Page 2
ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners.
Page 5
7.3.6 Enable Password Lost ................7-6 7.3.7 Two Devices in the Same VLAN Cannot Communicate....... 7-7 7.3.8 Authentication Timed Out in Campus Network..........7-7 7.3.9 Solution to ARP Attacks in Campus Network..........7-9 Figures......................I Tables ......................V Glossary .......................VII SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 6
SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Chapter Summary 1, Safety Instructions Describes safety instructions and signs. 2, System Overview Provides an overview about the ZXR10 5250 series switches. 3, Usage and Operation Describes configuration modes, command modes and usage of command line. 4, System Management Describes system management.
Page 8
Caution: indicates a potentially hazardous situation. Failure to comply can result in moderate injury, equipment damage, or interruption of minor services. Note: provides additional information about a certain topic. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Safety precautions mentioned in this manual are only supplementary to the local safety specifications. ZTE Corporation bears no responsibility for consequences resulting from violation of general specifications for safety operations or of safety rules for design, production, and use of the equipment.
Page 10
ZXR10 5250 Series Configuration Guide Note: Provides additional safety information. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Chapter 2 System Overview The ZXR10 5250 series switches are an important part of the ZXR10 series Ethernet switches. The ZXR10 5250 series products are Gigabit L2+ (between layer 2 and layer 3) Ethernet switches used for Gigabit network access and convergence, and 10 Gb is available for uplinks.
Page 12
The ZXR10 5250 supports the 802.3ad Link Aggregation Control Protocol (LACP) function, and provides load balancing and link backup. The ZXR10 5250 supports the ZTE Ethernet Switch Ring (ZESR) to provide fast protection switching, which ensures that user services are not interrupted.
Page 13
Management Modes The ZXR10 5250 provides the following management modes: Supports the SNMPv1/v2c/v3 and Remote Monitoring (RMON). Supports the ZXNM01 unified network management platform. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 14
Supports accessing the switches through CLI command lines, including Console, Telnet and SSH. Supports network management through Web. Supports the ZTE Group Manage Protocol (ZGMP). Functions The ZXR10 5250 uses the Store and Forward mode, and supports layer 2 wire-speed switching.
Page 15
40. It supports version/configuration upload and download through the Trivial File Transfer Protocol (TFTP). 41. It supports version/configuration upload and download through the 42. The ZXR10 5250-52PM supports the 802.3af Power over Ethernet (PoE) function. The power supply of at most 30 W is supported. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 16
ZXR10 5250 Series Configuration Guide This page intentionally left blank. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
PC. The VT100 terminal mode is applied in the Console port connection configuration. The following use the Windows HyperTerminal configuration as an example to illustrate the connection configuration. 1. Start the HyperTerminal program on the PC. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Select Start > All programs > Accessories > Communications > HyperTerminal in the Windows operating system to start the HyperTerminal program. 2. Establish a connection. Enter a name and select an icon for the connection, and then click OK, see Figure 3-2.
Set the login password, The login-password <string> parameter value consists of at most 16 characters. set user {local | radius| tacacs-plus}<name> Set the administrator password, The admin-password <string> admin-password <string> parameter value consists of at most 16 characters. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Note: The default username is admin and the password is zhongxing. The default administrator password is empty. It is assumed that the IP address of the layer-3 port is 192.168.3.1 and this address can be pinged successfully from the local computer.
Page 21
4. Enable the web network management function (by default, this function is disabled) and set a listening port. Command Function Enable the web network management function set web enable (by default, this function is disabled). set web listen-port < 80,1025-49151 > Set a listening port. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
“>”, which is shown as follows: zte> The default host name is zte. You can modify the host name by running the hostname <name> command. The name length consists of at most 200 characters. In user mode, you can run the exit command to exit the switch configuration or run the show command to view the system configuration and operation information.
Page 23
TFTP uploading/downloading files through FTP copying files formatting the Flash memory SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 24
ZXR10 5250 Series Configuration Guide upgrading firmware To return to global configuration mode from file system configuration mode, run the exit command or press Ctr+Z. NAS Configuration Mode In global configuration mode, you can run the config nas command to enter NAS...
Page 25
In global configuration mode, you can run the config ingress-acl link number <200-299> command to enter layer-2 ingress ACL configuration mode, which is shown as follows: zte(cfg)#config ingress-acl link number 200 zte(ingress-link-acl)# In layer-2 ingress ACL configuration mode, you can add, delete and move rules for a specified layer-2 ingress ACL.
Page 26
ZXR10 5250 Series Configuration Guide In basic egress ACL configuration mode, you can add, delete and move rules for a basic egress ACL. To return to global configuration mode from basic egress ACL configuration mode, run the exit command or press Ctr+Z.
In global configuration mode, you can run the config ingress-acl user-define number <801- 828> command to enter user-defined ingress ACL configuration mode, which is shown as follows: zte(cfg)#config ingress-acl user-define number 811 zte(ingress-user-define-acl)# In user-defined ingress ACL configuration mode, you can add, delete, or move the rules of ACLs with the specified ACL numbers.
ZXR10 5250 Series Configuration Guide Parameter Description <HH.HH.HH.HH.HH.HH> MAC address, for example, 00.22.33.44.55.66. <A.B.C.D> IP address, for example, 10.40.47.254. <A.B.C.D/M> IP address and mask bits. M must be an integer from 1 to 32, for example, 10.40.47.254/24. <string> String without spaces.
Page 29
? <string> user name(maxsize:15) zte(cfg)#create user houyx ? admin create an administrator guest create a guest zte(cfg)#create user houyx guest ? <cr> <0-15> specify user's priviledge zte(cfg)#create user houyx guest zte(cfg)# <cr> Command Abbreviations In the ZXR10 5250, a command or keyword can be abbreviated as a character or string that uniquely identifies this command or keyword.
ZXR10 5250 Series Configuration Guide Command History The user interface supports the function of recording entered commands. A maximum of 20 historical commands can be recorded. The function is very useful for recalling a long or complicated command. To recall commands from the history buffer, perform one of the following actions.
Page 31
<Ctrl+C> to break —–” is displayed at the bottom of the current page. You can press Return to scroll down one line, or Space to scroll down one screen. To stop the output, press Q or Ctr+C. 3-15 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 32
ZXR10 5250 Series Configuration Guide This page intentionally left blank. 3-16 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 33
For the procedure to manage file system directories, refer to the table below: Step Command Function Enters file system config tffs zte(cfg)# configuration mode. md <directory name> Creates a directory. zte(cfg-tffs)# SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 34
ZXR10 5250 Series Configuration Guide Step Command Function rename <file-name> <file-name> Modifies the directory name. zte(cfg-tffs)# cd <directory name> Changes the current directory, zte(cfg-tffs)# and opens this directory. Lists the current directories. zte(cfg-tffs)# You can run the remove <file-name> command to delete a specified directory. The img, cf g, and data directories created by default and all non-empty directories cannot be deleted.
TFTP server using TFTP server software (TFTPD) as an example. Steps 1. Run the Tftpd software at the back-end computer. The TFTP server window is displayed, see Figure 4-1. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 4-1 TFTP Server 2. Select Tftpd > Configure. The Tftpd Settings dialog box is displayed, see Figure 4-2. Figure 4-2 Tftpd Settings Dialog Box 3. Click the Browse button on the upper side of the dialog box and select a directory to save the version file or configuration file.
2. Set Server Address, Port and Administration password, and click OK. The FileZilla Server window is displayed, see Figure 4-4. Figure 4-4 FileZilla Server Window 3. Select Edit > Users. The Users dialog box is displayed, see Figure 4-5. Create a user name and password. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 4-5 Users Dialog Box 4. Select Shared folders in the left area and set a primary directory for the new user, Figure 4-6. Figure 4-6 Directory Setting SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Flash memory. This file can also be uploaded to the TFTP server for view, modification and bulk configuration. zte(cfg-tffs)#cd cfg zte(cfg-tffs)#tftp 192.168.1.102 upload startrun.dat zte(cfg-tffs)#cd .. Importing the Configuration startrun.dat is a configuration file.
ZXR10 5250 Series Configuration Guide To prevent damage to the configuration data, back up the configuration data by using the tftp command. Run the following commands to upload the configuration file in the Flash memory to the back-end TFTP server: zte(cfg-tffs)#cd cfg zte(cfg-tffs)#tftp 192.168.1.102 upload startrun.dat...
Page 41
DHCP snooping-and-option82 is disabled. DHCP client is enabled. DHCP client broadcast-flag is enabled. The following table lists the complete adaptation relation: Device Configuration File Name ZXR10 5250-28TC ZXR10_5250-28TC.dat ZXR10 5250-52TC ZXR10_5250-52TC.dat ZXR10 5250-28SM ZXR10_5250-28SM.dat ZXR10 5250-52PM ZXR10_5250-52PM.dat SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 4-7 Network Architecture for Automatic Configuration File Download The network architecture is shown in Figure 4-7. Set the TFTP server address and version file name on the DHCP server. For example, set the TFTP server address to 10.40.89.78, and the file name to *.dat@zImage.
Assume that the IP address of the TFTP server is 10.40.89.78, and the configuration is saved to the server every 10 days. The configuration commands are as follows: zte(cfg)#set auto-saveconfig serverip 10.40.89.78 zte(cfg)#set auto-saveconfig period 10 zte(cfg)#set auto-saveconfig enable Caution! The enable command should be configured after serverip is configured.
Page 44
In global configuration mode, use the show version command to display the system hardware and software version information. The displayed contents are as follows: zte(cfg)#show version ZXR10 Router Operating System Software, ZTE Corporation: ZXR10 5250-28TC Version Number : 5250 Series V2.05.11B04 Copyright (c) 2001-2013 By ZTE Corporation...
Page 45
2. Restart the switch. On the HyperTerminal, press any key as prompted to enter ZXR10 Boot status. ZXR10 5250-28TC BootRom Version v1.08 Compiled Feb 27 2012 10:32:29 Copyright (c) 2010 by ZTE Corporation. boot location [0:Net,1:Flash] : 0 actport serverip : 10.40.89.78...
Page 46
5. Start the TFTP server software on the back-end computer and configure the TFTP by referring to 4.2 Configuring the TFTP Server. 6. In ZX10 Boot status, enter zte to enter BootManager status of the switch. Enter ? to display the command list for this status. [ZXR10 Boot]:zte [bootManager]: ?
File system configuration includes the following commands: Command Function md <directory name> Creates a directory. zte(cfg-tffs)# remove <file-name> Deletes a file or directory. zte(cfg-tffs)# rename <file-name><file-name> Modifies a file or directory name. zte(cfg-tffs)# 4-15 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 48
ZXR10 5250 Series Configuration Guide Command Function Displays a sub-directory and file. zte(cfg-tffs)# cd <directory name> Changes the current directory. zte(cfg-tffs)# tftp <A.B.C.D>{download | upload}<remote-file-n Uploads or downloads files to/from zte(cfg-tffs)# ame>[<local-file-name>] the TFTP server. tftp commander {download | upload}<remote...
[<string>] user. set user multi-user {enable | Sets the multi-user login function. zte(cfg)# disable} cpu-threshold <30-90> Sets the CPU usage threshold. zte(cfg)# mem-threshold <60-90> Sets the memory usage threshold. zte(cfg)# SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 52
ZXR10 5250 Series Configuration Guide Command Function Saves the current configuration information to the write zte(cfg)# Flash memory and recovers the information when the switch is rebooted. clear user <name> Deletes a user. zte(cfg)# clear reboot-time Clears automatic reboot configuration.
5.2 Port Configuration Port Configuration Overview The port parameters can be configured on the ZXR10 5250. They include auto-negotiation, duplex mode, rate and line detection. The commands include the following types: 1. Port basic parameters configuration SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 54
ZXR10 5250 Series Configuration Guide 2. Port diagnosis 3. Port information view Configuring a Port The port configuration includes the following commands: Command Function set port <portlist>{enable | disable} Enables or disables the port. zte(cfg)# set port <portlist> work-mode {fiber |...
Page 55
Enables or disables the port protection function. zte(cfg)# | disable} set mac protect port <portlist> action Sets the port protection action. zte(cfg)# {shutdown | restrict | protect} show mac protect port <portlist> Displays the port protection state. zte(cfg)# SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide 5.3 PoE Configuration PoE Configuration Overview Power over Ethernet (PoE) is an extended feature that supports network devices with Ethernet electrical ports. The network devices (switches or routers) supporting the PoE function can provide power supply through Twisted Pair for remote Powered Devices (PD)s such as IP phones, WLAN Access Points (APs), or network cameras, which realizes remote power supply.
Page 57
Displays the PoE status of the device. show poe status [port <portlist>] (all configuration modes) Displays the PoE status of the port. show poe config [port <portlist>] (all configuration modes) Displays PoE configuration information. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 58
ZXR10 5250 Series Configuration Guide PoE Configuration Instance Configuration Description A DUT device is directly connected to a PD. Configure a power supply device of PS type. The ZXR10 5250-52PM can be used as a power supply. The ZXR10 5250-52PM provides 15.4 watts of power supply complying with AF standard for 16 ports.
<1-4094> priority Sets RSPAN tag format including zte(cfg)# <0-7>{ingress | egress} VLAN-ID and priority. set mirror statistic sample-interval <1-2047>{ingress | Sets ingress or egress port zte(cfg)# mirroring sample frequency. egress} 5-11 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Figure 5-2 Port Mirroring Configuration Instance Configuration Procedure 1. The following example describes how to set port mirroring in ingress direction. zte(cfg)#set mirror session 1 add source-port 1 ingress zte(cfg)#set mirror session 1 add dest-port 2 ingress zte(cfg)#set mirror statistical sample-interval 100 ingress...
MAC alarm control MAC alarm control can configure the output of the common alarm information of MAC function, for example, the number of learnt MAC addresses is exceeded or the address is drifted. 5-13 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 62
ZXR10 5250 Series Configuration Guide MAC address table Function operation MAC address fixed function MAC address fixed function can transform a dynamic MAC address entry to a static or fixed MAC entry in batches. After transformation, the static entry cannot drift. When the device is rebooted, a fixed MAC address entry can recover and cannot disappear.
Page 63
<1-28> action {shutdown | Sets the MAC protection action. zte(cfg)# restrict | protect} set mac protect port <1-28>{enable | disable} Enables or disables the MAC protection zte(cfg)# function. 5-15 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Command Function show mac (all configuration modes) Displays MAC address entry content. show mac running-config (all configuration modes) Displays MAC configuration information. show mac all-type {port <1-28>| trunk <1-15>| vlan Displays MAC address entry content <1-4094>} (all configuration modes)
Page 65
(PVIDs) of all trunks and unregistered multicast filtering configuration. show trunk [<trunklist>] (all configuration modes) Displays the trunk PVID and unregistered multicast filtering configuration. show trunk <trunklist> vlan (all configuration modes) Displays the VLAN configuration of trunk. 5-17 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide The above result is due to physical link failure. It is recommended to check the physical link status. 5.7 IGMP Snooping Configuration IGMP Snooping Overview Because the multicast address is not in the source address of the packet, the switch cannot learn the multicast address.
Page 69
Adds or deletes the filter of source zte(cfg)# <vlanlist> in the specified VLAN. set igmp filter {add | delete} query port < portlist> Adds or deletes the query packet zte(cfg)# vlan <vlanlist> filter for the specified port. 5-21 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 70
ZXR10 5250 Series Configuration Guide Command Function set igmp filter {add | delete} query trunk < trunklist> Adds or deletes the query packet zte(cfg)# vlan <vlanlist> filter for the specified trunk port. show igmp snooping (global configuration modes) Displays IGMP Snooping global configuration information.
ZXR10 5250 Series Configuration Guide 5.8 MLD Snooping Configuration MLD Snooping Overview Corresponding to the IGMP protocol, MLD is a multicast management protocol in IPv6 environment. MLD v1/v2 is supported. It is impossible to use a multicast address as a source address in a packet, so a switch cannot learn the multicast address.
Page 73
10, 1, 3 and 5 are in VLAN 200, users connected to Ports 1, 3 and 5 send multicast join requests to join the groups ff1e::22 and ff1e::11. Enable the MLD snooping function on the switch and display the snooping result. 5-25 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 75
<1025-65535> Sets SMS server TCP port. zte(cfg-nas)# iptv cdr {enable | disable} Enables or disables CDR log zte(cfg-nas)# function globally. Manually triggers CDR log report iptv cdr report zte(cfg-nas)# at one time. 5-27 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 76
ZXR10 5250 Series Configuration Guide Command Function iptv cdr create-period <1-65535> Sets the interval for creating CDRs zte(cfg-nas)# when users watch programs for a long time. iptv cdr deny-right {enable | disable} Enables or disables CDR function zte(cfg-nas)# when the access authorization is deny.
Page 77
(all configuration modes) Displays IPTV preview global configuration information. show iptv view-profile [name <viewfile-name>| id <0-1023>] (all Displays preview configuration file configuration modes) information. show iptv cdr (all configuration modes) Displays global CDR configuration information. 5-29 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 78
ZXR10 5250 Series Configuration Guide Command Function show iptv client [{channel <0-1031>| index <0-255>| mac Displays IPTV user information. <HH.HH.HH.HH.HH.HH>| port <portid>| vlan <1-4094>}] (all configuration modes) show iptv rule [ port <portid>][vlan <1-4094>][channel | package] Displays IPTV rule information.
Page 79
4000 group 225.1.1.1 name CCTV1 id 1 zte(cfg-nas)#iptv port 1 service start zte(cfg-nas)#iptv port 1 control-mode channel zte(cfg-nas)#iptv port 1 channel id-list 1 order zte(cfg-nas)#iptv port 1 add mvlan 4000 uvlan 100 Configuration Verification Check configuration zte(cfg-nas)#show iptv rule MaxRuleNum:64...
ZXR10 5250 Series Configuration Guide Same mapping relationship between a VLAN and an instance. Switches should be connected directly. Multiple spanning trees can be configured in each MSTP area, and they are independent from each other. Each spanning tree is an Internal Spanning Tree (IST), and it can be called as Multiple Spanning Tree Instance (MSTI).
After the network has completed the spanning tree calculation, if a new switch is involved and the numerical value for its bridge ID is lower than that for the root bridge, the new 5-35 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 84
ZXR10 5250 Series Configuration Guide switch will become the new root bridge to replace the old root bridge, which causes the entire network to recalculate the spanning tree. To avoid this situation, port root protection can be configured on the port where a new switch accesses the network.
Page 85
Deletes the MSTP domain name. clear stp name zte(cfg)# show stp (all configuration modes) Displays STP global configuration information. show stp instance [<0-63>] (all configuration modes) Displays the state information of the instance. 5-37 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Command Function show stp port [<portlist>] (all configuration modes) Displays the STP port configuration information. show stp trunk <trunklist> (all configuration modes) Displays STP trunk configuration information. STP Configuration Instance Configuration Description Configure the STP function of switch 1 and switch 2, take switch 1 as the root bridge and block a redundant port in the loop.
Figure 5-10 RSTP Configuration Instance Configuration Procedure zte(cfg)#set stp enable /*enable STP protocol of switch1 and switch2*/ zte(cfg)#set stp forceversion rstp /*set forceversion of stp as rstp*/ Configuration Verification 1. Check the STP state of switch 1 in the system view.
The configuration is as follows: establish mapping between instance 1 and service VLAN10-20; set Name to zte and Revision to 10. Take switch 1 as the root bridge in instance 1. See Figure 5-11.
Page 89
(cfg)#set stp name zte /*set switch1 and switch2 in the same area*/ zte(cfg)#set stp revision 10 zte(cfg)#set stp instance 1 add vlan 10-20 Configuration Verification 1. Check the STP state of switch 1 and switch 2 in the system view.
TCP source port number, TCP destination port number, UDP source port number, UDP destination port number, DiffServ Code Point (DSCP), source MAC address, destination MAC address, source VLAN ID and 802. 1p priority value. 6. Basic egress ACL: Only matches source IP address. 5-43 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 92
ZXR10 5250 Series Configuration Guide 7. Extended egress ACL: Matches the source IP address, destination IP address, IP protocol type, TCP source port number, TCP destination port number, UDP source port number, UDP destination port number, ICMP type, ICMP Code and DiffServ Code Point (DSCP).
Page 93
ACL is used to match ARP packets. any][<dest-mac><dmac-mask>| any]} rule <1-500>{permit | deny} other Sets the rule that a layer-2 ingress zte(link-acl-group)# {[ether-type <1501-65535>| dsap-ssap <0-65535>][cos ACL is used to match packets <0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| except IP/ARP packets. any][<dest-mac><dmac-mask>| any]} 5-45 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 94
ZXR10 5250 Series Configuration Guide Command Function rule <1-500>{permit | deny} any [cos Sets the rule that a layer-2 ingress zte(link-acl-group)# <0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| ACL is used to match packets with specified cos, VLAN id, smac, and any][<dest-mac><dmac-mask>| any] dmac flags. clear ingress-acl link number <200-299>...
Page 95
ACL instance. rule <1-16>{permit | deny} port Sets the rule that a global ingress zte(global-acl-group)# {<1-28>| any}<ip-protocol>{<source-ipaddr><sip-mask>| any}{<d ACL matches specified fields of estination-ipaddr><dip-mask>| any}[dscp <0-63>][fragment][cos IPv4 packets. <0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>| any] 5-47 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 96
ZXR10 5250 Series Configuration Guide Command Function rule <1-500>{permit | deny} port Sets the rule that a global ingress zte(global-acl-group)# {<1-28>| any} ip {<source-ipaddr><sip-mask>| any}{<destina ACL matches IPv4 packets. tion-ipaddr><dip-mask>| any}[dscp <0-63>][fragment][cos <0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| any][<dest-mac><dmac-mask>| any] rule <1-500>{permit | deny} port...
Page 97
VLAN id, and dmac any] flags. clear egress-acl link number < 600-699> Clears a layer-2 egress ACL zte(cfg)# instance. config egress-acl hybrid number < 700-799> Creates a hybrid egress ACL zte(cfg)# instance and configures it. 5-49 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 98
ZXR10 5250 Series Configuration Guide Command Function rule < 1-500>{ permit | Sets a hybrid egress ACL that zte(egress-hybrid-acl)# matches specified fields of IPv4 deny}< ip-protocol>{< source-ipaddr>< sip-mask>| any}{< destination-ipaddr>< dip-mask>| any}[ dsscp < 0-63>][ fragment][ packets. coss < 0-7>][< vlan-id>[< vlan-mask>]][< source-mac><...
2 deny arp any 192.168.0.1 255.255.255.255 zte(ingress-hybrid-acl)#exit zte(cfg)#set port 1-24 acl 300 enable zte(cfg)#set time-range worktime range period 09:00 to 18:00 daily zte(cfg)#set time-range worktime acl 300 rule 1 enable zte(cfg)#set time-range worktime acl 300 rule 2 enable 5.12 QoS Configuration QoS Overview can provide end-to-end data exchange with a high quality.
Page 101
<1-28> trust-mode Sets the port trusted mode. zte(cfg)# {dscp-priority | port-profile | user-priority} set qos priority-mapping port <1-28>{remapping-dscp Sets packet UP/DSCP zte(cfg)# | remark {dscp-priority | user-priority}}{enable | disable} remark/remapping based on the port. 5-53 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 102
ZXR10 5250 Series Configuration Guide Command Function Sets the mapping relation between set qos priority-mapping qos-profile dscp-to-dscp zte(cfg)# <0-63> to <0-63> DSCPs . set qos priority-mapping port <1-28> port-to-profile Sets the mapping relation between zte(cfg)# qos-profile <0-127> the port and the QoS profile.
Page 103
[<0-127>| dscp-to-dscp | Displays various priority-mapping dscp-to-profile | up-to-profile] (all configuration modes) configuration related to the QoS profile. show qos queue-schedule mode (all configuration modes) Displays QoS queue scheduling unit. 5-55 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 104
ZXR10 5250 Series Configuration Guide Command Function show qos queue-schedule port <1-28> (all configuration modes) Displays the queue scheduling policy of each queue of the port. show qos queue-schedule session [<1-7>] (all configuration modes) Displays the configuration of scheduling policy template.
Page 105
<1-828> rule <1-500> Clears the configuration that zte(cfg)# the specified flow implements harddrop operation. clear qos policy-counter <counterlist> Clears the counter that counts the zte(cfg)# specified flow. 5-57 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Chapter 5 Service Configuration zte(cfg)#set qos traffic-limit ge-port 24 data-rate 2000 zte(cfg)#set qos traffic-shaping ge-port 26 data-rate 20 burst-size 10 Configuration Verification zte(cfg)#show qos traffic-shaping port 26 Port Egress Traffic Shaping Table: Port ID : 26 Port Shaping Rate (Kbps)
Page 108
ZXR10 5250 Series Configuration Guide The ZXR10 5250 series switches support four PVLAN sessions. Each PVLAN session supports an unlimited number of hybrid ports. Each PVLAN supports an unlimited number of isolated or community ports. Configuring PVLAN The PVLAN configuration includes the following commands:...
ZXR10 5250 Series Configuration Guide Configuration Verification Display the aggregation state of Switch 2 and Switch 3: zte(cfg)#show lacp aggregator 1 Group 1 Actor Partner ------------------------------- ---------------------------- Priority : 32768 32768 00.d0.d0.02.00.54 00.d0.d0.29.52.06 Ports 2, 1 2, 1 5.15 IPv4 Layer 3 Configuration...
Page 113
Chapter 5 Service Configuration The ZXR10 5250 series system supports the hardware routing function to increase IP packets forwarding speed. To configure the IPv4 layer-3 function, use the config router command to enter the layer-3 configuration mode first. Configuring IPv4 Layer 3 Functions...
Displays IPv6 device neighbor information, similar to the function of the show arp command in IPv4. ping6 <ipv6Addr>[<0-65535>[<48-1280>[<1-255>[<0- Checks network connectivity, zte(cfg)# 65535>]]]] similar to the function of the ping command in IPv4. 5-67 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Layer-3 IPv6 Configuration Instance Configuration Description On a switch, configure IPv6 address 12:12::c055:40, bind VLAN 300, configure the gateway, and set the port connected to the PC to port 10. On a PC, configure an IPv6 address and interface route.
ARP packets on a non-trusted port to the CPU is limited. See Figure 5-19. Figure 5-19 DAI Configuration InstanceTopology Configuration Procedure zte(cfg)#set dhcp snooping-and-option82 enable zte(cfg)#set dhcp snooping add port 49,50 zte(cfg)#set dhcp port 49 client zte(cfg)#set dhcp port 50 server zte(cfg)#show dhcp snooping 5-69 SJ-20131111172707-002|2013-11-27 (R1.0)
ZXR10 5250 Series Configuration Guide DHCP snooping is enabled on the following port(s): PortId PortType ------ -------- Client Server zte(cfg)#set arp-inspection vlan 1 enable zte(cfg)#set arp-inspection port 49 untrust zte(cfg)#set arp-inspection port 49 limit 15 zte(cfg)#set arp-inspection validate ip enable...
Page 119
The NAS communicates with the Radius Server through RADIUS packets. Attributes in the RADIUS packets are used to transfer the detailed authentication, authorization, and billing information. 5-71 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide The EAP protocol is used between the switch and the subscriber. Three types of identity authentication methods are provided between the RADIUS servers: PAP, CHAP, and EAP-MD5. Any of the methods can be used according to different service operation requirements.
Figure 5-22 Using EAP Mode for Identity Authentication Configuring Access Service The access service configuration includes the following commands: Command Function set port <portlist> vlanjump {enable [defaultauthvlan Enables or disables the vlan jump zte(cfg)# <1-4094>]| disable]} after user 802.1x authentication. 5-73 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 122
ZXR10 5250 Series Configuration Guide Command Function dot1x re-authenticate {enable | disable} Enables or disables zte(cfg-nas)# re-authentication function. dot1x re-authenticate period <1-4294967295> Sets the time interval for zte(cfg-nas)# re-authentication. dot1x quiet-period <0-65535> Sets quiet period of authentication. zte(cfg-nas)# dot1x tx-period <1-65535>...
Page 123
[<portlist>] (all configuration modes) Displays port AAA configuration information. radius isp <ispname>{enable | disable} Adds or deletes one ISP domain. zte(cfg-nas)# radius isp <ispname>{add | delete}accounting Adds or deletes accounting server zte(cfg-nas)# <A.B.C.D>[<0-65535>] in the ISP. 5-75 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 124
ZXR10 5250 Series Configuration Guide Command Function radius isp <ispname>{add | delete} authenticate Adds or deletes authentication zte(cfg-nas)# <A.B.C.D>[<0-65535>] server in the ISP. radius isp <ispname> client <A.B.C.D> Sets RADIUS client end address. zte(cfg-nas)# radius isp <ispname> sharedsecret <string> Sets the shared password of the zte(cfg-nas)# ISP domain (public key).
ZXR10 5250 Series Configuration Guide When the authentication request succeeds, view the user information by using the show client command. zte(cfg)#show client MaxClients : 256 HistoryAccessClientsTotal : 1 OnlineClients: 1 HistoryFailureClientsTotal: 0 Flags:I-Index,Au-Authorized,P-PortId,US-UpSpeed,DS-DownSpeed,Y-yes,N-no UserName Au P Vlan MacAddress ElapsedTime --- ------------- -- ---- ---- ----------------- ------ ------ ------------ liushujie 00.19.e0.1a.97.dd 0...
VLAN 10, which is determined by the PVID. 2. The uplink port of switch A inserts the outer tag (VLAN ID: 10) when forwarding the data packet received from the customer port. The tpid of this tag can be configured 5-79 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 128
ZXR10 5250 Series Configuration Guide on the switch. Inside the ISP network, the packet is broadcast along the port of VLAN 10 until it reaches the switch B. 3. Switch B finds out that the port connected to user network 2 is a customer port. Thus, it removes the outer tag in compliance with the conventional 802.1q protocol to recover...
997,998 add port 1 untag zte(cfg)#set vlan 997,998 add port 2 tag zte(cfg)#set vlan 10,12,997,998 enable zte(cfg)#set vlan sqinq session 1 customer-port 1 customer-vlan 10 uplink-vlan 997 zte(cfg)#set vlan sqinq session 2 customer-port 1 customer-vlan 12 uplink-vlan 998 Configuration Verification The following example shows how to show the SVLAN instance.
Page 131
<vlanlist> add port <portlist>[untag | tag] Adds a port to a VLAN and zte(cfg)# configures the location in the VLAN. set vlan <vlanlist> delete port <portlist> Deletes the port from a VLAN. zte(cfg)# 5-83 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 132
Note: By default, VLAN1 is enabled, all ports are in VLAN1 and in untag mode. Configuration Procedure zte(cfg)#set vlan 100 add port 1, 2 untag zte(cfg)#set vlan 100 add port 7, 8 tag zte(cfg)#set port 1, 2 pvid 100 zte(cfg)#set vlan 100 enable...
ZXR10 5250 Series Configuration Guide 5.23 VLAN Mapping Configuration VLAN Mapping Overview The VLAN Mapping, namely N to One VLAN mapping, implements the VLAN convergence function by establishing mapping between customer VLAN and service provider VLAN by replacing the outer VLAN tags in the data frames. This way, customer services can be transmitted according to operator’s network planning.
Uplink: replace the CVLAN with SVLAN based on “Interface+customer VLAN”. Downlink: replace the SVLAN in the outermost layer with CVLAN based on “SVLAN + Destination MAC address”. The whole system supports 400 sessions, and up to 400 CVLANs can be supported. 5-87 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 136
ZXR10 5250 Series Configuration Guide Configuring VLAN Mapping The VLAN mapping configuration includes the following commands: Command Function set vlan mapping session <session_id> customer-port Sets the VLAN Mapping function. zte(cfg)# <port-id> customer-vlan <vlan-list> uplink-vlan <vlan-id> When the VLAN Mapping is enabled, the uplink traffic is normally forwarded in SPVLAN.
The following example shows how to configure the VLAN Mapping instance. zte(cfg)#set vlan 1-100,1000 add port 1,24 tag zte(cfg)#set vlan 1-100,1000 enable zte(cfg)#set vlan mapping session 1 customer-port 1 customer-vlan 1-100 uplink-vlan 1000 Configuration Verification The following example shows how to show the SVLAN instance.
ZXR10 5250 Series Configuration Guide The Syslog protocol can classify the log information into eight levels from the highest to the lowest level of importance. For a description of the levels, refer to Table 5-2. Table 5-2 Syslog Log Information...
ZXR10 5250 Series Configuration Guide Command Function set ntp timezone <(-12)-(+13)> Sets NTP time-zone. zte(cfg)# set ntp {enable | disable} Enables or disables NTP. zte(cfg)# set ntp src-udp-port {123 | 1000} Sets the ID of the udp port through zte(cfg)# which NTP messages are sent.
Configuration Procedure 1. Configuration of switch A: zte(cfg)#set garp enable zte(cfg)#set gvrp enable zte(cfg)#set gvrp port 1 enable zte(cfg)#set vlan 10-20 enable zte(cfg)#set vlan 10-20 add port 1 2. Configuration of switch B: 5-93 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 142
ZXR10 5250 Series Configuration Guide zte(cfg)#set garp enable zte(cfg)#set gvrp enable zte(cfg)#set gvrp port 1 enable zte(cfg)#set vlan 30-40 enable zte(cfg)#set vlan 30-40 add port 1 Note: 1. The GARP function must be enabled first before the GVRP function is enabled.
Use Option82 technique to provide more additional information, and then strengthen the network safety ability. In the DHCP service system, the ZXR10 5250 series switches are provided with a lot of automatically deployed functions. For details, refer to Downloading the Software Version Automatically.
Page 144
ZXR10 5250 Series Configuration Guide Command Function set dhcp snooping bind-entry mac <HH.HH.HH.HH.HH Adds static user information zte(cfg)# .HH> ip <A.B.C.D> vlan <1-4094> port <1-28> binding entry. set dhcp snooping bind-entry mode port <portlist>{hold Sets the binding mode of the...
Page 145
Clears the configuration requesting zte(cfg-router)# {dns-server | domain-name | route | static-route | tftp-server-name} DHCP server to return various information. Reads DHCP binding entry from set dhcp snooping bind-entry database read zte(cfg)# the Flash memory. 5-97 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 146
ZXR10 5250 Series Configuration Guide Command Function Recovers binding entry from the set dhcp snooping bind-entry database recovery{ zte(cfg)# disable | enable } Flash memory after restarted. Writes DHCP binding entry into set dhcp snooping bind-entry database time-write zte(cfg)# {disable | enable | time <30-65535>} the Flash memory at regular time.
5-32, the PC can get an IP address from a specified DHCP server. Figure 5-32 DHCP Client Configuration Instance Topology Configuration Procedure zte(cfg)#set dhcp client enable zte(cfg)#set vlan 10 add port 49 untag zte(cfg)#set vlan 10 enable zte(cfg)#set port 49 pvid 10 zte(cfg)#config router...
The Dynamic Host Configuration Protocol of IPv6 (DHCPv6) is used by a network host to dynamically request host configuration from a server. The ZXR10 5250 series system supports the following DHCPv6 functions: DHCPv6 snooping function: DHCPv6 servers and clients do not support authentication mechanism.
Page 150
ZXR10 5250 Series Configuration Guide Command Function set dhcpv6 option37 {enable | disable} Enables or disables the DHCPv6 zte(cfg)# snooping function globally. set dhcpv6 option37{add | delete} port <portlist> Enables or disables the DHCPv6 zte(cfg)# Option37 function on a port.
ZXR10 5250 Series Configuration Guide 5.29 VBAS Configuration VBAS Overview The Virtual Broadband Access Server (VBAS) is not physical equipment but a protocol standard, which is developed by China Telecom. The VBAS is used to solve the problem of wide-band user identifier.
ZXR10 5250 Series Configuration Guide cascade port : none 5.30 PPPoE-PLUS Configuration PPPoE-PLUS Overview The typical user location technology has PPPoE-PLUS (PPPoE+) besides VBAS and DHCP OPTION82. PPPOE+ technology inserts user location information in PADI/PADR message by monitoring the PAD packet interacting procedure between PC and BAS server.
5.31 ZESR Configuration ZESR Overview ZESR is a private ring network protection technology developed by ZTE Corporation. Evolved from EAPS, ZESR ensures that there is only one logically connected path between any two nodes in the ring network. Basic ZESR Concepts...
Page 156
ZXR10 5250 Series Configuration Guide Name Description ZESR Node Role A ZESR node can act as a master node, a transit node, an edge control node, or an edge assistant node. A master node implements the control function and transmits data in a ring.
When the link between switch B and switch C recovers from disconnection, the secondary port of the master node is blocked again, the ring is switched to UP state, and the entire ZESR region returns to the state shown in Figure 5-37. 5-109 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide link-hello Link Connectivity Detection Overview Figure 5-39 shows the transmission link fault diagram. Switch C does not have a direct connection with switch D. They are interconnected with each other through transmission links. When the transmission link marked in red in the middle of the transmission links encounters a bidirectional connectivity failure, switch C and switch D are still in UP state.
Page 159
The preforward time: takes effect during link failure recovery. During the failure recovery, the faulty port still remains blocked for some time for the master node to block the secondary port first to avoid temporary loops. 5-111 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 160
ZXR10 5250 Series Configuration Guide Step Command Function After the master node blocks the secondary port, it will inform the node where the faulty port is located to unblock the faulty port immediately. If the node where the faulty port is located does not...
Page 161
MAC address of a ZESR protocol packet uses the address 00-E0-2B-00-00-04. Special mode: the destination MAC address of a ZESR protocol packet uses a ZTE-defined address. set zesr restart-time <30-600> Configures the ZESR restart time (s). ZXR10(config)# Default: 120. Restart-time: the ZESR initialization time during the device startup.
Page 162
ZXR10 5250 Series Configuration Guide Step Command Function set zesr tcn-sending {port Configures to enable or disable the TCN ZXR10(config)# <portlist>| trunk <trunklist>}{enable | disable } packet sending function on a port. By default, a port is configured not to send TCN packets.
Switch_B(config)#set stp forceversion mstp Switch_B(config)#set stp instance 1 add vlan 100-110 /*Run the following command to configure the ZESR domain with VLAN 4000 as the control VLAN and protection instance 1 as the protection instance.*/ 5-115 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 164
ZXR10 5250 Series Configuration Guide Switch_B(config)#set zesr ctrl-vlan 4000 protect-instance 1 /*Run the following command to configure switch B as the transit node of the primary ring with port 1/1 as its primary port and port 1/2 as its secondary port.*/...
Page 165
1/2 as its secondary port. Switch A is also the master node in ZESR domain 2 with port 1/2 as its primary port and port 1/1 as its secondary port. Switches B to D are the transit nodes in both ZESR domains. 5-117 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Note: When multiple ZESR domains are configured on a physical ring, service data traffic in different ZESR domains can be planned to go through different paths by proper settings to achieve load balancing. Figure 5-41 ZESR Single-Ring Multi-Domain Configuration Example Configurations on switch A: /*Run the following commands to configure the spanning tree instance.*/...
Page 167
In order for switch C and the top network to perceive the topology change of the underlying network, port 1/1 of switch A and port 1/1 of switch B are enabled with the TCN packet sending function to notify the network topology change upwards. 5-119 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 5-42 ZESR Dual-Node Dual-Uplink Configuration Example Configurations on switch A: /*Run the following commands to configure the spanning tree instance.*/ Switch_A(config)#set stp enable Switch_A(config)#set stp forceversion mstp Switch_A(config)#set stp instance 1 add vlan 100-110 /*Run the following command to configure the ZESR domain with VLAN 4000 as the control VLAN and protection instance 1 as the protection instance.*/...
MAC address table. The control VLAN is not required for a ZESS domain. If the control VLAN is not configured, no Flush packets will be sent during ZESS link switching. 5-121 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Name Description Receive-VLAN A Receive-VLAN can be configured on the device that is connected with a ZESS node and should have the same VLAN ID as that of the control VLAN of a ZESS node.
Page 171
It waits for the preup time before it implements the switching, to prevent the switching from occurring when the primary link recovery is still unstable. 5-123 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Step Command Function Configures a port to enable the capability of set zess receive-vlan ZXR10(config)# <1-4094>{port <port-name>| trunk receiving Flush packets from a designated <trunk-name>} control VLAN. Clears the Flush packet receiving capability clear zess receive-vlan ZXR10(config)# {<1-4094>| all}...
To enhance flexibility and compatibility of the switch, PP provides the function of configuring priority users for the protocol packets sent by the switch. Configuring PP The PP configuration includes the following commands: 5-125 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 174
ZXR10 5250 Series Configuration Guide Command Function Creates a mac drop rule. create protocol-protect mac-drop rule zte(cfg)# <1-128> src-mac <HH.HH.HH.HH.HH.HH> mask <HH.HH.HH.HH.HH.HH> set protocol-protect alarm port <portlist>{enable | Enables or disables the PP alarm zte(cfg)# function on a port. disable} set protocol-protect alarm port <portlist>{protocol-na...
Chapter 5 Service Configuration Figure 5-45 PP Configuration Instance Configuration Procedure zte(cfg)#set igmp snooping enable zte(cfg)#set igmp snooping add vlan 1 zte(cfg)#set dhcp snooping-and-option82 enable zte(cfg)#set dhcp snooping add port 1-3 Configuration Verification Use Host 1 to send DHCP Discover packets. View alarm information on the switch.
Page 176
ZXR10 5250 Series Configuration Guide 3. The MIB of the local device stores the network management information of all neighbor devices, and a network management program can query layer-2 connection information in the MIB. The LLDP is not a configuration protocol of the remote system or a signaling control protocol used between two ports.
Page 177
5-46, two switches are connected to each other through a twisted-pair. By default, the LLDP function is enabled, and all parameters use the default values. Use the show command to view neighbor establishment information. 5-129 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Single Port Loop Detection Configuration Instance Configuration Description Figure 5-47, configure the single port loop detection function so that Port 1 on Switch 1 can detect the loop on Switch 2 and block Port 1.
In aggressive mode, if the device cannot confirm that the link is working properly in both directions (such as the link is connected incorrectly, the link is working properly 5-133 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 182
ZXR10 5250 Series Configuration Guide only in one direction or the link is a self-loop), the port is shut down. It is necessary to use the reset or recovery command to recover the communication ability of the port. UDLD shuts down a port in the following situations.
Port mode: Aggressive(Aggr) Current state: Unidirectional Detected link failure Recovery configuration: Disable Recovery time interval: 30s Message time interval: 15s Force check configuration: Disable Force check time: 30s, Remaining: 0s No neighbour information stored 5-135 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide 5.37 TACACS+ Configuration TACACS+ Overview Terminal Access Controller Access-Control System Plus (TACACS+) is developed from TACACS and XTACACS. It is the latest version of TACACS (not compatible with the previous two versions). It is a popular AAA protocol at present.
5-50, the switch works as a TACACS+ client and its IP address is 192.168.1.1/24. The Windows server works as a TACACS+ server and its IP address is 192.168.1.100/24. Figure 5-50 TACACS+ Configuration Instance Configuration Procedure zte(cfg)#set loginauth tacacs-plus+local zte(cfg)#set adminauth tacacs-plus+local zte(cfg)#config router 5-137 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Clears a specific OUI configured zte(cfg)# on a port. show vlan voice-vlan (all configuration modes) Displays voice configuration on all ports. show vlan voice-vlan port <port-id> (all configuration modes) Displays voice configuration on a port. 5-139 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Set the following MAC-based VLAN rule for port 1: Assign the VLAN "vlan100" to all untagged frames whose source MAC address is 00.00.00.00.00.01 and assign the VLAN "vlan200" to all untagged frames whose source MAC address is 00.d0.d0.00.00.00. Configuration Procedure Configure a MAC-based VLAN instance: 5-141 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
100 zte(mac-based-vlan)#rule 2 mac-address 00.d0.d0.00.00.00 mac-mask ff.ff.ff.00.00.00 vlan 200 zte(cfg)#set vlan mac-based port 1 session 1 bind 5.41 DHCP Relay Configuration DHCP Relay Overview DHCP Relay interacts with both the Client and the Server, acting different roles. From the view of the DHCP Client, the DHCP Relay Agent can be considered as its DHCP Server and the DHCP Relay implements the response to the IP address requests from the Client.
Page 191
Clears the DHCP relay information zte(cfg-router)# <A.B.C.D>} of ipport. set dhcp relay server <A.B.C.D> Sets a global DHCP server. zte(cfg-router)# Sets a global ipport for a DHCP set dhcp relay global-ipport <0-63> zte(cfg-router)# relay. 5-143 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 193
DHCP server mode ipport DHCP server retry DHCP relay option82: disable zte(cfg)#show dhcp relay option82 port 1 DHCP option82 sub-option information on port 1: Circuit-ID: Disabled Remote-ID: Enabled Format: Cisco DHCP option82 mode information on port 1: Default zte(cfg)#show ipport 0...
Page 194
ZXR10 5250 Series Configuration Guide access router compulsively. The gateway can monitor traffic and prevent attacks among users, which improves network security. There are two types of MFF ports: user ports and network ports. MFF user ports are connected to terminal users. When receiving an ARP packet from a user port, the switch maintains an MFF user table, and replies with a response.
MFF. The configuration for dynamic MFF is similar, but it is necessary to configure the DHCP snooping function. For details, refer to 5.27 DHCP Configuration. Figure 5-53 MFF Configuration Instance 5-147 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
1/1,1/2,1/4 pvid 400 Configure the MFF attributes for the ports and VLAN: à zte(cfg)#set mff vlan 400 add port 1/1 userport zte(cfg)#set mff vlan 400 add port 1/2 userport zte(cfg)#set mff vlan 400 add port 1/4 network Configure an intra-VLAN gateway: à...
Done! zte(cfg)#set ssl en The current ca is for ipaddress 192.168.100.110, Please make sure ip of the switch matches. Then upload /flash/data/root.cer, and import to explore,the ssl is availible. zte(cfg)#config tffs zte(cfg-tffs)#cd data 5-149 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide zte(cfg-tffs)#tftp 192.168.100.109 upload root.cer Set the browser: Set the browser as the SSL client on the PC, so that you can access the switch through HTTPS to perform Web-based management. 1. Import the root.cer file in the browser.
Based on the wizard, click Next, a dialog box is displayed. Select the root.cer file. Complete the certificate import procedure. Close the dialog boxes, and restart the browser. 2. Open the SSL login page. 5-151 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide After the SSL function is enabled for the switch, enter https://<ip address of the switch> in the address bar of the browser. The SSL login page is displayed, see Figure 5-58. Figure 5-58 SSL Login Page 3.
Page 201
ERPS eliminates logical loops by blocking some ports on the ring. When some links in the ring have their status changed (from up to down or from down to up), ERPS can switch a logical path immediately. 5-153 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide As shown in Figure 5-60 Figure 5-61, an ERPS domain is configured on switches A, B, C, and D. Switch A is the owner node, and its port 1/2 is an RPL port. Switch B is the neighbor node.
Page 203
After the FS/MS command is executed, the corresponding port is set to block status. Displays the primary configuration of each show ERPS brief ERPS domain. show ERPS domain <1-4> Displays detailed information about the ERPS domain. 5-155 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Configuration Example of a Single ERPS Domain Figure 5-62 shows that an ERPS domain is configured on switches A to D. This type of configuration is called single-domain, single-ring. The configuration is as follows: Protection instance 1 is configured for the ERPS domain. In this instance, the dedi- cated VLAN (VLAN 4000) is used to protect VLANs 100 to 110.
Page 205
1/2 is an RPL port), and it is an owner node in domain 2 (the related ports are ports 1/1 and 1/2, where port 1/2 is also an RPL port). Both switches C and D are none nodes in domains 1 and 2. 5-157 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Note: If a physical ring has multiple ERPS domains, you can plan different paths for the service traffic related to different ERPS domains through the proper configuration, so that load balancing can be implemented. Figure 5-63 Configuration Example of Multiple ERPS Domains...
Page 207
/*The following command configures switch C to be a none node in domain 2:*/ Switch_C(config)#set ERPS domain 2 ring-id 2 raps-vlan 4001 ring-east port 1/1 ring-west port 1/2 The configuration on switch D is the same as that on switch C. 5-159 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide 5.45 Debug Module Configuration Introduction to the Debug Module The Debug module is added for debugging the DHCP, dot1x, IP, ARP, and SNMP protocols. This module configures the commands for locating faults in message sending and receiving, message statistics, and procedure printing.
Page 209
The following information is an example of the host receiving or sending ARP messages: zte(cfg)#ARP: received request scr 168.1.23.5 0000.0000.0001, dst 168.1.23.218 ipport 1 Enter disable to disable the debug function. 2. Run the debug protocol layer3 ip enable command to the debug information of IP messages, including the link-mtu parameter of IP ports, MAC addresses for receiving messages, and size of IP messages.
Page 210
ZXR10 5250 Series Configuration Guide IP: size of packet: 60, link mtu: 1500 IP: received packet mac:002421738150 --> mac:002293634f70 on port 1 IP: pointer to allocated buffer for port 0001, 2113040, bytes: 114 IP: pointer to send packet for port 0001, 211304c...
Page 211
!!! user not find, can't send trap! decode msg header successfully!!! decode msg context successfully!!! ***encode successfully !!!*** 5-163 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 212
ZXR10 5250 Series Configuration Guide This page intentionally left blank. 5-164 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 213
Permits or denies switch access zte(cfg)# nmp | telnet | ssh | web}{permit | deny}] from a specified IP address or network segment through SSH/SNMP/Telnet/Web. clear remote-access all Deletes all IP address zte(cfg)# configurations. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 214
ZXR10 5250 Series Configuration Guide Command Function clear remote-access ipaddress <A.B.C.D>[<A.B.C.D>] Deletes the configuration of a zte(cfg)# specified IP address and network segment. show remote-access (all configuration modes) Displays the configuration information of Remote-Access. Remote-Access Configuration Instance 1 Configuration Description Only allow the network management user to access the switch from 192.168.1.0/24...
ZXR10 5250 Series Configuration Guide Figure 6-1 SSH Remote Login Example Configuration Procedure 1. Switch configuration zte(cfg)#set ssh enable zte(cfg)#show ssh SSH is enabled. There's no ssh user logging in this system. 2. Software configuration The SSH v2.0 client can use the free software PuTTY developed by Simon Tatham .
Figure 6-3 Setting the SSH Version Number c. For the first time to log in, user confirmation is needed, see Figure 6-4. Figure 6-4 User Confirmation Dialog Box d. The SSH login result is displayed, see Figure 6-5. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-5 SSH Login Result SFTP Configuration Instance Configuration Description Figure 6-6, a layer-3 port is configured on the switch, and the IP address is 192.168.1.1/24. The IP address of the PC is 192.168.1.100/24. The SSH and SFTP server functions are enabled on the switch.
Figure 6-7. Figure 6-7 WinSCP Login Dialog Box—Creating a Session 2. From the left navigation tree, select Environment > SFTP, and then set the parameters (you can use the default settings), see Figure 6-8. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-8 WinSCP Login Dialog Box—Setting SFTP Parameters 3. From the left navigation tree, select Preferences. The Preferences dialog box is displayed, see Figure 6-9. By default, WinSCP fragments large-size files and adds filepart postfix names.
4. Click OK. The WinSCP Login dialog box is displayed. Click Login. When you log in to the SFTP server for the first time, the Warning dialog box is displayed, Figure 6-10. Figure 6-10 Warning Dialog Box 5. Click Yes. The system starts authentication, see Figure 6-11. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
This protects switch configuration from being modified by any user with any permission. Privilege Configuration The Privilege configuration includes the following commands: Command Function privilege {enable | disable} Enables/disables the command zte(cfg)# level function. 6-11 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 224
Configure the switch: /*Enable the privilege function*/ zte(cfg)#privilege enable /*Grant level-12 permission to all functions of the set node*/ zte(cfg)#privilege 12 session 1 part cfg set Configuration Verification 1. Execute the following commands to check the command permission rule. zte(cfg)#show privilege session...
MIBs. SNMP Configuration The SNMP configuration includes the following commands: Command Function Sets the SNMP engine ID of a set engineID zte(cfg-snmp)# device. 6-13 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 226
ZXR10 5250 Series Configuration Guide Command Function set recvpacket <0-100> Sets the number of SNMP zte(cfg-snmp)# messages that the SNMP protocol stack can handle in a unit time. set src-ipport <0-63> Sets the source IP address of zte(cfg-snmp)# SNMP. create community <string>{public |...
Page 227
Create a community named “zte” with the read/write permission and a view named “vvv”, and then associate the community “zte” with the view “vvv”. Set the IP address of the computer receiving traps to 10.40.92.105, and the community to “zte”.
(that is, 60 seconds). Figure 6-15 MAC Change Notification Configuration Network Configuration Procedure zte(cfg-snmp)#set trap macnotification enable zte(cfg-snmp)#set trap macnotification port 1 enable zte(cfg-snmp)#set trap macnotification history-size 50 zte(cfg-snmp)#set trap macnotification interval 60 Configuration Verification If the number of changed MAC entries reaches 50 within one minute, the switch sends trap information when the number reaches 50 instead of waiting until one minute.
ZXR10 5250 Series Configuration Guide number of sent entries is 50. If the number of changed MAC entries does not reach 50 within one minute, the switch sends trap information when one minute expires. The number of sent entries is less than or equal to 50. By default, the MAC change notification function is disabled.
Page 231
The instance describes how to set event 2, history 2, alarm 2 and statistics 1 respectively. The DUT device is directly connected to the network management server. Switch Configuration zte(cfg-snmp)#set event 2 description It'sJustForTest!! zte(cfg-snmp)#set event 2 type logandtrap zte(cfg-snmp)#set event 2 community public zte(cfg-snmp)#set event 2 owner zteNj...
6.6 ZGMP ZGMP Overview ZGMP is ZTE Group Manage Protocol. A cluster is a set of switches in a specific broadcast domain. The switches form a unified management domain, providing an external public network IP address and management interface, and the ability to manage and access each member in the cluster.
ZXR10 5250 Series Configuration Guide Figure 6-16 Cluster Management Network For changeover rules of the four roles of switches within a cluster, see Figure 6-17. 6-22 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
(all configuration modes) Displays detailed ZDP neighbor information. set ztp {enable | disable} Enables or disables the global ZTE zte(cfg-group)# Topology Protocol (ZTP) function. set ztp {port <portlist>| trunk Enables or disables the ZTP zte(cfg-group)# <trunklist>}{enable | disable}...
Page 236
ZXR10 5250 Series Configuration Guide Command Function set ztp hop <1-128> Sets a range (hop count) of zte(cfg-group)# collecting topology information. Sets a time interval for collecting set ztp timer<0-60> zte(cfg-group)# topology information automatically. set ztp portdelay <1-100> Sets a port delay for forwarding zte(cfg-group)# topology requests.
Page 237
2525, the IP address to 100.1.1.10/24, the gateway address to 100.1.1.1, the cluster management VLAN to 4000, the private address pool to 192.168.1.0/24, and the IP address of the TFTP Server in the cluster to 110.1.1.2. 6-25 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Figure 6-18 Cluster Management Network Configuration Procedure 1. Configure the public network IP address of the command switch and the gateway. zte(cfg)#set vlan 2525 enable zte(cfg)#set vlan 2525 add port 1-24 tag zte(cfg)#config router zte(cfg-router)#set ipport 25 ipaddress 100.1.1.10/24 zte(cfg-router)#set ipport 25 vlan 2525 zte(cfg-router)#set ipport 25 enable zte(cfg-router)#iproute 0.0.0.0/0 100.1.1.1...
Page 239
Connecting ... Mem1.zte> Mem1.zte>enable password: Mem1.zte (cfg)#set vlan 4000 enable Mem1.zte (cfg)#set vlan 4000 add port 1-16 tag 4. Delete the cluster created on VLAN 1. Cmdr.ZTE(cfg-group)#set group delete member 1-3 Deleting member id : 1 Successed to del member!
1. Open Microsoft Internet Explorer. 2. Enter the IP address of the switch in the address bar (this address is that switch can connect). The system login interface is displayed, see Figure 6-19. 6-29 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-19 System Login Interface 3. Enter a username and a password, and select a user privilege. The Admin user needs to enter a login password and a management password. Guest users only need to enter a login password.
Port Management Port State Information Check Click the directory tree on the left of the system main page, Configuration > Port > Port State. The port state information page is displayed, see Figure 6-22. 6-31 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-22 Port State Information Page This page displays the following port information: Parameter Description PortClass Port class LinkState Port linkup/linkdown state Duplex Duplex working state of the port Speed Working speed of the port Note: Port linkdown means that port hasn’t a physical connection.
Single Port Configuration Click the Config button in the line of the port to be configured on the port configuration information page. The configuration page of this port is displayed, see Figure 6-24. 6-33 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-24 Single Port Configuration Page Configure the attribute of the selected port on this page. After configuration, click the Apply button to complete the configuration. Note: “Security” and “MacLimit” are conflicting. The two attributes cannot be set to be enabled at the same time.
You can click previous or next to turn pages or select a page number from the GO drop-down list box. This page displays the following information: 6-35 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Parameter Description VlanName VLAN name AdminStatus VLAN enabled or not Tag Ports Port with a tag in the VLAN UntagPorts Port without a tag in the VLAN TagTrunks Trunk with a tag in the VLAN...
à Figure 6-29 Bulk VLAN Configuration Page Admin of Select items is used to enable the VLAN. Port is ordinary port of bulk VLAN configuration. Trunk is trunk group of bulk VLAN configuration. 6-37 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide After setting some attributes on this page, click Apply to complete the configuration. PLAN Management PVLAN Information Check Click Configuration > PVLAN > Pvlan Overview on the left of the main page. The PVLAN information page is displayed, see Figure 6-30.
Port Mirroring Management Port Mirroring Information Check Click Configuration > MIRROR > Mirror Overview on the left of the main page. The mirror information page is displayed, see Figure 6-32. 6-39 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-32 Mirror Information Page This page displays the following information: Parameter Description Source port Mirroring source port Destination port Mirroring destination port Port Mirroring Configuration Click Configuration > MIRROR > Mirror Configure on the left of the main page. The...
When setting the same configuration of bulk aggregation port attribute, click the corresponding check box to select multiple aggregation ports (select Select All to select all ports), and then click Set. The configuration page of bulk aggregation port is displayed, see Figure 6-35. 6-41 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-35 Bulk Aggregation Port Configuration Page After setting attributes of the aggregation port on this page, click Apply to submit. Aggregation Group Information Check Click Configuration > Lacp > Lacp State on the left of the main page.
Otherwise, the network management will be interrupted. Monitoring Information Terminal Log Check Click Monitoring > Terminal Log on the left of the main page. The terminal log information page is displayed, see Figure 6-38. 6-43 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-38 Terminal Log Information Page Click the Refresh button to update terminal log information. Port Statistics Information Check Click Monitoring > Port Statistics on the left of the main page. The port statistics information page is displayed, see Figure 6-39.
This page displays configuration information of the switch. System Maintenance Configuration Saving Page Click Maintenance > Save on the left of the main page. The saving configuration information page is displayed, see Figure 6-41. 6-45 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-41 Saving Configuration Page Click Ok to save configuration or click Cancel to cancel configuration. Caution! Saving configuration will cover the original configuration file. Make sure that the configuration need to be covered before clicking Ok.
If the operation is not correct, the switch cannot work. Unprofessional personnel are not recommended to use this function. User Management Click Maintenance > User Manager on the left of the main page. The user management page is displayed, see Figure 6-44. 6-47 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5250 Series Configuration Guide Figure 6-44 User Management Page By default, the Modify tab is displayed. Modify the login password and management password of the user, and then click Apply to submit. Adding User Click the add button on the user management page. The adding user page is...
The port speed is the same as the default port speed. On (yellow) The port speed is not the same as the default port speed. On (green) The port is in full-duplex mode. On (yellow) The port is in half-duplex mode. 6-49 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 262
ZXR10 5250 Series Configuration Guide Indicator State Description On (green) The STP status of the port is Forward. On (yellow) In other statuses. The STP status of the port is Disable. CPU% On (green) A port indicator displays the current CPU usage.
Internet login service. With this protocol, users can perform operations on a remote switch through a local PC. A ZTE switch can be used as both a Telnet client and a Telnet server. User can set the listening port number when the device is logged in to through Telnet, also user can set the port number and source IP address when the device is used as a Telnet client to log in to another device.
ZXR10 5250 Series Configuration Guide Command Function Sets the port number and source telnet <dest ip-addr> destination-port <port-num><src IP address when the device is zte(cfg)# used as a Telnet client to log in to ip-addr> another device. Sets the listening port number when the device is logged in to set telnet listen-port <port>...
By default, the Telnet service is installed in Windows 2000. Execute the Telnet command on the PC, see Figure 6-48. Figure 6-48 Executing the Telnet Command on the PC For the Telnet login result, see Figure 6-49. Figure 6-49 Telnet Login Result 6-53 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 266
ZXR10 5250 Series Configuration Guide This page intentionally left blank. 6-54 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 267
Monthly Maintenance Items 1. Summarizing daily operations every month. a. Summarizing problems encountered during daily operation. If necessary, discuss with ZTE maintenance engineers. b. Summarizing daily maintenance experience to perform more efficient maintenance in the future. 2. Cleaning the equipment room.
ZXR10 5250 Series Configuration Guide b. Cleaning cable troughs and secure loosened wires. 3. Cleaning the switch. Ensuring that the cloth is not too wet and that the operation does not affect interfaces. 4. Backing up alarm information, statistics information, and configuration information.
/* Wiring pair for sending data in the twisted pair cable */ Cable Test Passed. No problem found. Cable Length is unknown. Example 2 zte(cfg)#show vct port 8 Cable Test Result for Port 8 RX PAIR : Cable Test Passed. Cable is open.
Page 270
ZXR10 5250 Series Configuration Guide Solution 1. Use a correct configuration cable. 2. Check the serial port attributes of HyperTerminal. The correct settings are as follows: Bits per Second (baud rate) is 9600, Data bit is 8, Parity is None, and Flow control is None.
Page 271
: ZXR10 : 00:d0:d0:30:20:10 Press any key to stop autoboot: [ZXR10 Boot]: 2. In [ZXR10 Boot] state, enter [ZXR10 Boot]:zte to enter [BootManager] state of the switch. Enter <?> for command help. [BootManager]: ? - alias for 'help' SJ-20131111172707-002|2013-11-27 (R1.0)
Page 272
ZXR10 5250 Series Configuration Guide - change current path exit - exit from BootManager mode format - format flash - get/put file from/to FTP server help - print online help load - load zImage - list files in current directory...
Page 273
Most students registered and activated their accounts. After the preparation was completed, ZTE’s maintenance engineers enabled the DOT1X function on the access layer devices of the six buildings, as required by the customer. The configuration of the ZXR10 5250 was as follows: Two devices connected to two ports in the same VLAN cannot ping each other.
Page 274
The students’ accounts and configuration were correct, and the configuration of the ZXR10 5250 was correct. Even if ZTE’s maintenance engineers replaced the faulty switch with a new one, the problem still existed. The diagnosis result was that the interconnection between devices of ZTE and company B was faulty.
Page 275
2. Notify the central equipment room of the school to prohibit the computer from accessing the Internet before its hard disk is formatted and the system is reinstalled. 3. Install an ARP virus kill tool on all computers. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 276
ZXR10 5250 Series Configuration Guide This page intentionally left blank. 7-10 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 278
ZXR10 5250 Series Configuration Guide Figure 5-18 Layer-3 IPv6 Configuration Instance ............ 5-68 Figure 5-19 DAI Configuration InstanceTopology ............ 5-69 Figure 5-20 Using PAP Mode for Identity Authentication ......... 5-72 Figure 5-21 Using Chap Mode for Identity Authentication ........5-73 Figure 5-22 Using EAP Mode for Identity Authentication .........
Page 279
Figure 6-17 Changeover Rules of Roles ..............6-23 Figure 6-18 Cluster Management Network.............. 6-26 Figure 6-19 System Login Interface ................ 6-30 Figure 6-20 System Main Interface ................. 6-30 Figure 6-21 System Information Page..............6-31 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 280
ZXR10 5250 Series Configuration Guide Figure 6-22 Port State Information Page ..............6-32 Figure 6-23 Port Configuration Information Page ............ 6-33 Figure 6-24 Single Port Configuration Page ............6-34 Figure 6-25 Bulk Port Configuration Page ............... 6-35 Figure 6-26 VLAN Information Page ............... 6-35 Figure 6-27 VLAN Number Entering Page ..............
Page 281
Table 5-2 Syslog Log Information................5-90 Table 5-3 Basic ZESR Concepts ................5-107 Table 5-4 Basic ZESS Concepts ................5-121 Table 6-1 ZXR10 5250 Port Indicator Descriptions ..........6-49 Table 7-1 Maintenance Period of the Ethernet Switch ..........7-2 SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 282
Tables This page intentionally left blank. SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 283
- Common and Internal Spanning Tree - Class of Service - Common Spanning Tree C-VLAN - Customer VLAN - Dynamic ARP Inspection DHCP - Dynamic Host Configuration Protocol - Delay Measurement - Denial of Service SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 284
ZXR10 5250 Series Configuration Guide DSCP - Differentiated Services Code Point EAPOL - Extensible Authentication Protocol Over LAN EAPS - Ethernet Automatic Protection Switching ERPS - Ethernet Ring Protection Switching - File Transfer Protocol GARP - Generic Attribute Registration Protocol...
Page 285
- Operation, Administration and Maintenance - Organizationally Unique Identifier - Provider Edge - Power over Ethernet PPPoE - Point to Point Protocol over Ethernet PVLAN - Private Virtual Local Area Network - Quality of Service SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...
Page 286
ZXR10 5250 Series Configuration Guide RADIUS - Remote Authentication Dial In User Service - Remote Defect Indication RMON - Remote Monitoring - Ring Protection Link RSTP - Rapid Spanning Tree Protocol - Side Smart Bias Tee SNMP - Simple Network Management Protocol...
Page 287
VLAN - Virtual Local Area Network - Virtual Private Network - Weighted Round Robin - ZTE Discovery Protocol ZESR - ZTE Ethernet Switch Ring ZESS - ZTE Ethernet Smart Switch - ZTE Topology Protocol SJ-20131111172707-002|2013-11-27 (R1.0) ZTE Proprietary and Confidential...