6 pim dense-mode no ipv6 pim dense-mode Function: Enable PIM-DM protocol on interface; the “no ipv6 pim dense-mode” command disenables PIM-DM protocol on interface. Parameter: None Default: Disable PIM-DM protocol Command Mode: Interface Configure Mode Usage Guide: The command will be taken effect, executing ipv6 multicast-routing in Global Mode.
Page 645 Command: ipv6 pim exclude-genid no ipv6 pim exclude-genid Function: The command make Hello message transmitted by PIM-SM exclude Genid option, the “no ipv6 pim exclude-genid” restores default value. Parameter: None Default: Hello message includes Genid option Command Mode: Interface Configuration Mode Usage Guide: The command is used to interactive with old Cisco IOS Version.
Page 646 hello-interval” command restores default value. Parameter: < interval> is interval of periodically transmitted PIM-DM hello message, value range from 1s to 18724s. Default: Default interval of periodically transmitted PIM-DM hello message as 30s. Command Mode: Interface Configuration Mode Usage Guide: Hello message makes PIM-DM switch mutual location, and ensures neighbor ship.
Page 647: Pim-Dm Typical Application
but it is successful configuration to only configure tunnel carefully. Example: Configure access-list of pim neighbor on interface vlan1 Switch (Config-if-Vlan1)#ipv6 pim neighbor-filter myfilter Switch (Config)# ipv6 access-list myfilter deny fe80:20e:cff:fe01:facc Switch (Config)# ipv6 access-list myfilter permit any 17.1.3.8 ipv6 pim state-refresh origination-interval Command: ipv6 pim state-refresh origination-interval <interval>...
Page 648: Pim-Dm Troubleshooting
(1) Configure SwitchA: Switch (Config) # ipv6 pim multicast-routing Switch (Config) # interface vlan 1 Switch (Config-if-Vlan1) # ipv6 address 2000:10:1:1::1/64 Switch (Config-if-Vlan1) # ipv6 pim dense-mode Switch (Config-if-Vlan1) #exit Switch (Config) # interface vlan2 Switch (Config-if-Vlan2) # ipv6 address 2000:12:1:1:: 1/64 Switch (Config-if-Vlan2) # ipv6 pim dense-mode (2) Configure SwitchB: Switch (Config) #ip pim multicast-routing...
Page 649 no debug ipv6 pim timer sat Function: Enable debug switch of PIM-DM source activity timer information in detail; the “no debug ipv6 pim timer sat” command disenables the debug switch. Parameter: None Default: Disabled Admin Mode Command Mode: Usage Guide: Enable the switch, and display source activity timer information in detail. Example: Switch # debug ipv6 pim timer sat Remark: Other debug switches in PIM-DM are common in PIM-SM.
Page 650 (*,G) Entries: 1 (S,G) Entries: 1 (*, ff1e::15) Local ..l......(2000:10:1:12::11, ff1e::15) RPF nbr: :: RPF idx: Vlan12 Upstream State: FORWARDING Origin State: ORIGINATOR Local ........ Pruned ........ Asserted ........ Outgoing ..o......Switch# Displayed Information Explanations (*, ff1e::15) (*,G) Forwaridng item (2000:10:1:12::11, ff1e::15) (S,G) Forwarding item RPF nbr...
Page 651: Pim-Sm6
Asserted Asserted state Outgoing Multicast data finally exported from interface is index number, index is 2 in this case. It can check interface information in detail commanding show interface 17.2 PIM-SM6 17.2.1 Introduction to PIM-SM6 PIM-SM6（Protocol Independent Multicast, Sparse Mode）is the IPv6 version of Protocol Independent Multicast Sparse Mode.
Page 652 works out the corresponding Rendezvous Point RP for multicast group G, and send join message to upper level nodes in RP direction. Every router on the way from the leaf router to RP will create a (*, G) table item, indicating the message from any source to multicast group G is suitable for this item.
Page 653: Pim-Sm Configuration Task List
packet of IPv4 encapsulation. 17.2.2 PIM-SM Configuration Task List 1、 Start PIM-SM (Required) 2、 Configure PIM-SM auxiliary parameters (Optional）（1） Configure PIM-SM interface parameters 1) Configure PIM-SM hello message interval time 2) Configure interface as PIM-SM domain boundary （2） Configure PIM-SM global parameters 1) Configure switch as candidate BSR 2) Configure switch as candidate RP 3) Configure static RP...
Page 654 Configure interface PIM-SM hello message Ipv6 pim hello-interval < interval> interval time; the NO operation of this no ipv6 pim hello-interval command restores the default value. 2） Configure PIM-SM hello message holdtime Command Explanation Port Configuration Mode Configure the value of holdtime domain in interface PIM-SM hello message;...
Page 655: Commands For Pim-Sm
This command is the global candidate RP configuration command, which is used to Ipv6 pim rp-candidate <ifname> configure information PIM-SM [<group range>] [<priority>] candidate RP so that it can compete for RP (no) ipv6 rp-candidate router with other candidate RPs. The NO <ifname>...
Page 656 access-list is configured ,the default value is PERMIT. Example: Configure the filtered register message’s rule to myfilter. Switch(config)#ipv6 pim accept-register list myfilter Switch(config)#ipv6 access-list myfilter permit ff1e::10/128 17.2.3.2 ipv6 pim bsr-candidate Command: ipv6 pim bsr-candidate <ifname> [<hash-mask-length>] [<priority>] no ipv6 pim bsr-candidate [ifname] Function: This command is the candidate BSR configure command in global mode and is used to configure PIM-SM information about candidate BSR in order to compete the BSR router with other candidate BSRs.
Page 657 Switch(config)#ipv6 pim cisco-register-checksum group-list myfilter Switch(config)#ipv6 access-list myfilter permit ff1e::10/128 17.2.3.4 ipv6 pim dr-priority Command: ipv6 pim dr-priority <priority> no ipv6 pim dr-priority Function: Configure, disable or change the interface’s DR priority. The neighboring nodes in the same net segment select the DR in their net segment according to hello packets.
Page 658 Parameter: <value> is the value of holdtime. Default: The default value of Holdtime is 3.5*Hello_interval, Hello_interval’s default value is 30s,so Holdtime’s default value is 105s. Command Mode: Interface Configuration Mode Usage Guide: If this value is not configured, hellotime’s default value is 3.5*Hello_interval.
Page 659 Function: When RP selection is carried out, this command configures the switch to enable Hashing regulation and ignore RP priority. This command is used to interact with older Cisco IOS versions. Default: None Parameter: None Command Mode: Global Mode Usage Guide: When selecting RP, Pim usually will select according to RP priority. When this command is configured, pim will not select according to RP priority.
Page 660 neighbors are created, this connections are cut off immediately. If no connection is created, this connection can’t be created. Parameter: <acess-list-name> is the applying access-list’ name Default: No neighbor filter configuration Command Mode: Interface Configuration Mode Usage Guide: ACL’s default is DENY. If configuring access-list 1,access-list 1’s default is deny.
Page 661 packets. Switch(config)# ipv6 pim Register-rp-reachability 17.2.3.14 ipv6 pim register-source Command: ipv6 pim register-source {<source-address> |<ifname>} no ipv6 pim register-source Function: This command is to configure the source address of register packets sent by DR to overwrite default source address. This default source address is usually the RPF neighbor of source host direction.
Page 662 no ipv6 pim rp-address <rp-address> [all|<group-range>] Function: This command is to configure static RP globally or in a multicast address range. The “no ipv6 pim rp-address” command cancels static RP. Parameter: <rp-address> is the RP address, the format is X:X::X:X ,ipv6 address <group-range>...
Page 663: Pim-Sm Typical Application
Default: 185s Command Mode: Global Mode Usage Guide: Configure rp-register-kat interval to 30s Example: Switch(config)# ipv6 pim rp-register-kat 30 17.2.3.19 ipv6 pim sparse-mode Command: ipv6 pim sparse-mode [passive] no ipv6 pim sparse-mode [passive] Function: Enable PIM-SM on the interface. no ipv6 pim sparse-mode [passive] disables PIM-SM.
Page 664 SwitchB SwitchA Vlan 2 rp Vlan 2 Vlan 1 Vlan 1 Vlan 2 bsr SwitchC SwitchD Vlan 2 Vlan 3 Vlan 1 Vlan 1 vlan 3 Fig 17-2 PIM-SM Typical Environment The configuration procedure for SwitchA, SwitchB, switchC and switchD is as below: (1) Configure SwitchA: Switch (Config) #ipv6 pim multicast-routing Switch (Config) #interface vlan 1...
Page 665: Pim-Sm Troubleshooting
Switch (Config) #ipv6 pim multicast-routing Switch (Config) #interface vlan 1 Switch (Config-If-Vlan1) # ipv6 address 2000:34:1:1::3/64 Switch (Config-If-Vlan1) # ipv6 pim sparse-mode Switch (Config-If-Vlan1) #exit Switch (Config) #interface vlan 2 Switch (Config-If-Vlan2) # ipv6 address 2000:13:1:1::3/64 Switch (Config-If-Vlan2) # ipv6 pim sparse-mode Switch (Config-If-Vlan2) #exit Switch (Config) #interface vlan 3 Switch (Config-If-Vlan3) # ipv6 address 2000:30:1:1::1/64...
Page 666 ipv6 pim bsr-router first to see if there is BSR information. If not, you need to check if there is unicast routing leading to BSR. Use show ipv6 pim rp-hash command to check if RP information is correct; if there is no RP information, you still need to check unicast routing;...
Page 667 now and it’s for the future extension. Example:Switch# debug ipv6 pim mib 17.2.5.1.4 debug ipv6 pim nexthop Command: debug ipv6 pim nexthop no debug ipv6 pim nexthop Function: Enable or Disable pim nexthop debug switch Parameter: None Default: Disabled Command Mode: Admin Mode and Global Mode Usage Guide: Inspect PIM NEXTHOP changing information by the pim nexthop switch.
Page 668 Default: Disabled Command Mode: Admin Mode and Global Mode Usage Guide: Inspect the changing information about pim state by this switch. Example:Switch# debug ipv6 pim state 17.2.5.1.8 debug ipv6 pim timer Command: debug ipv6 pim timer debug ipv6 pim timer assert debug ipv6 pim timer assert at debug ipv6 pim timer bsr bst debug ipv6 pim timer bsr crp...
Page 669 no debug ipv6 pim timer joinprune jt no debug ipv6 pim timer joinprune kat no debug ipv6 pim timer joinprune ot no debug ipv6 pim timer joinprune plt no debug ipv6 pim timer joinprune ppt no debug ipv6 pim timer joinprune pt no debug ipv6 pim timer joinprune no debug ipv6 pim timer register rst no debug ipv6 pim timer register...
Page 670 State The current state of this candidate BSR, Elected BSR is selected BSR 17.2.5.1.10 show ipv6 pim interface Command: show ipv6 pim interface [detail|] Function: Display PIM interface information Parameter: None Default: None Command Mode: Any Mode Example: Switch#show ipv6 pim interface Interface VIFindex Ver/ Mode Count Prior...
Page 671 Switch#show ipv6 pim mr group ff1e::15 IPv6 Multicast Routing Table (*,*,RP) Entries: 0 (*,G) Entries: 1 (S,G) Entries: 1 (S,G,rpt) Entries: 1 FCR Entries: 0 (*, ff1e::15) RP: 2000:1:111::100 RPF nbr: :: RPF idx: None Upstream State: JOINED Local ..l......Joined ........
Page 672 RPF nbr RP direction or upneighbor of source direction RPF idx RPF nbr interface Upstream State Upstream State, there are two state of Joined(join the tree, expect to receive data from upstream) and Not Joined(quit the tree, not expect to receive data from upstream), and more options such as RPT Not Joined, Pruned, Not Pruned are available for（S,G,rpt.）...
Page 673 interface’s DP 17.2.5.1.13 show ipv6 pim nexthop Command: show ipv6 pim nexthop Function: Display the PIM buffered nexthop router in the unicast route table Parameter: None Default: None Command Mode: Any Mode Usage Guide: Display the PIM buffered nexthop router information Example: Switch#show ipv6 pim nexthop Flags: N = New, R = RP, S = Source, U = Unreachable...
Page 674 17.2.5.1.14 show ipv6 pim rp-hash Command: show ipv6 pim rp-hash X:X::X:X Function: Display the RP address of group X:X::X:X’s merge point Parameter: Group address Default: None Command Mode: Any Mode Usage Guide: Display the RP address corresponding to the specified group address Example: Switch#show ipv6 pim rp-hash ff1e::15 RP: 2000:1:111::100...
Page 675: Introduction To Mld
17.3 MLD 17.3.1 Introduction to MLD MLD (Multicast Listener Discovery) is the multicast group member (receiver) discovery protocol serving IPv6 multicast. It is similar to IGMP Protocol in IPv4 multicast application. Correspondingly, MLD Protocol version1 is similar to IGMP Protocol version2, and MLD Protocol version2 is similar to IGMP Protocol version3.
Page 676 1）Configure the interval of MLD sending query message 2）Configure the maximum response time of MLD query 3）Configure overtime of MLD query 3、 Shut down MLD Protocol Start MLD Protocol There is no special commands for starting MLD Protocol on EDGECORE series layer 3 switches.
Page 677: Commands For Mld
Configure the maximum response time of the ipv6 interface for MLD query; the NO operation of query-max-response-time this command restores the default value. <time_val> ipv6 query-max-response-time Configure the overtime of the interface for ipv6 query-timeout MLD query; the NO operation of this <time_val>...
Page 678 Function: Configure MLD to work in the immediate leave mode, that’s when the host sends a membership qualification report that equals to leave a group, the router doesn’t send query and consider there is no this group’s member in the subnet. The “no ipv6 mld immediate-leave”...
Page 679 Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ipv6 mld query-interval 10 17.3.3.5 ipv6 mld query-max-response-time Command: ipv6 mld query-max-response-time <time_val> no ipv6 mld query- max-response-time Function: Configure the maximum of the response time of MLD queries; the “no ipv6 mld query- max-response-time: command restores the default value Parameter: <time_val>...
Page 680 17.3.3.7 ipv6 mld access-group Command: ipv6 mld access-group {<acl_name>} no ipv6 mld access-group Function: Configure the filter conditions of the interface on the MLD group; the “no ipv6 mld access-group” command cancels the filter conditions. Parameter: <acl-name> is the name of the IPv6 access list Default: No filter condition by default Command Mode: Interface Mode Usage Guide: This command can configure the filter on the interface to the groups,...
Page 681 source mode is not in accordance with current mode configured, the group mode will be changed and the original sources of the other modes configured will be cleared permanently; the “no” form of this command cancels joining certain group. Parameter: <X:X::X:X> is a valid IPv6 multicast address ：...
Page 682: Mld Typical Application
17.3.3.11 ipv6 mld static-group Command: ipv6 mld static-group <group_address> [source <source_address>] no ipv6 mld static-group <group_address> [source <source_address>] Function: Configure certain static group or static source on the interface. The “no” form of this command cancels certain previously configured static group or static source Parameter:<group_address>...
Page 683: Mld Troubleshooting
As shown in the following figure, add the Ethernet interfaces of Switch A and Switch B to corresponding vlan, and start PIM6 on each vlan interface. SwitchA SwitchB Vlan 2 Vlan 1 Vlan 1 Fig 17-3 Network Topology Diagram The configuration procedure for SwitchA and SwitchB is as below: (1) Configure SwitchA: Switch (Config) #ipv6 pim multicast-routing Switch (Config) #ipv6 pim rp-address 3FFE::1...
Page 684 Assure to start one kind of multicast protocol on the interface Assure the time of the timers of each router on the same network segment is consistent; usually we recommend the default setting. Unicast route shall be used to carry out RPF examination for multicast protocol. So the correctness of unicast route shall be guaranteed above all.
Page 685 Switch#1970/01/01 07:33:12 IMI: Recv MLD packet 1970/01/01 07:33:12 IMI: Type: Listener Report (131) 1970/01/01 07:33:12 IMI: Code: 0 1970/01/01 07:33:12 IMI: Checksum: 3b7a 1970/01/01 07:33:12 IMI: Max Resp Delay: 0 1970/01/01 07:33:12 IMI: Reserved: 0 1970/01/01 07:33:12 IMI: Multicast Address: ff1e::1:3 1970/01/01 07:33:12 IMI: MLD Report recv: src fe80::203:fff:fe12:3457 for ff1e::1:3 1970/01/01 07:33:12 IMI: Processing Report comes from Vlan1, ifindex 2003 1970/01/01 07:33:12 IMI: MLD(Querier) ff1e::1:3 (Vlan1): Listeners Present -->...
Page 686 Example: Display the MLD information of the Ethernet Interface vlan1 Switch#show ipv6 mld interface Vlan1 Interface Vlan1(2003) Index 2003 Internet address is fe80::203:fff:fe01:e4a MLD querier MLD query interval is 100 seconds MLD querier timeout is 205 seconds MLD max query response time is 10 seconds Last member query response interval is 1000 ms Group membership interval is 210 seconds MLD is enabled on interface...
Page 687: Chapter 18 Acl Configuration
Chapter 18 ACL Configuration 18.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguarding the security of networks. The user can lay down a set of rules according to some information specific to packets, each rule describes the action for a packet with certain information matched: “permit”...
Page 688: Access-List Action And Global Default Action
The current firmware only supports ingress ACL configuration. 18.1.3 Access-list Action and Global Default Action There are two access-list actions and default actions: “permit” or “deny” The following rules apply: An access-list can consist of several rules. Filtering of packets compares packet conditions to the rules, from the first rule to the first matched rule;...
Page 689 Specify multiple “permit” or “deny” rule entries. Exit ACL Configuration Mode Configuring a numbered extended MAC-IP access-list （8） Configuring a standard MAC-IP access-list based on nomenclature （9） Create a standard MAC-IP access-list based on nomenclature Specify multiple “permit” or “deny” rule entries. Exit MAC-IP Configuration Mode 2.
Page 690 Creates a numbered IGMP extended IP access rule; if the access-list <num> {deny permit} igmp numbered extended {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} access-list of specified number {{<dIpAddr> <dMask>} any-destination does exist, then {host-destination <dIpAddr>}} [<igmp-type>] access-list will created [precedence <prec>] [tos <tos>] using this number.
Page 691 Creates standard access-list based nomenclature; “no Access-list ip standard <name> access-list standard no access-list ip standard <name> <name>“ command delete the name-based standard IP access-list b. Specify multiple “permit” or “deny” rules Command Explanation Standard IP ACL Mode Creates standard name-based IP access rule;...
Page 692 Creates extended [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | name-based ICMP any | {host <sIpAddr>}} {{<dIpAddr> <dMask>} | access rule; the “no” form any-destination | {host-destination <dIpAddr>}} command deletes this [<icmp-type> [<icmp-code>]] [precedence <prec>] name-based extended IP [tos <tos>] access rule Creates extended...
Page 693 Creates numbered standard MAC access-list, if access-list already access-list<num>{deny|permit}{any-source-mac|{ exists, then a rule will add to host-source-mac<host_smac>}|{<smac><smac-m the current access-list; the ask>}} “no access-list no access-list <num> <num>“ command deletes a numbered standard MAC access-list. Creates a numbered MAC extended access-list Command Explanation Global Mode...
Page 694 [no]{deny|permit}{any-source-mac|{host-source- Creates extended mac<host_smac>}|{<smac><smac-mask>}} name-based MAC access {any-destination-mac|{host-destination-mac rule matching MAC frame; <host_dmac>} |{<dmac> <dmac-mask>}} [cos the “no” form command <cos-val> [<cos-bitmask>]] [vlanId <vid-value> deletes this name-based [<vid-mask>]][ethertype<protocol>[<protocol-mas extended MAC access rule k>]] Creates extended name-based MAC access [no]{deny|permit}{any-source-mac|{host-source- rule matching untagged mac<host_smac>}|{<smac><smac-mask>}}{any-d...
Page 695 Quit extended name-based MAC access Exit configure mode Configuring a numbered extended MAC-IP access-list Command Explanation Global mode access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac- Creates numbered mask>}} mac-icmp extended mac-ip {any-destination-mac|{host-destination-mac access rule; if the numbered <host_dmac>}|{<dmac><dmac-mask>}}icmp extended access-list {{<source><source-wildcard>}|any-source| specified number does not {host-source<source-host-ip>}} exist, then an access-list will {{<destination><destination-wildcard>}|any-desti...
Page 696 access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac- Creates numbered mask>}}{any-destination-mac|{host-destination-m mac-icmp extended mac-tcp <host_dmac>}|{<dmac><dmac-mask>}}tcp access rule; if the numbered {{<source><source-wildcard>}|any-source| extended access-list {host-source<source-host-ip>}}[s-port<port1>] specified number does not {{<destination><destination-wildcard>}|any-desti exist, then an access-list will nation| {host-destination <destination-host-ip>}} created using this [d-port <port3>] [ack+fin+psh+rst+urg+syn] number. [precedence <precedence>] [tos <tos>][time-range<time-range-name>] access-list<num>{deny|permit}{any-source-mac|...
Page 697 a) Create a standard MAC-IP access-list based on nomenclature Command Explanation Global Mode Creates extended name-based MAC-IP access rule; the “no” form mac-ip-access-list extended <name> command deletes this no mac-ip-access-list extended <name> name-based extended MAC-IP access rule b) Specify multiple “permit” or “deny” rule entries Command Explanation Extended name-based MAC-IP access Mode...
Page 698 [no]{deny|permit}{any-source-mac|{host-source- mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac Creates extended <host_dmac>}|{<dmac><dmac-mask>}}tcp name-based MAC-TCP {{<source><source-wildcard>}|any-source| access rule; the “no” form {host-source<source-host-ip>}}[s-port<port1>] command deletes this {{<destination><destination-wildcard>}|any-desti name-based extended nation| {host-destination <destination-host-ip>}} MAC-TCP access rule [d-port<port3>][ack+fin+psh+rst+urg+syn] [precedence<precedence>][tos<tos>][time-range< time-range-name>] [no]{deny|permit}{any-source-mac|{host-source- mac<host_smac>}|{<smac><smac-mask>}} Creates extended {any-destination-mac|{host-destination-mac name-based MAC-UDP <host_dmac>}|{<dmac><dmac-mask>}}udp access rule; the “no” form {{<source><source-wildcard>}|any-source| command deletes...
Page 699 2. Configuring packet filtering function (1) Enable global packet filtering function Command Explanation Global Mode Enables global packet Firewall enable filtering function disables global packet Firewall disable filtering function (2) Configure default action. Command Explanation Global Mode Sets default action Firewall default permit “permit”...
Page 700: Commands For Acl
[no]absolute-periodic{Monday|Tuesday|Wednesd ay|Thursday|Friday|Saturday|Sunday}<start_time >to{Monday|Tuesday|Wednesday|Thursday|Frida y|Saturday| Sunday} <end_time> stop the function of the time range in the week [no]periodic{{Monday+Tuesday+Wednesday+Thu rsday+Friday+Saturday+Sunday}|daily|weekdays| weekend} <start_time> to <end_time> （3）Configure absolute time range Command Explanation Global Mode Absolute Configure absolute time start<start_time><start_data>[end<end_time> range <end_data>] [no]absolute stop the function of the time start<start_time><start_data>[end<end_time><en range d_data>]...
Page 701 18.2.2.1 absolute-periodic/periodic Command: [no] absolute-periodic{Monday|Tuesday|Wednesday|Thursday|Friday|Saturday| Sunday}<start_time>to{Monday|Tuesday|Wednesday|Thursday|Friday|Saturday| Sunday} <end_time> [no]periodic{{Monday+Tuesday+Wednesday+Thursday+Friday+Saturday+Sunday}| daily| weekdays | weekend} <start_time> to <end_time> Functions: Define the time-range of different commands within one week, and every week to circulate subject to this time. Parameters: （Friday) Friday （Monday) Monday （Saturday) Saturday （Sunday)
Page 702 16:45:00 18.2.2.2 absolute start Command:[no]absolute start <start_time> <start_data> [end <end_time> <end_data>] Functions: Define an absolute time-range, this time-range operates subject to the clock of this equipment. Parameters:start_time : start time, HH:MM:SS (hour: minute: second) end_time : end time, HH:MM:SS (hour: minute: second) start_data :start data, the format is, YYYY.MM.DD（year.month.day）...
Page 703 | {host-destination <dIpAddr>}} [d-port <dPort>] [precedence <prec>] [tos <tos>][time-range<time-range-name>] access-list <num> {deny | permit} {eigrp | gre | igrp | ipinip | ip | <protocol>} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}} [precedence <prec>] [tos <tos>][time-range<time-range-name>] no access-list <num>...
Page 704 packet to pass, and permit udp packet with destination address 192. 168. 0. 1 and destination port 32 to pass. Switch(Config)#access-list 110 deny icmp any-source any-destination Switch(Config)#access-list 110 permit udp any-source host-destination 192.168.0.1 d-port 32 18.2.2.4 access-list(ip standard) Command: access-list <num> {deny | permit} {{<sIpAddr> <sMask >} | any-source | {host-source <sIpAddr>}} no access-list <num>...
Page 705 matching, deny access; permit if rules are matching, permit access; <any-source-mac> any source address; <any-destination-mac> any destination address; <host_smac>, <sumac> source MAC address; <sumac-mask> mask (reverse mask) of source MAC address; <host_dmac> , <dmac> destination MAC address; <dmac-mask> mask (reverse mask) of destination MAC address; untagged-eth2 format of untagged ethernet II packet;...
Page 706 access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac <host_dmac>}|{<dmac><dmac-mask>}}igmp {{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination| {host-destination<destination-host-ip>}} [<igmp-type>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac-mask>}}{any-destination-mac| {host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}}tcp {{<source><source-wildcard>}|any-source| {host-source<source-host-ip>}}[s-port<port1>] {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [d-port <port3>] [ack+fin+psh+rst+urg+syn] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac-mask>}}{any-destination-mac| {host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}}udp {{<source><source-wildcard>}|any-source| {host-source<source-host-ip>}}[s-port<port1>] {{<destination><destination-wildcard>}|any-destination| {host-destination<destination-host-ip>}}[d-port<port3>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac <host_dmac>}|{<dmac><dmac-mask>}} {eigrp|gre|igrp|ip|ipinip|ospf|{<protocol-num>}} {{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination|...
Page 707 source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask (reverse mask) of destination MAC address; protocol No. of name or IP protocol. It can be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip, ospf, tcp, or udp, or an integer from 0-255 of list No.
Page 708 Command: access-list <num> {deny|permit} {any-source-mac | {host-source-mac <host_smac> } | {<smac> <smac-mask>} } no access-list <num> Functions: Define a standard numeric MAC ACL rule, ‘no access-list <num>’ command deletes a standard numeric MAC ACL access-list rule Parameters: <num> is the access-list No. which is a decimal’s No. from 700-799; deny if rules are matching, deny access;...
Page 709 18.2.2.10 firewall default Command: firewall default {permit | deny} Functions: Configure default actions of firewall Parameters: permit means to permit data packets to pass; deny means to deny data packets to pass Command Mode: Global mode Default: Default action is permit. Usage Guide: This command only influences IP packets from the port entrance, and all packets can pass the switch in other situations.
Page 710 Usage Guide: After assigning this commands for the first time, only an empty name access-list is created, no items in the list. Examples: Create a name expansion IP access-list whose name is ipFlow. Switch(Config)# access-list ip standard ipFlow 18.2.2.13 ipv6 access-list Command ：...
Page 711 Switch(Config)#ipv6 access-list standard ip6Flow 18.2.2.15 ipv6 access extended Command:ipv6 access-list extended <name> no ipv6 access-list extended <name> Function:Create a name-based extended IPv6 access list; the “no ipv6 access-list extended<name>” command delete the name-based extended IPv6 access list Parameter:<name> is the name for access list, the character string length is from 1 to Command Mode: Global Mode Default: No IP address is configured by default.
Page 712 1． Each port can bind a MAC-IP ACL, a IP ACL, a MAC ACL and a IPv6 ACL; 2． Each port exit can bind a MAC IP ACL, a IP ACL, MAC ACL and IPv6 ACL; 3． When binding 6 ACLs and data package matching the multi ACLs simultaneity, the priority from high to low are shown as below, Egress IPv6 ACL;...
Page 713 Command: Mac-ip-access-list extended <name> no mac-ip-access-list extended <name> Functions: Define a name-manner MAC-IP ACL or enter access-list configuration mode, ‘no mac-ip-access-list extended <name>’ command deletes this ACL. Parameters:<name> :name of access-list excluding blank or quotation mark, and it must start with letter, and the length cannot exceed 16 (remark: sensitivity on capital or small letter.) Command Mode: Global mode Default: No named MAC-IP access-list...
Page 714 Parameters: <sIpAddr> is the source IP address, the format is dotted decimal notation; <sMask > is the reverse mask of source IP, the format is dotted decimal notation; <dIpAddr> is the destination IP address, the format is dotted decimal notation; <dMask> is the reverse mask of destination IP, the format is dotted decimal notation, attentive position o, ignored position 1;...
Page 715 Command: [no]{deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} [cos <cos-val> [<cos-bitmask>]] [vlanId <vid-value> [<vid-mask>]] [ethertype <protocol> [<protocol-mask>]] [no]{deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} [untagged-eth2 [ethertype <protocol> [protocol-mask]]] [no]{deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} [untagged-802-3] [no]{deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} [tagged-eth2 [cos <cos-val> [<cos-bitmask>]] [vlanId <vid-value> [<vid-mask>]] [ethertype<protocol> [<protocol-mask>]]] [no]{deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} [tagged-802-3 [cos <cos-val> [<cos-bitmask>]] [vlanId <vid-value> [<vid-mask>]]] Functions: Define an expansion name MAC ACL rule, and ‘no’...
Page 716 reverse mask format of one byte is: 00001111b; mask format is 11110000; and this is not permitted: 00010011. Command Mode: Name expansion MAC access-list configuration mode Default configuration: No access-list configured 18.2.2.22 permit | deny(mac-ip extended) Command:[no] {deny|permit}{any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-ma sk>}} {any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}} icmp{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [<icmp-type>...
Page 717 {{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [precedence <precedence>] [tos <tos>][time-range<time-range-name>] Functions: Define an expansion name MAC-IP ACL rule, ‘No’ form deletes one expansion numeric MAC-IP ACL access-list rule. Parameters: num access-list serial No. this is a decimal’s No. from 3100-3199.; deny if rules are matching, deny to access; permit if rules are matching, permit to access; any-source-mac: any source MAC address;...
Page 718 Default: No access-list configured Examples: Deny the passage of UDP packets with any source MAC address and destination MAC address, any source IP address and destination IP address, and source port 100 and destination port 40000. Switch (Config)#access-list 3100 deny any-source-mac any-destination-mac udp any-source s-port 100 any-destination d-port 40000 18.2.2.23 permit | deny(ipv6 extended) Command: [no] {deny | permit} icmp {{<sIPv6Prefix/sPrefixlen>} | any-source |...
Page 719: Acl E Xample
Switch(Config)#ipv6 access-list extended udpFlow Switch(Config-Ext-Nacl-udpFlow)#ipv6 access-list deny igmp any-source any-destination Switch(Config-Ext-Nacl-udpFlow)#ipv6 access-list permit any-source host-destination 2001:1:2:3::1 dPort 32 18.2.2.24 permit | deny(ipv6 standard) Command:[no]{deny|permit}{{<sIPv6Prefix/sPrefixlen>} | any-source | {host-source <sIPv6Addr>}} Function: Create a standard nomenclature IPv6 access control rule; the “no” form of this command deletes the nomenclature standard IPv6 access control rule.
Page 720: Acl T Roubleshooting
to 10.0.0.0/24 segment, ftp is not desired for the user. Configuration description: Create a proper ACL Configuring packet filtering function Bind the ACL to the port The configuration steps are listed below: Switch(Config)#access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21 Switch(Config)#firewall enable Switch(Config)#firewall default permit Switch(Config)#interface Ethernet 0/0/10...
Page 721: Commands For Monitor And Debug
cannot be bound due to hardware resource limitation. If an access-list contains same filtering information but conflicting action rules, binding to the port will fail with an error message. For instance, configuring “permit tcp any-source any-destination” and “deny tcp any-source any-destination” at the same time is not permitted.
Page 722 any-destination and destination address to pass access-list 100 deny tcp any-source Deny TCP packet of any source IP any-destination address and destination address to pass access-list 1100 permit any-source-mac Permit tagged-eth2 with any source MAC any-destination-mac tagged-eth2 14 2 addresses and any destination MAC 0800 addresses and the packets whose 15 and 16...
Page 723 is 10. of port Ethernet0/0/2 packet(s) number is 10 Number of packets matching this ACL rule 18.4.1.3 show firewall Command: show firewall Functions: Reveal configuration information of packet filtering functions Parameters: None Default: None Command Mode:Admin mode Usage Guide: Examples: Switch#show firewall fire wall is enable the default action of fire wall is permit...
Page 724: W Eb M Anagement
699,amongst 500～599 is digit standard IPv6 ACL number,600～699 is the digit extended IPv6 ACL number;<acl-name> is the nomenclature character string of a specific access control list, lengthening within 1～16. Default: None Command Mode: Admin Mode Usage Guide: When no access control list is specified, all the access control lists will be displayed;...
Page 725: Delete Numeric Ip Acl
18.5.2 Delete numeric IP ACL Click “Numeric ACL Configuration”, and then “Delete Numeric ACL” section to enter the configuration page, The explanations of each section are: ACL number (1-199) To delete the Numeric ACL, just simply specify the number of ACL and then click the “Remove”.
Page 726 IP precedence Regarding “ICMP numeric extended ACL”, there are two sub-categories: ICMP type ICMP code Regarding “IGMP numeric extended ACL”, there is one sub-category: IGMP type Regarding “TCP numeric extended ACL”, there are three sub-categories: Source port Destination port TCP sign Regarding “UDP numeric extended ACL”, there are two sub-categories: Source port Target port...
Page 727: Configure And Delete The Standard Acl Name
18.5.4 Configure and delete the standard ACL name Click “ACL name configuration” to open up the sub-sections, next click “ACL name configuration” to enter the configuration page. The way to configure the “ACL name configuration” is the same with “Numeric ACL Configuration”. The only difference users should change the ACL number to the ACL name.
Page 728: Configure Extended Acl Name Configuration
18.5.5 Configure extended ACL name configuration Click “ACL name configuration”, the configuration sections will then be shown. There are 6 types of extended ACL name configurations: IP extended ACL name configuration ICMP extended ACL name configuration IGMP extended ACL name configuration TCP extended ACL name configuration UDP extended ACL name configuration Other protocols extended ACL name configuration...
Page 729 Port -the target port to bind to ACL ACL name -the target ACL name to bind Ingress/Egress -the target direction to bind Operation type -”Add” or “Remove” To enable this function, you need to select the action in each item and then click “Apply”.
Page 730: Chapter 19 802.1X Configuration
Chapter 19 802.1x Configuration 19.1 Introduction to 802.1x IEEE 802.1x is a port-based network access management method, which authenticates and manages the accessing devices on the physical access level of the LAN device. The physical access level here are the ports of the switch. If the users’ devices connected to such ports can be authenticated, access to resources in the LAN is allowed;...
Page 731: X C Onfiguration T Ask L Ist
In the IEEE 802.1x application environment, ES3628EA is used as the access management unit, and the user connection device is the device with 802.1x client software.
Page 732 Command Explanation Global Mode Enables the AAA authentication function in the switch; aaa enable the “no aaa enable” command disables the AAA no aaa enable authentication function. Enables the accounting function in the switch; the “no aaa-accounting enable command disables aaa-accounting enable”...
Page 733 Command Explanation Global Mode Enables the 802.1x address filter function in the switch; dot1x macfilter enable the "no dot1x macfilter enable" command disables no dot1x macfilter enable the 802.1x address filter function. dot1x accept-mac <mac-address> [interface Adds 802.1x address filter table entry, the “no dot1x <interface-name>] accept-mac”...
Page 734 dot1x re-authenticate Enables IEEE 802.1x re-authentication (no wait timeout [interface requires) for all ports or a specified port. <interface-name>] 4. Authentication Server (RADIUS server) related property configuration 1) Configure RADIUS authentication key. Command Explanation Global Mode Specifies the key for RADIUS server; the “no radius-server key <string>...
Page 735: C Ommands For 802.1 X
Configures the re-transmission times for RADIUS; the radius-server retransmit “no radius-server retransmit” command restores the <retries> default setting no radius-server retransmit Configures the timeout timer for RADIUS server; the radius-server timeout “no radius-server timeout” command restores the <seconds> default setting. no radius-server timeout 19.3 Commands for 802.1x 19.3.1 aaa enable...
Page 736: Dot1X Accept-Mac
accounting server on accounting end. Note: The switch send the “user offline” message to the RADIUS accounting server only when accounting is enabled, the “user offline” message will not be sent to the RADIUS authentication server. Example: Enabling AAA accounting for the switch. Switch(Config)#aaa-accounting enable 19.3.3 dot1x accept-mac Command: dot1x accept-mac <mac-address>...
Page 737: Dot1X Enable
Ethernet connection exists between the switch and RADIUS server, the switch needs to authenticate the user by EAP relay (EAPoR authentication); if the switch connects to the RADIUS server by PPP, the switch will use EAP local end authentication (CHAP authentication).
Page 738: Dot1X Max-Req
Switch(Config)#dot1x macfilter enable 19.3.7 dot1x max-req Command: dot1x max-req <count> no dot1x max-req Function: Sets the number of EAP request/MD5 frame to be sent before the switch re-initials authentication on no supplicant response; the “no dot1x max-req” command restores the default setting. Parameters: <...
Page 739: Dot1X Port-Method
Function: Sets the 802.1x authentication status; the “no dot1x port-control” command restores the default setting. Parameters: auto enable 802.1x authentication, the port authorization status is determined by the authentication information between the switch and the supplicant; force-authorized sets port to authorized status, unauthenticated data is allowed to pass through the port;...
Page 740: Dot1X Re-Authentication
ports. Command mode: Admin Mode Usage Guide: This command is an Admin Mode command. It makes the switch to re-authenticate the client at once without waiting for re-authentication timer timeout. This command is no longer valid after authentication. Example: Enabling real-time re-authentication on port 0/0/8. Switch#dot1x re-authenticate interface Ethernet 0/0/8 19.3.12 dot1x re-authentication Command: dot1x re-authentication...
Page 741: Dot1X Timeout Tx-Period
Command:dot1x timeout re-authperiod <seconds> no dot1x timeout re-authperiod Function: Sets the supplicant re-authentication interval; the “no dot1x timeout re-authperiod” command restores the default setting. Parameters: <seconds> is the interval for re-authentication, in seconds, the valid range is 1 to 65535. Command mode: Global Mode Default: The default value is 3600 seconds.
Page 742: Radius-Server Authentication Host
server. Multiple RADIUS sever can be configured and would be available. RADIUS server will be searched by the configured order if primary is not configured, otherwise, the specified RADIUS server will be used first. Command mode: Global Mode Default: No RADIUS accounting server is configured by default. Usage Guide: This command is used to specify the IPv4/IPv6 address and port number of the specified RADIUS server for switch accounting, multiple command instances can be configured.
Page 743: Radius-Server Dead-Time
RADIUS servers communicating with the switch, the configured order is used as the priority for the switch authentication server. If primary is specified, then the specified RADIUS server will be the primary server. Example: Setting the RADIUS authentication server address as 200.1.1.1. Switch(Config)#radius-server authentication host 200.1.1.1 19.3.18 radius-server dead-time Command: radius-server dead-time <minutes>...
Page 744: Radius-Server Retransmit
19.3.20 radius-server retransmit Command: radius-server retransmit <retries> no radius-server retransmit Function: Configures the re-transmission times for RADIUS authentication packets; the “no radius-server retransmit” command restores the default setting Parameters: <retries> is a retransmission times for RADIUS server, the valid range is 0 to 100.
Page 745: X A Pplication E Xample
19.4 802.1x Application Example 1 0 . 1 . 1 . 2 R a d i u s S e r v e r 1 0 . 1 . 1 . 1 1 0 . 1 . 1 . 3 Fig 19-2 IEEE 802.1x Configuration Example Topology The PC is connecting to port 0/0/2 of the switch;...
Page 746: Commands For Monitor And Debug
to auto，but switch can’t be to authenticated state after the user runs 802.1x supplicant software. Here are some possible causes and solutions: If 802.1x cannot be enabled for a port, make sure the port is not executing Spanning tree, or MAC binding, or configured as a Trunk port or for port aggregation. To enable the 802.1x authentication, the above functions must be disabled.
Page 747 Command: debug dot1x no debug dot1x Function: Enables dot1x debugging information; the “ no debug dot1x” command disables the dot1x debugging information. Command mode: Admin Mode Parameters: N/A. Usage Guide: Enabling dot1x debug information allows the check of dot1x protocol negotiation process and is helpful in troubleshooting.
Page 748 --------------- total: 0 --------------- 19.5.1.5 show aaa config Command: show aaa config Function: Displays the configured commands for the switch as a RADIUS client. Command mode: Admin Mode Usage Guide: Displays whether AAA authentication, accounting are enabled and information for key, authentication and accounting server specified. Example: Switch#show aaa config（For Boolean value, 1 stands for TRUE and 0 for FALSE）...
Page 749 Dead Time = 5 Account Time Interval = 0 Displayed information Description Is AAA Enabled Indicates whether AAA authentication is enabled or not. 1 for enable and 0 for disable. Is Account Enabled Indicates whether AAA accounting is enabled or not. 1 for enable and 0 for disable.
Page 750 Command mode: Admin Mode Usage Guide: The dot1x related parameter and dot1x information can be displayed with “show dot1x” command. Example: 1. Display information about dot1x global parameter for the switch. Switch#show dot1x Global 802.1x Parameters reauth-enabled reauth-period 3600 quiet-period tx-period max-req authenticator mode...
Page 751 authenticator mode Switch authentication mode Mac Filter Enables dot1x address filter or not MacAccessList Dot1x address filter table Dot1x-EAPoR Authentication method used by the switch (EAP relay, EAP local end) 802.1x is enabled on ethernet 1 Indicates whether dot1x is enabled for the port Authentication Method: Port authentication method (MAC-based, port-based) Status...
Page 752: W Eb M Anagement
19.6 Web Management Click “Authentication configuration”, open authentication configuration management list. Users may configure switch 802.1x authentication function. 19.6.1 RADIUS client configuration Click “Authentication configuration”, “RADIUS client configuration”, to open Radius client configuration management list Users may the configure switch Radius client. 19.6.1.1 RADIUS global configuration Click “Authentication configuration”, “RADIUS client configuration”, “RADIUS global configuration”...
Page 753 19.6.1.2 RADIUS authentication configuration Click “Authentication configuration”, “RADIUS client configuration”, “RADIUS authentication configuration” to configure the RADIUS authentication server IP address and monitor port ID. Authentication server IP -Server IP address. Authentication server port (optional) - Is the server monitor port ID, with range: 0~65535, where “0” means it are not working as an authentication server.
Page 754: X Configuration
where “0” means that it’s not work as authentication server. Primary accounting server -Primary Accounting server, is the primary server; Non-Primary Accounting server, is the non-primary server. Operation type -Add accounting server, adds an accounting server; Remove accounting server, removes an accounting server Example: Configure Accounting server IP as 10.0.0.1, Accounting server port as default port, choose Primary accounting server, choose Operation type as “Add accounting server”...
Page 755 EAP relay authentication mode - Configures switch to adopt EAP relay method to make authentication; use the “no” command to configure switch to adopt EAP local terminating method to make authentication. MAC filtering -Enables, disables the switch dot1x address filter function. Example: Choose 802.1x status as Open 802.1x, Configure Maximum retransmission times of EAP-request/identity as 1, choose Re-authenticate client periodically as Disable Re-authenticate, configure Holddown time for authentication failure as 1, configure...
Page 756 access control method which is based on port. Port maximum user(1-254) - Configures the permission maximum user for specific port. Example: Choose Ethernet port0/0/1, choose 802.1x status as Open, choose Authentication type as auto, choose Authentication mode as port based, configure Port maximum user as 10 and then click the Set button to apply this configuration to switch.
Page 757 Authentication status -Authentication status Authentication mode -Authentication mode Example: Choose Ethernet port 0/0/1, then Click Reauthenticate button, the user in Ethernet port 0/0/1 will be force to make re-authentication.
Page 758: Chapter 20 Vrrp Configuration
Chapter 20 VRRP Configuration 20.1 Introduction to VRRP VRRP (Virtual Router Redundancy Protocol) is a fault tolerant protocol designed to enhance connection reliability between routes (or L3 Ethernet switches) and external devices. It is developed by the IETF for local area networks (LAN) with multicast/broadcast capability (Ethernet is a Configuration Example) and has wide applications.
Page 759: C Onfiguration T Ask L Ist
work and continue serving the hosts within the segment. Since the election and take-over duration is brief and smooth, hosts within the segment can use the Virtual Router as normal and uninterrupted communication can be achieved. 20.2 Configuration Task List Create/Remove the Virtual Router (required) Configure VRRP dummy IP and interface (required) Activate/Deactivate Virtual Router (required)
Page 760 4. Configure VRRP Authentication Command Explanation Interface Mode Configures the authentication mode for VRRP packets sending on the interface, ip vrrp authentication mode text the "no ip vrrp authentication mode" no ip vrrp authentication mode command resets the authentication mode to default value.
Page 761: C Ommands For Vrrp
20.3 Commands for VRRP 20.3.1 advertisement-interval Commands:advertisement-interval <adver_interval> no advertisement-interval Function: Sets the vrrp timer values; the “no advertisement-interval” command restores the default setting. Parameters: <adver_interval> is the interval for sending VRRP packets in seconds, ranging from 1 to 10. Default: The default <adver_interval>...
Page 762: Debug Vrrp
Command mode: VRRP protocol configuration mode Usage Guide: The interface monitor function is a valuable extension to backup function, which not only enable VRRP to provide failover function on router (or L3 Ethernet switch) fail, but also allow decreasing the priority of a router (or L3 Ethernet switch) to ensure smooth implementation of backup function when status of that network interface is down.
Page 763: Enable
Switch(config)# router vrrp 10 Switch (Config-Router-Vrrp)# disable 20.3.5 enable Commands: enable Function: Activates VRRP Parameters: N/A. Default: Not configured by default. Command mode: VRRP protocol configuration mode Usage Guide: Activates the appropriate Virtual Router. Only a router (or L3 Ethernet switch) interface started by this enable command is part of Standby cluster.
Page 764: Priority
Usage Guide: If a router (or L3 Ethernet switch) requiring high priority needs to preemptively become the active router (or L3 Ethernet switch), the preemptive mode should be enabled. Example: Setting non-preemptive VRRP mode Switch(Config-Router-Vrrp)# preempt-mode false 20.3.8 priority Commands: priority <value> no priority Function: Configures VRRP priority;...
Page 765: Show Vrrp
Switch(config)# router vrrp 10 20.3.10 show vrrp Commands: show vrrp [<vrid>] Function: Displays status and configuration information for the VRRP standby cluster. Command mode: All Modes Example: Switch# show vrrp VrId <1> State is Initialize Virtual IP is 10.1.20.10 (Not IP owner) Interface is Vlan2 Priority is 100 Advertisement interval is 1 sec...
Page 766: Typical Vrrp Scenario
Function: Configures the VRRP dummy IP address Parameters: <A.B.C.D> is the IP address in decimal format. Default: Not configured by default. Command mode: VRRP protocol configuration mode Usage Guide: This command adds a dummy IP address to an existing Standby cluster. The "no virtual-ip"...
Page 767: Vrrp T Roubleshooting
If VRRP problems persist after the above-mentioned procedures, please run debugging commands like “debug vrrp”, and copy the DEBUG information in 3 minutes and send the information to Edge-Core technical service center. 20.6 Web Management Click “VRRP control” to enter VRRP control configuration mode to manage VRRP features for the switch.
Page 768: Configure Vrrp Dummy Ip
20.6.2 Configure VRRP Dummy IP Click “VRRP control” to configure VRRP and enter "VRRP Dummy IP Config". Example: Enter the created Virtual Router number 1, VRRP Dummy IP address 192.168.2.100. Click Apply to add the Dummy IP address to Virtual Router number. Click Remove to remove the Dummy IP address from Virtual Router number 1.
Page 769: Configure Vrrp Priority
20.6.6 Configure VRRP priority Click “VRRP control” to configure VRRP and enter "VRRP Priority". Example: Enter the created Virtual Router number "1" and priority. Click Enable to set the priority of virtual router number 1 to "255". Click Disable to disable the priority of Virtual Router number 1.
Page 770 Click “VRRP control” to enter "VRRP AuthenMode" and configure VRRP authentication mode. Example: Choose created "Vlan1" for Port and "yes" for AuthenMode. Click Apply to finish Port Vlan1 authentication mode configuration.
Page 771: Chapter 21 Mrpp Configuration
Chapter 21 MRPP Configuration 21.1 MRPP Introduction MRPP (Multi-layer Ring Protection Protocol), is a link layer protocol applied on Ethernet loop protection. It can avoid broadcast storm caused by data loop on Ethernet ring, and restore communication among every node on ring network when the Ethernet ring has a break link.MRPP is the expansion of EAPS(Ethernet link automatic protection protocol).
Page 772: Mrpp Protocol Packet Types
2.Ethernet Ring (MRPP Ring) Ring linked Ethernet network topology. Each ring has two states. Health state: The whole ring net work physical link is connected. Break state: one or a few physical link break in ring network 3.nodes Each switch is named after a node on Ethernet. The node has some types: Primary node: each ring has a primary node, it is main node to detect and defend.
Page 773: Mrpp Protocol Operation System
Packet Type Explanation Hello packet (Health examine The primary port of primary node evokes to detect packet) Hello ring, if the secondary port of primary node can receive Hello packet in configured overtime, so the ring is normal. LINK-DOWN (link Down event After transfer node detects Down event on port,...
Page 774: Mrpp C Onfiguration T Ask L Ist
sending from primary node, the ring has been restored, at the same time the primary node block its secondary port, and sends its neighbor LINK-UP-Flush-FDB packet. After MRPP ring port refresh UP on transfer node, the primary node maybe find ring restore after a while.
Page 775: C Ommands F Or Mrpp
Configure Hello packet overtime timer Fail-timer <INT> sending from primary node of MRPP No fail-timer ring, format “no” restores default timer value Enable MRPP ring, format “no” disables Enable enabled MRPP ring No enable 3) Display and debug MRPP relevant information Command Explanation Admin Mode...
Page 776: Debug Mrpp
Command：control-vlan <VID> no control-vlan Function： Configure control VLAN ID of MRPP ring; the“no control-vlan” command deletes control VLAN ID. Parameter：<VID> expresses control VLAN ID, the valid range is from 1 to 4094. Command Mode： MRPP ring mode Default： None Usage Guide： The command specifies Virtual VLAN ID of MRPP ring, currently it can be any value in 1-4094.To avoid confusion, it is recommended that the ID is non-configured VLAN ID, and the same to MRPP ring ID.
Page 777: Fail-Timer
Usage Guide： Executing this command, it must enable MRPP protocol, and enable all of option needed to be configured of the MRPP ring. Example： Configure MRPP ring 4000 of switch to primary node, and enable the MRPP ring. Switch(Config)# mrpp enable Switch(Config)# mrpp ring 4000 Switch(mrpp-ring-4000)#control-vlan 4000 Switch(mrpp-ring-4000)#primary-port Ethernet 4/1...
Page 778: Mrpp Enable
Parameter： <INT> valid range is from 1 to 100s. Command Mode： MRPP ring mode Default： Default configuration timer interval is 1s. Usage Guide：The primary node of MRPP ring continuously sends Hello packet on configured Hello timer interval, if secondary port of primary node can receive this packet in configured period;...
Page 779: Node-Mode
21.3.9 node-mode Command： node-mode {maser|transit} Function： Configure the type of the node to primary node or secondary node. Parameter： Command Mode： MRPP ring mode Default： Default the node mode is secondary node. Usage Guide：。 Example： Configure the switch to primary node. MRPP ring 4000 Switch(Config)# mrpp ring 4000 Switch(mrpp-ring-4000)#node-mode master 21.3.10 primary-port...
Page 780: Show Mrpp
Switch(Config)# mrpp ring 4000 Switch(mrpp-ring-4000)#secondary-port Ethernet 4/3 - 21.3.12 show mrpp Command： show mrpp {<INT>|} Function： Display MRPP ring configuration. Parameter： <INT> is MRPP ring ID, the valid range is from 1 to 4096, if not specified ID, it display all of MRPP ring configuration. Command Mode：...
Page 781 SWITCH A SWITCH B Master Node MRPP Ring 4000 SWITCH C SWITCH D Fig 21-2 MRPP typical configuration scenario 1 The above topology often occurs on using MRPP protocol. The multi switch constitutes a single WAPS ring, all of the switches only are configured an MRPP ring, thereby constitutes a single MRPP ring.
Page 782: Mrpp Typical Scenario 2
Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH C configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH D configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000...
Page 783 SWITCH F SWITCH A SWITCH E Master SWITCH B Ring Node Ring 4000 SWITCH G SWITCH H SWITCH C SWITCH D Master Node Fig 21-3 typical scenario 2 The above topology configures two tangent MRPP ring, SWITCH E belongs to ring 1 and 2.
Page 784 Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH C configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH D configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)#...
Page 785 Switch(MRPP-ring-100)#primary-port Ethernet 0/0/3 Switch(MRPP-ring-100)#secondary-port Ethernet 0/0/4 Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# SWITCH F configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-100)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# SWITCH E configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-100)#secondary-port Ethernet 0/0/2...
Page 786: Mrpp Typical Scenario 3
21.4.3 MRPP typical scenario 3 SWITCH F SWITCH A Master SWITCH B Node SWITCH E Ring 4000 Ring 100 SWITCH G SWITCH C SWITCH D Master Node Fig 21-4 MRPP Scenario 3 In above topology figure, SWITCH B, E, D belongs to two MRPP ring 4000 and 100 separately.
Page 787 SWITCH B configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH C configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH H configuration Task Sequence:...
Page 788 Switch(Config)# MRPP Ring 100 configuration Task Sequence: SWITCH B configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-100)#secondary-port Ethernet 0/0/3 Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# SWITCH D configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 0/0/2 Switch(MRPP-ring-100)#secondary-port Ethernet 0/0/3 Switch(MRPP-ring-100)#enable...
Page 789: Mrpp Troubleshooting
Switch(MRPP-ring-100)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# SWITCH G configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 0/0/1 Switch(MRPP-ring-100)#secondary-port Ethernet 0/0/2 Switch(MRPP-ring-100)#node-mode master Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# 21.5 MRPP troubleshooting The normal operation of MRPP protocol depends on normal configuration of each switch on MRPP ring, otherwise it is very possible to form ring and broadcast storm: Configuring MRPP ring, you’d better disconnected the ring, and wait for each switch configuration, then open the ring.
Page 790: Chapter 22 Cluster Configuration
Chapter 22 Cluster Configuration 22.1 Introduction to cluster network management Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch).
Page 791 22.2 Cluster Network Management Configuration Sequence 1. Enable or disable cluster function 2. Create cluster 1) Create or delete cluster 2) Configure private IP address pool for member switches of the cluster 3) Add or remove a member switch 3. Configure attributes of the cluster in the commander switch 1) Enable or disable joining the cluster automatically 2) Set holdtime of heartbeat of the cluster 3) Set interval of sending heartbeat packets among the switches of the cluster...
Page 792 Command Explanation Global Mode cluster commander <cluster-name> Create or delete a cluster [vlan<vlan-id>] no cluster commander Configure private IP address pool cluster ip-pool<commander-ip> for member switches of the cluster no cluster ip-pool cluster member {candidate-sn <cand-sn> | mac-address <mac-add> Add or remove a member switch [<mem-id>] }[password <pass>] no cluster member <...
Page 793: C Ommands For Cluster
Command Explanation Admin Mode commander switch, this command is used to configure and rcommand member <mem-id> manage member switches. In the member switch, this command is used to configure the member switch rcommand commander itself. commander switch, this command is used to reset the member cluster reset member<mem-id>...
Page 794: Cluster Ip-Pool
timer” command restores the default setting. Parameter: <timer-value> is interval of sending cluster register packet in seconds, valid range is 30 to 65535. Command mode: Global Mode Default: Cluster register timer is 60 seconds by default. Example: Set the interval of sending cluster register packet to 80 seconds. Switch(Config)#cluster register timer 80 22.3.3 cluster ip-pool Command:cluster ip-pool <commander-ip>...
Page 795: Cluster Member
Instructions: This command sets the switch as a commander switch and creates a cluster. Before executing this command, users must configure a private IP address pool. If users executes this command again, the cluster’s name will be changed and this information is distributed to the member switches.
Page 796: Rcommand Member
discovered candidate switches will be added to the cluster as a member switch automatically; the “no cluster auto-add enable” command disables this function. Command mode: Global Mode Default: This function is disabled by default. That means that the candidate switches are not automatically added to the cluster.
Page 797: Cluster Reset Member
22.3.9 cluster reset member Command: cluster reset member <mem-id> Function: In the commander switch, this command can be used to reset the member switch. Parameter: <mem-id> is the cluster ID of the member switch, valid rang is 1 to 23. Command mode: Admin Mode Instructions: In the commander switch, users can use this command to reset a member switch.
Page 798: Cluster Holdtime
switch which has mem-id as 10, src-url as ftp: //admin: admin@192.168.1.1/nos.img and dst-url as nos.img Switch#cluster update member 10 192.168.1.2 ftp: //admin: admin@192.168.1.1/nos.img nos.img 22.3.11 cluster holdtime Command:cluster holdtime < second> no cluster holdtime Function: In the commander switch, set holdtime of heartbeat of the cluster; the “no cluster holdtime”...
Page 799: Clear Cluster Candidate-Table
Example: Set the interval of sending heartbeat packets of the cluster to 10 seconds. Switch(config)#cluster heartbeat 10 22.3.13 clear cluster candidate-table Command: clear cluster candidate-table Function: Clear the list of candidate switches discovered by the commander switch. Command mode: Admin Mode Instructions: In the commander switch, this command is used to clear the list of candidate switches discovered by the commander switch.
Page 800: C Luster A Dministration T Roubleshooting
Switch(Config)#cluster run 22.5 Cluster Administration Troubleshooting 22.5.1 Cluster Administration Debugging and Monitoring Command 22.5.1.1 show cluster Command: show cluster Function: Display the basic information of the member or command switch Command Mode:Admin Mode Example：Execute this command on the switch 1234 Switch#show cluster Command switch for cluster 1234 Total number of members: 6...
Page 801 Usage Guide: Executing this command on the switch will display the information of the candidate member switches such as member ID, MAC address, IP address, equipment name and type 22.5.1.4 debug cluster packets Command: debug cluster packets {register |build |heartbeat } {in|out} no cluster packets {register|build |heartbeat } {in|out} Function: Enable the debugging message of cluster admin receiving and sending packets;...
Page 802 member switch belongs to Vlan1 (assumed to be in Vlan1 under current application) Whether the connection between the command switch and the member switch is correct. We can use the debug cluster packets to check if the command and the member switches can receive and process related cluster admin packets correctly...