Furukawa LW3008C User Manual

Gpon olt system

page of 677

/ 677
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

LW3008C

GPON OLT system

User Manual

Table of Contents

Need help?

Do you have a question about the LW3008C and is the answer not in the manual?

Questions and answers

Summary of Contents for Furukawa LW3008C

Page 1 LW3008C GPON OLT system User Manual...
Page 2: Table Of Contents
Contents 1. Introduction ..................17 Audience ..................... 17 Document Structure ................17 Document Convention ................. 18 Document Notation................18 Virus Protection ................... 19 2 System Overview ................20 System Features ................. 21 3 Command Line Interface (CLI) ............24 Configuration Mode ................24 3.1.1 Privileged EXEC View Mode ..............
Page 3 4.1.7 Limiting the Number of Login Attempts ............48 4.1.8 Telnet Access ..................... 49 4.1.9 Disconnect Telnet User ................49 4.1.10 System Logout ................... 49 System Rebooting ................51 4.2.1 Maunal System Rebooting ................. 51 4.2.2 Auto Reset Configuration ................51 Configuring Interface ................
Page 4 5.2.2 Auto-Negotiation ..................84 5.2.3 Transmit Rate ..................... 84 5.2.4 Duplex Mode ....................85 5.2.5 Network Service Port ................. 85 5.2.6 Flow Control ....................85 5.2.7 Port Description ..................86 5.2.8 L2 Port Bridge .................... 86 5.2.9 Port Crossover ................... 86 5.2.10 Traffic Statistics ..................
Page 5 6.3.10 Debugging Information ................115 6.3.11 CPU Packet Management................. 116 6.3.12 Running Process ..................120 6.3.13 Displaying System Software ..............121 6.3.14 Displaying Installed OS ................121 6.3.15 Default OS ....................121 6.3.16 Switch Status ................... 122 6.3.17 Forwarding Information Base (FIB) Table ..........122 6.3.18 Tech Support Information .................
Page 6 7.5.2 Facility Code .................... 158 7.5.3 Syslog Bind Address ................158 7.5.4 Syslog Remote-timestamp ............... 158 7.5.5 Debug Message for Remote Terminal ............. 159 7.5.6 Disabling Syslog ..................159 7.5.7 Syslog Local Message Configuration ............159 7.5.8 Displaying Syslog Status................160 Rule and QoS ..................
Page 7 7.14.14 ND Alias ....................221 7.14.15 Displaying Neighbor Discovery ..............222 7.15 ICMP Message Control ..............223 7.15.1 Blocking Echo Reply Message ..............223 7.15.2 Interval for Transmit ICMP Message ............224 7.15.3 ICMP Destination Unreachable Message ..........225 7.15.4 ICMP Redirect Message ................226 7.16 TCP Flag Control ................
Page 8 8.3.9 Root Guard ....................282 8.3.10 Topology Change Detection ..............283 8.3.11 Restarting Protocol Migration ..............284 8.3.12 Loop Back Detection ................284 8.3.13 Sample Configuration ................285 Loop Detection .................. 288 Single IP Management ..............290 8.5.1 Accessing to Slave Switch from Master Switch ........290 8.5.2 Sample Configuration ................
Page 9 9.1.1 IGMP Basic ....................370 9.1.2 IGMP Version 2 ..................372 9.1.3 IGMP Version 3 ..................377 9.1.4 Displaying IGMP Information ..............378 Multicast Functions................380 9.2.1 Multicast Forwarding Database ............... 380 9.2.2 IGMP Snooping Basic ................381 9.2.3 IGMPv2 Snooping ..................384 9.2.4 IGMPv3 Snooping ..................
Page 10 10.2.12 External Routes to OSPF Network ............487 10.2.13 OSPF Distance ..................489 10.2.14 Host Route ....................490 10.2.15 Passive Interface ..................490 10.2.16 Blocking Routing Information ..............490 10.2.17 Summary Routing Information ..............491 10.2.18 OSPF Monitoring and Management ............491 10.2.19 OSPF Debug ....................
Page 11 11.2.10 Maximum Multicast Bandwidth ..............542 11.2.11 ONU Rate Limit Configuration ..............543 11.2.12 Statistics GEM Configuraiton ..............544 11.2.13 ONU Authentication from RADIUS Server ..........544 11.2.14 CFM OAM for ONU Management ............547 11.2.15 Displaying ONU Information ..............551 11.2.16 ONU Reset ....................
Page 12 11.6.6 Displaying Multicast Information .............. 594 11.7 Rate-limit Profile ................595 11.7.1 Creating Rate-limit Profile ................ 595 11.7.2 Configuring Rate-limit Profile ..............595 11.7.3 Saving Rate-limit Profile ................596 11.7.4 Applying Rate-limit Profile ................ 596 11.7.5 Displaying Rate-limit Profile ..............596 11.8 ONU Service Profile ................
Page 13 11.12.8 Saving Pseudowire Maintenance Profile ..........644 11.12.9 Displaying Pseudowire Maintenance Information ........644 11.13 PM Profile ..................645 11.13.1 Creating PM Profile .................. 645 11.13.2 Collecting ONU Traffic Statistics .............. 646 11.13.3 Saving PM Profile ..................646 11.13.4 Displaying PM Profile Information ............646 11.13.5 Displaying ONU Traffic Statistics .............
Page 14 Illustrations Fig. 2.1 Front View of the LW3008C ................20 Fig. 3.1 Overview of Configuration Mode ..............34 Fig. 4.1 Process of 802.1x Authentication ..............69 Fig. 4.2 Multiple Authentication Servers ..............70 Fig. 5.1 Port Mirroring ....................90 Fig. 6.1 Ping Test for Network Status ................
Page 15 General Shared Relay Message Format ............. 348 Fig. 8.42 An Example of Prefix Delegation ..............348 Fig. 8.43 The LW3008C with IGMP Snooping ............367 Fig. 8.44 The LW3008C with PIM-SM ................ 368 Fig. 8.45 The Switch with IGMP Snooping and PIM-SM ..........368 Fig.
Page 16 Tables Tab. 1.1 Overview of Chapters ..................17 Tab. 1.2 Command Notation of Guide Book ............... 18 Tab. 3.1 Main Command of Privileged EXEC View Mode .......... 25 Tab. 3.2 Main Command of Privileged EXEC Enable Mode ........25 Tab. 3.3 Main Command of Global Configuration Mode ..........
Page 17: Introduction
1. Introduction Audience This manual is intended for LW3008C multi-platform GPON OLT system operators and maintenance personnel for providers of Gigabit passive optical network (GPON) and Ethernet services. This manual assumes that you are familiar with the following: Ethernet networking technology and standards •...
Page 18: Document Convention
Document Convention This guide uses the following conventions to convey instructions and information. Information This information symbol provides useful information when using commands to configure and means reader take note. Notes contain helpful suggestions or references. Warning This warning symbol means danger. You are in a situation that could cause bodily injury or broke the equipment.
Page 19: Virus Protection
Virus Protection To prevent a virus infection you may not use any software other than that which is released for the Operating System (OS based on Basis Access Integrator), Local Craft Terminal (LCT) and transmission system. Even when exchanging data via network or external data media(e.g. floppy disks) there is a possibility of infecting your system with a virus.
Page 20: System Overview
Ethernet in the first mile, providing voice, data, and video solutions. The LW3008C is a compact sized GPON Optical Line Terminal (OLT) that is comprised of 8 GPON interfaces and 4 optical 10GbE uplink ports on the front panel. 10GbE interfaces can be used as uplink towards the core network and these interfaces can be used either to cascade other switches or connect to a collocated DSLAM.
Page 21: System Features
MIB also to monitor and manage the LW3008C. IP Routing The LW3008C is Layer 3 switch, which has routing table and IP address as router. Therefore, it supports static routing, OSPFv2 and BGPv4 for unicast routing. Dynamic Host Configuration Protocol (DHCP) The LW3008C supports Dynamic Host Configuration Protocol (DHCP) server that automatically assigns IP address to clients accessed to network.
Page 22 802.3ad, which aggregates multiple links of equipments to use more enlarged bandwidth. Per VLAN Spanning Tree (PVST) The LW3008C supports Per VLAN Spanning Tree (PVST) protocol to enable a bridge to inter- operate. PVST uses the Multiple Spanning Tree Protocol (MSTP) with a single VLAN for each Multiple Spanning Tree instance (MSTI).
Page 23 Outband Management Interface The LW3008C can connect to equipments at remote place by assigning IP address to MGMT interface. Since MGMT interface is operated regardless of status of service port, it is still possible to configure and manage equipment at remote place even though problem such as link disconnection is occurred.
Page 24: Command Line Interface (Cli)
LW3008C connects inband to the cascading switch, and then from the cascading switch to the management network through the outband interface. The LW3008C also provides the RS232 console interface to simply access the system with a provided RJ45-to-DB9 cable.
Page 25: Privileged Exec View Mode
3.1.1 Privileged EXEC View Mode When you log in to the switch, the CLI will start with Privileged EXEC View mode which is a read-only mode. In this mode, you can see a system configuration and information with several commands. Tab.
Page 26: Global Configuration Mode
3.1.3 Global Configuration Mode In Global Configuration mode, you can configure general functions of the system. You can also open another configuration mode from this mode. To open Global Configuration mode, enter the configure terminal command, and then the system prompt will be changed from SWITCH# to SWITCH(config)#. Command Mode Description...
Page 27: Tab. 3.4 Main Command Of Flow Configuration Mode
To open Rule Configuration mode, enter the flow, policer and policy commands, then the system prompt will be changed from SWITCH(config)# to SWITCH(config-flow[NAME])#, SWITCH(config-policer[NAME])# and SWITCH(config-policy[NAME])# . Command Mode Description flow NAME create Opens Flow Configuration mode. policer NAME create Global Opens Policer Configuration mode.
Page 28: Dhcp Pool Configuration Mode
DHCP Pool Configuration Mode In DHCP Pool Configuration mode, you can configure general functions of DHCP per each DHCP pool. The LW3008C supports multiple DHCP environments with this pool-based DHCP configuration. To open DHCP Pool Configuration mode, enter the ip dhcp pool command, then the system prompt will be changed from SWITCH(config)# to SWITCH(config-dhcp[POOL])#.
Page 29: Rmon Configuration Mode
Main Command of DHCP Option 82 Configuration Mode 3.1.7 RMON Configuration Mode In RMON Configuration mode, you can configure RMON alarm, RMON event and RMON history. The LW3008C provides three different configuration modes to configure each type of RMON. Command Mode Description rmon-alarm <1-65535>...
Page 30: Bridge Configuration Mode
Command Description associate Configures associated IP address same with virtual router. authentication Configures password of virtual router group. preempt Activates/deactivates preempt. vr_priority Assigns priority to virtual router. Configures advertisement time, which means the interval that master vr_timers router distributes its information to another virtual router. Tab.
Page 31: Router Configuration Mode
3.1.11 Router Configuration Mode In Router Configuration mode, you can configure IP routing protocols. The LW3008C provides three IP routing protocols such as RIP, BGP and OSPF. To open Rule Configuration mode, enter the router command, then the system prompt will be changed from SWITCH(config)# to SWITCH(config-router)#.
Page 32: Gpon Configuration Mode
Command Description exit Logs out current mode and returns to previous mode. match Classifies routing information to permit or deny. Configures routing information options. Tab. 3.14 Main Command of Route-map Configuration Mode 3.1.13 GPON Configuration Mode In PON Configuration mode, you can configure GPON-related functions. To open GPON Configuration mode, enter the gpon command, then the system prompt will be changed from SWITCH(config)# to SWITCH(gpon)#.
Page 33: Tab. 3.17 Main Command Of Onu Profile Configuration Mode
3.1.13.2 ONU Profile Configuration Mode In ONU Profile Configuration mode, you can configure an ONU profile. To open ONU Profile Configuration mode, enter the onu-profile command, then the system prompt will be changed from SWITCH(gpon)# to SWITCH(config-onu-profile[NAME])#. Command Mode Description onu-profile NAME create GPON Opens ONU Profile Configuration mode.
Page 34: Configuration Mode Overview
GPON Configuration mode SWITCH(gpon)# onu-profile NAME create gpon-olt OLT-ID NAME: ONU profile name GPON-OLT Configuration mode ONU Profile Configuration mode SWITCH(config-gpon-olt[N/N])# SWITCH(config-onu-profile[NAME])# Fig. 3.1 Overview of Configuration Mode Useful Tips This section describes useful tips for operating the LW3008C with a CLI.
Page 35: Listing Available Command
To list available commands, input question mark <?> in the current mode. When you input the question mark <?>, you can see available commands used in this mode and variables following after the commands. The following is the available commands on Privileged EXEC Enable mode of the LW3008C. SWITCH# ? Exec commands:...
Page 36 Press the <ENTER> key to skip to the next list. In case that the LW3008C installed command shell, you can find out commands starting with a specific alphabet. Input the first letter and question mark without space. The following is an example of finding out the commands starting “s”...
Page 37: Calling Command History
Write to terminal SWITCH# write The LW3008C also provides the simple instruction of calling the help string with the help command. You can see the instruction using the command regardless of the configuration mode. To display the instruction of calling the help string for using CLI, use the following command.
Page 38: Using Abbreviation
SWITCH# exit (press the arrow key ↑) SWITCH# interface 1 (press the arrow key ↑) SWITCH# configure terminal (press the arrow key ↑) SWITCH# show clock (press the arrow key ↑) To display the command history, use the following command. Command Mode Description...
Page 39: Using No Command
Disables the function to save a command history. Command history can be saved up to 2,000 by default. 3.3.5 Using No Command LW3008C uses no command to deactivate configured functions or return to default value of the system. 3.3.6 Using Show Command LW3008C uses show command to display configured functions.
Page 40 Command Mode Description exit Exits to the previous command mode. Exits to Privileged EXEC Enable mode. If you use the exit command in Privileged EXEC Enable mode or Privileged EXEC View mode, you will be logged out!
Page 41: System Connection And Ip Address
4 System Connection and IP Address System Connection After installing the system, the LW3008C is supposed to examine that each port is correctly connected to network and management PC. You can connect to the system to configure and manage the LW3008C. This section provides instructions how to change password for system connection and how to connect to the system through telnet.
Page 42: System Login
4.1.1 System Login After installing the LW3008C, finally make sure that each port is correctly connected to PC for network and management. Then, turn on the power and boot the system as follows. Step 1 When you turn on the switch, booting will be automatically started and login prompt will be displayed.
Page 43: Password For Privileged Exec Enable Mode
4.1.3 Password for Privileged EXEC Enable Mode You can configure a password to enhance the security for Privileged EXEC Enable mode. To configure a password for Privileged EXEC Enable mode, use the following command. Command Mode Description Configures a password to begin Privileged EXEC passwd enable PASSWORD Enable mode.
Page 44: Auto Log-Out
4.1.5.1 Creating System Account For the LW3008C, the administrator can create a system account. In addition, it is possible to set the security level from 0 to 15 to enhance the system security. To create a system account, use the following command.
Page 45 4.1.5.2 Security Level For the LW3008C, it is possible to configure the security level from 0 to 15 for a system account. The level 15, as the highest level, has a read-write authority. The administrator can configure from level 0 to level 14. The administrator decides which level user uses which commands in which level.
Page 46 The commands should be input same as the displayed commands by show list. Therefore, it is not possible to input the commands in the bracket separately. SWITCH# show list clear arp clear arp IFNAME clear coredump PID clear ip arp inspection log clear ip arp inspection statistics (vlan VLAN_NAME|) clear ip bgp * clear ip bgp * in...
Page 47 br-vir-eth | gpon-voip-profile | gpon-voip-pf-mgc | gpon-voip-pf-sip | gpon-traffic-pf-voip-svc | gpon- traffic-pf-voip-svc-ip-path | gpon-traffic-pf-voip-svc-uni | gpon-traffic-pf-vrp-svc | keychain | keychain-key | lldp-network-policy | mst | nd-acl | ospf | ospf6 | pppoe- snoop | pppoe-tag-fmt | ra-pol | route-map | rmon- alarm | rmon-event | rmon-history | vrrp | vrrp6} level <0-15>...
Page 48: Limiting Number Of Users
4.1.6 Limiting Number of Users For the LW3008C, you can limit the number of users accessing the switch through telnet. In case of using the system authentication with RADIUS or TACACS+, a configured number includes the number of users accessing the switch via the authentication server.
Page 49: Telnet Access
Otherwise, all changes will be lost when the telnet session is disconnected. SWITCH# write memory [OK] SWITCH# 4.1.9 Disconnect Telnet User LW3008C administrator can display and disconnect telnet user. To disconnect telnet user, check tty of telnet user first by using the following command Command Mode Description where Enable/Global Displays a telnet user.
Page 51: System Rebooting
4.1.12 Auto Reset Configuration The LW3008C reboots the system according to user’s configuration. There are two basises for system rebooting. These are CPU and memory. CPU is rebooted in case CPU Load or Interrupt Load continues for the configured time. Memory is automatically rebooted in case memory low occurs as the configured times.
Page 52 You can use auto reset function by sending and then listening for a PING. If there is no response within a specified time period and option values, LW3008C will automatically reset the system. To configure the option values in use for monitoring the network connection using PING test, use the following command.
Page 53 1-100: ping loss threshold Deletes the configured value of parameters that are no auto-reset ping used in a ping transaction. To set the threshold of performing the auto rebooting by ping, use the following command. Command Mode Description Sets the maximum number of auto rebooting by ping auto-reset ping reboot- transaction.
Page 54: Configuring Interface
The Layer 2 switches do not need IP addresses to transmit packets. However, if you want to access to the LW3008C from a remote place with TCP/IP through SNMP or telnet, it requires an IP address.
Page 55: Assigning Ip Address To Network Interface
4.2.2 Assigning IP Address to Network Interface After enabling an interface, assign an IP address. To assign an IP address to a network interface, use the following command. Command Mode Description ip address A.B.C.D/M Assigns a primary IP address to an interface. ip address A.B.C.D/M secondary Assigns a secondary IP address to an interface.
Page 56: Interface Description
To configure a default gateway, use the following command. Command Mode Description ip route default {GATEWAY | null} Global Configures a default gateway. [<1-255>] To delete a configure default gateway, use the following command. Command Mode Description no ip route default {GATEWAY | Global Deletes a default gateway.
Page 57: Displaying Interface
Bandwidth 100m inet 10.27.41.91/24 broadcast 10.27.41.255 input packets 3208070, bytes 198412141, dropped 203750, multicast packets 0 input errors 12, length 0, overrun 0, CRC 0, frame 0, fifo 12, missed 0 output packets 11444, bytes 4192789, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 SWITCH(config)# Displaying Interface...
Page 58 Command Mode Description Enables IP address overlapping. The IP addresses ip overlap-interface should have a different netmask Global no overlap-interface Disables IP address overlapping.
Page 59: Assigning An Ipv6 Address
Assigning an IPv6 Address IPv6 is designed as an evolutionary step from IPv4. IPv6 runs well on high performance networks like Gigabit Ethernet, ATM, and others, as well as low bandwidth networks. The main changes from IPv4 to IPv6 are summarized as follows: •...
Page 60 This field distinguishes packets that require the same treatment, in order to facilitate Flow label the handling of real-time traffic. (20 Bits) This field specifies the length of data carried after the IP header. Extension headers Payload Length are considered part of the payload and are therefore included in the calculation. (2 Bytes) Next Header This field contains a protocol number or a value for an extension header.
Page 61: Enabling Interface
IPv6 Special Addresses There are some special addresses without prefix. - Unspecified address : the unspecified address for IPv6 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 (or ::) - Localhost address : the special address for the loopback interface. 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001 (or ::1) - Link local address : It is assigned automatically to an interface when IPv6 is enabled.
Page 62 Command Mode Description Assigns an IPv6 global address to an interface. ipv6 address X:X::X:X/M X:X::X:X/M: IPv6 address/prefix-length Interface ipv6 address X:X::X:X/M anycast Assigns an IPv6 anycast address to an interface. To disable an assigned IPv6 address, use the following command. Command Mode Description...
Page 63: Assigning Link Local Address To Network Interface
4.2.8 Assigning Link Local Address to Network Interface The link-lcal address used between directly connected nodes on a single network link. To assign an IPv6 link-local address to a network interface, use the following command. Command Mode Description Assigns a link-local address on the interface. ipv6 address link-local X:X::X:X Interface X:X::X:X: IPv6 address using MAC address according...
Page 64: Enabling Ipv6 Processing
The following is an example of configuring a static route to reach three destinations, which are not directly connected. SWITCH(config)# ipv6 route 4000::/16 br101 SWITCH(config)# ipv6 route 3000:3::/64 br103 SWITCH(config)# ipv6 route 3000:2::/64 br102 To display a configured static route, use the following command. Command Mode Description...
Page 65: Ipv6 Interface Mode
4.2.11 IPv6 Interface Mode You can configure the interface for host mode. By default, the switch can receive Router Solicitation(RS) messages or send Router Advertisement (RA) messages to the network within this interface. In case of host mode, it functions as an IPv6 host. The interface can not send RA messages to other devices.
Page 66: Secure Shell (Ssh)
4.3.1 SSH Server The LW3008C can be operated as SSH server. You can configure the switch as SSH server. 4.3.1.1 Enabling SSH Server To enable/disable SSH server, use the following command.
Page 67: Ssh Client
4.3.2 SSH Client 4.3.2.1 Login to SSH Server To login to SSH server after configuring the LW3008C as SSH client, use the following command. Command Mode Description Logins to SSH server. ssh login DESTINATION Enable DESTINATION: IP address of SSH server.
Page 68 To display the configured authentication keys in the LW3008C, use the following command. Command Mode Description Enable show key-list Shows an authentication key of SSH server. Global...
Page 69: Authentication
802.1x authentication adopts EAP (Extensible Authentication Protocol) structure. In EAP system, there are EAP-MD5 (Message Digest 5), EAP-TLS (Transport Level Security), EAP- SRP (Secure Remote Password), EAP-TTLS (Tunneled TLS) and the LW3008C supports EAP-MD5 and EAP-TLS. Accessing with user’s ID and password, EAP-MD5 is 1-way Authentication based on the password.
Page 70: Authentication
4.4.1 802.1x Authentication 4.4.1.1 Enabling 802.1x To configure 802.1x, the user should enable 802.1x daemon first. To enable 802.1x daemon, use the following command. Command Mode Description dot1x system-auth-control Enables 802.1x daemon. Global no dot1x system-auth-control Disables 802.1x daemon. 4.4.1.2 RADIUS Server As RADIUS server is registered in authenticator, authenticator also can be registered in RADIUS server.
Page 71 After default server is designated, all requests start from the RADIUS server. If there’s no response from default server again, the authentication request is tried for RADIUS server designated as next one. To configure IP address of RADIUS server and key value, use the following command. Command Mode Description...
Page 72 4.4.1.6 Interval for Retransmitting Request/Identity Packet In the LW3008C, it is possible to specify how long the device waits for a client to send back a response/identity packet after the device has sent a request/identity packet. If the client does not send back a response/identity packet during this time, the device retransmits the request/identity packet.
Page 73: Re-Authentication
4.4.1.9 Interval of Request to RADIUS Server For the LW3008C, it is possible to set the time for the retransmission of packets to check RADIUS server. If there is a response from other packets, the switch waits for a response from RADIUS server during the configured time before resending the request.
Page 74 In the LW3008C, you can set the number of seconds that the authenticator should wait for a response to request/identity packet from the suppliant before retransmitting the request.
Page 75: Initializing Authentication Status
4.4.3 Initializing Authentication Status The user can initialize the entire configuration on the port. Once the port is initialized, the supplicants accessing to the port should be re-authenticated. Command Mode Description dot1x initialize PORTS Global Initializes the authentication status on the port. 4.4.4 Restoring Default Value To restore the default value of the 802.1x configuration, use the following command.
Page 76 specifying the information of RADIUS server. SWTICH(config)# dot1x system-auth-control SWTICH(config)# dot1x nas-port 6 SWTICH(config)# dot1x port-control force-authorized 6 SWTICH(config)# dot1x radius-server host 10.1.1.1 auth-port 1812 key test SWTICH(config)# show dot1x 802.1x authentication is enabled. RADIUS Server TimeOut: 1(S) RADIUS Server Retries: 3 RADIUS Server : 10.1.1.1 (Auth key : test) ------------------------------- 802.1x...
Page 77: System Authentication
Deletes a configured system authentication method. no login 4.5.2 Authentication Interface If more than 2 interfaces exist in the LW3008C, you can set one interface to access RADIUS or TACACS server. To set an authentication interface, use the following command. Command Mode Description login radius interface INTERFACE [A.B.C.D |...
Page 78: Automated Blocking Of Ip Host
4.5.4 Automated Blocking of IP Host For security reasons of the system, Administrator can configure the number of the login fails to be blocked and configure the delay time for login attempts. To configure the login delay function, use the following command. Command Mode Description...
Page 79: Radius Server
A.B.C.D <1-5> 1-5: priority of RADIUS server 4.5.5.3 Timeout of Authentication Request After an authentication request, the LW3008C waits for a response from a RADIUS server for specified time. To specify a timeout value, use the following command. Command Mode Description Specifies a timeout value.
Page 80: Tacacs+ Server
4.5.5.4 Frequency of Retransmit In case of no response from a RADIUS server, the LW3008C is supposed to retransmit an authentication request. To set the frequency of retransmitting an authentication request, use the following command. Command Mode Description Sets the frequency of retransmit.
Page 81: Accounting Mode
4.5.6.4 Additional TACACS+ Configuration The LW3008C provides several additional options to configure the system authentication via TACACS+ server. TCP Port for the Authentication To specify TCP port for the system authentication, use the following command. Command Mode Description login tacacs socket-port Specifies TCP port for the authentication.
Page 82: Displaying System Authentication
To set an accounting mode, use the following command. Command Mode Description Sets an accounting mode. login accounting-mode {none | start: measures start point only. start | stop | both} stop: measures stop point only. Global both: measures start and stop point both. no login accounting-mode Deletes a configured accounting mode.
Page 83: Port Configuration
5 Port Configuration The LW3008C features highly flexible hardware configurations with multiple GPON and Gigabit Ethernet components. In this chapter, you can find the instructions for the basic port configuration such as auto-negotiation, flow control, transmit rate, etc. Please read the following instructions carefully before you configure a port in the LW3008C.
Page 84: Auto-Negotiation
The following is an example of disabling the Ethernet port 9. SWITCH(bridge)# show port 9 ------------------------------------------------------------------------ TYPE PVID STATUS MODE FLOWCTRL INSTALLED (ADMIN/OPER) (ADMIN/OPER) ------------------------------------------------------------------------ Ethernet Up/Down Auto/Full/0 Off/ Off SWITCH(bridge)# port disable 9 SWITCH(bridge)# show port 9 ------------------------------------------------------------------------ TYPE PVID STATUS MODE...
Page 85: Duplex Mode
5.2.4 Duplex Mode Ethernet operates in either half-duplex or full-duplex mode. In full-duplex mode, frames travel in both directions simultaneously over two channels on the same connection for an aggregate bandwidth of twice that of half-duplex mode. Full duplex networks are very efficient since data can be sent and received simultaneously.
Page 86: Port Description
Port Description To specify a description of an Ethernet port, use the following command. Command Mode Description Specifies a description of an Ethernet port. (maximum port description PORTS number of characters is 100) DESCRIPTION Bridge PORTS: port number no port description PORTS Deletes a specified description of an Ethernet port.
Page 87 normal: normal MDI mode To display the port information, use the following command. Command Mode Description Enable show port mdix [PORTS] Global Shows MDI crossover state of port. Bridge...
Page 88: Traffic Statistics
5.2.8 Traffic Statistics 5.2.8.1 Packet Statistics To display the traffic statistics of an Ethernet port, use the following command. Command Mode Description Shows the traffic statistics of the average packet for a show port statistics avg-pkt specified Ethernet port. [PORTS] PORTS: port number show port statistics avg-pps Shows the traffic statistics per packet type for a...
Page 89: Port Information
Command Mode Description Global clear protocol statistics [PORTS] Deletes the collected statistics of the protocol. Bridge 5.2.9 Port Information To display the port information, use the following command. Command Mode Description show port [PORTS] Shows a current port status, enter a port number. PORTS: port number show port status [PORTS] Enable...
Page 90: Port Mirroring
Port Mirroring Port mirroring is the function of monitoring a designated port. Here, one port to monitor is called monitor port and a port to be monitored is called mirrored port. Traffic transmitted from mirrored port are copied and sent to monitor port so that user can monitor network traffic. The following is a network structure to analyze the traffic by port mirroring.
Page 91 Command Mode Description mirror enable Bridge Activates port mirroring. Step 4 To display a configured port mirroring, use the following command. Command Mode Description Enable show mirror Global Shows a configured port mirroring. Bridge To delete and modify the configuration, use the following command. Command Mode Description...
Page 92: System Environment
6 System Environment Environment Configuration You can configure a system environment of the LW3008C. 6.1.1 Host Name Host name displayed on prompt is necessary to distinguish each device connected to network. To set a new host name, use the following command.
Page 93: Time Zone
6.1.3 Time Zone The LW3008C provides three kinds of time zone, GMT, UCT and UTC. The time zone of the switch is predefined as GMT (Greenwich Mean Time). You can also set the time zone where the network element belongs.
Page 94 To enable/disable the NTP function, use the following command. Command Mode Description SERVER1 [SERVER2] Enables NTP function with a specified NTP server. [SERVER3] SERVER: server IP address (maximum 3 servers) no ntp SERVER1 Global Deletes a specified NTP server. [SERVER2] [SERVER3] SERVER: server IP address no ntp Disables the NTP function.
Page 95: Simple Network Time Protocol (Sntp)
NTP authentication is disabled by default. To enable the NTP authentication, use the following command. Command Mode Description ntp authenticate Enables the NTP authencation. Global no ntp authenticate Disables the NTP authentication. To define the authentication keys, use the following command. Command Mode Description...
Page 96: Terminal Configuration
6.1.6 Terminal Configuration By default, the LW3008C is configured to display 24 lines composed by 80 characters on console terminal. You can change the number of displaying lines by using the terminal length command. The maximum line displaying is 512 lines.
Page 97: Dns Server
6.1.7 DNS Server To set a DNS server, use the following command. Command Mode Description dns server A.B.C.D Sets a DNS server. A.B.C.D: DNS server IPv4 address dns server X:X::X:X X:X::X:X: DNS server IPv6 address Global no dns server {A.B.C.D | Removes a DNS server.
Page 98: Fan Operation
Global Shows a current login banner. Bridge 6.1.9 Fan Operation For the LW3008C, it is possible to control fan operation. To control fan operation, use the following command. Command Mode Description fan operation {on | off | auto} Global Configures fan operation.
Page 99: Enabling Ftp Connection
IP address. However, an interface of the LW3008C may have multiple IP addresses. In such a multiple-IP environment, a primary IP address is normally used. You can configure the LW3008C to use one of the secondary IP addresses as a source IP of an FTP client.
Page 100: System Threshold
This module DMI command is enabled by default. Thus, if you don’t want to get DMI information, configure this setting as disable. If disabled, the LW3008C does not show DMI information of the SFP ports when using the show port module-info command.
Page 101 To display the configured threshold of CPU load, use the following command. Command Mode Description Shows the configured threshold and average of CPU show cpuload Enable load. Global Shows the CPU load during the last 10 minutes in the Bridge show cpu-trueload time slots of every 5 seconds.
Page 102 6.1.14.3 Fan Operation The system fan will operate depending on measured system temperature. To set the threshold of fan operation, use the following command. Command Mode Description Sets the threshold of fan operation in the unit of Celsius threshold (°C). START-TEMP START-TEMP: starts fan operation.
Page 103 6.1.14.5 System Memory To set the threshold of system memory in use, use the following command. Command Mode Description Sets the threshold of system memory in the unit of threshold memory <20-100> percent (%). Global 20-100: system memory in use no threshold memory Deletes the configured threshold of system memory.
Page 104: Software Watchdog Configuration
Software Watchdog Configuration The watchdog is responsible for bootstrapping OLT and starting the necessary set of server processes. You can configure the software watchdog to take an action for controlling the system of OLT. To enable/disable the watchdog function, use the following command. Command Mode Description...
Page 105: Configuration Management
Configuration Management You can verify if the system configurations are correct and save them in the system. 6.2.1 Displaying System Configuration To display the current running configuration of the system, use the following command. Command Mode Description show running-config Shows a configuration of the system. show running-config {admin-flow | admin-policy | arp | bridge | count-group | cpu-pkt-filter | dba-profile | dhcp | dhcp6 | dns | extended-vlan-tagging-operation...
Page 106: Auto-Saving
6.2.3 Auto-Saving The LW3008C supports the auto-saving feature, allowing the system to save the system configuration automatically. This feature prevents the loss of unsaved system configuration by unexpected system failure. To allow the system to save the system configuration automatically, use the following command.
Page 107: Secured File Copy
Command Mode Description copy {ftp | tftp} config upload Uploads a file to FTP or TFTP server with the name {FILE-NAME | startup-config} configured by user. copy {ftp | tftp} os upload {os1 | Uploads a file to ftp or FTP server with a name of os1 or os2} os2.
Page 108: Display Backup File
The LW3008C can be configured to generate core dumps and save them in ramdisk for useful debugging aids in several situations such as accesses to non- existent memory, segmentation errors.
Page 109 To back up a core dump file using FTP or TFTP, use the following command. Command Mode Description copy {ftp | tftp} coredump upload Enable Uploads a core dump file to FTP or TFTP server. To display a core dump file, use the following command. Command Mode Description...
Page 110: System Management
System Management When there is any problem in the system, you must find what the problem is and its solution. Therefore, you should not only be aware of a status of the system but also verify if the system is correctly configured 6.3.1 Network Connection To verify if your system is correctly connected to the network, use the ping command.
Page 111: Tab. 6.3 Options For Ping For Multiple Ip Addresses
When multiple IP addresses are assigned to the switch, sometimes you need to verify the connection status between the specific IP address and network status. In this case, use the same process as ping test and then input the followings after extended commands.
Page 112: Ip Icmp Source Routing
Fig. 6.1, if you perform ping test from PC to C, it goes through the route of A→B→C. This is the general case. But, the LW3008C can enable to perform ping test from PC as the route of A→E→D→C. Fig. 6.2...
Page 113: Tracing Packet Route
To perform ping test as the route which the manager designated, use the following steps. Enable IP source-routing function from the equipment connected to PC which the PING test Step 1 is going to be performed. To enable/disable IP source-routing in the LW3008C, use the following command. Command Mode Description ip icmp source-route Enable IP source-routing function.
Page 114: Displaying User Connecting To System
3 10.45.1.254 (10.45.1.254) 2.723 ms 2.604 ms 1.767 ms 4 10.55.1.1 (10.55.1.1) 2.532 ms 2.522 ms 1.793 ms 5 10.55.1.1 (10.55.1.1) 1.623 ms 0.879 ms 1.755 ms 6 10.55.193.104 (10.55.193.104) 9.375 ms 3.817 ms 2.514 ms SWITCH# 6.3.4 Displaying User Connecting to System To display current users connecting to the system from a remote place or via console interface, use the following command.
Page 115: System Running Time
6.3.7 System Running Time To display the system running time, use the following command. Command Mode Description Enable show uptime Global Shows the system running time. Bridge The following is an example of displaying the system running time. SWITCH# show uptime 10:41am up 15 days, 10:55, 0 users, load average: 0.05, 0.07, 0.01 SWITCH# 6.3.8...
Page 116: Cpu Packet Management
6.3.11.2 CPU Packet Filtering The LW3008C provides a packet filtering feature for incoming/outgoing traffic management to/from CPU. You have to create a CPU packet filter first and set the packet classification criteria and the policy. You can use physical port ID, 802.1p priority (CoS), VLAN ID, 802.1q tag, and so on to classify the CPU packets.
Page 117 To configure one or more CPU packet filter match pattern(s), use the following command. Command Mode Description match vid <1-4094> [tag- Classifies a VLAN ID. position <1-8>] VLAN: VLAN ID Classifies a queue of CPU RX/TX packets. match cos <0-7> 0-7: queue number Classifies a physical port ID.
Page 118 To specify the action policy of CPU packet filter for the packets matching the configured match patterns, use the following command. Command Mode Description Specifies a drop or permit statement of the CPU packet filter with the configured match pattern. action {permit | drop} permit: permits the traffic of entries drop: discards the traffic of entries...
Page 119 [PORTS] Bridge CPU. The LW3008C can be configured to generate a syslog message when the number of the packets handled by CPU exceeds a specified value. This function allows system administrators to monitor the switch and network status more effectively.
Page 120: Running Process
CPU. 6.3.12 Running Process The LW3008C provides a function that shows information of the running processes. The information with this command can be very useful to manage the switch. To display information of the running processes, use the following command.
Page 121: Displaying System Software
6.3.15 Default OS The LW3008C supports the dual OS feature. You can verify the running OS in the flash memory with the show flash command. When two system OSs are installed, you can set one of those as the default OS. To set the default OS of the system, use the following command.
Page 122: Switch Status
6.3.16 Switch Status To display the temperature of switch, power status, and fan status, use the following command. Command Mode Description show status fan Shows the fan status of the switch. Enable show status temp Global Shows the current temperature of the switch. Bridge show status power Shows the current power status.
Page 123: Tech Support Information
To reduce the effort to acquire the detail informtation of the system for a technical suppport, the LW3008C provides the function that generates all the system information reflecting the current state. Using this function, you can verify all the details on a console screen or even in the remote place via FTP/TFTP.
Page 124 Command Mode Description no debug nsm [all] no debug nsm {events | kernel} Enable Disables NSM debugging. no debug nsm packet {send | recv} [detail] no debug nsm packet [detail] To display the debugging information, use the following command. Command Mode Description Enable...
Page 125: Network Management
SNMP agent sends a trap to administrator for specific cases. Trap is a warning message to alert network status to SNMP administrator. The LW3008C enhances access management of SNMP agent and limits the range of OID opened to agents. SNMP Service To enable/disable SNMP service, use the following command.
Page 126: Snmp Agent Administrator
Deletes the specified basic information for each item. no snmp location The following is an example of specifying basic information of SNMP agent. SWITCH(config)# snmp contact furukawa<02.3484.6500> SWITCH(config)# show snmp contact contact furukawa<02.3484.6500> SWITCH(config)# snmp location Seoul,Korea...
Page 127: Assigning Ip Address Of Snmp Agent
7.1.3 Assigning IP Address of SNMP Agent If SNMP agent has several IP addresses, SNMP carries the information through the best suited path (IP address) when SNMP administrator requests for information. It means that SNMP administrator can be received the information from a different IP address which was not actually a given IP address before.
Page 128: Snmp Group
------------------------------------------------ TEST 10.1.1.1 PUBLIC SWITCH(config)# 7.1.5 SNMP Group You can create an SNMP group that can access SNMP agent and its community that belongs to a group. To create an SNMP group, use the following command. Command Mode Description Creates SNMP group, enter the group name. snmp group GROUP {v1 | v2c | GROUP: group name v3} SECURITY...
Page 129: Permission To Access Snmp View Record
The following is an example of creating an SNMP view record. SWITCH(config)# snmp view TEST included 410 SWITCH(config)# show snmp view View List ViewName Type SubTree / Mask ------------------------------------------- TEST included 410 SWITCH(config)# 7.1.7 Permission to Access SNMP View Record To grant an SNMP group to access to a specific SNMP view record, use the following command.
Page 130: Snmp Trap
To display a current SNMP version 3 user, use the following command. Command Mode Description Enable show snmp user Global Displays an SNMP version 3 user. Bridge 7.1.9 SNMP Trap SNMP trap is an alert message that SNMP agent notifies SNMP manager about certain problems.
Page 131 SWITCH(config)# snmp trap-host 10.1.1.3 SWITCH(config)# snmp trap-host 20.1.1.5 SWITCH(config)# snmp trap-host 30.1.1.2 SWITCH(config)# To set index in SNMP Trap host, use the following command. Command Mode Description snmp {trap-host | trap2-host} A.B.C.D Specifies an trap index in SNMP trap COMMUNITY add TRAP-INDEX host.
Page 132 To enable SNMP trap, use the following command. Command Mode Description Generates SNMP trap when SNMP authentication is snmp trap auth-fail failed. snmp trap cold-start Generates SNMP trap when SNMP agent is restarted. Generates SNMP trap when a port is connected to snmp trap link-up PORTS network.
Page 133: Snmp Alarm
7.1.10 SNMP Alarm The LW3008C provides an alarm notification function. The alarm will be sent to a SNMP trap host whenever a specific event in the system occurs through CLI. You can also set the alarm severity on each alarm and make the alarm be shown only in case of selected severity or higher.
Page 134 7.1.10.1 Alarm Notify Activity Normally the LW3008C is supposed to generate an alarm only when a pre-defined event has occurred such as the fan fail, system restart, temperature high, etc. However, you can additionally configure the system to generate an alarm when any configuration parameter has been changed via CLI.
Page 135 Command Mode Description major | minor | warning | intermediate} high. snmp alarm-severity dhcp-lease {critical | Sets severity of an alarm for no more IP major | minor | warning | intermediate} address left in the DHCP pool. snmp alarm-severity dhcp-illegal {critical | Sets severity of an alarm for illegal DHCP major | minor | warning | intermediate} entry.
Page 136 no snmp alarm-severity cold-start no snmp alarm-severity cpu-load-over no snmp alarm-severity dhcp-lease no snmp alarm-severity dhcp-illegal no snmp alarm-severity fan-remove no snmp alarm-severity ip-conflict no snmp alarm-severity memory-over no snmp alarm-severity mfgd-block no snmp alarm-severity port-link-down no snmp alarm-severity power-fail no snmp alarm-severity port-remove no snmp alarm-severity port-thread-over no snmp alarm-severity rmon-alarm-rising...
Page 137 Command Mode Description | major | minor | warning | intermediate} high. snmp alarm-severity adva-voltage-low {critical Sets severity of an alarm for adva-voltage- | major | minor | warning | intermediate} low. To delete configured ADVA alarm severity, use the following command. Command Mode Description...
Page 138: Snmp Message Logging
7.1.10.7 Displaying SNMP Alarm To display a collected alarm, use the following command. Command Mode Description show snmp alarm-severity Shows a configured alarm severity. show snmp alarm-history Global Shows a collected alarm history. show snmp alarm-report Shows a collected alarm report. To deletes a collected alarm in the system, use the following command.
Page 139: Disabling Snmp
7.1.11 Disabling SNMP To disable SNMP, use the following command. Command Mode Description no snmp Disables SNMP. Global no snmp vrf Disables VPN snmp When you use the no snmp command, all configurations of SNMP will be lost. 7.1.12 Displaying SNMP Configuration To display all configurations of SNMP, use the following command.
Page 140: Efm Oam
EFM OAM EFM OAM capabilities are a need for Ethernet subscriber access link monitoring in L2, remote loopback and remote failure indication. EFM OAM uses a slow protocol frame which is called OAM Protocol Data Units (OAMPDUs). Using OAMPDUs, local DTE manages the remote DTE.
Page 141: Efm Oam Mode
To specify an errored window size and threshold according to the event type, use the following command. Command Mode Description Specifies the window size and threshold in case of oam efm link-monitor frame frame event. window <10-600> threshold <0- 10-600: window size (unit: 100msec, default:1 second) 65535>...
Page 142: Oam Unidirection
command. Command Mode Description oam efm remote-loopback Enables loopback function of peer device. permit PORTS oam efm remote-loopback Disables loopback function of peer device. deny PORTS Global Starts to perform the test of loopback operation. oam efm remote-loopback test 1-100: the number of test packets <1-100>...
Page 143: Link Layer Discovery Protocol (Lldp)
LAN according to IEEE 802.1ab standard. 7.3.1 LLDP Operation The LW3008C supporting LLDP transmits the management information between near switches. The information carries the management information that can recognize the network elements and the function. This information is saved in internal Management Information Base (MIB).
Page 144: Basic Tlv
| sysdescription | syscap} 7.3.5 LLDP Message For the LW3008C, it is possible to configure the interval time and times of sending LLDP message. To configure the interval time and times of LLDP message, use the following command. Command...
Page 145: Lldp-Med Network Policy
7.3.7 LLDP-MED Network Policy LLDP Media Endpoint Discovery (MED) is an extension to LLDP, it enables LLDP feature in a voice over IP (VoIP) network. The Layer 2 network discovery protocol extension described in the ANSI/TIA-1057 standard, LLDP for Media Endpoint Devices. This protocol enables the swtich to configure and manage connected Media Endpoint devices that need to send media streams across the network (e.g., IP telephones and security cameras).
Page 146 for the specified application type To delete the configured application type of LLDP network policy, use the following command. Command Mode Description no voice LLDP- Deletes the configured application type of LLDP Policy network policy. no voice-signaling 7.3.7.3 Saving and Modifying LLDP Network Policy After configuring the LLDP network policy using the above commands, save it with apply command.
Page 147: Displaying Lldp Configuration
To remove the configured LLDP network policy from the port, use the following command. Command Mode Description no lldp PORTS med network- Removes the configured LLDP network policy from the Bridge policy NAME port 7.3.7.5 Displaying LLDP Network Policy To display the configuration of LLDP network policy, use the following command. Command Mode Description...
Page 148: Remote Monitoring (Rmon)
RMON. There are nine RMON MIB groups defined in RFC 1757: Statistics, History, Alarm, Host, Host Top N, Matrix, Filter, Packet Capture and Event. The LW3008C supports two MIB groups of them, most basic ones: Statistics (only for uplink ports) and History.
Page 149 write Write running configuration to memory or terminal SWITCH(config-rmonhistory[5])# 7.4.1.1 Source Port of Statistical Data To specify a source port of statistical data, use the following command. Command Mode Description Specifies a data object ID: data-source NAME RMON NAME: enters a data object ID. (ex. ifindex.n1/port1) 7.4.1.2 Subject of RMON History To identify a subject using RMON history, use the following command.
Page 150: Rmon Alarm
Before activating RMON history, check if your configuration is correct. After RMON history is activated, you cannot change its configuration. If you need to change configuration, you need to delete the RMON history and configure it again. 7.4.1.6 Deleting Configuration of RMON History When you need to change a configuration of RMON history, you should delete an existing RMON history.
Page 151 Comparing difference between current data and the latest data with the threshold, if the data is more than the threshold or less than it, alarm is occurred. To compare object selected as sample with the threshold, use the following command. Command Mode Description...
Page 152 After configuring lower bound of threshold, configure to generate RMON event when object is less than configured threshold. Use the following command. Command Mode Description Configures to generate RMON alarm when object is falling-event <1-65535> RMON less than configured threshold. 7.4.2.6 Standard of the First Alarm It is possible for users to configure standard when alarm is first occurred.
Page 153: Rmon Event
7.4.2.8 Activating RMON Alarm After finishing all configurations, you need to activate RMON alarm. To activate RMON alarm, use the following command. Command Mode Description active RMON Activates RMON alarm. 7.4.2.9 Deleting Configuration of RMON Alarm When you need to change a configuration of RMON alarm, you should delete an existing RMON alarm.
Page 154 7.4.3.3 Subject of RMON Event You need to configure event and identify subject using various data from event. To identify subject of RMON event, use the following command. Command Mode Description Identifies subject of event. You can use maximum 126 owner NAME RMON characters and this subject should be same with the...
Page 155: Syslog
Syslog The syslog is a function that allows the network element to generate the event notification and forward it to the event message collector like a syslog server. This function is enabled as default, so even though you disable this function manually, the syslog will be enabled again.
Page 156 | syslog | user} {emerg | alert | crit | err | warning | notice | info} remote A.B.C.D LW3008C provides user-define syslog facility of local0 to local7. This facility can classify syslog messages received from several devices. To set a user-defined syslog output level with a priority, use the following command.
Page 157 warning | notice | info} console no syslog output priority {auth | authpriv | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | syslog | user} {emerg | alert | crit | err | warning | notice | info} local {volatile | non-volatile} no syslog output priority {auth | authpriv | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6...
Page 158: Facility Code
SWITCH(config)# 7.5.2 Facility Code You can set a facility code of the generated syslog message to send them remote syslog server. This code make a syslog message distinguished from others, so network adminis- trator can handle various syslog messages efficiently. Facility code is only used with sys-log messages to send to remote syslog server.
Page 159: Debug Message For Remote Terminal
7.5.5 Debug Message for Remote Terminal To display a syslog debug message to a remote terminal, use the following command. Command Mode Description terminal monitor Enables the terminal monitor function. Enable no terminal monitor Disables the terminal monitor function. This function is not operational in the local console. 7.5.6 Disabling Syslog To disable the syslog, use the following command.
Page 160: Displaying Syslog Status
7.5.8 Displaying Syslog Status To display the saved syslog status, use the following command. Command Mode Description show syslog Shows the configuration of the syslog. Shows the usage of the area where the received syslog Enable show syslog {volatile | non- messages are stored.
Page 161: Rule And Qos
Rule and QoS The LW3008C provides a rule and QoS feature for traffic management. The rule classifies incoming traffic, and then processes the traffic according to user-defined policies. You can use the physical port, 802.1p priority (CoS), VLAN ID, DSCP, and so on to classify incoming packets.
Page 162: How To Operate Qos
7.6.1 How to Operate QoS QoS operation is briefly described as below. Incoming packets are classified by configured conditions, and then processed by packet counter and rate-limiting on specific policer. After marking and remarking action, the switch transmits those classified and processed packets via a given scheduling algorithm. Fig.
Page 163: Packet Classification
Packet classification features allow traffic to be partitioned into multiple priority levels, or classes of service. In Flow Configuration mode, you can set packet classification criterias via flow, which is with unique name. If you specify the value of parameters, the LW3008C...
Page 164 LW3008C provides default and extension mode of Flow. Each modes are described below and a user should use suitable mode with the corresponding chararacteristics. Default mode sets upto 1024 Flows including Admin-access-flow. •...
Page 165 The flow name cannot start with the alphabet “a” or “A”. • The order in which the following configuration commands are entered is arbitrary. • The configuration of a flow being configured can be changed as often as wanted • until the apply command is entered.
Page 166 Command Mode Description TCP-FLAG: TCP flag (e.g. S(SYN), F(FIN)) any: any TCP flag Classifies MAC address. SRC-MAC-ADDR: source MAC address mac {SRC-MAC-ADDR | SRC-MAC- DST-MAC-ADDR: destination MAC address ADDR/M | any} {DST-MAC-ADDR | SRC/DST-MACADDR/M: source/destination DST-MACADDR/M | any} address with mask bit any: any source/destination MAC address (ignore) When specifying a source and destination IP address as a packet-classifying pattern, the destination IP address must be after the source IP address.
Page 167 Command Mode Description no cos no dscp no tos no length Deletes a specified packet-classifying pattern for each no ip-precedence Flow option. no ethtype no mac no ip no ip header-length 7.6.2.3 Applying and modifying Flow After configuring a flow using the above commands, apply it to the system with the following command.
Page 168: Packet Conditioning
Command Mode Description no class all Deletes all classes. no class NAME Deletes specified class, enter the class name. Global no class NAME flow FLOW1 Removes specified flows from class. [FLOW2] [FLOW3]··· 7.6.3 Packet Conditioning After defining traffic classification criteria in Flow Configuration mode, then configure how to process the packets.
Page 169 7.6.3.2 Packet Counter The packet counter function provides information on the total number of packets that the rule received and analyzed. This feature allows you to know the type of packets transmitted in the system according to rule configuration. To count the number of packets matching to corresponding policer, use the following command.
Page 170: Rule Action
Command Mode Description apply Policer Applies a policer to the system. To modify a policer, use the following command. Command Mode Description policer NAME modify Global Modifies a policer, enter a policer name. 7.6.4 Rule Action 7.6.4.1 Policy Creation To configure a policy, you need to open Policy Configuration mode first. To open Policy Configuration mode, use the following command.
Page 171 The LW3008C provides Token Bucket (srTCM and trTCM) meters. Token Bucket The token bucket is a control mechanism that transmits traffic by tokens in the bucket.
Page 172: Fig. 7.3 Token Bucket Meter
Tokens are regenerated at a given rate (CIR, PIR) Token Packet consumes tokens in the bucket Forwarding Token Packet Fig. 7.3 Token Bucket Meter Single Rate Three Color Marker (srTCM) The srTCM meters an IP packet stream and marks its packet the one among green, yellow, and red using Committed Information Rate (CIR) and two associated burst sizes, Committed Burst Size (CBS) and Excess Burst Size (EBS).
Page 173: Fig. 7.4 Behavior Of Srtcm (1)
Tokens are regenerated Tokens are regenerated based on CIR based on CIR Bucket C Bucket E Token Token Tokens are decremented by the size of the packet Green Color-Marking Token Packet Fig. 7.4 Behavior of srTCM (1) Tokens are regenerated Tokens are regenerated based on CIR based on CIR...
Page 174: Fig. 7.6 Bahavior Of Srtcm (3)
Tokens are regenerated Tokens are regenerated based on CIR based on CIR Bucket C Bucket E Empty Empty If both buckets are empty, a packet is marked red Packet Red Color-Marking Fig. 7.6 Bahavior of srTCM (3) Two Rate Three Color Marker (trTCM) The trTCM meters an IP packet stream and marks its packet the one among green, yellow, and red using Peak Information Rate (PIR) and its associated Peak Burst Size (PBS) and Committed Information Rate (CIR) and its associated Committed Burst Size (CBS).
Page 175: Fig. 7.7 Behavior Of Trtcm (1)
Tokens are regenerated Tokens are regenerated based on PIR faster than CIR based on CIR Bucket P Bucket C Token Token Tokens in both buckets are decremented by the size of Green Color-Marking the packet Token Packet Fig. 7.7 Behavior of trTCM (1) Tokens are regenerated Tokens are regenerated based on PIR faster than CIR...
Page 176: Fig. 7.9 Behavior Of Trtcm (3)
Tokens are regenerated Tokens are regenerated based on PIR faster than CIR based on CIR Bucket P Bucket C Empty Empty If the bucket P is empty, a packet is marked red Packet Red Color-Marking Fig. 7.9 Behavior of trTCM (3) To set the metering mode, use the following command.
Page 177 In the color-blind mode, you can configure all green-colored, red-colored or yellow-colored packets to discard. To configure the meter to discard all green-colored, red-colored or yellow-colored packets, use the following command. Command Mode Description Configures the meter to discard green, red-colored or color {red | yellow} action drop yellow-colored packets.
Page 178 Command Mode Description action match dscp <0-63> Configures DSCP of ToS. action match egress filter PORT Policy Deletes a specified egress port. action match egress port PORT Overwrites a specified egress port redirect cannot be used with MAC filtering. To delete a specified rule action, use the following command. Command Mode Description...
Page 179 7.6.4.6 Attaching a Policy to an interface After you configure a rule including the packet classification, policing and rule action, you should attach a policy to an interface and to specify port or VLAN in which the policy should be applied. If you do not specify an interface for rule, rule does not work properly. To attach a policy to an interface, use the following command.
Page 180: Displaying Rule
Bridge 7.6.6 Admin Rule For the LW3008C, it is possible to block a specific service connection like telnet, FTP, ICMP, etc with an admin rule function. 7.6.6.1 Creating Admin Flow for packet classification To classify packets by a specific admin flow for the LW3008C, you need to open Admin-Flow Configuration mode first.
Page 181 To delete configured admin flow or all admin flows, use the following command. Command Mode Description no flow admin NAME Deletes specified admin flow. Global no flow admin all Deletes all admin flows. After opening Admin-Flow Configuration mode, an admin flow can be configured by user. The packet classification can be configured for each admin-flow.
Page 182 Command Mode Description 65535> | any} any: any source/destination IP address 0-65535: TCP/UDP source/destination port number any: any TCP/UDP source/destination port Classifies an IP protocol (TCP): A.B.C.D: source/destination IP address ip {A.B.C.D | A.B.C.D/M | any} A.B.C.D/M: source/destination IP address with mask {A.B.C.D | A.B.C.D/M | any} tcp any: any source/destination IP address {<0-65535>...
Page 183: Admin Rule Action
FLOW: admin flow name 7.6.7 Admin Rule Action 7.6.7.1 Admin Policy Creation For the LW3008C, you need to open Admin-Policy Configuration mode first. To open Policy Configuration mode, use the following command. Command Mode Description Creates an admin policy and opens Admin-Policy...
Page 184 The admin-policy name must be unique. Its size is limited to 32 significant characters. • The admin- policy name cannot start with the alphabet “a” or “A”. • The order in which the following configuration commands are entered is arbitrary. •...
Page 185 7.6.7.3 Admin Policy Action To specify the rule action (action match) for the packets matching configured classifying patterns, use the following command. Command Mode Description action match deny Denies a packet. Admin-Policy action match permit Permits a packet. To delete a specified rule action(action match), use the following command. Command Mode Description...
Page 186: Displaying Admin Rule
7.6.8 Displaying Admin Rule To show an admin rule profile configured by user, use the follwing command. Command Mode Description show flow-profile admin Admin-Flow Shows a profile of admin flow. show policy-profile admin Admin-Policy Shows a profile of admin policy. The following command can be used to show a certain rule by its name, all rules of a certain type, or all rules at once sorted by a rule type.
Page 187: Scheduling
7.6.9 Scheduling To process incoming packets by the queue scheduler, the LW3008C provides the scheduling algorithm as Strict Priority Queuing (SP), Weighted Round Robin (WRR) and Deficit Round Robin (DRR). Strict Priority Queuing (SP) SPQ processes first more important data than the others. Since all data are processed by their priority, data with high priority can be processed fast but data without low priority might be delayed and piled up.
Page 188: Fig. 7.11 Deficit Round Robin
Deficit Round Robin Queing Queue1 (50% b/w, Quantum [1] = 1000 Scheduler Queue2 (25% b/w, Quantum [2] = 500 Queue3 (25% b/w, Quantum [3] = 500 Fig. 7.11 Deficit Round Robin Weighted Round Robin (WRR) WRR processes packets as much as weight. Processing the packets that have higher priority is the same way as strict priority queuing.
Page 189 7.6.9.1 Scheduling mode To select a packet scheduling mode, use the following command. Command Mode Description Selects a packet scheduling mode for a ports: sp: strict priority queuing qos scheduling-mode {sp | wrr | wrr: weighted round robin drr} PORTS drr: deficit round robin Global PORTS: port numbers...
Page 190 7.6.9.3 Maximum and Minimum Bandwidth To set a maximum bandwidth, use the following command. Command Mode Description Sets a maximum bandwidth for each port and queue: PORTS: port numbers qos max-bandwidth PORTS <0- Global 0-7: queue number 7> {BANDWIDTH | unlimited} BANDWIDTH: bandwidth in the unit of MB unlimited: unlimited bandwidth To set a maximum bandwidth, use the following command.
Page 191: Netbios Filtering
However, the more computers are used recently, the more strong security is required. To secure individual customer’s information and prevent information leakages in the LAN environ-men, the LW3008C provides NetBIOS filtering function. Without NetBIOS filtering, customer’s data may be opened to each other even though the data should be kept.
Page 192: Martian Filtering
Martian Filtering It is possible to block packets, which trying to bring different source IP out from same network. If packet brings different IP address, not its source IP address, then it is impossible to know it makes a trouble. Therefore, you would better prevent this kind of packet outgoing from your network.
Page 193: Mac Filtering
MAC Filtering It is possible to forward frame to MAC address of destination. Without specific performance degradation, maximum 4096 MAC addresses can be registered. 7.9.1 Default MAC Filter Policy The basic policy of filtering based on system is set to allow all packets for each port. However, the basic policy can be changed for user’s requests.
Page 194: Listing Mac Filter Policy
To delete MAC filtering policy, use the following command. Command Mode Description mac-filter del SRC-MAC-ADDR Bridge Deletes filtering policy for specified MAC address. To delete MAC filtering function, use the following command. Command Mode Description no mac-filter Bridge Deletes all MAC filtering functions. 7.9.3 Listing MAC Filter Policy If you need to make many MAC filtering policies at a time, it is hard to input command one...
Page 195: Outband Management Port Security
PCs in the network but also devices such as switches in the network. For the LW3008C, you have to block the port like MAC filtering before configuring max hosts. In case of ISPs, it is possible to arrange a billing plan for each user by using this configuration.
Page 196 that can be learned on the system and on the port for a second. The number of MAC addresses that can be learned on the system has the priority. To configure max new hosts, use the following command. Command Mode Description The number of MAC addresses that can be learned on max-new-hosts PORTS VALUE...
Page 197: Mac Table
7.11 MAC Table A dynamic MAC address is automatically registered in the MAC table, and it is removed if there is no access to/from the network element corresponding to the MAC address during the specified MAC aging time. On the other hand, a static MAC address is manually registered by user.
Page 198 To display the MAC table in the switch, use the following command. Command Mode Description show mac [NAME] Shows switch MAC address, selection by port number Enable (subscriber port only): Global NAME: bridge name show mac NAME PORT Bridge PORT: port number There are more than a thousand of MAC addresses in MAC table, so it is difficult to find information you need at one sight.
Page 199: Address Resolution Protocol (Arp)
(VLAN ID) where packets are forwarded. The LW3008C ARP saves IP/MAC addresses mappings in ARP table for quick search. Referring to the information in ARP table, packets attached IP address is transmitted to network.
Page 200: Arp Request Message Interval
Command Mode Description clear arp Enable Deletes all ARP entries. Global clear arp INTERFACE Deletes the ARP entries on a specified interface. Bridge 7.12.1.2 ARP Log Interval To configure ARP log interval, use the following command. Command Mode Description arp logs interval INTERVAL Configures ARP log interval.
Page 201: Arp Alias
Although clients are joined in the same client switch, it may be impossible to communicate between them for security reasons. When you need to make them communicate each other, the LW3008C supports ARP alias, which responses the ARP request from client net through the concentrating switch.
Page 202: Arp Inspection
Command Mode Description show arp alias Enable/Global/Bridge Shows a registered ARP alias. 7.12.4 ARP Inspection ARP provides IP communication by mapping an IP address to a MAC address. However, a malicious user can attack ARP caches of systems by intercepting the traffic intended for other hosts on the subnet.
Page 203 Command Mode Description Discards all ARP packets of all IP addresses with all MAC addresses which have not learned before on ARP deny ip any mac {any | host inspection table or a specific MAC address MACADDR} any: ignores sender IP/MAC address host: sender host MACADDR: sender MAC address deny ip host A.B.C.D mac {any |...
Page 204 To delete the configured ranged of IP address to permit ARP packets, use the following command. Command Mode Description no permit ip any mac {any | host Deletes a configured range of IP address to permit ARP MACADDR} packets. no permit ip host A.B.C.D mac any: ignores sender MAC address {any | host MACADDR} host: sender host...
Page 205 7.12.4.3 ARP Address Validation The LW3008C also provides the ARP validation feature. Regardless of a static ARP table, the ARP validation will discard ARP packets in the following cases: In case a sender MAC address of ARP packet does not match a source MAC •...
Page 206 In case a target MAC address of ARP reply packet does not match a destination • MAC address of Ethernet header. In case of a sender IP address of ARP packet or target IP address is 0.0.0.0 or • 255.255.255.255 or one of multicast IP addresses. To enable/disable the ARP validation, use the following command.
Page 207 This function saves the information of users who are discarded by ARP inspection and generates periodic syslog messages. Log-buffer function is automatically enabled with ARP inspection. If LW3008C receives invalid or denied ARP packets by ARP inspection, it creates the table of entries that include the information of port number, VLAN ID, source IP address, source MAC address and time.
Page 208: Proxy Arp
7.12.5 Proxy ARP The LW3008C supports the proxy ARP. Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for another machine. By “faking” its identity, the router accepts responsibility for routing packets to the “real” destination. Proxy ARP can help the switches on a subnet reach remote subnets without configuring routing or a default gateway.
Page 209: Fig. 7.14 Proxy Arp
D, it will reply with its own MAC address to the host A. The proxy ARP replies that the LW3008C sends to the host A. The proxy ARP reply packet is encapsulated in an Ethernet frame with its MAC address as the source address and the host A’s MAC address as the destination address.
Page 210: Gratuitous Arp
7.12.6 Gratuitous ARP Gratuitous ARP is a broadcast packet like an ARP request. It containing IP address and MAC address of gateway, and the network is accessible even though IP addresses of specific host’s gateway are repeatedly assigned to the other. Configure Gratuitous ARP interval and transmission count using following commands.
Page 211: Ipv6 Neighbor Discovery(Nd)
IPv6 Neighbor Discovery(ND) Neighbor discovery (ND) is specified in RFC 2464. ND combines Address Resolution Protocol (ARP) and ICMP router discovery and Redirect. With IPv4, we have no means to detect whether or not a neighbor is reachable. With ND protocol, a neighbor unreachability detection mechanism has been defined.
Page 212: Configuring Ipv6 Prefix
To set the other stateful configuration flag in RA message, use the following command. Command Mode Description ipv6 nd other-config-flag Sets the other stateful configuration flag in RA. Interface Clears the other stateful configuration flag from RA. no ipv6 nd other-config-flag (default) Configuring IPv6 Prefix To configure how IPv6 prefixes are advertised in the IPv6 RA message, use the following...
Page 213: Ra Destination Configuration
The interval value should be less than or equal to the IPv6 Router Lifetime if this is a default router. RA Destination Configuration To configure the destination address of solicited RA (Router Advertisement) message which is supplied from source address of RS (Router Solicitation), use the following command. Command Mode Description...
Page 214: Ra Suppression
If the switch is configured with shorter reachable times, it enables detecting unavailable neighbors more quickly, however, shorter times consume more IPv6 network bandwidth and processing resources in all IPv6 network devices. We do not recommend configuring a short reachable time value. For example, to configure the reachable time of 1000 milliseconds for Ethernet interface br2, enter the following commands: SWITCH(config)# interface br2...
Page 215: Nd Duplicate Address Detection (Dad)
ND Duplicate Address Detection (DAD) To set the number of consecutive neighbor solicitation messages that are sent on an interface while duplicate address detection (DAD) is performed on the unicast IPv6 addresses of the interface, use the following command. Command Mode Description Configures the number of neighbor solicitation...
Page 216: Ipv6 Neighbor Discovery (Nd) Inspection
To set the stale timer for IPv6 neighbor reachability confirmation, use the following command. Command Mode Description ipv6 neighbor stale-time <10- Sets the stale timer for IPv6 neighbor reachability. 4294967295> Default: 86400 seconds Global no ipv6 neighbor stale-time Reverts the default stale timer. IPv6 Neighbor Discovery (ND) Inspection IPv6 Neighbor Discovery (ND) inspection feature can protect switches against IPv6 address spoofing.
Page 217 command. Command Mode Description Permits ND packets based on their IPv6 address and MAC address, which have not learned before on ND inspection table. permit ipv6 {host X:X::X:X | mac any: ignores sender MAC address X:X::X:X/M | any} mac {any | host ipv6 any: ignores sender IPv6 address MACADDR} host: sender host...
Page 218 WORD: sender MAC pattern value 0-5: offset value Discards ND packets of a given range of IPv6 deny ipv6 range X:X::X:X addresses. X:X::X:X mac any X:X::X:X: start/end IPv6 address of sender To delete the configured IPv6 address and MAC address for discarding ND packets, use the following command.
Page 219 Enables ND inspection filtering with the configured ND ipv6 nd inspection filter NAME access list on the VLAN. vlan VLANS NAME: ND access list name Global no ipv6 nd inspection filter Disables ND inspection filtering with a configured ND NAME vlan VLANS access list on specified VLAN.
Page 220 entries <0-1024> 0-1024: the max. number of entries (default: 32) Sets the interval for displaying syslog messages of ipv6 nd inspection log-buffer entries. Global logs <0-1024> interval <0- 0-1024: the number of syslog messages per specified 86400> interval (default: 5) 0-86400: interval value in second (default: 1 second) To delete the configured options of log-buffer function, use the following command.
Page 221: Nd Alias
1-2147483637: delay time (unit: second, default:1800 seconds) no ipv6 dhcp snooping nd- Delete the configured ND inspection delay time. inspection start 7.12.6.6 Displaying ND Inspection To display a status of the ND inspection, use the following command. Command Mode Description show ipv6 nd inspection [vlan Shows a status of the ND inspection.
Page 222: Displaying Neighbor Discovery
To set aging time of gateway IPv6 address in ND alias, use the following command. Command Mode Description nd alias aging-time Sets the aging time of gateway IPv6 address. <5-2147483647> 5-2147483647: aging time (default: 300 seconds) Global no nd alias aging-time Deletes the aging time of gateway IPv6 address.
Page 223: Icmp Message Control
7.13 ICMP Message Control ICMP stands for Internet Control Message Protocol. When it is impossible to transmit data or configure route for data, ICMP sends error message about it to host. The first 4 bytes of all ICMP messages are same, but the other parts are different according to type field value and code field value.
Page 224: Interval For Transmit Icmp Message
To release the blocked echo reply message, use the following command. Command Mode Description Releases blocked echo reply message to all partners no ip icmp ignore echo all who are taking ping test to device. Global icmp ignore echo Releases blocked echo reply message to partner who broadcast is taking broadcast ping test to device.
Page 225: Icmp Destination Unreachable Message
ICMP_TIME_EXCEEDED (11) ICMP_PARAMETE RPROB (12) ICMP_TIMESTAMP (13) ICMP_TIMESTAMPREPLY (14) ICMP_INFO_REQUEST (15) ICMP_INFO_REPLY (16) ICMP_ADDRESS (17) ICMP_ADDRESSREPLY (18) Tab. 7.2 Mask Calculation of Default Value To configure the limited ICMP transmission time, use the following command. Command Mode Description Configures a limited ICMP transmission time. ip icmp interval rate-limit INTERVAL Global INTERVAL: 0-2000000000 (unit: 10 ms)
Page 226: Icmp Redirect Message
7.13.4 ICMP Redirect Message ICMP redirect messages are used when a router recognizes a packet arriving on an interface and the best route is out that same interface. In that case the router sends an ICMP redirect message back to the source telling about a better router on the same subnet. To enable/disable generation of ICMP redirect messages, use the following command.
Page 227: Tcp Flag Control
7.14 TCP Flag Control Transmission Control Protocol (TCP) header includes six kinds of flags that are URG, ACK, PSH, RST, SYN, and FIN. For the LW3008C, you can configure RST and SYN as the below. 7.14.1 RST Configuration RST sends a message when TCP connection cannot be done to a person who tries to make it.
Page 228 the following command. Command Mode Description Enable Shows the usage of L3 interface, host, LPM, ECMP show ip tables summary Global entries. To specify the L3 table aging time, use the following command. Command Mode Description tables aging-time <10- Global Specifies the L3 table aging time (default: 300s).
Page 229: Packet Dump
The debug commands produce a large amount of processor overhead. The LW3008C also provides debug command for Layer 3 routing protocols (BGP, OSPF and PIM). If you want to debug about them, refer to the each configuration chapter.
Page 230: Debug Packet Dump
7.16.3 Debug Packet Dump The LW3008C provides network debugging function to prevent system overhead for unknown packet inflow. Monitoring process checks CPU load per 5 seconds. If there is more traffic than threshold, user can capture packets using tcpdump and save it to file. You can download the dump file with the name of file-number.dump after FP connection to the system.
Page 231 To delete a dump file, use the following command. Command Mode Description Deletes a specified dump file. delete dumpfile [FILENAME] Enable FILENAME: dump file name...
Page 232: Displaying Dump Packets
Displaying Dump Packets To display the dump packets, use the following command. Command Mode Description show dump packets Enable/Global Shows the dump packets. 7.16.1 Dump File To back up a dump file using FTP or TFTP, use the following command. Command Mode Description...
Page 233: Port Security
7.17 Port Security You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the PCs that are allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses.
Page 234: Port Security Aging
To disable the configuration of port secure, use the following command. Command Mode Description no port security PORTS Disables port security on the port. no port security PORTS mac- Deletes a secure MAC address for the port. address [MAC-ADDR vlan NAME] Bridge no port security PORTS Returns to the default number of secure MAC...
Page 235: Displaying Port Security
7.17.3 Displaying Port Security To display the information of the port security, use the following command. Command Mode Description Enable show port security [PORTS] Global Shows the information of the port security. Bridge...
Page 236: System Main Functions
8 System Main Functions Virtual Local Area Network (VLAN) The first step in setting up your bridging network is to define VLAN on your switch. VLAN is a bridged network that is logically segmented by customer or function. Each VLAN contains a group of ports called VLAN members.
Page 237: Port-Based Vlan
8.1.1 Port-based VLAN The simplest implicit mapping rule is known as port-based VLAN. A frame is assigned to a VLAN based solely on the switch port on which the frame arrives. In the example depicted in Fig. 8.1, frames arriving on ports 1 through 4 are assigned to VLAN 1, frame from ports 5 through 8 are assigned to VLAN 2, and frames from ports 9 through 12 are assigned to VLAN Stations within a given VLAN can freely communicate among themselves using either unicast or multicast addressing.
Page 238 8.1.1.1 Creating VLAN To configure VLAN on user’s network, use the following command. Command Mode Description Creates new VLAN by assigning VLAN ID: vlan create VLANS Bridge VLANS: VLAN ID (1-4094, multiple entries possible) The variable VLANS is a particular set of bridged interfaces. Frames are bridged only among interfaces in the same VLAN.
Page 239: Protocol-Based Vlan
8.1.1.4 Deleting VLAN To delete VLAN, use the following command. Command Mode Description Deletes associated ports from specified VLAN: vlan del VLANS PORTS Bridge VLANS: VLAN ID (1-4094) When you delete a VLAN, all ports must be removed from the VLAN; the VLAN must be empty.
Page 240: Mac-Based Vlan
8.1.3 MAC-based VLAN The LW3008C can assign a frame to a VLAN based on the source MAC address in the received frames. Using this, all frames emitted by a given end station will be assigned to the same VLAN, regardless of the port on which the frame arrives. This is useful for mobility application.
Page 241: Vlan Precedence
Fig. 8.2 Subnet-based VLAN To configure subnet-based VLAN, use the following command. Command Mode Description Configures subnet based VLAN. vlan subnet A.B.C.D/M VLANS VLANS: VLAN ID (1-4094) Bridge no vlan subnet [A.B.C.D/M] Clears configured VLAN based on subnet. To display the subnet-based VLAN configuration, use the following command. Command Mode Description...
Page 242: Qinq Vlan Mapping
Fig. 8.3 Example of QinQ Configuration If QinQ is configured on the LW3008C, it transmits packets adding another Tag to original Tag. Customer A group and customer B group can guarantee security because telecommunication is done between each VLANs at Double Tagging part.
Page 243: Vlan Description
Trunk Port By trunk port we mean a LAN port that is configured to operate as an inter-switch link/port, able of carrying double-tagged traffic. A trunk port is always connected to another trunk port on a different switch. Switching shall be performed between trunk ports and tunnels ports and between different trunk ports.
Page 244: Vlan Eline
VLAN Eline To create a VLAN, use the following command. Command Mode Description Creates a VLAN. vlan create VLAN_NAME [eline] Bridge eline: Enables E-line option VLAN_NAME:vlan name (ex. NAME | X | X-Y) 8.1.8 Tagged VLAN In a VLAN environment, a frame’s association with a given VLAN is soft; the fact that a given frame exists on some physical cable does not imply its membership in any particular VLAN.
Page 245: Displaying Vlan Information
Command Mode Description Configures tagged VLAN on a port: vlan add VLANS PORTS tagged Bridge VLANS: VLAN ID (1-4094) PORTS: port number 8.1.9 Displaying VLAN Information User can display the VLAN information about Port based VLAN, Protocol based VLAN, MAC based VLAN, Subnet based VLAN and QinQ.
Page 246 8.1.10.2 Shared VLAN This chapter is only for Layer 2 switch operation. The LW3008C is Layer 3 switch, but it can be used for Layer 2 also. Because there is no routing information in Layer 2 switch, each VLAN cannot communicate. Especially, the uplink port should receive packets from all VLANs.
Page 247: Fig. 8.5 Outgoing Packets Under Layer 2 Shared Vlan Environment
Fig. 8.5 Outgoing Packets under Layer 2 Shared VLAN Environment As above configuration with untagged packet, if an untagged packet comes into port 1, it is added with tag 1 for PVID 1. In addition, the uplink port 24 is also included in the default VLAN;...
Page 248: Sample Configuration
Incoming Packets under Layer 2 Shared VLAN Environment (2) In conclusion, to use the LW3008C as Layer 2 switch, user should add the uplink port to all VLANs and create new VLAN including all ports. If the communication between each VLAN is needed, FID should be same.
Page 249 Sample Configuration 2: Deleting Port-based VLAN The following is deleting br3 among configured VLAN. SWITCH(bridge)# vlan del br3 3 SWITCH(bridge)# exit SWITCH(config)# interface br3 SWITCH(interface)# shutdown SWITCH(interface)# exit SWITCH(config)# bridge SWITCH(bridge)# no vlan br3 SWITCH(bridge)# show vlan u: untagged port, t: tagged port ----------------------------------------------------------------- Name( VID| FID) |123456789012345678901234567890123456789012 -----------------------------------------------------------------...
Page 250 ..d....... SWITCH(bridge)# Sample Configuration 5: Configuring Shared VLAN with FID Configure br2, br3, br4 in the LW3008C configured Layer 2 environment and port 24 as Uplink port is configured. To transmit untagged packet through Uplink port rightly, follow below configuration.
Page 251: Link Aggregation (Lag)
| srcdstmac | srcip | srcmac} aggregation group. (default: srcdstmac) It is possible to input 0 to 7 to the trunk group ID because the LW3008C supports 8 logical aggregated ports, and the group ID of port trunk and the aggregator number of LACP cannot...
Page 252: Link Aggregation Control Protocol (Lacp)
Therefore, the LW3008C is configured to decide the way of packet route in order to divide on member port effectively when packets enter. It is decided with source IP address, destination IP address, source MAC address, destination MAC address and the user could get information of packets to decided packet route.
Page 253 Therefore, the LW3008C is configured to decide the way of packet route in order to distribute (or forward) packets to the member port effectively when packets enter. It is decided with Source IP address, destination IP address, source MAC address, destination MAC address and the user could get information of packets to decided packet route.
Page 254 To delete a configured distribution mode, use the following command. Command Mode Description no lacp aggregator distmode Bridge Deletes a configured distribution mode. AGGREGETIONS 8.2.2.3 Operation Mode After configuring the member port, configure the LACP operation mode of the member port. This defines the operation way for starting LACP operation.
Page 255 PORTS Bridge port for LACP. 8.2.2.6 BPDU Transmission Rate Member port transmits BPDU with its information. For the LW3008C, it is possible to configure the BPDU transmission rate, use the following command. Command Mode Description Configures BPDU transmission rate: lacp port timeout PORTS {short | PORTS: select the port number.
Page 256 1-15: key value (default: 1) To delete the key value of a specified member port, use the following command. Command Mode Description Deletes the key value of a specified member port, no lacp port admin-key PORTS Bridge select the member port number. 8.2.2.8 Port Priority To configure priority of an LACP member port, use the following command.
Page 257: Spanning Tree Protocol (Stp)
Spanning Tree Protocol (STP) The local area network (LAN), which is composed of double paths like token ring, has the advantage that it is possible to access in case of disconnection with one path. However there is another problem called a loop when you always use the double paths. The loop may occur when double paths are used for the link redundancy between switches and one sends unknown unicast or multicast packet that causes endless packet floating on the LAN like loop topology.
Page 258: Stp Operation
Meanwhile, the rapid spanning tree protocol (RSTP) defined in IEEE 802.1w dramatically reduces the time of network convergence on the spanning tree protocol (STP). It is easy and fast to configure new protocol. The IEEE 802.1w also supports backward compatibility with IEEE 802.1d.
Page 259: Fig. 8.12 Designated Switch
the path with the lower path-cost is selected. The standard to decide designated switch is total root path-cost which is added with path- cost to the root. The path-cost depends on the transmit rate of the switch LAN interface, and the switch with lower path-cost is selected as designated switch.
Page 260: Fig. 8.13 Port Priority
All these functions are automatically performed by BPDU, which is the bridge information exchange between switches to activate or disable a specific port. It is also possible to configure BPDU to modify the root switch or the path manually. Fig. 8.13 Port Priority Port States Each port on a switch can be in one of five states.
Page 261 Listening • The port is still not forwarding data traffic, but is listening to BPDUs in order to compute the spanning tree. The port is comparing its own information (path cost, Bridge Identifier, Port Identifier) with the information received from other candidates and deciding which is best suited for inclusion in the spanning tree.
Page 262: Rstp Operation
8.3.2 RSTP Operation STP or RSTP is configured on network where Loop can be created. However, RSTP is more rapidly progressed than STP at the stage of reaching to the last topology. This section describes how the RSTP more improved than STP works. 8.3.2.1 Port States RSTP defines port states as discarding, learning, and forwarding.
Page 263: Fig. 8.16 Example Of Receiving Low Bpdu
In this case, the switch C transmits BPDU including the root information to the switch B. Thus, SWITCH B configures a port connected to SWITCH C as the new root port. Fig. 8.16 Example of Receiving Low BPDU 8.3.2.3 Rapid Network Convergence In the figure below, a new link is connected between SWITCH A and the root.
Page 264: Fig. 8.18 Network Convergence Of 802.1W (1)
This is a very epochal way of preventing a loop. The matter is that communication is SWITCH D and SWITCH C is blocked. Then, right after the connection, it is possible to transmit BPDU although packets can not be transmitted and received between SWITCH A and the root. Fig.
Page 265: Fig. 8.20 Network Convergece Of 802.1W (3)
SWITCH B has only edge-designated port. Edge-designated does not cause loop, so it is defined in 802.1w to be changed to forwarding state. Therefore, SWITCH B does not need to block specific port to the forwarding state of SWITCH A. However since SWITCH C has a port connected to SWITCH D, the port should be in the blocking state.
Page 266: Mstp Operation
8.3.3 MSTP Operation To operate the network more effectively, the LW3008C uses MSTP (Multiple Spanning-Tree Protocol). It constitutes the network with VLAN subdividing logically the existing LAN domain and configures the route by VLAN or VLAN group instead of existing routing protocol.
Page 267: Fig. 8.23 Cst And Ist Of Mstp (1)
BPDU exchanges. The operation of deciding CST Root is called CIST (Common & Internal Spanning-Tree). Fig. 8.23 CST and IST of MSTP (1) In CST, A and B are the switches operating with STP, and C, D and E are those operating with MSTP.
Page 268: Fig. 8.24 Cst And Ist Of Mstp (2)
Fig. 8.24 CST and IST of MSTP (2) In the above situation, if B operates with MSTP, B will send its BPDU to CST root and IST root in order to request itself to be CST root. However, if any BPDU with higher priority than that of B is sent, B cannot be CST root.
Page 269: Stp Mode
8.3.4 STP Mode First of all, you need to enable STP function. You cannot configure any parameters related to Spanning Tree Protocol without this command. To enable STP function on the LW3008C, use the following command. Command Mode Description spanning-tree Bridge Enables STP function.
Page 270: Tab. 8.2 Stp Path-Cost (Short)
Tab. 8.2 STP Path-cost (short) Transmit Rate (bps) Path-cost 20000000 2000000 100M 200000 20000 2000 Tab. 8.3 RSTP Path-cost (long) When the route decided by path-cost gets overloading, you would better take another route. Considering these situations, it is possible to configure the path-cost of root port so that user can configure a route manually.
Page 271 no spanning-tree port PORTS Deleted a configured port priority. port-priority 8.3.5.4 Link Type A port that operates in full-duplex is assumed to be point-to-point link type, while a half-duplex is considered as a shared port. To configure the link type of port, use the following command. Command Mode Description...
Page 272: Configuring Mstp
Disables MSTP function on the system. 8.3.6.2 MST Region If MSTP is established in the LW3008C, decide a MSTP region the switch is going to belong to by configuring the MST configuration ID. Configuration ID contains a region name, revision, and a VLAN map.
Page 273 You can create the MSTP regions without limit on the network. But the instance id numbers of each region should not be over 64. After configuring the configuration ID in the LW3008C, you should apply the configuration to the switch. After changing or deleting the configuration, you must apply it to the switch. If not, it does not being reflected into the switch.
Page 274 4096 (default: 32768) Clears the Priority of the switch, enter the no spanning-tree mst <0-64> priority instance number. If you configure a priority of STP or RSTP in the LW3008C, you should configure MSTP instance ID number as 0. 8.3.6.4 Path-cost After deciding a root swich, you need to decide to which route you will forward the packet.
Page 275 STP/RSTP/MSTP. Display mode to see which mode the command displays. If LW3008C configured as STP or RSTP, instance ID should be [0]. However, if the user did not use the spanning-tree mst config_id commit command to apply the configurations to the switch, the configuration could be checked with the show pending command.
Page 276: Configuring Pvstp
8.3.7 Configuring PVSTP STP and RSPT are designed with one VLAN in the network. If a port becomes blocking state, the physical port itself is blocked. But PVSTP (Per VLAN Spanning Tree Protocol) and PVRSTP (Per VLAN Rapid Spanning Tree Protocol) maintains spanning tree instance for each VLAN in the network.
Page 277 PVSTP is activated after selecting PVSTP mode using spanning-tree mode rapid-pvst command. In PVSTP, you can configure the current VLAN only. If you input VLAN that does not exist, error message is displayed. For the switches in LAN where dual path does not exist, Loop does not generate even though STP function is not configured.
Page 278: Bpdu Configuration
8.3.7.4 Port Priority When all conditions of two routes of switch are same, the last standard to decide a route is port-priority. You can configure port priority and select a route manually. To configure a port priority for specified VLAN, use the following command. Command Mode Description...
Page 279 The configuration for BPDU is applied as selected in force-version. The same commands are used for STP, RSTP, MSTP and PVSTP. 8.3.8.1 Hello Time Hello time decides an interval time when a switch transmits BPDU. To configure hello time, use the following command. Command Mode Description...
Page 280 8.3.8.3 Max Age Maximum aging time is the number of seconds a switch waits without receiving spanning- tree configuration messages before attempting a reconfiguration. To configure the maximum aging time for deleting useless messages, use the following command. Command Mode Description Changes the maximum aging time of route message of spanning-tree mst max-age <6-...
Page 281 To prevent this problem, the LW3008C provides error-disable recovery function for BPDU guard cause. When an edge port is down for BPDU packet which came from other switch, the port is recovered...
Page 282: Root Guard
To enable the recovery function for BPDU guard edge-port, use the following command. Command Mode Description spanning-tree bpdu-guard auto- Specifies auto-recovery on edge ports. recovery Bridge spanning-tree bpdu-guard Deletes auto-recovery edge-port. auto-recovery To enable the recovery function for BPDU guard edge-port, use the following command. Command Mode Description...
Page 283: Topology Change Detection
Fig. 8.26 Root Guard Software-based bridge applications launched on PCs or other switches connected by a customer to a service-provider network can be elected as root switches. If the priority of bridge B is zero or any value lower than that of the root bridge, device B will be elected as a root bridge for this VLAN.
Page 284: Restarting Protocol Migration
8.3.11 Restarting Protocol Migration MSTP protocol has a backward compatibility. MSTP is compatible with STP and RSTP. If some other bridge runs on STP mode and sends the BPDU version of STP or RSTP, MSTP automatically changes to STP mode. But STP mode cannot be changed to MSTP mode automatically.
Page 285: Sample Configuration
To specify the time to recover from a specified error-disable cause, use the following command. Command Mode Description errdisable recovery interval Sets the interval of error-disable recovery: <30-86400> 30-86400: the recovery interval (default: 300 sec) Bridge errdisable recovery Deleted the con figured time for error-disable recovery interval and returns to the default setting.
Page 286: Fig. 8.27 Example Of Layer 2 Network Design In Rstp Environment
Fig. 8.27 Example of Layer 2 Network Design in RSTP Environment In ordinary case, data packets go to Root switch A through the blue path. The black arrows describe the routine path to the Aggregation Switch. And the dot lines are in blocking state. But if there is a broken between Switch A and Switch B, the data from PC-A should find another route at Switch D.
Page 287: Fig. 8.28 Example Of Layer 2 Network Design In Mstp Environment
Fig. 8.28 Example of Layer 2 Network Design in MSTP Environment The following is an example of configuring MSTP in the switch. SWITCH(bridge)# spanning-tree SWITCH(bridge)# spanning-tree mode mst SWITCH(bridge)# spanning-tree mst configuration SWITCH(config-mst)# instance 2 vlan 1-50 SWITCH(config-mst)# name test SWITCH(config-mst)# revision 1 SWITCH(config-mst)# apply SWITCH(config-mst)# exit...
Page 288: Loop Detection
LAN like loop topology. That superfluous traffic eventually can result in network fault. It causes superfluous data transmission and network fault. To prevent this, the LW3008C provides the loop detecting function. The loop detecting mechanism is as follows: The switch periodically sends the loop-detecting packet to all the ports with a certain interval, and then if receiving the loop-detecting packet sent before, the switch performs a pre-defined behavior.
Page 289 Command Mode Description loop-detect PORTS period <1- Sets the interval of sending the loop-detecting packet. Bridge 60> (default: 30 seconds) You can also configure the source MAC address of the loop-detecting packet. Normally the system’s MAC address will be the source MAC address of the loop-detecting packet, but if needed, Locally Administered Address (LAA) can be the address as well.
Page 290: Single Ip Management
The first benefit is the ability to manage a group of switches using a single IP address. The second benefit is the ability to interconnect two or more switches to create a distributed fabric, which behaves in the network as a unified system. The LW3008C provides the cascading technology’s benefits for the customer.
Page 291: Sample Configuration
Command Mode Description Accesses to a slave switch. rcommand NODE Global NODE: node number NODE means node ID from configuring cascading in Slave switch. If you input the above command in Mater switch, Telnet connected to Slave switch is displayed and it is possible to configure Slave switch using DSH command.
Page 292 SWITCH_A(config)# show stack device : default node ID : 1 node MAC address status type name port b8:26:d4:0a:00:aa active LW3008C SWITCH_A b8:26:d4:22:00:11 active LW3008C SWITCH_B SWITCH_A(config)# <Switch B – Slave Switch> SWITCH_B(config)# show stack device : default node ID : 2 SWITCH_B(config)#...
Page 293: Rate Limit
Egress and ingress can be configured both to be same and to be different. The LW3008C can apply the rate limit with 64 Kbps unit for GE port, and support ingress policing and egress shaping.
Page 294: Flood Guard
Flood Guard Flood guard limits number of packets, how many packets can be transmitted, in configured bandwidth, whereas Rate limit controls packets through configuring width of bandwidth, which packets pass through. This function prevents receiving packets more than configured amount without enlarging bandwidth. <Rate Limit>...
Page 295: Cpu Flood Guard
Occasionally, unknown unicast or multicast traffic is flooded to a switch port because a MAC address has timed out or has not been learned by the switch. To disable the flooding of multicast and unicast packets to an interface, use the following command.
Page 296: System Flood Guard
LW3008C provides the system flood guard function that controls traffic for a port by given threshold. If the number of incoming packets exceeds the threshold, the system generates a syslog message/SNMP trap or discards those packets.
Page 297: Port-Flood-Guard
BPDU is still transmitted even if the specific port is blocked by system flood guard. 8.7.4 Port-Flood-Guard LW3008C detects the amount of packets input regularly. If exceeds packets detected, the port is blocked. You can block the port traffic for a specific period of time and enhances network.
Page 298 blocks port. THRESHOLD: pps-control time in seconds. pps-control port PORTS block timer Specifies the time of blocking the port. <10-3600> no pps-control port PORTS Deletes pps-control configuration. no pps-control port PORTS block Deletes the time of blocking the port. To display configuration of pps-control, use the following command. Command Mode Description...
Page 299: Virtual Router Redundancy Protocol (Vrrp)
VRRP routers to prevent network failure caused by one dedicated router. You can configure maximum 255 VRRP routers in VRRP group of LW3008C. First of all, decide which router plays a roll as Master Virtual Router. The other routers will be Backup Virtual Routers.
Page 300: Configuring Vrrp
8.8.1 Configuring VRRP To configure the LW3008C as device in Virtual Router, use the following command on Global Configuration mode. Then you can configure VRRP by opening VRRP Configuration mode. Command Mode Description router vrrp INTERFACE GROUP- Configures Virtual Router (VRRP Group).
Page 301 selected as new Master Router according to their precedence. To configure Priority of Virtual Router or delete the configuration, use the following commands. Command Mode Description vr-priority <1-254> Configures Priority of Virtual Router. (default: 100) VRRP no vr-priority Deletes configured Priority of Virtual Router. Priority of Virtual Backup Router can be configured from 1 to 254.
Page 302 3.620 sec [1] associate address : 10.0.0.5 By default, Priority of the LW3008C is configured as “100”. Therefore, unless you configure specific Priority, this switch becomes Master Router because a device, which has lower IP address, has higher precedence.
Page 303 Master Router cannot be recognized, the communication would be impossible. For the LW3008C, you can configure Master Router to be changed by giving lower Priority to Master Router when the link of Master Router is disconnected. This function is VRRP...
Page 304: Fig. 8.33 Vrrp Track
Fig. 8.33 VRRP Track To configure VRRP Track, use the following command. Command Mode Description track interface INTERFACE Enables the interface tracking and decreases the VRRP VRRP priority <1-254> priority as the track results. To release VRRP Track configuration, use the following command. Command Mode Description...
Page 305 8.8.1.5 Authentication Password If anyone knows Group ID and Associated IP address, he can configure another device as a Virtual Router. To prevent this, user needs to configure a password, named authentication password that can be used only in Virtual Router user configured. To configure an authentication password for security of Virtual Router, use the following command on VRRP configuration mode.
Page 306: Vrrp Monitoring And Management
8.8.2 VRRP Monitoring and Management You can view all kinds of statistics and database recorded in IP routing table. The information can be used to enhance system utility and solve problem in case of trouble. You can check network connection and data routes through the transmission. 8.8.2.1 Displaying VRRP Protocol Information To display a configuration of VRRP, use the following command.
Page 307: Bandwidth
Enables VRRPv2 packets debugging. packet: VRRPv2 packets debug vrrp packet [send | recv | send: outgoing packets detail] recv: incoming packets detail: detail information Enables VRRP state machine debugging. sm: state machine debug vrrp sm [events | status | events: SM events timers] status: SM status timers: SM timers...
Page 308: Dynamic Host Configuration Protocol (Dhcp)
8.10 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard for simplifying the administrative management of IP address configuration by automating address configuration for network clients. The DHCP standard provides for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other relevant configuration details to DHCP-enabled clients on the network.
Page 309: Dhcp Server
The LW3008C flexibly provides the functions as the DHCP server or DHCP relay agent according to your DHCP configuration. 8.10.1 DHCP Server To activate/deactivate the DHCP function in the system, use the following command. Command Mode Description service dhcp Activates the DHCP function in the system.
Page 310 The following is an example of specifying the subnet as 100.1.1.0/24. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# You can also specify several subnets in a single DHCP pool. 8.10.1.3 Range of IP Address To specify a range of IP addresses that will be assigned to DHCP clients, use the following command.
Page 311 SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# default-router 100.1.1.254 SWITCH(config-dhcp[sample])# 8.10.1.5 IP Lease Time Basically, the DHCP server leases an IP address in the DHCP pool to DHCP clients, which will be automatically returned to the DHCP pool when it is no longer in use or expired by IP lease time.
Page 312 SWITCH(config-dhcp[sample])# lease-time max 10000 SWITCH(config-dhcp[sample])# dns-server 200.1.1.1 200.1.1.2 200.1.1.3 SWITCH(config-dhcp[sample])# If you want to specify a DNS server for all the DHCP pools, use the dns server command. For more information, see Section 6.1.7. 8.10.1.7 Manual Binding To manually assign a static IP address to a DHCP client who has a specified MAC address, use the following command.
Page 313 8.10.1.10 Static Mapping The LW3008C provides a static mapping function that enables to assign a static IP address without manually specifying static IP assignment by using a DHCP lease database in the DHCP database agent. To perform a static mapping, use the following command.
Page 314 Command Mode Description ip dhcp validate {arp | ping} Global Selects an IP address validation method. You can also set a validation value of how many responses and how long waiting (timeout) for the responses from an IP address for a requested ping or ARP when a DHCP server validates an IP address.
Page 315 DHCP requests from the DHCP client, which has the same hardware address. Some network devices may need plural IP addresses, but most DHCP clients like personal computers need only a single IP address. In this case, you can configure the LW3008C to prohibit assigning plural IP addresses to a single DHCP client.
Page 316 8.10.1.16 DHCP Packet Statistics To display DHCP packet statistics of the DHCP server, use the following command. Command Mode Description show ip dhcp server statistics Enable Shows DHCP packet statistics. Global clear ip dhcp statistics Deletes collected DHCP packet statistics. Bridge The following is an example of displaying DHCP packet statistics.
Page 317: Dhcp Address Allocation With Option 82
8.10.2 DHCP Address Allocation with Option 82 The DHCP server provided by the LW3008C can assign dynamic IP addresses based on DHCP option 82 information sent by the DHCP relay agent. The information sent via DHCP option 82 will be used to identify which port the DHCP_REQUEST came in on.
Page 318 8.10.2.3 Relay Agent Information Pattern To specify option 82 information for IP assignment, use the following command. Command Mode Description relay-information remote-id ip A.B.C.D [circuit-id {hex HEXSTRING | index <0-65535> | text STRING}] relay-information remote-id HEXSTRING DHCP Specifies option 82 information for IP [circuit-id {hex HEXSTRING | index <0-65535>...
Page 319: Dhcp Lease Database
8.10.3.1 DHCP Database Agent The LW3008C provides a feature that allows to a DHCP server automatically saves a DHCP lease database on a DHCP database agent. The DHCP database agent should be a TFTP server, which stores a DHCP lease database as numerous files in the form of leasedb.MAC-ADDRESS, e.g.
Page 320: Dhcp Relay Agent
Command Mode Description show ip dhcp lease {all | bound | Shows current DHCP lease status. abandon | offer | fixed | free} all: all IP addresses [POOL] bound: assigned IP address Enable abandon: illegally assigned IP address Global offer: IP address being ready to be assigned Bridge show ip dhcp lease detail fixed: manually assigned IP address...
Page 321: Fig. 8.35 Example Of Dhcp Relay Agent
Fig. 8.35 Example of DHCP Relay Agent To activate/deactivate the DHCP function in the system, use the following command. Command Mode Description service dhcp Activates the DHCP function in the system. Global no service dhcp Deactivates the DHCP function in the system. Before configuring DHCP server or relay, you need to use the service dhcp command first to activate the DHCP function in the system.
Page 322 If a DHCP helper address is specified on an interface, the LW3008C will enable a DHCP relay agent. You can also specify an organizationally unique identifier (OUI) when configuring a DHCP helper address. The OUI is a 24-bit number assigned to a company or organization for use in various network hardware products, which is a first 24 bits of a MAC address.
Page 323: Dhcp Option
To enable/disable a DHCP relay agent to recognize the DHCP server ID option in the forwarded DHCP_REQUEST message, use the following command. Command Mode Description Enables the system to recognize the DHCP server ID in ip dhcp relay aware-server-id the DHCP_REQUEST message. Global no ip dhcp relay aware-server-id Disables the DHCP server ID recognition option.
Page 324: Fig. 8.36 Dhcp Format
DHCP Option Format Code Length Value 1 byte 1 byte or variable 64 bytes Fig. 8.36 DHCP Format A code identifies each DHCP option. It can be expressed in value 0 to 255 by user configuration and some of them are predefined in the standards. (128 ~ 254 is site specific) A length can be variable according to value or can be fixed.
Page 325 applied in order of attribute value (1-32). type: The type of a value attr <1-32> type <0-255> length- length: The length of a value. It could be a fixed length hidden {<1-128> | variable} value by user input or a variable length according to the actual {hex | index | ip | string | if_ip} value length.
Page 326 SWITCH(config)# ip dhcp option format OPTION66_2 attr length-hidden variable value SWITCH(dhcp-opt[OPTION66_2])# tftp.furukawa.com SWITCH(dhcp-opt[OPTION66_2])# exit SWITCH(config)# ip dhcp pool test SWITCH(config-dhcp[test])# option code 66 format OPTION66_2 [DHCP Option 82] The DHCP option 82 field’s circuit-ID/remote-ID can be mapped to the option format defined by variable values with special character (%).
Page 327 SWITCH(dhcp-opt[circuit])# attr 2 type 2 length variable value string %SLOT SWITCH(dhcp-opt[circuit])# attr 3 type 3 length variable value string %PORT SWITCH(dhcp-opt[circuit])# attr 4 type 4 length variable value string %VID SWITCH(dhcp-opt[circuit])# attr 5 length-hidden variable value string %ONU-ID attr length-hidden variable value SWITCH(dhcp-opt[circuit])#...
Page 328: Dhcp Option 82
8.10.6 DHCP Option 82 In some networks, it is necessary to use additional information to further determine which IP addresses to allocate. By using the DHCP option 82, a DHCP relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server.
Page 329: Fig. 8.38 Dhcp Option 82 Operation
Fig. 8.38 DHCP Option 82 Operation 8.10.6.1 Enabling DHCP Option 82 To enable/disable the DHCP option 82, use the following command. Command Mode Description ip dhcp option82 Enables the system to add the DHCP option 82 field. Global no ip dhcp option82 Disables the system to add the DHCP option 82 field.
Page 330 system-remote-id text STRING system-remote-id option format NAME Because the remote-id option is applied to the system, the option format of variable values with GPON-related attributes (%ONU_PORT_NUM, %ONU_ID, %ONU_PORT_DESCRIPTION, etc.) SHOULD not be used for the remote-id in DHCP option 82 field. To specify a circuit ID, use the following command.
Page 331: Dhcp Client
8.10.7 DHCP Client An interface of the LW3008C can be configured as a DHCP client, which can obtain an IP address from a DHCP server. The configurable DHCP client functionality allows a DHCP client to use a user-specified client ID, class ID or suggested lease time when requesting an IP address from a DHCP server.
Page 332 8.10.7.1 Enabling DHCP Client To configure an interface as a DHCP client, use the following command. Command Mode Description ip address dhcp Enables a DHCP client on an interface. Interface no ip address dhcp Disables a DHCP client. 8.10.7.2 DHCP Client ID To specify a client ID, use the following command.
Page 333: Dhcp Snooping
8.10.7.7 Forcing Release or Renewal of DHCP Lease The LW3008C supports two independent operation: immediate release a DHCP lease for a DHCP client and force DHCP renewal of a lease for a DHCP client. To force a release or renewal of a DHCP release for a DHCP client, use the following command.
Page 334 entries are recorded in a DHCP snooping binding table. This table contains a hardware address, IP address, lease time, VLAN ID, interface, etc. It also gives you a way to differentiate between untrusted interfaces connected to the end- user and trusted interfaces connected to the DHCP server or another switch. The DHCP snooping only filters the DHCP server message such as a DHCP_OFFER or DHCP_ACK, which is received from untrusted interfaces.
Page 335 filter egress bcast-req port. Global dhcp snooping trust Disable filtering egress broadcast request packets on PORTS filter egress bcast-req the trust port. 8.10.8.4 DHCP Rate Limit To set the number of DHCP packets per second (pps) that an interface can receive, use the following command.
Page 336 8.10.8.6 Source MAC Address Verification The LW3008C can verify that the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet. To enable the source MAC address verification, use the following command.
Page 337 Command Mode Description Configures binding on DHCP snooping table. 1-4094: VLAN ID ip dhcp snooping binding <1-4094> PORT: port number PORT A.B.C.D MAC-ADDR <120- A.B.C.D: IP address 2147483637> Global MAC-ADDR: MAC address 120-2147483637: lease time (unit: second) clear ip dhcp snooping binding Deletes a specified static DHCP snooping binding.
Page 338 DHCP packets back and forth the LW3008C, would be lost. Thus, ARP inspection should be delayed to start during some time so that DHCP snooping table can build entries. If no time given, ARP inspection sees empty snooping table and drop every ARP packet.
Page 339 different options from clients, which cause DHCP server hard to manage client’s informtion in the perspective of data consistency. That’s why this function is necessay. The switch operating DHCP snooping can modify or attach an option field of the DHCP messages (Discover/Request) with a defined snooping option and can forward them to DHCP server.
Page 340: Ip Source Guard
8.10.8.13 Displaying DHCP Snooping Configuration To display DHCP snooping table, use the following command. Command Mode Description show ip dhcp snooping Shows a DHCP snooping configuration. Enable show ip dhcp snooping binding Shows DHCP snooping binding entries. Global show ip dhcp snooping lease-time Shows DHCP snooping lease time.
Page 341 To enable IP source guard, DHCP snooping needs to be enabled. To enable IP source guard with a source IP address filtering on a port, use the following command. Command Mode Description Enables IP source guard with a source IP address ip dhcp verify source PORTS filtering on a port.
Page 342: Debugging Dhcp
8.10.11.1 DHCP Packet Filtering For the LW3008C, it is possible to block the specific client with MAC address. If the MAC address blocked by administrator requests an IP address, the server does not assign IP. This function is to strength the security of DHCP server.
Page 343 The following is the function of blocking to assign IP address on a port. Command Mode Description ip dhcp filter-port PORTS Configures a port in order not to assign IP. Global no ip dhcp filter-port PORTS Disables DHCP packet filtering. The following is to designate MAC address which IP address is not assigned.
Page 344: Fig. 8.39 Dhcp Server Packet Filtering
Fig. 8.39 DHCP Server Packet Filtering To enable the DHCP server packet filtering, use the following command. Command Mode Description dhcp-server-filter PORTS Enables the DHCP server packet filtering. Bridge no dhcp-server-filter PORTS Disables the DHCP server packet filtering. To display a status of the DHCP server packet filtering, use the following command. Command Mode Description...
Page 345: Dynamic Host Configuration Protocol (Dhcp) For Ipv6
Dynamic Host Configuration Protocol (DHCP) for IPv6 Dynamic Host Configuration Protocol (DHCP) for IPv6 provides a device with addresses assigned by a DHCP server and other configuration information, which are carried in options. DHCPv6 offers the capability of automatic allocation of reusable network addresses.
Page 346: Tab. 8.4 Dhcpv6 Message Types
DHCPv6 Address Assignment Mechanism DHCP for IPv6 can provide stateful address configuration or stateless configuration settings to IPv6 hosts. IPv6 hosts use several methods to configure addresses: Stateful Mechanism It obtains interface address and configuration information from DHCP server. A site requires tighter control over exact address assignment.
Page 347: Fig. 8.40 Basic Dhcpv6 Message Format
Message types from client to server  - Solicit, Request, Confirm, Renew, Rebind, Release, Decline, Information-request Message types from server to client  - Advertise, Replay, Reconfigure Message type from relay to relay/server  - Relay-forward Message type from relay/server to relay ...
Page 348: Fig. 8.41 General Shared Relay Message Format
The following figure shows the structure of these kinds of messages. Fig. 8.41 General Shared Relay Message Format The Hop Count field (1-byte) indicates the number of relay agents that have received the message. A receiving relay agent can discard the message if it exceeds a configured maximum hop count.
Page 349: Tab. 8.5 Dhcpv6 Udp Port
The delegating router acts as a DHCP server, and is responding to the prefix request. It is configured with a set of prefixes to be used for assignment to customers at the time of each customer's first connection to the ISP service. The prefix delegation process begins when the requesting router requests configuration information through DHCPv6.
Page 350: Dhcpv6 Server
There is the four-message exchange handshake for a single interface with one IA_NA and one address for this IA_NA. To obtain an IP address, the DHCP client daemon (dhcpcd6) sends a Solicit message to the link-scoped address (FF02::1:2), which is received by the server and processed. If a free address is available for that client, an Advertise message is created and sent back to the client.
Page 351 To display a DHCPv6 pool configuration, use the following command. Command Mode Description Enable Shows the DHCPv6 address pool information show ipv6 dhcp pool [POOL] Global POOL: DHCPv6 pool name Bridge .10.11.4 Domain Name To set a domain name, use the following command. Command Mode Description...
Page 352 .10.11.7 DHCPv6 Options DHCPv6 can be used in two ways. The first way of using DHCPv6 is to grant clients addresses from a pool while also using DHCPv6 to push configuration options. This is called stateful configuration. The other option is to use DHCPv6 combined with SLAAC for addressing, while using DHCPv6 for configuration options.
Page 353 command. Command Mode Description Enables DHCPv6 server functionality on an interface. POOL: DHCPv6 pool name containing stateless and/or prefix delegation parameters ipv6 dhcp server POOL [rapid- rapid-commit: an option that allows for an abbreviated commit] [preference <0-255>] Interface exchange between the client and server 0-255: value used by clients to determine preference between multiple DHCPv6 servers no ipv6 dhcp server...
Page 354: Dhcpv6 Snooping
Command Mode Description Enable Shows all automatic client bindings for the specific IP show ipv6 dhcp binding Global address from the DHCPv6 server binding table. To delete/reset the configured bindings of DHCPv6 server, use the following command. Command Mode Description Enable Clears an automatic address binding from the DHCP clear ipv6 dhcp binding...
Page 355 10.11.11 DHCPv6 Snooping Port State To define a state of a port as trusted or untrusted, use the following command. Command Mode Description Configures the specified port as a DHCPv6 snooping ipv6 dhcp snooping trust PORTS trusted port. Global no ipv6 dhcp snooping trust Configures the specified port as a DHCPv6 snooping PORTS untrusted port.
Page 356 10.11.14 Specifying DHCPv6 Snooping Binding Entry The DHCPv6 snooping binding table contains a hardware address, IPv6 address, lease time, VLAN ID, and port information that correspond to the valid interfaces of the system. To manually add DHCPv6 snooping binding entry, use the following command. Command Mode Description...
Page 357: Dhcpv6 Relay Agent
Specifies a snooping option format on a port. ipv6 dhcp snooping port PORTS opt-code: DHCPv6 option code opt-code <1-254> format NAME NAME: DHCPv6 option format name Configures a policy against DHCP option belonging to a DHCP message (default: replace) keep: forwards a DHCP message to DHCP server ipv6 dhcp snooping port PORTS Global without any modification.
Page 358: Dhcpv6 Option
10.11.17 DHCPv6 Relay Agent Destination To specify a destination address to which client messages are forwarded and enable DHCP for IPv6 relay service on the interface, use the following command. Command Mode Description Specifies relay destination address on an interface. ipv6 dhcp relay...
Page 359 10.11.19 Entering DHCPv6 Option Mode To enter the DHCPv6 option mode, use the following command. Command Mode Description Enters the DHCPv6 option mode. ipv6 dhcp option format NAME Global NAME: DHCPv6 option format name 10.11.20 Configuring DHCPv6 Option Format To configure a DHCPv6 option format, use the following command. Command Mode Description...
Page 360: Debugging Dhcpv6
10.11.21 Deleting DHCPv6 Option Format To delete a specified DHCPv6 option format, use the following command. Command Mode Description no ipv6 dhcp option format Global Deletes the given DHCPv6 option format. NAME 10.11.22 Displaying DHCPv6 option To print a specified DHCPv6 option format, use the following command. Command Mode Description...
Page 361: Storm Control
The packet range that can be capable to accept is from 64 bytes to 1518 bytes. Therefore, packets not between these ranges will not be taken. However, the LW3008C can accept jumbo frame larger than 1518 bytes through user’s configuration.
Page 362: Maximum Transmission Unit (Mtu)
Hereby, LW3008C is supposed to block direct broadcast packet by default setting. However, you can enable or disable it in LW3008C. To block direct broadcast packet, use the following command. Command Mode...
Page 363: Configuring Pppoe Tag Option Format
8.15 Configuring PPPoE Tag Option Format PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a simple bridging access device to a remote Access Concentrator (AC). By using PPPoE with vendor tag, switch in the host network can include the additional information about itself before sending PPPoE packets to the AC.
Page 364 The packets can be mapped to the option format string that defined by variable values with special character (%). %FRAME: frame (chassis) number for receiving PPPoE packets %SLOT: slot number for receiving PPPoE packets %PORT: port number for receiving PPPoE packets %VID: VLAN ID tagged on packets %IN VID: inner VLAN ID %BANDWIDTH: bandwidth...
Page 365: Pppoe Vendor Tag Filtering
8.15.2 PPPoE Vendor Tag Filtering 8.15.2.1 PPPoE Snooping Mode To enable/disable PPPoE snooping, use the following command. Command Mode Description pppoe snooping Enables PPPoE snooping function. Global no pppoe snooping Disables PPPoE snooping function. 8.15.2.2 Configuring PPPoE Vendor Tag Filtering The PPPoE filter will decide the way that PPPoE packet is forwarded.
Page 366: Pppoe Debug
8.15.3 PPPoE Debug To enable debugging of all PPPoE or a specific feature of PPPoE, use the following command. Command Mode Description Enables PPPoE debugging. all: all PPPoE features debug pppoe {all | func | pkt} func: PPPoE function Enable pkt: PPPoE packet no debug pppoe {all | func | pkt} Disables PPPoE debugging.
Page 367: Ip Multicast
Fig. 8.43 shows an example of the IP multicast network. In this case, the LW3008C is configured only with IGMP snooping (L2 multicast forwarding feature) in the Layer 2 network. Fig. 8.43...
Page 368: Fig. 8.44 The Lw3008C With Pim-Sm
Fig. 8.44 The LW3008C with PIM-SM If more than one port are on the same Layer 2 interface and the LW3008C is a border router of the Layer 3 network, you should configure the LW3008C with both IGMP snooping and PIM-SM together.
Page 369: Multicast Group Membership
Using IGMP, hosts express an interest in a certain multicast group, and routers maintain the multicast group membership database by collecting the interests from the hosts. The LW3008C supports IGMP version 1, 2, and 3 each defined in RFC 1112, 2236, and 3376.
Page 370: Igmp Basic
(SSM). It also increases the multicast address capability, and enhances the se- curity from unknown multicast sources. 9.1.1.1 IGMP Version By default, the LW3008C runs IGMP version 3. To change the IGMP protocol version on a current interface, use the following command. Command Mode Description Sets an IGMP version on a current interface.
Page 371 query message for IGMP version 2 and 3. The QRV allows tuning for the expected packet loss on a network. If a network is expected to be lossy, the QRV value may be increased. When receiving the query message that contains a certain QRV value from a querier, a host returns the report message as many as the specified QRV value.
Page 372: Igmp Version 2
receiving IGMP messages from local hosts. 9.1.2 IGMP Version 2 In IGMP version 2, the new extensions such as the leave process, election of an IGMP querier, and membership report suppression are added. New IGMP messages, the leave group and group-specific query can be used by hosts to explicitly leave groups, resulting in great reduction of the leave latency.
Page 373 it can explicitly leave the group by sending leave group messages. Upon receiving a leave message, a querier then sends out a group-specific query message to determine if there is still any host interested in receiving the traffic. If there is no reply, the querier stops forwarding the multicast traffic.
Page 374 Command Mode Description Configures the IGMP static join for a range of IGMP groups by access lists. 1-99: IP standard access list ip igmp static-group list {<1-99> | <1300- 1300-1999: standard access list 1999> | WORD} (extended range) vlan VLAN port PORT [reporter A.B.C.D] WORD: access list name VLANS: VLAN ID (1-4094) reporter: host address...
Page 375 Deletes a specified general query interval. IGMP Startup Query Interval The LW3008C needs to acquire information of its multicast members for the updated membership when it becomes the querier on the specified IGMP interface. For the updated membership, LW3008C sends general query messages as a querier. You can specify the interval to send this query messages as many as the configured QRV value.
Page 376 the following command. Command Mode Description ip igmp query-max-response- Specifies a maximum query response time. time <1-240> 1-240: maximum response time (default: 10 seconds) Interface igmp query-max- Deletes a specified maximum query response time. response-time IGMP Querier Timeout There should be a single querier on a network segment to prevent duplicating multicast traffic for connected hosts.
Page 377: Igmp Version 3
igmp last-member-query- Deletes a specified last member query interval. interval IGMP Unsolicited Report Interval When one of its hosts joins a multicast address group to which none of its other hosts belong, sends unsolicited group membership reports to that group. You can specify the interval to send this unsolicited report messages as many as the configured QRV value.
Page 378: Displaying Igmp Information
The report can contain multiple group records, allowing reporting of full current state using fewer packets. The LW3008C runs IGMPv3 by default, and there are no additional IGMPv3 parameters you need to configure. IGMPv3 snooping features are provided.
Page 379 Command Mode Description show ip igmp groups [detail] show ip igmp groups A.B.C.D [detail] show ip igmp groups INTERFACE Shows the multicast groups with receivers directly [detail] connected to the router and learned through IGMP. Enable A.B.C.D: IGMP group address show ip igmp groups INTERFACE Global INTERFACE: interface name...
Page 380: Multicast Functions
9.2.1 Multicast Forwarding Database Internally, the LW3008C forwards the multicast traffic referred to the multicast forwarding database (McFDB). The McFDB maintains multicast forwarding entries collected from multicast protocols and features, such as PIM, IGMP, etc.
Page 381: Igmp Snooping Basic
command. Command Mode Description Specifies the maximum number of forwarding entries ip mcfdb aging-limit on the McFDB. <256-65535> 256-65535: number of entries (default: 5000) Global Deletes the specified maximum number of forwarding no ip mcfdb aging-limit entries. 9.2.1.3 Displaying McFDB Information To display McFDB information, use the following command.
Page 382: Fig. 8.46 Igmp Snooping
By maintaining this multicast forwarding table, the LW3008C dynamically forward multicast traffic only to those interfaces that want to receive it as nominal unicast forwarding does. Fig. 8.46 IGMP Snooping 9.2.2.1...
Page 383 9.2.2.2 IGMP Snooping Version The membership reports sent to the multicast router are sent based on the IGMP snooping version of the interface. If you statically specify the version on a certain interface, the reports are always sent out only with the specified version. If you do not statically specify the version, and a version 1 query is received on the interface, the interface dynamically sends out a version 1 report.
Page 384: Igmpv2 Snooping
Command Mode Description no ip igmp snooping robustness-variable Global Deletes a specified robustness variable. no ip igmp snooping vlan VLANS robustness-variable 9.2.3 IGMPv2 Snooping 9.2.3.1 IGMP Snooping Querier Configuration IGMP snooping querier should be used to support IGMP snooping in a VLAN where PIM and IGMP are not configured.
Page 385 Command Mode Description Specifies an IGMP snooping query interval in the unit ip igmp snooping querier query- of second. interval <1-1800> 1-1800: query interval (default: 125) Global ip igmp snooping vlan VLANS Specifies an IGMP snooping query interval on a VLAN. querier query-interval <1-1800>...
Page 386 Command Mode Description Enable show ip igmp snooping [vlan Shows IGMP querier information and configured Global VLANS] querier [detail] parameters. Bridge 9.2.3.2 IGMP Snooping Last Member Query Interval Upon receiving a leave message, a switch with IGMP snooping then sends out a group- specific (IGMPv2) or group-source-specific query (IGMPv3) message to determine if there is still any host interested in receiving the traffic.
Page 387 leave ip igmp snooping port PORTS Enables the IGMP snooping immediate leave on a port. immediate-leave PORTS: port number Enables the IGMP snooping immediate leave on a ip igmp snooping vlan VLANS VLAN. immediate-leave VLANS: VLAN ID (1-4094) To disable the IGMP snooping immediate leave, use the following command. Command Mode Description...
Page 388 The hosts received the group-specific queries send the report messages according to their IGMP membership status. However, LW3008C is enabled as IGMP snooping S-Query report agency, the group-specific queries are not sent downstream.
Page 389 VLANS explicit-tracking VLANS: VLAN ID (1-4094) You can also restrict the number of hosts on a port for the switch performance and enhanced security. To specify the maximum number of hosts on a port, use the following command. Command Mode Description ip igmp snooping explicit- Specifies the maximum number of hosts on a port.
Page 390 Static Multicast Router Port You can statically configure Layer 2 port as the multicast router port which is directly connected to a multicast router, allowing a static connection to a multicast router. To specify a multicast router port, use the following command. Command Mode Description...
Page 391 Command Mode Description ip multicast mrouter-pass- Enables to forward multicast traffic to the multicast through router ports. Global no ip multicast mrouter-pass- Disables to forward multicast traffic to the multicast through router ports. Displaying Multicast Router Port To display a current multicast router port for IGMP snooping, use the following command. Command Mode Description...
Page 392 no ip igmp snooping tcn flood Disables the switch to flood multicast traffic when TCN Global no ip igmp snooping tcn vlan is received VLANS flood TCN Flooding Suppression When TCN is received, the switch where an IGMP snooping is running will flood multicast traffic to all ports until receiving two general queries, or during two general query intervals by default.
Page 393: Igmpv3 Snooping
To disable the switch to send a query solicitation when TCN is received, use the following command. Command Mode Description no ip igmp snooping tcn query Disables the switch to send a query solicitation when Global solicit [address] TCN is received. IGMP Snooping TCN Debug To enable debugging of all IGMP snooping TCN, use the following command.
Page 394: Displaying Igmp Snooping Information
9.2.5 Displaying IGMP Snooping Information To display a current IGMP snooping configuration, use the following command. Command Mode Description Enable show ip igmp snooping [vlan Shows a current IGMP snooping configuration. Global VLANS] VLAN: VLAN ID (1-4094) Bridge To display the collected IGMP snooping statistics, use the following command. Command Mode Description...
Page 395: Multicast Vlan Registration (Mvr)
STP and IGMP snooping TCN, guaranteeing stable multicast services. MVR implemented for the LW3008C has the following restrictions, so you must keep in mind those, before configuring MVR. All receiver ports must belong to the both subscriber and multicast VLANs as un- •...
Page 396 9.2.6.3 Source/Receiver Port You need to specify the source and receiver ports for MVR. The followings are the definitions for the ports. Source Port • This is connected to multicast routers or sources as an uplink port, which receives and sends the multicast traffic. Subscribers cannot be directly connected to source ports.
Page 397: Igmp Filtering And Throttling
9.2.7 IGMP Filtering and Throttling IGMP filtering and throttling control the distribution of multicast services on each port. IGMP filtering controls which multicast groups a host on a port can join by associating an IGMP profile that contains one or more IGMP groups and specifies whether an access to the group is permitted or denied with a port.
Page 398 IGMP filtering only supports IGMPv2. • By the following command, LW3008C can permit or deny the IGMP packets by referring to its DHCP snooping binding table. This reference enables the system to permit IGMP messages only when the source IP address and MAC address of host have identified from the DHCP snooping binding table.
Page 399 9.2.7.2 IGMP Throttling You can configure the maximum number of multicast groups that a host on a port can join. To specify the maximum number of IGMP groups per port, use the following command. Command Mode Description Specifies the maximum number of IGMP groups for a ip igmp max-groups port PORTS port.
Page 400: Igmp Proxy
Description ip igmp proxy-service Designates the upstream interfaces of mroute proxy. Interface no ip igmp proxy-service Releases the upstream interface of mroute proxy. 9.2.8.3 Configuring Upstream Interface Mode When a single downstream interface is specified with multiple upstream interfaces, LW3008C...
Page 401 supports two methods of IGMP proxy operation that are priority mode and load balancing mode. You can choose the way how to handle multicast traffic going to upstream interfaces. The priority mode is configured by default. There are two modes for handling the multicast traffic toward upstream interfaces - Priority mode: Each downstream interface joins one upstream interface of the highest priority based on its credit, priority and vid.
Page 402 IF flapping, which can increase the stability and quality for multicast service. Using this function, the LW3008C gives a discredit to a IGMP IF for every flapping time, and then the IF is not selected as a forwarding path until its credit is regenerated.
Page 403 Command Mode Description clear ip igmp if flap discredit Enable Restores the current credit to a default value (100). [NAME] Global NAME: IGMP interface name 9.2.8.5 Disabling Verification of Source IP of IGMP Packets RPF (Reverse Path Forwarding) Check is basic operation to correctly forward multicast traffic down the distribution tree.
Page 404: Igmp State Limit
Command Mode Description ip igmp mroute-proxy querier Sets IGMP queries with original query’s source IP address proxy-service address that is received on the mroute-proxy interface Interface no ip igmp mroute-proxy querier Deletes the query’s source IP configuration. address proxy-service 9.2.8.8 Displaying IGMP Proxy Information To display IGMP proxy-service information, use the following command.
Page 405: Multicast-Source Trust Port
Disables a configured IGMP state limit per interface. 9.2.10 Multicast-Source Trust Port Any port of LW3008C can be specified as a multicast-source trust port which is registered in the multicast forwarding table. Only multicast-source trust ports can be received the multicast traffic.
Page 406: Multicast Routing
Multicast Routing 9.3.1.1 Enabling Multicast Routing By default, multicast routing is disabled. To configure the LW3008C to forward multicast traffic via Layer 3 network, you need to enable multicast routing. To enable Layer 3 multicast routing, use the following command.
Page 407: Fig. 8.47 Multicast Equal Cost Multipath (Ecmp)
To specify a TTL threshold for multicast packets, use the following command. Command Mode Description ip multicast ttl-threshold Specifies a TTL threshold for multicast packets. <0-255> 0-255: TTL value (default: 1) Interface no ip multicast ttl-threshold Deletes a specified TTL threshold for multicast packets. 9.3.1.3 ECMP Load Splitting Multicast routing protocols have different forwarding policies for the equal cost multipath...
Page 408 To specify the maximum number of multicast routing entries, use the following command. Command Mode Description Specifies the limit of the maximum number of multicast ip multicast route-limit LIMIT routing entries. [THRESHOLD] LIMIT: number of routing entries (1-214783647) Global THRESHOLD: warning threshold (1-214783647) no ip multicast route-limit Deletes a specified limit.
Page 409 To clear the multicast forwarding cache (MFC) and tree information base (TIB) entries in the PIM-SM protocol level, use the following command. Command Mode Description clear ip mroute * [pim sparse- Deletes all MFC and TIB entries in the PIM-SM mode] protocol.
Page 410: Pim Basic
9.3.1.7 Displaying MFIB Information The multicast forwarding information base (MFIB) is the group of the information to forward multicast traffic in Layer 3, which is maintained by currently running multicast routing protocol. You can verify the forwarding entries in the MFIB with the show ip mfib command. To display the multicast forwarding entries in the MFIB, use the following command.
Page 411 The LW3008C currently support PIM-SM only. PIM Messages The followings are simple descriptions of PIM control messages: Hello • PIM routers periodically send hello messages on all interfaces to discover neighbor- ing PIM routers and to determine which router will be the DR for each subnet.
Page 412 To enable PIM-SM passive mode on an interface, use the following command. Command Mode Description ip pim sparse-mode passive Enables PIM-SM passive mode on an interface. Interface no ip pim sparse-mode passive Disables PIM-SM passive mode on an interface. 9.3.2.2 DR Priority In PIM-SM, the designated router (DR) is normally the first-hop router of receivers (hosts), which is responsible to periodically send PIM join/prune messages toward the RP to inform...
Page 413 To display the information of PIM neighbor routers, use the following command. Command Mode Description Enable show ip pim neighbor [detail] Global Shows the information for PIM neighbor routers. Bridge 9.3.2.4 PIM Join/Prune Message Group Filtering If necessary, you can filter PIM join/prune messages from seperate group using access lists. When you enable this feature, a specifid PIM group of PIM join/prune messages from the trusted neighbor are denied by a specified range of access lists.
Page 414 VIF flapping, which can increase the stability and quality for multicast service. Using this function, the LW3008C gives a discredit to a VIF for every flapping time, and then the VIF is not selected as a forwarding path until its credit is regenerated.
Page 415 To set the VIF credit regenerating rate, use the following command. Command Mode Description ip pim vif flap discredit half- Sets the VIF credit regenerating rate. recover-time <0-3600> (default: 10 seconds) Global no ip pim vif flap discredit half- Deletes a configured VIF credit regenerating rate. recover-time If you configure this rate as 0, the VIF credit is not regenerated! To set the current credit as the default (100), use the following command.
Page 416: Pim-Sm
9.3.3 PIM-SM Rendezvous Point Tree (RPT) PIM-SM mainly uses a shared tree to deliver multicast traffic, called the RP tree (RPT). As its name implies, it relies on a core router called the Rendezvous Point (RP) that receives all multicast traffic from the sources and forwards that traffic to the receivers. Other routers do not need to know the information of the sources.
Page 417: Fig. 8.49 Shortest Path Tree
To establish the SPT to the multicast source, the DR sends the join message with (S, G) state toward that source. When the SPT between the receiver and source is established, and multicast traffic is sent via that distribution tree, the DR sends the prune message with (*, G) state toward the RP to prune the existing shared tree to receive the traffic.
Page 418 Static RP To elect the RP among candidate RPs in the shared tree, the LW3008C supports the BSR mechanism (see Section 9.3.3.2) and static RP, and also supports the simultaneous use of those.
Page 419 domain. To configure an interface to send the candidate RP advertisement to the BSR, use the following command. Command Mode Description Configures an interface to send the candidate RP advertisement. ip pim rp-candidate INTERFACE INTERFACE: interface name [group-list <1-99>] [interval <1- 1-99: IP standard access list 16383>] [priority <0-255>] 1-16383: advertising interval (unit: second)
Page 420 9.3.3.2 Bootstrap Router The bootstrap router (BSR) mechanism is one way that a multicast router can learn the set of group-to-RP mappings required in order to function. All multicast routers in PIM-SM domain can be potentially the bootstrap router (BSR); they are all considered as candidate BSRs.
Page 421 multicast sources just receives the traffic from the sources without any information. Even in the RPT, RPs must receive multicast traffic from the sources via the shortest path while receivers receive multicast traffic via the shared tree. Thus, the DR needs to inform the RP about the information for the source, and the SPT must be established between the DR and RP via (S, G) states.
Page 422 sources try to register with the RP, the RP then drops the PIM register messages from those sources. You can specify the either multicast source or source’s DR address in access lists. To enable the router to filter multicast sources, use the following command. Command Mode Description...
Page 423 The Cisco’s routers, however, validate the checksum for the whole register message including the data portion, resulting in incompatibility with the standard-based routers. To guarantee compatibility with the Cisco’s routers, the LW3008C provides the checksum option, which expands the range of the checksum calculation. To enable the Cisco checksum option, use the following command.
Page 424 Some older Cisco’s routers cannot recognize the GenID option in the hello messages, so the LW3008C provides the exclude-GenID option for the compatibility with the Cisco’s routers. To exclude the GenID option from the PIM hello messages, use the following command.
Page 425: Source Specific Multicast (Ssm)
To enable PIM-SM timer debugging, use the following command. Command Mode Description debug pim timer Enables PIM-SM timer debugging. debug pim timer assert [at] Enables PIM-SM assert timer debugging. Enables PIM-SM BSR timer debugging. debug pim timer bsr [bst | crp] bst: bootstrap debugging timer crp: candidate RP debugging timer Enables PIM-SM hello timer debugging.
Page 426 If LW3008C receives IGMPv1 or IGMPv2 report message from the host when static SSM mapping is enabled, it handles as if it receives IGMPv3 report messages.
Page 427 To configure the switch to statically map groups that match specified ACL to source address, use the following command. Command Mode Description Enables a static SSM mapping for the group that matches specified ACL and source address. ip igmp ssm-map static {<1-99> | 1-99: standard access list number <1300-1999>...
Page 428: Ipv6 Multicast
IPv6 Multicast Multicast is the communication for a single or many source hosts to a specific group of destination hosts, which is interested in the information from the sources. This type of acket transmission can be deployed for a number of applications with more efficient utilization of the network infrastructure.
Page 429 MLD Messages There are three types of MLD messages of concern to the host-router interaction as shown below: Query Message • A multicast router determines of any hosts are listening to a group by sending membership queries. The membership queries have two subtypes. - General query: In a query message, the multicast address field is set to 0 when MLD sends a general query.
Page 430: Fig. 8.50 Mldv1 Message Format
Type Code Checksum Maximum Response Delay Reserved Multicast Address (128 bits) Fig. 8.50 MLDv1 Message Format MLDv1 Messages Type: MLD message types • – General query / Multicast-address-specific query message (ICMPv6 #130) – Multicast Listener report message (ICMPv6 #131) – Multicast Listener done message (ICMPv6 #132) Code: This field is set to zero by the sender and ignored by receivers.
Page 431: Fig. 8.51 Mldv2 Query Message Format
Multicast Address (128 bits) Reserved QQIC Number of Sources (n) Source Address [1] 128bits … Source Address [n] 128bits Fig. 8.51 MLDv2 Query Message Format MLDv2 Messages • S (S Flag; Suppress Router-Side Processing): When a router sends or receives a query, it must update router’s timer to reflect to correct timeout values for the multicast address or sources being queried.
Page 432 network is expected to be lossy, the QRV value may be increased. When receiving the query message that contains a certain QRV value from a querier, a host returns the report message as many as the specified QRV value. To configure the QRV value on an interface, use the following command. Command Mode Description...
Page 433 show debugging mld snooping Enable Shows the debugging status of MLD. 9.3.4.7 MLD Access Control Multicast routers send membership query messages to determine which multicast groups have members in the attached local networks of the router. If hosts respond to the queries, the routers then forward all packets addressed to the multicast group to these group members.
Page 434 Command Mode Description ipv6 mld query-max-response- Specifies a maximum query response time. time <1-240> 1-240: maximum response time (default: 10 seconds) Interface ipv6 query-max- Deletes a specified maximum query response time. response-time MLD Querier Timeout There should be a MLD querier on a network segment to prevent duplicating multicast traffic for connected hosts.
Page 435 interval <1000-25500> 1000-25500: last member query interval (default: 1000 milliseconds) Interface no ipv6 mld last-member-query- Deletes a specified last member query interval. interval MLD Immediate Leave Normally, a querier sends a Multicast-address-specific or Multicast-address-source-specific query message upon receipt of a done message from a host. If you want to set a leave latency as 0 (zero), you can omit the querying procedure.
Page 436: Ipv6 Multicast Functions
9.3.4.9 Displaying MLD Information To display current MLD groups and relevant information, use the following command. Command Mode Description show ipv6 mld groups detail show ipv6 mld groups X:X::X:X [detail] Shows the multicast groups with receivers directly show ipv6 mld groups IFNAME Enable connected to the router and learned through MLD.
Page 437 Forwarding Entry Aging To specify the aging time for forwarding entries on the McFDB, use the following command. Command Mode Description Specifies the aging time for forwarding entries on the ipv6 mcfdb aging-time McFDB. <10-10000000> Global 10-10000000: IPv6 aging time (default: 300) no ipv6 mcfdb aging-time Deletes the specified aging time for forwarding entries.
Page 438 entry in the Layer 2 forwarding table for the destination address. Multicast addresses never appear as source addresses, therefore the switch cannot dynamically learn multicast addresses. This multicast flooding causes unnecessary bandwidth usage and discarding unwanted frames on those nodes which did not want to receive the multicast transmission. To avoid such flooding, MLD snooping feature has been developed.
Page 439 To delete the specified static MLD snooping version, use the following command. Command Mode Description Deletes the specified MLD snooping version and no ipv6 mld snooping version Interface returns to the default version. MLD Snooping Robustness Value The robustness variable allows you can tune to reflect expected packet loss on a congested network.
Page 440 Command Mode Description no ipv6 mld snooping querier Interface Disables the MLD snooping querier. If you do not specify a source address of an MLD snooping query, the IP address configured on the VLAN is used as the source address by default. MLD Snooping Query Response Time MLDv1/v2 membership query messages include the maximum query response time field.
Page 441 forwarding table until they send join requests in response to the switch's next general query message. So, it is recommended that you use the fast leave command only if there is one receiver behind the interface for a given group. To disable the MLD snooping fast leave, use the following command.
Page 442 Command Mode Description ipv6 snooping report- Interface Enables the MLD snooping report suppression. suppression To disable the MLD snooping report suppression, use the following command. Command Mode Description no ipv6 mld snooping report- Interface Disables the MLD snooping report suppression. suppression Multicast Router Port Configuration The multicast router port is the port which is directly connected to a multicast router.
Page 443 9.3.4.13 MLD State Limit You can use MLD State Limit feature to limit the number of MLD states that can be joined to a router on a per-interface or global level. The MLD group limits feature provides protection against DoS (denial of service) attacks caused by MLD packets. Membership reports exceeding the configured limits are not entered into the MLD cache and traffic for the excess membership reports is not forwarded.
Page 444 To display the debugging information, use the following command. Command Mode Description show debugging mld snooping Enable Shows the debugging status of MLD. 9.3.4.15 MLD-Proxy IF Flap Discredit MLD IF is MLD Proxy-enabled upstream or downstream interface that is used for MLD proxy implementation.
Page 445 (default: 5) no ipv6 mld if flap discredit-unit Deletes a configured discredit value. To set the MLD IF flap credit regenerating rate, use the following command. Command Mode Description ipv6 mld if flap recover-interval Specifies the interval of recovering its credit as much as <0-3600>...
Page 446: 10 Ip Routing Protocol
10 IP Routing Protocol 10.1 Border Gateway Protocol (BGP) The Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP) that is used to exchange routing information among routers in different autonomous systems (AS). BGP routing information includes the complete route to each destination. BGP uses the routing information to maintain a database of network reachability information, which it exchanges with other BGP systems.
Page 447: Basic Configuration
The ZebOS type requires no specific configuration for sending out BGP community and extended community attributes. ZebOS type is the default for the LW3008C. To select configuration type of the BGP router, use the following command.
Page 448 10.1.1.2 Enabling BGP Routing Step 1 To define an AS number and open Router Configuration mode, use the following command. Command Mode Description Assigns AS number to configure BGP routing and router bgp <1-4294967295> Global opens Router Configuration mode. 1-4294967295: AS number To specify a network to operate with BGP, use the following command.
Page 449: Synchronization
To display Router ID, use the following command. Command Mode Description show router-id Enable Shows Router-ID 10.1.1.5 Registering BGP Neighbor To assign IP address or peer group name for BGP Neighboring router within specified AS number, use the following command. Command Mode Description...
Page 450: Network Aggregation
no synchronization Deactivates synchronization between IGP and BGP. 10.1.3 Network Aggregation To manage the path information with network aggregate, use the following command. Command Mode Description Manages all network paths as one integrated network. aggregate-address A.B.C.D/M A.B.C.D/M: network address Router aggregate-address Deletes the configured network aggregation.
Page 451: Confederation
the local router as the route reflector and specify neighbors as its client, use the following command. Command Mode Description Configures BGP route reflector and specifies a neighbor neighbor {A.B.C.D | WORD} route- as its client. reflector-client A.B.C.D: BGP neighbor address in IP format Router WORD: existing peer group name or neighbor tag no neighbor {A.B.C.D | WORD}...
Page 452: Advanced Configuration
Removes an AS form the confederation. 65535> 10.1.6 Advanced Configuration The LW3008C is possibly configured for the additional configurations related BGP. 10.1.6.1 BGP Next-Hop Address Tracking BGP prefixes are automatically tracked as peering sessions are established. BGP next-hop address tracking feature significantly improves the response time of BGP to next-hop changes for routes installed in the RIB.
Page 453 10.1.6.2 Changing the Nexthop Information When you use the command to change the nexthop information that is sent to the iBGP peer, the nexthop information is set the IP address of the interface used to communicate with the neighbor. To configure the router as the next hop for a BGP-speaking router or peer group, use the following command.
Page 454 When comparing similar routes from more than 2 peers the BGP router does not consider router ID of the routes. It selects the first received route. The LW3008C uses router ID in the selection process; similar routes are compared and the route with lowest router ID is selected as the best route.
Page 455: Ip Address Family
BGP routers. Then, the MED is considered when selecting the best path among many alternative paths. The LW3008C, MED comparison is configured only among all paths from the autonomous system. You can configure the comparison of MEDs among all BGP routers within autonomous system.
Page 456: Route Dampening
Configuration mode allowing configuration of address-family specific parameters. Use the following command in order to enable address family routing process, which open you in Address-Family Configuration mode. Command Mode Description address-family ipv4 [multicast | Opens the Address-Family Configuration mode to unicast] configure sessions for IPv4 prefixes.
Page 457: Bgp Session Reset
Because the internal connections are re-established newly after resetting, the route information of the connected routers is restored by default. You can reset the session in specified condition. The LW3008C is available with several parameters to reset the BGP connections.
Page 458 the incoming advertised routes only, you should use in parameter. Meanwhile, if prefix-filter is configured with in option, ORF (Outbound Route Filtering) and incoming route can be reset. By using soft option, you can configure the switch to update route information only when the session is still connected. To reset the sessions of all peers and initialize the details of route configurations, use the following command.
Page 459 10.1.9.3 Session Reset of Specific Route To reset the sessions of BGP neighboring router with specified IP address, use the following command. Command Mode Description Enable Resets the sessions of BGP neighboring router with clear ip bgp A.B.C.D Global specified IP address. See Section 10.1.11.3 when you configure the detail parameters.
Page 460 external: clears all external peers. 10.1.9.5 Session Reset of Peer Group To reset the session for all members of a peer group, use the following command. Command Mode Description To reset the session for all configured routers of Enable clear ip bgp peer-group WORD specified peer group.
Page 461: Graceful Restart
A.B.C.D/M} The LW3008C can store updates for inbound soft reconfiguration. When a soft reset (inbound) is done on this neighbor, the locally stored routes are reprocessed according to the inbound policy. To use this method, set local router to save all routes and set soft reset.
Page 462: Bgp Neighbor
10.1.11.1 Default Route The LW3008C can be configured that particular neighboring BGP routers or peer group is assigned by default route as 0.0.0.0. Then, neighboring router or member of peer group is able to receive the information of default route from the designated routers.
Page 463 To generate the default route to BGP neighbor or peer group, use the following command. Command Mode Description Generates the default route to BGP Neighbor. neighbor {NEIGHBOR-IP | NEIGHBOR-IP: neighbor IP address WORD} default-originate [route- WORD: peer group name or neighbor tag map NAME] 1-65535: remote AS number Router...
Page 464 10.1.11.4 Force Shutdown The LW3008C supports the feature to force to shutdown any active session for the specified BGP router or peer group and to delete the routing data between them. It shutdowns all connections and deletes the received path information from neighboring router or peer group.
Page 465: Bgp Monitoring And Management
10.1.11.7 Updates for Inbound Soft Reconfiguration Soft-reconfiguration may be used in lieu of BGP route refresh capability. The LW3008C can store updates for inbound soft reconfiguration. When a soft reset (inbound) is done on this neighbor, the locally stored routes are reprocessed according to the inbound policy.
Page 466 Enables logging of BGP neighbor status changes Router no bgp log-neighbor-changes Disables logging of BGP neighbor status changes The LW3008C logs the following events using the above command. BGP notification received • Erroneous BGP update received • User reset request •...
Page 467 Command Mode Description bgp network import-check Checks BGP network route exists in IGP. Router no bgp network import-check Disables the function.
Page 468: Open Shortest Path First (Ospf)
10.2 Open Shortest Path First (OSPF) Open shortest path first (OSPF) is an interior gateway protocol developed by the OSPF working group of Internet Engineering Task Force (IETF). OSPF designed for IP network supports IP subnetting and marks on information from exterior network. Moreover, it supports packet authorization and transmits/receives routing information through IP multicast.
Page 469: Abr Type Configuration
10.2.2 ABR Type Configuration The LW3008C supports 4 types of OSPF ABR which are Cisco type ABR (RFC 3509), IBM type ABR (RFC 3509), IETF Draft type and RFC 2328 type. To configure ABR type of OSPF, use the following command.
Page 470: Compatibility Support
10.2.3 Compatibility Support OSPF protocol in the LW3008C uses RFC 2328 which is finding shorten path. However, Compatibility configuration enables the switch to be compatible with a variety of RFCs that deal with OSPF. Perform the following task to support many different features within the OSPF protocol.
Page 471 no ip ospf authentication [message-digest | null ] Interface Deletes configured authentication. no ip ospf A.B.C.D authentication [message-digest | null ] 10.2.4.2 Authentication Key If authentication enables on OSPF router interface, the password is needed for authentication. The authentication key works as a password. The authentication key must be consistent across all routers in an attached network.
Page 472 no ip ospf authentication-key no ip ospf authentication-key {first | second} no ip ospf A.B.C.D authentication-key Interface Deletes a configured authentication key. no ip ospf A.B.C.D authentication-key {first | second} no ip ospf message-digest-key <1-255> no ip ospf A.B.C.D message-digest-key <1-255>...
Page 473 10.2.4.5 Routing Protocol Interval Routers on OSPF network exchange various packets, about that packet transmission, time interval can be configured in several ways. The following lists are sort of time interval which can be configured by user: Hello Interval • OSPF router sends Hello packet to notify existence of itself.
Page 474 ip ospf A.B.C.D dead-interval <1- Configures a dead interval in the unit of second. 65535> 1-65535: interval value (default: 40) Interface no ip ospf A.B.C.D dead-interval Sets a dead interval to the default value. To configure a transmit delay, use the following command. Command Mode Description...
Page 475: Non-Broadcast Network
Configures the switch not to skip the MTU verification no ip ospf A.B.C.D mtu-ignore Interface in DD process. 10.2.4.7 OSPF Priority Routers have each role to exchange the information on OSPF network. DR (Designated Router) is one of essential role to get and transmit the route information in the same area. The router having the highest priority becomes DR (Designated Router).
Page 476: Ospf Area
Priority, Poll-interval configuration as well. Priority is information for designate router selection and it configured [0] as a default. Poll-interval is the waiting time to re-get the hello packet from dead Neighbor router. It configured 120 seconds as a default. To configure a router communicated by non-broadcast type, use the following command.
Page 477 ABR transmits routing information between Areas. In case of not to transmit router information to other area, the LW3008C can configure it as a blocking. First of all, use the access-list or prefix-list command to assign LIST-NAME. And use the following command to block the routing information on LIST-NAME.
Page 478 area {<0-4294967295> | A.B.C.D} filter-list access LIST-NAME {in | out} Blocks routing information on LIST- Router NAME. area {<0-4294967295> | A.B.C.D} filter-list prefix LIST-NAME {in | out} To delete configured blocking information, use the following command. Command Mode Description no area {<0-4294967295> | A.B.C.D} filter-list access LIST-NAME {in | out} Router Deletes configured blocking information.
Page 479 To configure NSSA with various features, use command with options. area <0-4294967295> NSSA command has 4 options as default-information-originate, no-redistribution, no- summary, translator-role and it can be selected more than 2 options without order. default- information-originate has metric <0-16777214> and metric-type <1-2> as an option, translator-role must choose one of candidate, never, always as an options.
Page 480 {candidate | never | always} 10.2.6.5 Area Range In case of OSPF belongs to several Areas, Area routing information can be shown in one routing path. Like as above, various routing information of Area can be combined and summarized to transmit to outside. To summarize and combine the routing information, use the following command.
Page 481 10.2.6.7 Stub Area Stub Area is that ABR is connected to Backbone Area. If it is assigned as Stub Area, ABR will notify the default path to Stub Area and other routing protocol information will not transmit to Stub Area. To create Stub Area, use the following command.
Page 482 Authentication • This is configuration for security of routing information. message-digest uses MD5 to encode for authentication, null means not using any of authentication. Authentication-key • Configures the authentication which is based on text encoding. Message-digest-key • Configures the authentication which is based on md5 type. Hello-interval •...
Page 483: Default Metric
area {<0-4294967295> | A.B.C.D} virtual-link A.B.C.D message-digest-key KEY md5 KEY area {<0-4294967295> | A.B.C.D} virtual-link A.B.C.D hello-interval <1-65535> area {<0-4294967295> | A.B.C.D} virtual-link A.B.C.D retransmit-interval <1-65535> area {<0-4294967295> | A.B.C.D} virtual-link A.B.C.D dead-interval <1-65535> area {<0-4294967295> | A.B.C.D} virtual-link A.B.C.D transmit-delay <1-65535> The following example shows how to configure virtual link with more than 2 options: area <0-4294967295>...
Page 484: Graceful Restart Support
Command Mode Description auto-cost reference-bandwidth <1- Configures default metric in the unit of Mbps. Router 4294967> (default: 100) To delete the configuration, use the following command. Command Mode Description no auto-cost reference-bandwidth Router Deletes the configuration. 10.2.8 Graceful Restart Support You need to restart OSPF protocol processor when there is network problem.
Page 485: Opaque-Lsa Support
<1- 1800> 10.2.9 Opaque-LSA Support Opaque-LSA is LSA Type-9, Type-10, Type-11. The LW3008C enables Opaque-LSA as a default but it can be released by user. To release the enabled Opaque-LSA management, use the following command. Command...
Page 486 command. Command Mode Description default-information originate Router Configures the default route. The following items are detail options for the Default Route configuration. metric • Configures Metric value of the default route. metric-type • metric-type is for type of finding the path. metric-type 1 uses internal path cost with external path cost as a cost, metric type 2 always uses external cost value only.
Page 487: Ecmp Route Hashing
To delete the configuration, use the following command. Command Mode Description no default-information originate no default-information originate metric <0-16777214> no default-information originate metric-type <1-2> Router Deletes the configuration. no default-information originate always no default-information originate route-map MAP-NAME 10.2.11 ECMP Route Hashing Equal-Cost Multi-Path (ECMP) is a forwarding mechanism that routes packets along multiple paths of equal cost.
Page 488 external route. Those routing information can distribute into OSPF network. There are 5 kinds of additional configuration about external routes to OSPF network. metric is configures Metric value of the default route, metric-type is for type of finding the path. metric-type 1 uses internal path cost with external path cost as a cost, metric type 2 always uses external cost value.
Page 489: Ospf Distance
To delete the default metric, use the following command. Command Mode Description default-metric [<0- Router Deletes the default metric. 16777214>] 10.2.13 OSPF Distance An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual router or a group of routers. Numerically, an administrative distance is an integer between 0 and 255.
Page 490: Host Route
Releases the configured as passive interface. 10.2.16 Blocking Routing Information The LW3008C can classify and restrict the routing information. To configure this function, sort the specific routing information in access-list first, and block the routing information in access-list. To block the routing information in access-list, use the following command.
Page 491: Summary Routing Information
To release the configuration, use the following command. Command Mode Description no distribute-list ACCESS-LIST out Router Releases the configuration. {bgp | connected | kernel | static} 10.2.17 Summary Routing Information In case of external routing protocol transmits to OSPF network, more than 2 routing information can be summarized as one.
Page 492 Command Mode Description show ip ospf Shows the information about OSPF protocol. Enable Shows the information about a specific process ID in Global show ip ospf <0-65535> OSPF protocol. To display OSPF routing table to ABR and ASBR, use the following command. Command Mode Description...
Page 493 10.2.18.2 Limiting Number of Database The LW3008C can limit the Number of Database to process in OSPF. For example, if a router connected with many of routers, it carries overload to process the database. Therefore, Limiting the Number of Database reduces the overload on system.
Page 494: Ospf Debug
internal route LSA and external route LSA, maximum number of LSA can configure on each class. And also, if the process of LSA is over the configured number, you can configure it to stop the process or send the caution message. When the outer route of LSA is overflowed the assigned value, you can configure it to restart OSPF after the waiting time.
Page 495 send | recv | detail] debug ospf route [ase | ia | Enables debugging about OSPF routing. install | spf] To disable OSPF debugging, use the following command. Command Mode Description no debug ospf [all] no debug ospf events [abr | asbr | lsa | nssa | os | router | vlink] no debug ospf ifsm [events | status | timers] no debug ospf lsa [flooding | generate | refresh]...
Page 496: Configuring Route Map
10.3 Configuring Route Map Route maps are used to redistribute routes between processes or for route health injection. To define a route map for use with supported feature, perform the following steps: Step1 Open Route-Map Configuration mode from Global Configuration mode to create a route map entry.
Page 497 unknown or learned through other means match route-type external {type- Matches the route type. 1 | type-2} To delete the specified match criteria, use the following command. Command Mode Description no match as-path [WORD] no match community {<1-99> | <100-199> | WORD } [exact-match] no match interface [INTERFACE] no match ip address [{<1-199>...
Page 498 Deletes the matched communities from set comm-list {<1-99> | <100-199> | WORD } community attribute delete inbound/outbound update when applying route-map. set dampening [<1-45>] Sets route-flap dampening set dampening <1-45> <1-20000> <1-20000> parameters. <1-255> [<1-45>] set extcommunity rt AA:NN Sets the extended community attribute. rt: specifies the route tatget of the extended community set extcommunity soo AA:NN...
Page 499 <1-255> [<1-45>] no set extcommunity rt [AA:NN] no set extcommunity soo [AA:NN] no set ip next-hop [A.B.C.D] no set ipv6 next-hop [ X:X::X:X] no set ipv6 next-hop local [X:X::X:X ] no set local-preference [<0-4294967295>] no set metric {<0-4294967295> | <+/-metric>} no set metric-type {type-1 | type-2} no set origin {egp | igp | incomplete} no set originator-id [A.B.C.D]...
Page 500: 11 Gpon Configuration
11 GPON Configuration Gigabit Passive Optical (GPON) technology has the active network elements OLT (Optical Line Termination) at the central office and ONU/ONT (Optical Network Unit / Termination) at the subscriber site. Typical GPON configuration consists of a single PON port at the OLT and a number of ONUs connected to it over a single fiber feeder.
Page 501: Fig. 11.2 Cli Structure Of Gpon Configuration Mode
Specifying OLT and ONU ID When specifying an OLT ID in the CLI, you can simply put the number in the form of PORT number such as 1, 2, 3, 4…7, 8. Multiple input is also possible, e.g. 1, 2, 3 or 3-4. When specifying an ONU ID, just remember that the ONU ID is always between 1 and 128 or ONU serial number.
Page 502: Olt Management
The following shows the main commands of GPON Configuration mode. SWITCH(config)# gpon SWITCH(gpon)# ? GPON configuration commands: clear Reset functions dba-profile Configure GPON DBA Profile debug Debugging functions To run exec commands in config mode exit End current mode and down to previous mode extended-vlan-tagging-operation Configure Extended Vlan Tagging Operation (ME:171)
Page 503: Maximal Distance Between Olt And Onu (Ont)
11.1.1.1 OLT Description To specify or modify a description of an OLT, use the following command. Command Mode Description olt description DESCRIPTION Registers the OLT’s description. GPON-OLT no olt description Deletes the description of OLT. To display a description of an OLT, use the following command. Command Mode Description...
Page 504: Downstream Encryption
Deleted the configured total amount of bandwidth in no olt total upstream-bw use for upstream traffic. To display the information of OLT’s total upstream bandwidth, use the following command. Command Mode Description show olt total upstream-bw GPON-OLT Shows the total upstream bandwidth of OLT. 11.1.2 Downstream Encryption This command requires a special request to operate and only available once negotiated.
Page 505: Olt Optical Transceiver Parameter
(ONT) fault detection feature. Normally, if an ONU (ONT) fault occurs, a specific error signal is followed by the fault. Thus, the LW3008C validates whether an ONU (ONT) fault occurs by detecting the specific error signal. The auto ONU fault detecting mechanism is as follows:...
Page 506: Forward Error Correction (Fec) Mode
If the power of ONU is turned off by user, this ONU is supposed to send the alarm message of dying-gasp to OLT. When the last ONU is deregistered from the LW3008C after it generates an alarm by ONU dying-gasp event, we can regard that the link of this GPON port is down and it’s not the cable connection problem.
Page 507: Source Mac Address Monitoring
GPON 11.1.8 Source MAC address Monitoring The LW3008C can monitor its source MAC table to find a defective ONUs (ONTs). Auto ONU (ONT) blocking function can be used to manage and troubleshoot the defective ONU-related problems. To enable/disable OLT for source MAC address monitoring, use the following command.
Page 508: Onu Mac Address Filtering
Command Mode Description Forces the state of a blocked ONU ID to change to onu unblock ONU-ID GPON-OLT unblocked state. To display the information of source MAC monitoring, use the following command. Command Mode Description Enabl show olt srcmac-monitor [OLT-ID] Global Shows the configured source MAC address GPON...
Page 509: Vlan Filtering
To enable/disable the MAC filtering function for ANI-side bridge port, use the following command. Command Mode Description onu mac-filter ONU-ID ani {mapper | Enables the MAC filtering function per ANI-side gem} PORT {filter | forward} MACADDR mapper ID or GEM port ID. GPON- no onu mac-filter ONU-ID ani {mapper | Disables the MAC filtering function per ANI-side...
Page 510: Downstream Traffic Control
11.1.11 Downstream Traffic Control The system provides the function to control the downstream traffic based on MAC address and VLAN ID by each OLT. Basically, the OLT system creates MAC table through MAC learning with the incoming traffic from ONU, and transmits the downstream traffic to GEM port with the MAC table information.
Page 511 To display the configuration of downstream traffic control, use the following command. Command Mode Description show onu vlan-gem-mapping Shows VLAN ID mapped to GEM port of ONU. OLT-ID Enable show olt ds-gem-mapping [OLT- Shows the GEM port mapping mode configured on the Global OLT.
Page 512: Dynamic To Static Gem Port
To display the configuration of downstream QoS mapping, use the following command. Command Mode Description show olt ds-qos-mapping [OLT- Shows the queue count and CoS-Queue mapping table Enable of the GPON OLT. Global show olt ds-qos-mapping mode GPON Shows the QoS mapping mode configured on the OLT. [OLT-ID] Shows the queue count and CoS-Queue mapping table show olt ds-qos-mapping...
Page 513: Multicast/Broadcast Gem Port Separation
11.1.14 Multicast/Broadcast GEM Port Separation All the downstream multicast and broadcast flows from the LW3008C are transmitted through a single GEM port ID. The multicast and broadcast flows need to be separated from each other to properly forward all broadcast/multicast traffic for multiple ONTs.
Page 514: Onu Rx-Power Update
To configure the threshold of dynamic / fixed T-CONT count for ONT, use the following command. Command Mode Description olt threshold tcont dynamic DYNAMIC_VALUE [fixed Sets the threshold of Dynamic/Fixed T-CONT count for FIXED_VALUE] ONT. DYNAMIC_VALUE: 1 to 384 olt threshold tcont fixed GPON-OLT FIXED_VALUE: 1 to 384 FIXED_VALUE [dynamic...
Page 515: Configuration For Rf Return Packet Forwarding
Configuration for RF Return Packet Forwarding In case the ONUs are connected with the set-top-boxes supporting Ethernet return path capabilities, GPON OLT can use Ethernet for the return path to head-end infrastructure. Deploying an ONU/MDU with an RF to Ethernet converter enables RF-digital-RF conversion. At the ONU, the upstream return path packet is carried in GPON OLT.
Page 516: Onu Cos Remarking
11.1.16.2 Loopback Test To verify the loopback with the ONU, use the following command. Command Mode Description Verifies the loopback with ONU ID. loopback test ONU-ID [timeout ONU ID (1 to 128) or ONU serial number GPON-OLT <1-1000>] 1-1000 : valid loopback test time in millisecond. 11.1.17 ONU CoS Remarking To configure CoS remarking feature based on the specific MAC/IP for ONU, use the following...
Page 517: Onu Deactivation Monitoring
the same GPON, the system regards the latest ONU(s) as the fault operation, and make the ONU(s) block the inflow of sub-level MAC by MAC filtering. Through this anti-spoofing, the system can prevent the malicious spoofing attack. To enable/disable the OLT anti-spoofing, use the following command. Command Mode Description...
Page 518 To enable/disable ONU deactivation monitoring, use the following command. Command Mode Description olt deactive-monitor {enable | Enables/disables deactivation monitoring GPON-OLT disable} function. To configure ONU deactivation monitoring, use the following command. Command Mode Description olt deactive-monitor alarm-raise Sets the deactive ONU-raise percent. <1-99>...
Page 519: Olt Bit Error Ratio (Ber)
11.1.20 OLT Bit Error Ratio (BER) You can configure the monitor direction and the alarm threshold of the bit error ratio. The system generates a bit error ratio (BER) alarm when the total number of error bits or bit error rate of the data transferred between the OLT and ONUs exceeds the alarm threshold. Both uplink and downlink data between OLT and ONU can be monitored.
Page 520: Ploam Messages
Command Mode Description Enables the OMCC recovery monitoring function with olt omcc-recovery enable ONU deactivation process. Sets the threshold limit for OMCC recovery attempts. olt omcc-recovery threshold <5- 5-720: the number of times OLT can atttemp to retry 720> OMCC recovery (default: 5) omcc-recovery mode GPON-OLT...
Page 521: Transceiver Type Configuration
To enable/disable a ONU to use the physical layer OAM (PLOAM) fuctions, use the following command: Command Mode Description Enables/Disables the specific ONU to use the PLOAM olt specific-ploam {enable | GPON-OLT functions disable} SEREIAL_NUM SEREIAL_NUM: ONU serial number (HEX ) To reset a ONU using the physical layer OAM (PLOAM) message, use the following command: Command...
Page 522 Command Mode Description show olt mac [OLT-ID] [ONU-ID] GPON Shows the information of MAC address of ONU(OLT). show olt mac [ONU-ID] GPON-OLT To display OLT MAC statistics information, use the following command. Command Mode Description show olt mac count [OLT-ID] [ONU- GPON Shows the information of MAC entries statistics.
Page 523 show olt statistics Shows all the statistics information. GPON-OLT show olt statistics onu ONU -ID Shows ONU statistics information. SWITCH(config-gpon-olt[1])# show olt statistics ------------------------------------------------------------------------------ OLT : 1 Downstream Upstream ------------------------------------------------------------------------------ (Pon counter) Pon valid eth packets 1829234499 Pon CPU packets 136329 Pon ploams 108609...
Page 524 GPON number IDs]...
Page 525: Onu Management
This section describes how to manage an ONU (ONT). The LW3008C provides the centralized remote ONU (ONT) management concept, so you can manage every remote ONU (ONT) connected to the LW3008C without any local configuration for the ONUs (ONTs). 11.2.1...
Page 526 Serial Number-based ONU Registration For ONU (ONT) registration, OLT requests a serial number of the connected ONUs (ONTs) periodically. OLT registers a specific ONU which replies to OLT with its serial number. The system can allocate ONU-ID to an ONU which sends a valid serial number to OLT. When ONU with the specific serial number is activated, it is assigned the allocated ONU-ID.
Page 527 Similarly, ONU is registered first in the OLT with a specific and uniquelogical ID and this one must be also locally configured to ONU via ONT’s Web UI. The logical ID includes two parts: an LOID (Logical ONU ID) and a Password. So the OLT and the network management system based on logical identification of the ONU authentication should support two kinds of configuration: only LOID and LOID + Password.
Page 528 case of configured as LOID mode. Shows the registered ONU information. Shows the ONU information registered in manual mode show onu active [ONU-ID] in case of configured as LOID mode. ONU-ID: ONU ID (1 to 128) or ONU serial number Shows the ONU information registered in manual and GPON-OLT show onu active all...
Page 529 olt auto-to-manual disable GPON-OLT To display the ONU registration mode, use the following command. Command Mode Description Enable show olt auto-to-manual [OLT- Global Shows the current ONU registration mode. GPON show olt auto-to-manual GPON-OLT 11.2.1.5 Changing ONU Registration Mode If user wants to change automatically the states of ONU (ONT) to manage manually at a time, use the following command.
Page 530: Assigning Ip Address
blocks traffic transmission and ONU activation is maintained. Command Mode Description onu block ONU-ID Blocks traffic transmission for ONU. GPON-OLT onu unblock ONU-ID Unblocks traffic transmission for ONU. 11.2.1.8 ONU Description To specify or modify a description of an ONU, use the following command. Command Mode Description...
Page 531: Activating Administration For Uni
Command Mode Description Configures the IPv6 host service ID, IPv6 address and IPv6 gateway address for an ONU. onu static-ip ONU-ID ipv6-host ONU-ID: ONU ID (1 to 128) or ONU serial number SERVICE-ID X:X::X:X/M default- SERVICE-ID: IPv6 host service ID router X:X::X:X GPON-OLT X:X::X:X/M: IPv6 address...
Page 532: Onu Firmware Upgrade
11.2.2 ONU Firmware Upgrade The LW3008C provides the remote ONU (ONT) upgradeability. This feature allows the system administrators not to offer the local service for a single ONU (ONT) upgrade at the customer premise. To upgrade an ONU (ONT) successfully, you need to download a new ONU (ONT) firmware in the system.
Page 533 Command Mode Description Enable Global Shows the downloaded ONU (ONT) firmware list in show onu firmware-list GPON OLT. GPON-OLT (2) Downloading Firmware to ONU (Upgrading) To download the specified ONU (ONT) firmware in the ONU (ONT), use the following command. Command Mode Description...
Page 534 In order to use the new upgraded firmware, you should restart the ONU (ONT). At this time, the upgraded OS should be specified as a default OS by using onu firmware commit command. Before restarting the ONU (ONT), you should check the service status of ONU, whether to save the other configuration, or else.
Page 535 To display the list of the downloaded ONU (ONT) firmware in OLT, use the following command. Command Mode Description Enable Global Shows the downloaded ONU (ONT) firmware list in show onu firmware-list GPON OLT. GPON-OLT (2) Upgrading Firmware To upgrade an ONU (ONT) with the downloaded ONU (ONT) firmware, use the following command.
Page 536 ONU-ID: ONU ID (1 to 128) or ONU serial number 11.2.2.3 Auto Upgrade For efficient system maintenance, the LW3008C provides the auto upgrade functionality for ONU firmware in the operational environment. You can simply upgrade the ONU firmware without an effort for every single ONU.
Page 537 To configure the auto upgrade for ONU, use the following command. Command Mode Description Configures to be auto-upgraded with the specified auto-upgrade firmware firmware for the ONU. NAME: ONU model name NAME FW_NAME FW_NAME: ONU firmware name Configures to be auto-upgraded with the specified firmware for the ONU through the TFTP/FTP server.
Page 538 onu auto-upgrade version-match Sets auto upgrade of ONU firmware version. all enable GPON-OLT onu auto-upgrade version-match Sets auto upgrade of ONU firmware version if the all disable version is lower than the last version. To specify the execution condition of ONU auto upgrade configuration above, you should specify a target version of ONU firmware with (or without) exclude option.
Page 539 • Retry Count for Auto Upgrade The retry count argument specifies how many times to retry the auto upgrading of ONU if the first attempt fails. To specify the retry count of auto upgrade, use the following command. Command Mode Description Specifies the retry count of auto upgrade.
Page 540 The following is an example of displaying the progress of ONU auto-upgrade and a list of ONU model name configured to be auto-upgraded. SWITCH(gpon)# show onu auto-upgrade info --------------------------------------------------------------------------------- Auto-upgrade Start Time : 17 (End Time : 18) Auto-upgrade Reboot Time : 17 --------------------------------------------------------------------------------- OLT | Mode |...
Page 541: Diagnostic Monitoring For Onu's Optical Transceiver
Command Mode Description Enable Shows the status of ONU firmware. show onu firmware version OLT- Global OLT-ID: GPON port number ID [ONU-IDs] GPON ONU-ID: ONU ID (1-128) or ONU serial number show onu firmware version Shows the status of ONU firmware. GPON-OLT [ONU-IDs] ONU-ID: ONU ID (1-128) or ONU serial number...
Page 542: Max Host
Configures the PPPoE of ONU and sets the user and password for PPPoE configuration server. onu pppoe ONU_ID host ONU-ID: 1 - 128 or ONU serial number HOST_NUM user-account USER HOST_NUM: host number PASSWORD USER :user name used for authentication PASSWORD: password used for authentication GPON-OLT no onu pppoe ONU_ID host...
Page 543: Onu Rate Limit Configuration
bridge BRIDGE_ID {uni-eth | vir- ONU_ID: ONU ID or ONU serial number eth} UNI_NUMBER <8-1031616> BRIDGE-ID: bridge ID uni-eth: UNI ethernet vir-eth: virtual ethernet UNI_NUMBER: UNI port number GPON-OLT 8-1031616: maximum number (Bandwidth in steps of 8kbps) no mcast-rate-limit ONU_IDs Deletes configured maximum multicast bandwidth of bridge BRIDGE_ID {uni-eth | vir- ONU.
Page 544: Statistics Gem Configuraiton
Enable show onu rate-limit {gemport | Global uni} GPON Shows the information of rate-limit configured for ONU show onu rate-limit {gemport | GPON-OLT uni} [ONU_ID] Statistics GEM Configuraiton To configure the statistics gem avg of OLT, use the following command. Command Mode Description...
Page 545 ④ ③ GPON ONU GPON OLT RADIUS Server ① Upload MIB Info: During the initial connection between OLT and ONU, the ONU uploads the MIB information. On the OLT side, the OLT checks the ONU validation using ONU model name, firmware version and serial number. ②...
Page 546: Tab. 11.1 Radius Authentication Message Type
Dasan-Gpon-Onu-Uni-Eth-Port-Medium Dasan-Gpon-Onu-Uni-Eth-Auto-Detect (k) Dasan-Gpon-Onu-Mac-Filter Dasan-Gpon-Onu-Mgmt-Mode-Ip-Path-Ftp (m) Dasan-Gpon-Onu-Mgmt-Mode-Ip-Path-Tftp (n) Dasan-Gpon-Onu-Mgmt-Mode-Ip-Path-Uri (a) User-Name (b) User-Password (c) Dasan-Gpon-Olt-Id (d) Dasan-Gpon-Onu-Id (e) Dasan-Gpon-Onu-Model-Name (f) Dasan-Gpon-Onu-Serial-Num (g) Dasan-Gpon-Onu-Firmware-Version (h) Dasan-Gpon-Onu-Profile CoA-Request (i) Dasan-Gpon-Onu-Static-Ip (server → OLT) (j) Dasan-Gpon-Onu-Voip-Sip-Number (k) Dasan-Gpon-Onu-Voip-Sip-Auth (l) Dasan-Gpon-Onu-Uni-Port-Admin (m) Dasan-Gpon-Onu-VoIP-Mgc-Msg-Id (n) Dasan-Gpon-Onu-VoIP-Mgc-Term-Id (o) Dasan-Gpon-Onu-Description (p) Dasan-Gpon-Onu-Uni-Eth-Port-Medium (Not support yet) (q) Dasan-Gpon-Onu-Uni-Eth-Auto-Detect (Not support yet)
Page 547: Cfm Oam For Onu Management
Sends the ONU’s serial number-based or its model onu auth radius-password name-based password on the authentication message {serial-number | model-name} to RADIUS server. no onu auth radius-server host Deletes the configured RADIUS server address. A.B.C.D To display the information of RADIUS server for ONU authentication, use the following command.
Page 548 An OAM entity that requires management. An MD is owned by a ME. It is a relation- ship between two Maintenance association end points (MEPs) within a single MA. Maintenance Domain (MD) • In Ethernet CFM, an MD is a management space for monitoring and administering of a network.
Page 549 operated by a single entity and defined by a set of ports internal to it, but at its boundary. To use CFM OAM, you should create MD. MD is defined by a given MD name and level that are configured by user. MD level determines the MEPs/MIPs that are interested in the contents of the CFM frame and through which the CFM frame is allowed to pass.
Page 550 ccm {enable | disable} MEP ID. ONU-ID: ONU ID (1 to128) or ONU serial number PORT: ONU’s UNI Ethernet port number or ANI mapper port number MEP_ID: MEP ID (1 to 8191) Configures a MEP on the ONU ID and assigns a onu cfm ONU_ID mep {uni eth PORT | remote MEP ID and primary VLAN ID.
Page 551: Displaying Onu Information
GPON show onu cfm ma [<1-65535>] Shows the information of MA. Global GPON show onu cfm md [DOMAIN] Shows the configured MD and level. show onu cfm mep [ONU_ID] Shows the status of MEP configured on an ONU. show onu cfm mep ccm-db ONU_ID {uni eth PORT | ani GPON-OLT Shows the information of a MEP in the CCM database.
Page 552 SWITCH(config-gpon-olt[1])# To display the link status of ONUs, use the following command. Command Mode Description show onu block status OLT-ID Shows the link status of ONUs GPON [ONU-ID] OLT-ID: GPON port number ONU-ID: ONU ID (1 to 127) or ONU serial show onu block status [ONU-ID] GPON-OLT number...
Page 553 To display a maximum size of the specified ONU, use the following command. Command Mode Description show onu max-frame OLT-IDs Enable/Global/GPON Shows a maximum size of the specified ONU. show onu max-frame [ONU-IDs] GPON-OLT To display a maximum multicast bandwidth of the specified ONU, use the following command. Command Mode Description...
Page 554: Onu Reset
Global ONU-ID GPON Shows the ONU’s RF video status. show onu video status ONU-ID GPON-OLT To display the configured description on ONU port, use the following command. Command Mode Description show onu description [ONU-ID] GPON-OLT Shows the configured description on ONU port. ONU statistics information is regularly updated every 15 minutes.
Page 555: Onu Static Tcont
static-gem ONU-ID: ONU ID (1 to128) or ONU serial number ONU-ID GEMPORT_LISTs All : All ONUs. GEM_INDEX GEMPORT_LISTs : GEM Port ID (128-4095) static-gem ONU-ID GEM_INDEX : Gem Index mapper GEMPORT_LISTs MAPPER_INDEX : Mapper Index MAPPER_INDEX GEM_INDEX Disables the configured Static Gem Port . static-gem ONU-ID ONU-ID: ONU ID (1 to128) or ONU serial number...
Page 556: Forward Error Correction (Fec) Mode
firmware. 11.2.7 Forward Error Correction (FEC) Mode To enable/disable FEC mode for ONU ID, use the following command. Command Mode Description onu us-fec-mode ONU-IDs Enables upstream FEC mode for ONU ID. enable GPON-OLT onu us-fec-mode ONU-IDs Disables upstream FEC mode for ONU ID. disable If you want to enable the upstream FEC mode for ONU, you should enable upstream FEC mode for OLT first.
Page 557: Voip Mgc Configuration
Configures an user ID and password for a specified VoIP device connected to an ONU to have access to softswitch. onu voip-sip ONU-ID auth pots ONU-ID: 1-128 or ONU serial number POTS-NUM NAME [PASSWD] POTS-NUM: POTS port number GPON-OLT NAME: user name used for authentication PASSWD: password used for authentication no onu voip-sip ONU-ID auth Deletes the configured authentication information for...
Page 558: Onu Port Configuration
To configure the termination ID on POTS interface of ONT, use the following command. Command Mode Description Specifies the termination ID on POTS interface of ONT. voip-mgc ONU-ID ONU-ID: ONU ID or serial number termination-id pots POTS_NUM POTS_NUM: POTS number TERMINATION_ID GPON-OLT TERMINATION_ID: termination ID...
Page 559: Onu Loop Detect Configuration
Command Mode Description Enable show onu uni-description OLT- Global GPON Shows the configured description on ONU UNI port. show onu uni-description [ONU- GPON-OLT 11.2.7.4 ANI RF Video Port Configuration To configure the ANI RF video port of ONU, use the following command. Command Mode Description...
Page 560: Onu Inactive Aging-Time
To display whether the specific ONU is in the state of “blocked” or “unblocked” due to the loop detect, use the following command. Command Mode Description Enable show onu loop-detect [OLT-ID] Global Shows whether the ONU is in the state of “blocked” or GPON “unblocked”.
Page 561: Onu System Account
onu password-type {hex | ascii} GPON Configures ONU password type. ONU System Account To add system-account information for ONUs, use the following command. Command Mode Description Creates the login account ID and password for ONU ID. system-account ONU-ID ONU-ID: ONU ID (1 to128) or ONU serial number GPON-OLT USER [PASSWD] USER: user name...
Page 562: Onu Profile
ONU Profile Fig. 11.3 ONU Profile The LW3008C provides the easy and efficient management solution for various service environments with the ONU profile. The ONU profile is a collection of configurations for the operation of an ONU (ONT). You can manage all ONUs connected to an OLT by simply applying the configured profile to ONUs without any local configuration.
Page 563: Configuring Onu Profile
To modify an existing ONU profile, use the following command. Command Mode Description Modifies an ONU profile. onu-profile NAME modify GPON NAME: ONU profile name To delete a created ONU profile, use the following command. Command Mode Description Deletes an ONU profile. no onu-profile NAME GPON NAME: ONU profile name...
Page 564 to a specified VID with tag. 1-4094: VLAN ID 0-7: CoS value Sets the policy of VLAN tagging for downstream frame. uni eth UNI-PORT vlan- keep: keeps forwarding the incoming tagged frame operation ds-oper {keep | from OLT to UNI. remove} remove: removes a tag from the incoming tagged packet and forwards it to UNI.
Page 565 And the polling count for rogue ONT attribute represents the number of consecutive polling, which results in abnormality, for declaring the optical transceiver as abnormal. To configure a polling interval and count for rogue ONT, use the following command. Command Mode Description Specifies a polling interval and count for rogue ONT.
Page 566 provides the function to configure the ONU’s loop detecting. The loop detecting mechanism is as follows: The ONU periodically sends the loop-detecting packet to all the ports with a certain interval, and then if the loop-detecting packet is received, the switch performs a pre-defined behavior. To enable/disable the loop detection, use the following command.
Page 567 no temperature { high-threshold Deletes a configured threshold of ONU temperature. | low-threshold } To set the threshold of ONU memory in use, use the following command. Command Mode Description Sets the threshold of ONU memory in the unit of memory-usage threshold <0-...
Page 568 VALUE [low VALUE] } monitors the change of values and sends txbias high/low alarm to OLT when the txbias exceeds the threshold or it is below the threshold. VALUE: tx-bias threshold value (0∼ 131 mA) Configures the voltage threshold and sends the configured threshold value to ONUs.
Page 569 1.3.2.12 MAC Full Policy By default, ONT will block new source MAC address frame when ONT MAC table is full. The protecting mechanism can be configurable by 'block or forwarding', thus you can configure the basic policy of ONT when MAC table is full. To block/forward new source MAC address frame when MAC table is full, use the following command.
Page 570 11.3.2.15 RX Optical Power Threshold The ONUs periodically monitor the RX optical power and send the alarm message to their OLT when the RX optical power exceeds the user-defined threshold. To set the transmit rate of an UNI port, use the following command. Command Mode Description...
Page 571 1.3.2.18 Uplink MAC Learning To enable/disable the MAC learning of ONT’s internal switch, use the following command. Command Mode Description switch-control uplink-mac- Enables the MAC learning of ONU’s uplink port. learning enable ONU-Profile switch-control uplink-mac- Disables the MAC learning of ONU’s uplink port. learning disable This feature is available for the H645B, H645, H645A only.
Page 572 ① ONT Provisioning Tool & JRE Installation: Install JRE (version 1.6) and provisioning tool (ONTProvisionTool.exe) to FTP server. Create a new XML configuration file and modify the ONT settings for ONT provisioning. The ONT configuration parameters can be changed or saved in XML. ②...
Page 573 HTTP-based and provides communication between the ONT and an ACS (Auto Configuration Server). TR-069 protocol simplifies ONT management by specifying the use of an ACS to perform remote, centralized management of ONTs. The LW3008C supports TR- 069 to provision and manage ONTs.
Page 574: Saving Profile
Saving Profile After configuring an ONU profile, you need to save the profile with the following command. Command Mode Description ONU- apply Saves an ONU profile configuration. Profile Even if you modify a running profile, you also need to use the apply command to apply the changes to ONUs (ONTs).
Page 575: Assigning Ip Host Of Snmp Agent
The following is an example of displaying the status of ONU profile configuration. SWITCH(config-gpon-olt[1])# show onu status ------------------------------------------------------------------------ OLT | ONU | ACTIVE | Fail Reason | Profile Name ------------------------------------------------------------------------ Active | Success | 420R Assigning IP Host of SNMP Agent To assign IP host of SNMP agent, use the following command.
Page 576: Dba Profile
Modifies the configured DBA profile. Configuring DBA Profile If the LW3008C bandwidth allocation method for ONU upstream transmission is dynamic (DBA), there are two methods of DBA are defined for GPON: status-reporting (SR) DBA, which is based on ONU reports via the dynamic bandwidth report upstream (DBRu) field, and non-status-reporting (NSR) DBA, which is based on OLT monitoring per T-CONT utilization.
Page 577: Saving Dba Profile
If there are a “non-assured” T-CONT and “best-effort” T-CONT, the “non-assured” T-CONT takes precedence over the other one to be allocated the remained bandwidth by OLT. To delete the configured bandwidth allocation policy of DBA profile, use the following command. Command Mode Description...
Page 578: Traffic Profile
ANI-side port-IDs. The mapper is equivalent to a MAC bridge with VLAN filters that only operate on the priority bits of the VLAN tags. The LW3008C is supported by all G.984.4 compliant vender system based on the 1:N, N:M, 1:MP, and N:MP model. Only a single 802.1p mapper is need for 1:N, N:M model deployments.
Page 579: Creating A Mapper
A mapper provides support for upstream flow routing based on 802.1p priority bits. The LW3008C supports the DSCP to IEEE802.1p mapping to allow the OLT to prioritize all traffic based on the incoming DSCP value according to the DiffServ to IEEE802.1p mapping table.
Page 580 management and UNI-side port for the downstream traffic management. The system creates both ANI-side and UNI-side MAC bridge port config data ME. To create a bridge ID and open a MAC Bridge Service Profile Configuration mode, use the following command. Command Mode Description...
Page 581 enable ME to a MAC bridge service profile ME. (default) Disables the connections between the multicast Traffic-Bridge multicast link-mac-bridge GEM port network CTP ME to the MAC bridge disable service profile. To enable/disable a connection between MAC bridge service profile and a mapper ID, use the following command.
Page 582 Sets the policy of VLAN tagging for upstream frame. vlan-operation us-oper keep keep: keeps forwarding the existing tagged/untagged frame Sets the policy of VLAN tagging for upstream frame. add: adds a specified VID (double tagging) with tag in case of tagged frame vlan-operation us-oper {add | overwrite: replaces an existing tagged/untagged frame to overwrite} <1-4094>...
Page 583: T-Cont Mode
Lowest Priority Fig. 11.5 Priority of T-CONT types The LW3008C provides the easy and efficient management solution using T-CONT concept with the Traffic profile. A GPON port is connected with multiple ONUs/ONTs via splitter. The GPON encapsulation mode (GEM) frames are transmitted between the OLT and the ONUs (ONTs). A GEM frame is identified by a GEM port ID.
Page 584: Ip Host Service Configuration
After opening T-CONT Configuration mode, the prompt changes from SWITCH(config-traffic- pf[NAME])# to SWITCH(config-traffic-pf[NAME]-tcont[TCONT-ID])#. To delete the T-CONT ID, use the following command. Command Mode Description no tcont TCONT_ID Traffic-Profile Deletes the configured T-CONT ID. To specify the GEM ports (priority queue) per T-CONT by mapping between T-CONT and GEM port, use the following command.
Page 585 1.3.2.20 IP Address To specify the IP address assignment on the host, use the following command. Command Mode Description Traffic- ip address {static | dhcp} Specifies the IP address assignment on the host. IP-host 1.3.2.21 To specify the DNS address assignment on the host, use the following command. Command Mode Description...
Page 586 VLAN tagging filtering for VLAN ID-based traffic forwarding. To enable/disable VLAN tagging filtering function on ANI interface, use the following command. Command Mode Description Enables a VLAN tagging filtering function of ANI-side port. allow: forwards the untagged frames to the ANI-side vlan-filter [vid <1-4094>]...
Page 587: Creating Pm Profile
1.3.2.26 VoIP Service Link To link the VoIP service to the host, use the following command. Command Mode Description Links the VoIP service to the host. link voip-service HOST_NUMBER SERVICE_ID: VoIP service ID (1 to 8) Traffic- IP-host link voip-service Disconnects the linked VoIP service.
Page 588: Collecting Onu Traffic Statistics
Collecting ONU Traffic Statistics To enable/disable the performance monitoring (PM) function to collect the traffic statistics of the configured GEM port, use the following command. Command Mode Description Enables the PM function to collect the GEM port-related pm gemport counters. PM-Profile Disables the PM function to collect the GEM port-related no pm gemport...
Page 589 Command Mode Description Enable show statistics OLT-ID Global Shows the information of ONU counters collected via [ONU-ID] GPON PM profile. (15 Min, Prev_15 Min, total) show onu statistics [ONU-ID] GPON-OLT Enable show onu statistics detail OLT- Global Shows the information of GEM port counters collected GPON via PM profile.
Page 590: Multicast Profile
Multicast Profile The multicast profile is used for ONU (ONT) to handle the multicast traffic using a IGMP- related commands. Multicast profile managed entity organizes data associated with multicast management at subscriber ports of 802.1 bridges, including 802.1p mappers when the provisioning model is mapper-based rather than bridge-based.
Page 591: Saving Multicast Profile
igmp querier max-response-time Specifies a maximum query response time. <1-25> 0-25: maximum response time (default: 10 seconds) Configures the Querier’s Robustness Variable (QRV) igmp robustness-variable <1-7> value on an interface. (default: 2) igmp access-list vid {untagged | Configures the dynamic/static access control list table. VLAN} dst-ip start A.B.C.D end It discards the IGMP join message from ONTs based on A.B.C.D [bw VALUE | src-ip...
Page 592: Applying Multicast Profile
Applying Multicast Profile If you want to apply a created multicast profile to a MAC bridge service profile, open Traffic Profile Configuration mode first, then you have to apply the multicast profile to MAC bridge service profile and its UNI-side port. SWITCH(config-mcast-profile[TEST])# apply SWITCH(config-mcast-profile[TEST])# exit SWITCH(gpon)# traffic-profile 1 create...
Page 593 To delete a created multicast access list, use the following command. Command Mode Description no multicast-access-list Deletes a created multicast access list. GPON {NAME | all} NAME: multicast access list name To modify an existing multicast access list, use the following command. Command Mode Description...
Page 594: Displaying Multicast Information
Whenever you modify a multicast ACL, you should apply the changes again using the apply command. If you do not, it will not be applied. To display the information of multicast access list, use the following command. Command Mode Description Enable show multicast-access-list Global...
Page 595: Rate-Limit Profile
Rate-limit Profile Basically the rate-limit configuration can be set in ‘Traffic Profile’. And the ‘Traffic Profile’ is assigned to ONT through 'ONU Profile'. When the service rate should be changed, you don’t need to modify all the 'Traffic Profiles' in the OLT. If an OLT has so many 'Traffic Profiles', you can create 'Rate-limit profile' and all Traffic Profiles can share this 'Rate-limit profile'.
Page 596: Saving Rate-Limit Profile
Saving Rate-limit Profile After configuring an Rate-limit profile, you need to save the profile with the following command. Command Mode Description apply Rate-limit Profile Saves an Rate-limit profile configuration. Whenever you modify an rate-limit profile, you should apply the changes again using the apply command.
Page 598: Onu Service Profile
ONU Service Profile The LW3008C provides numerous functions to customize a GPON network with many CLI commands and parameters. Each ONU profile can be designed with several profiles such as T-CONT, DBA and VoIP to meet the requirement of data bandwidth, VoIP access and the advanced security issues.
Page 599: Voip Service Configuration (Pots Uni)
1.3.2.27 TDM Service Link To link the TDM service to the host, use the following command. Command Mode Description Links the TDM service to the host. link tdm-service SERVICE_ID Traffic- SERVICE_ID: TDM service ID (1 to 4) IP-host no link tdm-service SERVICE_ID Disconnects the linked TDM service.
Page 600: Fig. 11.6 Voip Service Architecture
Fig. 11.6 VoIP Service Architecture supports the VoIP service management with two modes based on the managed models above. To configure VoIP service management mode, use the following command. Command Mode Description Sets VoIP service management mode. manage-method {omci | ip-path} omci: ONT Management and Control Interface ip-path: IP-path managed Traffic-VoIP...
Page 601 Whenever an ONU is deployed with the IP-path managed VoIP service, the OLT should assign the URL of a VoIP configuration file to communicate with the ONU VoIP client. The provides an authentication method for ONUs to have access to the VoIP configuration server. To configure IP-path managed VoIP mode, use the following command.
Page 602 Command Mode Description Specifies the impedance for the specified POTS UNI. 600: 600 Ohm (default) 900: 900 Ohm 750: C1=150 nF, R1=750 Ohm, R2=270 Ohm 820: C1=115 nF, R1=820 Ohm, R2=220 Ohm impedance {600 | 900 | 750 | 820 | 1050: C1=230 nF, R1=1050 Ohm, R2=320 Ohm Traffic 1050}...
Page 603: Tdm Service Configuration (Ces Uni)
use the following command. Command Mode Description Specifies port number that offers udp port PORT tos TOS UDP/TCP/TLSP/protocol-type service and the value of the TOS field of the IPv4 header. Traffic-VoIP PORT: port number TOS: type of service per IETF RFC 1349 or a protocol { udp | tcp | tlsp | TYPE} differentiated services code point (DSCP) defined by port PORT tos TOS...
Page 604 Command Mode Description Specifies the line coding scheme. (mandatory for DS1 and DS3 interfaces) encoding {b8zs | ami | hdb3 | Traffic-CES b8zs: B8ZS , ami: AMI b3zs} hdb3: HDB3 b3zs: B3ZS To specify the cable line length with power feed, use the following command. Command Mode Description...
Page 605 line-type {other | ds3-m23 | ds3- Specifies the line type used in a DS3 or E3 application. syntran | ds3-cbit-parity | ds3- Traffic-CES (mandatory for DS3 and E3 interfaces, not applicable to clear-channel | e3-framed | e3- other interfaces) plcp} In order to configure TDM service, you need to create an TDM service ID.
Page 606: Management Mode
Command Mode Description Specifies port number that offers udp port PORT tos TOS UDP/TCP/TLSP/protocol type service and the value of the TOS field of the IPv4 header. Traffic PORT: port number CES-PW-IP TOS: type of service per IETF RFC 1349 or a protocol {udp | tcp | tlsp | TYPE} differentiated services code point (DSCP) defined by port PORT tos TOS...
Page 607: Configuring Rate-Limit
To display the configured management mode of ONU, use the following command. Command Mode Description Enable show onu uni-mgmt OLT-ID Global ONU-ID Shows the management mode of ONU ID. GPON show onu uni-mgmt ONU-ID GPON-OLT Configuring Rate-limit To configure the rate limit profile, use the following command. Command Mode Description...
Page 608: Creating A Gem Port Network Ctp
frequency HERTZ Specifies the VRP tunner frequency to use. (unit: Hertz) Specifies the format to be used for the VRP service. mode1: SCTE 55-1 (256 kbit/s data rate, 62 byte PDUs, preceded by the unique word 0xCC CC CC 00) mode2-1m: SCTE 55-1 (1.544 Mbit/s data rate, 59 byte vrp { mode1 | mode2-256k | PDUs, preceded by the unique word 0xCC CC CC 0D)
Page 609: Saving Traffic Profile
bridge: MAC bridge ip-host: IP Host config video-return-path: video return path service SVC_ID: service ID Saving Traffic Profile To save the traffic profile after configuring a traffic profile, use the following command. Command Mode Description Traffic- apply Saves a traffic profile configuration. Profile Whenever you modify a traffic profile, you should apply the changes again using the apply command.
Page 610: Displaying Traffic Profile Information
Displaying Traffic Profile Information To display the information of traffic profiles, use the following command. Command Mode Description GPON Shows the currently applied configuration information GPON-OLT show traffic-profile [NAME] of traffic profile. Traffic- NAME: traffic profile name profile Current- Shows the information currently configured for the show current-profile Profile profile.
Page 611: Extended Vlan Tagging Operation Profile
Extended VLAN Tagging Operation Profile You can configure the ONU’s extended VLAN tagging operation. In order to configure the operation, you need to create an extended VLAN tagging operation profile. To create the profile, use the following command. Command Mode Description extended-vlan-tagging- Creates an extended VLAN tagging operation profile.
Page 612: Fig. 11.7 Received Frame Layout
an exception to the rule on ordered processing, these default rules are always considered as a last resort for frames that do not match any other applicable rule. Best practice dictates that these entries not be deleted; however, they can be modified to produce the desired default behaviour.
Page 613 To configure the filtering for single-tagged frames, use the following command. Command Mode Description Configures the received single-tagged frames to be filtered by the provided values concerning inner tag. vid any: do not filter on the inner VID. vid 0-4094: filters received frames on this value. cos any: do not filter on the inner priority.
Page 614 1.3.2.34 Configuration for Double-tagged Frame Treatment To create the mapping table to configure the double-tagged frame treatment, use the following command. Command Mode Description Creates the mapping table to configure the double- double-tagged-frame TABLE tagged frame treatment. GPON-ext- TABLE: table number vlan-oper no double-tagged-frame TABLE Deletes the specified table.
Page 615 To configure the treatment of filtered double-tagged frames, use the following command. Command Mode Description Configures the treatment of filtered double-tagged frames. treat {remove {single | double} | remove single: removes one tag (the outer tag is discard-frame} stripped from double-tagged frames.) remove double: removes all of outer and inner tags.
Page 616 To configure the filtering for untagged frames, use the following command. Command Mode Description filter ether-type {ipoe | pppoe | Configures the received untagged frames to be filtered Untagged- arp | ipv6-ipoe} by the provided option. Frame no filter ether-type Deletes the filtering configuration above.
Page 617: Tpid Configuration
TPID Configuration To configure the specific TPID value for operations on the input (filtering) side and output (tagging) side of the table, use the following command. Command Mode Description Configures the specific TPID value for operations on tpid { input VALUE | output the input (filtering) side and output (tagging) side of the GPON-ext- VALUE }...
Page 618: Displaying Extended Vlan Tagging Operation Profile
Displaying Extended VLAN Tagging Operation Profile To display a configured Extended VLAN tagging operation profile, use the following command. Command Mode Description Shows the configured extended vlan tagging operation show running-config extended- profile. vlan-tagging-operation [NAME] NAME: Extended VLAN tagging operation profile name To display the information of current profile, use the following command.
Page 619: Voip Profile
ONUs using the VoIP profile. The ONT must be applied by VoIP profile defined in LW3008C if the ONT has POTS terminations and if OLT is to be used to remotely manage and provide the VoIP service.
Page 620 To configure codec negotiation with codec type, packet period and silence suppression, use the following command. Command Mode Description Configures codec negotiation by specifying codec, codec-nego <1-4> codec {pcmu | packet period and silence suppression. gsm | g723 | dvi4-8k | dvi4-16k | 1-4: codec negotiation number lpc | pcma | g722 | l16-2ch | l16- pcmu ~ g729: codecs as defined by IETF RFC 3551...
Page 621 Specifies the maximum depth of the jitter buffer associated with this service. jitter-buffer-max VALUE VALUE: 0-65535, maximum depth of jitter buffer (unit: VoIP-Profile Deletes the configured maximum depth of the jitter no jitter-buffer-max buffer. To configure echo cancellation, use the following command. Command Mode Description...
Page 622 Command Mode Description rtp-piggyback-event {enable | Enables/disables RTP piggyback events. (default: VoIP-Profile disable} disable) To enable/disable handling of tones via RTP tone events, use the following command. Command Mode Description Enables/disables handling of tones via RTP tone rtp-tone-event {enable | disable} VoIP-Profile events per IETF RFC4733 and IETF RFC4734.
Page 623 11.3.4.5 Signaling Code To specify the POTS-side signaling, use the following command. Command Mode Description signaling-code {loop-start | ground-start | loop-reverse- VoIP-Profile Specifies the POTS-side signaling. battery | coin-first | dial-tone- first | multi-party} 11.3.4.6 Hook Flash Time Configuration To configure hook flash time, use the following command. Command Mode Description...
Page 624: Omci-Based Sip Configuration
ONU-ID: 1-128 or ONU serial number OMCI-based SIP Configuration If the ONUs are fully provisioned and managed from the LW3008C using OMCI, you can configure POTS interface, call features and SIP agents of these ONUs. You need to enter SIP mode to perform the SIP-related detail configuration such as VoIP application service, SIP agent, etc.
Page 625 Command Mode Description Specifies the primary/secondary SIP DNS IP address. dns primary A.B.C.D [secondary A.B.C.D: primary/secondary DNS server address (default: 0 (= no primary/secondary SIP DNS is A.B.C.D] VoIP-SIP defined)) no dns Deletes the configured address of SIP DNS server. To specify a register server, use the following command.
Page 626 Command Mode Description Specifies the host or domain part of the SIP address of host-part-server URI record for users connected to the ONT. VoIP-SIP URI: host part URI no host-part-server Deletes the configured host part URI. To enable/disable ONT to transmit SIP options, use the following command. Command Mode Description...
Page 627 INVITE responses td: wait time for response retransmissions The LW3008C supports SIP session timer which allows a periodic refreshing of SIP sessions using the register message to prevent the termination of SIP session. When using NAT with SIP service, NAT terminates the SIP session in case there is no SIP message transmission for a certain time period.
Page 628 1.3.4.10 VoIP Application Service The configuration of VoIP application service defines the attributes of calling features used in conjunction with a VoIP line service, such as CID, call waiting, call transfer, call presentation, direct connect, and etc. To configure the CID features, use the following command. Command Mode Description...
Page 629 To configure the call presentation features, use the following command. Command Mode Description Enables each feature for call presentation. (default: disabled) call-present {splash-ring | dial- splash-ring: message waiting indication splash ring tone | visual-indicate | call- dial-tone: message waiting indication special dial tone VoIP-SIP forward} visual-indicate: message waiting indication visual...
Page 630 1.3.4.11 VoIP Feature Access Codes The configuration of VoIP feature access codes defines administrable feature access codes for the VoIP subscriber. To configure VoIP feature access codes, use the following command. Command Mode Description feature cancel-call-wait VALUE feature call-hold VALUE feature call-park VALUE feature caller-id-act VALUE Specifies the access code for each feature.
Page 631 To specify the voicemail subscription expiration time, use the following command. Command Mode Description Defines the voicemail subscription expiration time. If voicemail-subscript-expire-time VoIP-SIP this value is 0, the SIP agent uses an implementation- VALUE specific value. (unit: second, default: 3600) To configure a release timer, use the following command.
Page 632: Omci-Based Mgc Configuration
VoIP systems that typically interoperate with the public switched telephone network (PSTN). If the ONUs are fully provisioned and managed from the LW3008C using OMCI, you can configure the MGC-related settings of these ONUs. The MGC entity defines the media gateway controller configuration associated with an MG subscriber.
Page 633 To configure the version of MGCP to be used, use the following command. Command Mode Description mgc version VALUE VoIP-MGC Configures the version of MGCP. To define the message format, use the following command. Command Mode Description mgc msg-format {text-long | VoIP-MGC Configures the message format.
Page 634: Saving Voip Profile
Saving VoIP Profile After configuring a VoIP profile, you need to save the profile with the following command. Command Mode Description apply VoIP-Profile Saves a VoIP profile configuration. Whenever you modify a VoIP profile, you should apply the changes again using the apply command.
Page 635 To associate the extended VLAN tagging operation profile to the specified ONU ID and overwrite the inner tag treatment, use the following command. Command Mode Description Associates the extended VLAN tagging operation profile to ONU ID and configures the inner tag treatment for filtered double-tagged frames.
Page 636: Tdm Pseudowire Profile
TDM Pseudowire Profile Pseudowire emulation is a method for transmitting any Layer 2 protocol over PSNs (Packet Switched Networks). It allows a seamless connection between two network elements by creating logical links, or virtual tunnels, across the packet network. In TDM pseudowires, the transmitted E1, T1, E3, or T3 streams are encapsulated in packets upon entering the network and then reconstructed at the pseudowire egress, where clocking information is also regenerated.
Page 637: Signalling
unstructured, structure agnostic. Applicable only to DS1, a mode in which each frame of 193 bits is encapsulated in 25 bytes with 7 padding bits structured: Structured (structure-locked) Signalling To configure the signalling, use the following command. Command Mode Description Specifies the signalling attribute.
Page 638: Timing Mode
4: 4 ms (that corresponds to 32 frames), no signalling, N = 2~4 3: 3 ms (that corresponds to 24 frames), with DS1 CAS 2: 2 ms (that corresponds to 16 frames), with E1 CAS 1: 1 ms (that corresponds to 8 frames), no signalling, N >...
Page 639 unknown: Unknown or not applicable (default) absolute: Absolute. Timestamps are based on the timing of the incoming TDM signal differential: Differential. Timestamps are based on the ONT's reference clock, which is understood to be stratum-traceable along with the reference clock at the far end RTP Payload Type To configure the RTP payload type, use the following command.
Page 640: Pseudowire Maintenance Configuration
Pseudowire Maintenance Configuration If you need the configuration for pseudowire service exception handling, you should connect a pseudowire maintenance profile to the current profile. To connect the pseudowire maintenance profile to the current profile, use the following command. Command Mode Description Connects a pseudowire maintenance profile to the pw-maintenance-profile NAME...
Page 641: Pseudowire Maintenance Profile
Pseudowire Maintenance Profile The pseudowire maintenance profile permits the configuration of pseudowire service exception handling. The pseudowire maintenance profile primarily affects the alarms declared by the subscribing pseudowire termination. And also, the settings of a pseudowire maintenance profile affect the pseudowire performance monitoring history. Creating Pseudowire Maintenance Profile To create a pseudowire maintenance profile, use the following command.
Page 642: Jitter Buffer Desireed Depth
Jitter Buffer Desireed Depth To specify the desired nominal fill depth of the playout buffer in the PSN to TDM direction, use the following command. Command Mode Description Specifies the desired nominal fill depth of the playout jitter-buffer-desired-depth buffer in the PSN to TDM direction. VALUE: expressed as a multiple of the 125 μs frame VALUE Maintenance-...
Page 643: L-Bit/R-Bit Receive/Transmit Policy
Command Mode Description 1-100: anomaly rate (unit: integer percentage) buffer-over-underrun-clear- Defines anomaly rate that causes policy <0-99> corresponding alarm to be cleared. If no more than this density of anomalies occurs during the alarm clear loss-packet-clear-policy <0-99> soak interval, the alarm is cleared. malformed-packet-clear-policy buffer-over-underrun: buffer overrun/underrun <0-99>...
Page 644: Ses Threshold
Command Mode Description no r-bit-transmit-set-policy Deletes the configured R-bit transmit set policy. To configure the R-bit receive policy, use the following command. Command Mode Description Defines the action toward the N x 64 TDM interface when remote failure is indicated on packets received from the PSN (R-bit set = 0b10 while the L-bit is r-bit-receive-policy {none | play- cleared).
Page 645: Pm Profile
Enable Global Shows the information of pseudowire maintenance show pw-maintenance- GPON profiles. profile [NAME] PW-Maintenance- NAME: pseudowire maintenance profile name Profile 11.4 PM Profile Performance Monitoring (PM) profile is used for the traffic statistics of all ONUs (ONTs) collected by an OLT. The ONT conceptually has only two storage bins: a current accumulator and a history bin.
Page 646: Collecting Onu Traffic Statistics
11.4.2 Collecting ONU Traffic Statistics To enable/disable the performance monitoring (PM) function to collect the traffic statistics of the configured GEM port, use the following command. Command Mode Description Enables the PM function to collect the GEM port-related pm gemport counters.
Page 647: Multicast Profile
[ONU-ID] Global PM profile. (15 Min, Prev_15 Min, total) GPON show onu statistics [ONU-ID] GPON-OLT Enable show onu statistics detail OLT- Global Shows the information of GEM port counters collected GPON via PM profile. (15 Min, Prev_15 Min, total) show onu statistics detail [ONU- GPON-OLT Enable show onu statistics {current |...
Page 648: Creating Multicast Profile
entity are created and deleted by the OLT. It is the responsibility of the OLT to manage the members of a multicast group and control the multicast connection in ONTs Creating Multicast Profile To create a multicast profile, use the following command. Command Mode Description...
Page 649: Saving Multicast Profile
VLAN} dst-ip start A.B.C.D end It discards the IGMP join message from ONTs based on A.B.C.D [bw VALUE | src-ip the access list. A.B.C.D | gem PORT | cos <0-7>] VLAN: 1 to 4095, VLAN ID for specific tagged downstream flow dst-ip: destination IP address igmp static-access-list vid A.B.C.D: start/end IP address of the multicast group...
Page 650: Multicast Access List
service profile and its UNI-side port. SWITCH(config-mcast-profile[TEST])# apply SWITCH(config-mcast-profile[TEST])# exit SWITCH(gpon)# traffic-profile 1 create SWITCH(config-traffic-pf[1])# bridge 1 SWITCH(config-traffic-pf[1]-bridge[1])# uni eth 1 SWITCH(config-traffic-pf[1]-bridge[1]-uni[eth:1])# multicast-profile TEST To apply the configured multicast profile to a specified UNI-side port of a traffic profile, use the following command.
Page 651 To modify an existing multicast access list, use the following command. Command Mode Description multicast-access-list Modifies the existing multicast access list. GPON NAME modify NAME: multicast access list name To configure the multicast access list, use the following command. Command Mode Description igmp access-list vid {untagged |...
Page 652: Displaying Multicast Information
To display the information of multicast access list, use the following command. Command Mode Description Enable show multicast-access-list Global Shows the information of multicast access lists. [NAME] GPON NAME: Multicast access list name Multicast-ACL To display the information of IGMP access control list per ONU, use the following command. Command Mode Description...
Page 653: Rate-Limit Profile
Rate-limit Profile Basically the rate-limit configuration can be set in ‘Traffic Profile’. And the ‘Traffic Profile’ is assigned to ONT through 'ONU Profile'. When the service rate should be changed, you don’t need to modify all the 'Traffic Profiles' in the OLT. If an OLT has so many 'Traffic Profiles', you can create 'Rate-limit profile' and all Traffic Profiles can share this 'Rate-limit profile'.
Page 654: Saving Rate-Limit Profile
Saving Rate-limit Profile After configuring an Rate-limit profile, you need to save the profile with the following command. Command Mode Description apply Rate-limit Profile Saves an Rate-limit profile configuration. Whenever you modify an rate-limit profile, you should apply the changes again using the apply command.
Page 656: Onu Service Profile
ONU Service Profile The LW3008C provides numerous functions to customize a GPON network with many CLI commands and parameters. Each ONU profile can be designed with several profiles such as T-CONT, DBA and VoIP to meet the requirement of data bandwidth, VoIP access and the advanced security issues.
Page 657: Gpon Debug
11.6 GPON Debug To enable debugging of all GPON or a specific feature of GPON, use the following command. Command Mode Description Enables GPON debugging. all: all GPON features func: GPON function db: GPON database debug gpon {all | func | db | comm.: GPON communication comm | ugrd | profile | queue | ugrd: GPON auto-upgrade...
Page 658: Sample Configuration
11.7 Sample Configuration Configuration Example 1 SWITCH(config)# gpon SWITCH(gpon)# voip-profile voip create SWITCH(config-voip-profile[voip])# codec-nego 1 codec pcma packet-period 10 silence-suppression 1 SWITCH(config-voip-profile[voip])# codec-nego 2 codec pcmu packet-period 10 silence-suppression 1 SWITCH(config-voip-profile[voip])# codec-nego 3 codec g729 packet-period 10 silence-suppression 1 SWITCH(config-voip-profile[voip])# codec-nego 4 codec g723 packet-period 10 silence-suppression 1 SWITCH(config-voip-profile[voip])# pstn-protocol-variant 616 SWITCH(config-voip-profile[voip])# protocol sip...
Page 659 SWITCH(gpon)# traffic-profile g-60a create SWITCH(config-traffic-pf[g-60a])# tcont 1 SWITCH(config-traffic-pf[g-60a]-tcont[1])# gemport 1/1-1/4 SWITCH(config-traffic-pf[g-60a]-tcont[1])# dba-profile sr_100m SWITCH(config-traffic-pf[g-60a]-tcont[1])# exit SWITCH(config-traffic-pf[g-60a])# tcont 2 SWITCH(config-traffic-pf[g-60a]-tcont[2])# gemport 2/1-2/4 SWITCH(config-traffic-pf[g-60a]-tcont[2])# dba-profile sr_100m SWITCH(config-traffic-pf[g-60a]-tcont[2])# exit SWITCH(config-traffic-pf[g-60a])# tcont 3 SWITCH(config-traffic-pf[g-60a]-tcont[3])# gemport 4/1-4/4 SWITCH(config-traffic-pf[g-60a]-tcont[3])# dba-profile sr_100m SWITCH(config-traffic-pf[g-60a]-tcont[3])# exit SWITCH(config-traffic-pf[g-60a])# mapper 1 SWITCH(config-traffic-pf[g-60a]-mapper[1])# gemport count 4 SWITCH(config-traffic-pf[g-60a]-mapper[1])# exit SWITCH(config-traffic-pf[g-60a])# mapper 2...
Page 660 SWITCH(config-traffic-pf[g-60a])# ip-host-config 1 SWITCH(config-traffic-pf[g-60a]-iphost[1])# ip address dhcp SWITCH(config-traffic-pf[g-60a]-iphost[1])# vlan-operation us-oper overwrite 100 0 SWITCH(config-traffic-pf[g-60a]-iphost[1])# vlan-operation ds-oper remove SWITCH(config-traffic-pf[g-60a]-iphost[1])# link voip-service 1 SWITCH(config-traffic-pf[g-60a]-iphost[1])# exit SWITCH(config-traffic-pf[g-60a])# ip-host-config 2 SWITCH(config-traffic-pf[g-60a]-iphost[2])# ip address static SWITCH(config-traffic-pf[g-60a]-iphost[2])# dns primary 168.123.0.1 secondary 168.123.0.2 SWITCH(config-traffic-pf[g-60a]-iphost[2])# vlan-operation us-oper overwrite 200 0 SWITCH(config-traffic-pf[g-60a]-iphost[2])# vlan-operation ds-oper remove SWITCH(config-traffic-pf[g-60a]-iphost[2])# link tdm-service 1...
Page 661 SWTICH(config-pm-profile[PM_PROFILE])# apply SWTICH(config-pm-profile[PM_PROFILE])# exit SWITCH(gpon)# onu-profile ONU_PROFILE create SWITCH(config-onu-profile[ONU_PROFILE])# traffic-profile TRAFFIC_PROFILE SWITCH(config-onu-profile[ONU_PROFILE])# pm-profile PM_PROFILE SWITCH(config-onu-profile[ONU_PROFILE])# apply SWITCH(config-onu-profile[ONU_PROFILE])# exit SWITCH(gpon)# SWITCH(gpon)# gpon-olt 2 SWITCH(config-gpon-olt[2])# show onu statistics ------------------------------------------------------------------------------ OLT : 2 ONU : 1 ------------------------------------------------------------------------------ Enabled PM : gemport aniport Elapsed time after clear : 0d 1h 32m 33s Elapsed time after update : 0d 0h 5m 3s ------------------------------------------------------------------------------ GEM port PM counter | 15Min | Prev-15Min | Total...
Page 662: 12 System Software Upgrade
12 System Software Upgrade For the system enhancement and stability, new system software may be released. Using this software, the LW3008C can be upgraded without any hardware change. You can simply upgrade your system software with the provided upgrade functionality via the CLI.
Page 663: Boot Mode Upgrade
To open the boot mode, press <S> key when the boot logo is shown up. Step 1 ************************************************************ Boot Loader Version x.xx FURUKAWA ELECTRIC ************************************************************ Press 's' key to go to Boot Mode: 0 Boot> To enable the MGMT interface to communicate with TFTP server, you need to configure a Step 2 proper IP address, subnet mask and gateway on the interface.
Page 664 To configure an IP address, use the following command. Command Mode Description ip A.B.C.D Configures an IP address. Boot Shows a currently configured IP address. To configure a subnet mask, use the following command. Command Mode Description netmask A.B.C.D Configures a subnet mask. (e.g. 255.255.255.0) Boot netmask Shows a currently configured subnet mask.
Page 665 The following is an example of upgrading the system software stored in os1 in the boot mode. Boot> load os1 10.27.41.82 LW3008C 1.05.x TFTP from server 10.27.41.82; our IP address is 10.27.41.83 Filename 'LW3008C.1.05.x'.
Page 666: Ftp Upgrade
To upgrade the system software using FTP, perform the following step-by-step instruction: Step 1 Connect to the LW3008C with your FTP client software. To login the system, you can use the system user ID and password. Note that you must use the command line-based interface FTP client software when upgrading the LW3008C.
Page 667: Onu Upgrade
Mode Description Exits the FTP client. The following is an example of upgrading the system software of the LW3008C using the FTP provided by Microsoft Windows XP in the remote place. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.
Page 668: Manual Upgrade
premise. To upgrade an ONU successfully, you need to download a new ONU firmware in the system. 12.4.1 Manual Upgrade To upgrade the ONU, perform the following step-by-step instruction: Step 1 Download ONU firmware using the following command. Command Mode Description copy {ftp | tftp} onu download Downloads ONU firmware via FTP or TFTP.
Page 669: Auto Upgrade
Enables/disables ONU auto upgrade function. disable} When ONU auto upgrade function is enabled, the LW3008C compares the downloaded ONU firmware in the system with the firmware currently loaded in the connected ONUs. If the version of the firmware from ONU side is lower than that of the firmware from the OLT side, then the firmware upgrade will automatically start.
Page 670: Upgrade Time-Out Configuration
Command Mode Description onu auto-upgrade version- Enables/disables the ONU auto upgrade function match all {enable | disable} without verification of the firmware version. GPON-OLT onu auto-upgrade invalid- Enables/disables the ONU auto upgrade function version-match all {enable | without verification of the firmware version format. disable} Reflect the upgraded ONU firmware by restarting ONUs using the following command.
Page 671: Upgrade Maximum Count Configuration
Command Mode Description Enable Shows the number of upgrade and the configured total show onu upgrade config Global time for ONU firmware download. GPON 12.4.4 Upgrade Maximum Count Configuration It is possible to set the upgrade maximum count for ONU firmware update. If ONU firmware has not been lownloaded from server during the specified time, it is regarded as a upgrade failure.
Page 672: 13 Abbreviations
13 Abbreviations Access Control List Address Resolution Protocol Any Source Multicast Border Gateway Protocol Bootstrap Router Communauté Européenne CIDR Classless Inter Domain Routing Command Line Interface CLNS Connectionless Network Service Class of Service CSNP Complete Sequence Number PDU Destination Address Dynamic Bandwidth Allocation DHCP Dynamic Host Configuration Protocol...
Page 673 International Electrotechnical Commission IEEE 802 Standards for Local and Metropolitan Area Networks IEEE 802.1 Glossary, Network Management, MAC Bridges, and Internetworking IEEE Institute of Electrical and Electronic Engineers IETF Internet Engineering Task Force IFSM Interface Finite State Machine IGMPv1 Internet Group Management Protocol Version 1 IGMPv2 Internet Group Management Protocol Version 2 IGMPv3...
Page 674 Network Element Network Entity Title NFSM Neighbor Finite State Machine Network Time Protocol Outgoing Interface Optical Line Termination Optical Network Terminal Operating System OSPF Open Shortest Path First Personal Computer Protocol Data Unit PIM-DM Protocol Independent - Multicast Dense Mode PIM-SM Protocol Independent - Multicast Sparse Mode PIM-SSM...
Page 675 Shortest Path Tree Secure Shell Source-Specific Multicast Spanning Tree Protocol Software Topology Change Notification Transmission Control Protocol Tree Information Base TFTP Trivial FTP Type of Service Time-To-Live User Datagram Protocol User Manual VLAN ID Virtual Interface VLAN Virtual Local Area Network Video on Demand Virtual Private Network xDSL...
Page 676: Issue History
Issue History Revision Date Update 04/2019 Initial release 06/2019 Routing Protocols (firmware version: 2.02 #1008)

Furukawa LW3008C User Manual

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Furukawa LW3008C