Download Print this page

SMC Networks ES4704BD Manual

Chassis core routing switch

Hide thumbs Also See for ES4704BD:

Specification sheet (2 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

ES4700 Series

Chassis Core Routing

Switch

1

www.smc.com

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the ES4704BD and is the answer not in the manual?

Questions and answers

Summary of Contents for SMC Networks ES4704BD

Page 1 ES4700 Series Chassis Core Routing Switch www.smc.com...
Page 2 ES4700 Series Chassis Core Routing Switch is a high performance routing switch released by SMC Networks that can be deployed as the core layer device for campus and enterprise networks, or as an aggregation device for IP metropolitan area networks (MAN).
Page 3: Table Of Contents
Content CHAPTER 1 SWITCH MANAGEMENT................18 1.1 M ..................18 ANAGEMENT PTIONS 1.1.1 Out-of-band Management ................18 1.1.2 In-band Management ..................21 1.1.3 Management via Telnet................... 21 1.1.4 Management via HTTP................... 24 1.2 M ..................27 ANAGEMENT NTERFACE 1.2.1 CLI Interface ....................27 1.2.2 Configuration Modes ..................
Page 4 2.4.3 Command For SNMP ..................76 2.4.4 Typical SNMP Configuration Examples ............85 2.4.5 SNMP Troubleshooting Help ................87 2.5 S ....................87 WITCH PGRADE 2.5.1 Switch System Files ..................87 2.5.2 BootROM Upgrade ..................88 2.5.3 FTP/TFTP Upgrade ..................90 2.5.4 FTP/TFTP Configuration Examples..............
Page 5 2.10.8 Telnet server user configuration..............132 2.10.9 Telnet security IP ..................132 CHAPTER 3 DEVICE MANAGEMENT ................ 133 3.1 D ................133 EVICE ANAGEMENT RIEF 3.2 D .............. 133 EVICE ANAGEMENT ONFIGURATION 3.2.1 Switch Basic Configuration ................133 3.3 D ..........
Page 6 4.6.3 Bandwidth control ..................159 4.6.4 Vlan interface configuration ................160 4.6.5 Allocate IP address for L3 port..............160 4.6.6 L3 port IP addr mode configuration .............. 160 4.6.7 Port mirroring configuration ................161 4.6.8 Mirror configuration..................161 4.6.9 Port debug and maintenance................ 161 4.6.10 Show port information.................
Page 7 6.4.2 Configuration Task Sequence Of VLAN-translation ........198 6.4.3 VLAN-translation Configuration Command........... 199 6.4.4 Typical Application Of VLAN-translation ............201 6.4.5 VLAN-translation Troubleshooting ..............202 6.5 D VLAN C ................ 202 YNAMIC ONFIGURATION 6.5.1 Dynamic VLAN Introduction................202 6.5.2 Dynamic VLAN Configuration ............... 203 6.5.3 Typical Application Of The Dynamic VLAN ...........
Page 8 8.3.6 spanning-tree....................238 8.3.7 spanning-tree format ..................239 8.3.8 spanning-tree forward-time................239 8.3.9 spanning-tree hello-time ................240 8.3.10 spanning-tree link-type p2p ................ 240 8.3.11 spanning-tree maxage ................241 8.3.12 spanning-tree max-hop................241 8.3.13 spanning-tree mcheck ................242 8.3.14 spanning-tree mode..................242 8.3.15 spanning-tree mst configuration ..............
Page 9 10.1.1 Introduction to Layer 3 Interface ..............290 10.1.2 Layer 3 Interface Configuration Task List............ 290 10.1.3 Command for Layer 3 Interface ..............291 10.2 IP C ..................291 ONFIGURATION 10.2.1 Introduction to IPv4, IPv6 ................291 10.2.2 IPv4 Configuration ..................293 10.2.3 IPv6 Configuration ..................
Page 10 12.1 I SNTP.................. 360 NTRODUCTION TO 12.2 C SNTP ..................361 OMMAND FOR 12.2.1 clock timezone.................... 361 12.2.2 sntp server....................361 12.2.3 sntp poll ...................... 362 12.2.4 debug sntp....................362 12.2.5 show sntp ....................362 12.3 T SNTP C ............363 YPICAL ONFIGURATION XAMPLES...
Page 11 14.2.5 Troubleshooting Help.................. 393 14.3 S ....................396 TATIC OUTE 14.3.1 Introduction to Static Route................. 396 14.3.2 Introduction to Default Route ..............396 14.3.3 Static Route Configuration Task List ............397 14.3.4 Command For Static Route ................ 397 14.3.5 Configuration Examples ................401 14.4 RIP .........................
Page 12 14.9.1 MBGP4+ Introduction ................. 597 14.9.2 MBGP4+ Configures Mission List ............... 598 14.9.3 MBGP4+ Examples ..................598 14.9.4 MBGP4+ Troubleshooting Help ..............600 CHAPTER 15 IGMP SNOOPING ................. 601 15.1 I IGMP S ..............601 NTRODUCTION TO NOOPING 15.2 IGMP S ............
Page 13 17.2.4 PIM-DM Configuration Examples ............... 624 17.2.5 PIM-DM Troubleshooting ................625 17.3 PIM-SM ......................628 17.3.1 Introduction to PIM-SM................628 17.3.2 PIM-SM Configuration Task List ..............630 17.3.3 Command For PIM-SM................632 17.3.4 PIM-SM Configuration Examples..............641 17.3.5 PIM-SM Troubleshooting ................643 17.4 DVMRP ......................
Page 14 18.2.5 PIM-SM Troubleshooting Help..............713 18.3 MLD ....................... 722 18.3.1 Introduction to MLD ..................722 18.3.2 MLD Configuration Task List............... 723 18.3.3 Command for MLD ..................725 18.3.4 MLD Typical Application................730 18.3.5 MLD Troubleshooting Help ................. 731 18.4 MLD S ....................
Page 15 20.3.1 802.1x Troubleshooting ................804 20.4 W ..................810 ANAGEMENT 20.4.1 RADIUS client configuration ............... 810 20.4.2 802.1X configuration................... 812 CHAPTER 21 VRRP CONFIGURATION ..............816 21.1 I VRRP................. 816 NTRODUCTION 21.2 VRRP C ..............817 ONFIGURATION 21.3 C VRRP ................... 819 OMMANDS 21.3.1 advertisement-interval ................
Page 16 22.3.1 clear mrpp statistics ..................833 22.3.2 control-vlan ....................833 22.3.3 debug mrpp ....................834 22.3.4 enable......................834 22.3.5 fail-timer...................... 835 22.3.6 hello-timer....................835 22.3.7 mrpp enable....................836 22.3.8 mrpp ring ....................836 22.3.9 node-mode ....................837 22.3.10 primary-port ....................837 22.3.11 secondary-port..................
Page 17 23.5.2 Cluster Administration Troubleshooting ............859...
Page 18: Chapter 1 Switch Management
Chapter 1 Switch Management 1.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. ES4700 series provides two management options: in-band management and out-of-band management. 1.1.1 Out-of-band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
Page 19 ES4700 series Functional Console port required. Step 2 Entering the HyperTerminal Open the HyperTerminal included in Windows after the connection established. The example below is based on the HyperTerminal included in Windows XP. 1) Click Start menu - All Programs -Accessories -Communication - HyperTerminal. Fig 1-2 Opening HyperTerminal 2) Type a name for opening HyperTerminal, such as “Switch”.
Page 20 Fig 1-4 Opening HyperTerminal 4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity checksum”, “1” for stop bit and “none” for traffic control; or, you can also click “Revert to default” and click “OK”. Fig 1-5 Opening HyperTerminal Step 3 Entering switch CLI interface: Power on the switch.
Page 21: In-Band Management
Current time is WED APR 20 09: 37: 52 2005 ES4700 series Switch Operating System, Software Version ES4700 series 1.1.0.0, Copyright (C) 2001-2006 by Accton Technology Corporation http: //www.smc. com. ES4700 series Switch 26 Ethernet/IEEE 802.3 interface(s) Press ENTER to start session The user can now enter commands to manage the switch.
Page 22 The following describes the steps for a Telnet client to connect to the switch’s VLAN1 interface by Telnet. Fig 1-6 Manage the switch by Telnet Step 1: Configure the IP addresses for the switch First is the configuration of host IP address. This should be within the same network segment as the switch VLAN1 interface IP address.
Page 23 Fig 1-7 Run telnet client program included in Windows Step 3: Login to the switch Login to the Telnet configuration interface. Valid login name and password are required, otherwise the switch will reject Telnet access. This is a method to protect the switch from unauthorized access.
Page 24: Management Via Http
Fig 1-8 Telnet Configuration Interface 1.1.4 Management via HTTP To manage the switch via HTTP, the following conditions should be met: 1) Switch has an IP address configured 2) The host IP address (HTTP client) and the switch’s VLAN interface IP address are in the same network segment;...
Page 25 Step 2: Run HTTP protocol on the host. Open the Web browser on the host and type the IP address of the switch. Or run directly the HTTP protocol on the Windows. For example, the IP address of the switch is “10.1.128.251”.
Page 26 Fig 1-10 Web Login Interface Input the right username and password, and then the main Web configuration interface is shown as below. Fig 1-11 Main Web Configuration Interface...
Page 27: Management Interface
1.2 Management Interface 1.2.1 CLI Interface CLI interface is familiar to most users. As aforementioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands.Those commands are categorized according to their functions in switch configuration and management.
Page 28 1.2.2.1 User Mode On entering the CLI interface, entering user entry system first. If as common user, it is defaulted to User Mode. The prompt shown is “Switch>“, the symbol “>“ is the prompt for User Mode. When disable command is run under Admin Mode, it will also return to the User Mode.
Page 29 port-channel, and accordingly the three interface configuration modes. Interface Type Entry Prompt Operates Exit VLAN Type Configure Use the exit interface Switch(Config-If- Interface switch IPs, etc command to vlan <Vlan-id> Vlanx)# command under return to Global Mode. Global Mode. Ethernet Port Type Configure Use the exit...
Page 30: Configuration Syntax
Protocol command parameters. command to under return Global Global Mode. Mode. OSPF Type router Switch(Config-Router-Ospf)# Configure Routing OSPF “exit” ospf Protocol command protocol command to under parameters. return Global Global Mode. Mode. 1.2.2.8 ACL Mode ACL type Entry Prompt Operates Exit Standard Type...
Page 31: Shortcut Key Support
“[ ]” in the command line, such as [<variable>],{enum1 <variable>| enum2}, [option1 [option2]], etc. Here are examples for some actual configuration commands: show calendar, no parameters required. This is a command with only a keyword and no parameter, just type in the command to run. vlan <vlan-id>, parameter values are required after the keyword.
Page 32: Help Function
When a string for a command or keyword is entered, the Tab can be used to complete the command or keyword if there is no conflict. 1.2.5 Help function There are two ways in ES4700 series for the user to access help information: the “help”...
Page 33: Fuzzy Match Support
parameter record is found. This command is not exist in current The command is recognized, but this command mode can not be used under current mode. Please configure precursor command recognized, command "*" at first ! prerequisite command has not been configured. syntax error : missing '"' before the Quotation marks are not used in pairs.
Page 34 management menu and on the right of the page system information and command parameter are displayed. Click the main menu link to browse other management links and to display configuration and statistic information. Fig 1-13 Module Front Panel...
Page 35: Chapter 2 Basic Switch Configuration
Chapter 2 Basic Switch Configuration 2.1 Commands for Basic Switch Configuration Basic switch configuration includes commands for entering and exiting the admin mode, commands for entering and exiting interface mode, for configuring and displaying the switch clock, for displaying the version information of the switch system, etc. Command Explanation Normal User Mode/ Admin Mode...
Page 36 Function: Configure the authentication mode and priority on Telnet Server for remote login users; the “no authentication login” command restores to the default login authentication mode. Default: Default login authentication mode is local. Command mode: Global mode Usage guide: When using authentication modes combinations, the mode at the first of the queue is with the highest priority which receding ascendingly.
Page 37 no debug ssh-server Function: Display SSH server debugging information; the “no debug ssh-server” command stops displaying SSH server debugging information. Default: This function is disabled by default. Command mode: Admin Mode 2.1.1.5 dir Command: dir Function: Display the files and their sizes in the Flash memory. Command mode: Admin Mode Example: Check for files and their sizes in the Flash memory.
Page 38 Default: This password is empty by system default Usage Guide: Configure this password to prevent unauthorized entering Admin Mode. It is recommended to set the password at the initial switch configuration. Also, it is recommended to exit Admin Mode with “exit” command when the administrator needs to leave the terminal for a long time.
Page 39 Usage Guide: An instant online help provided by the switch. Help command displays information about the whole help system, including complete help and partial help. The user can type in ? any time to get online help. Example: Switch>help enable -- Enable Admin mode exit -- Exit telnet session...
Page 40 the “no ipv6 host <hostname>” command deletes this mapping relationship name host,containing Parameter:<hostname> characters;<ipv6_addr> is the IPv6 address corresponding to the host name. Command Mode: Global Mode Usage Guide: Configure a fixed corresponding relationship between the host and the IPv6 address, applicable in commands such as “traceroute6 <host>”, etc. Example: Set the IPv6 address of the host named beijing to 2001:1:2:3::1 Switch(Config)#ipv6 host beijing 2001:1:2:3::1 2.1.1.14 ip http server...
Page 41 Command mode: Admin Mode Default: The default setting is English display. Usage Guide: ES4700 series provides help information in two languages, the user can select the language according to their preference. After the system restart, the help information display will revert to English. 2.1.1.17 login local Command：login local no login...
Page 42 Switch(Config)#login 2.1.1.19 ping Command: ping [<ip-addr> | <host>|vrf|] Function: The switch send ICMP packet to remote devices to verify the connectivity between the switch and remote devices. Parameter: <ip-addr> is the target host IP address for ping, in dot decimal format. <host>...
Page 43 Datagram size in byte [56] ICMP packet size the default is 56 bytes Timeout in milli-seconds [2000]: Timeout (in milliseconds,) the default is 2 seconds. Extended commands [n]: Whether to change the other options or not 2.1.1.20 ping6 Command: ping6 [<dst-ipv6-address> | host <hostname> | src < src-ipv6-address > {<dst- ipv6-address >...
Page 44 Source IPv6 address: fe80::203:fff:fe0b:16e3 Repeat count [5]: Datagram size in byte [56]: Timeout in milli-seconds [2000]: Extended commands [n]: Type ^c to abort. Sending 5 56-byte ICMP Echos to fe80::2d0:59ff:feb8:3b27, using src address fe80::203:fff:fe0b:16e3, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/16 ms Displayed Information Explanation ping6...
Page 45 2.1.1.22 service password-encryption Command:service password-encryption no service password-encryption Function: Encrypt system password. The “no service password-encryption” command cancels the encryption Command mode: Global mode Default: no service password-encryption by system default Usage guide: The current unencrypted passwords as well as the coming passwords configured by password, enable password and username command will be encrypted by executed this command.
Page 46 switch will reset to factory settings after restart. Example: Switch#set default Are you sure? [Y/N] = y Switch#write Switch#reload 2.1.1.25 setup Command: setup Function: Enter the Setup Mode of the switch. Command mode: Admin Mode Usage Guide: ES4700 series provides a Setup Mode, in which the user can configure IP addresses, etc.
Page 47 Example: Switch#terminal monitor 2.1.1.28 traceroute Command: traceroute {<ip-addr> | host <hostname> }[hops <hops>] [timeout <timeout> ] Function: This command is tests the gateway passed in the route of a packet from the source device to the target device. This can be used to test connectivity and locate a failed sector.
Page 48 no cli username <username> Function： Configure shell user and priority shell by logging in user name and password. Parameter： Username is the user name, privilege is the highest level executed by the user, level is 1 to 15, default is 1, and password is user password, if input option 7 on password setting, the password is encrypted;...
Page 49: Commands For Maintenance And Debug
Default: The username and password are null by default. Usage Guide: This command can be used to set the username for logging on the switch and set the password as null. Example: Set username as “admin” and set password as “admin” Switch(Config)#username admin password 0 admin 2.1.1.32 username nopassword Command: username <user_name>...
Page 50: Ping6
remote devices, also for check the accessibility between the switch and the remote device. Refer to the Ping command chapter in the Command Manual for explanations of various parameters and options of the Ping command. 2.2.2 Ping6 Ping6 command is mainly used by the switch to send ICMPv6 query packet to the remote equipment, verifying the accessibility between the switch and the remote equipment.
Page 51 Global Mode Enable the Telnet server function in the ip telnet server switch: the “no ip telnet server” no ip telnet server command disables the Telnet function. Configure the secure IP address to login to the switch through Telnet: the telnet-server securityip <ip-addr>...
Page 52 Example: (1) The switch Telnets to a remote host whose IP address is 20.1.1.1 Switch#telnet 20.1.1.1 23 (2) The switch Telnets to a remote host whose IPv6 address is 3ffe:506:1:2::3 Switch#telnet 3ffe:506:1:2::3 (3) Configure the mapping relationship between the host name ipv6host and the IPv6 address 3ffe:506:1:2::3, and then telnet to host ipv6host Switch#config Switch(Config)# ipv6 host ipv6host 3ffe:506:1:2::3...
Page 53: Ssh
2.2.4 SSH 2.2.4.1 Introduction to SSH SSH (Secure Shell) is a protocol which ensures a secure remote access connection to network devices. It is based on the reliable TCP/IP protocol. By conducting the mechanism such as key distribution, authentication and encryption between SSH server and SSH client, a secure connection is established.
Page 54 Admin Mode Display SSH debug information on the SSH client side; the “no monitor” monitor command stops displaying SSH debug no monitor information on the SSH client side. 2.2.4.3 Command for SSH 2.2.4.3.1 ssh-server authentication-retries Command:ssh-server authentication-retries < authentication-retries > no ssh-server authentication-retries Function: Configure the number of times for retrying SSH authentication;...
Page 55 time. Usage Guide: This command is used to generate the new host key. When SSH client logs on the server, the new host key is used for authentication. After the new host key is generated and “write” command is used to save the configuration, the system uses this key for authentication all the time.
Page 56: Traceroute
Example 1: Requirement: Enable SSH server on the switch, and run SSH2.0 client software such as Secure shell client and putty on the terminal. Log on the switch by using the username and password from the client. Configure the IP address, add SSH user and enable SSH service on the switch. SSH2.0 client can log on the switch by using the username and password to configure the switch.
Page 57: Show
exceeded」 message (including the source address of the IPv6 packet, all content in the IPv6 packet and the IPv6 address of the router). Upon receiving this message, the Traceroute6 sends another datagram of which the HOPLIMIT is increased to 2 so to discover the second router.
Page 58 Display the information of all the Telnet clients which are authorized to access the switch show telnet user through Telnet. Display the operation information and the state of each task running on the switch. It is Show tech-support used by the technicians to diagnose whether the switch operates properly.
Page 59 the UP/DOWN key or their equivalent (ctrl+p and ctrl+n) to access the command history. Example: Switch#show history enable config interface ethernet 1/3 enable show ftp 2.2.7.1.4 show memory Command: show memory Function: Display the contents in the memory. Command mode: Admin Mode Usage Guide: This command is used for switch debug purposes.
Page 60 parameters. Example: Switch#show running-config 2.2.7.1.6 show ssh-server Command: show ssh-server Function: Display SSH state and users which log on currently. Command mode: Admin Mode Example: Switch#show ssh-server ssh-server is enabled connection version state user name session started test 2.2.7.1.7 show ssh-user Command: show ssh-user Function: Display the configured SSH usernames.
Page 61 information existing in the switch Command mode: Admin mode Example: Show VLAN messages of port ethernet 1/1. Switch#show interface switchport ethernet 1/1 Ethernet1/1 Type :Universal Mac addr num :-1 Mode :Access Port VID :1 Trunk allowed Vlan :ALL Displayed Information Description Ethernet1/1 Corresponding interface number of the Ethernet...
Page 62: Debug
2.2.7.1.12 show udp Command: show udp Function: Display the current UDP connection status established to the switch. Command mode: Admin Mode Example: Switch#show udp LocalAddress LocalPort ForeignAddress ForeignPort State 0.0.0.0 0.0.0.0 CLOSED 0.0.0.0 0.0.0.0 CLOSED 0.0.0.0 1985 0.0.0.0 CLOSED Displayed information Description LocalAddress Local address of the udp connection.
Page 63: System Log
2.2.9 System log 2.2.9.1 System Log Introduction The system log takes all information output under it control, while making detailed catalogue, so to select the information effectively. Combining with Debug programs, it will provide a powerful support to the network administrator and developer in monitoring the network operation state and locating the network failures.
Page 64 system operation and detecting abnormal states. Note: the NVRAM log buffer may not exist on some switches, which only have the SDRAM log buffer zone It is recommended to use the system log server. By configuring the log host on the switch, the log can be sent to the log server for future examination 2.2.9.1.2 Format And Severity Of The Log Information The log information format is compatible with the BSD syslog protocol, so we can record and analyze the log by the systlog (system log protect session) on the...
Page 65 Information from the debugging of CLI command is classified debugging Log information can be automatically sent to corresponding channels with regard to respective severity levels. Amongst the debugging information can only be sent to the monitor. Those with the Informational level can only be sent to current monitor terminal, such as the information from the Telnet terminal configuration command can only be transmitted to the Telnet terminal.
Page 66 range <begin-index> <end-index>] Function: This command displays the detailed information in the log buffer channel. This command is not supported on low end switches Parameter:<slot-ID>is the logical slot number,such as 1,2,3,M1,M2,This option is only available on high-end stand switch, and not supported in box switch;<begin-index> is the index start value of the log message, the valid range is 1-65535,<end-index>...
Page 67 2.2.9.2.2.2 clear logging Command: clear logging { sdram | nvram } Function: This command is used to clear all the information in the log buffer zone. Command Mode:Admin Mode Usage Guide: When the old information in the log buffer zone is no longer concerned, we can use this command to clear all the information example:Clear all information in the log buffer zone sdram Switch# clear logging sdram...
Page 68: Configurate Switch Ip Addresses
2.2.9.3 System Log Configuration Example Example 1:When managing VLAN the IPv4 address of the switch is 100.100.100.1, and the IPv4 address of the remote log server is 100.100.100.5. It is required to send the log information with a severity equal to or higher than warnings to this log server and save in the log record equipment local1 Configuration procedure: Switch(Config)#interface Ethernet 0...
Page 69: Switch Ip Addresses Configuration Task List
DHCP server, and dynamically assign network parameters such as IP addresses, gateway addresses and DNS server addresses to DHCP clients DHCP Server configuration is detailed in later chapters. 2.3.1 Switch IP Addresses Configuration Task List 1. Manual configuration 2. BootP configuration 3.
Page 70 Command: ip address <ip-address> <mask> [secondary] no ip address [<ip-address> <mask>] [secondary] Function: Set the IP address and mask for the specified VLAN interface; the “no ip address <ip address> <mask> [secondary]” command deletes the specified IP address setting. Parameter: <ip-address> is the IP address in dot decimal format; <mask> is the subnet mask in dot decimal format;...
Page 71: Snmp Configuration
Function: Enables the switch to be a DHCP client and obtain IP address and gateway address through DHCP negotiation; the “no ip address dhcp-client” command disables the DHCP client function and releases the IP address obtained in DHCP. Note: To obtain IP address via DHCP, a DHCP server is required in the network.
Page 72 Get-Response Get-Next-Request Get-Bulk-Request Set-Request Trap Inform-Request sends queries Agent with Get-Request, Get-Next-Request, Get-Bulk-Request and Set-Request messages; and the Agent, upon receiving the requests, replies with Get-Response message. On some special situations, like network device ports are on Up/Down status or the network topology changes, Agents can send Trap messages to NMS to inform the abnormal events.
Page 73 Fig 2-1 ASN.1 Tree Instance In this figure, the OID of the object A is 1.2.1.1. NMS can locate this object through this unique OID and gets the standard variables of the object. MIB defines a set of standard variables for monitored network devices by following this structure. If the variable information of Agent MIB needs to be browsed, the MIB browse software needs to be run on the NMS.
Page 74: Snmp Configuration Task List
Alarm: Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON Agent records. Event: A list of all events generated by RMON Agent. Alarm depends on the implementation of Event. Statistics and History display some current or history subnet statistics.
Page 75 “ command deletes configured secure address. Enable or disable secure IP address check snmp-server SecurityIP enable function on the NMS. snmp-server SecurityIP disable 4. Configure engine ID Command Explanation Configure the local engine ID on the snmp-server engineid < engine-string > switch.
Page 76: Command For Snmp
SNMP v3, this command also configures <user-string> Trap user name and security level. snmp-server host {<ipv4-addr>|<ipv6-addr>} {v1|v2c|{v3 {NoauthNopriv|AuthNopriv |AuthPriv}}} <user-string> 9. Enable/Disable RMON Command Explanation Enable/disable RMON. rmon enable no rmon enable 2.4.3 Command For SNMP 2.4.3.1 rmon Command: rmon enable no rmon enable Function: Enable RMON;...
Page 77 0 Get-next PDUs 0 Set-request PDUs 0 SNMP packets output 0 Too big errors (Max packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Get-response PDUs 0 SNMP trap PDUs Displayed information Explanation snmp packets input Total number of SNMP packet inputs.
Page 78 trap PDUs Number of Trap packets sent. 2.4.3.3 show snmp status Command: show snmp status Function: Display SNMP configuration information. Command mode: Admin Mode Example: Switch#show snmp status Trap enable RMON enable Community Information: V1/V2c Trap Host Information: V3 Trap Host Information: Security IP Information: Displayed information Description...
Page 79 Example 3: Modify the read-write community string named “private” to read-only. Switch(config)#snmp-server community private ro Example 4: Delete community string “private”. Switch(config)#no snmp-server community private 2.4.3.5 snmp-server Command: snmp-server no snmp-server Function: Enable the SNMP proxy server function on the switch. The “no snmp-server” command disables the SNMP proxy server function Command mode: Global mode Default: SNMP proxy server function is disabled by system default.
Page 80 message. And for v3 version, this command is used for receiving the network manage station IP address and the Trap user name and safety level; the “no” form of this command cancels this IP address. Command Mode: Global Mode Parameter: <ipv4-addr>|<ipv6-addr> is the IP address of the NMS managing station which receives Trap message.
Page 81 Command: debug snmp keneral no debug snmp keneral Function:Enable the SNMP keneral debugging; the “no debug snmp keneral” command disables the debugging function Command Mode: Admin Mode Usage Guide:When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes. Example: Switch#debug snmp keneral 2.4.3.10 show snmp engineid Command: show snmp engineid...
Page 82 2.4.3.12 show snmp mib Command: show snmp mib Function: Display all MIB supported by the switch Command Mode: Admin Mode 2.4.3.13 show snmp user Command: show snmp user Function:Display the user information commands Command Mode: Admin Mode Example: Switch#show snmp user User name: initialsha Engine ID: 1234567890 Auth Protocol:MD5...
Page 83 active State 2.4.3.15 snmp-server engineid Command: snmp-server engineid < engine-string > no snmp-server engineid < engine-string > Function: Configure the engine ID; the “no" form of this command restores to the default engine ID Command Mode:Global mode Parameter:<engine-string> is the engine ID shown in 1-32 digit hex characters Default:Default value is the company ID plus local MAC address Usage Guide: Example: Set current engine ID to A66688999F...
Page 84 Switch (Config)#no snmp-server group CompanyGroup AuthPriv 2.4.3.17 snmp-server SecurityIP enable Command: snmp-server SecurityIP enable snmp-server SecurityIP disable Function: Enable/disable the safety IP address authentication on NMS manage station Command Mode:Global Mode Default: Enable the safety IP address authentication function Example: Disable the safety IP address authentication function Switch(config)#snmp-server securityip disable 2.4.3.18 snmp-server view...
Page 85: Typical Snmp Configuration Examples
Parameter: <user-string> is the user name containing 1-32 characters <group-string> is the name of the group the user belongs to, containing 1-32 characters encrypted use DES for the packet encryption auth perform packet authentication md5 packet authentication using HMAC MD5 algorithm sha packet authentication using HMAC SHA algorithm <password-string>...
Page 86 1.1.1.9 1.1.1.5 Fig 2-2 Typical SNMP Configuration The IP address of the NMS is 1.1.1.5; the IP address of the switch (Agent) is 1.1.1.9 Scenario 1: The NMS network administrative software uses SNMP protocol to obtain data from the switch. The configuration on the switch is listed below: Switch(config)#snmp-server Switch(Config)#snmp-server community private rw...
Page 87: Snmp Troubleshooting Help
Scenario 4: NMS wants to receive the v3Trap messages sent by the switch. The configuration on the switch is listed below: Switch(config)#snmp-server Switch(config)#snmp-server host 10.1.1.2 v3 AuthPriv tester Switch(config)#snmp-server enable traps 2.4.5 SNMP Troubleshooting Help When users configure the SNMP, the SNMP server may fail to run properly due to physical connection failure and wrong configuration, etc.
Page 88: Bootrom Upgrade
The system files includes system image file and boot file. The updating of the switch is to update the two files by overwrite the old files with the new ones. The system image files refers to the compressed files of the switch hardware drivers, and software support program, etc, namely what we usually call the IMG update file.
Page 89 ES4700 series Management Switch Copyright (c) 2001-2004 by Accton Technology Corporation. All rights reserved. Reset chassis ... done. Testing RAM... 134,217,728 RAM OK. Loading BootROM... Starting BootRom... Attaching to file system ... done. BootRom version: 1.0.4 Creation date: Jun 9 2006, 14: 54: 12 Attached TCP/IP interface to lnPci0.
Page 90: Ftp/Tftp Upgrade
size = 0x1077f8 Step 5: Execute “write nos.img” in BootROM mode. The following saves the system update image file. [Boot]: write nos.img Programming... Program OK. [Boot]: Step 6: After successful upgrade, execute “run” command in BootROM mode to return to CLI configuration interface.
Page 91 used for transferring files between hosts, hosts and switches. Both of them transfer files in a client-server model. Their differences are listed below. FTP builds upon TCP to provide reliable connection-oriented data stream transfer service. However, it does not provide file access authorization and uses simple authentication mechanism(transfers username and password in plain text for authentication).
Page 92 memory in ES4700 series. SDRAM: RAM memory in the switch, used for system software operation and configuration sequence storage. FLASH: Flash memory used to save system file and configuration file System file: including system image file and boot file. System image file: refers to the compressed file for switch hardware driver and software support program, usually refer to as IMG upgrade file.
Page 93 2. FTP server configuration （1） Start FTP server （2） Configure FTP login username and password （3） Modify FTP server connection idle time （4） Shut down FTP server 3. TFTP server configuration （1） Start TFTP server （2） Configure TFTP server connection idle time （3）...
Page 94 Global Mode Start TFTP server, the “no ftp-server enable” tftp-server enable command shuts down TFTP server and no tftp-server enable prevents TFTP user from logging in. （2）Modify TFTP server connection idle time Command Explanation Global Mode tftp-server Set maximum retransmission time within retransmission-number <...
Page 95 Running configuration files running-config Startup configuration files startup-config System files nos.img System startup files nos.rom Command Mode: Admin Mode Usage Guide: This command supports command line hints,namely if the user can enter commands in following forms: copy <filename> ftp:// or copy ftp:// <filename> and press Enter,following hints will be provided by the system: ftp server ip/ipv6 address [x.x.x.x]/[x:x::x:x] >...
Page 96 Startup configuration files startup-config System files nos.img System startup files nos.rom Command Mode: Admin Mode Usage Guide: This command supports command line hints,namely if the user can enter commands in following forms: copy <filename> tftp:// or copy tftp:// <filename> and press Enter,following hints will be provided by the system: tftp server ip/ipv6 address[x.x.x.x]/[x:x::x:x]>...
Page 97 Example: enable FTP server service. Switch#config Switch(Config)# ftp-server enable 2.5.3.2.2.5 ftp-server timeout Command: ftp-server timeout <seconds> Function: Set data connection idle time Parameter: < seconds> is the idle time threshold ( in seconds) for FTP connection, the valid range is 5 to 3600. Default: The system default is 600 seconds.
Page 98: Ftp/Tftp Configuration Examples
Displayed information Explanation Timeout Timeout time. Retry Times Retransmission times. 2.5.3.2.2.8 tftp-server enable Command: tftp-server enable no tftp-server enable Function: Start TFTP server, the “no ftp-server enable” command shuts down TFTP server and prevents TFTP user from logging in. Default: TFTP server is not started by default. Command mode: Global Mode Usage Guide: When TFTP server function is enabled, the switch can still perform tftp client functions.
Page 99 Switch 10.1.1.2 computer 10.1.1.1 Fig 2-4 Download nos.img file as FTP/TFTP client Scenario 1: The switch is used as FTP/TFTP client. The switch connects from one of its ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; the switch acts as a FTP/TFTP client, the IP address of the switch management VLAN is 10.1.1.2.
Page 100 Switch (Config-If-Vlan1)#exit Switch (Config)#exit Switch#copy tftp: //10.1.1.1/12_30_nos.img nos.img Scenario 2: The switch is used as FTP server. The switch operates as the FTP server and connects from one of its ports to a computer, which is a FTP client. Transfer the “nos.img”...
Page 101 FTP Configuration Computer side configuration: Start the FTP server software on the computer and set the username “Switch”, and the password “Admin”. Save “nos.img”, “boot.rom” and “startup-config” in the appropriate FTP server directory on the computer. The configuration procedures of the switch is listed below: Switch (Config)#inter vlan 1 Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0 Switch (Config-If-Vlan1)#no shut...
Page 102: Ftp/Tftp Troubleshooting Help
Start the FTP server software on the PC and set the username “Switch”, and the password “Admin”. ES4700 series: Switch (Config)#inter vlan 1 Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0 Switch (Config-If-Vlan1)#no shut Switch (Config-If-Vlan1)#exit Switch (Config)#dir ftp: //Switch: Admin@10.1.1.1 220 Serv-U FTP-Server v2.5 build 6 for WinSock ready... 331 User name okay, need password.
Page 103 200 PORT Command successful. nos.img file length = 1526021 read file ok send file 150 Opening ASCII mode data connection for nos.img. 226 Transfer complete. close ftp client. The following is the message displays when files are successfully received. Otherwise, please verify link connectivity and retry “copy” command again. 220 Serv-U FTP-Server v2.5 build 6 for WinSock ready...
Page 104: Security Feature Configuration
begin to receive file,wait... recv 1526037 ************************ write ok transfer complete close tftp client. If the switch is upgrading system file or system start up file through TFTP, the switch must not be restarted until “close tftp client” is displayed, indicating upgrade is successful, otherwise the switch may be rendered unable to start.
Page 105 Enable the function of checking if the IP dosattack-check srcip-equal-dstip source address is the same as the enable destination address 2.6.2.2 Prevent TCP Unauthorized Label Attack Function Configuration Task Sequence 1．Enable the anti TCP unauthorized label attack function 2．Enable Checking IPv4 fragment function Command Explanation Global Mode...
Page 106: Commands For Security Feature
dosattack-check tcp-fragment enable Configure the minimum permitted TCP head length of the packet. This command has no dosattack-check tcp-header <size> effect when used separately, the user should enable the dosattack-check tcp-fragment enable 2.6.2.5 Prevent ICMP Fragment Attack Function Configuration Task Sequence 1．Enable the prevent ICMP fragment attack function 2．Configure the max permitted ICMPv4 net load length...
Page 107 Command Mode:Global Mode Usage Guide: By enabling this function, data packet whose source IP address is equal to its destination address will be dropped Example: Drop the data packet whose source IP address is equal to its destination address Switch(Config)# dosattack-check srcip-equal-dstip enable 2.6.3.2 dosattack-check ipv4-first-fragment enable Command: [no] dosattack-check ipv4-first-fragment enable Function: Enable the function by which the switch checks the first fragment packet of...
Page 108 Function: Enable the function by which the switch will check if the source port is equal to the destination port; the "no" form of this command disables this function Parameter:None Default:Disable the function by which the switch will check if the source port is equal to the destination port Command Mode:Global Mode Usage Guide:With this function enabled, the switch will be able to drop TCP and UDP...
Page 109 Switch(Config)# dosattack-check tcp-header 20 2.6.3.7 dosattack-check icmp-attacking enable Command: [no] dosattack-check icmp-attacking enable Function: Enable the ICMP fragment attack checking function on the switch; the “no” form of this command disables this function Parameter: None Default:Disable the ICMP fragment attack checking function on the switch Command Mode:Global Mode Usage Guide: With this function enabled the switch will be protected from the ICMP fragment attacks, dropping the fragment ICMPv4/v6 data packets whose net length is...
Page 110: Security Feature Example
Usage Guide:To use this function you have to enable “dosattack-check icmp-attacking enable” first Example:Set the max net length of the ICMPv6 data packet permitted by the switch to Switch(Config)# dosattack-check icmp-attacking enable Switch(Config)# dosattack-check icmpv6-size 100 2.6.4 Security Feature Example Scenario: The User has follows configuration requirements: the switch do not forward data packet whose source IP address is equal to the destination address, and those whose...
Page 111: Jumbo Command
1.Configure enable Jumbo function Command Explanation Enable sending/receiving function of the jumbo enable Jumbo frames no jumbo enable Disable the sending/receiving function of the Jumbo frames 2.7.3 Jumbo Command Command:jumbo enable no jumbo enable Function: Enable the Jumbo receiving function, expanding the range of the frames received by the switch to 64-8996 bytes.
Page 112: Sflow Configuration Task
We have achieved data sampling and statistic targeting physical port. Our data sample includes the IPv4 and IPv6 packets. Extensions of other types are not supported so far. As for non IPv4 and IPv6 packet, the unify HEADER mode will be adopted following the requirements in RFC3176, copying the head information of the packet based on analyzing the type of its protocol.
Page 113: Commands For Sflow
priority” command restores to the default 4. Configure the packet head length copied by sFlow Command Explanation Global Mode Configure the length of the packet data sflow header-len <length-vlaue> head copied in the sFlow data sampling; no sflow header-len the “no” form of this command restores to the default value.
Page 114 Function:Configure the IP address and port number of the host on which the sFlow analysis software is installed. If the port has been configured with IP address, the port configuration will be applied, or else the global configuration will be applied. The “no” form of this command restores the port to default and deletes the IP address.
Page 115 Default: The default value is 0 Usage Guide:When sample packet is sent to the CPU, it is recommended not to assign high priority for the packet so that regular receiving and sending of other protocol packet will not be interfered. The higher the priority value is set, the higher its priority will be. Example:Configure the priority when sFlow receives packet from the hardware at global mode, switch #config)#sflow priority 1...
Page 116 Command:sflow counter-interval <interval-value> no sflow counter-interval Function: Configure the max interval of the sFlow statistic sampling; the “no” form of this command deletes the statistic sampling interval value. Parameter:<interval-value> is the value of the interval with a valid range of 20~120 and shown in second.
Page 117 switch #show sflow Sflow version 1.2 Agent address is 172.16.1.100 Collector address have not configured Collector port is 6343 Sampler priority is 2 Sflow DataSource: type 2, index 194(Ethernet3/2) Collector address is 192.168.1.200 Collector port is 6343 Counter interval is 0 Sample rate is input 0, output 0 Sample packet max len is 1400 Sample header max len is 50...
Page 118: Sflow Examples
Sample version is 4 The datagram version of the sFlow group sent by the E3/1 interface sampling proxy is 4. 2.8.4 sFlow Examples Fig 2-5 sFlow configuration topology As shown in the figure, sFlow sampling is enabled on the port 3/1 and 3/2 of the switch. Assume the sFlow analysis software is installed on the PC with the address of 192.168.1.200.
Page 119: Tacacs+ Configuration
mode is accessible. If traffic sampling is required, the sampling rate of the interface must be configured If statistic sampling is required, the statistic sampling interval of the interface must be configured If the examination remains unsolved, please contact with the technical service center of our company.
Page 120: Commands For Tacacs
Global Mode Configure the IP address and listen port tacacs-server authentication host number of the TACACS+ authentication <IPaddress> [[port {<portNum>}] server; the “no” form of this command [primary]] deletes the TACACS+ authentication no tacacs-server authentication host server <IPaddress> 3) Configure the TACACS+ authentication timeout time Command Explanation Global Mode...
Page 121 2.9.3.2 tacacs-server key Command:tacacs-server key <string> no tacacs-server key Function: Configure the key of TACACS+ authentication server; the “no tacacs-server key” command deletes the TACACS+ server key. Parameter: <string> is the character string of the TACACS+ server key, containing maximum 16 characters. Command Mode: Global Mode Usage Guide: The key is used on encrypted packet communication between the switch and the TACACS+ server.
Page 122: Typical Tacacs+ Scenarios
Command Mode: Admin Mode Parameter: None Usage Guide: Enable the TACACS+ debugging messages to check the negotiation process of the TACACS+ protocol which can help detecting the failure. Example: Enable the debugging messages of the TACACS+ protocol Switch#debug tacacs-server 2.9.4 Typical TACACS+ Scenarios Switch 10.1.1.2 10.1.1.1...
Page 123: Web Management
Finally ensure to connect to the correct TACACS+ server If the TACACS+ authentication problem remain unsolved, please use debug tacacs and other debugging command and copy the DEBUG message within 3 minutes, send the recorded message to the technical server center of our company. 2.10 Web Management 2.10.1 Switch basic configuration Users should click “Switch basic configuration”...
Page 124: Snmp Configuration
2.10.2 SNMP configuration Users should click “Switch basic configuration” and “SNMP configuration” to configure the SNMP relating functions. 2.10.2.1 SNMP manager configuration Users should click “Switch basic configuration”, “SNMP configuration”, and “SNMP manager configuration” to configure the community string of the switch. Community string (0-255 characters) -for configuration of the community string.
Page 125 as “trap” and State as “Valid.” The command will be applied to the switch by clicking on the “Apply” button. 2.10.2.3 Configure IP address of SNMP manager User should click “Switch basic configuration”, “SNMP configuration”, and “Configure ip address of snmp manager” to configure the security IP address which will be allowed to access to the NMS management station of the switch.
Page 126: Switch Upgrade
2.10.2.5 RMON and trap configuration Users should click “Switch basic configuration”, “SNMP configuration” and “RMON and TRAP configuration” to configure the RMON function of the switch. Snmp Agent state –open/close the switch to be SNMP agent server function. RMON state -open/close RMON function of the switch. Trap state -allows device to send Trap messages Example: choose Snmp Agent state as “Open”, choose RMON state as “Open”, and choose Trap state as “Open”.
Page 127 FTP server service -to configure FTP server 2.10.3.1 TFTP client configuration Users should click “Switch basic configuration” and “TFTP client service” to enter into the configuration page. Words and phrases are explained in the following: Server IP address-IP address of the server. Local file name-the local file name Server file name-the file name of the server Operation type-”Upload”...
Page 128 Users should click “Switch basic configuration” and “FTP client service” to enter into this configuration page. Words and phrases are explained in the following: Server IP address-IP address of the server User name-the name of the user Password-the specific password Operation type-”Upload”...
Page 129: Maintenance And Debug Command
2.10.4 Maintenance and debug command Users should click “Switch basic configuration” and “Basic configuration debug” to enter into the configuration page and make configuration nodes, which include the following segments: Debug command-a debugging command. Show calendar-to display the current time. Dir to display FLASH files.
Page 130: Basic Introduction To Switch
2.10.4.2 Show vlan port property Users should click “Switch basic configuration”, “Basic configuration debug” and “show switchport interface” to enter into the configuration page and make configuration nodes. “Port” means the port table. Example: User finds a VLAN port’s properties by choosing port1/1 and click “Apply.” 2.10.4.3 Others Other parts are easier to configure.
Page 131: Switch Maintenance
2.10.6 Switch Maintenance On the left directory of the root page, users should click “Switch maintenance” to configure maintenance nodes through web interface. 2.10.6.1 Exit current web configuration Users should quit the web-login by clicking “Switch maintenance” and “Exit current web configuration.”...
Page 132: Telnet Server User Configuration
configure the Telnet server configuration nodes through web interface. 2.10.8 Telnet server user configuration Users should click “Telnet server configuration” and “Telnet server user configuration” to configure Telnet service start-up and users information. Words and phrases are explained in the following: Telnet server State-to choose from the drop-down list.
Page 133: Chapter 3 Device Management
Chapter 3 Device Management 3.1 Device Management Brief The device management function of ES4700 series provides information about line card status, line card operation debugging, power supply and fan status. This function enables the maintenance and management of the physical devices and restart of the switch and line cards, and hot swapping of the cards.
Page 134 Parameter: <slotno> is the number of the slot (The range value: 1 to 4, M1, M2, and 5 to 8) Default: if slotno does not specify any, then the default displays all of the module information. Command mode: Admin Mode Example: Switch# show slot 1 --------slot : 1--------...
Page 135: Card Hot-Swap Operation
Default: not display Command mode: Admin Mode Usage guide: “OK” means the power exits. “NO” means the power does not exist. Example: Switch# show power ----------power information---------- power1 Inserted: OK power2 Inserted: NO 3.3.1.4 debug devsm Command: debug devsm { send | receive | state } no debug devsm {send | receive | state } Function: Displays the device management packet traffic and cards status conditions.
Page 136: Configuration Restoration Rules
If the cards need to be replaced during normal operation, the following guidelines should be followed: Hot-remove the the card to be repleaced. the master control board will display a message of “pull out”,and the card status becomes destroyed. Insert the new card. the master control board will display a message of “push in”.After the card run nomally,the master control board will display the link state of the card’s port.
Page 137: Command For Device Management
3.7 Command for device management 3.7.1 debug devsm Command:debug devsm { send | receive | state } no debug devsm {send | receive | state } Function: Displays the device management packet traffic and cards status conditions. The “no debug devsm {send | receive | state }” command disables DEBUG display. Parameters: send displays outgoing device management packets.
Page 138: Runcfg-Sync
Parameters: < slotno> is the slot number, or the card located in that slot, the valid range is 1 to 4, M1, M2, and 5 to 8. Command mode: Admin Mode Usage Guide: This command can reset all line cards and Standby Master board, but not the Active Master board.
Page 139: Show Power
3.7.7 show power Command: show power Function: Shows if the power supply is in place. Parameters: N/A. Default: No display by default. Command mode: Admin Mode Usage Guide: “YES” for power supply in place; “NO” for power supply not in place. Example: Switch # show power ----------power information----------...
Page 140: Chapter 4 Port Configuration
Chapter 4 Port Configuration 4.1 Introduction to Port ES4700 series comes with line cards and master management cards. Line cards provide various network ports. The master management cards provide console interface and network management port. The Console interface and network management port are used for out-of-band management of the switch.
Page 141: Port Configuration
both are operating normally, only the Ethernet port in the Active Master can be used as the network management port. When Active-Standby occurs, the network management port will change accordingly. 4.2 Port Configuration 4.2.1 Network Port Configuration 4.2.1.1 Network Port Configuration Task List 1.
Page 142 shutdown Enables/Disables specified ports no shutdown Names or cancels the name of specified name <string> ports no name Sets the cable type for the specified port (This command is not supported on the mdi { auto | across | normal } ES4700 series line card ports of 1000MB no mdi and above)
Page 143 for copper cable port first; sfp-forced for fiber cable forces to use fiber cable port; sfp-preferred-auto for fiber cable port first. Command mode: Interface Mode Default: The default setting for combo mode of combo ports is fiber cable port first. Usage Guide: The combo mode of combo ports and the port connection condition determines the active port of the combo ports.
Page 144 4.2.1.2.2 clear counters Command: clear counters [{ethernet <interface-list> | vlan <vlan-id> | port-channel <port-channel-number> | <interface-name>}] Function: Clears the statistics of the specified port. Parameters: <interface-list> stands for the Ethernet port number; < vlan-id > stands for the VLAN interface number; <port-channel-number> for trunk interface number; <interface-name>...
Page 145 ES4704BD’s ports support IEEE802.3X flow control; the ports work in half-duplex mode, supporting back-pressure flow control. If flow control results in serious HOL, the switch will automatically start HOL control (discarding some packets in the COS queue that may result in HOL) to prevent drastic degradation of network performance.
Page 146 Function: Sets the cable types supported by the Ethernet port; the “no mdi” command sets the cable type to auto-identification. This command is not supported on ES4704BD line card ports of 1000Mbps or more, these ports have auto-identification set for cable types.
Page 147 Parameter:<bandwidth> is the bandwidth limit, which is shown in Mbps ranging between 1-10000M; input refers to the bandwidth limit will only performed when the switch receives data from out side, while output refers to the function will be perform on sending only.
Page 148 Example: Setting ports 8 -10 (1000Mbps) of slot 2 to allow 3 broadcast packets per second. Switch(Config)#interface ethernet 2/8-10 Switch(Config-Port-Range)#rate-suppression broadcast 3 4.2.1.2.11 show interface status Command:show interface status[{ethernet <interface-number> | vlan <vlan-id> | port-channel <port-channel-number> | <interface-name>}] Function:Show information of specific port on the switch Parameter:<interface-number>...
Page 149 Example: Opening ports 1/1-8. Switch(Config)#interface ethernet1/1-8 Switch(Config-Port-Range)#no shutdown 4.2.1.2.13 speed-duplex Command:speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | { {force1g-half | force1g-full} [nonegotiate [master | slave]] } } no speed-duplex Function: Sets the speed and duplex mode for 1000Base-TX or 100Base-TX ports; the “no speed-duplex”...
Page 150: Vlan Interface Configuration
4.2.2 VLAN Interface Configuration 4.2.2.1 VLAN Interface Configuration Task List Enter VLAN Mode Configure the IP address for VLAN interface and enable VLAN interface. 1. Enter VLAN Mode Command Explanation Global Mode Enters Interface Mode; the “no interface vlan <vlan-id> interface vlan <vlan-id>“...
Page 151: Network Management Port Configuration
4.2.2.2.2 ip address Command: ip address <ip-address> <mask> [secondary] no ip address [<ip-address> <mask>] [secondary] Function: Sets the IP address and mask for the switch; the “no ip address [<ip-address> <mask>]” command deletes the specified IP address setting. Parameters: <ip-address> is the IP address in decimal format; <mask> is the subnet mask in decimal format;...
Page 152 2. Configure the properties for the network management ports （1） Enable/Disable ports （2） Configure port speed （3） Configure port duplex mode （4） Enable/Disable port loopback function （5） Configuring port IP Address 1. Enter the network management port configuration mode Command Explanation Global Mode Enters the network management port...
Page 153 are linked. If the duplex setting of the port is auto-negotiation, the port speed will be set to auto-negotiation automatically; if the port duplex mode changes from auto-negotiation to forced full/half-duplex, the port speed will also become forced mode, the forced speed will be the port speed before this command.
Page 154 Function: Enables the loopback test function for the network management port; the “no loopback” command disables the loopback test the on network management port. Command mode: Network management port configuration Mode Default: Loopback test is disabled in network management port by default. Usage Guide: Loopback test can be used to verify the network management port is working normally.
Page 155: Port Mirroring Configuration
be verified to be the same. Example: Setting the network management port to forced 100Mbps. Switch(Config)#interface ethernet 0 Switch(Config-Ethernet0)#speed force100 4.3 Port Mirroring Configuration 4.3.1 Introduction to Port Mirroring Port mirroring refers to the duplication of data frames sent/received on a port to another port.
Page 156: Device Mirroring Troubleshooting Help
4.3.3.1 port monitor Command:port monitor interface <interface-list> {rx| tx| both} no port monitor interface <interface-list> port mirror source;the “no Function:Specifies port monitor interface <interface-list>” command deletes the mirror source port. Parameter:<interface-list> is the mirror source port list, in which special characters such as “-”、...
Page 157: Port Configuration Example
port traffic; please decrease the number of source ports, duplicate traffic for one direction only or choose a port with greater throughput as the destination port. 4.4 Port Configuration Example SwitchA SwitchB 1/12 1/10 SwitchC Fig 4-1 Port Configuration Example No VLAN has been configured in the switches, default VLAN1 is used.
Page 158: Port Troubleshooting Help
4.5 Port Troubleshooting Help Here are some situations that frequently occurs in port configuration and the advised solutions: Two connected fiber interfaces won’t link up if one interface is set to auto-negotiation but the other to forced speed/duplex. This is determined by IEEE 802.3.
Page 159: Bandwidth Control
enabled flow control. Loopback: Sets up Ethernet port to enable loopback testing function. Example: Assign port to be Ethernet 1/1 and set up MDI as normal; Admin control status as no shutdown, speed/duplex as auto, port flow control status as disabled flow control and Loopback as no loopback.
Page 160: Vlan Interface Configuration
control and receiving data packet with 100M. 4.6.4 Vlan interface configuration Click Port configuration, vlan interface configuration to open the VLAN port configuration management list to allocate IP address and mask on L3 port and so on. 4.6.5 Allocate IP address for L3 port Click “Port configuration”, “vlan interface configuration”, Allocate IP address for L3 port to allocate IP address for L3 port.
Page 161: Port Mirroring Configuration
4.6.7 Port mirroring configuration Click “Port configuration”, “Port mirroring configuration” to enter port mirroring configuration management table to do port mirroring configurations. 4.6.8 Mirror configuration Click Port configuration, Port mirroring configuration, Mirror configuration to configure port mirroring function including configuring mirroring source port and mirroring destination port functions.
Page 162 Click “Port configuration”, “Port debug” and “maintenance”, Show port information to check the statistic information of the receiving/sending data packet information of the port.
Page 163: Chapter 5 Port Channel Configuration
Chapter 5 Port Channel Configuration 5.1 Introduction to Port Channel To understand Port Channel, Port Group should be introduced first. Port Group is a group of physical ports in the configuration level, only physical ports in the Port Group can take part in link aggregation and become a member port of a Port Channel. Logically, Port Group is not a port but a port sequence.
Page 164: Port Channel Configuration
For Port Channel to work properly, member ports of the Port Channel must have the same properties as follows: All ports are in full-duplex mode. All Ports are of the same speed. All ports are Access ports and belong to the same VLAN or are all Trunk ports. If the ports are Trunk ports, then their “Allowed VLAN”...
Page 165: Command For Port Channel
Command Explanation Interface Mode port-group <port-group-number> mode Adds ports to the port group {active|passive|on} and sets their mode. no port-group <port-group-number> 3. Enter port-channel configuration mode. Command Explanation Global Mode Enters port-channel interface port-channel <port-channel-number> configuration mode. 5.2.2 Command for port channel 5.2.2.1 debug lacp Command:debug lacp no debug lacp...
Page 166 otherwise, the group will be deleted. Parameters: <port-group-number> is the group number of a port channel from 1 to 8, if the group number is already exist, an error message will be given. dst-mac performs load balancing according to destination MAC; src-mac performs load balance according to source MAC;...
Page 167 Example: Under the Port Mode of Ethernet1/1, add current port to “port-group 1” in “active” mode. Switch(C onfig-Ethernet1/1)#port-group 1 mode active 5.2.2.4 interface port-channel Command: interface port-channel <port-channel-number> Function: Enters the port channel configuration mode Command mode: Global Mode Usage Guide:On entering aggregated port mode, configuration to GVRP or spanning tree modules will apply to aggregated ports;...
Page 168 Number of ports in group Port number in the port group Maxports Maximum number of ports allowed in a group Number of port-channels Whether aggregated to port channel or not Max port-channels Maximum port channel number can be formed by port group.
Page 169 portnumber Port number actor_port_agg_id The channel number to add the port to. If the port cannot be added to the channel due to inconsistent parameters between the port and the channel, 3 will be displayed. partner_oper_sys System ID of the other end. partner_oper_key Operational key of the other end.
Page 170 Expired Partner part Administrative Operational system 000000-000000 000000-000000 system priority 0x8000 0x8000 0x0001 0x0001 port number port priority 0x8000 0x8000 port state LACP activety LACP timeout Aggregation Synchronization Collecting Distributing Defaulted Expired Selected Unselected Displayed information Explanation portnumber Port number port priority Port Priority system...
Page 171: Port Channel Example
5. Display port-channel information for port-group1. Switch# show port-group 1 port-channel Port channels in the group 1: ----------------------------------------------------------- Port-Channel: port-channel1 Number of port : 2 Standby port : NULL Port in the port-channel : Index Port Mode ------------------------------------------------------ Ethernet1/1 active Ethernet1/2 active Displayed information...
Page 172 ports should be connected with cables (shown as the four connecting lines in the figure) The configuration steps are listed below: SwitchA#config SwitchA (Config)#interface eth 1/1-4 SwitchA (Config-Port-Range)#port-group 1 mode active SwitchA (Config-Port-Range)#exit SwitchA (Config)#interface port-channel 1 SwitchA (Config-If-Port-Channel1)# SwitchB#config SwitchB (Config)#port-group 2 SwitchB (Config)#interface eth 1/1-4 SwitchB (Config-Port-Range)#port-group 2 mode passive...
Page 173: Port Channel Troubleshooting Help
The configuration steps are listed below: SwitchA#config SwitchA (Config)#interface eth 1/1 SwitchA (Config-Ethernet1/1)# port-group 1 mode on SwitchA (Config-Ethernet1/1)#exit SwitchA (Config)#interface eth 1/2 SwitchA (Config-Ethernet1/2)# port-group 1 mode on SwitchA (Config-Ethernet1/2)#exit SwitchA (Config)#interface eth 1/3 SwitchA (Config-Ethernet1/3)# port-group 1 mode on SwitchA (Config-Ethernet1/3)#exit SwitchA (Config-Ethernet1/4)# port-group 1 mode on SwitchA (Config-Ethernet1/4)#exit...
Page 174: Web Management
Some commands cannot be used on a port in port-channel, such as arp, bandwidth, ip, ip-forward, etc. When port-channel is forced, as the aggregation is triggered manually, the port group will stay unaggregated if aggregation fails due to inconsistent VLAN information.
Page 175: Lacp Port Configuration
5.5.2 LACP port configuration Click LACP port configuration to enter configuration page Click Apply button to add port into the group. Display port member Select a group num in port configuration and the information of port member will be shown under the configuration table. Port: name of port member Port mode: active or passive...
Page 176: Chapter 6 Vlan Configuration
Chapter 6 VLAN Configuration 6.1 VLAN Configuration 6.1.1 Introduction to VLAN VLAN (Virtual Local Area Network) is a technology that divides the logical addresses of devices within the network to separate network segments basing on functions, applications or management requirements. By this way, virtual workgroups can be formed regardless of the physical location of the devices.
Page 177: Vlan Configuration Task List
Simplifying Network Management Lowering network cost Enhancing network security VLAN and GVRP (GARP VLAN Registration Protocol) defined by 802.1Q are implemented in ES4700 series. The chapter will describe the use and configuration of VLAN and GVRP in details. 6.1.2 VLAN Configuration Task List 1.
Page 178: Command For Vlan Configuration
Command Explanation Interface Mode Set/delete VLAN allowed to be crossed by Trunk. The “no” switchport trunk allowed vlan {<vlan-list>|all} command restores the default no switchport trunk allowed vlan <vlan-list> setting. switchport trunk native vlan <vlan-id> Set/delete PVID for Trunk port. no switchport trunk native vlan 5.
Page 179 Command: vlan <vlan-id>[name <vlan-name>] no vlan <vlan-id>[name] Function: Create a VLAN and enter VLAN configuration mode, and can set VLAN name. In VLAN Mode, the user can assign the switch ports to the VLAN. The “no vlan <vlan-id>“ command deletes specified VLANs. Parameter: <vlan-id>...
Page 180 Community types. Switch(Config)#vlan 100 Switch(Config-Vlan100)#private-vlan primary Switch(Config-Vlan100)#exit Switch(Config)#vlan 200 Switch(Config-Vlan200)#private-vlan isolated Switch(Config-Vlan200)#exit Switch(Config)#vlan 300 Switch(Config-Vlan300)#private-vlan community Switch(Config-Vlan300)#exit 6.1.3.3 private-vlan association Command: private-vlan association <secondary-vlan-list> no private-vlan association Function: Set Private VLAN association; the “no private-vlan association” command cancels Private VLAN association. Parameter: <secondary-vlan-list>...
Page 181 Usage Guide: If no <vlan-id> or <vlan-name> is specified, then information for all VLANs in the switch will be displayed. Example: Display the status for the current VLAN; display statistics for the current VLAN. Switch#show vlan VLAN Name Type Media Ports ---- ------------ ---------- --------- ---------------------------------------- default...
Page 182 Usage Guide: Only ports in Access mode can join specified VLANs, and an Access port can only join one VLAN at a time. Example: Add some Access port to VLAN100. Switch(Config)#interface ethernet 1/8 Switch(Config-ethernet1/8)#switchport mode access Switch(Config-ethernet1/8)#switchport access vlan 100 Switch(Config-ethernet1/8)#exit 6.1.3.6 switchport interface Command: switchport interface <interface-list>...
Page 183 Switch(Config-ethernet1/8)#switchport mode access Switch(Config-ethernet1/8)#exit 6.1.3.8 switchport trunk allowed vlan Command: switchport trunk allowed vlan {<vlan-list>|all} no switchport trunk allowed vlan Function: Set trunk port to allow VLAN traffic; the “no switchport trunk allowed vlan” command restores the default setting. Parameter: <vlan-list> is the list of VLANs allowed to pass through in the specified Trunk port;...
Page 184: Typical Vlan Application
Command: switchport ingress-filtering no switchport ingress-filtering Function: Enable the VLAN ingress rule for a port; the “no vlan ingress disable” command disables the ingress rule. Command mode: Interface Mode Default: VLAN ingress rules are enabled by default. Usage Guide: When VLAN ingress rules are enabled on the port, when the system receives data it will check source port first, and forwards the data to the destination port if it is a VLAN member port.
Page 185 Configuration Configuration description Item VLAN2 Site A and site B switch port 2 -4. VLAN100 Site A and site B switch port 5 -7. VLAN200 Site A and site B switch port 8 -10. Trunk port Site A and site B switch port 11. Connect the Trunk ports of both switches for a Trunk link to convey the cross-switch VLAN traffic;...
Page 186: Gvrp Configuration
Switch(Config-Ethernet1/11)#switchport mode trunk Switch(Config-Ethernet1/11)#exit 6.2 GVRP Configuration 6.2.1 Introduction to GVRP GARP (Generic Attribute Registration Protocol) can be used to dynamically distribute, populate and register property information between switch members within a switch network, the property can be VLAN information, Multicast MAC address of the other information.
Page 187: Command For Gvrp
Command Explanation Interface Mode bridge-ext garp timer join <timer-value> no bridge-ext garp timer join Configure the hold, join and bridge-ext garp timer leave <timer-value> leave timers for GARP. no bridge-ext garp timer leave bridge-ext garp timer hold <timer-value> no bridge-ext garp timer hold Global Mode Configure the leave all timer bridge-ext garp timer leave all <timer-value>...
Page 188 Switch(Config)#exit 6.2.3.2 debug gvrp Command:debug gvrp no debug gvrp Function: Enable the GVRP debugging function: the”no debug gvrp”command disables the function. Command mode: Admin Mode Default: GVRP debug information is disabled by default. Usage Guide: Use this command to enable GVRP debugging, GVRP packet processing information can be displayed.
Page 189 Usage Guide: GARP application entity sends a join message after join timer over, other GARP application entities received the join message will register this message. Example: Set the GARP join timer value of port 1/10 to 1000 ms. Switch(Config-Ethernet1/10)#bridge-ext garp timer join 1000 6.2.3.5 bridge-ext garp timer leave Command:bridge-ext garp timer leave <timer-value>...
Page 190: Typical Gvrp Application
Command: show garp timer [<interface-name>] Function: Display the global and port information for GARP. Parameter: <interface-nam> stands for the name of the Trunk port to be displayed. Command mode: Admin Mode Usage Guide: N/A. Example: Display global GARP information. Switch #show garp timer 6.2.3.8 show gvrp configuration Command: show gvrp configuration [<interface-name>] Function: Display the global and port information for GVRP.
Page 191 Switch A Switch B Switch C Fig 6-3 Typical GVRP Application Topology To enable dynamic VLAN information register and update among switches, GVRP protocol is to be configured in the switch. Configure GVRP in Switch A, B and C, enable Switch B to learn VLAN100 dynamically so that the two workstation connected to VLAN100 in Switch A and C can communicate with each other through Switch B without static VLAN100 entries.
Page 192: Gvrp Troubleshooting Help
Switch(Config-Vlan100)#switchport interface ethernet 1/2-6 Switch(Config-Vlan100)#exit Switch(Config)#interface Ethernet 1/11 Switch(Config-Ethernet1/11)#switchport mode trunk Switch(Config-Ethernet1/11)# bridge-ext gvrp Switch(Config-Ethernet1/11)#exit Switch B: Switch(Config)# bridge-ext gvrp Switch(Config)#interface ethernet 1/10 Switch(Config-Ethernet1/10)#switchport mode trunk Switch(Config-Ethernet1/10)# bridge-ext gvrp Switch(Config-Ethernet1/10)#exit Switch(Config)#interface ethernet 1/11 Switch(Config-Ethernet1/11)#switchport mode trunk Switch(Config-Ethernet1/11)# bridge-ext gvrp Switch(Config-Ethernet1/11)#exit Switch C: Switch(Config)# bridge-ext gvrp Switch(Config)#vlan 100...
Page 193: Dot1Q-Tunnel Configuration
6.3 Dot1q-tunnel Configuration 6.3.1 Dot1q-tunnel Introduction Dot1q-tunnel is also called QinQ (802.1Q-in-802.1Q), which is an expansion of 802.1Q. Its dominating idea is encapsulating the customer VLAN tag (CVLAN tag) to the service provider VLAN tag (SPVLAN tag). Carrying the two VLAN tags the packet is transmitted through the backbone network of the ISP internet, so to provide a simple layer-2 tunnel for the users.
Page 194: Dot1Q-Tunnel Configuration
Applicable through simple static configuration, no complex configuration or maintenance to be needed. Operators will only have to assign one SPVID for each user, which increases the number of concurrent supportable users; while the users has got the ultimate freedom in selecting and managing the VLAN IDs (select within 1~4094 at users’...
Page 195 no dot1q-tunnel enable Function: Set the access port of the switch to dot1q-tunnel mode; the “no dot1q-tunnel enable” command restores to default. Parameter: None. Command Mode: Port Mode. Default: Dot1q-tunnel function disabled on the port by default. Usage Guide: After enabling dot1q-tunnel on the port, data packets without VLAN tag (referred to as tag) will be packed with a tag when entering through the port;...
Page 196: Typical Applications Of The Dot1Q-Tunnel
Switch(Config-Ethernet1/10)#exit 6.3.3.3 show dot1q-tunnel Command: show dot1q-tunnel Function: Display the information of all the ports at dot1q-tunnel state. Parameter: None. Command Mode: Admin Mode. Usage Guide: This command is used for displaying the information of the ports at dot1q-tunnel state. Example: Display current dot1q-tunnel state.
Page 197: Dot1Q-Tunnel Troubleshooting
Trunk port Port10 of PE1 and PE2 Configuration procedure is as follows: PE1: Switch(Config)#vlan 3 Switch(Config-Vlan3)#switchport interface ethernet 1/1 Switch(Config-Vlan3)#exit Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)# dot1q-tunnel enable Switch(Config-Ethernet1/1)#dot1q-tunnel tpid 9100 Switch(Config-Ethernet1/1)# exit Switch(Config)#interface ethernet 1/10 Switch(Config-Ethernet1/10)#switchport mode trunk Switch(Config-Ethernet1/10)#exit Switch(Config)# PE2: Switch(Config)#vlan 3 Switch(Config-Vlan3)#switchport interface ethernet 1/1 Switch(Config-Vlan3)#exit...
Page 198: Vlan-Translation Configuration
Configuring in port-channel is not supported 6.4 VLAN-translation Configuration 6.4.1 VLAN-translation Introduction VLAN translation, as one can tell from the name, which translates the original VLAN ID to new VLAN ID according to the user requirements so to exchange data across different VLANs.
Page 199: Vlan-Translation Configuration Command
Command Explanation Port mode vlan-translation miss drop {in|out|both} Configure the VLAN-translation packet vlan-translation miss drop dropped on port if there is any failure. {in|out|both} 6.4.3 VLAN-translation Configuration Command 6.4.3.1 show vlan-translation Command: show vlan-translation Function: Display the information of all the ports at VLAN-translation state. Parameter: None.
Page 200 forwarding if not match. Same original VLAN ID and same current VLAN ID can be configured in different directions, however , the original and the current VLAN ID must not be the same. Example: Move the VLAN100 data entered from the port1 to VLAN2 after entrance translation, and the data traffic out from VLAN2 to VLAN100 after exit translation.
Page 201: Typical Application Of Vlan-Translation
current VID, if no translation correspondence is configured, the packet will not be dropped by default, but will after use this command. Example: Set to packet dropped at entrance of port1 when translation fails. Switch(Config-If-Ethernet4/1)#vlan-translation miss drop in 6.4.4 Typical Application Of VLAN-translation Scenario Edge switch PE1 and PE2 of the ISP internet support the VLAN20 data task between CE1 and CE2 of the client network with VLAN3.
Page 202: Vlan-Translation Troubleshooting
6.4.5 VLAN-translation Troubleshooting Normally the VLAN-translation is applied on trunk ports. Normally before using the VLAN-translation, the dot1q-tunnel function needs to be enabled, becoming adaptable to double tag data packet and translating the VLAN normally. Configuring in port-channel is not supported. 6.5 Dynamic VLAN Configuration 6.5.1 Dynamic VLAN Introduction The dynamic VLAN is named corresponding to the static VLAN (namely the port...
Page 203: Dynamic Vlan Configuration
6.5.2 Dynamic VLAN Configuration 6.5.2.1 Dynamic VLAN Configuration Task Sequence Configure the MAC-based VLAN function on the port Configure the correspondence between the MAC address and the VLAN Configure the IP-subnet-based VLAN function on the port Configure the correspondence between the IP subnet and the VLAN Configure the correspondence between the Protocols and the VLAN Adjust the priority of the dynamic VLAN 1.
Page 204 5. Configure the correspondence between the Protocols and the VLAN Command Explanation Global Mode protocol-vlan mode {ethernetii etype <etype-id>|llc {dsap <dasp-id> ssap Add/delete the correspondence <ssap-id>}|snap etype <etype-id>} vlan between the Protocols and the VLAN, <vlan-id> namely specified protocol protocol-vlan {mode {ethernetii joins/leaves specified VLAN...
Page 205 Default: MAC-based VLAN is preferred by default Usage Guide: Configure the preference of dynamic-vlan on switch. The default priority sequence is MAC-based VLAN、IP-subnet-based VLAN、Protocol-based VLAN, namely the preferred order when several dynamic VLAN is available. This command is used to set to preferring the IP-subnet-based VLAN Example: Set the IP-subnet-based VLAN preferred.
Page 206 access point of the destination service, the valid range is 0~255;aasp-id is the access point of the source service with a valid range of 0~255;snap is SNAP encapsulate format;etype-id is the type of the packet protocol, the valid range is 1536~65535;vlan-id is the ID of VLAN, the valid range is 1~4094;all indicates all the encapsulate protocols.
Page 207 00-0a-eb-26-8d-f3 00-03-0f-11-22-33 6.5.2.2.7 show mac-vlan interface Command: show mac-vlan interface Function: Display the ports at MAC-based VLAN Parameter: None Command Mode: Admin Mode Usage Guide: Display the ports at MAC-based VLAN Example: Display the ports currently at MAC-based VLAN Switch #show mac-vlan interface Ethernet1/1 Ethernet1/2 Ethernet1/3...
Page 208 192.168.1.165 255.255.255.0 202.200.121.21 255.255.0.0 10.0.0.1 255.248.0.0 6.5.2.2.10 show subnet-vlan interface Command: show subnet-vlan interface Function: Display the port at IP-subnet-based VLAN Parameter: None Command Mode: Admin Mode Usage Guide: Display the port at IP-subnet-based VLAN Example: Display the port currently at IP-subnet-based VLAN Switch#show subnet-vlan interface Ethernet1/1 Ethernet1/2...
Page 209: Typical Application Of The Dynamic Vlan
6.5.2.2.12 switchport mac-vlan enable Command: switchport mac-vlan enable no switchport mac-vlan enable Function: Enable the MAC-based VLAN function on the port; the "no” form of this command will disable the MAC-based VLAN function on the port Parameter: None Command Mode: Port Mode. Default: The MAC-base VLAN function is enabled on the port by default Usage Guide: After adding a MAC address to specified VLAN, the MAC-based VLAN function will be globally enabled.
Page 210: Dynamic Vlan Troubleshooting
100. Assume one of the members is M, the MAC address of his PC is 00-03-0f-11-22-33, and similar configurations are assigned to other members. Figure 6-6 Typical topology application of dynamic VLAN Configuration Configuration Explanation Items MAC-based Global configuration on Switch A, Switch B, Switch C VLAN Configuration procedure Switch A, Switch B, Switch C:...
Page 211: Voice Vlan Configuration
6.6 Voice VLAN Configuration 6.6.1 Voice VLAN Introduction Voice VLAN is specially configured for the user voice data traffic. By setting a Voice VLAN and adding the ports of the connected voice equipments to the Voice VLAN, the user will be able to configure QoS (Quality of service) service for voice data, and improve the voice data traffic transmission priority to ensure the calling quality The switch can judge if the data traffic is the voice data traffic from specified equipment according to the source MAC address field of the data packet entering the port.
Page 212 2. Add a voice equipment to a Voice VLAN Command Explanation Global Mode voice-vlan mac <mac-address> mask <mac-mask> priority <priority-id> [name Specify certain voice equipment <voice-name>] join/leave the Voice VLAN voice-vlan {mac <mac-address> mask <mac-mask>|name <voice-name> |all} 3. Enable the Voice VLAN of the port Command Explanation Port Mode...
Page 213 no switchport voice-vlan enable Function: Enable the Voice VLAN function on the port; the “no” form of this command disables Voice VLAN function on the port Parameter: None Command Mode: Port Mode Default:Voice VLAN is enabled by default Usage Guide:When voice equipment is added to the Voice VLAN, the Voice VLAN is enabled globally by default.
Page 214: Typical Applications Of The Voice Vlan
6.6.2.2.4 voice-vlan vlan Command: voice-vlan vlan <vlan-id> no voice-vlan Function: Configure the specified VLAN to Voice VLAN; the “no voice-vlan " command cancels the Voice VLAN configuration of this VLAN Parameter: Vlan id is the number of the specified VLAN Command Mode:Global Mode Default: No Voice VLAN is configured by default Usage Guide:Set specified VLAN for Voice VLAN, There can be only one Voice VLAN...
Page 215: Voice Vlan Troubleshooting
Configuration procedure Switch A: Switch(Config)#vlan 100 Switch(Config-Vlan100)#exit Switch(Config)#voice-vlan vlan 100 Switch(Config)#voice-vlan mac 00-03-0f-11-22-33 mask 255 priority 5 name company Switch(Config)#voice-vlan mac 00-03-0f-11-22-55 mask 255 priority 5 name company Switch(Config)#interface ethernet 1/10 Switch(Config-If-Ethernet1/10)#switchport mode trunk Switch(Config-If-Ethernet1/10)#exit 6.6.4 Voice VLAN Troubleshooting Voice VLAN can not be applied concurrently with MAC-base VLAN The Voice VLAN support maximum 1024 sets of voice equipments, the exceeded number of equipments will not be supported The Voice VLAN on the port is enabled by default.
Page 216: Chapter 7 Mac Table Configuration
Chapter 7 MAC Table Configuration 7.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses. Static MAC addresses are manually configured by the user, have the highest priority and are permanently effective (will not be overwritten by dynamic MAC addresses);...
Page 217 1/12 MAC 00-01-11-11-11-11 MAC 00-01-33-33-33-33 MAC 00-01-22-22-22-22 MAC 00-01-44-44-44-44 Fig 7-1 MAC Table dynamic learning The topology of the figure above: 4 PCs connected to ES4700 series, where PC1 and PC2 belongs to a same physical segment (same collision domain), the physical segment connects to port 1/5 of ES4700 series;...
Page 218: Forward Or Filter
series. 7.1.2 Forward or Filter The switch will forward or filter received data frames according to the MAC table. Take the above figure as an example, assuming ES4700 series have learnt the MAC address of PC1 and PC3, and the user manually configured the mapping relationship for PC2 and PC4 to ports.
Page 219: Mac Address Table Configuration Task List
ports; when the destination MAC address in a unicast frame is not found in the MAC table, the switch will broadcast the unicast frame. When VLANs are configured, the switch will forward unicast frame within the same VLAN. If the destination MAC address is found in the MAC table but belonging to different VLANs, the switch can only broadcast the unicast frame in the VLAN it belongs to.
Page 220: Show Mac-Address-Table
no mac-address-table (static|dynamic| discard) (address WORD|) (vlan <1-4096>|) (interface (ethernet|port-channel|) IFNAME |) Function: Add or modify static address entries and filter address entries. The “no mac-address-table [static|discard|dynamic] [address <mac-addr>] [vlan <vlan-id>] [interface [ethernet|portchannel] <interface-name>]” command deletes the two entries Parameter:static is the static entries;discard is filter entries, which is for discarding frames from specific MAC address;dynamic is dynamic address entries;<mac-addr>...
Page 221: Typical Configuration Examples
Switch#show mac-address-table discard 7.4 Typical Configuration Examples 1/11 MAC 00-01-11-11-11-11 MAC 00-01-33-33-33-33 MAC 00-01-22-22-22-22 MAC 00-01-44-44-44-44 Fig 7-2 MAC Table typical configuration example Scenario: Four PCs as shown in the above figure connect to port 1/5, 1/7, 1/9, 1/11 of switch, all the four PCs belong to the default VLAN1. As required by the network environment, dynamic learning is enabled.
Page 222: Mac Address Function Extension
connected to the port and Spanning Tree is still under calculation, wait until the Spanning Tree calculation finishes, and the port will learn the MAC address. If not the problems mentioned above , please check for the switch portand contact technical support for solution.
Page 223 Enable MAC address binding function for the port and lock the port. When a port is locked, the MAC address learning function for the port will be disabled: the port security “no port-security” command disables no port-security the MAC address binding function for the port,and restores the MAC address learning function for the port.
Page 224 Set the violation mode for the port; port-security violation {protect the “no port-security violation” shutdown} command restores default no port-security violation setting. 7.6.1.3 Command For MAC Address Binding configuration 7.6.1.3.1 clear port-security dynamic Command: clear port-security dynamic [address <mac-addr> interface <interface-id>...
Page 225 Function: Converts dynamic secure MAC addresses learned by the port to static secure MAC addresses, and disables the MAC address learning function for the port. Command mode: Interface Mode Usage Guide: The port dynamic MAC convert command can only be executed after the secure port is locked.
Page 226 Example: Set the maximum secure MAC address number for port 1 to 4. Switch(Config)#interface Ethernet 1/1 Switch(Config-Ethernet1/1)# port-security maximum 4 7.6.1.3.6 port-security timeout Command:port-security timeout <value> no port-security timeout Function: Set the timer for port locking; the “no port-security timeout” command restores the default setting.
Page 227 Command mode: Admin Mode Parameter: <interface-list> stands for the port to be displayed. Usage Guide: This command displays the secure port MAC address information, if no port is specified, secure MAC addresses of all ports are displayed. The following is an example: Switch# show port-security interface ethernet 1/3 Ethernet1/3 Security Mac Address Table...
Page 228 Displayed information Explanation Vlan The VLAN ID for the secure MAC Address Mac Address Secure MAC address Type Secure MAC address type Ports The port that the secure MAC address belongs to Total Addresses Current secure MAC address number in the system.
Page 229 Lock Timer Whether locking timer (timer timeout) is enabled for the port. Mac-Learning function Is the MAC address learning function enabled? 7.6.1.4 Binding MAC Address Binding Troubleshooting Help Enabling MAC address binding for ports may fail in some occasions. Here are some possible causes and solutions: If MAC address binding cannot be enabled for a port, make sure the port is not enabling Spanning tree or port aggregation and is not configured as a Trunk port.
Page 230: Chapter 8 Mstp Configuration
Chapter 8 MSTP Configuration 8.1 MSTP Introduction The MSTP (Multiple STP) is a new spanning-tree protocol which is based on the STP and the RSTP. It runs on all the bridges of a bridged-LAN. It calculates a common and internal spanning tree (CIST) for the bridge-LAN which consists of the bridges running the MSTP, the RSTP and the STP.
Page 231 Fig 8-1 Example of CIST and MST Region In the above network, if the bridges are running the STP other the RSTP, one port between Bridge M and Bridge B should be blocked. But if the bridges in the yellow range run the MSTP and are configured in the same MST region, MSTP will treat this region as a bridge.
Page 232: Port Roles
region to become the CST. The MSTI is only valid within its MST region. An MSTI has nothing to do with MSTIs in other MST regions. The bridges in a MST region receive the MST BPDU of other regions through Boundary Ports. They only process CIST related information and abandon MSTI information.
Page 233 Global Mode spanning-tree mode {mstp|stp} Set MSTP running mode no spanning-tree mode Interface Mode Force port migration to run under MSTP spanning-tree mcheck 2. Configure instance parameters Command Explanation Global Mode spanning-tree <instance-id> Set bridge priority for specified instance priority <bridge-priority> no spanning-tree mst <instance-id>...
Page 234 Command Explanation Global Mode Enter MSTP region mode. The “ no spanning-tree mst configuration spanning-tree mst configuration” command restores default no spanning-tree mst configuration setting. MSTP region mode instance <instance-id> vlan <vlan-list> Create Instance and set mapping instance <instance-id> [vlan between VLAN and Instance <vlan-list>] name <name>...
Page 235 Command Explanation Interface Mode spanning-tree link-type Set the port link type {auto|force-true|force-false} no spanning-tree link-type spanning-tree portfast Set the port to be an boundary port no spanning-tree portfast 6. Configure the format of MSTP Command Explanation Interface Mode Configure format port spanning-tree packet ，...
Page 236: Command For Mstp
Command Explanation Global Mode Enable: the spanning-tree flush once the topology changes. Disable:the spanning tree don’t flush spanning-tree tcflush enable when the topology changes. spanning-tree tcflush disable Protect: spanning-tree flush spanning-tree tcflush protect every ten seconds no spanning-tree tcflush “no spanning-tree tcflush”...
Page 237: Instance Vlan
Command mode: MSTP Region Mode Usage Guide:This command is to quit MSTP region mode with saving the current configuration. Example: Quit MSTP region mode with saving the current configuration. Switch(Config-Mstp-Region)#exit 8.3.3 instance vlan Command: instance <instance-id> vlan <vlan-list> no instance <instance-id> [vlan <vlan-list>] Function: In MSTP region mode, create the instance and set the mappings between VLANs and instances;...
Page 238: Revision-Level
32 characters. Command mode: MSTP Region Mode Default: Default MSTP region name is the MAC address of this bridge. Usage Guide: This command is to set MSTP region name. The bridges with same MSTP region name and same other attributes are considered in the same MSTP region. Example: Set MSTP region name to mstp-test.
Page 239: Spanning-Tree Format
Switch(Config-Ethernet1/2)#no spanning-tree 8.3.7 spanning-tree format Command:spanning-tree format standard | privacy | auto no spanning-tree format Function:Configure the format of the port packet so to be interactive with products of other companies. Parameter：standard：The packet format provided by IEEE privacy： Privacy packet format, which is compatible with CISCOequipments. auto：Auto identified packet format, which is determined by checking the format of the received packets.
Page 240: Spanning-Tree Hello-Time
Command: spanning-tree forward-time <time> no spanning-tree forward-time Function: Set the switch forward delay time; The command “no spanning-tree forward-time” restores the default setting. Parameter: <time> is forward delay time in seconds. The valid range is from 4 to 30. Command mode: Global Mode Default: The forward delay time is 15 seconds by default.
Page 241: Spanning-Tree Maxage
link-type” restores link type to auto-negotiation. Parameter: auto sets auto-negotiation, force-true forces the link as point-to-point type, force-false forces the link as non point-to-point type. Command mode: Interface Mode Default: The link type is auto by default, The MSTP detects the link type automatically. Usage Guide: When the port is full-duplex, MSTP sets the port link type as point-to-point;...
Page 242: Spanning-Tree Mcheck
uses max-hop to count BPDU lifetime. The max-hop is degressive in the network. The BPDU has the max value when it initiates from MSTI root bridge. Once the BPDU is received, the value of the max-hop is reduced by 1. When a port receives the BPDU with max-hop as 0, it drops this BPDU and sets itself as designated port to send the BPDU.
Page 243: Spanning-Tree Mst Cost
Command: spanning-tree mst configuration no spanning-tree mst configuration Function: Enter the MSTP mode. Under the MSTP mode, the MSTP attributes can be set. The command “no spanning-tree mst configuration” restores the attributes of the MSTP to their default values. Command mode: Global Mode Default: The default values of the attributes of the MSTP region are listed as below: Attribute of MSTP Default Value...
Page 244: Spanning-Tree Mst Port-Priority
Port Type Allowed Number Default Port Cost Aggregation Ports 10Mbps 2000000/N 100Mbps 200000/N 1Gbps 20000/N 10Gbps 2000/N Usage Guide: By setting the port cost, users can control the cost from the current port to the root bridge in order to control the elections of root port and the designated port of the instance.
Page 245: Spanning-Tree Portfast
should be the multiples of 4096, such as 0, 4096, 8192…61440. Command mode: Global Mode Default: The default bridge priority is 32768. Usage Guide: By setting the bridge priority, users can change the bridge ID for the specified instance. And the bridge ID can influence the elections of root bridge and designated port for the specified instance.
Page 246: Spanning-Tree Tcflush (Global Mode)
Note:Because the authentication string is related to instance ID and VLAN ID, the command may cuase recognizing the equipment that with different instance and VLAN relation as in the same region. Before the command is executed, make sure that instance and VLAN relation is accord for all the equipment.
Page 247: Mstp Example
Function: Configure the spanning-tree flush mode for port once the topology changes . “no spanning-tree tcflush” restores to default setting Parameter: Enable:the spanning-tree flush once the topology changes. Disable:the spanning tree don’t flush when the topology changes. Protect: the spanning-tree flush every ten seconds Default: Global configuration Command mode: Interface mode Usage Guide: According to MSTP , when topology changes, the port that send change...
Page 248 all in the default values (equal). The default configuration for switches is listed below: Bridge Name SwitchA SwitchB SwitchC SwitchD Bridge MAC …00-00-01 …00-00-02 …00-00-03 …00-00-04 Address Bridge Priority 32768 32768 32768 32768 Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7...
Page 249 SwitchB: SwitchB(Config)#vlan 20 SwitchB(Config-Vlan20)#exit SwitchB(Config)#vlan 30 SwitchB(Config-Vlan30)#exit SwitchB(Config)#vlan 40 SwitchB(Config-Vlan40)#exit SwitchB(Config)#vlan 50 SwitchB(Config-Vlan50)#exit SwitchB(Config)#spanning-tree mst configuration SwitchB(Config-Mstp-Region)#description mstp SwitchB(Config-Mstp-Region)#instance 3 vlan 20;30 SwitchB(Config-Mstp-Region)#instance 4 vlan 40;50 SwitchB(Config-Mstp-Region)#exit SwitchB(Config)#interface e1/1-7 SwitchB(Config-Port-Range)#switchport mode trunk SwitchB(Config-Port-Range)#exit SwitchB(Config)#spanning-tree SwitchC: SwitchC(Config)#vlan 20 SwitchC(Config-Vlan20)#exit SwitchC(Config)#vlan 30 SwitchC(Config-Vlan30)#exit SwitchC(Config)#vlan 40 SwitchC(Config-Vlan40)#exit...
Page 250 SwitchD: SwitchD(Config)#vlan 20 SwitchD(Config-Vlan20)#exit SwitchD(Config)#vlan 30 SwitchD(Config-Vlan30)#exit SwitchD(Config)#vlan 40 SwitchD(Config-Vlan40)#exit SwitchD(Config)#vlan 50 SwitchD(Config-Vlan50)#exit SwitchD(Config)#spanning-tree mst configuration SwitchD(Config-Mstp-Region)#description mstp SwitchD(Config-Mstp-Region)#instance 3 vlan 20;30 SwitchD(Config-Mstp-Region)#instance 4 vlan 40;50 SwitchD(Config-Mstp-Region)#exit SwitchD(Config)#interface e1/1-7 SwitchD(Config-Port-Range)#switchport mode trunk SwitchD(Config-Port-Range)#exit SwitchD(Config)#spanning-tree SwitchD(Config)#spanning-tree mst 4 priority 0 After the above configuration, SwitchA is the root bridge of the instance 0 of the entire network.
Page 251 SwitchA SwitchB SwitchC SwitchD Fig 8-3 The Topology Of the Instance 0 after the MSTP Calculation SwitchB SwitchC SwitchD Fig 8-4 The Topology Of the Instance 3 after the MSTP Calculation SwitchB SwitchC SwitchD Fig 8-5 The Topology Of the Instance 4 after the MSTP Calculation...
Page 252: Mstp Troubleshooting Help
8.5 MSTP Troubleshooting Help In order to run the MSTP on the switch port, the MSTP has to be enabled globally. If the MSTP is not enabled globally, it can’t be enabled on the port. The MSTP parameters co work with each other, so the parameters should meet the following conditions.
Page 253 Ext.RootPathCost : 200000 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID : 128.1 Current port list in Instance 0: Ethernet1/1 Ethernet1/2 (Total 2) PortName ExtRPC IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --------- --- ---- ------------------ ------- Ethernet1/1 128.001 0 FWD ROOT 16384.00030f010f52 128.007 Ethernet1/2 128.002...
Page 254 Force Version Version of STP Instance Information Self Bridge Id The priority and the MAC address of the current bridge for current instance The priority and the MAC address of the root bridge for the Root Id current instance Total cost from the current bridge to the root of the entire Ext.RootPathCost network Cost from the current bridge to the region root of the current...
Page 255 1-29, 31-39, 41-4094 8.5.1.3 show mst-pending Command: show mst-pending Function: In the MSTP region mode, display the configuration of the current MSTP region. Command mode: MSTP Region Mode Usage Guide: In the MSTP region mode, display the configuration of the current MSTP region such as MSTP name, revision, VLAN and instance mapping.
Page 256: Web Management
Switch#debug spanning-tree Switch#debug spanning-tree bpdu rx interface e1/1 8.6 Web Management Click “MSTP control” to enter MSTP control configuration mode to manage MSTP features for the switch. 8.6.1 MSTP field operation Click “MSTP control” to enter MSTP field operation. 8.6.1.1 Instance configuration Click “MSTP control”...
Page 257: Mstp Port Operation
8.6.2 MSTP port operation 8.6.2.1 Edge port setting Click “MSTP control” to enter MSTP field operation, then "PortFast Config". Set the port to be an edge port Configure port 1/5 to be edge ports. 8.6.2.2 Port priority setting Click “MSTP control” to enter MSTP port operation, then "Port Priority Config". Set the priority for the current port on specified instance Set the priority for port 1/2 of instance1 to 32.
Page 258: Mstp Global Control
8.6.2.5 Link type configuration Click “MSTP control” to enter MSTP port operation, then "Link_Type Config". Set the link type of the current port. Set the link of port 1/7 to be forced point-to-point type. 8.6.2.6 MSTP port configuration Click “MSTP control” to enter MSTP port operation, then "MSTP Agreement Port Config". Run the command to enable MSTP under the switch port configuration mode.
Page 259: Show Mstp Setting
Set MSTP Hello time to 5 seconds in Global Mode. 8.6.3.4 Set the max age time for BPDU information in the switch Click “MSTP control”, MSTP Global Control, then enter the switch BPDU message "Max Age Time Config". Set the max age time for BPDU information in the switch Set max age time to 25 seconds in Global Mode.
Page 260 Display Instance0 MSTP information. 8.6.4.2 MSTP field information Click “MSTP control”, “show MSTP setting”, enter "MSTP Field Information". Display effective MSTP field parameter configurations.
Page 261: Chapter 9 Qos And Pbr Configuration
Chapter 9 QoS And PBR Configuration 9.1 QoS Configuration 9.1.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.
Page 262 IP Precedence: IP priority.Classification information carried in Layer 3 IP packet header, occupying 3 bits, in the range of 0 to 7. DSCP: Differentiated Services Code Point, classification information carried in Layer 3 IP packet header, occupying 6 bits, in the range of 0 to 63, and is downward compatible with IP Precedence.
Page 263 and may discard some low priority packets in case of bandwidth shortage. If devices of each hop in a network support differentiated service, an end-to-end QoS solution can be created. QoS configuration is flexible, the complexity or simplicity depends on the network topology and devices and analysis to incoming/outgoing traffic. 9.1.1.3 Basic QoS Model The basic QoS consists of five parts: Classification, Policing, Remark, Queuing and Scheduling, where classification, policing and remark are sequential ingress actions, and...
Page 264 Fig 9-4 Classification process Policing and remark: Each packet in classified ingress traffic is assigned an internal DSCP value and can be policed and remarked. Policing can be performed based on DSCP value to configure different policies that allocate bandwidth to classified traffic. If the traffic exceeds the bandwidth set in the policy (out of profile), the out of profile traffic can be allowed, discarded or remarked.
Page 265 Fig 9-5 Policing and Remarking process Queuing and scheduling: Packets at the egress will re-map the internal DSCP value to CoS value, the queuing operation assigns packets to appropriate queues of priority according to the CoS value; while the scheduling operation performs packet forwarding according to the prioritized queue weight.
Page 266: Qos Configuration Task List
Fig 9-6Queuing and Scheduling process 9.1.2 QoS Configuration Task List 1． Enable QoS QoS can be enabled or disabled in Global Mode. QoS must be enabled first in Global Mode to configure the other QoS commands. 2． Configure class map. Set up a classification rule according to ACL, VLAN ID, IP Precedence or DSCP to classify the data stream.
Page 267 policies. 3． Configure a policy map. After data steam classification, a policy map can be created to associate with the class map created earlier and enter class mode. Then different policies (such as bandwidth limit, priority degrading, assigning new DSCP value) can be applied to different data streams.
Page 268 Command Explanation Global Mode Create a policy map and enter policy policy-map <policy-map-name> map mode; the “no policy-map no policy-map <policy-map-name> command <policy-map-name>” deletes the specified policy map. After a policy map is created, it can be class <class-map-name> associated to a class. Different policy no class <class-map-name>...
Page 269 set. 4. Apply QoS to ports Command Explanation Interface Mode Configure port trust; the “no trust [cos [pass-through-dscp]|dscp mls qos trust” command [pass-through-cos]|ip-precedence [pass-through disables the current trust cos]|port priority <cos>] status of the port. no mls qos trust Configure the default CoS mls qos cos {<default-cos>...
Page 270: Command For Qos
default setting. the” queue mode strict” queue mode strict command configure queue queue mode wrr out method to pq method; “queue mode wrr” command restores default WRR queue out method Global Mode Set CoS value mapping to wrr-queue cos-map <queue-id> <cos1 ... cos8> specified egress queue;...
Page 271 “no class <class-map-name>“ command deletes the specified class. Parameters: < class-map-name> is the class map name used by the class. Default: No policy class is configured by default. Command mode: Policy map configuration Mode Usage Guide: Before setting up a policy class, a policy map should be created and the policy map mode entered.
Page 272 Switch(config)#class-map c1 Switch(config-ClassMap)#match ip precedence 0 1 Switch(config-ClassMap)#exit 9.1.3.3 set Command:set {ip dscp <new-dscp> | ip precedence <new-precedence>|ipv6 dscp <new-dscp> | ipv6 flowlabel <new-flowlabel>|cos<new cos>} no set {ip dscp | ip precedence|ipv6 dscp | ipv6 flowlabel |cos<new cos>} Function: Assign a new DSCP, IP Precedence, IPv6 DSCP or IPv6 FL for the classified traffic;...
Page 273 Command:mls qos no mls qos Function: Enables QoS in Global Mode; the “no mls qos” command disables the global QoS. Command mode: Global Mode Default: QoS is disabled by default. Usage Guide: QoS provides 8 queues to handle traffics of 8 priorities. This function cannot be used with the traffic control function.
Page 274 exceed-action policed-dscp-transmit specifies to mark down packet DSCP value according to policed-dscp mapping when specified speed is exceeded. Default: No policy set is configured by default. Command mode: Global Mode Usage Guide: If a policy set is using by a policy map,it cannot be deleted unless the reference to the policy set is cleared in the appropriate policy map with “no police aggregate <aggregate-policer-name>“...
Page 275 9.1.3.9 mls qos dscp-mutation Command:mls qos dscp-mutation <dscp-mutation-name> no mls qos dscp-mutation <dscp-mutation-name> Function: Applies DSCP mutation mapping to the port; the “no mls qos dscp-mutation <dscp-mutation-name>“ command restores the DSCP mutation mapping default. Parameters: <dscp-mutation-name> is the name of DSCP mutation mapping. Default: There is no policy by default.
Page 276 <dscp-mutation-name> is the name for mutation mapping, <in-dscp> stand for incoming DSCP values, up to 8 values are supported, each DSCP value is delimited with space, ranging from 0 to 63, <out-dscp> is the sole outgoing DSCP value, the 8 values defined in incoming DSCP will be converted to outgoing DSCP values;...
Page 277 Parameters: <rate-kbps> is the average baud rate (kb/s) of classified traffic, ranging from 1,000 to 10,000,000; exceed-action drop means drop packets when specified speed is exceeded; exceed-action policed-dscp-transmit specifies to mark down packet DSCP value according to policed-dscp mapping when specified speed is exceeded.
Page 278 <policy-map-name>“ command deletes the specified policy map. Parameters: < policy-map-name> is the policy map name. Default: No policy map is configured by default. Command mode: Global Mode Usage Guide: QoS classification matching and marking operations can be done in the policy map configuration mode.
Page 279 supported yet. Example: Bind policy p1 to ingress Ethernet port 1/1. Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)# service-policy input p1 9.1.3.16 queue bandwidth Command: queue bandwidth<weight1 weight2 weight3 weight4 weight5 weight6 weight7 weight8> no queue bandwidth Function: Sets the WRR weight for specified egress queue; the “no queue bandwidth” command restores the default setting.
Page 280: Qos Example
9.1.4 QoS Example Scenario 1: Enable QoS function, change the queue out weight of port ethernet 1/1 to 1:1:2:2:4:4:8:8, and set the port in trust QoS mode without changing DSCP value, and set the default QoS value of the port to 5. The configuration steps are listed below: SWITCH# CONFIG Switch(Config)#mls qos...
Page 281 Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#police 10000 4000 exceed-action drop Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit Switch(Config)#interface ethernet 1/2 Switch(Config-Ethernet1/2)#service-policy input p1 Configuration result: An ACL name 1 is set to matching segment 192.168.1.0. Enable QoS globally, create a class map named c1, matching ACL1 in class map; create another policy map named p1 and refer to c1 in p1, set appropriate policies to limit bandwidth and burst value.
Page 282: Qos Troubleshooting Help
trunk port. In SwitchB, set port ethernet 1/1 that connecting to swtichA to trust IP precedence. Thus inside the QoS domain, packets of different priorities will go to different queues and get different bandwidth. The configuration steps are listed below: QoS configuration in SwitchA: SWITCH#CONFIG Switch(Config)#access-list 1 permit 192.168.1.0 0.0.0.255...
Page 283 If the policy is too complex to be configured due to hardware resource limit, error massages will be provided. 9.1.5.1 Monitor And Debug Command 9.1.5.1.1 show class-map Command: show class-map [<class-map-name>] Function: Displays class map of QoS. Parameters: < class-map-name> is the class map name. Default: N/A.
Page 284 9.1.5.1.3 show mls qos aggregate-policer Command: show mls qos aggregate-policer [<aggregate-policer-name>] Function: Displays policy set configuration information for QoS. Parameters: <aggregate-policer-name> is the policy set name. Default: N/A. Command mode: Admin Mode Usage Guide: Example: Switch #show mls qos aggregate-policer policer1 aggregate-policer policer1 80000 80 exceed-action drop Not used by any policy map Displayed information...
Page 285 DSCP Mutation Map: Default DSCP Mutation Port DSCP map name Attached policy-map for Ingress: p1 Policy name bound to port. Switch # show mls qos interface buffers ethernet 1/2 Ethernet1/2 packet number of 8 queue: 0x200 0x200 0x200 0x200 0x200 0x200 0x200 0x200 Displayed information Explanation packet number of 8 queue:...
Page 286 Displayed information Explanation Ethernet1/2 Port name ClassMap Name of the Class map Classified Total data packets match this class map. in-profile Total in-profile data packets match this class map. out-profile Total out-profile data packets match this class map. 9.1.5.1.5 show mls qos maps Command:show maps [cos-dscp...
Page 287: Pbr Configuration
d1 : d2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59...
Page 288: Pbr Examples
Establish a class rule and apply different policies on different kinds of data streams thereafter. Config policymap A policymap can be established after the data streams are classified. Assign each stream to previously created classmap and then enter the policy classmap mode. In this way different data streams can now be assigned to different next-hop IP address and apply the policy to the port.
Page 289 First set an ACL a1 with two items.The first item matches source IP segments 192.168.1.0/24 （allowed） . The second item matches source IP segments 192.168.1.0/24 and destination IP segments 192.168.0.0/16（rejected）. Turn on QoS function in global mode and create a class-map: c1 in which matches ACL a1, and create a policy-map in which quote c1.
Page 290: Chapter 10 L3 Forward Configuration
Chapter 10 L3 Forward Configuration ES4700 series supports Layer 3 forwarding which forwards Layer 3 protocol packets (IP packets) across VLANs. Such forwarding uses IP addresses, when a port receives an IP packet, it will index it in its own route table and decide the operation according to the index result.
Page 291: Command For Layer 3 Interface
Global Mode Creates a VLAN interface (VLAN interface is a Layer 3 interface); the “no interface interface vlan <vlan-id> vlan <vlan-id>” command deletes the no interface vlan <vlan-id> VLAN interface (Layer 3 interface) created in the switch. 10.1.3 Command for Layer 3 Interface 10.1.3.1 interface vlan Command: interface vlan <vlan-id>...
Page 292 facing the present scale and complexity of Internet. IPv6 refers to the sixth version of Internet protocol which is the next generation Internet protocol designed by IETF to replace the current Internet protocol version 4 (IPv4). IPv6 was specially developed to make up the shortages of IPv4 so that Internet can develop further.
Page 293: Ipv4 Configuration
Address automatic configuration and plug-and-play is supported. Large amounts of hosts can find network routers easily by address automatic configuration function of IPv6 while obtaining a globally unique IPv6 address automatically as well which makes the devices using IPv6 Internet plug-and-play. Automatic address configuration function also makes the readdressing of existing network easier and more convenient, and it is more convenient for network operators to manage the transformation from one provider to another.
Page 294: Ipv6 Configuration
10.2.2.1 Ipv4 Address Configuration Configure the IPv4 address of three-layer interface Command Explanation Interface Mode Configure IP address of VLAN interface; the no ip address ip address <ip-address> <mask> [secondary] [<ip-address> <mask>] no ip address [<ip-address> <mask>] command cancels IP address of VLAN interface.
Page 295 Configure IPv6 static routing （3） 2. IPv6 Neighbor Discovery Configuration Configure DAD neighbor query message number （1） Configure send neighbor query message interval （2） Enable and forbid router advertisement （3） Configure router advertisement lifespan （4） Configure router advertisement maximum interval （5）...
Page 296 Configure IPv6 address, including aggregatable global unicast addresses, local site addresses local link ipv6 address <ipv6-address/prefix-length> addresses. [eui-64] ipv6 no ipv6 address <ipv6-address/prefix-length> address <ipv6-address/prefix-length> command cancels IPv6 address. (3). Set IPv6 Static Routing Command Description Global mode [no] ipv6 route <iPv6-prefix/prefix-length> Configure IPv6 static routing.
Page 297 interval interface to send neighbor query message. The NO [no] ipv6 nd ns-interval <seconds> command resumes default value (1 second). （3）Forbid Router announce Command Explanation Interface Configuration Mode Forbid IPv6 Router Announce. [no] ipv6 nd suppress-ra command enables IPv6 router announce. （4）Configure Router Announce Lifespan Command Explanation...
Page 298 （7）Configure prefix announce parameters Command Explanation Interface Configuration Mode Configure the address prefix and announce parameters [no] ipv6 nd prefix of router. The NO command <ipv6-address/prefix-length> <valid-lifetime> cancels the address prefix <preferred-lifetime> [off-link] [no-autoconfig] of routing announce. （8）Set Static Neighbor Table Entries Command Explanation Interface Configuration Mode...
Page 299 Configure tunnel source end IPv4 address. command deletes the IPv4 [no] tunnel source <ipv4-daddress> address of tunnel source end. （3）Configure Tunnel Destination Command Description Tunnel Configuration Mode Configure tunnel destination end IPv4 address. The NO command deletes the IPv4 [no] tunnel destination <ipv4-address> address tunnel destination end.
Page 300 [no] ipv6 route Configure tunnel routing. The NO command <ipv6-address/prefix-length> clears tunnel routing. {<interface-type interface-number> | tunnel <tnl-id>} 10.2.3.2 Command For IPv6 Configuration 10.2.3.2.1 ipv6 enable Command:[no] ipv6 enable Function:This command enables functions such as Unicast IPv6 Data Packet Transmit, Neighbor Discover, Router Bulletin and Routing Protocol, etc.
Page 301 10.2.3.2.3 ipv6 route Command:[no] ipv6 route <ipv6-prefix/prefix-length> {<ipv6-address> |<interface-type interface-number>|{<ipv6-address> <interface-type interface-number>}|tunnel <tunnel no> }} [<precedence>] Function:Set IPv6 static router Parameters:Parameter <ipv6-prefix> is the destination address of IPv6 network static router, parameter length IPv6 prefix, parameter <prefix-length> <ipv6-address> is the next hop IPv6 address of the reachable network, parameter <interface-type interface-number>...
Page 302 Address Check to be sent, value being 0 means no Repeat Address Check is executed. Example:The Neighbor Request Message number sent in succession by interface when setting Repeat Address Check is 3.. Switch(Config-if-Vlan1)# ipv6 nd dad attempts 3 10.2.3.2.5 ipv6 nd ns-interval Command:ipv6 nd ns-interval <seconds>...
Page 303 otherwise the value should not be smaller than the maximum time interval of sending router announcement. If no configuration is made, this value is equal to 3 times of the maximum time interval of sending routing announcement. Example:Set the lifetime of routing announcement is 100 seconds. Switch (Config-if-Vlan1)#ipv6 nd ra-lifetime 100 10.2.3.2.8 ipv6 nd min-ra-interval Command:ipv6 nd min-ra-interval <seconds>...
Page 304 Function:Configure the address prefix and relative parameters for router announcement. Parameter:Parameter < ipv6-prefix> is the address prefix of the specified announcement, parameter < prefix-length> is the length of the address prefix of the specified announcement, parameter < valid-lifetime> is the valid lifetime of the prefix, parameter <...
Page 305 no-autoconfig is off by default. Usage Guide:This command allows controlling the router announcement parameters of every IPv6 prefix. Note that valid lifetime and preferred lifetime must be configured simultaneously. Example:Configure IPv6 announcement prefix as 2001:410:0:1::/64 on Vlan1, the valid lifetime of this prefix is 8640 seconds, and its preferred lifetime is 4320 seconds. Switch (Config-if-Vlan1)#ipv6 nd prefix 2001:410:0:1::/64 8640 4320 10.2.3.2.12 ipv6 neighbor Command:ipv6 neighbor <ipv6-address>...
Page 306 Function:Validate the reachability of the network. Parameter:Parameter ipv6-address is destination IPv6 address. Default: None Command Mode: Admin Mode Usage Guide:ping6 being followed by IPv6 address is the default situation, ping6 function can make settings for parameters of ping packets based on user choice. When ipv6-address is local link address, it is required to specify port number.
Page 307 Example:Configure tunnel source IPv4 address 202.89.176.6 Switch {Config-if-Tunnel1}#tunnel source 202.89.176.6 10.2.3.2.16 tunnel destination Command: [no] tunnel destination <ipv4-daddress> Function:Configure tunnel destination. Parameter:<ipv4-daddress> is the ipv4 address of tunnel destination Command Mode: Tunnel Configuration Mode Default Situation:None Usage Guide: None Example:Configure tunnel destination 203.78.120.5 Switch {Config-if-Tunnel1}#tunnel destination 203.78.120.5 10.2.3.2.17 tunnel nexthop Command:[no] tunnel nexthop <ipv4-daddress>...
Page 308: Ip Configuration Examples
Command Mode:Tunnel Configuration Mode Default:None Usage Guide:In configuring tunnel mode, only specifying ipv6ip indicates configuring tunnel. Ipv6ip 6to4 indicates it is 6to4 tunnel, ipv6ip isatap indicates it is ISATAP tunnel. Example:Configure tunnel mode 1、Switch {Config-if-Tunnel1}#tunnel mode ipv6ip 2、Switch {Config-if-Tunnel1}#tunnel mode ipv6ip 6to4 3、Switch {Config-if-Tunnel1}#tunnel mode ipv6ip isatap 10.2.3.2.20 clear ipv6 neighbor Command:clear ipv6 neighbors...
Page 309 2、 Configure IPv6 address 192.168.1.1 255.255.255.0 in vlan1 of SwitchA, and configure IPv4 address 192.168.2.1 255.255.255.0 in vlan2. 3、 Configure two vlans on SwitchB, respectively vlan2 and vlan3 4、 Configure IPv4 address 192.168.2.2 255.255.255.0 in vlan2 of SwitchB, and configure IPv4 address 192.168.3.1 255.255.255.0 in vlan2. 5、...
Page 310 Fig 10-2 IPv6 configuration example The user’s configuration requirements are: Configure IPv6 address of different network segments on SwitchA and SwitchB, configure static routing and validate reachability using ping6 function. Configuration Description: 1、 Configure two vlans on SwitchA, namely, vlan1 and vlan2. 2、...
Page 311 interface Vlan1 ipv6 address 2001::1/64 interface Vlan2 ipv6 address 2002::2/64 interface Loopback mtu 3924 ipv6 route 2003::/64 2002::2 no login SwitchB#show run interface Vlan2 ipv6 address 2002::2/64 interface Vlan3 ipv6 address 2003::1/64 interface Loopback mtu 3924 ipv6 route 2001::/64 2002::1 no login Example 2:...
Page 312 SwitchC SwithA SwitchB PC-A PC-B Fig 10-3 IPv6 Tunnel This case is IPv6 tunnel with the following user configuration requirements: SwitchA and SwitchB are tunnel nodes, dual-stack is supported. SwitchC only runs IPv4, PC-A and PC-B communicate. Configuration Description: 1、 Configure two vlans on SwitchA, namely, vlan1 and vlan2. Vlan1 is IPv6 domain, vlan2 connects to IPv4 domain.
Page 313: Ip Troubleshooting Help
SwitchA(Config-if-Vlan1)#no ipv6 nd suppress-ra SwitchA(Config-if-Vlan1)#interface vlan 2 SwitchA(Config-if-Vlan2)#ipv4 address 202.202.202.1 255.255.255.0 SwitchA(Config-if-Vlan1)#exit SwitchA(config)# interface tunnel 1 SwitchA(Config-if-Tunnel1)#tunnel source 202.202.202.1 SwitchA(Config-if-Tunnel1)#tunnel destination 203.203.203.1 SwitchA(Config-if-Tunnel1)#tunnel mode ipv6ip SwitchA(config)#ipv6 route ::/0 tunnel1 SwitchB(config)#ipv6 enable SwitchB(Config-if-Vlan4)#ipv6 address 2002:cbcb:cb01::2/64 SwitchB(Config-if-Vlan4)#no ipv6 nd suppress-ra SwitchB (Config-if-Vlan3)#interface vlan 3 SwitchB (Config-if-Vlan2)#ipv4 address 203.203.203.1 255.255.255.0 SwitchB (Config-if-Vlan1)#exit SwitchB(Config)#interface tunnel 1...
Page 314 Usage Guide: Display statistics for IP and ICMP packets received/sent. Example: Switch#show ip traffic IP statistics: Rcvd: 128 total, 128 local destination 0 header errors, 0 address errors 0 unknown protocol, 0 discards Frags: 0 reassembled, 0 timeouts 0 fragment rcvd, 0 fragment dropped 0 fragmented, 0 couldn't fragment, 0 fragment sent Sent: 0 generated, 0 forwarded...
Page 315 addresses, number packets unknown protocols; number of packets dropped. Frags: 0 reassembled, 0 timeouts Fragmentation statistics: number fragment rcvd, fragment packets reassembled, timeouts, dropped fragments received, fragments discarded, 0 fragmented, 0 couldn't fragment, packets that cannot be fragmented, 0 fragment sent number of fragments sent, etc.
Page 316 Switch#debug ip pa ip packet debug is on Switch# Switch# Switch# Switch#%Apr 19 15:56:33 2005 IP PACKET: rcvd, src 192.168.2.100, dst 192.168.2.1 , size 60, Ethernet0 10.2.5.1.3 debug ipv6 packet Command:[no] debug ipv6 packet Function:IPv6 data packets receive/send debug message. Parameter:None Default:None Command Mode:Admin Mode...
Page 317 src <2003::1> Source IPv6 address dst <2003::20a:ebff:fe26:8a49> Destination IPv6 address from Vlan1 Layer 3 port being sent 10.2.5.1.5 debug ipv6 nd Command:[no] debug ipv6 nd Function: ND data packets receive/send debug message. Parameter:None Default: None Command Mode:Admin Mode Example: Switch#debug ipv6 nd IPv6 ND: rcvd, type <136>, src <fe80::203:fff:fe01:2786>, dst <fe80::203:fff:fe01:59ba>...
Page 318 10.2.5.1.7 show ipv6 interface Command:show ipv6 interface {brief|{interface-name}} Function: Show interface IPv6 parameters. Parameter:Parameter brief is the brief summarization of IPv6 status and configuration, and parameter interface-name is Layer 3 interface name. Default:None Command Mode:Admin Mode Usage Guide:If only brief is specified, then information of all three layers is displayed, and you can also specify a specific Layer 3 interface.
Page 319 ND RA MTU is 0 ND advertised reachable time is 0 millisecond(s) ND advertised retransmit time is 0 millisecond(s) Displayed information Explanation Vlan1 Layer 3 interface name [up/up] Layer 3 interface status dev index Internal index No. fe80::203:fff:fe00:10 Automatically configured IPv6 address of Layer 3 interface 3001::1 Configured IPv6 address of Layer 3 interface...
Page 320 2006:1::/64 via ::, Vlan1 1024 2008:1:2:3::/64 via fe80::250:baff:fef2:a4f4, Vlan1 1024 2008:2005:5:8::/64 via ::, Ethernet0 2009:1::/64 via fe80::250:baff:fef2:a4f4, Vlan1 1024 2022:1::/64 via ::, Ethernet0 3333:1:2:3::/64 via fe80::20c:ceff:fe13:eac1, Vlan12 1024 3ffe:501:ffff:1::/64 via ::, Vlan4 3ffe:501:ffff:100::/64 via ::, Vlan5 1024 3ffe:3240:800d:1::/64 via ::, Vlan1 1024 3ffe:3240:800d:2::/64...
Page 321 manage items 5 IPv6 Address Hardware Addr Interface State 2002:ca60:c801:1:250:baff:fef2:a4f4 00-50-ba-f2-a4-f4 Vlan1 reachable 3ffe:3240:800d:1::100 00-03-0f-01-27-86 Vlan1 reachable 3ffe:3240:800d:1::8888 00-02-01-00-00-00 Vlan1 permanent 3ffe:3240:800d:1:250:baff:fef2:a4f4 00-50-ba-f2-a4-f4 Vlan1 reachable 3ffe:3240:800d:2::8888 00-02-01-00-01-01 Vlan2 permanent 3ffe:3240:800d:2:203:fff:fefe:3045 00-03-0f-fe-30-45 Vlan2 reachable fe80::203:fff:fe01:2786 00-03-0f-01-27-86 Vlan1 reachable fe80::203:fff:fefe:3045 00-03-0f-fe-30-45 Vlan2 reachable fe80::20c:ceff:fe13:eac1 00-0c-ce-13-ea-c1...
Page 322 IP statistics: Rcvd: 90 total, 17 local destination 0 header errors, 0 address errors 0 unknown protocol, 13 discards Frags: 0 reassembled, 0 timeouts 0 fragment rcvd, 0 fragment dropped 0 fragmented, 0 couldn't fragment, 0 fragment sent Sent: 110 generated, 0 forwarded 0 dropped, 0 no route ICMP statistics: Rcvd: 0 total 0 errors 0 time exceeded...
Page 323: Ip Forwarding
ipv6 enable has been on IPv6 transmission switch is at on status 10.2.5.1.12 show ipv6 tunnel Command:show ipv6 tunnel [<tnl-id>] Function:Display tunnel information. Parameter:Parameter tnl-id is tunnel No. Default Situation:None Command Mode:Admin Mode Usage Guide:If there is not tunnel number, then information of all tunnels are shown. If there is tunnel number, then the detailed information of specified tunnel is shown.
Page 324: Command For Ip Route Aggregation
1. Set whether IP route aggregation algorithm with/without optimization should be used. Command Explanation Enables the switch to use optimized IP ip fib optimize route aggregation algorithm; the “no ip fib no ip fib optimize optimize” disables the optimized IP route aggregation algorithm.
Page 325: Urpf Operation Mechanism
source address as the destination address which is acquired from the packet. If the found router exit interface does not match the entrance interface acquired from this packet, the switch will consider this packet a fake packet and discard it. 10.4.2 URPF Operation Mechanism At present the URPF operation mechanism is dependent on the ACL function provided by the switch chip when enabling URPF on layer 3 interface.
Page 326: Commands For Urpf
Enable the debugging information of the URPF module, the “no” form of this Debug urpf command disables the URPF debugging no debug urpf information output Display which layer 3 interfaces has Show urpf enabled with URPF Display the URPF rules generated by Show urpf interface the interface or layer 2 interface 10.4.4 Commands For URPF...
Page 327: Urpf Troubleshooting
Example: Display the urpf rule generated under vlan2 Switch#show urpf interface vlan 2 10.4.4.4 debug urpf Command: debug urpf no debug urpf Function: Enable the URPF debugging information; the “no” form of this command disables the URPF debugging information Command Mode: Admin Mode Parameter:None Usage Guide: Enable the URPF debugging information and view the URPF message process and the URPF item updating process, which facilitates to locate the failure.
Page 328: Arp Configuration Task List
ARP (Address Resolution Protocol) is mainly used to resolve IP address to Ethernet MAC address. ES4700 series supports both dynamic ARP and static ARP configuration. Furthermore, ES4700 series supports the configuration of proxy ARP for some applications. For instance, when an ARP request is received on the port, requesting an IP address in the same IP segment of the port but not the same physical network, if the port has enabled proxy ARP, the port would reply to the ARP with its own MAC address and forward the actual packets received.
Page 329 Command:arp <ip_address> <mac_address> {[ethernet] <portName>} no arp <ip_address> Function: Configures a static ARP entry; the “no arp <ip_address>” command deletes a static ARP entry. Parameters: <ip_address> is the IP address; <mac_address> is the MAC address; ethernet stands for Ethernet port; <portName> for the name of layer2 port. Default: No static ARP entry is set by default.
Page 330 If ping from the switch to directly connected network devices fails, the following can be used to check the possible cause and create a solution. Check whether the corresponding ARP has been learned by the switch. If ARP has not learned, then enabled ARP debugging information and view sending/receiving condition of ARP packets.
Page 331 Address Hardware Addr Interface Port Flag 50.1.1.6 00-0a-eb-51-51-38 Vlan50 Ethernet3/11 Dynamic 50.1.1.9 00-00-00-00-00-09 Vlan50 Ethernet1/1 Static 150.1.1.2 00-00-58-fc-48-9f Vlan150 Ethernet3/4 Dynamic Displayed information Explanation Total arp items Total number of Arp entries. the matched ARP entry number matching the filter conditions InCompleted ARP entries have ARP request sent without ARP reply...
Page 332: Chapter 11 Dhcp Configuration
Chapter 11 DHCP Configuration 11.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway, DNS server, and default route and host image file position within the network.
Page 333: Dhcp Server Configuration
be sent to the client by the server. In this case, a DHCP relay is required to forward such DHCP packets so that the DHCP packets exchange can be completed between the DHCP client and server. ES4700 series can act as both a DHCP server and a DHCP relay. DHCP server supports not only dynamic IP address assignment, but also manual IP address binding (i.e.
Page 334 ip dhcp pool <name> Configures DHCP Address pool no ip dhcp pool <name> (2) Configure DHCP address pool parameters Command Explanation DHCP Address Pool Mode network-address <network-number> Configures the address scope that can be [mask | prefix-length] allocated to the address pool no network-address default-router Configures default gateway for DHCP...
Page 335: Commands For Dhcp Server Configuration
dhcp excluded-address Excludes the addresses in the address <low-address> [<high-address>] pool that are not for dynamic allocation. dhcp excluded-address <low-address> [<high-address>] (3) Configure manual DHCP address pool parameters Command Explanation DHCP Address Pool Mode hardware-address <hardware-address> Specifies the hardware address when [{Ethernet | IEEE802|<type-number>}] assigning address manually no hardware-address...
Page 336 allowed. Command Mode: DHCP Address Pool Mode Usage Guide: Specify the name of the file to be imported for the client. This is usually used for diskless workstations that need to download a configuration file from the server on boot up. This command is together with the “next sever”. Example: The path and filename for the file to be imported is “c:\temp\nos.img”...
Page 337 command deletes the default gateway. Parameters: address1…address8 are IP addresses, in decimal format. Default: No default gateway is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: The IP address of default gateway(s) should be in the same subnet as the DHCP client IP, the switch supports up to 8 gateway addresses.
Page 338 Command: hardware-address <hardware-address> [{Ethernet IEEE802|<type-number>}] no hardware-address Function: Specifies the hardware address of the user when binding address manually; the “no hardware-address” command deletes the setting. Parameters: <hardware-address> is the hardware address in Hex; Ethernet | IEEE802 is the Ethernet protocol type, <type-number> should be the RFC number defined for protocol types, from 1 to 255, e.g., 0 for Ethernet and 6 for IEEE 802.
Page 339 Command:ip dhcp conflict logging no ip dhcp conflict logging Function: Enables logging for address conflicts detected by the DHCP server; the “no ip dhcp conflict logging” command disables the logging. Default: Logging for address conflict is enabled by default. Command mode: Global Mode Usage Guide: When logging is enabled, once the address conflict is detected by the DHCP server, the conflicting address will be logged.
Page 340 Usage Guide: The user can check information about DHCP address assignment from the log host when this command is configured. Any host running logtest.exe provided by SMC Networks can be a DHCP log host. Example: Enable the DHCP logging, the log host is 192.168.1.101, port 45.
Page 341 deletes the WINS server. Parameters: address1…address8 are IP addresses, in decimal format. Default: No WINS server is configured by default. Command Mode: DHCP Address Pool Mode Usage Guide: This command is used to specify WINS server for the client, up to 8 WINS server addresses can be configured.
Page 342 assignment by the DHCP server; one address pool can only have one corresponding segment. This command is exclusive with the manual address binding command “hardware address” and “host”. Example: Configuring the assignable address in pool 1 to be 10.1.128.0/24. Switch(dhcp-1-config)#network-address 10.1.128.0 24 11.2.2.17 next-server Command:next-server <address1>[<address2>[…<address8>]] no next-server...
Page 343: Dhcp Relay Configuration
Function: Enables DHCP server; the “no service dhcp” command disables the DHCP service. Default: DHCP service is disabled by default. Command mode: Global Mode Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP services are enabled, both DHCP server and DHCP relay are enabled. ES4700 series can only assign IP address for the DHCP clients and enable DHCP relay when DHCP server function is enabled.
Page 344: Dhcp Relay Configuration Task List
DHCP relay can not only send DHCP broadcasting packets to the specified DHCP servers, but can also send other specified UDP broadcast packet to specified servers. 11.3.1 DHCP Relay Configuration Task List 1. Enable DHCP relay. 2. Configure DHCP relay to forward DHCP broadcast packet. 3.
Page 345: Commands For Dhcp Relay Configuration
When layer 3 switches are used as DHCP ip dhcp relay information policy drop relays, this command sets relay no ip dhcp relay information policy forwarding policy to drop DHCP packets; the drop “no ip dhcp relay information policy drop” command allows DHCP packets forwarding.
Page 346 available for allocation by the DHCP server. Example: The network administrator finds 10.1.128.160 that has a conflict record in the log and is no longer used by anyone, so he deletes the record from the address conflict log. Switch#clear ip dhcp conflict 10.1.128.160 11.3.2.3 clear ip dhcp server statistics Command: clear ip dhcp server statistics Function: Deletes the statistics for DHCP server, clears the DHCP server count.
Page 347: Dhcp Configuration Example
11.3.2.6 ip helper-address Command:ip helper-address <ip-address> no ip helper-address <ip-address> Function: Specifies the destination address for the DHCP relay to forward UDP packets. The “no ip helper-address <ip-address>“ command cancels the setting. Default: Address for forwarding DHCP broadcast packet is set on DHCP relay by default. Command mode: Interface Mode Usage Guide: The DHCP relay forwarding server address corresponds to the port forwarding UDP, i.e., DHCP relay forwards corresponding UDP packets only to the...
Page 348 Device IP address Device IP address Default gateway 10.16.1.200 Default gateway 10.16.1.200 10.16.1.201 10.16.1.201 DNS server 10.16.1.202 DNS server 10.16.1.202 WINS server 10.16.1.209 WINS server 10.16.1.209 WINS node type H-node WINS node type H-node Lease 3 days Lease 3 days In location A, a machine with MAC address 00-03-22-23-dc-ab is assigned with a fixed IP address of 10.16.1.210 and named as “management”.
Page 349 Fig 11-3 DHCP Relay Configuration As shown in the above figure, route switch is configured as a DHCP relay. The DHCP server address is 10.1.1.10, TFTP server address is 10.1.1.20, the configuration steps is as follows: Switch (Config)#service dhcp Switch (Config)#interface vlan 1 Switch (Config-if-Vlan1)#ip address 192.168.1.1 255.255.255.0 Switch (Config-if-Vlan1)#exit Switch (Config)#vlan 2...
Page 350: Dhcp Troubleshooting Help
combination of command “ip forward-protocol udp <port>“ and “ip helper-address <ipaddress>“. “ip help-address” can only be configured for ports on layer 3 and cannot be configured on layer 2 ports directly. Usage Guide: When a DHCP/BootP client is connected to a VLAN1 port of the switch, the client can only get its address from 10.16.1.0/24 instead of 10.16.2.0/24.
Page 351 Command: show ip dhcp binding [ [<ip-addr>] + [type {all | manual | dynamic}] [count] ] Function: Displays IP-MAC binding information. Parameters: <ip-addr> is a specified IP address in decimal format; “all” stands for all binding types (manual binding and dynamic assignment); “manual” for manual binding; “dynamic”...
Page 352 Command: show ip dhcp server statistics Function: Displays statistics of all DHCP packets for a DHCP server. Command mode: Admin Mode Example: Switch# show ip dhcp server statistics Address pools Database agents Automatic bindings Manual bindings Conflict bindings Expired bindings Malformed message Message Received...
Page 353: Web Management
Malformed message Number of error messages. Message Received Statistics for DHCP packets received BOOTREQUEST Total packets received DHCPDISCOVER Number of DHCPDISCOVER packets DHCPREQUEST Number of DHCPREQUEST packets DHCPDECLINE Number of DHCPDECLINE packets DHCPRELEASE Number of DHCPRELEASE packets DHCPINFORM Number of DHCPINFORM packets Message Send Statistics for DHCP packets sent...
Page 354 DHCP pool name (1-32 character) - Configure DHCP pool name. ; for Address range for allocating, set IP address to 10.1.128.0; set Network mask to 255.255.255.0; set DHCP client node type to broadcast node; set Address lease timeout to 3 day 12 hour 30 minute, and then click Apply. The configuration is applied on the switch.
Page 355 has the lowest priority. For example: Select DHCP pool name to 1; set DNS server 1 to 10.1.128.3, and then click Apply. The configuration is applied on the switch. 11.6.1.5 Client WINS server configuration Click DHCP configuration, DHCP server configuration, Client WINS server configuration.
Page 356 DHCP client bootfile name (1-128 character) -Specify bootfile name. img; set File server1 to 10.1.128.4, and then click Apply. The configuration is applied on the switch. 11.6.1.7 DHCP network parameter configuration Click DHCP configuration, DHCP server configuration, DHCP network parameter configuration.
Page 357 11.6.1.9 Excluded address Click DHCP configuration, DHCP server configuration, Manual address pool configuration.Users configure exclusive addresses DCHP pool.10.1.128.1; set Ending address to 10.1.128.10; set Operation type to Add address not for allocating dynamically, and then click Apply. The configuration is applied on the switch.
Page 358: Dhcp Debugging
switch; click Default, DHCP relay is enabled on the switch. 11.6.2 DHCP debugging Click DHCP configuration, DHCP debugging. Users can display DHCP debug information. 11.6.2.1 Delete binding log Click DHCP configuration, DHCP debugging, Delete binding log. Users can delete specified binding log or all binding logs. For example: Set Delete all binding log to Yes, and then click Apply.
Page 359 11.6.2.5 Show conflict-logging Click DHCP configuration, DHCP debugging, Show conflict-logging. Users can display conflict logging.
Page 360: Chapter 12 Sntp Configuration
Chapter 12 SNTP Configuration 12.1 Introduction to SNTP The Network Time Protocol (NTP) is widely used for clock synchronization for global computers connected to the Internet. NTP can assess packet sending/receiving delay in the network, and estimate the computer’s clock deviation independently, so as to achieve high accuracy in network computer clocking.
Page 361: Command For Sntp
Fig 12-1 Working Scenario ES4700 series implements SNTPv4 and supports SNTP client unicast as described in RFC2030; SNTP client multicast and unicast are not supported, nor is the SNTP server function. 12.2 Command for SNTP 12.2.1 clock timezone Command:clock timezone <name> hour <hours> [before-utc | after-utc] Function:set the difference between local time and UTC time.
Page 362: Sntp Poll
(2) Configure a SNTP/NTP server IPv6 address Switch(Config)#sntp server 3ffe:506:1:2::5 12.2.3 sntp poll Command:sntp poll <interval> no sntp poll Function: Sets the interval for SNTP clients to send requests to NTP/SNTP; the “no sntp poll” command cancels the polltime sets and restores the default setting. Parameters: <...
Page 363: Typical Sntp Configuration Examples
12.3 Typical SNTP Configuration Examples SNTP/NTP Server SNTP/NTP Server SwitchA SwitchB SwitchC Fig 12-2 Typical SNTP Configuration All ES4700 series switches in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured.
Page 364: Request Interval Configuration
server address and server version. Example: Configure Server address as 10.1.1.1, configure version as 4, and then, Click Apply button to apply the configuration to switch. 12.4.2 Request interval configuration Click “SNTP configuration”, “Request interval configuration” to configure the sending request time interval from SNTP client to NTP/SNTP server.
Page 365: Chapter 13 Prevent Arp, Nd Spoofing Configuration
Chapter 13 Prevent ARP, ND Spoofing Configuration 13.1 Overview 13.1.1 ARP ( Address Resolution Protocol) Generally speaking, ARP (RFC-826) protocol is mainly responsible of mapping IP address to relevant 48-bit physical address, that is Mac address, for instance, IP address is 192.168.0.1, network card Mac address is 00-03-0F-FD-1D-2B.
Page 366: How To Prevent Void Arp/Nd Spoofing For Our Layer 3 Switch
13.1.3 How to prevent void ARP/ND Spoofing for our Layer 3 Switch There are many sniff, monitor and attack behaviors based on ARP protocol in networks, and most of attack behaviors are based on ARP spoofing, so it is very important to prevent ARP spoofing.
Page 367: Commands For Preventing Arp, Nd Spoofing
ip arp-security updateprotect Disable and enable ARP, Nd automatic no ip arp-security updateprotect update function ipv6 nd-security updateprotect no ipv6 nd-security updateprotect 2. Disable ARP, ND automatic learning function Command Explanation Admin mode and Interface Mode ip arp-security learnprotect Disable and enable ARP, ND automatic no Ip arp-security learnprotect learning function ipv6 nd-security learnprotect...
Page 368: Ipv6 Nd-Security Updateprotect
Example：Switch(Config-if-Vlan1)# ip arp-security updateprotect Switch(Config)# ip arp-security updateprotect 13.3.2 ipv6 nd-security updateprotect Command：ipv6 nd-security updateprotect no ipv6 nd-security updateprotect Function ： Forbid ND automatic learning function of IPv6 Version, the “no ipv6 nd-security updateprotect ” command re-enables ND automatic learning function. Parameter：...
Page 369: Ip Arp-Security Convert
Example：Switch(Config-if-Vlan1)#ipv6 nd -security learnprotect Switch(Config)#ipv6 nd -security learnprotect 13.3.5 ip arp-security convert Command：ip arp-security convert Function： Change all of dynamic arp to static arp Parameter： None Command Mode：Global Mode/ Interface configuration Example：Switch(Config-if-Vlan1)# ip arp -security convert Switch(Config)# ip arp -security convert 13.3.6 ipv6 nd-security convert Command：ipv6 nd-security convert Function：...
Page 370: Prevent Arp, Nd Spoofing Example
13.4 Prevent ARP, ND Spoofing Example Fig 13-1 Prevent ARP ,ND Spoofing Equipment Explanation Equipment Configuration Quality switch IP:192.168.2.4; IP:192.168.1.4; mac: 04-04-04-04-04-04 IP:192.168.2.1; mac: 01-01-01-01-01-01 IP:192.168.1.2; mac: 02-02-02-02-02-02 IP:192.168.2.3; mac: 03-03-03-03-03-03 some There is a normal communication between B and C on above diagram. A wants switch to forward packets sent by B to itself, so need switch sends the packets transfer from B to A.
Page 371 If the environment changing, it enable to forbid ARP refresh, once it learns ARP property, it wont be refreshed by new ARP reply package, and protect use data from sniffing. Switch#config Switch(config)#ip arp-security updateprotect...
Page 372: Chapter 14 Routing Protocol
Chapter 14 Routing Protocol 14.1 Routing Protocol Overview To communicate with a remote host over the Internet, a host must choose a proper route via a set of routers or Layer3 switches. Both routers and layer3 switches calculate the route using CPU, the difference is that layer3 switch adds the calculated route to the switch chip and forward by the chip at wire speed, while the router always store the calculated route in the route table or route buffer, and data forwarding is performed by the CPU.
Page 373: Routing Table
protocol, so that multiple routing protocols can be associated. EGP is used to exchange routing information among different autonomous systems, such as BGP protocol. EGP supported by ES4700 series switch include BGP-4, BGP-4+. 14.1.1 Routing Table As mentioned before, layer3 switch is mainly used to establish the route from the current layer3 switch to a network or a host, and to forward packages according to the route.
Page 374: Ip Routing Policy
OSPF ASE IBGP EBGP Unknown route 14.2 IP Routing Policy 14.2.1 Introduction To Routing Policy Some policies have to be applied when the router publishing and receiving routing messages so to filter routing messages, such as only receiving or publishing routing messages meets the specified conditions.
Page 375 properties of routing messages. Different match clause in the same node is “and” relation logically, which means the matching test of a node, will not be passed until conditions in its entire match clause are matched. Set clause specifies actions, namely configure some properties of routing messages after the matching test is passed.
Page 376: Ip Routing Policy Configuration Task List
in BGP configuration 14.2.2 IP Routing Policy Configuration Task List 1、 Define route-map 2、Define the match clause in route-map 3、Define the set clause in route-map 4、Define address prefix list 1.Define route-map Command Explanation Global mode Configure route-map; the no route-map route-map <map_name>...
Page 377 Match by interface; The match interface match interface <interface-name > [<interface-name >] no match interface [<interface-name >] command deletes match condition Match the address or next-hop; The no match match ip <address | next-hop> <ip-acl-name | ip <address | next-hop> ip-acl-num | prefix-list list-name>...
Page 378 Distribute an AS No. for BGP aggregator; The no set aggregator as <as-number> <ip_addr> aggregator no set aggregator as [<as-number> <ip_addr>] [<as-number> command <ip_addr>] deletes the configuration Add a specified AS No. set as-path prepend <as-num> before the BGP routing no set as-path prepend [<as-num>] messages as-path series;...
Page 379 Configure BGP extended set extcommunity <rt | soo> <AA:NN> community list property; no set extcommunity <rt | soo> [<AA:NN>] extcommunity <rt | soo> command [<AA:NN>] deletes the configuration Set next-hop IP address; set ip next-hop <ip_addr> The no set ip next-hop no set ip next-hop [<ip_addr>] command [<ip_addr>]...
Page 380: Command For Routing Policy
Set BGP VPNv4 next-hop set vpnv4 next-hop <ip_addr> address; no set vpnv4 next-hop [<ip_addr>] vpnv4 next-hop command [<ip_addr>] deletes the configuration Set BGP routing weight; set weight < weight_val> The no set weight [< no set weight [< weight_val>] command weight_val>] deletes the configuration 4.
Page 381 contents Default: None. Command Mode: Global Mode Usage Guide: This command can be used for explaining and describing a prefix-list, e.g. the application and attention matters of the prefix-list Example: Switch#config terminal Switch(config)#ip prefix-list 3 description This list is used by BGP 14.2.3.2 ip prefix-list seq Command: ip prefix-list <list_name>...
Page 382 items so to grant the passage for all other routing messages. Example: Switch#config terminal Switch(config)# ip prefix-list mylist seq 12345 deny 10.0.0.0/8 le 22 ge 14 14.2.3.3 match as-path Command: match as-path <list-name> no match as-path [<list-name>] Function: Configure the AS path domain for matching the BGP routing messages. The “no match as-path [<list-name>]”...
Page 383 14.2.3.5 match interface Command: match interface <interface-name > no match interface [<interface-name > Function: Configure to match the interfaces. The “no match interface [<interface-name >“ deletes this configuration. Parameter: “ <interface-name >“ is the name of the interface. Command Mode: route-map mode Usage Guide: This command matches according to the next-hop messages in the route.
Page 384 Command: match metric <metric-val > no match metric [<metric-val >] Function: Match the metric value in the routing message. The “no match metric [<metric-val >]” deletes the configuration. Parameter: <metric-val > is the metric value, ranging between 0～4294967295. Command Mode: route-map mode Usage Guide: This command matches according to metric value in the route.
Page 385 Usage Guide: This command matches according to the type of OSPF routes （OSPF AS-external LSA type is either type 1or type 2）. If the matching succeeded, then the “permit” or “deny” action in the route-map is performed. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#match route-type external type-1 14.2.3.10 match tag...
Page 386 all the set sub of this node will be executed without entering the check in the next node; if the match subs can not be met, the proceed to the check in next node. Relation among different node should be “or”, namely one node check passed then the route filter is passed when the switch checks each node in turn in the route-map.
Page 387 should be lengthened so to affect the best neighbor path option. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set as-path prepend 200 14.2.3.14 set atomic-aggregate Command: set atomic-aggregate no set atomic-aggregate Function: Configure the atomic aggregate attributes.
Page 388 14.2.3.16 set community Command: set community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive] no set community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive] Function: Configure the community attributes of the BGP routing message. The “no set community [AA:NN] [internet] [local-AS] [no-advertise] [no-export] [none] [additive]”...
Page 389 no set ip next-hop [<ip_addr>] Function: Configure the next-hop of the route. The “no set ip next-hop [<ip_addr>]” command deletes the configuration. Parameter: <ip_addr > is the ip address of next-hop shown with dotted decimal notation. Command Mode: route-map mode Example: Switch#config terminal Switch(config)#route-map r1 permit 5...
Page 390 compared. To extend the comparison to the metric values of different neighbor path, the bgp always-compare-med command should be configured. To use this command, one match clause should at first be defined. Example: Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set metric +60 14.2.3.21 set metric-type Command: set metric-type <type-1 | type-2>...
Page 391 Command: set originator-id <ip_addr> no set originator-id [<ip_addr>] Function: Configure the origin ip address of the BGP routing message. The “no set originator-id [<ip_addr>]” command deletes the configuration. Parameter: <ip_addr> is the ip address of the route source shown by dotted decimal notation.
Page 392: Configuration Examples
Switch#config terminal Switch(config)#route-map r1 permit 5 Switch(config-route-map)#set vpnv4 next-hop 10.1.1.1 14.2.3.26 set weight Command: set weight <weight_val> no set weight [<weight_val>] Function: Configure the weight value of BGP routing message. The “no set weight [<weight_val>]” command deletes this configuration. Parameter: <weight_val> is weight value, ranging between 0～4294967295 Command Mode: route-map mode Usage Guide: Weight value is adopted to facilitate the best path option and validates only within the local switch.
Page 393: Troubleshooting Help
192.68.11.1 VLAN1 VLAN3 192.68.10.1 VLAN2 SwitchA 192.68.6.1 SwitchB VLAN2 VLAN3 VLAN1 192.68.6.2 192.68.5.2 172.16.20.1 VLAN1 VLAN3 192.68.5.1 172.16.20.2 SwitchC SwitchD VLAN2 VLAN2 172.16.1.1 172.16.1.2 Fig 14-1 Policy routing Configuration configuration procedure: (only SwitchA is listed,configurations for other switches are omitted.) The configuration of Layer 3 switchA: SwitchA#config SwitchA (config) #router bgp 1...
Page 394 Items in address prefix list should at least have one item set to permit mode. The deny mode items can be defined first to fast remove the unmatched routing messages, however if all the items are set to deny mode, any route will not be able to pass the filtering of this address prefix list.
Page 395 Parameter: Detail means show detailed messages, summary means show summary messages, <list-name> is the name of prefix-list. Default: None Command Mode: all modes Usage Guide: All prefix-lists will be shown if no prefix-list name is specified. Example: Switch#show ip prefix-list detail mylist ip prefix-list mylist: count: 2, range entries: 0, sequences: 5 - 10 deny 1.1.1.1/8 (hit count: 0, recount: 0)
Page 396: Static Route
metric 10 Displayed information Explanation route-map a, deny, sequence 10 route-map a means the name of route map is a, deny means the deny mode, sequence means sequence number is 10 Match clauses: Match sub as-path 60 Detailed contents in the Match sub Set clauses: Set sub metric 10...
Page 397: Static Route Configuration Task List
a network mask of 0.0.0.0, too. If the route table does not have the destination of a package and has no default route configured, the package will be discarded, and an ICMP packet will be sent to the source address indicate the destination address or network is unreachable.
Page 398 14.3.4.1 ip route Command: ip route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} {<gateway-address> | <gateway-interface>} [<distance>] route {<ip-prefix> <mask> <ip-prefix>/<prefix-length>} [<gateway-address> | <gateway-interface>] [<distance>] Function: Configure the static route. The “no ip route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} [<gateway-address> <gateway-interface>] [<distance>]” command deletes the static route. Parameter: The <ip-prefix>...
Page 399 Command: show ip route [<destination>|<destination >/<length>|connected | static | rip| ospf | bgp | isis| kernel| statistics| database [connected | static | rip| ospf | bgp | isis| kernel] |fib [default|main|local]] Function: Show the route table Parameter: <destination> is the destination network address; <destination >/<length> is the destination network address plus the length of prefix;...
Page 400 target network exists, the kernel route will only shows those with high priority. 14.3.4.3 show ip route fib Command: show ip route fib Function: Show all the contents in the route table including: route type, destination network, mask, next-hop address, interface, etc. Command Mode: all modes Usage Guide: With show ip route command, contents about static route in the route table can be shown, including destination IP address, network mask and next-hop IP...
Page 401: Configuration Examples
Command: route <name> {<ip-prefix> <mask>|<ip-prefix/<prefix-length>} {<gateway-address>|<gateway-interface>} [<distance>] no ip route vrf <name> {<ip-prefix> <mask>|<ip-prefix/<prefix-length>} [<gateway-address>|<gateway-interface>] [<distance>] Function: <name> is the name of VPN route forwarding instances; <ip-prefix> and <mask> are respectively destination IP address and sub network mask shown in dotted decimal notation;...
Page 402: Rip
Configuration of layer3 SwitchA Switch#config Switch (config) #ip route 10.1.5.0 255.255.255.0 10.1.2.2 Configuration of layer3 SwitchC Switch#config Next hop use the partner IP address Switch(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.1 Next hop use the partner IP address Switch(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.1 Configuration of layer3 SwitchB Switch#config Switch(config)#ip route 0.0.0.0 0.0.0.0 10.1.3.2...
Page 403 network connected to that device is considered to be unreachable. However, the route of that layer3 switch will be kept in the route table for another 120 seconds before deletion. As layer3 switches running RIP built route table with second hand information, infinite count may occur.
Page 404: Rip Configuration Task List
Besides the above mentioned, RIP protocol allows route information discovered by the other routing protocols to be introduced to the route table. It can also be as the protocol exchanging route messages with CE on PE routers, and supports the VPN route/transmitting examples.
Page 405 （3）Configure other RIP protocol parameters 1）Configure the administratively distance of RIP route 2）Configure the RIP route capacity limit in route table 3）Configure the RIP update, timeout, holddown and other timer. 4）Configure the receiving buffer size of RIP UDP Configure RIP-I/RIP-II switch （1）Configure the RIP version to be used in all interfaces （2）Configure the RIP version to send/receive in all interfaces （3）Configure whether to enable RIP packets sending/receiving for interfaces...
Page 406 Block the RIP broadcast on specified pot and the RIP data packet is only transmittable passive-interface<ifname> among Layer 3 switch configured with no passive-interface<ifname> neighbor. the no passive-interface<ifname> command cancels the function （2）Configure RIP route parameters 1 ） configure route introduction (default route metric, configure routes of the other protocols to be introduced in RIP) Command Explanation...
Page 407 Global mode Enter keychain mode, and configure a key key chain <name-of-chain> chain, the no key chain < name-of-chain > no key chain < name-of-chain > command deletes the key chain Keychain mode Enter the keychain-key mode and configure a key <keyid>...
Page 408 distribute-list {< access-list-number Configure and apply the access table and |access-list-name prefix table to filter the routes. the no >|prefix<prefix-list-name>}{in|out} distribute-list {< access-list-number [<ifname>] |access-list-name no distribute-list {< >|prefix<prefix-list-name>}{in|out} access-list-number |access-list-name [<ifname>]command means do not use the >|prefix<prefix-list-name>}{in|out} access table and prefix table [<ifname>] 5）configure the split horizon Command...
Page 409 The command configures the UDP receiving buffer size RIP; recv-buffer-size <size> command restore no recv-buffer-size recv-buffer-size system default values 3. Configure RIP-I/RIP-II toggling （1）Configure the RIP version to be used in all ports Command Explanation RIP configuration mode Configure the versions of all the RIP data packets transmitted/received by the Layer 3 version { 1 | 2 } switch port sending/receiving the no version...
Page 410: Command For Rip
Privilleged mode clear ip rip route The command deletes a specified route from {<A.B.C.D/M>|kernel|static|connected the RIP route table |rip|ospf|isis|bgp|all} 5. Configure the RIP VPN command. Command Explanation Router configuration mode The command configures a RIP address family on the VRF of the PE router. the no address-family ipv4 vrf <vrf-name>...
Page 411 <hh:mm:ss> specify the concrete valid time of accept-lifetime in hours, minutes and second <day> specifies the date of valid, ranging between 1 -31 <month> specifies the month of valid shown with the first three letters of the month, such as Jan <year>...
Page 412 {<A.B.C.D/M>|kernel|static|connected|rip|ospf|isis|bgp|all} Function: Clear specific route in the RIP route table Parameter: Clear the routes which match the destination address from the RIP route table. <A.B.C.D/M> specifies the IP address prefix and its length of the destination address kernel delete kernel routes from the RIP route table static delete static routes from the RIP route table connected delete direct routes from the RIP route table rip only delete RIP routes from the RIP route table...
Page 413 14.4.3.5 default-information originate Command: default-information originate no default-information originate Function: Allow the network 0.0.0.0 to be redistributed into the RIP. The “no default-information originate” disable this function. Parameter: None Default: Disabled Command Mode: router mode Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# default-information originate 14.4.3.6 default-metric Command: default-metric <value>...
Page 414 <access-list-name|access-list-number > specifies the access-list number or name applied Default: The default managing distance of RIP is 120 Command Mode: Router mode and address-family mode Usage Guide: In case there are routes from two different routing protocols to the same destination, the managing distance is then used for selecting routes.
Page 415 Switch(config-router-af)# exit-address-family Switch(config-router)# 14.4.3.10 ip rip authentication key Command: ip rip authentication key <name-of-chain> no ip rip authentication key Function: Use this command to enable RIPV2 authentication on an interface and further configures the adopted key chain. The “no ip rip authentication key” command cancels the authentication.
Page 416 Example: Switch# config terminal Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)# ip rip authentication mode md5 14.4.3.12 ip rip authentication string Command: ip rip authentication string <text> no ip rip authentication string Function: Set the password used in RIP authentication. The “no ip rip authentication string”...
Page 417 14.4.3.14 ip rip receive-packet Command: ip rip receive-packet no ip rip receive-packet Function: Set the interface to be able to receivable RIP packets; the “no ip rip receive-packet” command set the interface to be unable to receivable RIP packets Default: Interface receives RIP packets Command Mode: Interface Mode Example: Switch# config terminal Switch(config)# interface vlan 1...
Page 418 Command: ip rip send version { 1 | 2 | 1-compatible | 1 2} no ip rip send version Function: Set the version information of the RIP packets the interface receives. The default version is 2; the “no ip rip send version” command restores the value set by using the version command.
Page 419 Switch(config-keychain)# key 1 Switch(config-keychain-key)# 14.4.3.20 key chain Command: key chain <name-of-chain> no key chain < name-of-chain > Function: This command is for entering a keychain manage mode and configure a keychain. The “no key chain < name-of-chain >“ delete one keychain. Parameter: <name-of-chain>...
Page 420 Command Mode: router mode Usage Guide: The maximum RIP routes only limits the number of routes learnt through RIP but not includes direct route or the RIP static route configured by the route command. The base on which the comparison is performed is the number of route marked R in the show ip route database, and also the number of RIP routes displayed in the show ip route statistics command.
Page 421 Switch(config-router)# network 10.0.0.0/8 Switch(config-router)# network vlan 1 14.4.3.25 offset-list Command: offset-list <access-list-number |access-list-name> {in|out }<number >[<ifname>] no offset-list <access-list-number |access-list-name> {in|out }<number >[<ifname>] Function: Add an offset value to the metric value of the routes learnt by RIP. The “no offset-list <access-list-number |access-list-name>...
Page 422 Default: 8192 bytes Command Mode: Router mode Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# recv-buffer-size 23456789 14.4.3.28 redistribute Command:redistribute {kernel |connected| static| ospf| isis| bgp} [metric<value>] [route-map<word>] no redistribute {kernel |connected| static| ospf| isis| bgp} [metric<value>] [route-map<word>] Function: Introduce the routes learnt from other routing protocols into RIP Parameter: kernel introduce from kernel routes connected introduce from direct routes static introduce from static routes...
Page 423 Example: Switch# config terminal Switch(config)# router rip Switch(config-router)# route 1.0.0.0/8 14.4.3.30 router rip Command: router rip no router rip Function: Enable the RIP routing process and enter the RIP mode; the “no router rip” command closes the RIP routing protocol Default: Not running RIP route Command Mode: Global mode Usage Guide: This command is the switch for starting the RIP routing protocol which is...
Page 424 and second <day> Specifies the date of valid, ranging between 1 -31 <month> Specifies the month of valid shown with the first three letters of the month, such as Jan <year> Specifies the year of valid start, ranging between 1993 -2035 <seconds>...
Page 425: Rip Examples
Command:version {1| 2} no version Function: Configure the version of all RIP data packets sent/received by router interfaces: the “no version” restores the default configuration Parameter: 1 is version 1 rip; 2 is version 2 rip Default: Sent and received data packet is version 2 by default Command Mode: Router mode and address-family mode Usage Guide: 1 refers to that each interface of the layer 3 switch only sends/receives the RIP-I data packets.
Page 426 SwitchA#config SwitchA(config)# interface vlan 1 SwitchA(Config-if-Vlan1)# ip address 10.1.1.1 255.255.255.0 SwitchA (config-if-Vlan1)# Configure the IP address of interface vlan 2 SwitchA (config)# vlan 2 SwitchA (Config-Vlan2)# switchport interface ethernet 1/2 Set the port Ethernet1/2 access vlan 2 successfully SwitchA (Config-Vlan2)# exit SwitchA (Config)# interface vlan 2 SwitchA (Config-if-Vlan2)# ip address 20.1.1.1 255.255.255.0 Initiate RIP protocol and configure the RIP segments...
Page 427 SwitchC(config-router)#network vlan 1 SwitchC(config-router)#exit 14.4.4.2 Configuration Examples of RIP VPN SwitchB Interface Interface vlan1:10.1.1.1/24 vlan1:10.1.1.2/24 SwitchC Interface SwitchA Interface vlan2:20.1.1.1/24 Vlan2:20.1.1.2/24 Fig 14-4 RIP VPN example In the figure shown above, a network consists of three Layer 3 switches, in which the SwitchA as PE, SwitchB and SwitchC as CE1 and CE2.
Page 428: Troubleshooting Help Of Rip
SwitchA(config)# SwitchA(config)#router rip SwitchA(config-router)#address-family ipv4 vrf vpnb SwitchA(config-router-af)#redistribute bgp SwitchA(config-router-af)#network Vlan1 SwitchA(config-router-af)#exit-address-family SwitchA(config-router)#address-family ipv4 vrf vpnc SwitchA(config-router-af)#redistribute bgp SwitchA(config-router-af)#network Vlan2 SwitchA(config-router-af)#exit-address-family SwitchA(config-router)# CE1 Layer 3 switch SwitchB configure the IP address of Ethernet port E 1/2 SwitchB#config SwitchB(config)# interface Vlan1 SwitchB(config-if-Vlan1)# ip address 10.1.1.2 255.255.255.0 SwitchB (config-if-Vlan1)exit Initiate RIP protocol and configure the RIP segments...
Page 429 command) Then initiate the RIP protocol (use router rip command) and configure the segment (use network command) and set RIP protocol parameter on corresponding interfaces, such as the option between RIP-I and RIP-II After that, one feature of RIP protocol should be noticed ---the Layer 3 switch running RIP protocol sending route updating messages to all neighboring Layer 3 switches every 30 seconds.
Page 430 Sending updates every 30 seconds with +/-50%, next due in 8 seconds Timeout after 180 seconds, garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribution metric is 1 Redistributing: static Default version control: send version 2, receive version 2...
Page 431 Routing Information Sources: Routing information sources Gateway Distance Last Update Bad Packets Bad The badpacketand bad routes Routes from the gateway 20.1.1.1 are 20.1.1.1 120 00:00:31 seconds have passed since the last route update. The manage distance is 120 Distance: (default is 120) Default manage distance is 14.4.5.1.3 show ip rip Command: show ip rip...
Page 432 Function:This command display the RIP database messages related to the VPN routing/forwarding instances. Parameter: Specifies the name of VPN routing/forwarding instances. Command Mode: Any mode Example: Switch# show ip rip database vrf IPI Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP Network Next Hop...
Page 433 Passive interface: Disabled Split horizon: Enabled with Poisoned Reversed IP interface address: 11.1.1.1/24 Displayed information Explanations Vlan1 is up, line protocol is up Interface is up Routing Protocol: RIP The protocol running on the interface is VPN Routing/Forwarding: vpnb Interface relates routing/forwarding instances.
Page 434 Name Default RD Interfaces Vlan1...
Page 435: Ripng
14.5 RIPng 14.5.1 Introduction to RIPng RIPng is first introduced in ARPANET, this is a protocol dedicated to small, simple networks. RIPng is a distance vector routing protocol based on the Bellman-Ford algorithm. Network devices running vector routing protocol send 2 kind of information to the neighboring devices regularly: •...
Page 436 gateway routes leaned from that gateway. There are two split horizon methods: “simple split horizon” and “poison reverse split horizon”. Simple split horizon deletes from the route to be sent to the neighbor gateways the routes learned from the neighbor gateways; poison reverse split horizon not only deletes the abovementioned routes, but set the costs of those routes to infinite.
Page 437: Ripng Configuration Task List
through nonsupport IPv6 network by unicast packet of IPv4 encapsulation. 14.5.2 RIPng Configuration Task List Enable RIPng protocol (required) （1） Enable/disable RIPng protocol Configure the interfaces running RIPng protocol （2） Configure RIPng protocol parameters (optional) Configure RIPng sending mechanism （1） Configure specified RIPng packets transmission address （2）...
Page 438 Specify the IPv6 Link-local address and interface of the neighboring route needs [no] neighbor <IPv6-address> point-transmitting; [no] neighbor <ifname> <IPv6-address> <ifname> command cancels the appointed router. Block the RIPng multicast on specified port RIPng data packet only transmittable among Layer switch [no] passive-interface <ifname>...
Page 439 Configure that provide a deviation value to the route metric value when the port sends or [no] offset-list receives RIPng data packet; [no] <access-list-number offset-list<access-list-number |access-list-name> {in|out} |access-list-name> {in|out} <number > <number > [<ifname>] [<ifname>]command removes the deviation table 3）configure and apply route filter and route aggregation Command Explanation Router configuration mode...
Page 440: Commands For Ripng
(4) Delete the specified route in RIPng route table Command Explanation Admin Mode clear IPv6 rip route the command deletes a specified route from {<IPv6-address>|kernel|static|con the RIPng route table nected|rip|ospf|isis|bgp|all} 14.5.3 Commands For RIPng 14.5.3.1 aggregate-address Command: [no] aggregate-address<ipv6-address> RIPng route.
Page 441 Default: No default configuration Command Mode: Admin mode Usage Guide: All routes in the RIPng route table will be deleted by using this command with all parameters. Example: Switch# clear ipv6 rip route 2001:1:1::/64 Switch# clear ipv6 rip route ospf 14.5.3.3 default-information originate Command: default-information originate no default-information originate...
Page 442 no ipv6 rip split-horizon Function: Permit the split horizon. The “no ipv6 rip split-horizon” disables the split horizon Parameter: [poisoned] configures split horizon with poison reverse. Default: Split horizon with poison reverse Command Mode: Interface Mode Usage Guide: The split horizon is for preventing the routing loops, namely preventing the layer 3 switch from broadcasting a route at the interface from which the very route is learnt.
Page 443 Usage Guide: The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully. Example: Switch# config terminal Switch(config)# interface Vlan1 Switch(config-if-Vlan1)# ipv6 router rip 14.5.3.8 neighbor Command: [no] neighbor <ipv6-address> <ifname> Function: Specify the destination address for fixed sending. The “[no] neighbor <ipv6-address>...
Page 444 14.5.3.10 passive-interface Command: [no] passive-interface<ifname> Function: Set the RIP layer 3 switches to block RIP broadcast on the specified interfaces, and only send the RIPng data packet to the layer 3 switch which is configured with neighbor. Parameter: <ifname> is the specific interface name Default: Not configured Command Mode: Router mode Example:...
Page 445: Ripng Configuration Examples
Parameter: Specifies this destination IPv6 address prefix and its length show in colon hex notation. Usage Guide: The command add a static RIPng route, and is mainly used for debugging. Routes configured by this command will not appear in kernel route table but in the RIPng route database, however it could be located by using the show ipv6 rip command.
Page 446 SwitchB connect to SwitchC through interface vlan1 and vlan2. All the three switches are running RIPng. Assume SwitchA（VLAN1:2001:1:1::1/64 and VLAN2:2001:1:1::1/64） exchange update information with SwitchB （ VLAN1:2001:1:1::2/64 ） only, update information is not exchanged between SwitchA and SwitchC（VLAN1:20001:1::2/64）. The configuration for SwitchA, SwitchB and SwitchC is shown below: Layer 3 switch SwitchA Enable RIPng protocol SwitchA (config)#router IPv6 rip...
Page 447: Ripng Troubleshooting Help
SwitchC (config)#router IPv6 rip SwitchC (config-router-rip)#exit Configure the IPv6 address and interfaces of Ethernet port vlan1 to run RIPng SwitchC#config SwitchC (config)# interface Vlan1 SwitchC (config-if)# IPv6 address 2000:1:1::2/64 SwitchC (config-if)#IPv6 router rip SwitchC (config-if)exit 14.5.5 RIPng Troubleshooting Help The RIPng protocol may not be working properly due to errors such as physic connection, configuration error when configuring and using the RIPng protocol.
Page 448 Nsm shows the communication messages between RIPng and NSM. Packet shows the debugging messages of RIPng data packets Recv shows the messages of the received data packets Send shows the messages of the sent data packets Detail shows the messages of the data packets received or sent. Default: Not enabled Command Mode: Admin mode and global mode Example: Switch# debug ipv6 rip packet...
Page 449 IPv6 interface address: 3000:1:1::1/64 fe80::203:fff:fe01:429e/64 Displayed information Explanations Vlan1 is up, line protocol is up Interface is Up Routing Protocol: RIP The routing protocol running on the interface is RIPng Passive interface: Disabled Passive-interface disabled Split horizon:Enabled with Poisoned The split horizon is enabled with poisoned Reversed reversed on the interface.
Page 450 Incoming update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribution metric is 1 Default redistribution metric is Redistributing: static Redistricting the static route into the RIPng routes Interface The interfaces running RIPng Vlan10 is Vlan 10 and Vlan 2...
Page 451: Ospf
Example: Switch# show ip rip interface Vlan1 Loopback is up, line protocol is up RIPng is not enabled on this interface Ethernet1/10 is up, line protocol is up Routing Protocol: RIPng Passive interface: Disabled Split horizon: Enabled with Poisoned Reversed IPv6 interface address: 3000:1:1::1/64 fe80::203:fff:fe01:429e/64...
Page 452 of hops to decide the route. Cost is assigned automatically or manually. According to the algorithm in link-state protocol, cost can be used to calculate the hop number for packages to pass, link bandwidth, and current load of the link.. The administrator can even add weight for better assessment of the link-state.
Page 453 available interface, reachable neighbors, and sends link-state advertisement (sending out link-state information) to exchange link-state information with other OSPF layer3 switches to form a link-state database describing the whole autonomous system. Each layer3 switch builds a shortest path tree rooted by itself according to the link-state database, this tree provide the routes to all nodes in an autonomous system.
Page 454: Ospf Configuration Task List
OSPF protocol is developed by the IETF, the OSPF v2 widely used now is fulfilled according to the content described in RFC2328. 14.6.2 OSPF Configuration Task List The OSPF configuration for SMC Networks series switches may be different from the...
Page 455 configuration procedure to switches of the other manufacturers. It is a two-step process: 1、Enable OSPF in the Global Mode; 2、Configure OSPF area for the interfaces. The configuration task list is as follows: Enable/disable OSPF protocol (required) （1）Enable/disable OSPF protocol (required) （2）Configure the Router-id of the layer3 switch running OSPF (optional) （3）Configure the network scope for running OSPF (optional) （4）Configure the area for the interface (required)
Page 456 Enables OSPF protocol; the “no router ospf” command disables OSPF protocol [no] router ospf [process <id>] (required) OSPF protocol configuration mode Configures the ID number for the layer3 switch running OSPF; the “no router id” router-id <router_id> command cancels the ID number. The IP no router-id address of an interface is selected to be the layer3 switch ID.
Page 457 sending HELLO package to poll, timer of neighboring layer3 switch invalid timeout, timer of LSA transmission delay and timer of LSA retransmission. Command Explanation Interface configuration mode Sets interval for sending HELLO packages; ip ospf hello-interval <time> the “no ip ospf hello-interval” command no ip ospf hello-interval restores the default setting.
Page 458 configure the SPF timer of OSPF; the timers spf <interval> no timers spf command restores the no timers spf default settings Configure the LSA limit in current overflow database {<max-LSA> [hard | OSPF process database; the no soft] | external <max-LSA> <recover time>} overflow database...
Page 459: Command For Ospf
Disables OSPF routing protocol no router ospf [process <id>] 14.6.3 Command For OSPF 14.6.3.1 area authentication Command: area <id> authentication [message-digest] no area <id> authentication Function: Configure the authentication mode of the OSPF area; the “no area <id> authentication” command restores the default value. Parameter: <id>...
Page 460 14.6.3.3 area filter-list Command: [no] area <id> filter-list {access|prefix} {in|out} Function: Configure the filter broadcasting summary routing on the ABR; the “[no] area <id> filter-list {access|prefix} {in|out}” command restores the default value. Parameter: <id> is the area number which could be shown in digits ranging between 0～4294967295, or as an IP address;...
Page 461 Usage Guide: The same area can not be both NSSA and stub at the same time Example: Set area 51 and 3 to NSSA Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#area 0.0.0.51 nssa Switch(config-router)#area 3 nssa default-information-originate metric 34 metric-type 2 translator-role candidate no-redistribution 14.6.3.5 area range Command: area <id>...
Page 462 default: Set the default shortcut in this area enable: Enable forced shortcut through area time disable : Disable shortcut through area time. Default: Set to default Command Mode: OSPF protocol mode Usage Guide: Whether the area border routers are connected to a backbone routes or not, enabling the area shortcut will let the flow passes through non-backbone area with lower metric values.
Page 463 {AUTHENTICATION|AUTH_KEY|INTERVAL} no area <id> virtual-link A.B.C.D [AUTHENTICATION|AUTH_KEY|INTERVAL] Function: Configure a logical link between two backbone areas physically divided by non-backbone area. “no area <id> virtual-link A.B.C.D [AUTHENTICATION|AUTH_KEY|INTERVAL]” command removes this virtual-link. Parameter: <id> is the area number which could be digits ranging between 0 ～ 4294967295, and also as an IP address.
Page 464 Function: This command sets the way in which OSPF calculate the default metric value. The “no auto-cost reference-bandwidth” command only configures the cost to the interface by types. Parameter: <bandwith> reference bandwidth in Mbps, ranging between 1~4294967 Default: Default bandwidth is 100Mbps Command Mode: OSPF protocol mode Usage Guide: The interface metric value is acquired by divide the interface bandwith with reference bandwidth.
Page 465 14.6.3.12 clear ip ospf process Command: clear ip ospf [<process-id>] process Function: Use this command to clear and restart OSPF routing processes. One certain OSPF process will be cleared by specifying the process ID, or else all OSPF processes will be cleared. Default: No default configuration Command Mode: Admin mode Example: Switch#clear ip ospf process...
Page 466 [no] distribute-list out {kernel |connected| static| rip| isis| bgp} Function: Filter network in the routing update. The “[no] distribute-list out {kernel |connected| static| rip| isis| bgp}” command disables this function. Parameter: < access-list-name> is the access-list name to be applied out: Filter the sent route update kernel Kernel route connected Direct route...
Page 467 Example: Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#host 172.16.10.100 area 1 Switch(config-router)#host 172.16.10.101 area 2 cost 10 14.6.3.16 ip ospf authentication Command: ip ospf [<ip-address>] authentication [message-digest|null] no ip ospf [<ip-address>] authentication Function: Specify the authentication mode required in sending and receiving OSPF packets on the interfaces;...
Page 468 14.6.3.18 ip ospf cost Command: ip ospf [<ip-address>] cost <cost> no ip ospf [<ip-address>] cost Function: Specify the cost required in running OSPF protocol on the interface; the “no ip ospf [<ip-address>] cost” command restores the default value. Parameter: <ip-address> is the interface IP address shown in dotted decimal notation; <cost >...
Page 469 Default: The default dead interval is 40 seconds (normally 4 times of the hellow-interval). Command Mode: Interface Mode Usage Guide: If no HELLO data packet received after the dead-interval period then this layer 3 switch is considered inaccessible and invalid. This command modifies the dead interval value of neighboring layer 3 switch according to the actual link state.
Page 470 structure is discovered as well larger the cost. The ensure the normal operation of OSPF protocol the hello-interval parameter between the layer 3 switches adjacent to the interface must be in accordance. Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf hello-interval 20 14.6.3.23 ip ospf message-digest-key Command: ip ospf [<ip-address>] message-digest-key <key_id>...
Page 471 Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip ospf mtu 1480 14.6.3.25 ip ospf mtu-ignore Command: ip ospf <ip-address> mtu-ignore no ip ospf <ip-address> mtu-ignore Function: Use this command so that the mtu size is not checked when switching DD; the “no ip ospf <ip-address> mtu-ignore” will ensure the mtu size check when performing DD switch Parameter: <ip-address>...
Page 472 Command: ip ospf [<ip-address>] priority <priority> no ip ospf [<ip-address>] priority Function: Configure the priority when electing “Defined layer 3 switch” at the interface. The “no ip ospf [<ip-address>] priority” command restores the default value Parameter: <ip-address> is the interface IP address show in dotted decimal notation <priority>...
Page 473 Switch(Config-if-Vlan1)#ip ospf retransmit-interval 10 14.6.3.29 ip ospf transmit-delay Command: ip ospf [<ip-address>] transmit-delay <time> no ip ospf [<ip-address>] transmit-delay Function: Set the transmit delay value of LSA transmitting; the “no ip ospf [<ip-address>] transmit-delay” restores the default value. Parameter: <ip-address> is the interface IP address show in dotted decimal notation <time>...
Page 474 Function: This command configures the OSPF router connecting NBMA network. the “no neighbor A.B.C.D [<COST>| priority <value> | poll-interval <value>]” command removes this configuration fs Parameter: <COST>, OSPF neighbor cost value ranging between 1-65535; priority <value> , neighbor priority defaulted at 0 and ranges between 0-255; poll-interval <value>, 120s by default, which the polling time before neighbor relationship come into shape , ranging between 1-65535 Default: No default configuration...
Page 475 Switch(config-router)#network 10.1.1.0/24 area 1 14.6.3.33 ospf abr-type Command: ospf abr-type {cisco|ibm|shortcut|standard} no ospf abr-type Function: Use this command to configure a OSPF ABR type. The “no ospf abr-type” command restores the default value. Parameter: cisco, Realize through cisco ABR; ibm, Realize through ibm ABR; shortcut, Specify a shortcut-ABR;...
Page 476 Default: Not configured Parameter: < maxdbsize >Max LSA numbers, ranging between 0~4294967294 soft: Soft limit, warns when border exceeded hard: Hard limit, directly close ospf instance when border exceeded If there is not soft or hard configured, the configuration is taken as hard limit Command Mode: interface mode Example: Switch#config terminal Switch(config)#router ospf...
Page 477 [metric-type {1|2}][route-map<word>][tag<tag-value>] Function: Introduce route learnt from other routing protocols into OSPF Parameter: kernel introduce from kernel route connected introduce from direct route static introduce from static route rip introduce from the RIP route isis introduce from ISIS route bgp introduce from BGP route metric <value>...
Page 478 Command: default-information originate [always|METRIC|METRICTYPE|ROUTEMAP] no default-information originate Function: This command create a default external route to OSPF route area; the “no default-information originate” closes this feature Parameter: always: Whether default route exist in the software or not, the default route is always advertised.
Page 479: Ospf Example
Switch#config terminal Switch(config)#router ospf 100 Switch(config-router)#default-metric 100 14.6.3.42 summary-address Command: summary-address <A.B.C.D/M> [{not-advertise|tag<tag-value>}] Function: Summarize or restrain external route with specific address scope. Parameter: <A.B.C.D/M> address scope, shown in dotted decimal notation IPv4 address plus mask length not-advertised restrain the external routes tag<tag-value>...
Page 480 14.6.4.1 Configuration Example of OSPF Scenario 1: OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five ES4700 series layer3 switches for example, where layer3 SwitchC SwitchA and SwitchE make up OSPF area 0, layer3 switch SwitchB and SwitchC form OSPF area 1 (assume vlan1 interface of layer3 switch SwitchA belongs to area 0), layer3 switch SwitchD forms OSPF area 2 (assume vlan2 interface of layer3 SwitchE belongs to area 0).
Page 481 interface vlan1 and vlan2 SwitchB#config SwitchB(config)# interface vlan 1 SwitchB(config-if-vlan1)# ip address 10.1.1.2 255.255.255.0 SwitchB(config-if-vlan1)#exit SwitchB(config)# interface vlan 3 SwitchB(config-if-vlan3)# ip address 20.1.1.1 255.255.255.0 SwitchB(config-if-vlan3)#exit Enable OSPF protocol, configure the OSPF area interfaces vlan1 and vlan3 in SwitchB(config)#router ospf SwitchB(config-router)# network 10.1.1.0/24 area 0 SwitchB(config-router)# network 20.1.1.0/24 area 1 SwitchB(config-router)#exit SwitchB(config)#exit...
Page 482 Configuration of the IP address for interface vlan2 SwitchE#config SwitchE(config)# interface vlan 2 SwitchE(config-if-vlan2)# ip address 100.1.1.2 255.255.255.0 SwitchE(config-if-vlan2)#exit Configuration of the IP address for interface vlan3 SwitchE(config)# interface vlan 3 SwitchE(config-if-vlan3)# ip address 30.1.1.1 255.255.255.0 SwitchE(config-if-vlan3)#exit Enable OSPF protocol, configure the number of the area in which interface vlan2 and vlan3 reside in.
Page 483 SwitchE, SwitchF, SwitchG, SwitchH, SwitchL are in-area layer3 switches, SwitchC, SwitchD, SwitchG, SwitchJ and SwitchK are edge layer3 switches of the area, SwitchE and SwitchG are edge layer3 switches of the autonomous system. To area1, layer3 switches SwitchA and SwitchB are both in-area switches, area edge switches SwitchC and SwitchD are responsible for reporting distance cost to all destination outside the area, while they are also responsible for reporting the position of the AS edge layer3 switches SwitchE and SwitchG, AS external link-state advertisement...
Page 484 for layer3 switches of the other areas are omitted. The following are the configurations of SwitchA SwitchB.SwitchC and SwitchD: 1)SwitchA: Configure IP address for interface vlan2 SwitchA#config SwitchA(config)# interface vlan 2 SwitchA(config-If-Vlan2)# ip address 10.1.1.1 255.255.255.0 SwitchA(config-If-Vlan2)#exit Enable OSPF protocol, configure the area number for interface vlan2. SwitchA(config)#router ospf SwitchA(config-router)#network 10.1.1.0/24 area 1 SwitchA(config-router)#exit...
Page 485 SwitchB(config-If-Vlan2)#ip ospf authentication-key DCS SwitchB(config-If-Vlan2)#exit Configure IP address and area number for interface vlan1. SwitchB(config)# interface vlan 1 SwitchB(config-If-Vlan1)#ip address 20.1.2.1 255.255.255.0 SwitchB(config-If-Vlan1)#exit SwitchB(config)#router ospf SwitchB(config-router)#network 20.1.2.0/24 area 1 SwitchB(config-router)#exit SwitchB(config)#exit SwitchB# 3)SwitchC: Configure IP address for interface vlan2 SwitchC#config SwitchC(config)# interface vlan 2 SwitchC(config-If-Vlan2)# ip address 10.1.1.3 255.255.255.0 SwitchC(config-If-Vlan2)#exit...
Page 486 SwitchC(config-router)#network 10.1.5.0/24 area 0 SwitchC(config-router)#exit Configure MD5 key authentication. SwitchC(config)#interface vlan 1 SwitchC (config-If-Vlan1)#ip ospf authentication message-digest SwitchC (config-If-Vlan1)#ip ospf authentication-key DCS SwitchC (config-If-Vlan1)#exit SwitchC(config)#exit 4)SwitchD: Configure IP address for interface vlan2 SwitchD#config SwitchD(config)# interface vlan 2 SwitchD(config-If-Vlan2)# ip address 10.1.1.4 255.255.255.0 SwitchD(config-If-Vlan2)#exit Enable OSPF protocol, configure the area number for interface vlan2.
Page 487 Interface SwitchB Interface vlan1:10.1.1.2/24 vlan1:10.1.1.1/24 SwitchC Interface SwitchA Interface vlan2:20.1.1.1/24 Vlan2:20.1.1.2/24 Fig 14-8 OSPF VPN Example The above figure shows that a network consists of three Layer 3 switches in which the switchA as PE, SwitchB and SwitchC as CE1 and CE2. The PE is connected to CE1 and CE2 through vlan1 and vlan2.
Page 488: Ospf Troubleshooting Help
SwitchA(config-router)#exit SwitchA(config)#router ospf 200 vpnc SwitchA(config-router)#network 20.1.1.0/24 area 0 SwitchA(config-router)#redistribute bgp The Layer 3 switch SwitchB of CE1: Configure the IP address of Ethernet E 1/2 SwitchB#config SwitchB(config)# interface Vlan1 SwitchB(config-if-vlan1)# ip address 10.1.1.2 255.255.255.0 SwitchB (config-if-vlan1)exit Enable OSPF protocol and configuring OSPF segments SwitchB(config)#router ospf SwitchB(config-router-rip)#network 10.1.1.0/24 area 0 SwitchB(config-router-rip)#exit...
Page 489 part belongs to non 0 area; Layer 3 switch DR should be specified for multi-access network such as broadcast network. If the OSPF routing problem remains unresolved after checking and debugging, please use debug ospf packet/events commands and record the debug messages in three minutes ,then send it to our technical service center.
Page 490 Command Mode: Admin mode and global mode Example: Switch#debug ospf nfsm events 14.6.5.1.5 debug ospf nsm Command: [no]debug ospf nsm [interface|redistribute] Function: Open debugging switches showing showing OSPF NSM, the “[no]debug ospf nsm [interface|redistribute]” command closes this debugging switch Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ospf nsm interface 14.6.5.1.6 debug ospf packet...
Page 491 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of non-default external LSA 0 External LSA database is unlimited.
Page 492 14.6.5.1.9 show ip ospf border-routers Command: show ip ospf [<process-id>] border-routers Function: Display ABR and ASBR under all OSPF instances Parameter: <process-id> is the process ID, ranging between 0~65535 Default: Not displayed Command Mode: All modes Example: Switch#show ip ospf border-routers OSPF process 0 internal Routing Table Codes: i - Intra-area route, I - Inter-area route i 10.15.0.1 [10] via 10.10.0.1, Vlan1, ASBR, Area 0.0.0.0...
Page 493 Net Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# CkSum 20.1.1.2 192.168.1.2 254 0x8000002b 0xece4 Summary Link States (Area 0.0.0.2) Link ID ADV Router Age Seq# CkSum Route 6.1.0.0 192.168.1.2 68 0x8000002b 0x5757 6.1.0.0/22 6.1.1.0 192.168.1.2 879 0x8000002a 0xf8bc 6.1.1.0/24 22.1.1.0 192.168.1.2 308 0x8000000c 0xc8f0 22.1.1.0/24...
Page 494 <ifaddress> Interface IP address Default: Not displayed Command Mode: All modes Usage Guide: OSPF neighbor state can be checked by viewing the output of this command Example: Switch#show ip ospf neighbor OSPF process 0: Neighbor ID State Dead Time Address Interface 192.168.1.1 Full/Backup...
Page 495 E1 100.2.0.0/16 [21] via 10.1.1.1, Vlan1 14.6.5.1.14 show ip ospf virtual-links Command: show ip ospf [<process-id>] virtual-links Function: Display the OSPF virtual link message Parameter: <process-id> is the process ID ranging between 0~65535 Default: Not displayed Command Mode: All modes Example: Switch#show ip ospf virtual-links Virtual Link VLINK0 to router 10.10.0.9 is up...
Page 496: Ospfv
10.1.1.0/24 12.1.1.0/24 Routing Information Sources: Gateway Distance Last Update Distance: (default is 110) Address Mask Distance List Routing Protocol is "bgp 0" Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is IGP synchronization is disabled Automatic route summarization is disabled Neighbor(s): Address...
Page 497 then link-state advertisements (LSA) will be sent among neighboring layer3 switches. Neighboring layer3 switch copy the LSA to their routing table and transfer the information to the rest part of the network. This process is referred to as “flooding”. In this way, firsthand information is sent throughout the network to provide accurate map for creating and updating routes in the network.
Page 498 external route and second category external route). OSPFv3 support IP subnet and redistribution of routes from the other routing protocols, and interface-based packet verification. OSPFv3 supports sending packets in multicast. Each OSPFV3 layer3 switch maintains a database describing the topology of the whole autonomous system.
Page 499 designated Layer 3 switch in the OSPF area of multi-access network and is sent to all other neighboring layer3 switches in this area.(To reduce data traffic among each Layer 3 switches in the multi-access network, “designated layer3 switch” and “backup designated layer3 switch”...
Page 500: Ospfv3 Configuration Task List
according to the content described in RFC2328 and RFC2740. As a result of continuous development of IPv6 network, it has the network environment of nonsupport IPv6 sometimes, so it needs to do the IPv6 operation by tunnel. Therefore, our OSPFv3 supports configuration on configure tunnel, and passes through nonsupport IPv6 network by unicast packet of IPv4 encapsulation.
Page 501 Commands Explanation Global mode The command initializes ospfv3 routing process and enter ospfv3 mode to configure ospfv3 routing process. The [no] router IPv6 ospf <tag> [no] router IPv6 ospf <tag> command stops relative process. (required) OSPFv3 Protocol Configure Mode Configure router for ospfv3 process. The router-id <router_id>...
Page 502 Commands Explanation Interface Configuration Mode IPv6 ospf hello-interval <time> Sets interval for sending HELLO packages; [instance-id <id>] the “no IPv6 ospf hello-interval [instance-id IPv6 ospf hello-interval <id>]” command restores the default setting. [instance-id <id>] Sets the interval before regarding a neighbor IPv6 ospf dead-interval <time>...
Page 503: Command For Ospfv3
Commands Explanation OSPFv3 Protocol Configuration Mode Configure OSPFv3 SPF timer. The no timers spf <spf-delay> <spf-holdtime> timers spf command recovers default no timers spf value. Configure parameters in OSPFv3 area <id> stub [no-summary] area (STUB area, Virtual link). The no no area <id>...
Page 504 as an IP address; <cost> ranges between <0-16777215> Default: Default OSPFv3 cost is 1 Command Mode: OSPFv3 protocol mode Usage Guide: The command is only adaptive to the ABR router connected to the stub area or NSSA area Example: Set the default-cost of area 1 to 10 Switch(config-router)#area 1 default-cost 10 14.7.3.2 area range Command: area <id>...
Page 505 stub area Default: Not defined Command Mode: OSPFv3 protocol mode Usage Guide: Configure area stub on all routes in the stub area. There are two configuration commands for the routers in the stub area: stub and default-cost. All routers connected to the stub area should be configured with area stub command. As for area border routers connected to the stub area, their introducing cost is defined with area default-cost command.
Page 506 the public non-backbone area. The protocol treat routers connected by virtual links as a point-to-point network Example: Switch#config terminal Switch(config) #router ipv6 ospf Switch(config-router) #area 1 virtual-link 10.10.11.50 hello 5 dead 20 Switch(config-router) #area 1 virtual-link 10.10.11.50 instance-id 1 14.7.3.5 abr-type Command: abr-type {cisco|ibm| standard} no abr-type [cisco|ibm| standard] Function: Configure an OSPF ABR type with this command.
Page 507 Example: Switch#config terminal Switch(config)#router ipv6 ospf Switch(config-router)#default-metric 100 14.7.3.7 ipv6 ospf cost Command: ipv6 ospf cost <cost> [instance-id <id>] no ipv6 ospf cost [instance-id <id>] Function: Specify the cost required in running OSPF protocol on the interface; the “no ipv6 ospf cost [instance-id <id>]” command restores the default value Parameter: <id>...
Page 508 tunnel carefully. Example: Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 ospf dead-interval 80 14.7.3.9 ipv6 ospf display route single-line Command: [no] ipv6 ospf display route single-line Function: show ipv6 ospf route change the display results of show ipv6 ospf route command.The “[no] ipv6 ospf display route single-line” restores to default display mode Default: Not configured Command Mode: Global Mode...
Page 509 Switch#config terminal Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 ospf hello-interval 20 14.7.3.11 ipv6 ospf priority Command: ipv6 ospf priority <priority> [instance-id <id>] no ipv6 ospf priority[instance-id <id>] Function: Configure the priority when electing “Defined layer 3 switch” at the interface. The “no ipv6 ospf [<ip-address>] priority” command restores the default value Parameter: <id>...
Page 510 link state announcements till confirm from the object side is received. If the confirm packet is not received within the interval, the LSA will be retransmitted. The retransmit interval must be larger than the time it takes to make a round between two layer 3 switches.
Page 511 <instance-id> is the interface instance ID ranging between 0~255 and defaulted at 0. <tag> ospfv3 process identifier Default: Not configured Command Mode: Interface Mode Usage Guide: To enable this command on the interface, the area id must be configured. The instance ID and instance tag are optional. The ospfv3 process allows one routing instance for each instance ID.
Page 512 Example: Switch#config terminal Switch(config)#router ipv6 ospf Switch(config-router)#passive-interface vlan1 14.7.3.17 redistribute Command: [no]redistribute {kernel |connected| static| rip| isis| bgp} [metric<value>] [metric-type {1|2}][route-map<word>] Function: Introduce route learnt from other routing protocols into OSPF Parameter: kernel Introduct from kernel route connected Introduce from direct route static Introduce from static route rip Introduce from the RIP route isis Introduce from ISIS route...
Page 513: Ospfv3 Examples
14.7.3.19 router ipv6 ospf Command: [no] router ipv6 ospf [<tag>] Function: This command initializes the ospfv3 routing prcess and enters ospfv3 mode for configuring the ospfv3 routing process. The “[no] router ipv6 ospf [<tag>]” command stops relevant process Parameter: <tag> ospfv3 is the process mark which could be random strings made up of characters and digits Command Mode: Global mode Usage Guide: To let he ospfv3 routing process work properly, this command must be...
Page 514 (assume vlan2 interface of layer3 SwitchE belongs to area 0). Swtich1 and SwitchE are backbone layer3 switches, Swtich2 and SwitchD are area edge layer3 switches, and SwitchC is the in-area layer3 switch. SwitchA SwitchE SWITCHD Area 0 E1/1:2100:1:1::2/64 E1/2: 2030:1:1::1 E1/2: 2010:1:1::1/64 E1/1:2100:1:1::1/64 vlan2...
Page 515 SwitchB(config-if-vlan1)#exit SwitchB(config)# interface vlan 3 SwitchB(config-if-vlan3)# IPv6 address 2020:1:1::1/64 SwitchB(config-if-vlan3)# IPv6 router ospf area 1 SwitchB(config-if-vlan3)#exit SwitchB(config)#exit SwitchB# Layer 3 switch SwitchC: ! Enable OSPFv3 protocol, configure router ID SwitchC(config)#router IPv6 ospf SwitchC(config-router)#router-id 192.168.2.3 Configure interface vlan3 IPv6 address and affiliated OSPFv3 area SwitchC#config SwitchC(config)# interface vlan 3 SwitchC(config-if-vlan3)# IPv6 address 2020:1:1::2/64...
Page 516: Ospfv3 Troubleshooting Help
SwitchE(config-if-vlan2)# IPv6 address 2100:1:1::2/64 SwitchE(config-if-vlan2)# IPv6 router ospf area 0 SwitchE(config-if-vlan2)#exit Configure interface vlan3 IPv6 address and affiliated area SwitchE(config)# interface vlan 3 SwitchE(config-if-vlan3)# IPv6 address 2030:1:1::1/64 SwitchE(config-if-vlan3)# IPv6 router ospf area 0 SwitchE(config-if-vlan3)#exit SwitchE(config)#exit SwitchE# 14.7.5 OSPFv3 Troubleshooting Help In the process of configuring and implementing OSPFv3, physical connection, configuration false probably leads to OSPFv3 protocol doesn’t work.
Page 517 Default: Closed Command Mode: Admin mode and global mode Example: Switch#debug ipv6 ospf ifsm 1970/01/01 01:11:44 IMI: IFSM[Vlan1]: Hello timer expire 1970/01/01 01:11:44 IMI: IFSM[Vlan2]: Hello timer expire 14.7.5.1.2 debug ipv6 ospf lsa Command: [no]debug ipv6 ospf lsa [generate|flooding|install|maxage|refresh] Function: Open debugging switches showing showing link state announcements; the “[no]debug ospf lsa [generate|flooding|install|maxage|refresh]”...
Page 518 closes this debugging switch Default: Closed Command Mode: Admin mode and global mode 14.7.5.1.6 debug ipv6 ospf route Command: [no]debug ipv6 ospf route [ase|ia|install|spf] Function: Open debugging switches showing OSPF related routes; the “[no]debug ipv6 ospf route [ase|ia|install|spf]” command closes this debugging switch Default: Closed Command Mode: Admin mode and global mode 14.7.5.1.7 show ipv6 ospf...
Page 519 | inter-router [adv-router <advertiser_router>]] Function: Display the OSPF link state data base message Parameter: <tag> is the process tag which is a character string <advertiser_router> is the ID of Advertising router, shown in IPv4 address format Default: Not displayed Command Mode: All modes Example: According to the output messages of this command, we can view the OSPF link state database messages Use show ipv6 ospf database command will be able to show LSA messages of the OSPF...
Page 520 Intra-Area-Prefix-LSA (Area 0.0.0.0) Intra-domain Prefix LSA in Area 0 14.7.5.1.9 show ipv6 ospf interface Command: show ipv6 ospf interface [interface] Function: Display the OSPF interface messages Parameter: <interface> is the name of the interface Default: Not displayed Command Mode: All modes Example: Loopback is up, line protocol is up OSPFv3 not enabled on this interface...
Page 521 Hello due in 00:00:10 Neighbor Count is 1, Adjacent neighbor count is 1 Displayed information Explanations Vlan1 is up, line protocol is up Let the interface up both logically and physically IPv6 Prefixes IPv6 address of the interface and the fe80::203:fff:fe01:257c/64 (Link-Local length of the prefix Address)
Page 522 Command Mode: All modes Usage Guide: OSPF neighbor state can be checked by viewing the output of this command Example: OSPFv3 Process (*null*) Neighbor ID State Dead Time Interface Instance ID 192.168.2.3 Full/Backup 00:00:29 Vlan1 192.168.2.1 Full/DR 00:00:38 Vlan2 Vlan1 Displayed information Explanation Neighbor ID...
Page 523: Bgp
Function: Show messages of OSPF topology Parameter: <tag> is the processes tag, which is a character string <area-id> is an area ID which could be shown in digits ranging between 0～4294967295, or an IPv4 address Default: Not displayed Command Mode: All modes Example: Switch#show ipv6 ospf topology OSPFv3 Process (*null*)
Page 524 inter-autonomous system. Its basic function is automatically exchanging routing information without loops. By exchanging routing reachable information with autonomous number of AS sequence attributes, BGP could create autonomous topological map to eliminate routing loop and implement policies configured by users. Generally, the switches in an AS may use several IGPs (Interior Gateway Protocol) in order to exchange routing information in the AS, such as RIP and OSPF which are IGPs;...
Page 525 encourage the internet development. 2． The Overview of BGP-4 operation Unlike RIP and OSPF protocols, BGP protocol is connection oriented. BGP switches must establish connection to exchange routing information. The operation of BGP protocol is driven by messages and the messages can be divided into four kinds: Open message----It’s the first message which is sent after a TCP connection is established.
Page 526 When BGP runs in the same AS, it’s called IBGP. When in the different AS, it’s called EBGP. Generally, the outer neighbors are connected physically and the inner neighbors can be in any place of the AS. The difference is finally shown in the dealing manner of BGP to routing information.
Page 527: Bgp Configuration Task List
1．Select the route with the most weight first; 2. If the weights are the same, select the route with the most local preference; 3. If the local preferences are the same, select the route generated by local switch. 4. If the local preferences are the same and there is no route generated by local switch, select the route with the shortest AS path;...
Page 528 9．Adjust BGP Announcement Interval 10．Configure the default Local preference 11．Allow to Transfer Default Route 12．Configure BGP’s MED Value 13．Configure BGP Routing Redistribution 14．Configure BGP Route Dampening 15．Configure BGP capability Negotiation 16．Configure Routing Server 17．Configure Path-Selected Rule Ⅰ． Basic BGP configuration tasks 1.Enable BGP Routing Command Explanation...
Page 529 Command Explanation Admin Mode clear {<*>|<as-id>| Configure outbound soft reconfiguration. external|peer-group <NAME>|<ip-address>} soft out （3）Configure inbound soft reconfiguration. Command Explanation Router configuration mode This command can store routing information from neighbors and neighbor <ip-address> <TAG> peers; neighbor soft-reconfiguration inbound <ip-address> <TAG>...
Page 530 Filter neighbor routing updating information. The no neighbor {<ip-address>|<TAG>} distribute-list neighbor {<1-199>|<1300-2699>|<WORD>} {in|out} {<ip-address>|<TAG>} no neighbor {<ip-address>|<TAG>} distribute-list distribute-list {<1-199>|<1300-2699>|<WORD>} {in|out} {<1-199>|<1300-2699>|<W ORD>} {in|out} command cancels routing filter. 6．Configure Next-Hop 1） Set Next-Hop as the switch’s address Command Explanation BGP configuration mode While sending route...
Page 531 8．Configure BGP session identifier Command Explanation BGP configuration mode Configure the router-id value; the no bgp bgp router-id <ip-address> router-id command recovers the default no bgp router-id value. 9． Configure the BGP Version Command Explanation BGP configuration mode Set the version used by BGP neighbors;...
Page 532 3．Configure BGP Community Filtering Command Explanation BGP configuration mode Allow the routing updates with community attributes sending to neighbor {<ip-address> <TAG>} BGP neighbors; the no neighbor send-community {<ip-address> <TAG>} neighbor {<ip-address> <TAG>} command send-community send-community enables route without community attributes. 4．Configure BGP Confederation Command Explanation...
Page 533 Configure the current switch as route reflector and specify a client. neighbor neighbor <ip-address> route-reflector-client <ip-address> no neighbor <ip-address> route-reflector-client route-reflector-client command format deletes a client. （2） If there are more than one route reflectors in the cluster, the following commands can configure cluster-id Command Explanation...
Page 534 Make a neighbor a member of the peer neighbor <ip-address> peer-group group. the no neighbor <ip-address> <TAG> peer-group <TAG> command cancels the neighbor <ip-address> specified member. peer-group <TAG> 7．Configure neighbors and peer Groups’ parameters Command Explanation BGP configuration mode Specify a BGP neighbor; format neighbor {<ip-address>...
Page 535 value. Configure the allowance of EBGP connections with networks neighbor {<ip-address> <TAG>} connected indirectly; ebgp-multihop [<1-255>] neighbor {<ip-address> <TAG>} neighbor {<ip-address> ebgp-multihop <TAG>} ebgp-multihop command cancels this setting. Configure BGP neighbor weights; neighbor { <ip-address> | <TAG> } weight the no neighbor { <ip-address> <weight>...
Page 536 route-map <map-name> {in | out} route-map <map-name> {in | command cancels out} setting of route reflector. Store the route information from neighbor peers; neighbor <ip-address> <TAG> soft-reconfiguration inbound neighbor <ip-address> no neighbor { <ip-address> | <TAG> } <TAG> } soft-reconfiguration inbound command cancels the soft-reconfiguration inbound storage.
Page 537 Configure minimum interval among routes update neighbor {<ip-address> <TAG>} information; advertisement-interval <seconds> neighbor no neighbor {<ip-address> | <TAG>} {<ip-address> <TAG>} command advertisement-interval advertisement-interval recovers the default setting. 10． Configure the Local Preference Value Command Explanation BGP configuration mode Change default local preference; the no bgp default local-preference <value>...
Page 538 13． Configure BGP routing redistribution Command Explanation BGP configuration mode Redistribute IGP routes to BGP and may redistribute { connected | static | rip | specify the redistributed metric and route ospf} [metric <metric>] [route-map reflector; <NAME>] redistribute no redistribute { connected | static | { connected | static | rip | ospf} command cancels the redistribution.
Page 539 neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh} no neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh} provides capability negotiation neighbor {<ip-address>|<TAG>} regulation and carry out this capability capability prefix-list match while establishing connection. The {<both>|<send>|<receive>} currently supported capabilities include no neighbor {<ip-address>|<TAG>} route update, dynamic capability, outgoing capability prefix-list route filtering capability and the address...
Page 540: Command For Bgp
BGP configuration mode bgp always-compare-med no bgp always-compare-med BGP may change some path-select rules bgp bestpath as-path ignore by configuration to change the best no bgp bestpath as-path ignore selection and compare MED under EBGP bgp bestpath compare-confed-aspath environment through these command, bestpath ignore the AS-PATH length, compare the compare-confed-aspath...
Page 541 Usage Guide: To support VPN, VRF has to be enabled on the border routers; to realize VPN, create neighbors for BGP with the VRF address family on the private network, and with VPNv4 address-family on the public network. Configuration performed with this command to specific VRF, is independent from IPv4 unicast address-family.
Page 542 [as-set]: Show AS on the path in list, each AS is shown once. Default: No aggregate configuration Command Mode: BGP routing mode Usage Guide: Address aggregation reduces spreading routing messages outside. Use summary-only option so to spread aggregate route to the neighbors without spreading specific route.
Page 543 while carrying different MED; Configure on the route 10.1.1.64 Switch(config-router)#bgp always-compare-med 14.8.3.7 bgp bestpath as-path ignore Command: bgp bestpath as-path ignore 　 no bgp bestpath as-path ignore Function: Set to ignore the AS-PATH length. The “no bgp bestpath as-path ignore” command cancels this configuration Parameter: None Default: Not set...
Page 544 Default: Not configured Command Mode: BGP routing mode Usage Guide: Normally the first arrived route from the same AS (with other conditions equal) will be chosen as the best route. By using this command, source router ID will also be compared. Example:Announce the same route prefix through two devices （...
Page 545 Command: bgp cluster-id {<ip-address>|<01-4294967295>} no bgp cluster-id {<[<ip-address>]|<0-4294967295>} Function: Configure the route reflection ID during the route reflection. The “no bgp cluster-id {<[<ip-address>]|<0-4294967295>}” command cancels this configuration Parameter: <ip-address>|<1-4294967295>: >: cluster-id which is shown in dotted decimal notation or a 32 digit number. Default: Not configured Command Mode: BGP routing mode Usage Guide: A CLUSTER consists of routing reflectors and its clients in an area.
Page 546 14.8.3.15 bgp dampening Command: bgp dampening [<1-45>] [<1-20000> <1-20000> <1-255>] [<1-45>] no bgp dampening [<1-45>] [<1-20000> <1-20000> <1-255>] [<1-45>] Function:Configure the route dampening. The “no bgp dampening [<1-45>] [<1-20000> <1-20000> <1-255>] [<1-45>]” command cancels the route dampening function Parameter: <1-45>:>: Respectively the penalty half-lives of accessible and unaccessible route, namely the penalty value is reduced to half of the previous value, in minutes.
Page 547 Switch(config-router)# bgp default local-preference 500 14.8.3.17 bgp deterministic-med Command: bgp deterministic-med no bgp deterministic-med Function: Use the best MED for the same prefix in the AS to compare with other AS. The “no bgp deterministic-med” cancels this configuration Parameter: None Default: Not configured Command Mode: BGP routing mode.
Page 548 the interface is DOWN. Example: Switch(config-router)# bgp fast-external-failover 14.8.3.20 bgp inbound-route-filter Command: bgp inbound-route-filter no bgp inbound-route-filter Function: The bgp do not install the RD routing message which does not exist locally. The “no bgp inbound-route-filter” command means the RD will be installed with no regard to the local existence of the RD.
Page 549 Usage Guide: Set that whether BGP supports multiple BGP instance or not; this configuration should be set before the BGP instance configuration Example: Switch(config)#bgp multiple-instance 14.8.3.23 bgp network import-check Command: bgp network import-check no bgp network import-check Function: Set whether check the IGP accessibility of the BGP network route or not. The “no bgp network import-check”...
Page 550 RIP, OSPF, ISIS, etc will be regarded as IGP (internal generated), or else as INCOMPLETE Example: Switch(config)# bgp rfc1771-strict Switch(config)# no bgp rfc1771-strict 14.8.3.26 bgp router-id Command: bgp router-id <ip-address> no bgp router-id [<IP-ADDRESS>] Function:Configure the router ID manually. The “no bgp router-id [<IP-ADDRESS>]” cancels this configuration Parameter: <ip-address>: Router ID Default: Automatically acquire router ID...
Page 551 Command Mode: Admin mode Usage Guide: Clearing up BGP state in different parameters (such as AS number, peer group name, IPv4 address, address-family, external neighbor), or the inbound or outbound messages. Also it is optional to use the saved ORF as soft reconfiguration, or use the soft in|out command for in or out soft reconfiguration if it is already set.
Page 552 no distance <1-255> <ip-address/M> [<WORD>] Function: Set the manage distance of the routing prefix. The “no distance <1-255> <ip-address/M> [<WORD>]” command restores to the default value Parameter: <1-255>: Manage distance <ip-address/M>: Routing prefix <WORD>: Access-list name Default: Not set Command Mode: BGP routing mode Usage Guide: Set the manage distance for specified BGP route as the path selecting basis Example: Switch(config-router)# distance 90 10.1.1.64/32...
Page 553 Command: import map <map-name> no import map <map-name> Function: Use this command to configure the route-map regulations when introducing routes into VRF Parameter: <map-name> is the route-map name used Command Mode: vrf mode Usage Guide: Use the route map command route-map NAME permit|deny <1-65535> to create the route-map and establish the regulations.
Page 554 <LINE>: matched strings in the AS-PATH Default: None Command Mode: Global mode Usage Guide: Use this command to configure the access-list related to AS-PATH, so to supply the conditions for pass/filter. Example: Switch(config)#ip as-path access-list ASPF deny ^100$ 14.8.3.36 ip community-list Command: community-list {<LISTNAME>|<1-199>|[expanded...
Page 555 <.COMMUNITY >: Members of the community list, which may be the combination of aa:nn, or internet, local-AS, no-advertise, and no-export. It can be shown in regular expressions under extended conditions Default: None Command Mode: Global mode Usage Guide: With this command we can configure the community-list so to supply terms for the pass/filter/search Example: Switch(config)# ip extcommunity-list LN permit 100:10 14.8.3.38 neighbor activate...
Page 556 <0-600>: Advertise interval, in seconds Default: EBGP 30s. Default IBGP is 5s, default EBGP is 30s Command Mode: BGP routing mode and address-family mode Usage Guide: Reduce this value will improve the route updating speed while also consumes more bandwidth. Example: Switch(config-router)#neighbor 10.1.1.64 advertisement-interval 20 Switch(config-router)#no neighbor 10.1.1.64 advertisement-interval...
Page 557 transparent transmission is not performed. Parameter: <ip-address>:IP address of the neighbor <TAG>: Name of the peer group Default: No attribute transparent defined Command Mode: BGP routing mode and address-family mode Usage Guide: With this configuration specified route attributes will not change when transmitted to the specified neighbor.
Page 558 The route is successfully transmitted to CE2 after refresh, on CE2 shown: Switch#show ip bgp BGP table version is 5, local router ID is 100.1.1.70 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network...
Page 559 Command: neighbor {<ip-address>|<TAG>} capability prefix-list {<both>|<send>|<receive>} neighbor {<ip-address>|<TAG>} capability prefix-list {<both>|<send>|<receive>} Function: Configure the out route filter capability negotiation between neighbors. The “no neighbor {<ip-address>|<TAG>} capability prefix-list {<both>|<send>|<receive>}” command set to not perform the negotiation Parameter: <ip-address>:Neighbor IP address <TAG>:Name of peer group Default: ORF capability not configured Command Mode: BGP routing mode and address-family mode Usage Guide: This is an extended BGP capability.
Page 560 Command: neighbor {<ip-address>|<TAG>} default-originate [route-map <WORD>] neighbor {<ip-address>|<TAG>} default-originate [route-map <WORD>] Function:Configures whether enables transmitting default route to the specific neighbor. The “no neighbor {<ip-address>|<TAG>} default-originate [route-map <WORD>]” command configures not sending default route to neighbors Parameter:<ip-address>: IP address of the neighbor <TAG>: Name of the peer <WORD>...
Page 561 {<1-199>|<1300-2699>|<WORD>} {in|out} no neighbor {<ip-address>|<TAG>} distribute-list {<1-199>|<1300-2699>|<WORD>} {in|out} Function:Configure the policy applied in partner route update transmission. The “no neighbor {<ip-address>|<TAG>} distribute-list {<1-199>|<1300-2699>|<WORD>} {in|out}” command cancels the policy configuration Parameter: <ip-address>: Neighbor IP address <TAG>:Name of peer group <1-199>|<1300-2699>|<WORD>: Number or name of the access-list Default: Policy not applied Command Mode: BGP routing mode and address-family mode Usage Guide: Configure the policies with access-list command and apply this command...
Page 562 Command: neighbor {<ip-address>|<TAG>} ebgp-multihop [<1-255>] no neighbor {<ip-address>|<TAG>} ebgp-multihop [<1-255>] Function: Configures the EBGP neighbors can existing in different segment as well as its hop count (TTL). The “no neighbor {<ip-address>|<TAG>} ebgp-multihop [<1-255>]” set that the EBGP neighbors must be in the same segment Parameter:<ip-address>: Neighbor IP address <TAG>: Name of the peer group <1-255>: Allowed hop count...
Page 563 Example:Switch(config-router)#neighbor 10.1.1.66 enforce-multihop 14.8.3.52 neighbor filter-list Command: neighbor {<ip-address>|<TAG>} filter-list <.LINE> {<in>|<out>} no neighbor {<ip-address>|<TAG>} filter-list <.LINE> {<in>|<out>} Function:Access-list control for AS-PATH. The “no neighbor {<ip-address>|<TAG>} filter-list <.LINE> {<in>|<out>}” cancels the AS-PATH access-list control. Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group access-list name configured...
Page 564 14.8.3.54 neighbor maximum-prefix Command: neighbor {<ip-address>|<TAG>} maximum-prefix <1-4294967295> [<1-100> <warning-only>] no neighbor {<ip-address>|<TAG>} maximum-prefix <1-4294967295> [<1-100> <warning-only>] Function: Control the number of route prefix from the neighbor. The “no neighbor {<ip-address>|<TAG>} maximum-prefix <1-4294967295> [<1-100> <warning-only>]” command cancels this configuration Parameter: <ip-address>: Neighbor IP address <TAG>: Name of the peer <1-4294967295>: Max prefix value allowed <1-100>: Percentage of the max value at which it warns...
Page 565 command is for force self as the nexthop of the neighbor under IBGP. Example: Switch(config-router)#neighbor 10.1.1.66 next-hop-self 14.8.3.56 neighbor override-capability Command: neighbor {<ip-address>|<TAG>} override-capability no neighbor {<ip-address>|<TAG>} override-capability Function: Whether enable overriding capability negotiation. The “no neighbor command restores capability {<ip-address>|<TAG>} override-capability”...
Page 566 no neighbor < TAG> peer-group Function:Create/delete a peer group. The “no neighbor < TAG> peer-group” command deletes a peer group Parameter:<TAG>: Name of the peer group of which the largest length contains 256 characters Default: No peer group Command Mode: BGP routing mode and address-family mode Usage Guide: By configuring the peer group, a group of peers with the same attributes will be configured at the same time so to reduce the configuration staff labor.
Page 567 Default: Default port number is 179 Command Mode: BGP routing mode and address-family mode Usage Guide: This is a configuration when the partner may connect through ports not specified by BGP Example: Switch(config-router)#neighbor 10.1.1.64 port 1023 14.8.3.61 neighbor prefix-list Command: neighbor {<ip-address>|<TAG>} prefix-list...
Page 568 Command Mode: BGP routing mode and address-family mode Usage Guide: The BGP neighbors are completely generated through command configurations. A neighbor relationship can only be really established by mutual configuring. Partner AS number should be specified in configuration. The neighbor relationship can not be established when the AS number is incorrect.
Page 569 Command Mode: BGP routing mode and address-family mode. Usage Guide: First it has to configure route mapping under global mode by creating a route map with route-map command and configure the match condition and actions, then the command can be applied. Example: Switch(config)#route-map test permit 5 Switch(config-route-map)#match interface Vlan1...
Page 570 route-server-client” command cancels this configuration Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: Not configured Command Mode: BGP routing mode and address-family mode. Usage Guide: The route service is for reducing the peers when the router between AS is too much under EBGP environment.
Page 571 Switch(config-router)#neighbor 10.1.1.66 send-community 14.8.3.68 neighbor shutdown Command: neighbor {<ip-address>|<TAG>} shutdown no neighbor {<ip-address>|<TAG>} shutdown Disconnect neighbor connection. “no Function: neighbor {<ip-address>|<TAG>} shutdown” cancels this configuration Parameter: <ip-address>: Neighbor IP address <TAG>: Name of peer group Default: Not disconnecting Command Mode: BGP routing mode and address-family mode Usage Guide: Directly disconnect/connect to a peer (group) without canceling the neighbor configuration Example: Switch(config-router)#neighbor 10.1.1.64 shutdown...
Page 572 spreads with route. routes carrying SOO attributes will not be spreaded to a neighbor configured with the attribute Example: Switch(config)#ROUTER BGP 100 Switch(config-router)#address-family ipv4 vrf DC1 Switch(config-router-af)# neighbor 11.1.1.64 remote 200 Switch(config-router-af)# neighbor 11.1.1.64 soo 100:10 After this attribute set, the switch will no longer spreads the route with 100:10 rt attribute to 11.1.1.64.
Page 573 Command Mode: BGP routing mode and address-family mode Usage Guide:Send KEEPALIVE interval and HOLD TIME intervals sent in the peer connection. The hold time is the time period for maintain the connection when no message is received from the partner (such as KEEPALIVE). And the connection will be closed after this hold time.
Page 574 Switch(config)#access-list 10 permit 10.1.1.100 0.0.0.255 Switch(config)#route-map rmp permit 5 Switch(config-route-map)#match ip next-hop 10 Route with nexthop as 10.1.1.100 will not be restrained 14.8.3.75 neighbor update-source Command: neighbor {<ip-address>|<TAG>} update-source <IFNAME> no neighbor {<ip-address>|<TAG>} update-source <IFNAME> Function: Configure the update source. The “no neighbor {<ip-address>|<TAG>} update-source <IFNAME>“...
Page 575 Command: neighbor {<ip-address>|<TAG>} weight <0-65535> no neighbor {<ip-address>|<TAG>} weight [<0-65535>] Function: Configure the route weight sent from the partner. The “no neighbor {<ip-address>|<TAG>} weight [<0-65535>]” command restores the default value Parameter: <ip-address>:Neighbor IP address <TAG>:Name of IP address <0-65535>: Weight Default: The default weight acquired from other routers is 0.
Page 576 redistribute <ROUTES> [route-map <WORD>]” command cancels this configuration Parameter: <ROUTES>: Route source or protocol, including: connected, isis, kernel, ospf, rip, static, etc. <WORD>: Name of route map Default: None Command Mode: BGP routing mode. Usage Guide: Route from other ways will be distributed into the BGP route table with this command and transmitted to the neighbors Example: The static route is introduced into BGP with this configuration and advertised to the neighbors...
Page 577 Command Mode: Global mode Usage Guide: Enable BGP by specified AS, and then enter the config-router state, the protocol can be configured at this prompt. In case no bgp multiple-instance is configured while a BGP is enabled, enabling new BGP instance will return with error. If bgp multiple-instance is configured, you can enable several BGP however the name of the instance has to be specified with view parameter.
Page 578 In above example is created a VRF named DC1 with RD value 100:10. the RT is configured bilateral. The RT-VALUE is equal to RD. 14.8.3.83 set vpnv4 next-hop Command: set vpnv4 next-hop <ip-addr> no set vpnv4 next-hop <ip-addr> Function: Configure the nexthop of the VPNv4 route. Parameter: <ip-addr>is nexthop of vpnv4 route Command Mode:vrf mode Usage Guide: Configure VPNv4 route nexthop with this command.
Page 579: Configuration Examples Of Bgp
14.8.3.84 timers bgp Command: timers bgp <0-65535> <0-65535> no timers bgp [<0-65535> <0-65535>] Function: Configure all neighbor time in BGP. The “no timers bgp [<0-65535> <0-65535>]” command restores these times to default value Parameter: Respectively the KEEPALIVE interval and the hold time Default: KEEPALIVE is 60s, , HOLD TIME is 240s.
Page 580 SwitchB(config-router-bgp)#network 12.0.0.0 SwitchB(config-router-bgp)#network 13.0.0.0 SwitchB(config-router-bgp)#neighbor 11.1.1.1 remote-as 100 SwitchB(config-router-bgp)#neighbor 12.1.1.3 remote-as 200 SwitchB(config-router-bgp)#neighbor 13.1.1.4 remote-as 200 SwitchB(config-router-bgp)#exit The configurations of SwitchC are as following: SwitchC(config)#router bgp 200 SwitchC(config-router-bgp)#network 12.0.0.0 SwitchC(config-router-bgp)#network 13.0.0.0 SwitchC(config-router-bgp)#neighbor 12.1.1.2 remote-as 200 SwitchC(config-router-bgp)#neighbor 13.1.1.4 remote-as 200 SwitchC(config-router-bgp)#exit The configurations of SwitchD are as following: SwitchD(config)#router bgp 200 SwitchD(config-router-bgp)#network 13.0.0.0...
Page 581 specified route to all the neighbors. SwitchB(config-router-bgp)#aggregate 193.0.0.0/24 summary-only 14.8.4.3 Examples 3: configure BGP community attributes In the following sample, “route map set-community” is used for the outgoing update to neighbor 16.1.1.6. By accessing to route in table 1 to configure special community value to “1111”, other can be announced normally.
Page 582 Switch(config-route-map)#match community com2 Switch(config-route-map)#set local-preference 500 Switch(config-route-map)#exit Switch(config)#ip community-list com1 permit 100 200 300 Switch(config)#ip community-list com1 permit 900 901 Switch(config)#ip community-list com2 permit 88 Switch(config)#ip community-list com2 permit 90 Switch(config)#exit Switch#clear ip bgp 16.1.1.6 soft out 14.8.4.4 Examples 4: configure BGP confederation The following is the configuration of an AS.
Page 583 SwitchA: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 11.1.1.2 remote-as 200 SwitchB: SwitchB(config)#router bgp 10 SwitchB(config-router-bgp)#bgp confederation identifier 200 SwitchB(config-router-bgp)#bgp confederation peers 20 SwitchB(config-router-bgp)#neighbor 12.1.1.3 remote-as 10 SwitchB(config-router-bgp)#neighbor 13.1.1.4 remote-as 20 SwitchB(config-router-bgp)#neighbor 11.1.1.1 remote-as 100 SwitchC: SwitchC(config)#router bgp 10 SwitchC(config-router-bgp)#bgp confederation identifier 200 SwitchC(config-router-bgp)#bgp confederation peers 20 SwitchC(config-router-bgp)#neighbor 12.1.1.2 remote-as 10 SwitchD:...
Page 584 AS200 SwitchH vlan1:8.8.8.8 SwitchG(RR) AS100 vlan1:7.7.7.7 SwitchD(RR) vlan1:3.3.3.4 vlan1:3.3.3.3 SwitchC(RR) SwitchE vlan1:1.1.1.1 vlan1:6.6.6.6 vlan1:2.2.2.2 vlan1:5.5.5.5 SwitchA SwitchF SwitchB AS300 SwitchI vlan1:9.9.9.9 Fig 14-12 the Topological Map of Route Reflector The configurations are as following: The configurations of SwitchC: SwitchC(config)#router bgp 100 SwitchC(config-router-bgp)#neighbor 1.1.1.1 remote-as 100 SwitchC(config-router-bgp)#neighbor 1.1.1.1 route-reflector-client SwitchC(config-router-bgp)#neighbor 2.2.2.2 remote-as 100...
Page 585 SwitchD(config-router-bgp)#neighbor 5.5.5.5 remote-as 100 SwitchD(config-router-bgp)#neighbor 5.5.5.5 route-reflector-client SwitchD(config-router-bgp)#neighbor 6.6.6.6 remote-as 100 SwitchD(config-router-bgp)#neighbor 6.6.6.6 route-reflector-client SwitchD(config-router-bgp)#neighbor 3.3.3.3 remote-as 100 SwitchD(config-router-bgp)#neighbor 7.7.7.7 remote-as 100 The configurations of SwitchA: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 1.1.1.2 remote-as 100 SwitchA(config-router-bgp)#neighbor 9.9.9.9 remote-as 300 The SwitchA at this time needn’t to create IBGP connection with all the switches in the AS100 and could receive BGP route from other switches in the AS.
Page 586 The configurations of SwitchA: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 2.2.2.1 remote-as 300 SwitchA(config-router-bgp)#neighbor 3.3.3.2 remote-as 300 SwitchA(config-router-bgp)#neighbor 4.4.4.3 remote-as 400 The configurations of SwitchC: SwitchC(config)#router bgp 300 SwitchC (config-router-bgp)#neighbor 2.2.2.2 remote-as 100 SwitchC (config-router-bgp)#neighbor 2.2.2.2 route-map set-metric out SwitchC (config-router-bgp)#neighbor 1.1.1.2 remote-as 300 SwitchC (config-router-bgp)#exit SwitchC (config)#route-map set-metric permit 10 SwitchC (Config-Router-RouteMap)#set metric 120...
Page 587: Bgp Troubleshooting Help
passed SwitchD. Because SwitchC and SwitchB are not located in the same AS, the SwitchA will not do metric comparison between the two switches. If the metric comparison between different AS is needed, the command” bgp always-compare-med” will be used. If this command is configured, the routes passed SwitchB are the best to SwitchA.
Page 588 <ip-address/M>: IP address and the mask Default: None Command Mode: All mode Usage Guide: We can display BGP routing messages by different parameters (such as address-family or IPv4 address), or a route covered by a prefix, or only the routing message don’t match the earliest IP address-family (namely the route is not A or B or C type address.) Example:...
Page 589 Parameter: <ADDRESS-FAMILY>: Address-family, such as “ipv4 unicast” <TYPE>: Community attributes number show in AA:NN form or combination of local-AS, no-advertise, and no-export. Default: None Command Mode: All mode Usage Guide: We can choose several communities at a time, exact-match shows only the perfect match entries will be displayed.
Page 590 contained community as well. When displayed with its name, communities included in all the lists are contained Example: Switch(config)#ip community-list commu per 100:50 Switch#sh ip bgp community-list commu BGP table version is 25, local router ID is 10.1.1.64 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop...
Page 591 Reach ability Half-Life time : 15 min Reuse penalty : 750 Suppress penalty : 2000 Max suppress time : 60 min Un-reach ability Half-Life time : 15 min Max penalty (ceil) : 11999 Min penalty (floor) : 375 Total number of prefixes 1 14.8.5.1.7 show ip bgp filter-list Command: show ip bgp [<ADDRESS-FAMILY>]filter-list [<WORD >] Function: For displaying the routes in BGP meeting the specific AS filter list...
Page 592 Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path 100.1.1.0/24 10.1.1.68 0 300 10.1.1.64 0 100 Total number of prefixes 1 14.8.5.1.9 show ip bgp neighbors Command:show [<ADDRESS-FAMILY>] neighbors [IP-ADDRESS] [advertised-routes|received {prefix-filter|routes}|routes] Function: For displaying the BGP neighbor related messages Parameter: <ADDRESS-FAMILY>: Address-family, such as “ipv4 unicast”...
Page 593 Connections established 7; dropped 6 14.8.5.1.10 show ip bgp paths Command: show ip bgp [<ADDRESS-FAMILY>] paths Function: Display the path message permitted by BGP Parameter: <ADDRESS-FAMILY>: Address-family such as “ipv4 unicast” Default: None Command Mode: All modes Usage Guide: Display the BGP path message includes the utilization state. Example: Switch#sh ip bgp paths Address...
Page 594 Parameter: <ADDRESS-FAMILY>: >: address-family such as “ipv4 unicast” <WORD>: Regular expression Default: None Command Mode: All modes Usage Guide: Selecting the required route through regular expressions. Example: Switch#sh ip bgp quote-regexp ^300$ BGP table version is 2, local router ID is 11.1.1.100 Status codes: s suppressed, d damped, h history, * valid, >...
Page 595 14.8.5.1.14 show ip bgp route-map Command: show ip bgp [<ADDRESS-FAMILY>] route-map [<NAME>] Function: For displaying the BGP routes meets the specific related route map Parameter: <ADDRESS-FAMILY>: >:”“ipv4 unicast” “ address-family such as “ipv4 unicast” <NAME>: Name of route map Default: None Command Mode: All modes Usage Guide: Configure the route map with the route-map command, through which it can be displayed that process routes with route map.
Page 596 Default: None Command Mode: All modes Usage Guide: Display some basic summary information of BGP Example: Switch#show ip bgp summary BGP router identifier 10.1.1.66, local AS number 200 BGP table version is 1 1 BGP AS-PATH entries 0 BGP community entries Neighbor AS MsgRcvd MsgSent TblVer...
Page 597: Mbgp4
Function: Display the BGP VPN routing messages Parameter: <rd-val> is the route identification label which is normally the （AS number or IP address）: digits, such as 100:10; <vrf-name> is the name of VRF, created through if vrf<vrf-name> command Command Mode: All modes Usage Guide: Available to display by specified RD or VRF.
Page 598: Mbgp4+ Configures Mission List
14.9.2 MBGP4+ Configures Mission List 1.Configure IPv6 neighbor 2.Configure and enable IPv6 address family 1.Configure IPv6 neighbor Command Explanation Protocol Configuration Mode neighbor <X:X::X:X> remote-as Configure IPv6 neighbor <as-id> 2.Configure and activate IPv6 address family Command Explanation BGP Protocol Configuration Mode Enter IPv6 unicast address family address-family IPv6 unicast protocol...
Page 599 SwitchA(config-router-bgp)#address-family IPv6 unicast SwitchA(config-router-af)#neighbor 2001::2 activate SwitchA(config-router-af)#exit-address-family SwitchA(config-router-bgp)#exit SwitchA(config)# SwitchB configuration as follows: SwitchB(config)#router bgp 200 SwitchB(config-router-bgp)#neighbor 2001::1 remote-as 100 SwitchB(config-router-bgp)#neighbor 2002::3 remote-as 200 SwitchB(config-router-bgp)#neighbor 2003::4 remote-as 200 SwitchB(config-router-bgp)#address-family IPv6 unicast SwitchB(config-router-af)#neighbor 2001::1 activate SwitchB(config-router-af)#neighbor 2002::3 activate SwitchB(config-router-af)#neighbor 2003::4 activate SwitchB(config-router-af)#exit-address-family SwitchB(config-router-bgp)#exit SwitchB(config)#...
Page 600: Mbgp4+ Troubleshooting Help
Here the connection between SwitchB and SwitchA is EBGP, and the connection between SwitchC and SwitchD is IBGP. The BGP connection can be processed between SwitchB and SwitchD without physical link, but the premise is a route which reaches from one switch to the other switch.
Page 601: Chapter 15 Igmp Snooping
Chapter 15 IGMP Snooping 15.1 Introduction to IGMP Snooping IGMP (Internet Group Management Protocol) is a protocol used in IP multicast. IGMP is used by multicast enabled network device (such as a router) for host membership query, and by hosts that are joining a multicast group to inform the router to accept packets of a certain multicast address.
Page 602 Global Mode Enables IGMP Snooping for specified ip igmp snooping vlan <vlan-id> VLAN no ip igmp snooping vlan <vlan-id> Sets the specified VLAN the port for igmp snooping vlan <vlan-id> connecting M-router mrouter interface <interface –name> no ip igmp snooping vlan <vlan-id> mrouter Enables IGMP Snooping in the specified igmp...
Page 603: Command For Igmp Snooping
15.3 Command For IGMP Snooping 15.3.1 ip igmp snooping vlan Command:ip igmp snooping vlan <vlan-id> no ip igmp snooping vlan <vlan-id> Function: Enable the IGMP Snooping function for the specified VLAN: the “no ip igmp snooping vlan <vlan-id>“ command disables the IGMP Snooping function for the specified VLAN.
Page 604: Ip Igmp Snooping Vlan Limit
Parameter: vlan-id: is ID number of the VLAN, ranging between <1-4094> Command Mode: Global mode Default: vlan is not as the IGMP Snooping layer 2 general querier Usage Guide: It is recommended to configure a layer 2 general querier on a segment. IGMP Snooping function will be enabled by this command if not enabled on this vlan before configuring this command, IGMP Snooping function will not be disabled when disabling the layer 2 general querier function.
Page 605: Ip Igmp Snooping Vlan Mrpt
Parameter: vlan-id: ranging between <1-4094> ehternet: Name of Ethernet port ifname: Name of interface port-channel: Port aggregation Command Mode: Global mode Default: No static mrouter port on vlan by default. Usage Guide: When a port is a static mrouter port while also a dynamic mrouter port, it should be taken as a static mrouter port.
Page 606: Ip Igmp Snooping Vlan Query-Mrsp
15.3.8 ip igmp snooping vlan query-mrsp Command: ip igmp snooping vlan <vlan-id> query-mrsp <value> no ip igmp snooping vlan <vlan-id> query-mrsp Function: Configure the maximum query response period. The “no ip igmp snooping vlan <vlan-id> query-mrsp” command restores to the default value Parameter: vlan-id: vlan id , ranging between <1-4094>...
Page 607: Igmp Snooping Example
Usage Guide: This command can only be configured on L2 general querier. The Suppression-query-time refers to the period of suppression state in which the querier enters when receives query from the layer 3 IGMP in the segments. Example: Switch(config)#ip igmp snooping vlan 2 suppression-query-time 270 15.4 IGMP Snooping Example Scenario 1.
Page 608 Group1 and Group2, three of four hosts running multicast applications are connected to port 2, 6, 10 plays program1, while the host is connected to port 12 plays program 2. IGMP Snooping listening result: The multicast table built by IGMP Snooping in VLAN 100 indicates ports 1, 2, 6, 10 in Group1 and ports 1, 12 in Group2.
Page 609: Igmp Snooping Troubleshooting Help
The configuration steps are listed below: SwitchA#config SwitchA(Config)#ip igmp snooping SwitchA(Config)#ip igmp snooping vlan 60 query SwitchB#config SwitchB(Config)#ip igmp snooping SwitchB(Config)#ip igmp snooping vlan 100 SwitchB(Config)#ip igmp snooping vlan 100 mrouter interface ethernet 1/1 Multicast Configuration The same as scenario 1. IGMP Snooping listening result: Similar to scenario 1.
Page 610 Command:debug ip igmp snooping no debug ip igmp snooping Function: Enable the IGMP Snooping debug function: the “ no debug ip igmp snooping” command disables this debug function. Command mode: Admin Mode Default: IGMP Snooping debug is disabled by default. Usage Guide: Use this command to enable IGMP Snooping debug, IGMP packet processing information can be displayed.
Page 611 -------------------------------- Displayed Information Explanation Global igmp snooping status Whether the global igmp snooping switch on the switch is on L3 multicasting whether the layer 3 multicast protocol of the switch is running Igmp snooping is turned on for which vlans on the switch is enabled with igmp vlan 1(querier) snooping function, whether they are l2-general-querier 2.Display the IGMP Snooping summary messages of vlan1.
Page 612 keep-alive time Igmp snooping Suppression timeout of vlan when as l2-general-querier query-suppression time IGMP Snooping Connect Group membership this vlan, namely Group Membership correspondence between ports and (S,G) Igmp snooping vlan 1 mrouter mrouter port of the vlan, including both static and port dynamic 15.5.1.4 show mac-address-table multicast...
Page 613: Chapter 16 Multicast Vlan
Chapter 16 Multicast VLAN 16.1 Introduction To Multicast VLAN Based on current multicast order method, when orders from users in different VLAN, each VLAN will copy a multicast traffic in this VLAN, which is a great waste of the bandwidth. By configuration of the multicast VLAN, we add the switch port to the multicast VLAN, with the IGMP Snooping functions enabled, users from different VLAN will share the same multicast VLAN.
Page 614: Commands For Multicast Vlan
command disables the IGMP Snooping on the multicast vlan Enable the IGMP Snooping function. The ip igmp snooping “no” form of this command disables the no ip igmp snooping IGMP snooping function 16.3 Commands For Multicast VLAN 16.3.1 multicast-vlan Command:multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN;...
Page 615: Examples Of Multicast Vlan
Usage Guide: After a VLAN is associated with the multicast VLAN, when there comes the multicast order in the port of this VLAN, then the multicast data will be sent from the multicast VLAN to this port, so to reduce the data traffic. The VLAN associated with the multicast VLAN should not be a Private VLAN.
Page 616 SwitchA (config-vlan10)exit SwitchA (config)#interface vlan 10 Switch A (Config-if-Vlan10)#ip pim dense-mode Switch A (Config-if-Vlan10)#exit SwitchA (config)#vlan 20 SwitchA (config-vlan20)#multicast-vlan SwitchA (config-vlan20)#exit SwitchA (config)#ip igmp snooping SwitchA (config)#ip igmp snooping vlan 20 SwitchA (config)#interface vlan 20 SwitchA(Config-if-Vlan20)#ip pim dense-mode SwitchA(Config-if-Vlan20)#exit SwitchA (config)#ip pim multicast SwitchA (config)# interface ethernet1/10 SwitchA (Config-Ethernet1/10)switchport mode trunk SwitchB #config...
Page 617: Chapter 17 Ipv4 Multicast Protocol
Chapter 17 IPv4 Multicast Protocol 17.1 IPv4 Multicast Protocol Overview This chapter will give an introduction to the configuration of IPv4 Multicast Protocol. All IPs in this chapter are IPv4. 17.1.1 Introduction to Multicast Various transmission modes can be adopted when the destination of packet (including data, sound and video) transmission is the minority users in the network.
Page 618: Multicast Address
Optimize performance: reduce redundant traffic Distributed application: Enable Multipoint Application 17.1.2 Multicast Address The destination address of Multicast message uses class D IP address with range from 224.0.0.0 to 239.255.255.255. D class address can not appear in the source IP address field of an IP message.
Page 619: Ip Multicast Packet Transmission
224.0.0.9 RIP-2 Router 224.0.0.10 IGRP Router 224.0.0.11 Active Agent 224.0.0.12 DHCP Server/Relay Agent 224.0.0.13 All PIM Routers 224.0.0.14 RSVP Encapsulation 224.0.0.15 All CBT Routers 224.0.0.16 Specified SBM 224.0.0.17 All SBMS 224.0.0.18 VRRP When Ethernet transmits Unicast IP messages, the destination MAC address it uses is the receiver’s MAC address.
Page 620: Ip Multicast Application
then the data packet is forwarded according to Multicast forward item, and the data packet will be discarded elsewise. 17.1.4 IP Multicast Application IP Multicast technology has effectively solved the problem of sending in single point and receiving in multipoint. It has achieved the effective data transmission from a point to multiple points, saved a great deal of network bandwidth and reduced network load.
Page 621 some Multicast Source begins to send data to a Multicast Group G, after receiving the Multicast packet, the router will make RPF check first according to the Unicast table. If the check passes, the router will create a (S, G) table entry and transmit the Multicast packet to all downstream PIM-DM nodes on the network (Flooding).
Page 622: Pim-Dm Configuration Task List
17.2.2 PIM-DM Configuration Task List 1、 Setup PIM-DM (Required) 2、 Configure PIM-DM auxiliary parameters (Optional) （1） Configure PIM-DM interface parameters Configure PIM-DM hello message interval Configure PIM-DM lstate-refresh origination-interval 3、 3. Disable PIM-DM Protocol 1. Setup PIM-DM Protocol The basic configuration to function PIM-DM routing protocol on EDGECORE series Layer 3 switch is very simple.
Page 623: Command For Pim-Dm
Configure interface PIM-DM hello message state-refresh interval; “no origination-interval state-refresh origination-interval” command restores the state-refresh default value. origination-interval 3. Disable PIM-DM Protocol Command Explanation Interface configuration mode Disable PIM-DM protocol on the interface no ip pim dense-mode Global Mode Disable PIM-DM Protocol in global mode. no ip pim multicast-routing 17.2.3 Command for PIM-DM 17.2.3.1 ip pim dense-mode...
Page 624: Pim-Dm Configuration Examples
range from 1s to 18724s. Default: Default interval of periodly transmitted PIM-DM hello message as 30s. Command Mode: Interface Configuration Mode. Usage Guide: Hello message makes PIM-DM switch mutual location, and ensures neighborship. PIM-DM switch announces existence itself by periodly transmitting hello messages to neighbors.
Page 625: Pim-Dm Troubleshooting
SwitchB SwitchA vlan 1 Vlan 2 Vlan 1 Vlan 2 Fig 17-1 PIM-DM Typical Environment The configuration procedure for SwitchA and SwitchB is as follows: (1) Configure SwitchA: Switch (Config)#ip pim multicast-routing Switch (Config)#interface vlan 1 Switch(Config-if-Vlan1)# ip address 10.1.1.1 255.255.255.0 Switch(Config-if-Vlan1)# ip pim dense-mode Switch(Config-if-Vlan1)#exit Switch (Config)#interface vlan2...
Page 626 should pay attention to the following issues: To assure that physical connection is correct. To assure the Protocol of Interface and Link is UP (use show interface command); To assure PIM Protocol is enabled in Global Mode (use ipv6 pim multicast-routing ) Enable PIM-DM Protocol on the interface (use ipv6 pim dense-mode command) Multicast Protocol requires RPF Check using Unicast routing;...
Page 627 event, debug pim packet, debug pim nexthop, debug pim nsm, debug pim mfc, debug pim timer, debug pim state, refer to PIM-SM manual section. 17.2.5.1.3 show ip pim mroute dense-mode Command: show ip pim mroute dense-mode [group <A.B.C.D>] [source <A.B.C.D>] Function: Display PIM-DM message forwarding items.
Page 628: Pim-Sm
PRUNED(Upstream stops forwarding data), ACKPENDING(waiting for upstream response, forwarding upstream data) Origin State The two states: ORIGINATOR(on transmit state-refresh state), NON_ORIGINATOR(on non_transmit state-refresh state) Local Local position joins interface, the interface receives IGMP Join Pruned prunes interface, interface receives Prune messages Asserted Asserted state Outgoing...
Page 629 Protocol but make RPF Check using existing Unicast routing table. 1. PIM-SM Working Principle The central working processes of PIM-SM are: Neighbor Discovery, Generation of RP Shared Tree (RPT), Multicast source registration, SPT Switch, etc. We won’t describe the mechanism of Neighbor Discovery here since it is same as that of PIM-DM. (1) Generation of RP Shared Tree (RPT) When a host joins a Multicast Group G, the leaf router that is connected to this host directly finds out through IGMP message that there is a receiver of Multicast Group G,...
Page 630: Pim-Sm Configuration Task List
messages sent by candidate RPs and broadcast them. Only one BSR can exist within a network, but more than one C-BSR (Candidate-BSR) can be configured. In this way, if some BSR goes wrong, it can switch to another. C-BSRs elect BSR automatically. 17.3.2 PIM-SM Configuration Task List 1、...
Page 631 Configure interface PIM-SM hello message ip pim hello-interval < interval> interval; the “no ip pim hello-interval” no ip pim hello-interval command restores the default value. 2）Configure PIM-SM hello message holdtime Command Explanation Interface Configuration Mode Configure the value of holdtime field in ip pim hello-holdtime <value>...
Page 632: Command For Pim-Sm
This command is the global candidate RP configuration command, which is used to ip pim rp-candidate { vlan < configure information PIM-SM vlan-id >| <ifname>} candidate RP so that it can compete for RP [<A.B.C.D/M>][<priority>] router with other candidate RPs. The “no ip (no) ip pim rp-candidate pim rp-candidate”...
Page 633 Command Mode: Global Mode Usage Guide: This command is used to configure the access-list filtering the PIM REGISTER packets.The addresses of the access-list respectively indicate the filtered multicast sources and multicast groups’ information. For the source-group combinations that match DENY, PIM sends REGISTER-STOP immediately and does not create group records when receiving REGISTER packets.Unlike other access-list,when the access-list is configured ,the default value is PERMIT.
Page 634 use the whole packet’s length. Default: Compute the checksum according to the regester packets’s head length, default: Parameter: <simple-acl>: <1-99> Simple access-list <simple-acl>: <1-99> Simple access-list Command Mode: Global Mode Usage Guide: This command is uesd to interact with older Cisco IOS version. Example: Configure the register packet’s ckecksum of the group specified by myfilter to use the whole packet’s length.
Page 635 17.3.3.6 ip pim hello-holdtime Command: ip pim hello-holdtime <value> no ip pim hello-holdtime Function: Configure or disable the Holdtime option in the Hello packets,this value is to describe neighbore holdtime,if the switch hasn’t received the neighbore hello packets when the holdtime is over, this neighbore is deleted. The “no ip pim hello-holdtime” command cancels configured holdtime value and restores default value.
Page 636 Switch(Config-If-Vlan1)#ip pim hello-interval 20 Switch(Config-If-Vlan1)# 17.3.3.8 ip pim ignore-rp-set-priority Command: ip pim ignore-rp-set-priority no ip pim ignore-rp-set-priority Function: When RP selection is carried out, this command configure the switch to enable Hashing regulation and ignore RP priority. This command is used to interact with older Cisco IOS versions.
Page 637 Usage Guide: Enable PIM-SM globally.The interface must enable PIM-SM to have PIM-SM work Example: Enable PIM-SM globally. Switch (Config)#ip pim multicast-routing 17.3.3.11 ip pim neighbor-filter Command: ip pim neighbor-filter{<list-number>} no ip pim neighbor-filter{<list-number>} Function: Configure the neighbore access-list. If filtered by the lists and connections with neighbors are created, this connections are cut off immediately.
Page 638 Command Mode: Global Mode Usage Guide: This configuration is to prevent the attack to DR, limiting sending REGISTER packets. Example: Configure the speedrate of DR sending register packets to 59 p/s. Switch (config)#ip pim register-rate-limit 59 17.3.3.13 ip pim register-rp-reachability Command: ip pim register-rp-reachability no ip pim register-rp-reachability Function:This command makes DR check the RP reachability in the process of...
Page 639 17.3.3.15 ip pim register-suppression Command: ip pim register-suppression <value> no ip pim register-suppression Function: This command is to configure the value of register suppression timer,the unit is second. The “no ip pim register-suppression” command restores the default value. Parameter: <value> is the timer’s value,it ranges from 1 to 65535s. Default: 60s Command Mode: Global Mode Usage Guide: If this value is configured at DR,it’s the value of register suppression timer;...
Page 640 configure PIM-SM candidate RP information in order to compete RP router with other candidate RPs. The “no ip pim rp-candiate” command cancels the candidate RP. Parameter: vlan-id isVlan ID; ifname is the name of the specified interface; A.B.C.D/M is the ip prefix and mask; <priority>...
Page 641: Pim-Sm Configuration Examples
packets) and only enable IGMP(reveice and transmit IGMP packets). Default: Do not enable PIM-SM Command Mode: Interface Configuration Mode Usage Guide: Enable PIM-SM on the interface. Example: Enable PIM-SM on the interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip pim sparse-mode Switch(Config-If-Vlan1)# 17.3.3.20 ip pim ssm Command: ip pim ssm {default|range <access-list-number >}...
Page 642 SwitchB, switchC and switchD to corresponding vlan, and enable PIM-SM Protocol on each vlan interface. SwitchB SwitchA Vlan 2 rp Vlan 2 Vlan 1 Vlan 1 Vlan 2 bsr SwitchC SwitchD Vlan 2 Vlan 3 Vlan 1 Vlan 1 vlan 3 Fig 17-2 PIM-SM Typical Environment The configuration procedure for SwitchA, SwitchB, switchC and switchD is as follows:...
Page 643: Pim-Sm Troubleshooting
Switch(Config-If-Vlan2)# exit Switch (Config)# ip pim rp-candidate vlan2 (3) Configure SwitchC: Switch (Config)#ip pim multicast-routing Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip address 34.1.1.3 255.255.255.0 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-If-Vlan2)# ip address 13.1.1.3 255.255.255.0 Switch(Config-If-Vlan2)# ip pim sparse-mode Switch(Config-If-Vlan2)#exit Switch (Config)#interface vlan 3 Switch(Config-If-Vlan3)# ip address 30.1.1.1 255.255.255.0...
Page 644 caused by physical connection or incorrect configuration. Therefore, the user should pay attention to the following issues: Assure that physical connection is correct; Assure the Protocol of Interface and Link is UP (use show interface command); Assure that PIM Protocol is enabled in Global Mode (use ip pim multicast-routing) Assure that PIM-SM is configured on the interface (use ip pim sparse-mode);...
Page 645 Example: Switch# debug ip pim mfc 17.3.5.1.3 debug pim mib Command: debug pim mib no debug pim mib Function: Enable or Disable PIM MIB debug switch Parameter: None Default: Disabled Command Mode: Admin Mode and Global Mode Usage Guide: Inspect PIM MIB information by PIM MIB debug switch. It’s not available now and it’s for the future extension.
Page 646 Function: Enable or Disable pim debug switch Parameter: in display only received pim packets out display only transmitted pim packets none display both Default: Disabled Command Mode: Admin Mode and Global Mode Usage Guide: Inspect the received and transmitted pim packets by this switch. Example:Switch# debug ip pim packet in 17.3.5.1.7 debug pim state Command: debug pim state...
Page 647 debug pim timer register no debug pim timer no debug pim timer assert no debug pim timer assert at no debug pim timer bsr bst no debug pim timer bsr crp no debug pim timer bsr no debug pim timer hello ht no debug pim timer hello nlt no debug pim timer hello tht no debug pim timer hello...
Page 648 Uptime: 00:06:07, BSR Priority: 0, Hash mask length: 10 Next bootstrap message in 00:00:00 Role: Candidate BSR State: Elected BSR Next Cand_RP_advertisement in 00:00:58 RP: 10.1.4.3(Vlan1) Displayed Information Explanations BSR address Bsr-router Address Priority Bsr-router Priority Hash mask length Bsr-router hash mask length State The current state of this candidate BSR, Elected BSR is selected BSR...
Page 649 Parameter: group <A.B.C.D>: Display redistributed items that related to this multicast address source <A.B.C.D>: Display redistributed items that related to this source Default: None Command Mode: Admin Mode and Global Mode Usage Guide: Display the BSP routers in the network maintained by PIM-SM. Example: testS2#show ip pim mroute sparse-mode IP Multicast Routing Table (*,*,RP) Entries: 0...
Page 650 Asserted Asserted state Outgoing Final outgoing of multicast data, in this example,the index of the outgoing interface is 2. Command “show ip pim interface” can query interface information. 17.3.5.1.12 show ip pim neighbor Command: show ip pim neighbor Function: Display router neighbors Parameter: None Default: None Command Mode: Admin Mode and Global Mode...
Page 651 Flags: N = New, R = RP, S = Source, U = Unreachable Destination Type Nexthop Nexthop Nexthop Nexthop Metric Pref Refcnt Addr Ifindex Name 192.168.1.1 N... 1 0.0.0.0 2006 192.168.1.9 ..S. 1 0.0.0.0 2006 Displayed Information Explanations Destination Destination of next item Type N: created nexthop,RP direction and S direction are not determined .
Page 652: Dvmrp
Usage Guide: Display the current RP and mapping relationship. Example: testS2(Config-if-Vlan1)#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4 RP: 10.1.6.1 Info source: 10.1.6.1, via bootstrap, priority 6 Uptime: 00:11:04 Displayed Information Explanations Group(s) Group address range of RP Info source Source of Bootstrap messages Priority...
Page 653 downstream interfaces. If not, then probably there is failure, and the Multicast packet is discarded. Since not all switches support Multicast, DVMRP supports tunnel multicast communication, tunnel is a method to send multicast data report among DVMRP switches separated by switches which don’t support multicast routing. Multicast data packets are encapsulated in unicast data packets and directly sent to the next switch which supports multicast.
Page 654: Configuration Task List
correct value is 1 to 2* infinity (32) -1 or 1 to 63, 1 to 63 means it can get to source network, 32 means source network is not arrivable, 33 to 63 means the switch which generates the report message will receive multicast packets from specific source depending on upstream router.
Page 655: Command For Dvmrp
message number each time it transmits. 2）Configure metric value of DVMRP interface 3）Configure if DVMRP is able to set up neighbors with DVMRP routers which can not Prune/Graft Command Explanation Interface Configuration Mode Configure the delay of transmitting DVMRP report message on interface and the message ip dvmrp output-report-delay number each time it transmits, the “no ip <delay_val>...
Page 656 Command Mode: Interface Configuration Mode Usage Guide:The interface processes DVMRP protocol messages, only excuting DVMRP protocol on interface. Example: Enable DVMRP Protocol on interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-vlan1)#ip dvmrp 17.4.3.2 ip dvmrp metric Command: ip dvmrp metric <metric_val> no ip dvmrp metric Function: Configure interface DVMRP report message metric value;...
Page 657 17.4.3.4 ip dvmrp output-report-delay Command: ip dvmrp output-report-delay <delay_val> [<burst_size>] no ip dvmrp output-report-delay Function: Configure the delay of DVMRP report message transmitted on interface and transmitted message quantity every time, the “no ip dvmrp output-report-delay” command restores default value. Parameter: <delay_val>...
Page 658: Dvmrp Configuration Examples
Default: Default: Do not Configure DVMRP tunnel. Command Mode: Global Mode Usage Guide: Because not all of switches support multicast, DVMRP supports tunnel multicast communication. The tunnel is a way of transmitted multicast data packet among DVMRP switches partitioned off switches without supporting multicast routing. It acts as a virtual network between two DVMRP switches.
Page 659: Dvmrp Troubleshooting
Switch(Config-if-Vlan1)# ip address 12.1.1.2 255.255.255.0 Switch(Config-if-Vlan1)# ip dvmrp Switch(Config-if-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-if-Vlan2)# ip address 20.1.1.1 255.255.255.0 Switch(Config-if-Vlan2)# ip dvmrp Since DVMRP itself does not rely on Unicast Routing Protocol, it is not necessary to configure Unicast Routing Protocol. This is the difference from PIM-DM and PIM-SM. 17.4.5 DVMRP TroubleShooting In configuring and using DVMRP Protocol, DVMRP Protocol might not operate normally caused by physical connection or incorrect configuration.
Page 660 |route]|nsm|mfc|mib|timer[probe[probe-timer|neigbor-expiry-timer]|prun e[prune-expiry-timer|prune-retx-timer|graft-retx-timer]|route[report-timer |flash-upd-timer|route-expirytimer|route-holdown-timer|route-burst-timer ]]|packet[[probe [in|out] | report [in|out | prune [in|out] raft [in|out] | graft-ack [in|out] |in|out]]|all] Function: Display DVMRP protocol debugging message; the “no debug dvmrp [events[neighbor|packet|igmp|kernel|prune [detail] |route]| nsm| mfc|mib|timer [probe[probe-timer|neigbor-expiry-timer]| prune[prune-expiry-timer|prune-retx-timer|graft-retx-timer]| route[report-timer|flash-upd-timer|route-expirytimer| route-holdown-timer|route-burst-timer]] |packet[[probe [in|out] | report [in|out | prune [in|out] raft [in|out] | graft-ack [in|out] |in|out]]|all]”...
Page 661 17.4.5.1.3 show ip dvmrp interface Command: show ip dvmrp interface [<ifname>] Function: Display DVMRP interface Parameter: <ifname> is interface name, namely displaying configured interface information of specified interface. Default: Do not display (Off) Command Mode: Any Configuration Mode Example: Switch #show ip dv in vlan4 Address Interface Ver.
Page 662 Neighbor Address Neighbor address Interface Detect the neighbor’s interface Uptime/Expires The neighbor uptime/expire time Maj Ver Major version Min Ver Mini version Cap Flg Capacity flag 17.4.5.1.5 show ip dvmrp pr Command: show ip dvmrp pr [{group <A.B.C.D> [detail]}|{source <A.B.C.D/M> group <A.B.C.D>...
Page 663: Ecscm
Example: Display DVMRP routiing. Switch #show ip dv route Flags: N = New, D = DirectlyConnected, H = Holddown Network Flags Nexthop Nexthop Metric Uptime Exptime Xface Neighbor 10.1.35.0/24 Vlan2 Directly Connected 00:11:16 00:00:00 13.1.1.0/24 Vlan1 Directly Connected 00:10:22 00:00:00 Displayed Information Explanations Network...
Page 664: Ecscm Configuration Task List
control logic includes the following three, i.e. to take control based on VLAN+MAC address transmitting packets, to take control based on IP address of transmitting packets and to take control based on the port where messages enter, in which IGMP snooping can use the above three methods to take control simultaneously, while since IGMP model is located at layer 3, it only takes control over the IP address transmitting packets.
Page 665 Command Explanation Global Configuration Mode [no] access-list <5000-5099> {deny|permit} {{<source> <source-wildcard>}|{host-source The rule used to configure source control. <source-host-ip>}|any-source} This rule does not take effect until it is applied {{<destination> to specified port. Using the NO form of it can <destination-wildcard>}|{host-de delete specified rule.
Page 666 Next is to configure destination control rule. It is similar to source control, except to use ACL No. of 6000-7999. Command Explanation Global Configuration Mode The rule used to configure source [no] access-list <6000-7999> {deny|permit} control. This rule does not take {{<source>...
Page 667: Command For Ecscm
Command Explanation Global Configuration Mode Configure multicast strategy, specify priority for sources and groups in [no] ip multicast policy <IPADDRESS/M> specific range, and the range is <IPADDRESS/M> cos <priority> <0-7> 17.5.3 Command For ECSCM 17.5.3.1 access-list (Multicast Source Control) Command:access-list<5000-5099>{deny|permit}ip{{<source><source-wildcard>}|{h ost-source<source-host-ip>}|any-source}{{<destination><destination-wild card>}|{host-destination<destination-host-ip>}|any-destination} Noaccess-list<5000-5099>{deny|permit}ip{{<source><source-wildcard>}|{h...
Page 668 not 0.0.0.0/0 in other access-list. Example:Switch(config)#access-list 5000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 17.5.3.2 access-list (Multicast Destination Control) Command:access-list<6000-7999>{deny|permit}ip{{<source><source-wildcard>}|{h ost-source<source-host-ip>}|any-source}{{<destination><destination-wi ldcard>}|{host-destination <destination-host-ip>}|any-destination} noaccess-list<6000-7999>{deny|permit}ip{{<source><source-wildcard>}| {host-source<source-host-ip>}|any-source}{{<destination><destination- wildcard>}|{host-destination <destination-host-ip>}|any-destination} Function:Configure destination control multicast access-list,the “no access-list <6000-7999>{deny|permit}ip{{<source><source-wildcard>}|{host-source<source-ho st-ip>}|any-source}{{<destination><destination-wildcard>}|{host-destination <destination-host-ip>}|any-destination}” command deletes the access-list. Parameter: <6000-7999>: destination control access-list number.
Page 669 Function:Configure multicast destination-control access-list used on interface, the “no ip deletes multicast destination-control access-group<6000-7999>“command configuration. Parameter: <6000-7999>: destination-control access-list number. Default: None Command Mode: Interface Configuration Mode Usage Guide:The command is only working under global multicast destination-control enabled, after configuring the command, if IGMP-SPOOPING is enabled, for adding the interface to multicast group, and match configured access-list, such as matching: permit, the interface can be added, otherwise do not be add.
Page 670 <6000-7999> Function: Configure multicast destination-control access-list used on specified net segment, the “no ip multicast destination-control <IPADDRESS/M> access-group <6000-7999>“ command deletes this configuration. Parameter: <IPADDRESS/M>: IP address and mask length;; <6000-7999>: Destination control access-list number. Default: None Command Mode: Global Mode Usage Guide: The command is only working under global multicast destination-control enabled, after configuring the command, if IGMP-SPOOPING or IGMP is enabled, for adding the members to multicast group.If configuring multicast destination-control to...
Page 671 <IPADDRESS/M> cos” command deletes it. Parameter:<IPADDRESS>: are multicast source address, source adapter identifier, destination address, and destination adapter identifier separately. <IPADDRESS/M>: are multicast source address, mask length, destination address, and mask length separately. <priority>: specified priority, range from 0 to 7 Default: None Command Mode: Global Mode Usage Guide:The command configuration modifies to a specified value through the...
Page 672: Ecscm Configuration Examples
Default: None Command Mode: Interface Configuration Mode Usage Guide: The command configures with only enabling global multicast source control. After that, it will match multicast data message imported from the interface according to configured access-list, such as matching: permit, the message will be received and forwarded;...
Page 673: Ecscm Troubleshooting
Switch(config)#ip multicast destination-control Switch(config)#ip multicast destination-control 10.0.0.0/8 access-group 6000 In this way, users of this network segment can only join groups other than 238.0.0.0/8. Multicast strategy Server 210.1.1.1 is distributing important multicast data on group 239.1.2.3, we can configure on its join-in switch as follows: Switch(config)#ip multicast policy 210.1.1.1/32 239.1.2.3/32 cos 4 In this way, the multicast stream will have a priority of value 4 (Uausally this is pretty higher, the higher possible one is protocol data;...
Page 674 ip multicast destination-control 1 00-03-05-07-09-11 access-group 6001 multicast destination-control access-group 6000 used on interface Ethernet 17.5.5.1.2 show ip multicast destination-control access-list Command: show ip multicast destination-control access-list show ip multicast destination-control access-list <6000-7999> Function: Display destination control multicast access-list of configuration. Parameter: <6000-7999>: access-list number.
Page 675: Igmp
Usage Guide: The command displays multicast source control rules of configuration, including detail option, and access-list information applied in detail Example: Switch#show ip multicast source-control detail ip multicast source-control is enabledInterface Ethernet use multicast source control access-list 5000 access-list 5000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 access-list 5000 deny ip 10.1.1.0 0.0.0.255 233.0.0.0 0.255.255.255 17.5.5.1.5 show ip multicast source-control access-list Command: show ip multicast source-control access-list...
Page 676 And the host only needs to save which multicast groups it joined. IGMP is asymmetric between host and router: the host needs to respond the IGMP query messages of multicast switches, i.e. to report message response in membership; the switch sends out membership query messages periodically, and then determine if there are hosts of some specific group joining in the sub-network it belongs to based on the received response message, and send out query of specific group (IGMP version2) when receiving the report of a host exiting the group to determine if there exists no...
Page 677: Configuration Task List
response time of the host to group query message. The main features of version3 is allowing the host to choose receiving from or rejecting a certain source, which is the basis of SSM （Source-Specific Multicast） multicast. For example, when a host is sending a report of INCLUDE{10.1.1.1, 10.1.1.2} to some group G, that means the host needs the router to forward the flux from 10.1.1.1 and 10.1.1.2;...
Page 678 3、 Disable IGMP Protocol Enable IGMP Protocol There is not specific command for enabling IGMP Protocol on the Layer 3 switch. Enabling any multicast protocol under corresponding interface will automatically enable IGMP. Command Explanation Global Mode To enable global multicast protocol is the prerequisite to enable IGMP protocol, the “no ip dvmrp multicast-routing | ip ip dvmrp multicast-routing | no ip pim...
Page 679: Command For Igmp
（2）Configure IGMP Query parameters 1）Configure interval for IGMP to send query messages 2）Configure the maximum response time of IGMP query 3）Configure the time-out of IGMP query Command Explanation Interface Configuration Mode Configure interval IGMP query messages sent periodically; the “no ip igmp ip igmp query-interval <time_val>...
Page 680 Command:ip igmp access-group {<acl_num | acl_name>} no ip igmp access-group Function: Configure interface to filter IGMP group; the “no ip igmp access-group” command cancels the filter condition Parameter: {<acl_num | acl_name>} is SN or name of access-list, value range of acl_name is from 1 to 99.
Page 681 Parameter: <interval> is interval of specified group query, range from 1000ms to 25000ms; the value is integer times of 1000ms, namely if input value is not integer times of 1000ms, the system autometicly changes to integer times of 1000ms. Default: Default: 1000ms Command Mode: Interface Configuration Mode Example: Configure interface vlan1 IGMP last-member-query-count to 2000.
Page 682 some group; that is, if configuring the interface join-group 224.1.1.1, it will transmit IGMP member report including group 224.1.1.1 when the switch receives IGMP group query transmitted by other switches. Carefully, it is the diffence between the command and ip igmp static-group command.
Page 683 member. Example: onfigure the maximum period responding to the IGMP query messages to Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip igmp query- max-response-time 20 17.6.3.8 ip igmp query-timeout Command:ip igmp query-timeout <time_val> no ip igmp query-timeout Function: Configure IGMP query timeout of interface; the “no ip igmp query-timeout” command restores default value.
Page 684: Igmp Configuration Example
Example: Configure static-group 224.1.1.1 on interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip igmp static-group 224.1.1.1 17.6.3.10 ip igmp version Command: ip igmp version <version> no ip igmp version Function: Configure IGMP version on interface; the “no ip igmp version” command restores default value.
Page 685: Igmp Troubleshooting
Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 12.1.1.1 255.255.255.0 Switch(Config-If-Vlan1)#ip pim dense-mode (2) Configure SwitchB: Switch(Config)#ip pim multicast-routing Switch(Config)#interface vlan1 Switch(Config-If-Vlan1)#ip address 12.1.1.2 255.255.255.0 Switch(Config-If-Vlan1)#ip pim dense-mode Switch(Config-If-Vlan1)#exit Switch(Config)#interface vlan2 Switch(Config-If-Vlan1)#ip address 20.1.1.1 255.255.255.0 Switch(Config-If-Vlan2)#ip pim dense-mode Switch(Config-If-Vlan2)#ip igmp version 3 17.6.5 IGMP Troubleshooting In configuring and using IGMP Protocol, IGMP Protocol might not operate normally caused by physical connection or incorrect configuration.
Page 686 Command Mode: Admin Mode Usage Guide: Enable debugging switch if querying IGMP event information Example: Switch# debug igmp event igmp event debug is on Switch# 01:04:30:56: IGMP: Group 224.1.1.1 on interface vlan1 timed out 17.6.5.1.2 debug igmp packet Command: debug igmp packet no debug igmp packet Function: Enable debugging switch of IGMP message information;...
Page 687 239.255.255.250 Vlan1 00:00:10 00:04:10 10.1.1.1 Switch# Displayed Information Explanations Group Address Multicast group IP address Interface Interface affiliated with multicast group Uptime Multicast group uptime Expires Multicast group expire time Last Reporter Last reporter to the host of the multicst group Switch (config)#show ip igmp groups 234.1.1.1 detail IGMP Connect Group Membership (2 group(s) joined)
Page 688 Source Address Source address of this group V3 Exp Source expire time If the data of the source is forwarded or not. Flags Source property flag 17.6.5.1.4 show ip igmp interface Command: show ip igmp interface [<ifname>] Function: Display related IGMP information on interface. Parameter: <ifname>...
Page 689: Chapter 18 Ipv6 Multicast Protocol
Chapter 18 IPv6 Multicast Protocol 18.1 PIM-DM6 18.1.1 Introduction to PIM-DM6 PIM-DM6（Protocol Independent Multicast, Dense Mode）is the IPv6 version of Protocol Independent Multicast Dense Mode. It is a Multicast Routing Protocol in dense mode which adapted to small network. The members of multicast group are relatively dense under this kind of network environment.
Page 690: Pim-Dm Configuration Task List
corresponding interfaces will be deleted from the output interface list corresponding with the multicast-forwarding item (S, G). Through this process, a SPT (Shortest Path Tree) is established with source S as root. Prune process is started by a sub-router. The process above is called Flooding-Prune process. Each pruned node also provides overtime mechanism at the same time.
Page 691: Command For Pim-Dm6
PIM-DM switch on relevant interface. Command Explanation Global Mode Enable PIM-DM Protocol (but below commands are required to really function ipv6 pim multicast-routing PIM-DM protocol ) And then turn on PIM-DM switch on the interface Command Explanation Port Configuration Mode Start PIM-DM Protocol of the interface ipv6 pim dense-mode (Required)
Page 692 18.1.3.1 ipv6 pim dense-mode Command: ipv6 pim dense-mode no ipv6 pim dense-mode Function: Enable PIM-DM protocol on interface; the “no ipv6 pim dense-mode” command disenables PIM-DM protocol on interface. Parameter: None Default: Disable PIM-DM protocol Command Mode: Interface Configure Mode Usage Guide: The command will be taken effect, executing ipv6 multicast-routing in Global Mode.
Page 693 option, the “no ipv6 pim exclude-genid” restores default value. Parameter: None Default: Hello message includes Genid option Command Mode: Interface Configuration Mode Usage Guide: The command is used to interactive with old Cisco IOS Version. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully.
Page 694 Default: Default interval of periodly transmitted PIM-DM hello message as 30s. Command Mode: Interface Configuration Mode Usage Guide: Hello message makes PIM-DM switch mutual location, and ensures neighborship. PIM-DM switch announces existence itself by periodly transmitting hello messages to neighbors. If it doesn’t receive hello messages from neighbors in regulation time, it confirms that the neighbors were lost.
Page 695: Pim-Dm Typical Application
Switch (Config)# ipv6 access-list myfilter deny fe80:20e:cff:fe01:facc Switch (Config)# ipv6 access-list myfilter permit any 18.1.3.8 ipv6 pim state-refresh origination-interval Command: ipv6 pim state-refresh origination-interval <interval> no ipv6 pim state-refresh origination-interval Function: Configure transmission interval of state-refresh message on interface. The “no ipv6 pim state-refresh origination-interval”...
Page 696: Pim-Dm Troubleshooting Help
Switch (Config) # interface vlan 1 Switch (Config-if-Vlan1) # ipv6 address 2000:10:1:1::1/64 Switch (Config-if-Vlan1) # ipv6 pim dense-mode Switch (Config-if-Vlan1) #exit Switch (Config) # interface vlan2 Switch (Config-if-Vlan2) # ipv6 address 2000:12:1:1:: 1/64 Switch (Config-if-Vlan2) # ipv6 pim dense-mode (2) Configure SwitchB: Switch (Config) #ip pim multicast-routing Switch (Config) #interface vlan 1 Switch (Config-if-Vlan1) # ipv6 address 2000:12:1:1::2/64...
Page 697 “no debug ipv6 pim timer sat” command disenables the debug switch. Parameter: None Default: Disabled Command Mode: Admin Mode Usage Guide: Enable the switch, and display source activity timer information in detail. Example: Switch # debug ipv6 pim timer sat Remark: Other debug switches in PIM-DM are common in PIM-SM.
Page 698 RPF nbr: :: RPF idx: Vlan12 Upstream State: FORWARDING Origin State: ORIGINATOR Local Pruned Asserted Outgoing Switch# Displayed Information Explanations (*, ff1e::15) (*,G) Forwaridng item (2000:10:1:12::11, ff1e::15) (S,G) Forwarding item RPF nbr Backward path neighbor, upstream neighbor of source direction in DM, 0.0.0.0 expresses the switch is the first hop.
Page 699: Pim-Sm6
18.2 PIM-SM6 18.2.1 Introduction to PIM-SM6 PIM-SM6（Protocol Independent Multicast, Sparse Mode）is the IPv6 version of Protocol Independent Multicast Sparse Mode. It is a multicast routing protocol in sparse mode and mainly used in large network with group members distributed relatively sparse and wide.
Page 700: Pim-Sm Configuration Task List
multicast router directly connected to it will take charge of sealing the multicast packet into registered message and unicast it to corresponding RP. If there are more than one PIM-SM multicast routers on a network segment, then DR (Designated Router) takes charge of forwarding the multicast packet.
Page 701 2) Configure interface as PIM-SM domain boundary （2） Configure PIM-SM global parameters 1) Configure switch as candidate BSR 2) Configure switch as candidate RP 3) Configure static RP 3、 Shut down PIM-SM Protocol 1. Start PIM-SM Protocol It’s easy to make basic configuration of the PIM-SM routing protocol in EDGECORE layer 3 switch, only need to turn on PIM multicast switch in Global Mode and turn on PIM-SM switch on relevant interface.
Page 702 Configure the value of holdtime domain in interface PIM-SM hello message; the NO Ipv6 pim hello-holdtime <value> operation of this command restores the no ipv6 pim hello-holdtime default value. 3） Configure PIM-SM Neighbor Access-list Command Explanation Port Configuration Mode Configure Neighbor Access-list. If a neighbor is filtered by the list and a connection has been set up with this neighbor, then this (no)ipv6 pim neighbor-filter...
Page 703: Command For Pim-Sm
Command Explanation Global Mode This command is the global candidate RP configuration command, which is used to Ipv6 rp-address configure information PIM-SM <rp-address> [<group-range>] candidate RP so that it can compete for RP ipv6 rp-address router with other candidate RPs. The NO <rp-address>...
Page 704 Command: ipv6 pim bsr-candidate <ifname> [<hash-mask-length>] [<priority>] no ipv6 pim bsr-candidate [ifname] Function: This command is the candidate BSR configure command in global mode and is used to configure PIM-SM information about candidate BSR in order to compete the BSR router with other candidate BSRs. The command “no ipv6 pim bsr-candidate [ifname]”...
Page 705 no ipv6 pim dr-priority Function: Configure, disable or change the interface’s DR priority. The neighboring nodes in the same net segment select the DR in their net segment according to hello packets. The “no ipv6 pim dr-priority” command restores the default value Parameter: <priority>...
Page 706 3.5*Hello_interval. If the configured holdtime is less than the current hello_interval , this configuration is denyed. Every time hello_interval is updated, the Hello_holdtime will update according to the following rules: If hello_holdtime is not configured or hello_holdtime is configured but less than current hello_interval,hello_holdtime is modified to 3.5*hello_interval, otherwise the configured value is maintained.
Page 707 Command Mode: Global Mode Usage Guide: When selecting RP, Pim usually will select according to RP priority. When this command is configured, pim will not select according to RP priority. Unless there are older routers in the net, this command is not recommended. Example: Configure to ignore RP priority.
Page 708 Usage Guide: ACL’s default is DENY. If configuring access-list 1,access-list 1’s default is deny. In the following example,if “permit any-source” is not configured, deny 10.1.4.10 0.0.0.255 is the same as deny any-source. The command can configure on IPv6 tunnel interface, but it is successful configuration to only configure tunnel carefully. Example: Configure vlan’s pim neighbore access-list Switch (Config-if-Vlan1)#ipv6 pim neighbor-filter myfilter Switch (Config)# ipv6 access-list myfilter deny fe80:20e:cff:fe01:facc...
Page 709 no ipv6 pim register-source Function: This command is to configure the source address of register packets sent by DR to overwrite default source address. This default source address is uaually the RPF neighbor of source host direction. Parameter: <ifname> is the interface name that will be the register packets source. <source-address>...
Page 710 <group-range> is the expected RP, the format is X:X::X:X/M, ipv6 address and prefix length all:all the ranges Default: This switch is not a RP static router Command Mode: Global Mode Usage Guide: This command is to configure static RP globally or in a multicast address range.
Page 711: Pim-Sm Typical Application
Usage Guide: Configure rp-register-kat interval to 30s Example: Switch(config)# ipv6 pim rp-register-kat 30 18.2.3.19 ipv6 pim sparse-mode Command: ipv6 pim sparse-mode [passive] no ipv6 pim sparse-mode [passive] Function: Enable PIM-SM on the interface. no ipv6 pim sparse-mode [passive] disables PIM-SM. Parameter: [passive] means to disable PIM-SM (that’s PIM-SM doesn’t receive any packets) and only enable IGMP(reveice and transmit IGMP packets).
Page 712 Fig 18-2 PIM-SM Typical Environment The configuration procedure for SwitchA, SwitchB, switchC and switchD is as below: (1) Configure SwitchA: Switch (Config) #ipv6 pim multicast-routing Switch (Config) #interface vlan 1 Switch (Config-If-Vlan1) # ipv6 address 2000:12:1:1::1/64 Switch (Config-If-Vlan1) # ipv6 pim sparse-mode Switch (Config-If-Vlan1) #exit Switch (Config) #interface vlan 2 Switch (Config-If-Vlan2) # ipv6 address 2000:13:1:1::1/64...
Page 713: Pim-Sm Troubleshooting Help
Switch (Config) #ipv6 pim multicast-routing Switch (Config) #interface vlan 1 Switch (Config-If-Vlan1) # ipv6 address 2000:34:1:1::4/64 Switch (Config-If-Vlan1) # ipv6 pim sparse-mode Switch (Config-If-Vlan1) #exit Switch (Config) #interface vlan 2 Switch (Config-If-Vlan2) # ipv6 address 2000:24:1:1::4/64 Switch (Config-If-Vlan2) # ipv6 pim sparse-mode Switch (Config-If-Vlan2) #exit Switch (Config) #interface vlan 3 Switch (Config-If-Vlan3) # ipv6 address 2000:40:1:1::1/64...
Page 714 Default: Disabled Command Mode: Admin Mode and Global Mode Usage Guide: Enable “pim events debug” switch and display events information about pim operation. Example: Switch# debug ipv6 pim events 18.2.5.1.2 debug ipv6 pim mfc Command: debug ipv6 pim mfc（in|out|） no debug ipv6 pim mfc（in|out|） Function: Enable or Disable pim mfc debug switch Parameter: None Default: Disabled...
Page 715 Function: Enable or Disable pim debug switch communicating with Network Services Parameter: None Default: Disabled Command Mode: Admin Mode and Global Mode Usage Guide: Inspect the communicating information between pim and Network Services by this switch. Example: Switch# debug ipv6 pim nsm 18.2.5.1.6 debug ipv6 pim packet Command: debug ipv6 pim packet [in|out|] no debug ipv6 pim packet [in|out|]...
Page 716 debug ipv6 pim timer hello debug ipv6 pim timer joinprune et debug ipv6 pim timer joinprune grt debug ipv6 pim timer joinprune jt debug ipv6 pim timer joinprune kat debug ipv6 pim timer joinprune ot debug ipv6 pim timer joinprune plt debug ipv6 pim timer joinprune ppt debug ipv6 pim timer joinprune pt debug ipv6 pim timer joinprune...
Page 717 Usage Guide: Enable the specified timer’s debug information Example: Switch# debug ipv6 pim timer assert 18.2.5.1.9 show ipv6 pim bsr-router Command: show ipv6 pim bsr-router Function: Display BSR address Parameter: None Default: None Command Mode: Admin Mode and Global Mode Example: Switch#show ipv6 pim bsr-router PIMv2 Bootstrap information...
Page 718 Global Address: 2000:1:111::100 : this system Vlan3 v2/S Address : fe80::203:fff:fee3:1244 Global Address: 2000:10:1:13::1 : this system Displayed Information Explanations Address Interface address Interface Interface name VIF index Interface index Ver/Mode Pim version and mode,usually v2,sparse mode displays S,dense mode displays D Nbr Count The interface’s neighbor count DR Prior...
Page 719 FCR: (2000:1:111::11, ff1e::15) RPF nbr: :: RPF idx: None SPT bit: 1 Upstream State: JOINED Local Joined Asserted Outgoing (2000:1:111::11, ff1e::15, rpt) RP: 2000:1:111::100 RPF nbr: :: RPF idx: None Upstream State: NOT PRUNED Pruned Outgoing Displayed Information Explanations Entries The counts of each item Share tree’s RP address RPF nbr...
Page 720 18.2.5.1.12 show ipv6 pim neighbor Command: show ipv6 pim neighbor [detail|] Function: Display router neighbors Parameter: None Default: None Command Mode: Any Mode Usage Guide: Display multicast router neighbors maintained by the PIM Example: Switch(config)#show ipv6 pim neighbor Neighbor Interface Uptime/Expires Address Priority/Mode...
Page 721 2004 2000:1:111::100 .RS. 1 2004 2004 Displayed Information Explanations Destination Destination of next item Type N: created nexthop,RP direction and S direction are not determined . R: RP derection S: source direction U: can’t reach Nexthop Num Nexthop number Nexthop Addr Nexthop address Nexthop Ifindex Nexthop interface index...
Page 722: Mld
Command Mode: Any Mode Usage Guide: Display the current RP and mapping relationship Example: Switch#show ipv6 pim rp mapping PIM Group-to-RP Mappings This system is the Bootstrap Router (v2) Group(s): ff00::/8 RP: 2000:1:111::100 Info source: 2000:1:111::100, via bootstrap, priority 192 Uptime: 00:10:24, expires: 00:02:06 Group(s): ff00::/8, Static RP: 2000:1:111::100...
Page 723: Mld Configuration Task List
specific group in its subnetworks according to the response message received, and after it receives the report of a host quitting from the group, it sends out the query for the group to confirm if there is no member left in it. There are three types of protocol messages of MLD Protocol, that is, Query, Report and Done (which is corresponding to Leave of IGMPv2).
Page 724 Start MLD Protocol. The NO operation of ipv6 pim dense-mode | ipv6 pim corresponding command shuts MLD Protocol. sparse-mode (Required) Configure MLD auxiliary parameters （1）Configure MLD group parameters 1） Configure MLD group filter conditions Command Explanation Port Configuration Mode Configure the filter conditions of interface for ipv6 mld access-group MLD group;...
Page 725: Command For Mld
18.3.3 Command for MLD 18.3.3.1 ipv6 mld access-group Command:ipv6 mld access-group {<acl_name>} no ipv6 mld access-group Function: Configure the access control of the interface to MLD groups ;the “no ipv6 mld access-group” command stops the access control Parameter: <acl-name> is the name of IPv6 access-list Default:no filter condition Command Mode: Interface Configuration Mode Usage Guide: Configure the interface to filter MLD groups,allow or deny some group’s...
Page 726 ipv6 mld last-member-query-interval” command cancels the manually configured value and restores the default value. Parameter: <interval> is the interval of querying specific group, it ranges from 1000 to 25000ms. It’s the integer times of 1000ms. If it’s not the integer times of 1000ms, the system will convert it to the integer times of 1000ms Default: Defalut: 1000ms.
Page 727 When any one of the timers decreases to 0, the host will group member announce messages.Configuring the maximum response time reasonablely,the host can swiftly response to the query messages and the router can also get the group members’ existing states quickly. Example: Configure the maximum response time of MLD queries to 20s Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ipv6 mld query- max-response-time 20...
Page 728 Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ipv6 mld access-group aclv6 18.3.3.8 ipv6 mld join-group Command: ipv6 mld join-group <address> no ipv6 mld join-group <address> Function: Configure the interface to join in certain multicast group; the “no ipv6 mld join-group <address>” command cancels joining certain multicast group. Parameter: <address>...
Page 729 Switch(Config)#interface vlan 2 Switch(Config-if-Vlan2)#ipv6 mld join-group ff1e::1:3 mode include source 2003::1 2003::2 18.3.3.10 ipv6 mld limit Command:ipv6 mld limit <state-count> no ipv6 mld limit Function:Configure the MLD state count limit of the interface; the “no ipv6 mld limit” command restores the manually configured value to default value Parameter:<state-count>:max MLD state the interface maintains, the valid range is 1-5000.
Page 730: Mld Typical Application
Example:Configure an MLD static-group ff1e::1:3 on interface vlan2 Switch(Config)#interface vlan 2 Switch(Config-if-Vlan2)#ipv6 mld static-group ff1e::1:3 Configure a static source 2001::1 of the group ff1e::1:3 on interface vlan2 Switch(Config)#int vlan2 Switch(Config-if-Vlan2)#ipv6 mld static-group ff1e::1:3 source 2001::1 18.3.3.12 ipv6 mld version Command: ipv6 mld version <version_no> no ipv6 mld version Function: Configure the version of the MLD protocol running on the interface;...
Page 731: Mld Troubleshooting Help
Switch (Config) #ipv6 pim rp-address 3FFE::1 Switch (Config) #interface vlan 1 Switch (Config-If-Vlan1) #ipv6 address 3FFE::1/64 Switch (Config-If-Vlan1) #ipv6 pim sparse-mode (2) Configure SwitchB: Switch (Config) #ipv6 pim multicast-routing Switch (Config) #ipv6 pim rp-address 3FFE::1 Switch (Config) #interface vlan1 Switch (Config-If-Vlan1) #ipv6 address 3FFE::2/64 Switch (Config-If-Vlan1) #ipv6 pim sparse-mode Switch (Config-If-Vlan1) #exit Switch (Config) #interface vlan2...
Page 732 Function: Enable the debug switch that diaplays MLD events.the “no debug ipv6 mld events” command disables the debug switch. Parameter: None Default: Disabled Command Mode: Admin Mode Usage Guide: This switch can be enabled to get MLD events information Example: Switch# debug ipv6 mld events Switch#1970/01/01 07:30:13 IMI: MLD Report recv: src fe80::203:fff:fe12:3457 for ff1e::1:3...
Page 733 Function: Display the MLD group information Parameter: <ifname> is the name of the interface . Display the MLD group information. <group_addr> is the group address.Display the specified group information. Default: Do not display Command Mode: Admin Mode Example: Switch#sh ipv6 mld group MLD Connected Group Membership Group Address Interface...
Page 734: Mld Snooping
18.4 MLD Snooping 18.4.1 MLD Snooping Introduction MLD, the Multicast Listener Discovery Protocol, is used to realize multicasting in the IPv6. MLD is used by the network equipments such as routers which supports multicast for multicast listener discovery, also used by listeners looking forward to join certain multicast group informing the router to receive data packets from certain multicast address, all of which are done through MLD message exchange.
Page 735 Enable MLD Snooping on specific vlan. The “no” ipv6 mld snooping vlan <vlan-id> form of this command disables MLD Snooping ipv6 snooping vlan on specific vlan <vlan-id> Configure the number of the groups in which the ipv6 mld snooping vlan < vlan-id > MLD Snooping can join, and the maximum limit {group <g_limit>...
Page 736: Commands For Mld Snooping Configuration
Configure the suppression query time. The “no” ipv6 mld snooping vlan <vlan-id> form of this command restores to the default suppression-query-time <value> ipv6 snooping vlan <vlan-id> suppression-query-time 18.4.3 Commands For MLD Snooping Configuration 18.4.3.1 debug mld snooping all/packet/event/timer/mfc Command: debug mld snooping all/packet/event/timer/mfc no debug mld snooping all/packet/event/timer/mfc Function: Enable the debugging of the switch MLD Snooping;...
Page 737 disables MLD Snooping on specified vlan. Parameter: <vlan-id> is the id number of the vlan,with a valid range of <1-4094>. Command Mode: Global Mode Default: MLD Snooping disabled on vlan by default Usage Guide:To configure MLD snooping on certain vlan, the global MLD snooping should be first enabled.
Page 738 The port which receives multicast protocol packets and support PIM The port statically configured. Example: Set vlan 100 to L2 general querier. Switch (Config)# ipv6 mld snooping vlan 100 l2-general-querier 18.4.3.6 ipv6 mld snooping vlan limit Command: ipv6 mld snooping vlan < vlan-id > limit {group <g_limit> | source <s_limit>} no ipv6 mld snooping vlan <...
Page 739 Default: When a port is made static and dynamic mrouter port at the same time, it’s the static mrouter properties is preferred. Deleting the static mrouter port can only be done with the “no” form of this command. Example: Switch(config)#ipv6 mld snooping vlan 2 mrouter-port interface ethernet 18.4.3.8 ipv6 mld snooping vlan mrpt Command: ipv6 mld snooping vlan <vlan-id>...
Page 740 Default: 10s Usage Guide: It is recommended to use default value and if layer 3 MLD is in operation, please make this configuration in accordance with the MLD configuration as possible. Example: Switch(config)#ipv6 mld snooping vlan 2 query-mrsp 18 18.4.3.11 ipv6 mld snooping vlan query-robustness Command: ipv6 mld snooping vlan <vlan-id>...
Page 741 Command: show ipv6 mld snooping [vlan <vlan-id>] Parameter: <vlan-id> is the number of vlan specified to display the MLD Snooping messages Command Mode: Admin Mode Usage Guide: If no vlan number is specified, it will show whether the global MLD snooping is enabled and layer 3 multicast protocol is running, as well as on which vlan the mld snooping is enabled and configured l2-general-querier.
Page 742: Mld Snooping Examples
Mld snooping vlan 1 mrouter port Note:"!"-static mrouter port !Ethernet1/2 Displayed information Explanation snooping general whether or not l2-general-querier is enabled on vlan, querier the querier display status is set to could-query or suppressed Mld snooping query-interval Query interval time of the vlan Mld snooping max reponse Max response time of this vlan time...
Page 743 Fig 18-4 Switches as MLD Querier Function figure As shown above, the vlan 100 configured on the switch consists of ports 1, 2, 6, 10, 12. Four hosts are respectively connected to 2, 6, 10, 12 while the multicast router on port 1. Suppose we need mld snooping on vlan 100, however by default, the global mld snooping as well as the mld snooping on each vlan are, therefore first we have to enable the global mld snooping at the same time enable the mld snooping on vlan 100,...
Page 744 playing program 2, and the one to port 12 playing program 3. MLD Snooping interception results: The multicast table on vlan 100 shows: port1, 2 and 6 are in （Multicasting Server 1, Group1 ） , port1, 10 are in (Multicasting Server 1,Group2), and port1, 12 are in (Multicasting Server 2, Group3）...
Page 745: Mld Snooping Troubleshooting
snooping vlan 60 l2-general-querier, setting the vlan 60 to a Level 2 General Querier. Configuration procedure is as follows: SwitchA#config SwitchA(config)#ipv6 mld snooping SwitchA(config)#ipv6 mld snooping vlan 60 l2-general-querier SwitchB#config SwitchB(config)#ipv6 mld snooping SwitchB(config)#ipv6 mld snooping vlan 100 SwitchB(config)#ipv6 mld snooping vlan 100 mrouter interface ethernet 0/0/1 Multicast configuration Same as scenario 1 MLD Snooping interception results:...
Page 746: Chapter 19 Acl Configuration
Chapter 19 ACL Configuration 19.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguarding the security of networks. The user can lay down a set of rules according to some information specific to packets, each rule describes the action for a packet with certain information matched: “permit”...
Page 747: Access-List Action And Global Default Action
The current firmware only supports ingress ACL configuration. 19.1.3 Access-list Action and Global Default Action There are two access-list actions and default actions: “permit” or “deny” The following rules apply: An access-list can consist of several rules. Filtering of packets compares packet conditions to the rules, from the first rule to the first matched rule;...
Page 748 Create a standard IP access-list based on nomenclature Specify multiple “permit” or “deny” rule entries. Exit ACL Configuration Mode Configuring a numbered extended MAC-IP access-list （8） Configuring a standard MAC-IP access-list based on nomenclature （9） Create a standard MAC-IP access-list based on nomenclature Specify multiple “permit”...
Page 749 Creates a numbered ICMP extended IP access rule; if the access-list <num> {deny permit} icmp numbered extended {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} access-list of specified number {{<dIpAddr> <dMask>} any-destination does exist, then {host-destination <dIpAddr>}} [<icmp-type> access-list will created [<icmp-code>]] [precedence <prec>] [tos <tos>] using this number.
Page 750 3) Configuring a standard IP access-list basing on nomenclature a. Create a name-based standard IP access-list Command Explanation Global Mode Creates standard access-list based nomenclature; “no Access-list ip standard <name> access-list standard no access-list ip standard <name> <name>“ command delete the name-based standard IP access-list b.
Page 751 Specify multiple “permit” or “deny” rules Command Explanation Extended IP ACL Mode Creates extended [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | name-based ICMP any | {host <sIpAddr>}} {{<dIpAddr> <dMask>} | access rule; the “no” form any-destination | {host-destination <dIpAddr>}} command deletes this...
Page 752 Exits extended name-based Exit IP ACL configuration mode Configuring a numbered standard MAC access-list Command Explanation Global Mode Creates numbered standard MAC access-list, if access-list already access-list<num>{deny|permit}{any-source-mac|{ exists, then a rule will add to host-source-mac<host_smac>}|{<smac><smac-m the current access-list; the ask>}} “no access-list no access-list <num>...
Page 753 Creates extended name-based MAC access rule for other IP protocols; Mac-access-list extended <name> the “no” form command no mac-access-list extended <name> deletes this name-based extended MAC access rule b. Specify multiple “permit” or “deny” rule entries Command Explanation Extended name-based MAC access rule Mode [no]{deny|permit}{any-source-mac|{host-source- Creates extended...
Page 754 [no]{deny|permit}{any-source-mac|{host-source- Creates an MAC access <host_smac>}|{<smac><smac-mask>}} rule matching tagged 802.3 {any-destination-mac|{host-destination-mac<host frame;the “no” form _dmac>}|{<dmac><dmac-mask>}} [tagged-802-3 command deletes this MAC [cos <cos-val> [<cos-bitmask>]] [vlanId access rule <vid-value> [<vid-mask>]]] c. Exit ACL Configuration Mode Command Explanation Extended name-based MAC access configure Mode Quit extended name-based MAC access...
Page 755 access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac- Creates numbered mask>}} mac-igmp extended mac-ip {any-destination-mac|{host-destination-mac access rule; if the numbered <host_dmac>}|{<dmac><dmac-mask>}}igmp extended access-list {{<source><source-wildcard>}|any-source| specified number does not {host-source<source-host-ip>}} exist, then an access-list will {{<destination><destination-wildcard>}|any-desti created using this nation| {host-destination<destination-host-ip>}} number. [<igmp-type>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac- Creates...
Page 756 access-list<num>{deny|permit}{any-source-mac| Creates numbered {host-source-mac<host_smac>}|{<smac><smac- extended mac-ip access mask>}} rule for other specific mac-ip {any-destination-mac|{host-destination-mac protocol mac-ip <host_dmac>}|{<dmac><dmac-mask>}} protocols; if the numbered {eigrp|gre|igrp|ip|ipinip|ospf|{<protocol-num>}} extended access-list {{<source><source-wildcard>}|any-source| specified number does not {host-source<source-host-ip>}} exist, then an access-list will {{<destination><destination-wildcard>}|any-desti created using this nation| {host-destination<destination-host-ip>}} number.
Page 757 [no]{deny|permit} {any-source-mac|{host-source-mac <host_smac>}|{<smac><smac-mask>}} Creates extended {any-destination-mac|{host-destination-mac name-based MAC-ICMP <host_dmac>}|{<dmac><dmac-mask>}}icmp access rule; the “no” form {{<source><source-wildcard>}|any-source| command deletes this {host-source<source-host-ip>}} name-based extended {{<destination><destination-wildcard>}|any-desti MAC-ICMP access rule nation| {host-destination <destination-host-ip>}} [<icmp-type> [<icmp-code>]] [precedence <precedence>][tos<tos>][time-range<time-range- name>] [no]{deny|permit}{any-source-mac|{host-source- <host_smac>}|{<smac><smac-mask>}} Creates extended {any-destination-mac|{host-destination-mac name-based MAC-IGMP <host_dmac>}|{<dmac><dmac-mask>}}igmp access rule;...
Page 758 [no]{deny|permit}{any-source-mac|{host-source- mac<host_smac>}|{<smac><smac-mask>}} Creates extended {any-destination-mac|{host-destination-mac name-based MAC-UDP <host_dmac>}|{<dmac><dmac-mask>}}udp access rule; the “no” form {{<source><source-wildcard>}|any-source| command deletes this {host-source<source-host-ip>}}[s-port<port1>] name-based extended {{<destination><destination-wildcard>}|any-desti MAC-UDP access rule nation| {host-destination <destination-host-ip>}} [d-port <port3>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] [no]{deny|permit}{any-source-mac|{host-source- mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac Creates extended <host_dmac>}|{<dmac><dmac-mask>}} name-based access rule for {eigrp|gre|igrp|ip|ipinip|ospf|{<protocol-num>}} the other IP protocol;...
Page 759 (2) Configure default action. Command Explanation Global Mode Sets default action Firewall default permit “permit” Sets default action to “deny” Firewall default deny 3.Configuring time range function （1）Create the name of the time range Command Explanation Global Mode Create a time range named time-range <time_range_name>...
Page 760: Commands For Acl
Global Mode Absolute Configure absolute time start<start_time><start_data>[end<end_time> range <end_data>] [no]absolute stop the function of the time start<start_time><start_data>[end<end_time><en range d_data>] 4. Bind access-list to a specific direction of the specified port. Command Explanation Physical Interface Mode,Interface Mode Applies an access-list to the specified direction on the port;...
Page 761 Functions: Define the time-range of different commands within one week, and every week to circulate subject to this time. Parameters: （Friday) Friday （Monday) Monday （Saturday) Saturday （Sunday) Sunday （Thursday） Thursday （Tuesday) Tuesday Wednesday （Wednesday) （Every day of the week） daily weekdays （Monday thru Friday）...
Page 762 Parameters:start_time : start time, HH:MM:SS (hour: minute: second) end_time : end time, HH:MM:SS (hour: minute: second) start_data : start data, the format is, YYYY.MM.DD（year.month.day） end_data : end data, the format is, YYYY.MM.DD（year.month.day） Remark: time-range is one minute per time, so the time error shall be <= one minute. Command Mode: Time-range mode Default: No time-range configuration Usage Guide: Absolute time and date, assign specific year, month, day, hour, minute of...
Page 763 Functions: Create a numeric extended IP access rule to match specific IP protocol or all IP protocol; if access-list of this coded numeric extended does not exist, thus to create such a access-list. Parameters: <num> is the No. of access-list, 100-199; <protocol> is the No. of upper-layer protocol of ip, 0-255;...
Page 764 <sIpAddr>}} no access-list <num> Functions: Create a numeric standard IP access-list. If this access-list exists, then add a rule list; the “no access-list <num>“ operation of this command is to delete a numeric standard IP access-list. Parameters: <num> is the No. of access-list, 100-199; <sIpAddr> is the source IP address, the format is dotted decimal notation;...
Page 765 from the back of source MAC, and the windows cannot superpose each other, and that is to say: Offset(x＋1) must be longer than Offset(x)＋len（x）; Length(x) length is 1-4 , and Offset(x)＋Length(x) should not be longer than 80（currently should not be longer than 64）...
Page 766 access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac-mask>}}{any-destination-mac| {host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}}tcp {{<source><source-wildcard>}|any|{host<source-host-ip>}}[s-port<port1>] {{<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [d-port<port3>] [ack+fin+psh+rst+urg+syn] [precedence <precedence>] [tos<tos>][time-range<time-range-name>] access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac-mask>}}{any-destination-mac| {host-destination-mac<host_dmac>}|{<dmac><dmac-mask>}}udp {{<source><source-wildcard>}|any{host<source-host-ip>}}[s-port<port1>] {{<destination><destination-wildcard>}|any-destination| {host-destination<destination-host-ip>}}[d-port<port3>] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac <host_dmac>}|{<dmac><dmac-mask>}} {eigrp|gre|igrp|ip|ipinip|ospf|{<protocol-num>}} {{<source><source-wildcard>}|any |{host<source-host-ip>}} {{<destination><destination-wildcard>}|any-destination| {host-destination<destination-host-ip>}} [precedence <precedence>] [tos <tos>][time-range<time-range-name>] Functions: Define a extended numeric MAC-IP ACL rule, ‘No’ command deletes a extended numeric MAC-IP ACL access-list rule.
Page 767 means the address is the that the destination host address, otherwise the network IP address; destination-wildcard: mask of destination. I Numbers of 32-bit binary system expressed decimal’s numbers with four-point separated, reverse mask; s-port(optional): means the need to match TCP/UDP source port; port1(optional): value of TCP/UDP source interface No., Interface No.
Page 768 Usage Guide: When the user assign specific <num> for the first time, ACL of the serial number is created, then the lists are added into this ACL. Examples: Permit the passage of packets with source MAC address 00-00-XX-XX-00-01, and deny passage of packets with source MAC address 00-00-00-XX-00-ab. Switch(Config)# access-list 700 permit 00-00-00-00-00-01 00-00-FF-FF-00-01 Switch(Config)# access-list 700 deny 00-00-00-00-00-ab 00-00-00-FF-00-ab 19.2.2.8 clear access-group statistic...
Page 769 Switch(Config)#firewall default permit 19.2.2.11 access-list ip extended Command: access-list ip extended <name> no access-list ip extended <name> Functions:Create a name extended IP access-list; ‘no access-list ip extended <name> action of this command deletes this name extended IP access-list (including all list items);...
Page 770 Parameters：<num>is the list number ,list range is between 500～599;<sIPv6Prefix>is prefix of the ipv6 source address,<sPrefixlen>is the length ofprefix of the ipv6 source address, range is between 1～128.<sIPv6Addr> is ipv6 source address. Command Mode: Global mode Default: No access-list configured Usage Guide: Creates a numbered 520 standard IP access-list first time,the following configuration will add to the current access-list.
Page 771 no entry will be created Example: Create an extensive IPv6 access list named “tcpFlow”. Switch (Config)#ipv6 access-list extended tcpFlow 19.2.2.16 {ip|ipv6|mac|mac-ip} access-group Command :{ip|ipv6|mac|mac-ip} access-group <name> {in|out}[traffic-statistic] no {ip|mac|mac-ip} access-group <name> {in|out} Function:Apply a access-list on some direction of port, and determine if ACL rule is added statistic counter or not by options;...
Page 772 When executing port binding command, it can’t be correctly bound, and output prompt information, if the rules are much complex and beyond hardware capability. The exit rule does not have an effect in software transfer and switch itself sending data situation. Example: Binding aaa access-list to entry direction of port Switch(Config-Ethernet1/1)#ip access-group aaa in 19.2.2.17 mac access extended...
Page 773 Switch(Config-MacIp-Ext-Nacl-macip_acl)# 19.2.2.19 permit | deny( ip extended) Command: [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} {{<dIpAddr> <dMask>} any-destination {host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>][time-range<time-range-name>] [no] {deny | permit} igmp {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} {{<dIpAddr>...
Page 774 Switch(Config-Ext-Nacl-udpFlow)# permit udp any host-destination 192.168.0.1 d-port 32 19.2.2.20 permit | deny(ip standard) Command:{deny | permit} {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} no {deny | permit} {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} Functions:Create a name standard IP access rule, and ‘no {deny | permit} {{<sIpAddr>...
Page 775 Functions:Define an extended name MAC ACL rule, and ‘no’ formof this command deletes this extended name IP access rule. Parameters: any-source-mac: any source of MAC address; any-destination-mac: any destination of MAC address; host_smac , smac: source MAC address; smac-mask: mask (reverse mask) of source MAC address ; host_dmac , dmas destination MAC address;...
Page 776 {<destination><destination-wildcard>}|any-destination|{host-destination <destination-host-ip>}} [d-port <port3>] [ack＋fin＋psh＋rst＋urg＋syn] [precedence <precedence>] [tos <tos>][time-range<time-range-name>] [no]{deny|permit}{any-source-mac|{host-source-mac<host_smac>}|{<s mac><smac-mask>}}{any-destination-mac|{host-destination-mac<host_ dmac>}|{<dmac><dmac-mask>}}udp{{<source><source-wildcard>}|any|{ host<source-host-ip>}}[s-port<port1>]{{<destination><destination-wildc ard>}|any-destination|{host-destination <destination-host-ip>}}[d-port<port3>][precedence<precedence>][tos<t os>][time-range<time-range-name>] [no]{deny|permit}{any-source-mac|{host-source-mac<host_smac>}|{<s mac><smac-mask>}}{any-destination-mac|{host-destination-mac<host_ dmac>}|{<dmac><dmac-mask>}}{eigrp|gre|igrp|ip|ipinip|ospf|{<protocol- num>}}{{<source><source-wildcard>}|any|{host<source-host-ip>}}{{<de stination><destination-wildcard>}|any-destination|{host-destination<de stination-host-ip>}}[precedence<precedence>][tos<tos>][time-range<ti me-range-name>] Functions:Define an extended name MAC-IP ACL rule, ‘No’ form deletes one extended numeric MAC-IP ACL access-list rule. Parameters: num access-list serial No.
Page 777 TCP/UDP source interface No., Interface No. is an integer from 0-65535; d-port(optional): means need to match TCP/UDP destination interface; port3(optional): value of TCP/UDP destination interface No., Interface No. is an integer from 0-65535; [ack] [fin] [psh] [rst] [urg] [syn], (optional) only for TCP protocol, multi-choices of tag positions are available, and when TCP data reports the configuration of corresponding position, then initialization of TCP data report is enabled to form a match when in connection;...
Page 778 address;<dPrefixlen> is the length of the IPv6 address prefix,the range is 1 ～ 128;<igmp-type>,type of the igmp;<icmp-type>,icmp type;<icmp-code>,icmp protocol number;<dscp>,IPv6 priority ,the range is 0～63;<fl>,value of the flow label,the range 0 ～ 1048575;syn,ack,urg,rst,fin,psh,tcp label position;<sPort>,source port number,the range is 0～65535;<dPort>,destination port number, the range is 0～ 65535;...
Page 779: Acl Example
cannot exceed 16-character long. Command Mode: Global mode Default: No time-range configuration Guide: Examples:Reate a time-range named dc timer. Switch(config)#Time-range dc_ti 19.3 ACL Example Scenario: The user has the following configuration requirement: port 1/10 of the switch connects to 10.0.0.0/24 segment, ftp is not desired for the user. Configuration description: Create a proper ACL Configuring packet filtering function...
Page 780: Acl Troubleshooting
19.4 ACL Troubleshooting Checking for entries in the ACL is done in a top-down order and ends whenever an entry is matched. Default rule will be used only if no ACL is bound to the specific direction of the port, or no ACL entry is matched.
Page 781 access-list 100 deny ip any any-destination access-list 100 deny tcp any any-destination access-list 1100(used 0 time(s)) access-list 1100 permit any-source-mac any-destination-mac tagged-eth2 14 2 0800 access-list 3100(used 0 time(s)) access-list 3100 deny any-source-mac any-destination-mac udp any s-port 100 any-destination d-port 40000 Displayed information Explanation access-list 10(used 1 time(s))
Page 782 the ingress acl use in firewall is 111,packet(s) number is 10. the egress acl use in firewall is 100,packet(s) number is 10. interface name: Ethernet the ingress acl use in firewall is 10,packet(s) number is 10. Displayed information Explanation interface name: Ethernet Tying situation on port Ethernet1/2 the ingress acl use in firewall No.
Page 783: Web Management
Command Mode:Admin mode Usage Guide: When not assigning time-range names, all time-range will be revealed. Examples: Switch#show time-range time-range timer1 (inactive) absolute-periodic Saturday 0:0:0 to Sunday 23:59:59 time-range timer2 (active) absolute-periodic Monday 0:0:0 to Friday 23:59:59 19.4.1.5 show ipv6 access-lists Command: show ipv6 access-lists [<num>|<acl-name>] Function: Show the configured IPv6 access control list Parameter:<num>...
Page 784: Numeric Standard Acl Configuration
19.5.1 Numeric standard ACL configuration Click “Numeric ACL Configuration”, and then “Add Standard Numeric ACL” section to enter the configuration page. The explanations of each section are: ACL number -1- 99 Rule -permit or deny Source address type -Specified IP address or any randomly allocated IP address Source IP address Reverse network mask Specify the number in the ACL number section and the relative values in the other 4...
Page 785 Add TCP numeric extended ACL Add UDP numeric extended ACL Add numeric extended ACL for other protocols By clicking the icons, it will enter the related configuration page There are several sub-sections in this category: ACL number (100-199) Rule - permit or deny Source address type - Specified IP address or any randomly allocated IP address Source IP address Reverse network mask...
Page 786: Configure And Delete The Standard Acl Name
number of 110, deny the source IP address of 10.0.0.0/24 section, and make the target port is 21. Please refer the following configurations and then click the icon of “Add”. 19.5.4 Configure and delete the standard ACL name Click “ACL name configuration” to open up the sub-sections, next click “ACL name configuration”...
Page 787: Configure Extended Acl Name Configuration
19.5.5 Configure extended ACL name configuration Click “ACL name configuration”, the configuration sections will then be shown. There are 6 types of extended ACL name configurations: IP extended ACL name configuration ICMP extended ACL name configuration IGMP extended ACL name configuration TCP extended ACL name configuration UDP extended ACL name configuration Other protocols extended ACL name configuration...
Page 788 Click “Filter configuration”, and then select “ACL port binding” to enter the configuration page. There are five items in this section. Port -the target port to bind to ACL ACL name -the target ACL name to bind Ingress/Egress -the target direction to bind Operation type -”Add”...
Page 789: Chapter 20 802.1X Configuration
Chapter 20 802.1x Configuration 20.1 Introduction to 802.1x IEEE 802.1x is a port-based network access management method, which authenticates and manages the accessing devices on the physical access level of the LAN device. The physical access level here are the ports of the switch. If the users’ devices connected to such ports can be authenticated, access to resources in the LAN is allowed;...
Page 790: Configuration
divided into two virtual port types: managed port and non-managed port. A non-managed port is always in the connected status for both in and out directions to transfer EAP authenticating packets. A managed port will be in the connected status when authorized to transfer commutation packets;...
Page 791 Command Explanation Global Mode Enables the AAA authentication function in the switch; aaa enable the “no aaa enable” command disables the AAA no aaa enable authentication function. Enables the accounting function in the switch; the “no aaa-accounting enable command disables aaa-accounting enable”...
Page 792 Command Explanation Global Mode Enables the 802.1x address filter function in the switch; dot1x macfilter enable the "no dot1x macfilter enable" command disables the no dot1x macfilter enable 802.1x address filter function. dot1x accept-mac <mac-address> [interface Adds 802.1x address filter table entry, the “no dot1x <interface-name>] accept-mac”...
Page 793 dot1x re-authenticate Enables IEEE 802.1x re-authentication (no wait timeout [interface requires) for all ports or a specified port. <interface-name>] 4. Authentication Server (RADIUS server) related property configuration 1) Configure RADIUS authentication key. Command Explanation Global Mode Specifies the key for RADIUS server; the “no radius-server key <string>...
Page 794: Command For 802.1X
Configures the re-transmission times for RADIUS; the radius-server retransmit “no radius-server retransmit” command restores the <retries> default setting no radius-server retransmit Configures the timeout timer for RADIUS server; the radius-server timeout “no radius-server timeout” command restores the <seconds> default setting. no radius-server timeout 20.2.2 Command for 802.1x 20.2.2.1 aaa enable...
Page 795 Example: Enable AAA accounting for the switch. Switch(Config)#aaa-accounting enable 20.2.2.3 dot1x accept-mac Command: dot1x accept-mac <mac-address> [interface <interface-name>] no dot1x accept-mac <mac-address> [interface <interface-name>] Function: Adds a MAC address entry to the dot1x address filter table. If a port is specified, the entry added applies to the specified port only.
Page 796 Example: Setting EAP local end authentication for the switch. Switch(Config)#no dot1x eapor enable 20.2.2.5 dot1x enable Command: dot1x enable no dot1x enable Function: Enables the 802.1x function in the switch and ports: the "no dot1x enable" command disables the 802.1x function. Command mode: Global Mode and Interface Mode.
Page 797 restores the default setting. Parameters: <count> is the times to re-transfer EAP request/ MD5 frames, the valid range is 1 to 10. Command mode: Global Mode Default: The default maximum for retransmission is 2. Usage Guide: The default value is recommended in setting the EAP request/ MD5 retransmission times.
Page 798 Usage Guide: If the port needs to provide 802.1x authentication for the user, the port authentication mode should be set to auto. Example: Setting port1/1 to require 802.1x authentication mode. Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)#dot1x port-control auto 20.2.2.10 dot1x port-method Command:dot1x port-method {macbased | portbased} no dot1x port-method Function: Sets the access management method for the specified port;...
Page 799 command disables this function. Command mode: Global Mode Default: Periodical re-authentication is disabled by default. Usage Guide: When periodical re-authentication for supplicant is enabled, the switch will re-authenticate the supplicant at regular interval. This function is not recommended for common use. Example: Enable the periodical re-authentication for authenticated users.
Page 800 Command:dot1x timeout tx-period <seconds> no dot1x timeout tx-period Function: Sets the interval for the supplicant to re-transmit EAP request/identity frame; the “no dot1x timeout tx-period” command restores the default setting. Parameters:<seconds> is the interval for re-transmission of EAP request frames, in seconds;...
Page 801 Switch(Config)#radius-server accounting host 100.100.100.60 port 3000 primary 20.2.2.17 radius-server authentication host Command: radius-server authentication host {<ipv4-address >|<ipv6-address>} [port <port-number>] [primary] no radius-server authentication host { ipv4-address >|<ipv6-address>} Function: Specifies the IP address and listening port number for the RADIUS server; the “no radius-server authentication host <IPaddress>“...
Page 802 this command; the system resets the status for that server to valid. Example: Setting the down-restore time for RADIUS server to 3 minutes. Switch(Config)#radius-server dead-time 3 20.2.2.19 radius-server key Command:radius-server key <string> no radius-server key Function: Specifies the key for the RADIUS server (authentication and accounting); the “no radius-server key”...
Page 803: Application Example
Command: radius-server timeout <seconds> no radius-server timeout Function: Configures the timeout timer for RADIUS server; the “no radius-server timeout” command restores the default setting. Parameters: <seconds> is the timer value (second) for RADIUS server timeout, the valid range is 1 to 1000. Command mode: Global Mode Default: The default value is 3 seconds.
Page 804: Troubleshooting
Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0 Switch(Config-if-vlan1)#exit Switch(Config)#radius-server authentication host 10.1.1.3 Switch(Config)#radius-server accounting host 10.1.1.3 Switch(Config)#radius-server key test Switch(Config)#aaa enable Switch(Config)#aaa-accounting enable Switch(Config)#dot1x enable Switch(Config)#interface ethernet 1/2 Switch(Config-Ethernet1/2)#dot1x enable Switch(Config-Ethernet1/2)#dot1x port-control auto Switch(Config-Ethernet1/2)#exit 20.3.1 802.1x Troubleshooting It is possible that 802.1x be congfigured on ports and 802.1x authentication be setted to auto，but switch cann’t be to authenticated state after the user runs 802.1x supplicant software.
Page 805 20.3.1.1.1 debug aaa Command: debug aaa no debug aaa Function: Enables AAA debugging information; the “ no debug aaa” command disables the AAA debugging information. Command mode: Admin Mode Parameters: N/A. Usage Guide:Enable AAA debugging information allows the check of RADIUS negotiation process and is helpful in troubleshooting.
Page 806 Function: Display the authenticating users. Command mode: Admin Mode Usage Guide: Usually the administrator concerns only information about the authenticating user , the other information displays is used for troubleshooting by the technical support. Example: Switch#show aaa authenticating-user ------------------------- authenticating users ------------------------------ User-name Retry-time Radius-ID Port Eap-ID Chap-ID Mem-Addr...
Page 807 .Is Server Dead = 0 .Socket No = 0 accounting server[1].Host IP = 192.168.1.218 .Udp Port = 1813 .Is Primary = 0 .Is Server Dead = 0 .Socket No = 0 Time Out = 3 Retransmit = 3 Dead Time = 5 Account Time Interval = 0 Displayed information Description...
Page 808 20.3.1.1.6 show dot1x Command: show dot1x [interface <interface-list>] Function: Displays dot1x parameter related information, if parameter information is added, corresponding dot1x status for corresponding port is displayed. Parameters: <interface-list> is the port list. If no parameter is specified, information for all ports is displayed.
Page 809 tx-period EAP retransmission interval max-req EAP packet retransmission interval authenticator mode Switch authentication mode Mac Filter Enables dot1x address filter or not MacAccessList Dot1x address filter table Dot1x-EAPoR Authentication method used by the switch (EAP relay, EAP local end) 802.1x is enabled on ethernet 1 Indicates whether dot1x is enabled for the port Authentication Method: Port authentication method (MAC-based, port-based)
Page 810: Web Management
20.4 Web Management Click “Authentication configuration”, open authentication configuration management list. Users may configure switch 802.1x authentication function. 20.4.1 RADIUS client configuration Click “Authentication configuration”, “RADIUS client configuration”, to open Radius client configuration management list Users may the configure switch Radius client. 20.4.1.1 RADIUS global configuration Click “Authentication configuration”, “RADIUS client configuration”, “RADIUS global configuration”...
Page 811 20.4.1.2 RADIUS authentication configuration Click “Authentication configuration”, “RADIUS client configuration”, “RADIUS authentication configuration” to configure the RADIUS authentication server IP address and monitor port ID. Authentication server IP -Server IP address. Authentication server port (optional) - Is the server monitor port ID, with range: 0~65535, where “0” means it’s not working as an authentication server.
Page 812: Configuration
Accounting server port(optional) -is the accounting server port ID, with range: 0~65535, where “0” means that it’s not work as authentication server. Primary accounting server -Primary Accounting server, is the primary server; Non-Primary Accounting server, is the non-primary server. Operation type -Add accounting server, adds an accounting server; Remove accounting server, removes an accounting server Example: Configure Accounting server IP as 10.0.0.1, Accounting server port as default port, choose Primary accounting server, choose Operation type as “Add accounting...
Page 813 of switch retransfer EAP-request/identity frame to suppliant. EAP relay authentication mode - Configures switch to adopt EAP relay method to make authentication; use the “no” command to configure switch to adopt EAP local terminating method to make authentication. MAC filtering -Enables, disables the switch dot1x address filter function. Example: Choose 802.1x status as Open 802.1x, Configure Maximum retransmission times of EAP-request/identity as 1, choose Re-authenticate client periodically as Disable Re-authenticate, configure Holddown time for authentication failure as 1, configure...
Page 814 port, not permit any port pass across this port. Authentication mode -Configures the access control method for a specific port. Mac-based is access control method which is based on MAC address; port-based access control method which is based on port. Port maximum user(1-254) - Configures the permission maximum user for specific port.
Page 815 Port -assign port 802.1x status -port 802.1x status Authentication type -Authentication type Authentication status -Authentication status Authentication mode -Authentication mode Example: Choose Ethernet port 1/1, then Click Reauthenticate button, the user in Ethernet port 1/1 will be force to make re-authentication.
Page 816: Chapter 21 Vrrp Configuration
Chapter 21 VRRP Configuration 21.1 Introduction To VRRP VRRP (Virtual Router Redundancy Protocol) is a fault tolerant protocol designed to enhance connection reliability between routes (or L3 Ethernet switches) and external devices. It is developed by the IETF for local area networks (LAN) with multicast/broadcast capability (Ethernet is a Configuration Example) and has wide applications.
Page 817: Vrrp Configuration Task List
duration is brief and smooth, hosts within the segment can use the Virtual Router as normal and uninterrupted communication can be achieved. 21.2 VRRP Configuration Task List Create/Remove the Virtual Router (required) Configure VRRP dummy IP and interface (required) Activate/Deactivate Virtual Router (required) Configure VRRP authentication (optional) Configure VRRP sub-parameters (optional) Configure the preemptive mode for VRRP...
Page 818 Command Explanation Interface Mode Configures the authentication mode for VRRP packets sending on the interface, ip vrrp authentication mode text the "no ip vrrp authentication mode" no ip vrrp authentication mode command resets the authentication mode to default value. Configures simple authentication strings for VRRP packets sending on the...
Page 819: Commands For Vrrp
21.3 Commands For VRRP 21.3.1 advertisement-interval Commands: advertisement-interval <adver_interval> no advertisement-interval Function: Sets the vrrp timer values; the “no advertisement-interval” command restores the default setting. Parameters: <adver_interva> is the interval for sending VRRP packets in seconds, ranging from 1 to 10. Default: The default <adver_interva>...
Page 820: Debug Vrrp
Command mode: VRRP protocol configuration mode Usage Guide: The interface monitor function is a valuable extension to backup function, which not only enable VRRP to provide failover function on router (or L3 Ethernet switch) fail, but also allow decreasing the priority of a router (or L3 Ethernet switch) to ensure smooth implementation of backup function when status of that network interface is down.
Page 821: Enable
Example: Deactivating a Virtual Router numbered as 10 Switch(config)# router vrrp 10 Switch (Config-Router-Vrrp)# disable 21.3.5 enable Commands: enable Function: Activates VRRP Parameters: N/A. Default: Not configured by default. Command mode: VRRP protocol configuration mode Usage Guide: Activates the appropriate Virtual Router. Only a router (or L3 Ethernet switch) interface started by this enable command is part of Standby cluster.
Page 822: Priority
Default: Preemptive mode is set by default Usage Guide: If a router (or L3 Ethernet switch) requiring high priority needs to preemptively become the active router (or L3 Ethernet switch), the preemptive mode should be enabled. Example: Setting non-preemptive VRRP mode Switch(Config-Router-Vrrp)# preempt-mode false 21.3.8 priority Commands: priority <value>...
Page 823: Show Vrrp
Example: Configuring a Virtual Router with number 10 Switch(config)# router vrrp 10 21.3.10 show vrrp Commands: show vrrp [<vrid>] Function: Displays status and configuration information for the VRRP standby cluster. Command mode: All Modes Example: Switch# show vrrp VrId <1> State is Initialize Virtual IP is 10.1.20.10 (Not IP owner) Interface is Vlan2...
Page 824: Example O Fvrrp
no virtual-ip Function: Configures the VRRP dummy IP address Parameters: <A.B.C.D> is the IP address in decimal format. Default: Not configured by default. Command mode: VRRP protocol configuration mode Usage Guide: This command adds a dummy IP address to an existing Standby cluster. The "no virtual-ip"...
Page 825: Vrrp Troubleshooting
If VRRP problems persist after the above-mentioned procedures, please run debug gingcommands like “debug vrrp”, and copy the DEBUG information in 3 minutes and send the information to SMC Networks technical service center. 21.6 Web Management Click “VRRP control” to enter VRRP control configuration mode to manage VRRP features for the switch.
Page 826: Configure Vrrp Dummy Ip
21.6.2 configure VRRP Dummy IP Click “VRRP control” to configure VRRP and enter "VRRP Dummy IP Config". Example: Enter the created Virtual Router number 1, VRRP Dummy IP address 192.168.2.100. Click Apply to add the Dummy IP address to Virtual Router number 1. Click Remove to remove the Dummy IP address from Virtual Router number 1.
Page 827: Configure Vrrp Priority
21.6.6 Configure VRRP Priority Click “VRRP control” to configure VRRP and enter "VRRP Priority". Example: Enter the created Virtual Router number "1" and priority. Click Enable to set the priority of virtual router number 1 to "255". Click Disable to disable the priority of Virtual Router number 1.
Page 828 Click “VRRP control” to enter "VRRP AuthenMode" and configure VRRP authentication mode. Example: Choose created "Vlan1" for Port and "yes" for AuthenMode. Click Apply to finish Port Vlan1 authentication mode configuration.
Page 829: Chapter 22 Mrpp Configuration
Chapter 22 MRPP Configuration 22.1 MRPP introduction MRPP (Multi-layer Ring Protection Protocol), is a link layer protocol applied on Ethernet loop protection. It can avoid broadcast storm caused by data loop on Ethernet ring, and restore communication among every node on ring network when the Ethernet ring has a break link.MRPP is the expansion of EAPS(Ethernet link automatic protection protocol).
Page 830: Mrpp Protocol Packet Types
2.Ethernet Ring (MRPP Ring) Ring linked Ethernet network topology. Each ring has two states. Health state: The whole ring net work physical link is connected. Break state: one or a few physical link break in ring network 3.nodes Each switch is named after a node on Ethernet. The node has some types: Primary node: each ring has a primary node, it is main node to detect and defend.
Page 831: Mrpp Protocol Operation System
Packet Type Explanation Hello packet (Health examine The primary port of primary node evokes to detect packet) Hello ring, if the secondary port of primary node can receive Hello packet in configured overtime, so the ring is normal. LINK-DOWN (link Down event After transfer node detects Down event on port,...
Page 832: Mrpp Configuration Task Sequence
sending from primary node, the ring has been restored, at the same time the primary node block its secondary port, and sends its neighbor LINK-UP-Flush-FDB packet. After MRPP ring port refresh UP on transfer node, the primary node maybe find ring restore after a while.
Page 833: Commands For Mrpp
Configure Hello packet overtime timer Fail-timer <INT> sending from primary node of MRPP No fail-timer ring, format “no” restores default timer value Enable MRPP ring, format “no” disables Enable enabled MRPP ring No enable 3) Display and debug MRPP relevant information Command Explanation Admin Mode...
Page 834: Debug Mrpp
Command：control-vlan <VID> no control-vlan Function： Configure control VLAN ID of MRPP ring; the“no control-vlan” command deletes control VLAN ID. Parameter：<VID> expresses control VLAN ID, the valid range is from 1 to 4094. Command Mode： MRPP ring mode Default： None Usage Guide： The command specifies Virtual VLAN ID of MRPP ring, currently it can be any value in 1-4094.To avoid confusion, it is recommended that the ID is non-configured VLAN ID, and the same to MRPP ring ID.
Page 835: Fail-Timer
Usage Guide： Executing this command, it must enable MRPP protocol, and enable all of option needed to be configured of the MRPP ring. Example： Configure MRPP ring 4000 of switch to primary node, and enable the MRPP ring. Switch(Config)# mrpp enable Switch(Config)# mrpp ring 4000 Switch(mrpp-ring-4000)#control-vlan 4000 Switch(mrpp-ring-4000)#primary-port ethernet 4/1...
Page 836: Mrpp Enable
Parameter： <INT> valid range is from 1 to 100s. Command Mode： MRPP ring mode Default： Default configuration timer interval is 1s. Usage Guide：The primary node of MRPP ring continuously sends Hello packet on configured Hello timer interval, if secondary port of primary node can receive this packet in configured period;...
Page 837: Node-Mode
22.3.9 node-mode Command： node-mode {maser|transit} Function： Configure the type of the node to primary node or secondary node. Parameter： Command Mode： MRPP ring mode Default： Default the node mode is secondary node. Usage Guide：。 Example： Configure the switch to primary node. MRPP ring 4000 Switch(Config)# mrpp ring 4000 Switch(mrpp-ring-4000)#node-mode master 22.3.10 primary-port...
Page 838: Show Mrpp
Switch(Config)# mrpp ring 4000 Switch(mrpp-ring-4000)#secondary-port Ethernet 4/3 - 22.3.12 show mrpp Command： show mrpp {<INT>|} Function： Display MRPP ring configuration. Parameter： <INT> is MRPP ring ID, the valid range is from 1 to 4096, if not specified ID, it display all of MRPP ring configuration. Command Mode：...
Page 839 SWITCH A SWITCH B Master Node MRPP Ring 4000 SWITCH C SWITCH D Fig 22-2MRPP typical configuration scenario 1 The above topology often occurs on using MRPP protocol. The multi switch constitutes a single WAPS ring, all of the switches only are configured an MRPP ring, thereby constitutes a single MRPP ring.
Page 840: Mrpp Typical Scenario 2
Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 1/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 1/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH C configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 1/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 1/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH D configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000...
Page 841 SWITCH F SWITCH A SWITCH E Master SWITCH B Ring Node Ring 4000 SWITCH G SWITCH H SWITCH C SWITCH D Master Node Fig 22-3 typical scenario 2 The above topology configures two tangent MRPP ring, SWITCH E belongs to ring 1 and 2.
Page 842 SWITCH C configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 1/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 1/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH D configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 1/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 1/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH E configuration Task Sequence:...
Page 843: Mrpp Typical Scenario 3
Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# SWITCH F configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 1/1 Switch(MRPP-ring-100)#secondary-port Ethernet 1/2 Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# SWITCH E configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 1/1 Switch(MRPP-ring-100)#secondary-port Ethernet 1/2 Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)#...
Page 844 SWITCH F SWITCH A Master SWITCH B Node SWITCH E Ring 4000 Ring 100 SWITCH G SWITCH C Master Node SWITCH D Fig 22-4 MRPP Scenario 3 In above topology figure, SWITCH B, E, D belongs to two MRPP ring 4000 and 100 separately.
Page 845 Switch(MRPP-ring-4000)#primary-port Ethernet 1/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 1/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH C configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 1/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 1/2 Switch(MRPP-ring-4000)#enable Switch(MRPP-ring-4000)#exit Switch(Config)# SWITCH H configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 4000 Switch(MRPP-ring-4000)#control-vlan 4000 Switch(MRPP-ring-4000)#primary-port Ethernet 1/1 Switch(MRPP-ring-4000)#secondary-port Ethernet 1/2...
Page 846 Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 1/1 Switch(MRPP-ring-100)#secondary-port Ethernet 1/3 Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# SWITCH D configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 1/2 Switch(MRPP-ring-100)#secondary-port Ethernet 1/3 Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# SWITCH E configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100...
Page 847: Mrpp Troubleshooting
SWITCH G configuration Task Sequence: Switch(Config)#MRPP enable Switch(Config)#MRPP ring 100 Switch(MRPP-ring-100)#control-vlan 100 Switch(MRPP-ring-100)#primary-port Ethernet 1/1 Switch(MRPP-ring-100)#secondary-port Ethernet 1/2 Switch(MRPP-ring-100)#node-mode master Switch(MRPP-ring-100)#enable Switch(MRPP-ring-100)#exit Switch(Config)# 22.5 MRPP troubleshooting The normal operation of MRPP protocol depends on normal configuration of each switch on MRPP ring, otherwise it is very possible to form ring and broadcast storm: Configuring MRPP ring, you’d better disconnected the ring, and wait for each switch configuration, then open the ring.
Page 848: Chapter 23 Cluster Configuration
Chapter 23 Cluster Configuration 23.1 Introduction To Cluster Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch).
Page 849 1) Create or delete cluster 2) Configure private IP address pool for member switches of the cluster 3) Add or remove a member switch 3. Configure attributes of the cluster in the commander switch Enable or disable joining the cluster automatically Set holdtime of heartbeat of the cluster Set interval of sending heartbeat packets among the switches of the cluster Clear the list of candidate switches discovered by the commander switch...
Page 850 Command Explanation Global Mode Enable or disable adding newly cluster auto-add enable discovered candidate switch to the no cluster auto-add enable cluster Set holdtime of heartbeat of the cluster holdtime < second> cluster no cluster holdtime Set interval of sending heartbeat cluster heartbeat <interval>...
Page 851: Commands For Cluster
23.3 Commands For Cluster 23.3.1 cluster run Command:cluster run no cluster run Function:Enable cluster function; the “no cluster run” command disables cluster function. Command mode:Global Mode Default:Cluster function is disabled by default. Instructions:This command enables cluster function. Cluster function has to be enabled before implementing any other cluster commands.
Page 852: Cluster Commander
Command mode: Global Mode Default: There is no private IP address pool by default. Instructions: Before creating the cluster, users have to set the private IP address pool in the commander switch. The cluster can’t be created if the private IP address pool is not set.
Page 853: Cluster Auto-Add Enable
[<mem-id>]} [password <pass>] no cluster member <mem-id > Function: Add a candidate switch to the cluster in the commander switch; the “no cluster member <mem-id >” command deletes a member switch from the cluster. Parameter: <mem-id> is the member ID, valid range is 1 to 23; <cand-sn> is the sequence number of the switch in the candidate switch list, valid range is 0 to 127.
Page 854: Rcommand Commander
Function: In the commander switch, this command is used to remotely manage the member switches in the cluster. Parameter: <mem-id> is the cluster ID of the member switch, valid rang is 1 to 23. Command mode: Admin Mode Instructions: Enter the Admin Mode of the member switch and configure the member switch remotely.
Page 855: Cluster Holdtime
Command: cluster update member <mem-id> <src-url> <dst-url> [ascii | binary] Function: In the commander switch, this command is used to remotely upgrade the member switch. Parameter: <mem-id> is the cluster ID of the member switch, valid rang is 1 to 23; <src-url>...
Page 856: Cluster Heartbeat
Command mode: Global Mode Default: The holdtime of heartbeat is 80 seconds by default. Instructions: In the commander switch, this command is used to set the holdtime of heartbeat. And this information is distributed to all the member switches. If this command is executed in a non-commander switch and the value is less than the current holdtime, the setting is invalid and an error is displayed.
Page 857: Examples Of Cluster Administration
23.4 Examples Of Cluster Administration Scenario The four switches SwitchA-SwitchD, amongst the SwitchA is the command switch and other switches are member switch. The SwitchB and SwitchD is directly connected with the command switch, SwitchC connects to the command switch through SwitchB Fig 23-1 Examples of Cluster Configuration Procedure 1.
Page 858 Command switch for cluster 1234 Total number of members: 6 Status: 3 Inactive Time since last status change: 20 hours,30 minutes,15 seconds Heartbeat interval: 8 seconds Heartbeat hold-time: 80 seconds Cluster's snmp rw community string:public 23.5.1.2 show cluster members Command: show cluster members Function: Display the statistic information of the joined members on the switch Command Mode: Admin Mode Usage Guide: Executing this command on the switch will display the information of the...
Page 859 23.5.1.5 debug cluster application Command:debug cluster application no debug cluster application Function: Display debugging message on data transmission between the switches when the command or member switch joins a cluster Command Mode: Admin Mode 23.5.1.6 debug cluster statemach Command:debug cluster statemach no debug cluster statemach Function:Enable the debugging message of the changes in member switches and command switch direct protocol state machine when a cluster admin member joining the...

This manual is also suitable for:

Es4710bd Es4700 series