Page 2 Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC.
Page 3 Management Guide TigerAccess™ EE Warranty and Product Registration To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http://www.smc.com SMC7824M/VSW...
Page 4 Management Guide TigerAccess™ EE Reason for Update Summary: Initial release Details: Chapter/Section Reason for Update Initial release Issue History Issue Date of Issue Reason for Update Number 05/2009 Initial release (nos 5.01 #3001) SMC7824M/VSW...
Page 5: Table Of Contents
Management Guide TigerAccess™ EE Contents 1 Introduction ..................19 Audience....................19 Document Structure................19 Document Convention ................20 Document Notation................20 Virus Protection ..................21 CE Declaration of Conformity ............... 21 2 System Overview ................22 System Features .................. 23 3 Command Line Interface (CLI) ............25 Configuration Mode ................
Page 6 Management Guide TigerAccess™ EE 4.1.10.2 Auto System Rebooting .................46 System Authentication ................47 4.2.1 Authentication Method ................47 4.2.2 Authentication Interface ................47 4.2.3 Primary Authentication Method ..............47 4.2.4 RADIUS Server...................48 4.2.4.1 RADIUS Server for System Authentication ............48 4.2.4.2 RADIUS Server Priority..................48 4.2.4.3 Timeout of Authentication Request ..............48 4.2.4.4...
Page 7 Management Guide TigerAccess™ EE 4.5.4 Restoring Default Value ................64 4.5.5 Displaying 802.1x Configuration ..............64 4.5.6 802.1x User Authentication Statistics............64 4.5.7 Sample Configuration................. 65 5 Port Configuration ................67 Port Basic ..................... 67 Ethernet Port Configuration ..............67 5.2.1 Enabling Ethernet Port ................
Page 8 Management Guide TigerAccess™ EE 5.3.5.10 Displaying CPE Status .................108 Port Mirroring ..................110 6 System Environment ..............112 Environment Configuration ..............112 6.1.1 Host Name ....................112 6.1.2 Time and Date...................112 6.1.3 Time Zone ....................113 6.1.4 Network Time Protocol (NTP) ..............113 6.1.5 Simple Network Time Protocol (SNTP).............114 6.1.6...
Page 9 Management Guide TigerAccess™ EE 7.1.2 Information of SNMP Agent..............136 7.1.3 SNMP Com2sec..................137 7.1.4 SNMP Group .................... 137 7.1.5 SNMP View Record.................. 138 7.1.6 Permission to Access SNMP View Record ..........138 7.1.7 SNMP Version 3 User ................139 7.1.8 SNMP Trap....................
Page 10 Management Guide TigerAccess™ EE 7.4.2.4 Upper Bound of Threshold ................159 7.4.2.5 Lower Bound of Threshold ................159 7.4.2.6 Standard of the First Alarm................160 7.4.2.7 Interval of Sample Inquiry ................160 7.4.2.8 Activating RMON Alarm ................160 7.4.2.9 Deleting Configuration of RMON Alarm............161 7.4.3 RMON Event .....................161 7.4.3.1 Event Community..................161...
Page 11 Management Guide TigerAccess™ EE 7.6.7.2 Admin Policy Priority..................196 7.6.7.3 Admin Policy Action ..................196 7.6.7.4 Applying and Modifying Admin Policy ............197 7.6.8 Displaying Admin Rule ................197 7.6.9 Scheduling Algorithm ................198 7.6.9.1 Scheduling Mode ..................200 7.6.9.2 Weight......................
Page 12 Management Guide TigerAccess™ EE 7.16.1 sFlow Service....................230 7.16.2 Agent IP Address ..................230 7.16.3 Enabling sFlow on Port ................231 7.16.4 Maximum IP Header Size .................231 7.16.5 Counter Interval ..................231 7.16.6 Sample Rate .....................231 7.16.7 Configuring Receiver ................232 7.16.7.1 Receiver ID mode ..................232 7.16.7.2 Collect IP address and port ................232 7.16.7.3 Maximum Datagram Size ................232 7.16.7.4 Owner Name of sFlow Receiver..............232...
Page 13 Management Guide TigerAccess™ EE Spanning-Tree Protocol (STP)............257 8.3.1 STP Operation ..................258 8.3.2 RSTP Operation ..................262 8.3.2.1 Port States ....................262 8.3.2.2 BPDU Policy ....................263 8.3.2.3 Rapid Network Convergence ............... 263 8.3.2.4 Compatibility with 802.1d ................266 8.3.3 MSTP Operation ..................
Page 14 Management Guide TigerAccess™ EE 8.4.4.5 ERP Ring Priority ..................295 8.4.4.6 Displaying ERP Domian ................295 8.4.5 Selecting the Node..................296 8.4.6 Protected Activation ..................296 8.4.7 Manual Switch to Secondary ..............296 8.4.8 Wait-to-Restore Time ................297 8.4.9 Learning Disable Time ................297 8.4.10 Test Packet Interval...................298 8.4.11 LOTP Hold Off Time..................298 8.4.12 ERP Trap....................299 8.4.13 Displaying ERP Configuration..............299...
Page 15 Management Guide TigerAccess™ EE 8.6.5.4 Displaying DHCP option ................319 8.6.6 DHCP Option 82 ..................320 8.6.6.1 Enabling DHCP Option 82 ................321 8.6.6.2 Option 82 Sub-Option .................. 321 8.6.6.3 Option 82 Reforwarding Policy ..............322 8.6.6.4 Option 82 Trust Policy.................. 323 8.6.7 DHCP Snooping ..................
Page 16 Management Guide TigerAccess™ EE 8.11 Jumbo Frame Capacity............... 346 8.12 Bandwidth ................... 347 8.13 Maximum Transmission Unit (MTU)............ 347 9 IP Multicast ..................348 Multicast Group Membership .............. 349 9.1.1 IGMP Basic ....................349 9.1.1.1 Clearing IGMP Entry ..................350 9.1.1.2 IGMP Debug ....................350 9.1.2 IGMP Version 2 ..................351 9.1.2.1...
Page 17 Management Guide TigerAccess™ EE Illustrations Fig. 2.1 The front view of switch................. 22 Fig. 3.1 Overview of Configuration Mode ..............31 Fig. 4.1 Process of 802.1x Authentication..............58 Fig. 4.2 Multiple Authentication Servers ..............59 Fig. 5.1 Transmission in DSL System ................ 75 Fig.
Page 18 Management Guide TigerAccess™ EE Fig. 8.21 Compatibility with 802.1d (1)................266 Fig. 8.22 Compatibility with 802.1d (2)................266 Fig. 8.23 CST and IST of MSTP (1) ................267 Fig. 8.24 CST and IST of MSTP (2) ................268 Fig. 8.25 Example of PVSTP..................277 Fig. 8.26 Root Guard....................280 Fig.
Page 19 Management Guide TigerAccess™ EE Tables Tab. 1.1 Overview of Chapters..................19 Tab. 1.2 Command Notation of Guide Book..............20 Tab. 3.1 Main Command of Privileged EXEC View Mode .......... 26 Tab. 3.2 Main Command of Privileged EXEC Enable Mode ........26 Tab.
Page 20: Introduction
Management Guide TigerAccess™ EE 1 Introduction Audience This manual is intended for Ethernet/IP DSLAM operators and maintenance personnel for providers of Digital Subscriber Line(DSL) and Ethernet services. This manual assumes that you are familiar with the following: • Ethernet networking technology and standards •...
Page 21: Document Convention
Management Guide TigerAccess™ EE Document Convention This guide uses the following conventions to convey instructions and information. Information This information symbol provides useful information when using commands to configure and means reader take note. Notes contain helpful suggestions or references. Warning This warning symbol means danger.
Page 22: Virus Protection
Management Guide TigerAccess™ EE Virus Protection To prevent a virus infection you may not use any software other than that which is re- leased for the Operating System (OS based on Basis Access Integrator), Local Craft Terminal (LCT) and transmission system. Even when exchanging data via network or external data media(e.g.
Page 23: System Overview
Management Guide TigerAccess™ EE 2 System Overview The switch, which is IP VDSL, uses VDSL (Very high-data rate Digital Subscriber Line) technologies so that users can be served voice communication and data communication at the same time through existing telephone line. Since VDSL technology takes the tele- phone line, you do not need to install LAN line newly.
Page 24: System Features
Management Guide TigerAccess™ EE System Features The following introduces the main features of the VDSL2 system which provides Layer 2 switching, Ethernet switching and related functions. Virtual Local Area Network (VLAN) Virtual local area network (VLAN) is made by dividing one network into several logical networks.
Page 25 Management Guide TigerAccess™ EE VLAN in the network, traditional STP works. However in more than one VLAN network, STP cannot work per VLAN. To avoid this problem, the switch supports multiple spanning tree protocol (MSTP) IEEE 802.1s. Trunking & Link Aggregation Control Protocol (LACP) The switch aggregates several physical interfaces into one logical port (aggregate port).
Page 26: Command Line Interface (Cli)
Management Guide TigerAccess™ EE 3 Command Line Interface (CLI) The switch enables system administrators to manage the switch by providing the com- mand line interface (CLI). This user-friendly CLI provides you with a more convenient management environment. To manage the system with the CLI, a management network environment is required. The switch can connect to the management network either directly (outband) or through the access network (inband).
Page 27: Privileged Exec View Mode
Management Guide TigerAccess™ EE 3.1.1 Privileged EXEC View Mode When you log in to the switch, the CLI will start with Privileged EXEC View mode which is a read-only mode. In this mode, you can see a system configuration and information with several commands.
Page 28: Global Configuration Mode
Management Guide TigerAccess™ EE 3.1.3 Global Configuration Mode In Global Configuration mode, you can configure general functions of the system. You can also open another configuration mode from this mode. To open Global Configuration mode, enter the configure terminal command, and then the system prompt will be changed from SWITCH# to SWITCH(config)#.
Page 29: Dhcp Pool Configuration Mode
Management Guide TigerAccess™ EE Tab. 3.4 shows main commands of Bridge Configuration mode. Command Description lacp Configures LACP. Configures a MAC table. mirror Configures a port mirroring. Configures EFM OAM. port Configures Ethernet port. spanning-tree Configures Spanning Tree Protocol (STP). trunk Configures a trunk port.
Page 30: Dhcp Option 82 Configuration Mode
Management Guide TigerAccess™ EE To open DHCP Option Configuration mode, use the command. Then the system prompt will be changed from SWITCH(config)# to SWITCH(dhcp-opt[NAME])#. Command Mode Description Opens DHCP Option Configuration mode to configure ip dhcp option format NAME Global DHCP options.
Page 31: Rule Configuration Mode
Management Guide TigerAccess™ EE Tab. 3.8 shows main commands of Interface Configuration mode. Command Description description Specifies a description. ip address Assigns IP address. shutdown Deactivates an interface. Sets MTU value. Tab. 3.8 Main Command of Interface Configuration Mode 3.1.9 Rule Configuration Mode The switch modifies previous Rule Configuration mode to Flow, Policer and Policy Con- figuration modes.
Page 32: Configuration Mode Overview
Management Guide TigerAccess™ EE Tab. 3.10 shows main commands of RMON Configuration mode. Command Description active Activates RMON. Shows the subject which configures each RMON and uses relevant owner information. Tab. 3.10 Main Command of RMON Configuration Mode Configuration Mode Overview Fig.
Page 33: Useful Tips
Management Guide TigerAccess™ EE Useful Tips This section describes useful tips for operating the switch with a CLI. Listing Available Command • Calling Command History • Using Abbreviation • Using Command of Privileged EXEC Enable Mode • Exit Current Command Mode •...
Page 34 Management Guide TigerAccess™ EE The following is an example of displaying the list of available commands of Privileged EXEC Enable mode. SWITCH# show list clear arp clear arp IFNAME clear cpe stat-error (PORTS|) clear ip arp inspection statistics (vlan VLAN_NAME|) clear ip dhcp authorized-arp invalid clear ip dhcp leasedb A.B.C.D/M clear ip dhcp leasedb all...
Page 35: Calling Command History
Management Guide TigerAccess™ EE The switch also provides the simple instruction of calling the help string with the help command. You can see the instruction using the command regardless of the configuration mode. To display the instruction of calling the help string for using CLI, use the following com- mand.
Page 36: Using Abbreviation
Management Guide TigerAccess™ EE 3.3.3 Using Abbreviation Several commands can be used in the abbreviated form. The following table shows some examples of abbreviated commands. Command Abbreviation clock exit show configure terminal con te Tab. 3.11 Command Abbreviation 3.3.4 Using Command of Privileged EXEC Enable Mode You can execute the commands of Privileged EXEC Enable mode as show, ping, telnet, traceroute, and so on regardless of which mode you are located on.
Page 37: System Connection And Ip Address
Management Guide TigerAccess™ EE 4 System Connection and IP Address System Connection After installing the system, the switch is supposed to examine that each port is rightly connected to network and management PC. You can connect to the system to configure and manage the switch.
Page 38: Password For Privileged Exec Enable Mode
Management Guide TigerAccess™ EE Step 2 When you enter a login ID at the login prompt, the password prompt will be displayed, and then enter the proper password to log in the system. By default setting, the login ID is configured as admin with no password.
Page 39: Changing Login Password
Management Guide TigerAccess™ EE Password: SWITCH# To delete the configured password, use the following command. Command Mode Description no passwd enable Global Deletes the password. The created password can be displayed with the show running-config command. To en- crypt the password not to be displayed, use the following command. Command Mode Description...
Page 40: Login Password Recovery Process
Check “password restore to default...” on the booting messages. It means that the current password returns to the default setting. By default setting, the password is configured as nsn-switch. ************************************************************ Boot Loader Version 5.43 SMC Networks Inc. ************************************************************ Press 's' key to go to Boot Mode: 0 Load Address: 0x01000000...
Page 41: Management For System Account
Management Guide TigerAccess™ EE 4.1.6 Management for System Account 4.1.6.1 Creating System Account For the switch, the administrator can create a system account. And it is possible to set the security level from 0 to 15 to enhance the system security. To create a system account, use the following command.
Page 42 Management Guide TigerAccess™ EE To define the security level and its authority, use the following command. Command Mode Description privilege view level <0-15> Uses the specific command of Privileged EXEC View {COMMAND | all} mode in the level. privilege enable level <0-15> Uses the specific command of Privileged EXEC Enable {COMMAND | all} mode in the level.
Page 43 Management Guide TigerAccess™ EE The commands starting with the same character are applied by inputting only the starting commands. For example, if you input show, all the commands starting with show are applied. To delete a configured security level, use the following command. Command Mode Description...
Page 44: Limiting Number Of Users
Management Guide TigerAccess™ EE Enter new password:(Enter) Bad password: too short. Warning: weak password (continuing). Re-enter new password: (Enter) Password changed. SWITCH(config)# user add test1 level 1 level1user Changing password for test1 Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers.
Page 45: Auto Log-Out
Management Guide TigerAccess™ EE To set the number of users accessing the switch, use the following command. Command Mode Description Sets the number of users accessing the switch. login connect <1-8> Default: 8 Global no login connect Deletes a configured value. 4.1.8 Auto Log-out For security reasons of the switch, if no command is entered within the configured inactiv-...
Page 46: System Rebooting
Management Guide TigerAccess™ EE SWITCH# write memory [OK] SWITCH# The system administrator can disconnect users connected from remote place. To discon- nect a user connected through telnet, use the following command. Command Mode Description disconnect TTY-NUMBER Enable Disconnects a user connected through telnet. The following is an example of disconnecting a user connected from a remote place.
Page 47: Auto System Rebooting
Management Guide TigerAccess™ EE 4.1.10.2 Auto System Rebooting The switch reboots the system according to user’s configuration. There are two basis for system rebooting. These are CPU and memory. CPU is rebooted in case CPU Load or In- terrupt Load continues for the configured time. Memory is automatically rebooted in case memory low occurs as the configured times.
Page 48: System Authentication
Management Guide TigerAccess™ EE System Authentication For the enhanced system security, the switch provides two authentication methods to ac- cess the switch such as Remote Authentication Dial-In User Service (RADIUS) and Ter- minal Access Controller Access Control System Plus (TACACS+). 4.2.1 Authentication Method To set the system authentication method, use the following command.
Page 49: Radius Server
Management Guide TigerAccess™ EE 4.2.4 RADIUS Server 4.2.4.1 RADIUS Server for System Authentication To add/delete a RADIUS server for system authentication, use the following command. Command Mode Description Adds a RADIUS server with its information. login radius server A.B.C.D A.B.C.D: IP address KEY [auth_port PORT acct_port KEY: authentication key value Global...
Page 50: Tacacs+ Server
Management Guide TigerAccess™ EE 4.2.5 TACACS+ Server 4.2.5.1 TACACS+ Server for System Authentication To add/delete the TACACS+ server for system authentication, use the following command. Command Mode Description Adds a TACACS+ server with its information. login tacacs server A.B.C.D KEY A.B.C.D: IP address Global KEY: authentication key value...
Page 51: Accounting Mode
Management Guide TigerAccess™ EE Authentication Type To select the authentication type for TACACS+, use the following command. Command Mode Description Selects an authentication type for TACACS+. login tacacs auth-type {ascii | ascii: plain text pap | chap} pap: password authentication protocol Global chap: challenge handshake authentication protocol no login tacacs auth-type...
Page 52: Configuring Interface
Management Guide TigerAccess™ EE Configuring Interface The Layer 2 switches only see the MAC address in an incoming packet to determine where the packet needs to come from/to and which ports should receive the packet. The Layer 2 switches do not need IP addresses to transmit packets. However, if you want to access to the switch from a remote place with TCP/IP through SNMP or telnet, it requires an IP address.
Page 53: Assigning Ip Address To Network Interface
Management Guide TigerAccess™ EE To display if an interface is enabled, use the show running-config command. 4.3.2 Assigning IP Address to Network Interface After enabling an interface, assign an IP address. To assign an IP address to a network interface, use the following command. Command Mode Description...
Page 54: Interface Description
Management Guide TigerAccess™ EE To delete a configured static route, use the following command. Command Mode Description no ip route A.B.C.D SUBNET-MASK {GATEWAY | null} [<1-255>] Global Deletes a configured static route. no ip route A.B.C.D/M {GATEWAY | null} [<1- 255>] To configure a default gateway, use the following command.
Page 55: Displaying Interface
Management Guide TigerAccess™ EE inet 10.27.41.91/24 broadcast 10.27.41.255 input packets 3208070, bytes 198412141, dropped 203750, multicast packets 0 input errors 12, length 0, overrun 0, CRC 0, frame 0, fifo 12, missed 0 output packets 11444, bytes 4192789, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 SWITCH(config)#...
Page 56: Secure Shell (Ssh)
Management Guide TigerAccess™ EE Secure Shell (SSH) Network security is getting more important because the access network has been gener- alized among numerous users. However, typical FTP and telnet service have big weak- ness for their security. Secure shell (SSH) is a network protocol that allows establishing a secure channel between a local and a remote computer.
Page 57: Assigning Specific Authentication Key
Management Guide TigerAccess™ EE 4.4.1.4 Assigning Specific Authentication Key After enabling SSH server, each client will upload its own generated authentication key. The SSH server can assign the specific key among the uploaded keys from several cli- ents. To verify an authentication key, use the following command. Command Mode Description...
Page 58: Authentication Key
Management Guide TigerAccess™ EE 4.4.2.3 Authentication Key SSH client can access to server through authentication key after configuring authentica- tion key and informing it to server. It is safer to use authentication key than inputting password every time for login, and it is also possible to connect to several SSH servers with using one authentication key.
Page 59: Authentication
Management Guide TigerAccess™ EE 802.1x Authentication To enhance security and portability of network management, there are two ways of au- thentication based on MAC address and port-based authentication which restrict clients attempting to access to port. Port-based authentication (802.1x) is used to authenticate the port self to access without users’...
Page 60: Authentication
Management Guide TigerAccess™ EE 4.5.1 802.1x Authentication 4.5.1.1 Enabling 802.1x To configure 802.1x, the user should enable 802.1x daemon first. To enable 802.1x dae- mon, use the following command. Command Mode Description dot1x system-auth-control Enables 802.1x daemon. Global no dot1x system-auth-control Disables 802.1x daemon.
Page 61: Authentication Mode
Management Guide TigerAccess™ EE After default server is designated, all requests start from the RADIUS server. If there’s no response from default server again, the authentication request is tried for RADIUS server designated as next one. To configure IP address of RADIUS server and key value, use the following command. Command Mode Description...
Page 62: Authentication Port
Management Guide TigerAccess™ EE 4.5.1.4 Authentication Port After configuring 802.1x authentication mode, you should select the authentication port. Command Mode Description dot1x nas-port PORTS Designates 802.1x authentication port. Global no dot1x nas-port PORTS Disables 802.1x authentication port. 4.5.1.5 Force Authorization The switch can permit the users requesting the access regardless of the authentication from RADIUS server.
Page 63: Interval Of Request To Radius Server
Management Guide TigerAccess™ EE To configure times of authentication request in the switch, please use the command in Global mode. Command Mode Description Configure times of authentication request to RADIUS dot1x radius-server retries <1- Global server. 10> 1-10: retry number (default: 3) 4.5.1.8 Interval of Request to RADIUS Server For the switch, it is possible to set the time for the retransmission of packets to check...
Page 64: Interval Of Re-Authentication
Management Guide TigerAccess™ EE 4.5.2.2 Interval of Re-Authentication RAIDIUS server contains the database about the user who has access right. The data- base is real-time upgraded so it is possible for user to lose the access right by updated database even though he is once authenticated. In this case, even though the user is ac- cessible to network, he should be authenticated once again so that the changed database is applied to.
Page 65: Initializing Authentication Status
Management Guide TigerAccess™ EE 4.5.3 Initializing Authentication Status The user can initialize the entire configuration on the port. Once the port is initialized, the supplicants accessing to the port should be re-authenticated. Command Mode Description dot1x initialize PORTS Global Initializes the authentication status on the port. 4.5.4 Restoring Default Value To restore the default value of the 802.1x configuration, use the following command.
Page 66: Sample Configuration
Management Guide TigerAccess™ EE 4.5.7 Sample Configuration The following is the example of configuring the port 25 with the port-based authentication specifying the information of RADIUS server. SWTICH(config)# dot1x system-auth-control SWTICH(config)# dot1x nas-port 25 SWTICH(config)# dot1x port-control force-authorized 25 SWTICH(config)# dot1x radius-server host 10.1.1.1 auth-port 1812 key test SWTICH(config)# show dot1x 802.1x authentication is enabled.
Page 67 Management Guide TigerAccess™ EE The following is the example of configuring the port 25 with the MAC-based authentica- tion. SWTICH(config)# dot1x auth-mode mac-base 25 SWTICH(config)# show dot1x 802.1x authentication is enabled. RADIUS Server TimeOut: 1(S) RADIUS Server Retries: 3 RADIUS Server : 10.1.1.1 (Auth key : test) ---------------------------------------------- 802.1x |123456789012345678901234567890123 ----------------------------------------------...
Page 68: Port Configuration
Management Guide TigerAccess™ EE 5 Port Configuration The switch provides maximum 24 VDSL ports including integrated splitters. In this chapter, you can find the instructions for the basic port configuration such as auto-negotiation, flow control, transmit rate, etc. Please read the following instructions carefully before you con- figure a port in the switch.
Page 69: Transmit Rate
Management Guide TigerAccess™ EE riety of manufacturers. To enable/disable the auto-negotiation on an Ethernet port, use the following command. Command Mode Description Enables/disables the auto-negotiation on a specified port nego PORTS {on | off} Bridge port, enter a port number. (default: on) Auto-negotiation operates only on 10/100/1000Base-TX interface.
Page 70: Duplex Mode
Management Guide TigerAccess™ EE The following is an example of setting transmit rate on the Ethernet port 25 to 10 Mbps. SWITCH(bridge)# show port 25 ------------------------------------------------------------------------ TYPE PVID STATUS MODE FLOWCTRL INSTALLED (ADMIN/OPER) (ADMIN/OPER) ------------------------------------------------------------------------ Ethernet Up/Up Auto/Full/1000 Off/ Off SWITCH(bridge)# port speed 25 10 SWITCH(bridge)# show port 25 ------------------------------------------------------------------------...
Page 71: Flow Control
Management Guide TigerAccess™ EE 5.2.5 Flow Control In Ethernet networking, the flow control is the process of adjusting the flow of data from one network device to another to ensure that the receiving device can handle all of the in- coming data.
Page 72: Traffic Statistics
Management Guide TigerAccess™ EE 5.2.7 Traffic Statistics 5.2.7.1 Packet Statistics To display the traffic statistics of an Ethernet port, use the following command. Command Mode Description show port statistics avg-pkt Shows the traffic statistics of the average packet for a [PORTS] specified Ethernet port.
Page 73: Cpu Statistics
Management Guide TigerAccess™ EE 5.2.7.2 CPU Statistics To display the statistics of the traffic handled by CPU, use the following command. Command Mode Description show statistics avg-pkt Shows the statistics of the traffic handled by CPU per Enable [PORTS] packet type. Global show statistics...
Page 74: Protocol Statistics
Management Guide TigerAccess™ EE To disable the switch to generate a syslog message according to the number of the pack- ets handled by CPU, use the following command. Command Mode Description Disables the switch to generate a syslog message no cpu statistics-limit {unicast | according to the number of the packets handled by multicast | broadcast} {PORTS | CPU for each packet type.
Page 75: Port Information
Management Guide TigerAccess™ EE 5.2.8 Port Information To display the port information, use the following command. Command Mode Description show port [PORTS] Shows a current port status, enter a port number. Enable Shows a specified port description, enter a port num- show port description [PORTS] Global ber.
Page 76: Vdsl Port Configuration
Management Guide TigerAccess™ EE VDSL Port Configuration 5.3.1 Modulation of VDSL Signal The switch provides both Internet and telephone communication through existing tele- phone line with using DSL technology. DSL communication system requires technique to convert digital signal into analog signal and return the analog signal into the digital signal. Fig.
Page 77: Configuring Vdsl Port
Management Guide TigerAccess™ EE Fig. 5.2 DMT Modulation Meanwhile, DMT using multi carrier can control carrier about exterior noise differently came from each frequency in detail, whereas chip implementation is more complicated than QAM and power consumption is quite high. Also, it is possible to process many digi- tal signals.
Page 78: Displaying Status Of Vdsl Port
Management Guide TigerAccess™ EE 5.3.2.1 Displaying Status of VDSL Port You can check status of VDSL port and user’s configuration. It is also possible to view in- formation of VDSL port. To check status of VDSL port and information of DMT modulation, use the following command Command Mode...
Page 79: Profile Of Vdsl Port
Management Guide TigerAccess™ EE This command is used not only to enable VDSL port but also to reset it when is on unsta- ble status. 5.3.2.3 Profile of VDSL Port It is possible to configure bandwidth of up/down stream of VDSL port. To configure the profile, use the following command.
Page 80: Controlling Power According To Connection Distance
Management Guide TigerAccess™ EE The default pofile of VDSL port is「30a」 Configuration for Profile of VDSL port is applied to all the ports. The following table shows the option band types of VDSL port. Profile Mode Description adsl ADSL friendly mode adsl2 ADSL2 + friendly mode adsl-safe...
Page 81 Management Guide TigerAccess™ EE To control supplied power according to VDSL line, use the following command. Command Mode Description Controls supplied power according to distance of VDSL lre PORTS upbo enable Bridge line. You should control supplied power of VDSL port according to distance of VDSL line. To disable power control according to distance of VDSL line, use the following command.
Page 82: Tab. 5.4 Value Of Pbo-Length
Management Guide TigerAccess™ EE To configure the power back-off length of each upstream band, use the following com- mand. Command Mode Description lre PORTS band-pbo-length u0 LENGTH [u1 LENGTH] Configures the power back-off length per upstream lre PORTS band-pbo-length u0 LENGTH LENGTH band.
Page 83 Management Guide TigerAccess™ EE The following is an example of configuring the power consumption per upstream band of port 1 as 100m to 400m. SWITCH(bridge)# lre 1 band-pbo-length u0 1 u1 2 u2 3 u3 4 SWITCH(bridge)# show lre psd 1-7 ----------------------------------------------------------- Port Status Up Stream...
Page 84: Psd Level
Management Guide TigerAccess™ EE 5.3.2.5 PSD Level Power Spectral Density (PSD) Level is configured according to the standard but PSD- Level can be configured as the frequency by the administrator. To configure PSD-Level, use the following command. Command Mode Description lre PORTS psd-level { 0ㅣ1 | 2 | 3 Configures PSD value and frequency vlaue in VDSL | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 |...
Page 85: Psd Mask Level
Management Guide TigerAccess™ EE 8508 - 12000 default 12008 - 16700 default 16708 - 17600 default 17608 - 18100 default 18108 - 30000 default SWITCH(bridge)# 5.3.2.6 PSD Mask Level To configure PSD-Level, use the following command. Command Mode Description lre PORTS psd-mask-level { 0ㅣ1 | 2 | 3 | 4 | 5 | 6 Configures PSD Mask Level in VDSL Bridge | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 }...
Page 86 Management Guide TigerAccess™ EE To enable Interleave process, use the following command. Command Mode Description lre PORTS channel slow Bridge Enables Interleave process. The default is Interleave enabled as “slow”. The following is an example of displaying Interleave. SWITCH(bridge)# show lre interleave 1-5 ------------------------------------------ Port Status Channel...
Page 87: Impulse Noise Protection
Management Guide TigerAccess™ EE To display configured interleave delay, use the following command Command Mode Description Enable show lre interleave [PORTS] Global Shows the configuration of interleave delay. Bridge The following is an example of configuring Interleave-delay of port 50 as 50ms. SWITCH(bridge)# lre 5 interleave-delay 50 SWITCH(bridge)# show lre interleave 1-5 ------------------------------------------...
Page 88: Ham-Band
Management Guide TigerAccess™ EE To enable/disable TCM of VDSL line port, use the following command. . Command Mode Description lre PORTS tcm {enable | disable} Bridge Configures TCM (default: enable) To display configured TCM, use the following command. Command Mode Description show lre tcm [PORTS] Enable/Global/Bridge...
Page 89: Snr Margin
Management Guide TigerAccess™ EE The following table shows bandwidth of Ham band frequency. Ham band Bandwidth of Frequency(Unit:MHz) Standard band1 1.800 ~ 1.810 RFI Notch band2 1.800 ~ 1.825 KOREA HAM-BAND band3 1.810 ~ 1.825 ANNEX F band4 1.810 ~ 2.000 ETSI, T1E1 band5 1.9075 ~ 1.9125...
Page 90: Fig. 5.3 Deciding Transmit Rate According To Snr Margin
Management Guide TigerAccess™ EE with or less than the noise strength, stable communication cannot be done. Therefore, SNT must not be minus or “0”. And, if there is this situation, you have to increase signal strength or decrease noise strength. Transmit rate of VDSL line depends of SNR.
Page 91: Bitloading Per Tone
Management Guide TigerAccess™ EE To display SNR margin, use the following command. Command Mode Description show lre snr [PORTS] Enable/Global/Bridge Shows the configuration of SNR margin. The following is an example of configuring SNR margin of port 3 as “10㏈”. SWITCH(bridge)# lre 3 snr-target-margin 10 down SWITCH(bridge)# show lre snr 1-5 -----------------------------------------------------...
Page 92: G.handshake Tone
Management Guide TigerAccess™ EE The following table lists the sub-commands in the Bitloading per tone command. Sub-command Description tx-bit-ne Get Tx Per Tone BitLoading Info Near End snr-ne Get Rx Per Tone SNR Info Near End noise-margin-ne Get Rx Per Tone Noise Margin Near End feq-ne Get Rx Per Tone Current FEQ ine Coeffs Near End tx-pwr-ne...
Page 93: Fig. 5.4 Counting Times Of Error
Management Guide TigerAccess™ EE time from beginning of the 15 minutes and time of error (Prev. 15m) of previous 15 min- utes. Also, you can check times of error (Today) at present time from starting Today, times of error (Yesterday) of yesterday, and total times of error from booting. The following im- age shows standard of error counting provided in switch.
Page 94 Management Guide TigerAccess™ EE To check CRC error, Frame losses, and Signal loss of specific port at a time, use the fol- lowing command Command Mode Description Shows data of CRC error, Frame loss, and Signal loss show lre stat-count-all PORTS at a time about Upstream Shows data of CRC error, Frame loss, and Signal loss Enable...
Page 95 Management Guide TigerAccess™ EE To display all errors that are counted during 15 minutes or one day, use the following command Command Mode Description show lre pre-15m-error [PORTS] Shows the error status in previous 15 minutes. Enable show lre cur-15m-error [PORTS] Shows the error status in current 15 minutes.
Page 96: Config-Profile
Management Guide TigerAccess™ EE 5.3.4 Config-Profile You can make a policy configured in service port a Profile to apply to port. There are two kinds of profiles; one applied to VDSL line and the other one configured for Alarm of SNMP trap in case error is happened.
Page 97 Management Guide TigerAccess™ EE To configure the detail of Profile, Use the following command. Command Mode Description Configures Interleave-delay of Downstream. The unit is down-max-inter-delay <1-100> msec. down-slow-max-datarate <0- Configures transmit rate of Maximum Downstream. The 100000> unit is kbps. (1000=1Mbps) down-slow-min-datarate <0- Configures transmit rate of Minimum Downstream.
Page 98 Management Guide TigerAccess™ EE To display the configuration, use the following command. Command Mode Description show line-config-profile Shows the configuration of all line config Enable/Global/Bridge [PORTS] profiles. To enable configuration of this line-config profile, use the following command. Command Mode Description active Enables the profile.
Page 99: Alarm Config Profile
Management Guide TigerAccess™ EE To disable the application of profile in specified port, use the following command. Command Mode Description line-config-profile NAME Bridge Disables profile in specified port. PORTS To delete configured profile, use the following command. Command Mode Description no line-config-profile NAME Bridge Deletes Profile.
Page 100 Management Guide TigerAccess™ EE Command Mode Description Configures threshold of duration of LOS. The unit is thresh-15min-loss <0-900> second. Alarm- Configures threshold of duration of SES. The unit is thresh-15min-sess <0-900> Config second. Configures threshold of duration of UAS. The unit is thresh-15min-uass <0-900>...
Page 101 Management Guide TigerAccess™ EE The following is an example of enabling configuration SWITCH(bridge-alarm-config-profile[TEST])# active SWITCH(bridge-alarm-config-profile[TEST])# show running-config (omitted) alarm-config-profile TEST thresh-15min-lofs 300 thresh-15min-loss 300 thresh-15min-lols 300 thresh-15min-ess 300 thresh-15min-sess 300 thresh-15min-uass 300 active (omitted) SWITCH(bridge-line-config-profile[TEST])# Unless you enable configured profiles, they will not be applied although you apply them to ports.
Page 102 Management Guide TigerAccess™ EE With enabled stacking, Master’s configuration is same configured in Slave. However, Master can make application to port of Slave. You should configure it in Slave. Please save the configuration after applying to port. To disable the application of profile, use the following command. Command Mode Description...
Page 103: Configuring Cpe
Management Guide TigerAccess™ EE 5.3.5 Configuring CPE You can reset CPE used when switch and check state of CPE. “PORTS” at CPE configuration command is VDSL port number connected specified CPE. The below description is only for this switch, in which module is installed in DMT modula- tion.
Page 104 Management Guide TigerAccess™ EE To connect to FTP, please use the following command. Command Mode Description Connects to FTP to store system image file in the sys- load ftp DESTINATION Enable tem flash memory. SWITCH# load ftp 172.16.232.1 Connected to 172.16.232.1. 220 FTP Server ready.
Page 105: Installing Cpe System Image File In Slave
Management Guide TigerAccess™ EE The following is an example to change the name of CPE file into single file name after ex- iting from FTP. Input the port number connected to CPE which is supposed to install system image. Step 4 Install the system image file to the CPE.
Page 106 Management Guide TigerAccess™ EE Step 2 Connect to FTP of Master to bring new system image file of CPE stored in Master RAM. Command Mode Description load ftp DESTINATION Enable Connects to FTP of Master. The following is an example of connecting to FTP of Master, 127.1.0.1. SWITCH# config terminal SWITCH(config)# bridge SWITCH(bridge)# load ftp 127.1.0.1...
Page 107: Configuring Agc (Auto Gain Control)
Management Guide TigerAccess™ EE Step 4 Exit from FTP server. ftp> bye 221 Goodbye. SWITCH# Step 5 After exiting from FTP, change the name of system image file of CPE stored in this switch into the single file name. To change into the single file name, please use the following command. Command Mode Description...
Page 108: Checking Length Of Cable Between Cpe And Co
Management Guide TigerAccess™ EE To designate AGC and configure it manually, you should designate the distance. To dis- able the configured AGC, use the following command. Command Mode Description cpe {agc-off-0ㅣagc-off-1ㅣagc-off-2ㅣagc-off-3ㅣ Disable AGC in CPE and configure the agc-off-4ㅣagc-off-5ㅣagc-off-6ㅣagc-off-7ㅣagc- Bridge distance manually.
Page 109: Auto Upgrade Of Cpe Image
Management Guide TigerAccess™ EE 5.3.5.9 Auto Upgrade of CPE Image To upgrade the CPE image automatically, use the following command. Command Mode Description Enables the auto upgrading of CPE image for specific cpe auto-upgrade enable {h310 | target model. h320 | h330 | h335} VERSION Bridge VERSION: source cpe version (ex: 0.0.0r0) cpe auto-upgrade disable...
Page 110: Tab. 5.9 Nos Download
Management Guide TigerAccess™ EE NOS Version means the current image. It will be updated after resetting when you install new image. In the above example, NOS Download is indicated as the below. Feature Command NOS is not downloaded yet. NOS is being downloaded. Done NOS has been successfully downloaded.
Page 111: Port Mirroring
Management Guide TigerAccess™ EE Port Mirroring Port mirroring is the function of monitoring a designated port. Here, one port to monitor is called monitor port and a port to be monitored is called mirrored port. Traffic transmitted from mirrored port are copied and sent to monitor port so that user can monitor network traffic.
Page 112 Management Guide TigerAccess™ EE Step 3 Designate the mirrored ports, use the following command. Command Mode Description Designates the mirrored ports. mirror add PORTS [ingress | Bridge ingress: ingress traffic egress] egress: egress traffic Step 4 To delete and modify the configuration, use the following command. Command Mode Description...
Page 113: System Environment
Management Guide TigerAccess™ EE 6 System Environment Environment Configuration You can configure a system environment of the this switch with the following items: • Host Name Time and Date • Time Zone • Network Time Protocol (NTP) • Simple Network Time Protocol (SNTP) •...
Page 114: Time Zone
Management Guide TigerAccess™ EE 6.1.3 Time Zone The switch provides three kinds of time zone, GMT, UCT and UTC. The time zone of the switch is predefined as GMT (Greenwich Mean Time). Also you can set the time zone where the network element belongs. To set the time zone, use the following command (refer to the below table).
Page 115: Simple Network Time Protocol (Sntp)
Management Guide TigerAccess™ EE To display a configured NTP, use the following command. Command Mode Description Enable show ntp Global Shows a configured NTP function. Bridge To synchronize the system clock, the system periodically sends the NTP message to the NTP server.
Page 116: Terminal Configuration
Management Guide TigerAccess™ EE You can configure up to 3 servers so that you use second and third servers as backup use in case the first server is down. To display SNTP configuration, use the following command. Command Mode Description Enable show sntp Global...
Page 117: Dns Server
Management Guide TigerAccess™ EE To restore a default banner, use the following command. Command Mode Description no banner no banner login Global Restores a default banner. no banner login-fail To display a current login banner, use the following command. Command Mode Description Enable...
Page 118: Fan Operation
Management Guide TigerAccess™ EE 6.1.9 Fan Operation For the switch, it is possible to control fan operation. To control fan operation, use the fol- lowing command. Command Mode Description fan operation {on | off} Global Configures fan operation. It is possible to configure to start and stop fan operation according to the system tempera- ture.
Page 119: Ftp Client Address
Management Guide TigerAccess™ EE configuration is unnecessary on sysem, user can disable the system as FTP server. To enable/disable the system of this switch as FTP server, use the following command. Command Mode Description Enables/disables the FTP server on the system. ftp server {enable | disable} Global (default: enable)
Page 120: Port Traffic
Management Guide TigerAccess™ EE To show the configured threshold of CPU load, use the following command. Command Mode Description show cpuload Shows the configured threshold of CPU load. Enable Global Shows the CPU usage every 5 seconds during current show cpu-trueload Bridge 10 minutes.
Page 121: System Temperature
Management Guide TigerAccess™ EE When you set the threshold of fan operation, START-TEMP must be higher than STOP- TEMP. To show the configured threshold of fan operation, use the following command. Command Mode Description Shows the status and configured thresh- show status fan Enable/Global/Bridge old of fan operation.
Page 122: Sfp Module (Optional Uplink Port)
Management Guide TigerAccess™ EE 6.1.13.6 SFP Module (optional uplink port) The system module will operate depending on monitoring type of temperaturem, RX/TX power, voltage or Txbias. To set the threshold of module, use the following command. Command Mode Description threshold module {rxpower | Sets the Diagnostics threshold of SFP module by txpower} {alarm...
Page 123 Management Guide TigerAccess™ EE This module DMI command is enabled by default. Thus, if you don’t want to get DMI in- formation, configure this setting as disable. If disabled, the switch does not show DMI information of the SFP ports when using the show port module-info command.
Page 124: Configuration Management
Management Guide TigerAccess™ EE Configuration Management You can verify if the system configurations are correct and save them in the system. This section contains the following functions. Displaying System Configuration • Writing System Configuration • Auto-Saving • System Configuration File •...
Page 125: Auto-Saving
Management Guide TigerAccess™ EE 6.2.3 Auto-Saving The switch supports the auto-saving feature, allowing the system to save the system con- figuration automatically. This feature prevents unsaved system configuration lost by un- expected system failure. To allow the system to save the system configuration automatically, use the following command.
Page 126: Restoring Default Configuration
Management Guide TigerAccess™ EE To delete a system configuration file, use the following command. Command Mode Description Enable Deletes a specified configuration file. erase config FILENAME Global FILENAME: configuration file name To display a system configuration file, use the following command. Command Mode Description...
Page 127: System Management
Management Guide TigerAccess™ EE System Management When there is any problem in the system, you must find what the problem is and its solu- tion. Therefore you should not only be aware of a status of the system but also verify if the system is correctly configured.
Page 128: Tab. 6.3 Options For Ping For Multiple Ip Addresses
Management Guide TigerAccess™ EE Items Description It is considered as successful ping test if reply returns within the con- Timeout in seconds [2] figured time interval. The default is 2 seconds. Extended commands [n] Shows the additional commands. The default is no. Tab.
Page 129: Ip Icmp Source Routing
Management Guide TigerAccess™ EE The following is to verify network status between 172.16.157.100 and 172.16.1.254 when IP address of the switch is configured as 172.16.157.100. SWITCH# ping Protocol [ip]: Target IP address: 172.16.1.254 Repeat count [5]: 5 Datagram size [100]: 100 Timeout in seconds [2]: 2 Extended commands [n]: y Source address or interface: 172.16.157.100...
Page 130: Tracing Packet Route
Management Guide TigerAccess™ EE In the above figure, if you perform ping test from PC to C, it goes through the route of 「A→B→C」. This is the general case. But, the switch can enable to perform ping test from PC as the route of「A→E→D→C」. Reply Request A Switch...
Page 131: Displaying User Connecting To System
Management Guide TigerAccess™ EE If the timer goes off before a response comes in, an asterisk (*) is printed on the screen. Command Mode Description traceroute [DESTINATION] Traces packet routes through the network. traceroute ip DESTINATION Enable DESTINATION: IP address or host name traceroute icmp DESTINATION The followings are the configurable options to trace the routes.
Page 132: Mac Table
Management Guide TigerAccess™ EE 6.3.5 MAC Table To display MAC table recorded in specific port, use the following command. Command Mode Description show mac BRIDGE [PORTS] Enable Shows MAC table. Global BRIDGE: bridge name show mac count [PORTS] Bridge PORTS: port number The following is an example of displaying a current MAC table.
Page 133: System Memory Information
Management Guide TigerAccess™ EE SysInfo(System Information) Model Name : SMC7824M/VSW Main Memory Size : 256 MB Flash Memory Size : 8 MB(SPANSION 29GL064N), 32 MB(SPANSION 29GL256N) S/W Compatibility : 7, 7 H/W Revision : DS-VD-23N-B0 NOS Version : 5.01 B/L Version : 5.43 H/W Address : 00:d0:cb:00:25:55...
Page 134: Displaying System Image
Management Guide TigerAccess™ EE admin 20552 5100 20:12 0:53 /usr/sbin/swchd (Omitted) SWITCH# 6.3.10 Displaying System Image To display a current system image version, use the following command. Command Mode Description show version Enable/Global/Bridge Shows a version of system image. To display a size of the current system image, use the following command. Command Mode Description...
Page 135: Tech Support Information
Management Guide TigerAccess™ EE 6.3.14 Tech Support Information For various reason, a system error may occur. Once the system error occurs, system engineers try to examine the internal system information such as a system configuration, log data, memory dump, and so on to solve the problem. To reduce the effort to acquire the detail informtation of the system for a technical suppport, the switch provides the function that generates all the system information reflecting the current state.
Page 136: Network Management
Management Guide TigerAccess™ EE 7 Network Management Simple Network Management Protocol (SNMP) The simple network management protocol (SNMP) is an application-layer protocol de- signed to facilitate the exchange of management information between network devices. SNMP consists of three parts: an SNMP manager, a managed device and an SNMP agent.
Page 137: Information Of Snmp Agent
Management Guide TigerAccess™ EE To display configured SNMP community, use the following command. Command Mode Description Enable show snmp community Global Shows created SNMP community. Bridge The following is an example of creating 2 SNMP communities. SWITCH(config)# snmp community ro public SWITCH(config)# snmp community rw private SWITCH(config)# show snmp community Community List...
Page 138: Snmp Com2Sec
Management Guide TigerAccess™ EE 7.1.3 SNMP Com2sec SNMP v2 authorizes the host to access the agent according to the identity of the host and community name. The com2sec command specifies the mapping from the identity of the host and community name to security name. To configure an SNMP security name, use the following command.
Page 139: Snmp View Record
Management Guide TigerAccess™ EE 7.1.5 SNMP View Record You can create an SNMP view record to limit access to MIB objects with object identity (OID) by an SNMP manager. To configure an SNMP view record, use the following command. Command Mode Description Creates an SNMP view record.
Page 140: Snmp Version 3 User
Management Guide TigerAccess™ EE To display a granted SNMP group to access to a specific SNMP view record, use the fol- lowing command. Command Mode Description Enable Shows a granted SNMP group to access to a specific show snmp access Global SNMP view record.
Page 141: Snmp Trap Host
Management Guide TigerAccess™ EE 7.1.8.2 SNMP Trap Host To set an SNMP trap host, use the following command. Command Mode Description snmp trap-host A.B.C.D [COMMUNITY] Specifies an SNMP trap v1 host. Global snmp trap2-host A.B.C.D [COMMUNITY] Specifies an SNMP trap v2 host. snmp inform-trap-host A.B.C.D [COMMUNITY] Specifies an SNMP inform trap host.
Page 142: Disabling Snmp Trap
Management Guide TigerAccess™ EE figured by user. Also, when system temperature falls below the threshold, trap mes- sage will be shown. dhcp-lease is shown when no more IP address is left in the DHCP pool. Even if this • occurs only in one DHCP pool of several pools, this trap message will be shown. fan/ module is shown when there is any status-change of fan and module.
Page 143: Displaying Snmp Trap
Management Guide TigerAccess™ EE Command Mode Description no snmp trap mem-threshold no snmp trap cpu-threshold no snmp trap port-threshold no snmp trap temp-threshold Global Disables each SNMP trap. no snmp trap dhcp-lease no snmp trap fan no snmp trap module no snmp trap pps-control 7.1.8.5 Displaying SNMP Trap...
Page 144: Snmp Alarm
Management Guide TigerAccess™ EE 7.1.9 SNMP Alarm The switch provides an alarm notification function. The alarm will be sent to a SNMP trap host whenever a specific event in the system occurs through CLI. You can also set the alarm severity on each alarm and make the alarm be shown only in case of selected se- verity or higher.
Page 145: Default Alarm Severity
Management Guide TigerAccess™ EE 7.1.9.3 Default Alarm Severity To set default alarm severity, use the following command. Command Mode Description snmp alarm-severity default Sets default alarm severity. {critical | major | minor | warning Global (default: minor) | intermediate} 7.1.9.4 Generic Alarm Severity To set generic alarm severity, use the following command.
Page 146 Management Guide TigerAccess™ EE Command Mode Description snmp alarm-severity rmon-alarm-falling {criti- Sets severity of an alarm for RMON cal | major | minor | warning | intermediate} alarm falling. snmp alarm-severity system-restart {critical | Sets severity of an alarm for system major | minor | warning | intermediate} restart.
Page 147: Adva Alarm Severity
Management Guide TigerAccess™ EE 7.1.9.5 ADVA Alarm Severity To set ADVA alarm severity, use the following command. Command Mode Description snmp alarm-severity adva-fan-fail {critical | Sets ADVA severity of an alarm for sys- major | minor | warning | intermediate} tem temperature high.
Page 148: Erp Alarm Severity
Management Guide TigerAccess™ EE 7.1.9.6 ERP Alarm Severity To set severity of an alarm for ERP, use the following command. Command Mode Description snmp alarm-severity erp- Sets severity of an alarm for loss of test packet (LOTP) domain-lotp {critical | major | in ERP domain.
Page 149: Displaying Snmp Alarm Severity
Management Guide TigerAccess™ EE To delete configured severity of alarm for STP guard, use the following command. Command Mode Description no snmp alarm-severity stp- bpdu-guard Global Deletes configured severity of an alarm for STP guard. no snmp alarm-severity stp- root-guard 7.1.9.8 Displaying SNMP Alarm Severity To display configured severity of alarm, use the following command.
Page 150: Operation, Administration And Maintenance (Oam)
Management Guide TigerAccess™ EE Operation, Administration and Maintenance (OAM) In the enterprise, Ethernet links and networks have been managed via Simple Network Management Protocol (SNMP). Although SNMP provides a very flexible management so- lution, it is not always efficient and is sometimes inadequate to the task. First, using SNMP assumes that the underlying network is operational because SNMP re- lies on IP connectivity;...
Page 151: Local Oam Mode
Management Guide TigerAccess™ EE 7.2.2 Local OAM Mode To configure Local OAM, use the following command. Command Mode Description local mode {active Bridge Configures the mode of local OAM. passive} PORTS Both request and loopback are possible for local OAM active. However, request or loop- back is impossible for local OAM passive.
Page 152: Displaying Oam Configuration
Management Guide TigerAccess™ EE Command Mode Description oam remote general forwarding <3-4> {enable | disable} PORTS oam remote general speed <1- 4> <0-4294967295>PORTS oam remote general user <1-4> STRING PORTS oam remote system interface Shows the information of peer host using OAM func- {unforced | forceA | forceB} Bridge tion.
Page 153: Link Layer Discovery Protocol (Lldp)
Management Guide TigerAccess™ EE link event UNSUPPORT loopback SUPPORT(disable) uni-direction UNSUPPORT(disable) ------------------------------------------- SWITCH(bridge)# show oam remote 2 REMOTE PORT[2] ------------------------------------------- item value ------------------------------------------- mode ACTIVE MAC address 00:d0:cb:27:00:94 variable UNSUPPORT link event UNSUPPORT loopback SUPPORT(enable) uni-direction UNSUPPORT ------------------------------------------- SWITCH(bridge)# oam remote loopback start 2 PORT[2]: The remote DTE loopback is success.
Page 154: Lldp Operation Type
Management Guide TigerAccess™ EE 7.3.3 LLDP Operation Type If you activated LLDP on a port, configure LLDP operation type. Each LLDP operation type works as one of the followings: both sends and receive LLDP frame. • tx_only only sends LLDP frame. •...
Page 155: Reinitiating Delay
Management Guide TigerAccess™ EE 7.3.6 Reinitiating Delay To configure the interval time of enabling LLDP frame after configuring LLDP operation type, use the following command. Command Mode Description Configures the interval time of enabling LLDP frame lldp reinitdelay <1-10> Bridge from the time of configuring not to process LLDP frame.
Page 156: Remote Monitoring (Rmon)
Management Guide TigerAccess™ EE Remote Monitoring (RMON) Remote Monitoring (RMON) is a function to monitor communication status of devices connected to Ethernet at remote place. While SNMP can give information only about the device mounting an SNMP agent, RMON gives network status information about overall segments including devices.
Page 157: Source Port Of Statistical Data
Management Guide TigerAccess™ EE Input a question mark <?> at the system prompt in RMON Configuration mode if you want to list available commands. The following is an example of listing available commands in RMON Configuration mode. SWITCH(config-rmonhistory[5])# ? RMON history configuration commands: active Activate the history data-source...
Page 158: Interval Of Sample Inquiry
Management Guide TigerAccess™ EE 7.4.1.4 Interval of Sample Inquiry To configure the interval of sample inquiry in terms of second, use the following command. Command Mode Description Defines the time interval for the history (in seconds), interval <1-3600> RMON enter the value. (default: 1800) 1 sec is the minimum time which can be selected.
Page 159: Rmon Alarm
Management Guide TigerAccess™ EE The following is an example of displaying RMON history. SWITCH(config-rmonhistory[5])# show running-config rmon-history rmon-history 5 owner test data-source ifindex.hdlc1 interval 60 requested-buckets 25 active SWITCH(config-rmonhistory[5])# 7.4.2 RMON Alarm You need to open RMON Alarm Configuration mode first to configure RMON alarm. Command Mode Description...
Page 160: Upper Bound Of Threshold
Management Guide TigerAccess™ EE To compare object selected as sample with the threshold, use the following command. Command Mode Description sample-type absolute RMON Compares object with the threshold directly. To configure delta comparison, use the following command. Command Mode Description Compares difference between current data and the sample-type delta RMON...
Page 161: Standard Of The First Alarm
Management Guide TigerAccess™ EE 7.4.2.6 Standard of the First Alarm It is possible for users to configure standard when alarm is first occurred. User can select the first point when object is more than threshold, or the first point when object is less than threshold, or the first point when object is more than threshold or less than threshold.
Page 162: Deleting Configuration Of Rmon Alarm
Management Guide TigerAccess™ EE 7.4.2.9 Deleting Configuration of RMON Alarm When you need to change a configuration of RMON alarm, you should delete an existing RMON alarm. To delete RMON alarm, use the following command. Command Mode Description Deletes RMON history of specified number, enter the no rmon-alarm <1-65535>...
Page 163: Subject Of Rmon Event
Management Guide TigerAccess™ EE 7.4.3.3 Subject of RMON Event You need to configure event and identify subject using various data from event. To identify subject of RMON event, use the following command. Command Mode Description Identifies subject of event. You can use maximum 126 owner NAME RMON characters and this subject should be same with the...
Page 164: Syslog
Management Guide TigerAccess™ EE Syslog The syslog is a function that allows the network element to generate the event notification and forward it to the event message collector like a syslog server. This function is enabled as default, so even though you disable this function manually, the syslog will be enabled again.
Page 165 Management Guide TigerAccess™ EE Syslog Output Level with a Priority To set a user-defined syslog output level with a priority, use the following command. Command Mode Description syslog output priority {auth | authpriv | kern | local0 | local1 | local2 | local3 | local4 | local5 | Generates a user-defined syslog message with a prior- local6 | local7 | syslog | user}...
Page 166: Facility Code
Management Guide TigerAccess™ EE The order of priority is emergency > alert > critical > error > warning > notice > info > debug. If you set a specific level of syslog output, you will receive only a syslog message for selected level or higher.
Page 167: Syslog Bind Address
Management Guide TigerAccess™ EE 7.5.3 Syslog Bind Address You can specify an IP address to attach to the syslog message for its identity. To specify the IP address to bind to a syslog message, use the following command. Command Mode Description syslog bind-address A.B.C.D Specifies the IP address to bind to a syslog message.
Page 168: Displaying Syslog Configuration
Management Guide TigerAccess™ EE The following is the sample output of displaying received syslog messages. SWITCH# show syslog local non-volatile 25 Aug 28 03:33:24 system: Power A is Fault Aug 28 03:33:35 system: Power A is Ok Aug 28 03:33:39 system: Power A is Fault Aug 28 03:36:01 system: Power A is Ok Aug 28 03:36:02 system: Power A is Fault Aug 28 03:43:09 system: Power A is Ok...
Page 169: Quality Of Service(Qos)
Management Guide TigerAccess™ EE Quality of Service(QoS) The switch provides a rule and QoS feature for traffic management. The rule classifies in- coming traffic, and then processes the traffic according to user-defined policies. You can use the physical port, 802.1p priority (CoS), VLAN ID, DSCP, and so on to classify incom- ing packets.
Page 170: How To Operate Qos
Management Guide TigerAccess™ EE 7.6.1 How to Operate QoS QoS operation is briefly described as below. Incoming packets are classified by configured conditions, and then processed by meter- ing, packet counter and rate-limiting on specific policer. After marking and remarking ac- tion, the switch transmits those classified and processed packets via a given scheduling algorithm.
Page 171: Fig. 7.2 Structure Of Rule
Management Guide TigerAccess™ EE – mirror transmits the classified traffic to the monitor port. – redirect transmits the classified traffic to the specified port. – permit allows traffic matching given characteristics. – deny blocks traffic matching given characteristics. – copy-to-cpu duplicates the profile of classified packets and sends a copy to CPU –...
Page 172: Packet Classification
Management Guide TigerAccess™ EE 7.6.2 Packet Classification Packet classification features allow traffic to be partitioned into multiple priority levels, or classes of service. In Flow Configuration mode, you can set packet classification criteria via flow, which is with unique name. If you specify the value of parameters, this switch classifies the packets corresponding to the parameters.
Page 173 Management Guide TigerAccess™ EE To specify a packet-classifying pattern with source/destination IP address or MAC ad- dress, use the following command. Command Mode Description Classifies an IP address. ip {A.B.C.D | A.B.C.D/M | any} A.B.C.D: source/destination IP address {A.B.C.D | A.B.C.D/M | any} [<0- A.B.C.D/M: source/destination IP address with mask 255>] any: any source/destination IP address...
Page 174 Management Guide TigerAccess™ EE When specifying a source and destination IP address as a packet-classifying pattern, the destination IP address must be after the source IP address. To specify a packet-classifying pattern with various parameters (DSCP, CoS, ToS, IP precedence, packet length, Ethernet type, IP header), use the following command. Command Mode Description...
Page 175: Applying And Modifying Flow
Management Guide TigerAccess™ EE To delete a specified packet-classifying pattern, use the following command. Command Mode Description no cos no dscp no tos no length no ip-precedence no ethtype Deletes a specified packet-classifying pattern for each Flow option. no mac no mac da-found no mac da-not-found no ip...
Page 176: Packet Conditioning
Management Guide TigerAccess™ EE To delete configured class or all classes, use the following command. Command Mode Description no class all Deletes all classes. no class NAME Deletes specified class, enter the class name. Global no class NAME flow FLOW1 Removes specified flows from class.
Page 177: Packet Counter
Management Guide TigerAccess™ EE 7.6.3.2 Packet Counter The packet counter function provides information on the total number of packets that the rule received and analyzed. This feature allows you to know the type of packets transmit- ted in the system according to rule configuration. To count the number of packets matching to corresponding policer, use the following command.
Page 178: Rate-Limit
Management Guide TigerAccess™ EE Command Mode Description Enables the system to display the statistics of packets average packet-counter octet measured in bps. Policer Disables the system to display the statistics of packets no average packet-counter octet measured in bps. To display average packet-counter configuration on policy, use the following command. Command Mode Description...
Page 179: Applying And Modifying Policer
Management Guide TigerAccess™ EE To display configured size of a token bucket, use the following command. Command Mode Description show qos max-bucketSize port Shows the token bucket size of all ports Global show qos max-bucketSize port- Shows the token bucket size of each queue for port queue PORTS 7.6.3.5 Applying and modifying Policer...
Page 180: Metering
Management Guide TigerAccess™ EE The policy name cannot start with the alphabet “a” or “A”. • The order in which the following configuration commands are entered is arbitrary. • The configuration of a policy being configured can be changed as often as wanted •...
Page 181: Fig. 7.3 Token Bucket Meter
Management Guide TigerAccess™ EE A typical meter measures the rate at which traffic stream passes it. Its rate estimation de- pends upon the flow state kept by the meter. There is a time constraint during which if the flow state is transferred from the old switch to the new switch, then it is effective in esti- mating the rate at the new switch as if though no transfer of flow has happened.
Page 182: Fig. 7.4 Behavior Of Srtcm (1)
Management Guide TigerAccess™ EE more tokens to transmit a packet remain in the bucket C, then the tokens in the bucket E are decremented by the size of that packet with the yellow color-marking. If both buckets are empty, a packet is marked red. The following figures show the behavior of the srTCM.
Page 183: Fig. 7.6 Bahavior Of Srtcm (3)
Management Guide TigerAccess™ EE Tokens are regenerated Tokens are regenerated based on CIR based on CIR Bucket C Bucket E Empty Empty If both buckets are empty, a packet is marked red Packet Red Color-Marking Fig. 7.6 Bahavior of srTCM (3) Two Rate Three Color Marker (trTCM) The trTCM meters an IP packet stream and marks its packet the one among green, yel- low, and red using Peak Information Rate (PIR) and its associated Peak Burst Size (PBS)
Page 184: Fig. 7.7 Behavior Of Trtcm (1)
Management Guide TigerAccess™ EE The following figures show the behavior of the trTCM. Tokens are regenerated Tokens are regenerated based on PIR faster than CIR based on CIR Bucket P Bucket C Token Token Tokens in both buckets are decremented by the size of Green Color-Marking the packet Token...
Page 185: Fig. 7.9 Behavior Of Trtcm (3)
Management Guide TigerAccess™ EE Tokens are regenerated Tokens are regenerated based on PIR faster than CIR based on CIR Bucket P Bucket C Empty Empty If the bucket P is empty, a packet is marked red Packet Red Color-Marking Fig. 7.9 Behavior of trTCM (3) To set the metering mode, use the following command.
Page 186: Policy Priority
Management Guide TigerAccess™ EE 7.6.4.3 Policy Priority If rules that are more than two match the same packet then the rule having a higher prior- ity will be processed first. To set a priority for a policy, use the following command. Command Mode Description...
Page 187: Fig. 7.10 Marking And Remarking
Management Guide TigerAccess™ EE of service. Fig. 7.10 shows that 4 steps of operations can affect packet marking or remarking using the 802.1p Class of service (CoS) bits in the Ethernet header. Packet Ingress Bridge-based CoS Marking InLIF-based CoS Marking Ingress Processing Policy-based CoS Marking Traffic Policing-based CoS Remarking...
Page 188 Management Guide TigerAccess™ EE Port-based user priority marking can be configured and applied to untagged packets only. To delete Bridge-based CoS Marking, use the following command. Command Mode Description no qos mark inbound port-cos Deletes CoS marking configuration of port. port PORTS no qos mark inbound port-dscp Bridge...
Page 189 Management Guide TigerAccess™ EE Traffic Policing-based CoS Remarking • Traffic Policing-based CoS Remarking uses 2 types of table, DSCP-based L3 table and Queue-cos-based L2 table. To configure Traffic Policing-based CoS Remarking, you need to select one type of table and parameter. To select a table and enable the remarking configuration, use the following command.
Page 190 Management Guide TigerAccess™ EE Remarks CoS parameters according qos remark color {green | yellow | red } queue to queue number /CoS value and <0-7> dscp <0-63> metering function configured on sys- tem. qos remark color {green | yellow | red } queue 0-7: CoS value or queue nunmber <0-7>...
Page 191: Attaching A Policy To An Interface
Management Guide TigerAccess™ EE 7.6.4.6 Attaching a Policy to an interface After you configure a rule including the packet classification, policing and rule action, you should attach a policy to an interface and to specify port or vlan in which the policy should be applied.
Page 192 Management Guide TigerAccess™ EE To dispaly a certain rule by its name or a specific rule of a certain type, use the following command. Command Mode Description show { flow | class | policer | Enable policy } [NAME] Shows the information relating to each rule, enter a Global rule name.
Page 193: Admin Rule
Management Guide TigerAccess™ EE 7.6.6 Admin Rule For the switch, it is possible to block a specific service connection like telnet, FTP, ICMP, etc with an admin rule function. 7.6.6.1 Creating Admin Flow for packet classification To classify packets by a specific admin flow for the switch, you need to open Admin-Flow Configuration mode first.
Page 194: Configuring Admin Flow
Management Guide TigerAccess™ EE 7.6.6.2 Configuring Admin Flow You can classify the packets according to IP address, ICMP, TCP, UDP and IP header length. To specify a packet-classifying pattern, use the following command. Command Mode Description Classifies an IP address: ip {A.B.C.D | A.B.C.D/M | any} A.B.C.D: source/destination IP address {A.B.C.D | A.B.C.D/M | any} [0-...
Page 195: Applying And Modifying Admin Flow
Management Guide TigerAccess™ EE To delete a specified packet-classifying pattern, use the following command. Command Mode Description no ip Deletes a specified packet-classifying pattern for each Admin-Flow option. no ip header-length 7.6.6.3 Applying and modifying Admin Flow After configuring an admin flow using the above commands, apply it to the system with the following command.
Page 196: Admin Rule Action
Management Guide TigerAccess™ EE 7.6.7 Admin Rule Action 7.6.7.1 Admin Policy Creation For the switch, you need to open Admin-Policy Configuration mode first. To open Policy Configuration mode, use the following command. Command Mode Description Creates an admin policy and opens Admin-Policy Con- policy admin NAME create Global figuration mode.
Page 197: Admin Policy Priority
Management Guide TigerAccess™ EE To remove flow or class from the policy, use the following command. Command Mode Description no include-flow Removes the admin flow from this policy. Admin- Policy no include-class Removes the admin class from this policy. 7.6.7.2 Admin Policy Priority If rules that are more than two match the same packet then the rule having a higher prior- ity will be processed first.
Page 198: Applying And Modifying Admin Policy
Management Guide TigerAccess™ EE 7.6.7.4 Applying and Modifying Admin Policy After configuring an admin policy using the above commands, apply it to the system with the following command. If you do not apply this policy to the system, all specified configu- rations from Admin-Policy Configuration mode will be lost.
Page 199: Scheduling Algorithm
Management Guide TigerAccess™ EE 7.6.9 Scheduling Algorithm For the switch, it is possible to use Strict Priority Queuing and Deficit Weighted Round Robin for a packet scheduling mode. The following sections explain how QoS can be configured: Scheduling Mode • •...
Page 200: Fig. 7.12 Deficit Weighted Round Robin
Management Guide TigerAccess™ EE Deficit Weighted Round Robin (DWRR) Deficit Weighted Round Robin (DWRR) combines the advantages of DRR and WRR scheduling algorithms. Processing the packets that have higher priority is the same way as strict priority queuing. DWRR provides differentiated service because it processes packets as much as weight.
Page 201: Scheduling Mode
Management Guide TigerAccess™ EE 7.6.9.1 Scheduling Mode To select a packet scheduling mode, use the following command. Command Mode Description Selects SP packet scheduling mode for ports or CPU. scheduling-mode sp: strict priority queuing {PORTS | cpu} [<0-7>] PORTS: port numbers 0-7: queue number Global Selects DWRR packet scheduling mode for ports or...
Page 202: Maximum Buffer Numbers
Management Guide TigerAccess™ EE To set a minimum bandwidth, use the following command. Command Mode Description Sets a minimum bandwidth for each port and queue. PORTS: port numbers qos min-bandwidth PORTS <0- Global 0-7: queue number 7> {BANDWIDTH | unlimited} BANDWIDTH: bandwidth in the unit of MB (default: 0) unlimited: unlimited bandwidth A minimum bandwidth can be set only in DWRR scheduling mode.
Page 203: Queue Status
Management Guide TigerAccess™ EE To configure the number of buffers per each port or queue, use the following command. Command Mode Description Sets the total number of buffers for a port. max-queue-length port PORTS: port number PORTS <16-4080> 16-4080: total buffer numbers in increments of 16 (de- fault: 256) Global Sets the number of buffers for each queue of a port.
Page 204: Weighted Random Early Detection (Wred)
Management Guide TigerAccess™ EE 7.6.9.7 Weighted Random Early Detection (WRED) The switch supports Weighted Random Early Detection (WRED) which can selectively discard lower priority traffic when the interface begins to get congested and provide dif- ferentiated performance characteristics for different classes of service. It minimizes the impact of dropping high priority traffic.
Page 205 Management Guide TigerAccess™ EE To create and configure a WRED profile, use the following command. Command Mode Description Creates and configures a WRED profile with default qos wred profile <0-3> default parameters. 0-3: WRED profile number Creates and configures a WRED profile with specific parameters’...
Page 206: Netbios Filtering
Management Guide TigerAccess™ EE NetBIOS Filtering NetBIOS (Network Basic Input/Output System) is a program that allows applications on different computers to communicate within a local area network (LAN). NetBIOS is used in Ethernet, included as part of NetBIOS Extended User Interface (NetBEUI). Resource and information in the same network can be shared with this protocol.
Page 207: Max New Hosts
Management Guide TigerAccess™ EE The following is an example of configuring NetBIOS filtering in port 1-2 and showing it. SWITCH(bridge)# netbios-filter 1-2 SWITCH(bridge)# show netbios-filter o:enable .:disable ---------------------------- 1234567890123456789012345678 ---------------------------- oo......---------------------------- SWITCH(bridge)# Max New Hosts For the switch, you have to lock the port like MAC filtering before configuring max hosts. In case of ISPs, it is possible to arrange a billing plan for each user by using this configu- ration.
Page 208: Port Security
Management Guide TigerAccess™ EE If MAC that already counted disappears before passing 1 second and starts learning again, it is not counted. In case the same MAC is detected on the other port also, it is not counted again. For example, if MAC that was learned on port 1 is detected on port 2, it is supposed that MAC moved to the port 2.
Page 209: Port Security Aging
Management Guide TigerAccess™ EE Step 4 Enter a secure MAC address for the port. Command Mode Description port security PORTS mac- Bridge Sets a secure MAC address for the port. address MAC-ADDR vlan NAME To disable the configuration of port secure, use the following command. Command Mode Description...
Page 210: Mac Table
Management Guide TigerAccess™ EE 7.9.3 Displaying Port Security To display the information of the port security, use the following command. Command Mode Description Enable show port security [PORTS] Global Shows the information of the port security. Bridge 7.10 MAC Table A dynamic MAC address is automatically registered in the MAC table, and it is removed if there is no access to/from the network element corresponding to the MAC address during the specified MAC aging time.
Page 211: Mac Filtering
Management Guide TigerAccess™ EE To remove the static MAC addresses manually registered by user from the MAC table, use the following command. Command Mode Description no mac Deletes static MAC addresses. no mac NAME Deletes static MAC addresses, enter the bridge name. Deletes static MAC addresses.
Page 212: Adding Policy Of Mac Filter
Management Guide TigerAccess™ EE By default, basic filtering policy provided by system is configured to permit all packets in each port. Sample Configuration This is an example of blocking all packets in port 1 and port 3. SWTICH(bridge)# mac-filter default-policy deny 1-3 SWTICH(bridge)# show mac-filter default-policy ------------------------- PORT POLICY | PORT POLICY...
Page 213: Deleting Mac Filter Policy
Management Guide TigerAccess™ EE Sample Configuration The latest policy is recorded as number 1. The following is an example of permitting MAC address 00:02:a5:74:9b:17 and 00:01:a7:70:01:d2 and showing table of filter policy. SWITCH(bridge)# mac-filter add 00:02:a5:74:9b:17 permit SWITCH(bridge)# mac-filter add 00:01:a7:70:01:d2 permit SWITCH(bridge)# show mac-filter ================================= ID |...
Page 214: Address Resolution Protocol (Arp)
Management Guide TigerAccess™ EE 7.12 Address Resolution Protocol (ARP) Devices connected to IP network have two addresses, LAN address and network address. LAN address is sometimes called as a data link address because it is used in Layer 2 level, but more commonly the address is known as a MAC address. A switch on Ethernet needs a 48-bit-MAC address to transmit packets.
Page 215: Displaying Arp Table
Management Guide TigerAccess™ EE To delete a registered IP address and MAC address or delete all the contents of ARP ta- ble, use the following command. Command Mode Description no arp [A.B.C.D] Negates a command or set sets its default Global Negates a command or set sets its default, enter the IP no arp A.B.C.D INTERFACE...
Page 216: Arp Inspection
Management Guide TigerAccess™ EE To set the aging time of gateway address in ARP alias, use the following command. Command Mode Description Changes the aging time of registered gateway address alias aging-time <5- in ARP alias. 2147483647> 5-2147483647: ARP alias gateway aging time (default: Global 300 sec) Deleted the configured aging time and returns to the...
Page 217 Management Guide TigerAccess™ EE To create/delete ARP access list (ACL), use the following command. Command Mode Description Opens ARP ACL configuration mode and creates an arp access-list NAME ARP access list. Global NAME: ARP access list name no arp access-list NAME Deletes an ARP access list.
Page 218 Management Guide TigerAccess™ EE To specify the range of IP address to forward ARP packets, use the following command. Command Mode Description Permits ARP packets of all IP addresses with all MAC addresses which have not learned before on ARP in- permit ip any mac {any | host spection table or a specific MAC address.
Page 219: Enabling Arp Inspection Filtering
Management Guide TigerAccess™ EE To display the configured APR access lists, use the following command. Command Mode Description show arp access-list [NAME] Global Displays existing ARP access list names. 7.12.3.2 Enabling ARP Inspection Filtering To enable/disable the ARP inspection filtering of a certain range of IP addresses from the ARP access list, use the following command.
Page 220: Arp Inspection On Trust Port
Management Guide TigerAccess™ EE 7.12.3.4 ARP Inspection on Trust Port The ARP inspection defines 2 trust states, trusted and untrusted. Incoming packets via trusted ports bypass the ARP inspection process, while those via untrusted ports go through the ARP inspection process. Normally, the ports connected to subscribers are configured as untrusted, while the ports connected to an upper network are configured as trusted.
Page 221: Displaying Arp Inspection
Management Guide TigerAccess™ EE To delete the configured options of log-buffer function, use the following command. Command Mode Description no ip arp inspection log-buffer Global Deletes the configured options of log-buffer function. {entries | logs} To display the configured log-buffer function and entries’ information, use the following command.
Page 222 Management Guide TigerAccess™ EE Gratuitous ARP is transmitted after some time from transmitting ARP reply. Command Mode Description Configures a gratuitous ARP. arp patrol TIME COUNT [TIME] TIME: transmit interval Global COUNT: transmit count no arp patrol Disables a gratuitous ARP. The following is an example of configuring the transmission interval as 10 sec and trans- mission times as 4 and showing it.
Page 223: Proxy-Arp
Management Guide TigerAccess™ EE 7.12.5 Proxy-ARP The switch supports Proxy Address Resolution Protocol. Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for another machine. By “faking” its identity, the router accepts responsibility for routing packets to the “real” desti- nation.
Page 224: Icmp Message Control
Management Guide TigerAccess™ EE To enable or disable Proxy-ARP on Interface configuration mode, use the following com- mand. Command Mode Description ip proxy-arp Enables proxy-ARP at specified interface Interface no ip proxy-arp Disables the configured proxy-ARP from the interface. 7.13 ICMP Message Control ICMP stands for Internet Control Message Protocol.
Page 225: Blocking Echo Reply Message
Management Guide TigerAccess™ EE 7.13.1 Blocking Echo Reply Message It is possible to configure block echo reply message to the partner who is doing ping test to switch. To block echo reply message, use the following command. Command Mode Description Blocks echo reply message to all partners who are ip icmp ignore echo all taking ping test to device.
Page 226: Tab. 7.2 Mask Calculation Of Default Value
Management Guide TigerAccess™ EE Tab. 7.2 shows the result of mask calculation of default value. Type Status ICMP_ECHOREPLY (0) ICMP_DEST_UNREACH (3) ICMP_SOURCE_QUENCH (4) ICMP_REDIRECT (5) ICMP_ECHO (8) ICMP_TIME_EXCEEDED (11) ICMP_PARAMETERPROB (12) ICMP_TIMESTAMP (13) ICMP_TIMESTAMPREPLY (14) ICMP_INFO_REQUEST (15) ICMP_INFO_REPLY (16) ICMP_ADDRESS (17) ICMP_ADDRESSREPLY (18) Tab.
Page 227: Tcp Flag Control
Management Guide TigerAccess™ EE 7.14 TCP Flag Control TCP (Transmission Control Protocol) header includes six kinds of flags that are URG, ACK, PSH, RST, SYN, and FIN. For the switch, you can configure RST and SYN as the below. 7.14.1 RST Configuration RST sends a message when TCP connection cannot be done to a person who tries to make it.
Page 228: Packet Dump By Protocol
Management Guide TigerAccess™ EE 7.15.1 Packet Dump by Protocol You can see packets about BOOTPS, DHCP, ARP and ICMP using the following com- mand. Command Mode Description debug packet {interface INTERFACE | port PORTS} protocol {bootps | dhcp | arp | icmp} Shows packet dump by protocol.
Page 229: Debug Packet Dump
Management Guide TigerAccess™ EE Option Description Save the captured packets in a file instead of output Display each packet as hex code -c NUMBER Close the debug after receive packets as many as the number Receive file as filter expression. All additional expressions on command line are ig- -F FILE nored.
Page 230: Sflow Monitoring
Management Guide TigerAccess™ EE 7.16 sFlow Monitoring sFlow is a kind of monitoring functions using sFlow packet sampling algorithm. It analyzes the traffic characteristics of network packet flow from end to end. It also monitors the router and switch by collecting MIB information of interface. Fig.
Page 231: Sflow Service
Management Guide TigerAccess™ EE The sFlow Agent maintains linked-lists of Samplers, Pollers, and Receivers. Internally, the agent extracts the interface data of the flow sample from sFlow device, creates new flow sampling data. You can get more specific information of flow samples including in- put/output interface of sampling ingress/egress packets, VLAN, priority, AS number and so on.
Page 232: Enabling Sflow On Port
Management Guide TigerAccess™ EE To specify IP address of sFlow agent, use the following command. Command Mode Description Specifies IP address of sFlow agent sflow agent-ip A.B.C.D Global A.B.C.D: agent IP address (default: 127.0.0.1) no sflow agent-ip Deletes specified IP address of sFlow agent. 7.16.3 Enabling sFlow on Port To enable or disable sFlow function on a port, use the following command.
Page 233: Configuring Receiver
Management Guide TigerAccess™ EE 7.16.7 Configuring Receiver 7.16.7.1 Receiver ID mode To open sFlow receiver mode and configure this receiver in detail, use the following command. Command Mode Description sflow-receiver <1-65535> Opens a specific sFlow receiver mode. Global no sflow-receiver <1-65535> Deletes specified sFlow receiver.
Page 234: Timeout
Management Guide TigerAccess™ EE To give an owner name of receiver, use the following command. Command Mode Description owner NAME Gives an owner name of specific receiver. Receiver no owner Deletes the owner name. 7.16.7.5 Timeout To set a timeout of receiver, use the following command. Command Mode Description...
Page 235: System Main Functions
Management Guide TigerAccess™ EE 8 System Main Functions Virtual Local Area Network (VLAN) The first step in setting up your bridging network is to define VLAN on your switch. VLAN is a bridged network that is logically segmented by customer or function. Each VLAN con- tains a group of ports called VLAN members.
Page 236: Port-Based Vlan
Management Guide TigerAccess™ EE 8.1.1 Port-based VLAN The simplest implicit mapping rule is known as port-based VLAN. A frame is assigned to a VLAN based solely on the switch port on which the frame arrives. In the example de- picted in Fig.
Page 237: Creating Vlan
Management Guide TigerAccess™ EE 8.1.1.1 Creating VLAN To configure VLAN on user’s network, use the following command. Command Mode Description Creates new VLAN by assigning VLAN ID: vlan create VLANS Bridge VLANS: VLAN ID (1-4094, multiple entries possible) The variable VLANS is a particular set of bridged interfaces. The frames are bridged only among interfaces in the same VLAN.
Page 238: Protocol-Based Vlan
Management Guide TigerAccess™ EE 8.1.2 Protocol-based VLAN User can use a VLAN mapping that associates a set of processes within stations to a VLAN rather than the stations themselves. Consider a network comprising devices sup- porting multiple protocol suites. Each device may have an IP protocol stack, an AppleTalk protocol stack, an IPX protocol stack and so on.
Page 239: Subnet-Based Vlan
Management Guide TigerAccess™ EE 8.1.4 Subnet-based VLAN An IP address contains two parts: a subnet identifier and a station identifier. The switch performs two operations to create IP subnet-based VLANs. Parse the protocol type to determine if the frame encapsulates an IP datagram. •...
Page 240: Vlan Description
Management Guide TigerAccess™ EE There are two methods for identifying the VLAN membership of a given frame: Parse the frame and apply the membership rules (implicit tagging). • Provide an explicit VLAN identifier within the frame itself. • VLAN Tag A VLAN tag is a predefined field in a frame that carries the VLAN identifier for that frame.
Page 241: Vlan Precedence
Management Guide TigerAccess™ EE To display a specified VLAN description, use the following command. Command Mode Description Enable show vlan description Global Shows a specified VLAN description. Bridge 8.1.7 VLAN Precedence To make precedence between MAC address and Subnet based VLAN, you can choose one of both with below command.
Page 242: Qinq
Management Guide TigerAccess™ EE 8.1.9 QinQ QinQ or Double Tagging is one way for tunneling between several networks. Customer A Customer A VLAN 200 VLAN 641 PVID 641 VLAN 200 Tunnel Port Tunnel Port Trunk Port Trunk Port Tunnel Port Tunnel Port VLAN 201 VLAN 201...
Page 243: Double Tagging Operation
Management Guide TigerAccess™ EE The different customer VLANs existing in the traffic to a tunnel port shall be preserved when the traffic is carried across the network Trunk Port By trunk port we mean a LAN port that is configured to operate as an inter-switch link/port, able of carrying double-tagged traffic.
Page 244: Tpid Configuration
Management Guide TigerAccess™ EE To disable double tagging, use the following command Command Mode Description vlan dot1q-tunnel disable Configures a qinq port. Bridge PORTS PORTS: qinq port to be disabled When you configure Double tagging on the switch, consider the below attention list. DT and HTLS cannot be configured at the same time.
Page 245: Shared Vlan
Management Guide TigerAccess™ EE Community: Community ports communicate among themselves and with their pro- • miscuous ports. These interfaces are separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN. The difference between Private VLAN and Private VLAN edge is that PVLAN edge guar- antees security for the ports in a VLAN using protected port and PVLAN guarantees port security by creating sub-VLAN with the three types (Promiscuous, Isolation, and Commu- nity).
Page 246: Fig. 8.6 Incoming Packets Under Layer 2 Shared Vlan Environment (1)
Management Guide TigerAccess™ EE Outer Network Untagged packets comes from the uplink ports. The packets should be forwarded to br3, but the system cannot know which PVID added to the packet. Uplink Port default Fig. 8.6 Incoming Packets under Layer 2 Shared VLAN Environment (1) To transmit the untagged packet from uplink port to subscriber, a new VLAN should be created including all subscriber ports and uplink ports.
Page 247: Vlan Translation
Management Guide TigerAccess™ EE To configure FID, use the following command. Command Mode Description vlan fid VLANS FID Bridge Configures FID. 8.1.11 VLAN Translation VLAN Translation is simply an action of Rule. This function is to translate the value of specific VLAN ID which classified by Rule.
Page 248 Management Guide TigerAccess™ EE SWITCH(bridge)# vlan pvid 2 2 SWITCH(bridge)# vlan pvid 3 3 SWITCH(bridge)# vlan pvid 4 4 SWITCH(bridge)# show vlan u: untagged port, t: tagged port ---------------------------------------------------------- Name( VID| FID) |123456789012345678901234567890123 ---------------------------------------------------------- default( 1) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2( 2) |.u....... br3( 3) |..u......
Page 249 Management Guide TigerAccess™ EE 0x800 packet among 0x900 packet among the packets entering the packets entering to to Port 2 Port 4 default br2 br3 br4 SWITCH(bridge)# vlan pvid 2 ethertype 0x800 5 SWITCH(bridge)# vlan pvid 4 ethertype 0x900 6 SWITCH(bridge)# show vlan protocol --------------------------------------------------------------- Ethertype | VID |123456789012345678901234567890123...
Page 250 Management Guide TigerAccess™ EE ---------------------------------------------------- Port |123456789012345678901234567890123 ---------------------------------------------------- dtag ..d......SWITCH(bridge)# < SWITCH 2 > SWITCH(bridge)# vlan dot1q-tunnel enable 11 SWITCH(bridge)# vlan pvid 11 11 SWITCH(bridge)# show vlan dot1q-tunnel Tag Protocol Id : 0x8100 (d: double-tagging port) ---------------------------------------------------- Port |123456789012345678901234567890123 ---------------------------------------------------- dtag ..d.......
Page 251 Management Guide TigerAccess™ EE SWITCH(bridge)# vlan create br5 SWITCH(bridge)# vlan add br5 1-42 untagged SWITCH(bridge)# vlan fid 1-5 5 SWITCH(bridge)# show vlan u: untagged port, t: tagged port ----------------------------------------------------------------- Name( VID| FID) |123456789012345678901234567890123 ----------------------------------------------------------------- default( 5) |uu..uuuuuuuuuuuuuuuuuuuuuuuuu br2( 5) |..uu....u..br3( 5) |..uu....u...
Page 252: Link Aggregation
Management Guide TigerAccess™ EE Link Aggregation Link aggregation complying with IEEE 802.3ad bundles several physical ports together to one logical port so that you can get enlarged bandwidth. Bandwidth with 1 port Enlarged bandwidth with many ports A logical port that can be made by aggregating a number of the ports.
Page 253: Disabling Port Trunk
Management Guide TigerAccess™ EE It is possible to input 0 to 4 as the trunk group ID and the switch supports 5 logical aggregated ports in LACP. The group ID of port trunk and the aggregator ID of LACP cannot have same ID. For the switch, a source destination MAC address is basically used to decide packet route.
Page 254: Configuring Lacp
Management Guide TigerAccess™ EE LACP can generate up to 5 aggregators whose number value could be 0 to 4. The group ID of trunk port and the aggregator number of LACP cannot be configured with the same value. The following explains how to configure LACP. Configuring LACP •...
Page 255: Operation Mode
Management Guide TigerAccess™ EE 8.2.2.2 Operation Mode After configuring the member port, configure the LACP operation mode of the member port. This defines the operation way for starting LACP operation. You can select the op- eration mode between the active and passive mode. The active mode allows the system to start LACP operation regardless of other con- nected devices.
Page 256: Bpdu Transmission Rate
Management Guide TigerAccess™ EE To configure member port to aggregate to LACP, use the following command. Command Mode Description lacp port aggregation PORTS Configures the property of a specified member port for Bridge {aggregatable | individual} LACP. (default: aggregatable) To clear aggregated to LACP of configured member port, use the following command. Command Mode Description...
Page 257: Port Priority
Management Guide TigerAccess™ EE 8.2.2.7 Port Priority To configure priority of an LACP member port, use the following command. Command Mode Description lacp port priority PORTS <1- Sets the LACP priority of a member port, select the Bridge 65535> port number. (default: 32768) To delete the configured port priority of the member port, use the following command.
Page 258: Spanning-Tree Protocol (Stp)
Management Guide TigerAccess™ EE Spanning-Tree Protocol (STP) The local area network (LAN), which is composed of double paths like token ring, has the advantage that it is possible to access in case of disconnection with one path. However there is another problem called a loop when you always use the double paths. The loop may occur when double paths are used for the link redundancy between switches and one sends unknown unicast or multicast packet that causes endless packet floating on the LAN like loop topology.
Page 259: Stp Operation
Management Guide TigerAccess™ EE PC-B VLAN 1 Switch A Switch B Switch D Blocking Path 1 Path 2 PC-A Switch C Fig. 8.10 Principle of Spanning Tree Protocol Meanwhile, the rapid spanning-tree protocol (RSTP) defined in IEEE 802.1w dramatically reduces the time of network convergence on the spanning-tree protocol (STP). It is easy and fast to configure new protocol.
Page 260: Fig. 8.11 Root Switch
Management Guide TigerAccess™ EE It is named as BPDU (Bridge Protocol Data Unit). Switches decide port state based on the exchanged BPDU and automatically decide an optimized path to communicate with the root switch. Root Switch The critical information to decide a root switch is the bridge ID. Bridge ID is composed of two bytes-priority and six bytes-MAC address.
Page 261: Fig. 8.12 Designated Switch
Management Guide TigerAccess™ EE Switch A Priority : 8 Root Switch Path-cost Path-cost Designated Switch Switch C Switch B Priority : 10 Priority : 9 Path-cost Path-cost Path 1 Path 2 Switch D (PATH 1 = 50 + 100 = 150, PATH 2 = 100 + 100 = 200, PATH 1 < PATH 2, ∴ PATH 1 selected Fig.
Page 262: Fig. 8.13 Port Priority
Management Guide TigerAccess™ EE - Path-cost 100 - Port priority 7 - Port 1 Root Path 1 Path 2 - Path-cost 100 - Port priority 8 - Port 2 ( path-cost of PATH 1 = path-cost of PATH 2 = 100 ∴ unable to compare PATH 1 port priority = 7, PATH 2 port priority = 8, PATH 1＜...
Page 263: Rstp Operation
Management Guide TigerAccess™ EE Learning • the port is preparing to forward data traffic. The port waits for a period of time to build its MAC address table before actually forwarding data traffic. This time is the forwarding delay. Forwarding •...
Page 264: Bpdu Policy
Management Guide TigerAccess™ EE The difference of between alternate port and backup port is that an alternate port can al- ternate the path of packet when there is a problem between Root switch and SWITCH C but Backup port cannot provide stable connection in that case. 8.3.2.2 BPDU Policy In 802.1d, only root switch can generate BPDU every hello time and other swithches can-...
Page 265: Fig. 8.17 Network Convergence Of 802.1D
Management Guide TigerAccess™ EE ROOT 1. New link created Switch A 2. Transmit BPDU at listening state Switch B Switch C 3. Block to prevent loop BPDU Flow Switch D Fig. 8.17 Network Convergence of 802.1d This is very epochal way of preventing a loop. The matter is that communication is dis- connected during two times of BPDU Forward-delay till a port connected to switch D and SWITCH C is blocked.
Page 266: Fig. 8.19 Network Convergence Of 802.1W (2)
Management Guide TigerAccess™ EE SWITCH Band C. In this state, BPDU form root is transmitted to SWITCH B and C through SWITCH A. To configure forwarding state of SWITCH A, SWITCH A negotiates with SWITCH B and SWITCH C. ROOT 3.
Page 267: Compatibility With 802.1D
Management Guide TigerAccess™ EE It is same with 802.1d to block the connection of SWITCH D and SWITCH C. However, 802.1w does not need any configured time to negotiate between switches to make for- warding state of specific port. So it is very fast progressed. During progress to forwarding state of port, listening and learning are not needed.
Page 268: Mstp
Management Guide TigerAccess™ EE Here explains how MSTP/PVSTP differently operates on the LAN. Suppose to configure 100 VLANs from SWITCH A to B and C. In case of STP, there is only one STP on all the VLANs and it does not provide multiple instances. While the existing STP is a protocol to prevent a loop in a LAN domain, MSTP establishes STP per VLAN in order to realize routing suitable to VLAN environment.
Page 269: Enabling Stp Function (Required)
Management Guide TigerAccess™ EE In CST, SWITCH A and B are operating with STP and SWITCH C, D and E are operating with MSTP. First, in CST, CIST is established to decide a CST root. After the CST root is decided, the closest switch to the CST root is decided as IST root of the region.
Page 270: Configuring Mstp/Pvstp Mode
Management Guide TigerAccess™ EE 8.3.5 Configuring MSTP/PVSTP Mode To select the spanning-tree mode, use the following command. Command Mode Description Configures a spanning-tree mode: spanning-tree mode { mst | Bridge mst: Multiple Spanning Tree Protocol (default) rapid-pvst } rapid-pvst: Per-vlan Rapid STP To delete the configured spanning-tree mode, use the following command.
Page 271: Edge Ports
Management Guide TigerAccess™ EE Transmit Rate (bps) Path-cost 20000000 2000000 100M 200000 20000 2000 Tab. 8.3 RSTP Path-cost (long) To decide the path-cost calculation method, use the following command. Command Mode Description spanning-tree pathcost method Selects the method for calculating a RSTP path-cost: long long: 32 bits of RSTP path-cost (IEEE 802.1D-2004).
Page 272: Bpdu Transmit Hold Count
Management Guide TigerAccess™ EE To configure all ports as edge ports globally, use the following command. Command Mode Description Configures all ports as edge ports: spanning-tree edgeport default PORTS: port number. Bridge no spanning-tree edgeport de- Deleted a configured edge ports for all ports. (default) fault To configure a specified port as edge port, use the following command.
Page 273: Link Type
Management Guide TigerAccess™ EE 8.3.6.5 Link Type A port that operates in full-duplex is assumed to be point-to-point link type, while a half- duplex is considered as a shared port. . To configure the link type of port, use the following command. Command Mode Description...
Page 274: Configuring Mstp
Management Guide TigerAccess™ EE 8.3.7 Configuring MSTP To configure MSTP, use the following steps. Step 1 Enable STP function using the spanning-tree command. Step 2 Select a MSTP mode using the spanning-tree mode mst command. Step 3 Configure detail options if specific commands are required. Step 4 Enable a MSTP daemon using the spanning-tree mst command.
Page 275: Port Priority
Management Guide TigerAccess™ EE 8.3.7.3 Port Priority When all conditions of two routes of switch are same, the last standard to decide a route is port-priority. You can configure port priority and select a route manually. To configure a port priority for MSTP instance, use the following command. Command Mode Description...
Page 276 Management Guide TigerAccess™ EE You can create the MSTP regions without limit on the network. But the instance id num- bers of each region should not be over 64. To delete the configuration ID setting, use the following command. Command Mode Description no name...
Page 277: Enabling Mstp Configuration
Management Guide TigerAccess™ EE 8.3.7.5 Enabling MSTP configuration To enable/disable a MSTP daemon by applying MSTP configurations to the system, use the following command. Command Mode Description spanning-tree mst Enables MSTP function on the system Bridge no spanning-tree mst Disables MSTP function on the system. 8.3.7.6 Displaying Configuration To display the configuration of MSTP, use the following command.
Page 278: Configuring Pvstp
Management Guide TigerAccess™ EE 8.3.8 Configuring PVSTP STP and RSPT are designed with one VLAN in the network. If a port becomes blocking state, the physical port itself is blocked. But PVSTP (Per VLAN Spanning Tree Protocol) and PVRSTP (Per VLAN Rapid Spanning Tree Protocol) maintains spanning tree in- stance for each VLAN in the network.
Page 279: Root Switch
Management Guide TigerAccess™ EE PVSTP is activated after selecting PVSTP mode using spanning-tree mode rapid-pvst command. In PVSTP, you can configure the current VLAN only. If you input VLAN that does not exist, error message is displayed. For the switches in LAN where dual path doesn’t exist, Loop does not generate even though STP function is not configured.
Page 280: Port Priority
Management Guide TigerAccess™ EE 8.3.8.4 Port Priority When all conditions of two routes of switch are same, the last standard to decide a route is port-priority. You can configure port priority and select a route manually. To configure a port priority for specified VLAN, use the following command. Command Mode Description...
Page 281: Root Guard
Management Guide TigerAccess™ EE 8.3.9 Root Guard The standard STP does not allow the administrator to enforce the position of the root bridge, as any bridge in the network with lower bridge ID will take the role of the root bridge.
Page 282: Restarting Protocol Migration
Management Guide TigerAccess™ EE 8.3.10 Restarting Protocol Migration MSTP protocol has a backward compatibility. MSTP is compatible with STP and RSTP. If some other bridge runs on STP mode and sends the BPDU version of STP or RSTP, MSTP automatically changes to STP mode. But STP mode cannot be changed to MSTP mode automatically.
Page 283: Bpdu Configuration
Management Guide TigerAccess™ EE To specify the time to recover from a specified error-disable cause, use the following command. Command Mode Description errdisable recovery interval Sets the interval of error-disable recovery: <30-86400> 30-86400: the recovery interval (default: 300 sec) Bridge no errdisable recovery inter- Deleted the con figured time for error-disable recovery and returns to the default setting.
Page 284: Hello Time
Management Guide TigerAccess™ EE 8.3.12.1 Hello Time Hello time decides an interval time when a switch transmits BPDU. To configure hello time, use the following command. Command Mode Description Configures hello time to transmit the message in spanning-tree mst hello-time <1- MSTP.
Page 285: Max Age
Management Guide TigerAccess™ EE 8.3.12.3 Max Age Maximum aging time is the number of seconds a switch waits without receiving spanning- tree configuration messages before attempting a reconfiguration. To configure the maximum aging time for deleting useless messages, use the following command.
Page 286: Bpdu Filtering
Management Guide TigerAccess™ EE 8.3.12.5 BPDU Filtering BPDU filtering allows you to avoid transmitting on the ports that are connected to an end system. If the BPDU Filter feature is enabled on the port, then incoming BPDUs will be fil- tered and BPDUs will not be sent out of the port.
Page 287 Management Guide TigerAccess™ EE Step 2 Enable BPDU guard function on edge port or specific port, use the following command. Command Mode Description spanning-tree edgeport Enables BPDU Guard function on edge ports bpduguard default Bridge spanning-tree port PORTS Enables BPDU Guard function on specified port bpduguard enable To disable BPDU guard function on edge port or specific port, use the following command.
Page 288: Sample Configuration
Management Guide TigerAccess™ EE 8.3.13 Sample Configuration Backup Route When you design layer 2 network, you must consider backup route for stable STP net- work. This is to prevent network corruption when just one additional path exits. Switch B Switch C Broken Switch A Aggregation...
Page 289: Fig. 8.28 Example Of Layer 2 Network Design In Mstp Environment
Management Guide TigerAccess™ EE MSTP Configuration MST Region 2 Instance 1 VLAN 170 MST Region 1 Instance 2 VLAN 180~190 Instance 1 VLAN 111~120 Instance 3 VLAN 191~195 Instance 2 VLAN 121~130 Region Name : test Instance 3 VLAN 131~140 Revision :2 Region Name : test Revision :1...
Page 290: Ethernet Ring Protection (Erp)
Management Guide TigerAccess™ EE Ethernet Ring Protection (ERP) The ERP is a protection protocol for Ethernet ring topology to prevent Loop from a link failure or recovery. It is designed to minimize the time for removing Loop within 50 milli- seconds while there is an enormous amount of traffic flow in Metro Ethernet network.
Page 291 Management Guide TigerAccess™ EE ERP Messages There are five types of ERP messages of concern to the RM node-Normal node interac- tion in ERP ring as shown below: Normal Node messages • The following messages are sent by the normal nodes to inform RM node of their link changes.
Page 292: Fig. 8.29 Erp Operation In Case Of Linnk Failure
Management Guide TigerAccess™ EE Fig. 8.29 shows an example of ERP operation when a link failure occurs. 3. Nodes detecting Link Failure send Link Down message Node B Node A 2. Link Failure Unused Link for Traffic Secondary Primary Node C RM Node 1.
Page 293: Fig. 8.31 Link Failure Recovery
Management Guide TigerAccess™ EE If Node A and Node B detect the link failure being recovered, they send Link Up message to RM node. But these nodes keep the blocking status of the link recovered ports. Fig. 8.31 shows an example of a Link Failure Recovery operation. 2.
Page 294: Loss Of Test Packet (Lotp)
Management Guide TigerAccess™ EE 8.4.2 Loss of Test Packet (LOTP) ERP recognizes the Link Failure using Loss of Test Packet (LOTP) mechanism. RM Node periodically sends periodic “RM Test Packet” message. The state of LOTP means that “RM Test Packet” message does not return three consecutive times to RM node through Ethernet Ring.
Page 295: Configuring Erp Domain
Management Guide TigerAccess™ EE 8.4.4 Configuring ERP Domain To realize ERP, you should fist create domain for ERP. To create the domain, use the fol- lowing command. Command Mode Description Creates ERP domain and opens ERP domain configu- erp domain DOMAIN-ID ration mode.
Page 296: Control Vlan
Management Guide TigerAccess™ EE 8.4.4.4 Control VLAN RM Node periodically sends “RM Test Packet” message to detect the loop. RM Test packet message can be transmiited by control VLAN only. Each ERP domain should have one control VLAN. To configure a control VLAN of an ERP domain, use the following command. Command Mode Description...
Page 297: Selecting The Node
Management Guide TigerAccess™ EE 8.4.5 Selecting the Node To configure an ERP domain as RM Node, use the following command. Command Mode Description erp domain DOMAIN-ID mode rm Bridge Configures ERP node mode as RM node. To configure an ERP domain as normal node, use the following command. Command Mode Description...
Page 298: Wait-To-Restore Time
Management Guide TigerAccess™ EE To delete the configuration of primay/secondary port’s role change, use the following command. Command Mode Description no erp domain DOMAIN-ID man- Deletes the configured primary and secondary port Bridge ual-switch state 8.4.8 Wait-to-Restore Time If a port’s link failure is recovered on the normal node, the blocked port should be changed to the forwarding status.
Page 299: Test Packet Interval
Management Guide TigerAccess™ EE To return the configured learning disable time as default, use the following command. Command Mode Description no erp domain DOMAIN-ID learn- Bridge Configures ERP learning disable time as default value. ing-disable-time 8.4.10 Test Packet Interval RM Node periodically sends “RM Test Packet” message to detect the loop. To configure an interval to send Test Packet message of RM node, use the following command.
Page 300: Erp Trap
Management Guide TigerAccess™ EE 8.4.12 ERP Trap To enable the system to generate ERP trap message, use the following command. Command Mode Description erp domain DOMAIN-ID trap { lotp | ulotp | mul- Enables the system to send ERP Trap Bridge tiple-rm | rmnode-reachability } message in case of the event.
Page 301: Loop Detection
Management Guide TigerAccess™ EE Loop Detection The loop may occur when double paths are used for the link redundancy between switches and one sends unknown unicast or multicast packet that causes endless packet floating on the LAN like loop topology. That superfluous traffic eventually can result in network fault.
Page 302 Management Guide TigerAccess™ EE You can also configure the source MAC address of the loop-detecting packet. Normally the system’s MAC address will be the source MAC address of the loop-detecting packet, but if needed, Locally Administered Address (LAA) can be the address as well. If the switch is configured to use LAA as the source MAC address of the loop-detecting packet, the second bit of first byte of the packet will be set to 1.
Page 303: Dynamic Host Configuration Protocol (Dhcp)
Management Guide TigerAccess™ EE Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard for simplifying the administrative management of IP address configuration by automating address configura- tion for network clients. The DHCP standard provides for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other relevant configuration de- tails to DHCP-enabled clients on the network.
Page 304: Dhcp Server
Management Guide TigerAccess™ EE The switch flexibly provides the functions as the DHCP server or DHCP relay agent ac- cording to your DHCP configuration. This chapter contains the following sections: DHCP Server • DHCP Address Allocation with Option 82 • DHCP Lease Database •...
Page 305: Dhcp Pool Creation
Management Guide TigerAccess™ EE 8.6.1.1 DHCP Pool Creation The DHCP pool is a group of IP addresses that will be assigned to DHCP clients by DHCP server. You can create various DHCP pools that can be configured with a different network, default gateway and range of IP addresses.
Page 306: Default Gateway
Management Guide TigerAccess™ EE The following is an example for specifying the range of IP addresses. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# default-router 100.1.1.254 SWITCH(config-dhcp[sample])# range 100.1.1.1 100.1.1.100 SWITCH(config-dhcp[sample])# You can also specify several inconsecutive ranges of IP addresses in a single DHCP pool, e.g.
Page 307: Dns Server
Management Guide TigerAccess™ EE The following is an example of setting default and maximum IP lease time. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# default-router 100.1.1.254 SWITCH(config-dhcp[sample])# range 100.1.1.1 100.1.1.100 SWITCH(config-dhcp[sample])# lease-time default 5000 SWITCH(config-dhcp[sample])# lease-time max 10000 SWITCH(config-dhcp[sample])# 8.6.1.6 DNS Server...
Page 308: Domain Name
Management Guide TigerAccess™ EE 8.6.1.8 Domain Name To set a domain name, use the following command. Command Mode Description domain-name DOMAIN Sets a domain name. DHCP Pool no domain-name Deletes a specified domain name. 8.6.1.9 DHCP Server Option The switch operating DHCP server can include DHCP option information in the DHCP communication.
Page 309: Recognition Of Dhcp Client
Management Guide TigerAccess™ EE For more information of the file naming of a DHCP lease database, see Section 8.6.3.1. 8.6.1.11 Recognition of DHCP Client Normally, a DHCP server recognizes DHCP clients with a client ID. However, some DHCP clients may not have their own client ID. In this case, you can select the recogni- tion method as a hardware address instead of a client ID.
Page 310: Authorized Arp
Management Guide TigerAccess™ EE 8.6.1.13 Authorized ARP The authorized ARP is to limit the lease of IP addresses to authorized users. This feature enables a DHCP server to add ARP entries only for the IP addresses currently in lease referring to a DHCP lease table, discarding ARP responses from unauthorized users (e.g. an illegal use of a static IP address).
Page 311: Ignoring Bootp Request
Management Guide TigerAccess™ EE To prohibit assigning plural IP addresses to a DHCP client, use the following command. Command Mode Description ip dhcp check client-hardware- Prohibits assigning plural IP addresses. address Global dhcp check client- Permits assigning plural IP addresses. hardware-address 8.6.1.15 Ignoring BOOTP Request...
Page 312: Setting Dhcp Pool Size
Management Guide TigerAccess™ EE 8.6.1.17 Setting DHCP Pool Size To limit a size of DHCP pool, use the following command. Command Mode Description ip dhcp max-pool-size <1-8> Global Configures a maximum size of DHCP pool. 8.6.1.18 Displaying DHCP Pool Configuration To display a DHCP pool configuration, use the following command.
Page 313: Dhcp Class Capability
Management Guide TigerAccess™ EE 8.6.2.1 DHCP Class Capability To enable the DHCP server to use a DHCP class to assign IP addresses, use the follow- ing command. Command Mode Description Enables the DHCP server to use a DHCP class to ip dhcp use class assign IP addresses.
Page 314: Associating Dhcp Class
Management Guide TigerAccess™ EE To delete specified option 82 information for IP assignment, use the following command. Command Mode Description Deletes all specified option 82 informa- no relay-information remote-id all tion that contains only a remote ID. DHCP Class Deletes all specified option 82 informa- no relay-information all tion.
Page 315: Displaying Dhcp Lease Status
Management Guide TigerAccess™ EE To specify a DHCP database agent and enable an automatic DHCP lease database back- up, use the following command. Command Mode Description Specifies a DHCP database agent and back-up inter- ip dhcp database A.B.C.D IN- val. TERVAL A.B.C.D: DHCP database agent address Global...
Page 316: Dhcp Relay Agent
Management Guide TigerAccess™ EE 8.6.4 DHCP Relay Agent A DHCP relay agent is any host that forwards DHCP packets between clients and servers. The DHCP relay agents are used to forward DHCP requests and replies between clients and servers when they are not on the same physical subnet. The DHCP relay agent for- warding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently.
Page 317: Smart Relay Agent Forwarding
Management Guide TigerAccess™ EE To specify a DHCP helper address, use the following command. Command Mode Description Specifies a DHCP helper address. More than one ad- ip dhcp helper-address A.B.C.D dress is possible. A.B.C.D: DHCP server address Interface no ip dhcp helper-address Deletes a specified packet forwarding address.
Page 318: Dhcp Relay Statistics
Management Guide TigerAccess™ EE message. The relay agent, however, will forward only one DHCP_OFFER message of the responses from the servers to the DHCP client. The DHCP client will try to respond to the server which sent the DHCP_OFFER with DHCP_REQUEST message, but the relay agent broadcasts it to all the DHCP servers again.
Page 319: Dhcp Option
Management Guide TigerAccess™ EE 8.6.5 DHCP Option This function enables administrators to define DHCP options that are carried in the DHCP communication between DHCP server and client or relay agent. The following indicates the format of the DHCP options field. DHCP Option Format Code Length...
Page 320: Configuring Dhcp Option Format
Management Guide TigerAccess™ EE 8.6.5.2 Configuring DHCP Option Format To configure a DHCP option format, use the following command. Command Mode Description attr <1-32> type <0-255> length Sets the type, length, and value of an attribute for a {<1-64> | variable } value { hex | DHCP option.
Page 321: Dhcp Option 82
Management Guide TigerAccess™ EE 8.6.6 DHCP Option 82 In some networks, it is necessary to use additional information to further determine which IP addresses to allocate. By using the DHCP option 82, a DHCP relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server.
Page 322: Enabling Dhcp Option 82
Management Guide TigerAccess™ EE Fig. 8.36 shows how the DHCP relay agent with the DHCP option 82 operates. DHCP Server 2. DHCP Request + Option82 3. DHCP Respond + Option82 DHCP Relay Agent (Option-82) 1. DHCP Request 4. DHCP Respond DHCP Client Fig.
Page 323: Option 82 Reforwarding Policy
Management Guide TigerAccess™ EE To specify a remote ID, use the following command. Command Mode Description system-remote-id hex HEXSTRING system-remote-id ip A.B.C.D Specifies a remote ID. Option 82 (default: system MAC address) system-remote-id text STRING system-remote-id option format NAME To specify a circuit ID, use the following command. Command Mode Description...
Page 324: Option 82 Trust Policy
Management Guide TigerAccess™ EE 8.6.6.4 Option 82 Trust Policy Default Trust Policy To specify the default trust policy for DHCP packets, use the following command. Command Mode Description trust default { deny | permit } Option 82 Specifies the default trust policy for a DHCP packet. If you specify the default trust policy as deny, the DHCP packet that carries the informa- tion you specifies below will be permitted, and vice versa.
Page 325: Enabling Dhcp Snooping
Management Guide TigerAccess™ EE The DHCP snooping basically permits all the trusted messages received from within the network and filters untrusted messages. In case of untrusted messages, all the binding entries are recorded in a DHCP snooping binding table. This table contains a hardware address, IP address, lease time, VLAN ID, interface, etc.
Page 326: Dhcp Rate Limit
Management Guide TigerAccess™ EE To discard broadcast request packets of Egress traffic on specified trusted port, use the following command. Command Mode Description ip dhcp snooping trust PORTS Blocks broadcast request packets of Egress traffic on filter egress bcast-req specified trusted port. Global no ip dhcp snooping trust Unblocks broadcast request packets of Egress traffic...
Page 327: Source Mac Address Verification
Management Guide TigerAccess™ EE 8.6.7.5 Source MAC Address Verification The switch can verify that the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet. To enable the source MAC address verification, use the following command. Command Mode Description...
Page 328: Dhcp Snooping Filtering
Management Guide TigerAccess™ EE To specify a DHCP database agent and enable an automatic DHCP snooping database back-up, use the following command. Command Mode Description Specifies a DHCP snooping database agent and back- dhcp snooping database up interval. A.B.C.D INTERVAL A.B.C.D: DHCP snooping database agent address Global INTERVAL: 120-2147483637 (unit: second)
Page 329: Authorized Arp
Management Guide TigerAccess™ EE To configure the automatic change from permit mode to filter mode right after the time ex- ceeds configured time value, use the following command. Command Mode Description Configures an automatic change from bypass mode to ip dhcp snooping filter-delay Global filter mode after filter-delay time.
Page 330: Dhcp Snooping With Option82
Management Guide TigerAccess™ EE 8.6.7.10 DHCP Snooping with Option82 In case of L2 environment, when forwarding DHCP messages to a DHCP server, a DHCP switch can insert or remove DHCP option82 data on the DHCP messages from the clients. In case of a switch is enabled with DHCP snooping, it floods DHCP packets with DHCP option82 field when the DHCP option82 is enabled.
Page 331: Dhcp User Class Id
Management Guide TigerAccess™ EE In case there is not a DHCP snooping option for a specific port, DHCP snooping switch finds the snooping default option. If it exists, DHCP snooping switch sends a DHCP server DHCP messages (Discover/Request) by replacing their options with the snooping default option.
Page 332: Displaying Dhcp Snooping Configuration
Management Guide TigerAccess™ EE To configure the policy of DHCP option 77 on a specified port, use the following command. Command Mode Description Configures the policy of DHCP option 77 field for the DHCP Request packet (default: replace) ip dhcp snooping user-class-id replace: forwards DHCP packets with user class ID Global port { replace | keep }...
Page 333: Enabling Ip Source Guard
Management Guide TigerAccess™ EE Source IP and MAC Address Filter • IP traffic is filtered based on its source IP address as well as its MAC address; only IP traffic with source IP and MAC addresses matching the IP source binding entry are permitted.
Page 334: Displaying Ip Source Guard Configuration
Management Guide TigerAccess™ EE To specify a static IP source binding entry, use the following command. Command Mode Description Specifies a static IP source binding entry. ip dhcp verify source binding 1-4094: VLAN ID <1-4094> PORT A.B.C.D MAC- A.B.C.D: IP address ADDR Global MAC-ADDR: MAC address...
Page 335: Dhcp Client
Management Guide TigerAccess™ EE 8.6.9 DHCP Client An interface of the switch can be configured as a DHCP client, which can obtain an IP address from a DHCP server. The configurable DHCP client functionality allows a DHCP client to use a user-specified client ID, class ID or suggested lease time when requesting an IP address from a DHCP server.
Page 336: Ip Lease Time
Management Guide TigerAccess™ EE 8.6.9.5 IP Lease Time To specify IP lease time that is requested to a DHCP server, use the following command. Command Mode Description Specifies IP lease time in the unit of ip dhcp client lease-time <120-2147483637> second (default: 3600).
Page 337: Dhcp Filtering
Management Guide TigerAccess™ EE 8.6.10 DHCP Filtering 8.6.10.1 DHCP Packet Filtering For the switch, it is possible to block the specific client with MAC address. If the MAC ad- dress blocked by administrator requests an IP address, the server does not assign IP ad- dress.
Page 338: Debugging Dhcp
Management Guide TigerAccess™ EE DHCP Server A 192.168.10.1~192.1 68.10.10 IP assigned Client 3 The equipment that can Request from be a DHCP server Client 1,2 is transmitted to Client 3 IP assigned by Client 3 not by 10.1.1.1 ~ DHCP sever A 10.1.1.10 IP assigned To prevent IP assignment...
Page 339: Single Ip Management
Management Guide TigerAccess™ EE Single IP Management It is possible to manage several switches with one IP address by using stacking. If there is a limitation for using IP addresses and there are too many switches, which you must manage, you can manage a number of switches with one IP address using this stacking function.
Page 340: Designating Master And Slave Switch
Management Guide TigerAccess™ EE For managing the stacking function, the port connecting Master switch and Slave switch must be in the same VLAN. 8.7.2 Designating Master and Slave Switch Designate Master switch using the following command. Command Mode Description stack master Global Sets the switch as a master switch.
Page 341: Accessing To Slave Switch From Master Switch
Management Guide TigerAccess™ EE 8.7.5 Accessing to Slave Switch from Master Switch After configuring all stacking configurations, it is possible to configure and mange by ac- cessing to Slave switch from Master switch. To access to Slave switch from Master switch, use the following command in Bridge Con- figuration mode.
Page 342 Management Guide TigerAccess™ EE Step 2 Configure Switch A as Master switch. Configure VLAN to belong in the same switch group and after registering Slave switch, configure it as a Master switch. <Switch A – Master Switch> SWITCH_A(config)# stack master SWITCH_A(config)# stack device default SWITCH_A(config)# stack add 00:d0:cb:22:00:11 Step 3...
Page 343: Rate Limit
Management Guide TigerAccess™ EE To disconnect, input as the below. SWITCH# exit Connection closed by foreign host. SWITCH(bridge)# Rate Limit User can customize port bandwidth according to user’s environment. By this configuration, you can prevent a certain port to monopolize whole bandwidth so that all ports can use bandwidth equally.
Page 344: Flood Guard
Management Guide TigerAccess™ EE Flood Guard Flood-guard limits number of packets, how many packets can be transmitted, in config- ured bandwidth, whereas Rate limit controls packets through configuring width of band- width, which packets pass through. This function prevents receiving packets more than configured amount without enlarging bandwidth.
Page 345: Cpu Flood-Guard
Management Guide TigerAccess™ EE 8.9.2 CPU Flood-Guard To specify the number of broadcast packets which are transmitted in CPU, use the follow- ing command. Command Mode Description cpu-flood-guard PORTS Limits the number of broadcast packets which are <1-6000> transmitted to CPU for 1 second. Bridge no cpu-flood-guard [ PORTS ] Disables a configured cpu flood guard.
Page 346: Port Flood-Guard
Management Guide TigerAccess™ EE 8.9.3 Port Flood-Guard A packet storm occurs unexpectedly when a large number of broadcast, unicast, or multi- cast packets are received on a port. Forwarding these packets can cause the network to slow down or to time out. This switch provides pps-control function that controls traffic for a specified port by threshold value.
Page 347: Storm Control
Management Guide TigerAccess™ EE 8.10 Storm Control The switch provides a storm control feature for mass broadcast, multicast, and destina- tion lookup failure (DLF). Generally, wrong network configuration, hardware malfunction, virus and so on cause these kinds of mass packets. Packet storm occupies most of the bandwidth of the network, and that causes the network very unstable.
Page 348: Bandwidth
Management Guide TigerAccess™ EE The following is an example of enabling the jumbo frame capacity. SWITCH(bridge)#jumbo-frame enable SWITCH(bridge)# show jumbo-frame Name : Current/Default port01 : 9188/ 1518 port02 : 9188/ 1518 port03 : 9188/ 1518 port04 : 9188/ 1518 port05 : 9188/ 1518 port06 :...
Page 349: Ip Multicast
Management Guide TigerAccess™ EE 9 IP Multicast IP communication provides three types of packet transmission: unicast, broadcast and multicast. Unicast is the communication for a single source host to a single destination host. This is still the most common transmission form in the IP network. Broadcast is the communication for a single source host to all destination hosts on a network segment.
Page 350: Multicast Group Membership
Management Guide TigerAccess™ EE Multicast Group Membership The most important implementation of the multicast is the group membership manage- ment. The multicast group membership allows a router to know which host is interested in receiving the traffic from a certain multicast group and to forward the multicast traffic cor- responding to the group to that host.
Page 351: Clearing Igmp Entry
Management Guide TigerAccess™ EE 9.1.1.1 Clearing IGMP Entry To clear IGMP entries, use the following command. Command Mode Description clear ip igmp Deletes all IGMP entries. Deletes the IGMP entries learned from a specified clear ip igmp interface INTER- interface. FACE Enable INTERFACE: interface name...
Page 352: Igmp Version 2
Management Guide TigerAccess™ EE 9.1.2 IGMP Version 2 In IGMP version 2, the new extensions such as the leave process, election of an IGMP querier, and membership report suppression are added. New IGMP messages, the leave group and group-specific query can be used by hosts to explicitly leave groups, resulting in great reduction of the leave latency.
Page 353: Igmp Static Join
Management Guide TigerAccess™ EE 9.1.2.1 IGMP Static Join When there are no more group members on a network segment or a host cannot report its group membership using IGMP, multicast traffic is no longer transmitted to the network segment. However, you may want to pull down multicast traffic to a network segment to reduce the time from when an IGMP join request is made to when the requested stream begins arriving at a host, which is called the zapping time.
Page 354: Igmp Version 3
Management Guide TigerAccess™ EE To display the IGMP static join group list, use the following command. Command Mode Description show ip igmp static-group Shows the IGMP static join group list. Enable 1-99: IP standard access list show ip igmp static-group list Global 1300-1999: IP standard access list (expanded) {<1-99>...
Page 355: Multicast Functions
Management Guide TigerAccess™ EE – Current-state: This indicates the current filter mode including/excluding the speci- fied multicast address. – Filter-mode-change: This indicates a change from the current filter mode to the other mode. – Source-list-change: This indicates a change allowing/blocking a list of the multi- cast sources specified in the record.
Page 356: Blocking Unknown Multicast Traffic
Management Guide TigerAccess™ EE 9.2.1.1 Blocking Unknown Multicast Traffic When certain multicast traffic comes to a port and the McFDB has no forwarding informa- tion for the traffic, the multicast traffic is flooded to all ports by default. You can configure the switch not to flood unknown multicast traffic.
Page 357: Igmp Snooping Basic
Management Guide TigerAccess™ EE To clear multicast forwarding entries, use the following command. Command Mode Description Clears multicast forwarding entries. clear ip mcfdb [* | vlan VLAN ] *: all forwarding entries VLAN: VLAN ID (1-4094) Enable Global Clears a specified forwarding entry. clear ip mcfdb vlan VLAN group group: multicast group A.B.C.D source A.B.C.D...
Page 358: Enabling Igmp Snooping
Management Guide TigerAccess™ EE 9.2.2.1 Enabling IGMP Snooping The switch supports forwarding tables for IGMP snooping on a VLAN basis. You can en- able IGMP snooping globally or on each VLAN respectively. By default, IGMP snooping is globally disabled. To enable IGMP snooping, use the following command. Command Mode Description...
Page 359: Igmp Snooping Robustness Value
Management Guide TigerAccess™ EE 9.2.2.3 IGMP Snooping Robustness Value The robustness variable allows tuning for the expected packet loss on a network. If a network is expected to be lossy, the robustness variable may be increased. When receiv- ing the query message that contains a certain robustness variable from an IGMP snoop- ing querier, a host returns the report message as many as the specified robustness vari- able.
Page 360 Management Guide TigerAccess™ EE To disable the IGMP snooping querier, use the following command. Command Mode Description no ip igmp snooping querier [ address ] Disables the IGMP snooping querier. Global address: source address of IGMP snooping query igmp snooping vlan VLANS querier [ address ] If you do not specify a source address of an IGMP snooping query, the IP address config-...
Page 361: Igmp Snooping Last Member Query Interval
Management Guide TigerAccess™ EE To specify a maximum query response time advertised in general query messages, use the following command. Command Mode Description ip igmp snooping querier max- Specifies a maximum query response time. response-time <1-25> 1-25: maximum response time (default: 10 seconds) Global ip igmp snooping vlan VLANS Specifies a maximum query response time.
Page 362: Igmp Snooping Immediate Leave
Management Guide TigerAccess™ EE To delete a specified an interval to send group-specific or group-source-specific query messages, use the following command. Command Mode Description igmp snooping last- member-query-interval Global Deletes a specified last member query interval. igmp snooping vlan VLANS last-member-query- interval 9.2.3.3...
Page 363: Igmp Snooping Report Suppression
Management Guide TigerAccess™ EE 9.2.3.4 IGMP Snooping Report Suppression If an IGMP querier sends general query messages, and hosts are still interested in the multicast traffic, the hosts should return membership report messages. For a multicast router, however, it is sufficient to know that there is at least one interested member for a group on the network segment.
Page 364: Explicit Host Tracking
Management Guide TigerAccess™ EE To disable IGMP snooping S-Query Report Agency, use the following command. Command Mode Description no ip igmp snooping s-query- Global Disables IGMP snooping s-query-report agency. report-agency 9.2.3.6 Explicit Host Tracking Explicit host tracking is one of the important IGMP snooping features. It has the ability to build the explicit tracking database by collecting the host information via the membership reports sent by hosts.
Page 365: Multicast Router Port Configuration
Management Guide TigerAccess™ EE To display the explicit tracking information, use the following command. Command Mode Description show ip igmp snooping explicit- Shows the explicit host tracking information globally. tracking show ip igmp snooping explicit- Shows the explicit host tracking information per VLAN. Enable tracking vlan VLANS VLANS: VLAN ID (1-4094)
Page 366 Management Guide TigerAccess™ EE Multicast Router Port Learning Multicast router ports are added to the forwarding table for every Layer 2 multicast entry. The switch dynamically learns those ports through snooping on PIM hello packets. To enable the switch to learn multicast router ports through PIM hello packets, use the fol- lowing command.
Page 367: Tcn Multicast Flooding
Management Guide TigerAccess™ EE 9.2.3.8 TCN Multicast Flooding When a network topology change occurs, the protocols for a link layer topology – such as spanning tree protocol (STP), Ethernet ring protection (ERP), etc – notify switches in the topology using a topology change notification (TCN). When TCN is received, the switch where an IGMP snooping is running will flood multicast traffic to all ports in a VLAN, since a network topology change in a VLAN may invalidate previously learned IGMP snooping information.
Page 368: Igmpv3 Snooping
Management Guide TigerAccess™ EE To specify a query interval to stop multicast flooding, use the following command. Command Mode Description Specifies a query interval to stop multicast flooding in ip igmp snooping tcn flood the unit of second. An actual stop-flooding interval is query interval <1-1800>...
Page 369: Displaying Igmp Snooping Information
Management Guide TigerAccess™ EE To disable IGMPv3 immediate block, use the following command. Command Mode Description no ip igmp snooping immediate- Disables immediate block globally. block Global igmp snooping vlan Disables immediate block on a VLAN. VLANS immediate-block VLANS: VLAN ID (1-4094) IGMPv3 immediate block is enabled by default.
Page 370: Multicast Vlan Registration (Mvr)
Management Guide TigerAccess™ EE 9.2.6 Multicast VLAN Registration (MVR) Multicast VLAN registration (MVR) is designed for applications using multicast traffic across an Ethernet network. MVR allows a multicast VLAN to be shared among subscrib- ers remaining in separate VLANs on the network. It guarantees the Layer 2 multicast flooding instead of the forwarding via Layer 3 multicast, allowing to flood multicast streams in the multicast VLAN, but to isolate the streams from the subscriber VLANs for bandwidth and security reasons.
Page 371: Source/Receiver Port
Management Guide TigerAccess™ EE 9.2.6.3 Source/Receiver Port You need to specify the source and receiver ports for MVR. The followings are the defini- tions for the ports. Source Port • This is connected to multicast routers or sources as an uplink port, which receives and sends the multicast traffic.
Page 372: Igmp Filtering And Throttling
Management Guide TigerAccess™ EE 9.2.7 IGMP Filtering and Throttling IGMP filtering and throttling control the distribution of multicast services on each port. IGMP filtering controls which multicast groups a host on a port can join by associating an IGMP profile that contains one or more IGMP groups and specifies whether an access to the group is permitted or denied with a port.
Page 373 Management Guide TigerAccess™ EE Enabling IGMP Filtering To enable IGMP filtering for a port, a configured IGMP profile needs to be applied to the port. To apply an IGMP profile to ports to enable IGMP filtering, use the following command. Command Mode Description...
Page 374: Igmp Throttling
Management Guide TigerAccess™ EE 9.2.7.2 IGMP Throttling You can configure the maximum number of multicast groups that a host on a port can join. To specify the maximum number of IGMP groups per port, use the following command. Command Mode Description Specifies the maximum number of IGMP groups that hosts on specific port can join.
Page 375 Management Guide TigerAccess™ EE tween general traffic receivers and multicast traffic receivers, and is a more efficient use of system resources because it sends the multicast traffic to specic hosts which want to receive the traffic. To configure a specified port as a multicast-source trust port, use the following command. Command Mode Description...
Page 376: 10 System Software Upgrade
Management Guide TigerAccess™ EE 10 System Software Upgrade 10.1 General Upgrade For the system enhancement and stability, new system software may be released. Using this software, the switch can be upgraded without any hardware change. You can simply upgrade your system software with the provided upgrade functionality via the CLI. The switch supports the dual system software functionality, which you can select applica- ble system software stored in the system according to various reasons such as the sys- tem compatibility or stability.
Page 377: Boot Mode Upgrade
Step 1 To open the boot mode, press <S> key when the boot logo is shown up. ************************************************************ Boot Loader Version 5.43 SMC networks Inc. ************************************************************ Press 's' key to go to Boot Mode: 0 Boot> Step 2 To enable the MGMT interface to communicate with TFTP server, you need to configure a proper IP address, subnet mask and gateway on the interface.
Page 378 Management Guide TigerAccess™ EE To configure an IP address, use the following command. Command Mode Description ip A.B.C.D Configures an IP address. Boot Shows a currently configured IP address. To configure a subnet mask, use the following command. Command Mode Description netmask A.B.C.D Configures a subnet mask.
Page 379 Management Guide TigerAccess™ EE Step 3 Download the new system software via TFTP using the following command. Command Mode Description Downloads the system software. load { os1 | os2 } A.B.C.D FILE- os1 | os2: the area where the system software is stored Boot NAME A.B.C.D: TFTP server address...
Page 380: Ftp Upgrade
Management Guide TigerAccess™ EE Step 4 Reboot the system with the new system software using the following command. Command Mode Description Reboots the system with specified system software. reboot [ os1 | os2 ] Boot os1 | os2: the area where the system software is stored If the new system software is a current standby OS, just exit the boot mode, then the in- terrupted system boot will be continued again with the new system software.
Page 381 Management Guide TigerAccess™ EE Step 5 Exit the FTP client using the following command. Command Mode Description Exits the FTP client. To reflect the downloaded system software, the system must restart using the reload command! For more information, see Section 4.1.10.1. The following is an example of upgrading the system software of the switch using the FTP provided by Microsoft Windows XP in the remote place.
Page 382: 11 Abbreviations
Management Guide TigerAccess™ EE 11 Abbreviations Advanced Encryption Standard Address Resolution Protocol Communauté Européenne CIDR Classless Inter Domain Routing Command Line Interface Class of Service Destination Address DHCP Dynamic Host Configuration Protocol DSCP Differentiated Service Code Point Digital Subscriber Line DSLAM Digital Subscriber Line Access Multiplexer Electro-Magnetic Compatibility...
Page 383 Management Guide TigerAccess™ EE Input Rate Limiter Internet Service Provider International Telecommunication Union ITU-T International Telecommunication Union - Telecommunications standardization sector Interface Unit Layer 2 LACP Link Aggregation Control Protocol Local Area Network Local Craft Terminal LLDP Link Layer Discover Protocol LLID Logical Link ID Medium Access Control...
Page 384 Management Guide TigerAccess™ EE SNTP Simple Network Time Protocol Secure Shell Spanning Tree Protocol Software Topology Change Notification Transmission Control Protocol TFTP Trivial FTP Tree Information Base Type of Service User Datagram Protocol User Manual VLAN ID VLAN Virtual Local Area Network Video on Demand Virtual Path Identifier Virtual Private Network...
Page 385 Management Guide TigerAccess™ EE SMC7824M/VSW...
Page 386 Fax (65) 6 238 6466 Korea: 82-2-553-0860; Fax 82-2-553-7202 Japan: 81-45-224-2332; Fax 81-45-224-2331 Australia: 61-2-8875-7887; Fax 61-2-8875-7777 India: 91-22-8204437; Fax 91-22-8204443 If you are looking for further contact information, please visit www.smc.com, www.smc- europe.com, or www.smc-asia.com. 20 Mason Irvine, CA 92618 Phone: (949) 679-8000...

This manual is also suitable for:

Tigeraccess smc7824m/vsw

SMC Networks 7824M/VSW - annexe 1 Manual

1 Introduction

2 System Overview

3 Command Line Interface (CLI)

4 System Connection and IP Address

5 Port Configuration

6 System Environment

7 Network Management

Quick Links

Related Manuals for SMC Networks 7824M/VSW - annexe 1

Summary of Contents for SMC Networks 7824M/VSW - annexe 1