Download Print this page

Planet DCS-7342-32C2X User Manual

Layer 3 32-port 100g/40g qsfp28 + 2-port 10g sfp+ / 48-port 25g sfp28 + 8-port 100g/40g qsfp28 managed data center switch

Hide thumbs Also See for DCS-7342-32C2X:

Quick installation manual (17 pages)

Table Of Contents

page of 757

/ 757
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

Chapter 3 IP Service Configuration

S w i t c h O p e r a t i o n M a n u a l

DCS-7342-32C2X

DCS-7342-48Y8C

PLANET Layer 3 32-Port 100G/40G

QSFP28 + 2-Port 10G SFP+ / 48-Port 25G

SFP28

+

8-Port

Managed Data Center Switch

100G/40G

QSFP28

1

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the DCS-7342-32C2X and is the answer not in the manual?

Questions and answers

Summary of Contents for Planet DCS-7342-32C2X

Page 1 Chapter 3 IP Service Configuration DCS-7342-32C2X DCS-7342-48Y8C PLANET Layer 3 32-Port 100G/40G QSFP28 + 2-Port 10G SFP+ / 48-Port 25G SFP28 8-Port 100G/40G QSFP28 Managed Data Center Switch S w i t c h O p e r a t i o n M a n u a l...
Page 2: Fcc Warning
PLANET has made every effort to ensure that this User's Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred.
Page 3 Revision User’s Manual of PLANET Layer 3 32-Port 100G/40G QSFP28 +2-Port 10G SFP+/48-Port 25G SFP28 +8-Port 100G/40G QSFP28 Managed Data Center Switch Models:DCS-7342-32C2X and DCS-7342-48Y8C Revision: 1.0 Part No: EM-DCS-7342 Series Configuration Guide_v1.0...
Page 4: Table Of Contents
Contents CHAPTER 1 INTRODUCTION ................. 21 1.1 P ........................21 ACKET ONTENTS 1.2 P ....................... 22 RODUCT ESCRIPTION 1.3 P ........................24 RODUCT EATURES 1.4 P ......................27 RODUCT PECIFICATIONS CHAPTER 2 INSTALLATION ..................32 2.1 H ......................32 ARDWARE ESCRIPTION 2.1.1 Switch Front Panel ......................
Page 5 4.1.3 Displaying Basic System Information ................54 4.1.3.1 Displaying Device Management and Running Information ......... 54 4.1.3.2 Displaying All Available Commands in the Current Configuration View ....54 4.1.3.3 Displaying Commands That Have Been Used by Users ........55 4.1.3.4 Displaying Software and Hardware Versions of the System ....... 55 4.1.3.5 Viewing the Number of Users That Have Logged in ...........
Page 6 4.3.1.4 FTP Client Configuration Example ..............81 4.3.2 TFTP Configuration ......................83 4.3.2.1 Configuring the TFTP Server Function ..............83 4.3.2.2 Downloading Files via TFTP ................84 4.3.2.3 Uploading Files via TFTP ..................85 4.3.2.4 TFTP Client Configuration Example ..............86 CHAPTER 5 L2 ETHERNET CONFIGURATION ............
Page 7 5.5 VLAN C ......................120 ONFIGURATION 5.5.1 Overview of VLAN ......................120 5.5.2 Creating a VLAN ......................120 5.5.3 Configuring an Interface-based VLAN ................121 5.5.4 Configuring Other Parameters of VLAN ............... 122 5.5.5 Maintenance and Debugging ..................123 5.5.6 Configuration Example ....................124 5.6 VLAN M ....................
Page 8 5.11.5.2 Typical L3 MLAG Case ..................155 CHAPTER 6 IP SERVICE CONFIGURATION ............158 6.1 C 4 ........................158 ONFIGURING 6.1.1 Configuring In-band, Out-of-band, and Loopback IP Addresses ........158 6.1.2 Configuration Commands of Interface IP Address............159 6.1.3 Configuring the TCP Connection Count ............... 161 6.1.4 Viewing Configuration of an VLAN Interface ..............
Page 9 6.4.5 Configuration Example ....................193 CHAPTER 7 CONFIGURING L3 IP ................ 196 7.1 C IP R ................196 ONFIGURING ASIC OUTING UNCTIONS 7.1.1 Configuring ECMP ......................196 7.2 C ....................197 ONFIGURING TATIC OUTES 7.2.1 Configuring Static IPv4 Routes ..................197 7.2.2 Maintenance and Debugging ..................
Page 10 7.3.3.5 Configuring Aggregation ..................245 7.3.3.6 Configuring an Authentication Mode..............247 7.3.3.7 Configuring BFD ....................248 7.3.3.8 Configuring GR ....................249 7.4 C OSPF 3 ......................251 ONFIGURING 7.4.1 OSPFv3 Overview ......................251 7.4.1.1 Basic OSPFv3 Concepts ................... 251 7.4.1.2 Route Diffusion ....................253 7.4.1.3 OSPFv3 LSA Types ...................
Page 11 7.5.1.4.10 BGP4 Route Reflector ................296 7.5.1.4.11 BGP4 Confederation ................297 7.5.1.4.12 MP-BGP of BGP4 .................. 297 7.5.1.4.13 BFD for BGP Features ................298 7.5.1.4.14 BGP GR ....................298 7.5.2 Configuring BGP ......................299 7.5.2.1 Configuring Basic BGP4 Functions ..............299 7.5.2.2 Configuring BGP4 Route Advertising ..............
Page 12 7.7.4 Applying a Routing Policy to OSPF ................356 7.7.5 Applying a Routing Policy to BGP ................. 356 7.7.6 Applying a Routing Policy to ISIS ................. 357 7.7.7 Maintenance and Debugging ..................358 7.7.8 Configuration Example ....................358 7.7.8.1 Example of Configuring BGP4 ECMP and a Routing Policy ......358 7.7.8.2 Configuring an OSPF Routing Policy ..............
Page 13 9.1.5 Maintenance and Debugging ..................397 9.1.6 Configuration Example ....................399 9.1.6.1 Example of Configuring Static L2 Multicast ............399 9.1.6.2 Example of Configuring IGMP Snooping ............401 9.1.6.3 Example of Configuring Multicast VLAN Copy ..........403 9.2 C IGMP ......................... 408 ONFIGURING 9.2.1 Introduction to IGMP .....................
Page 14 10.3.5 Configuring an L3 ACL6 ....................455 10.3.6 Configuring ACL Optional Functions ................457 10.3.7 View and Debugging ....................460 10.3.8 Configuration Example....................462 10.3.8.1 Example of Configuring an L2 ACL ..............462 10.3.8.2 Example of Configuring an L3 ACL ..............463 10.3.8.3 Example of Configuring a Mixed ACL ..............
Page 15 10.7.12.1 LOGIN AAA RADIUS Authentication ............. 494 10.7.12.2 DOT1X AAA TACACS Authentication ............495 10.8 C 802.1 ......................496 ONFIGURING 10.8.1 802.1x Overview ......................496 10.8.2 Configuring 802.1x Authorization ................497 10.8.2.1 Enabling or Disabling 802.1x Globally ............. 497 10.8.2.2 Enabling or Disabling 802.1x on an Interface ..........497 10.8.2.3 Configuring 802.1x Parameters ...............
Page 16 11.3.8 Configuration Example ....................550 11.4 C CFM ......................... 552 ONFIGURING 11.4.1 Overview of CFM ......................552 11.4.2 Basic CFM Concepts ....................552 11.4.3 Supported CFM Features .................... 555 11.4.4 Configuring Basic CFM Functions ................556 11.4.5 Configuring CFM Parameters ..................562 11.4.6 Configuring CFM Fault Confirmation ................
Page 17 CHAPTER 12 CONFIGURING DEVICE MANAGEMENT ........630 12.1 C ................... 630 ONFIGURING EVICE ARDWARE 12.1.1 Overview ........................630 12.1.2 Configuring the Device CPU ..................630 12.1.3 Configuring the Device Fan ..................631 12.1.4 Configuring the Device Memory ................. 632 12.1.5 Configuring the Device Temperature ................632 12.1.6 Viewing the Device CPU Usage .................
Page 18 13.1 C NTP ......................... 659 ONFIGURING 13.1.1 NTP Overview ......................659 13.1.2 Configuring Basic NTP Functions ................661 13.1.3 Configuring the NTP Security Mechanism ..............664 13.1.4 Maintenance and Debugging ..................667 13.1.5 Configuration Example....................667 13.2 C RMON ......................669 ONFIGURING 13.2.1 RMON Overview ......................
Page 19 13.7.4 Configuring an ICMP-Echo Test ................. 698 13.8 C JSON-RPC ...................... 699 ONFIGURING 13.8.1 JSON-RPC Overview ....................699 13.8.2 Configuring Basic JSON-RPC Functions..............702 13.8.3 Configuring User Authentication ................. 704 13.9 L ....................704 OCALLY PGRADING A EVICE 13.9.1 Upgrading the OS Through Command Lines ............. 704 13.10 C L3VPN ......................
Page 20 CHAPTER 15 VIRTUALIZATION CONFIGURATION ..........747 15.1 S ................... 747 TACK OMMAND ONFIGURATION 15.1.1 Overview of Stack Commands ................... 747 15.1.2 How a Switch Stack Works ..................750 15.1.3 Configuring the Link Topology ..................754...
Page 21: Chapter 1 Introduction
Chapter 1 INTRODUCTION PLANET Layer 3 24-/48-Port 10G SFP+ plus 4-Port 100G QSFP28 Managed Thank you for purchasing Switch . The descriptions of these models are shown below: Layer 3 24-Port 10G SFP+ + 4-Port 100G/40G QSFP28 Managed DCS-7342-32C2X Switch...
Page 22: Product Description
Layer 2, Layer 3, and Layer 4 functionalities. The DCS-7342-48Y8C features up to 48 25G and 8 100G/40G QSFP28 ports while the DCS-7342-32C2X comes with up to 32 100G/40G QSFP28 ports and 2 10G SFP+ ports. PLANET data center switch series is equipped with robust Layer 3 routing protocols including OSPF, and BGP, addressing the complexities of network architectures.
Page 23 Stacking enhances network reliability and availability by sharing ports and enables intelligent management functions, thereby optimizing resource utilization and facilitating flexible network configurations. This makes PLANET data center switch series an ideal choice for handling large-scale network requirements, meeting enterprises' needs for high performance and scalability.
Page 24: Product Features
Stacking Features  Hardware Stacking Virtualized multiple PLANET data center switches stacked into one logical device Connects with stack member via 100G/40G QSFP28 and 10G SFP+ interfaces Single IP address stack management, supporting up to 2 hardware units stacked together Stacking architecture supports redundant ring mode ...
Page 25  Supports 802.1d STP, 802.1w RSTP and 802.1s MSTP BPDU Protection Root Protection Loop Protection  Supports IGMP v1/v2c/v3 IGMP Snooping MLD snooping  Supports L2-L4 packet filtering Filters based on MAC, IP, port, protocol, IP ToS, 802.1p priority, VLAN ID, SVLAN ID, VLAN range, etc.
Page 26  Network Time Protocol (NTP), RSPAN  DHCP Functions DHCP Client/Relay/Server DHCP Option 43/60/82 DHCP Relay per VLAN DHCPv6 Relay/Server  Redundant Power System  Supports dual power redundancy and redundant backup for two sets of fans (Include 2 power DCS- PWR800AC) ...
Page 27: Product Specifications
1.4 Product Specifications Product DCS-7342-48Y8C DCS-7342-32C2X Hardware Specifications Switching Capacity 4Tbps 6.4Tbps Forwarding Rate 2000Mpps 2000Mpps Power supply 2 (DCS-PWR800AC) Power Supply Slot Supports 1+1 backup and hot swapping 10G Ports 2-port 10GBASE-SR/LR SFP+ interface 48-port 25G SFP28 25G Ports...
Page 28 IPv4ACL in: 2000 IPv4ACL Our: 512 Shared Data Buffer 10MB Jumbo Frame Back pressure for half duplex Flow Control IEEE 802.3x pause frame for full duplex Layer 3 Functions IPv4 static routing IPv4 dynamic routing protocols: OSPFv2 (Open Shortest Path First) IS-IS (Intermediate System to Intermediate System) BGP (Border Gateway Protocol) IPv6 static routing...
Page 29 Features BPDU protection, root protection, loop protection, and BPDU tunneling IPv4 IGMP v1/v2/v3 snooping IPv4 IGMP Snooping IGMP Fast Leave IPv4 Querier IPv6 MLD Snooping IPv6 MLD v1/v2 snooping Supports IGMP v1/v2c/v3 Multicast Implements IPv4 IGMP v1/v2/v3 Snooping Implements IPv6 MLD v1/v2 Snooping Supports cross-device link aggregation (LACP) Link Aggregation Implements Multi-Chassis Link Aggregation (MLAG)
Page 30 IP Source Guard support MAC black hole support MAC address quantity limitation Port isolation DHCP snooping, DHCP Option 43/60/82 Defend against DOS attacks Port security Supports 802.1x, RADIUS, and TACACS+ authentication User level quantity limitation User binding (port, source MAC and source IP address access control) SNMP login terminal restriction Network Access Control SSH v2.0 support...
Page 31 RFC1643 ethernet MIB RFC1757 RMON group 1,2,3,9 RFC 2925 Remote Management MIB RFC 2233 (rfc2233) ‐ SMIv2 MIB Standard Conformance Regulatory Compliance FCC Part 15 Class A, CE IEEE 802.3 25G, 40G, 100G Ethernet standards IEEE 802.1Q VLAN standard IEEE 802.1D STP, 802.1w RSTP, 802.1s MSTP standards Standards Compliance IEEE 802.1X Network Authentication standard RFC standards, such as RFC 768 (UDP), RFC 791 (IPv4), RFC 2460 (IPv6),...
Page 32: Chapter 2 Installation
The unit front panel provides a simple interface monitoring the switch. Figure 2-1-1 and 2-1-2, show the front panel of the Managed Switches. DCS-7342-32C2X Front Panel Figure 2-1-1DCS-7342-32C2X front panel DCS-7342-48Y8C Front Panel Figure 2-1-2 DCS-7342-48Y8C front panel ■ SFP+/SFP28 slots SFP+/SFP28 mini-GBIC slot, SFP (Small Factor Pluggable) transceiver module: From 550 meters (Multi-mode fiber) to 10/30/50/70/120 kilometers (Single-mode fiber).
Page 33: Switch Rear Panel
Figure 2-1-3 and 2-1-4, show the front panel of the Managed Switches. DCS-7342-32C2X Rear Panel Figure 2-1-3 DCS-7342-32C2X rear panel DCS-7342-48Y8C Rear Panel Figure 2-1-4 DCS-7342-48Y8C rear panel ■ USB Interface The USB port is a USB2.0 type; it is an interface for uploading/restoring the configuration/firmware.
Page 34: Led Indications
2.1.3 LED Indications The front panel LEDs indicate instant status of port links, data activity, system operation, stack status and system power, and helps monitor and troubleshoot when needed. DCS-7342-32C2X Figure 2-1-5 DCS-7342-32C2X front panel  LED Definition Color Function...
Page 35 corresponding 10GE interface. Off: Fan not running. Green On: Fan running normally. On: Fan alarm. Green Blinking: Main control unable to control fan, fan adjusts speed according to environmental temperature. Off: USB boot not enabled, default mode. Green On: USB boot completed. Blinking: USB data reading.
Page 36: Dcs-7342-48Y8C
2.1.3.1 DCS-7342-48Y8C Figure 2-1-6 DCS-7342-48Y8C front panel  LED Definition Color Function Off: ID light not activated default state Green On: Used for on-site locating, controlled by maintenance personnel to turn on and off ID light Off: Device is not the stack master Master Green On: Device is the stack master or not stacked...
Page 37 Blinking: Main control unable to control fan, fan adjusts speed according to environmental temperature. Off: USB boot not enabled, default mode. Green On: USB boot completed. Blinking: USB data reading. Off: Link not connected. Green On: Link connected. Blinking: Interface transmitting and receiving data. Off: Port is not connected or disabled.
Page 38: Switch Installation
2.2 Switch Installation This section describes how to install your Managed Switch and make connections to the Managed Switch. Please read the following topics and perform the procedures in the order being presented. To install your Managed Switch on a desktop or shelf, simply complete the following steps. 2.2.1 Desktop Installation To install the Managed Switch on desktop or shelf, please follow these steps: Step 1:...
Page 39: Rack Mounting
Connection to the Managed Switch requires UTP Category 5 network cabling with RJ45 tips. For more information, please see the Cabling Specification in Appendix Step 5: Supply power to the Managed Switch. Connect one end of the power cable to the Managed Switch. Connect the power plug of the power cable to a standard wall outlet.
Page 40 Step 3: Secure the brackets tightly. Step 4: Follow the same steps to attach the second bracket to the opposite side. Step 5: After the brackets are attached to the Managed Switch, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-2-3.
Page 41: Chapter 3 Configuration Preparation
Chapter 3 Configuration Preparation The chapter mainly describes the following preparatory works before you configure the switch at the first time:  Port number of the switch  Preparation before switch startup  How to get help  Command mode ...
Page 42: Preparation Before Switch Startup
3.2 Preparation Before Switch Startup Do the following preparatory works before the switch is configured: Set the switch’s hardware according to the requirements of the manual. Configure a PC terminal simulation program. Determine the IP address layout for the IP network protocols. 3.3 Acquiring Help Use the question mark (?) and the direction mark to help you enter commands: ...
Page 43 Command Entry Function Prompt Exit Command View Command Run config in Run exit to return to Global configuration Configures global Switch view parameters of the (config)# the privileged the privileged user switch. user view. view. Run disable in Run enable to Common user view Debugs some Switch>...
Page 44 Command Entry Function Prompt Exit Command View Command Run vlan N1 in Run exit to return to VLAN configuration Configures Layer 2 Switch(vlan- view VLANs on the N1)# the global the global switch. configuration configuration view. view. Run interface Run exit to return to VLANIF Configures Layer 3 Switch...
Page 45 Command Entry Function Prompt Exit Command View Command configuration view. MPLS remote-peer Configures the Switch(config- Run mpls ldp Run exit to return to configuration view remote-peer on the mplsldp- remote-peer the global switch. remote1)# index in the configuration view. global configuration view.
Page 46 Command Entry Function Prompt Exit Command View Command view. List numbers 1001- 2000 specify IPv4 ACLs. Filter configuration Configures the Switch(config Run filter filter Run exit to return to view (IPv6) Filtev6r on the ure-filter-filter list number in the global switch.
Page 47 Command Entry Function Prompt Exit Command View Command Run y1731 in Run exit to return to Y1731 configuration Configures the Switch(config- view Y1731 on the y1731)# the global the global switch. configuration configuration view. view. Run ipv4- Run exit to return to Address family Configures the Switch(config-...
Page 48: Canceling A Command
Command Entry Function Prompt Exit Command View Command Run mpls ldp Run exit to return to MPLS LDP Configures the Switch(config- vpn-instance configuration view MPLS VPN on the mpls-ldp-1) the global name in the switch. configuration view. global configuration view. Run bridge- Run exit to return to BD view...
Page 49: Chapter 4 Initial Setup
Chapter 4 Initial Setup 4.1 Basic Configuration 4.1.1 Device Management Configuration Device management configuration tasks display the switch's board status, CPU utilization, and memory utilization. Device management configuration tasks include:  Resetting the switch  Updating system or configuration files ...
Page 50: Updating System Or Configuration Files
4.1.1.2 Updating System or Configuration Files Purpose Run the upgrade (os|config) command to upgrade system or configuration files. Before running this command, run the ftp get command to download all the files to be upgraded to the device. Use this command under the instructions of technical support personnel.
Page 51: Configuring Basic System Environment
4.1.2 Configuring Basic System Environment System basic configuration and management include:  Setting the switch name.  Setting the system clock. 4.1.2.1 Configuring the Switch Hostname Purpose This section describes how to configure the switch hostname. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 52: Setting The Dst
4.1.2.3 Setting the DST Purpose This section describes how to set the name, start time, and end time of daylight-saving time (DST) and cancel the settings. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 53: Setting The Local Time Zone
4.1.2.4 Setting the Local Time Zone Purpose This section describes how to set the local time zone. Procedure The procedure for setting the local time zone is as follows. For parameter description, see Switch Command Reference Manual Purpose Procedure Set the local time zone 1.
Page 54: Displaying Basic System Information
4.1.3 Displaying Basic System Information 4.1.3.1 Displaying Device Management and Running Information Purpose Run the show command in any view to display the operation condition of the configured device. You can verify the configuration by viewing the displayed information. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 55: Displaying Commands That Have Been Used By Users
4.1.3.3 Displaying Commands That Have Been Used by Users Purpose This section describes how to display commands that have been used by users. Procedure The following is the procedure for displaying commands that have been used by users. Purpose Procedure Display commands that have 1.
Page 56: Viewing The Number Of Users That Have Logged In
4.1.3.5 Viewing the Number of Users That Have Logged in Purpose This section describes how to view the number of users that have logged in. Procedure The following is the procedure for viewing the number of users that have logged in. Purpose Procedure Display the number of users...
Page 57: Viewing The Acl Configuration
4.1.3.8 Viewing the ACL Configuration Purpose This section describes how to view the ACL configuration. Procedure The following is the procedure for viewing the ACL configuration. Purpose Procedure View the default MAC address 1. Access the global configuration view. and the MAC address in use 2.
Page 58: Password Management Configuration
4.1.4 Password Management Configuration The Switch supports password management. Users must configure a system login password when logging into the Switch for the first time and input the configured password for each subsequent login. After the password is authenticated, users can log in to the switch and perform operations. If the password fails the authentication, users cannot log in to the switch.
Page 59: Operation
User Type Description information of show running-config, show snmp config, show startup- config, and show user config commands. Users can only run the commands of their levels or of lower levels. To keep confidentiality, the password is not displayed on the screen. Operation Perform the corresponding steps according to different purposes, as shown below.
Page 60 Switch#config Switch(config)#username 123 group Administrators password Admin123456 #Log out. Switch(config)#quit Switch#quit # Use the configured username 123 and password 123 to log in to the system. Username: 123 Password: *********** Switch#...
Page 61: Configuring Uis
4.1.5 Configuring UIs UI configurations include:  Accessing or cancelling terminal configurations by users  Configuring the number of lines displayed on a terminal  Configuring the display color of a terminal  Configuring the display language on a terminal ...
Page 62: Accessing Or Cancelling Terminal Configurations By Users
4.1.5.2 Accessing or Cancelling Terminal Configurations by Users Purpose This section describes how users can access or cancel terminal configurations. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Enter the terminal...
Page 63: Closing A Virtual Terminal
4.1.5.4 Closing a Virtual Terminal Purpose This section describes how to terminate the connection with a virtual terminal (Telnet or SSH terminal) and reset the terminal. Virtual terminals are those connecting to the switch through Telnet or SSH. The switch has five virtual terminals by default. That is, five users can log in to the switch through Telnet or SSH concurrently.
Page 64: Configuring The Number Of Lines Displayed On A Terminal
4.1.5.6 Configuring the Number of Lines Displayed on a Terminal Purpose This section describes how to configure the number of lines displayed on a terminal. You can use this command to set the number of lines displayed on a screen when using the CLI. If the length is set to 0, the multi-screen display function is disabled.
Page 65: Configuring The Display Language Of A Terminal
4.1.5.8 Configuring the Display Language of a Terminal Purpose This section describes how to configure the display language of a terminal. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure the...
Page 66: Setting The Timeout Time Of A Virtual Terminal
4.1.5.10 Setting the Timeout Time of a Virtual Terminal Purpose This section describes how to set the timeout time of a virtual terminal. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Set the timeout...
Page 67: Displaying Information Of Online Users
4.1.5.12 Displaying Information of Online Users Purpose This section describes how to view the maximum number of concurrent online users allowed and the information on online users. Procedure The following is the procedure for displaying information of online users. Purpose Procedure Display 1.
Page 68: Configuring User Permissions
4.1.6 Configuring User Permissions This section describes how to manage users and distribute user permissions after logging in to the Switch. 4.1.6.1 Adding a User Purpose This section describes how to add a user after logging in to the Switch. Login users on the Switch are classified into four types, as described in Table 4-2.
Page 69: Deleting A User
4.1.6.2 Deleting a User Purpose This section describes how to delete a user after logging in to the Switch. Only users that belong to the Administrators group have the permission to delete a user. Procedure The procedure for deleting a user is as follows. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 70: Elevating User Permissions
4.1.6.5 Elevating User Permissions Purpose This section describes how to elevate user permissions. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Elevate 1. Access the global configuration view. 2.
Page 71: Setting Password Length For A Specified User Or All Users
4.1.6.7 Setting Password Length for a Specified User or All Users Purpose This section describes how to set the password length for a specified user or all users Procedure The following is the procedure for setting the password length for a specified user or all users. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 72: Setting A Reauthentication Interval
4.1.6.9 Setting a Reauthentication Interval Purpose This section describes how to set a reauthentication interval. Procedure The following is the procedure for setting the reauthentication interval. For parameter description, see Switch Command Reference Manual Purpose Procedure Set the reauthentication 1. Access the global configuration view. interval 2.
Page 73: Configuring Telnet, Ssh, And Ftp
4.1.6.11 Configuring Telnet, SSH, and FTP Purpose This section describes how to configure Telnet, SSH, and FTP. Procedure The following is the procedure for configuring Telnet, SSH, and FTP. For parameter description, see Switch Command Reference Manual Purpose Procedure Set the maximum 1.
Page 74: Querying User Permissions
Purpose Procedure Set the SSHD login 1. Access the global configuration view. 2. Run the sshd login-grace-time { login-grace-timer | default } grace time command. Configure the key string 1. Access the global configuration view. 2. Run the following commands: ...
Page 75: System Configuration File Operation
4.2 System Configuration File Operation The Switch provides the file system module for you to effectively manage storage devices such as flash memory. The file system provides the file and directory access management function, including creating, deleting, modifying, and renaming files and directories, and displaying file content. By default, the system gives a prompt for confirming the commands that may cause loss (such as deleting and overwriting files).
Page 76: File Operation
4.2.2 File Operation Purpose Operations can be performed to delete files, display file content, rename files, copy files, and display the information of designated files. The following commands can be used for file operations. Procedure The following is the procedure for file operations. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 77: Saving The Configuration File
4.2.3.1 Saving the Configuration File Purpose This section describes how to save the configuration in the current system to the startup configuration file. Procedure The following is the procedure for saving a configuration file. Access the common user view or global configuration view. Run the write file command.
Page 78: Uploading And Downloading Device Files
4.3 Uploading and Downloading Device Files 4.3.1 FTP Configuration The File Transfer Protocol (FTP) is a universal method of file transmission on the Internet and IP networks. The file transmission provided by FTP is to copy a complete file from a system to another. FTP supports limited file types (such as ASCII and binary) and file structures (byte-oriented stream or record).
Page 79: Introduction To Ftp Client
4.3.1.2 Introduction to FTP Client The FTP client is an auxiliary function provided by the Switch. It is an application module that needs no function configuration. In this case, the Switch serves as the FTP client to connect to the remote server. Users can run the commands of the FTP client for corresponding operations (such as creating or deleting directories).
Page 80 Configuration Configuration on the Switch Log in to the Switch (via the Console port locally or via Telnet remotely) and enable the FTP service. Switch#config Switch(config)#ftpd Run the FTP client program on the PC to set up an FTP connection to the Switch. Upload the application program switch.z of the Switch to the root directory of the flash memory, and download the configuration file config from the Switch.
Page 81: Ftp Client Configuration Example
Perform upgrade on the Switch after uploading is completed. You can run the upgrade os command as the application program for next startup, and then reboot the Switch to upgrade its application program. Switch#config Switch(config)#upgrade os Switch(config)#quit Switch#reboot 4.3.1.4 FTP Client Configuration Example Purpose This section provides a configuration example to describe how to use the Switch as the FTP client to perform configuration file backup and software upgrade.
Page 82: Network Diagram
Network Diagram Figure 4-3 Network diagram of the Switch serving as the FTP client Configuration # Access the global configuration view and use the following commands to perform the FTP connection. Input the correct username and password to log into the FTP server. Switch#config Switch(config)#ftp get 10.18.1.2 123 123 d:\upgrade.z Local path is "Ram:/flash/download".
Page 83: Tftp Configuration
4.3.2 TFTP Configuration The Trivial File Transfer Protocol (TFTP) was initially introduced for no-disk system booting (usually work station or X terminal). Compared with FTP, TFTP does not have complex interactive access interfaces or authority control and it is applicable in scenarios with no complex interaction between client and server. The TFTP protocol is usually implemented based on UDP.
Page 84: Downloading Files Via Tftp
4.3.2.2 Downloading Files via TFTP Caution It is recommended that you use this command under instruction of technical support personnel. Purpose To download files, the client sends a read request to the TFTP server, receives data from the server, and then sends a confirmation to the server. During switch running maintenance, you need to download the configuration file or operating system file from the host to the switch to configure or upgrade the operating system.
Page 85: Uploading Files Via Tftp
4.3.2.3 Uploading Files via TFTP Caution It is recommended that you use this command under instruction of technical support personnel. Purpose When the Switch needs to upload files to the TFTP server, the Switch serves as the client to send a write request to the TFTP server, sends data to the server, and then receives a confirmation from the server.
Page 86: Tftp Client Configuration Example
4.3.2.4 TFTP Client Configuration Example Caution It is recommended that you use this command under instruction of technical support personnel. Purpose This section provides a configuration example to describe how to use the Switch as the TFTP client to perform configuration file backup and software upgrade. Device Configuration Configuration Description...
Page 87 Configuration Enable the TFTP server function on the PC and configure the working directory of the TFTP server. Configure the switch. # Users log into the switch (via the Console port locally or via Telnet remotely) and access the global configuration view.
Page 88: Chapter 5 L2 Ethernet Configuration
Chapter 5 L2 Ethernet Configuration This chapter introduces the L2 Ethernet basic function configuration of the Switch. 5.1 Ethernet Interface Configuration This section describes Ethernet interface configurations. 5.1.1 Configuring Basic Attributes of the Ethernet Interface 5.1.1.1 Accessing the Ethernet Port View Background You need to access the Ethernet port configuration view first and then configure the Ethernet port.
Page 89: Enabling/Disabling An Ethernet Interface
5.1.1.2 Enabling/Disabling an Ethernet Interface Background After configuring the parameters and protocol of the interface, run the no shutdown command to enable the interface. You can also use the shutdown command to disable the interface so that it cannot forward data anymore.
Page 90: Configuring Broadcast/Multicast Message Suppression Function For The Ethernet Interface
5.1.1.4 Configuring Ethernet Interface Flow Control Background After the local and peer switches are enabled with flow control, the local switch sends a message to the peer switch to instruct it to stop sending messages if congestion occurs on the local switch. The peer switch stops sending messages to the local switch once it receives the message, and vice versa.
Page 91: Configuring Ethernet Interface Rate Suppression
Purpose Procedure unknown unicast  storm-control { broadcast | multicast | dlf } cir messages { gbps | kbps | mbps } value  storm-control { broadcast | multicast | dlf } percent value (support only the Ethernet interface configuration view) ...
Page 92: Configuring Maximum Transmission Unit (Mtu) Of The Ethernet Interface
5.1.1.7 Configuring the Interface Priority Background By configuring the priorities of different interfaces, you can ensure that important services are not delayed or discarded and guarantee the efficiency of network operation. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 93: Clearing The Statistics Of The Current Interface
5.1.1.9 Clearing the Statistics of the Current Interface Purpose This section describes how to clear large volumes of information in an interface configuration view. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Clear the statistics...
Page 94: Describing The Ethernet Interface
5.1.1.11 Describing the Ethernet Interface Purpose This section describes how to configure descriptive strings by using the following commands to distinguish interfaces. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure the...
Page 95: Configuring Advanced Attributes Of The Ethernet Interface
5.1.2 Configuring Advanced Attributes of the Ethernet Interface 5.1.2.1 Configuring Interface Loopback Detection Purpose This section describes how to enable interface loopback monitoring and configure the interval of periodic monitoring of external loopback. If one interface has loopback, the switch applies the configured measures to this interface.
Page 96: Configuring Crc Detection For An Interface
5.1.2.2 Configuring CRC Detection for an Interface Purpose The following configuration task can enable a port to enter error down state when the number of received CRC error packets exceeds the threshold, or disable a port from going down in this case. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 97: Displaying The Ethernet Interface Status
5.1.2.3 Displaying the Ethernet Interface Status Background Run the show command in the user view to display the operation condition of the configured Ethernet interface. You can verify the configuration by viewing the displayed information. In the Ethernet interface view, run the reset count command to clear the statistics of the Ethernet interface. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 98: Switching Between Different Ethernet Interface Configuration Views
5.1.2.4 Switching Between Different Ethernet Interface Configuration Views Purpose This section describes how to configure other interface attributes after you configure the current interface attribute. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Switch the current...
Page 99: Configuring Mac Address Tables
5.2 Configuring MAC Address Tables To quickly forward packets, the switch needs to maintain a MAC address table. The MAC address entries include the MAC address of the device connected to the switch and the interface number of the switch connected to the device.
Page 100: Configuring A Mac Address Entry
5.2.1 Configuring a MAC Address Entry Purpose The administrator can manually add, modify, or delete entries of the MAC address table according to the actual condition. Use static MAC addresses to bind user devices with interfaces. This can prevent unauthorized users with fake identity from obtaining data and improve device security.
Page 101: Configuring Dynamic Mac Address Aging Time
Purpose Procedure  no mac-address static mac-address  no mac-address static vlan-id mac-address  no mac-address static { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number  no mac-address static eth-trunk trunk-number 5.2.2 Configuring Dynamic MAC Address Aging Time Background An appropriate aging time can help implement the MAC address aging function effectively.
Page 102: Configuring Mac Address Flapping Detection
5.2.3 Configuring MAC Address Flapping Detection Purpose This function detects whether MAC address flapping occurs on all devices. Background MAC address flapping means that two or three ports in one VLAN learn a MAC address and the learned MAC address entries overwrite the original ones. Generally, the interface by which the MAC address is learned first is the correct outbound interface and is called the original port, and all other ports learning the MAC address later are the move ports.
Page 103 Procedure Purpose MAC address flapping detection is disabled Enable the function of and set 1. Access the global configuration view. the time for reconnecting an 2. Run the mac-address flapping quit-vlan recover- interface to a VLAN after the time { time | default } command. interface is disconnected from the VLAN due to MAC address flapping...
Page 104: Configuring The Mac Address Learning Or Aging Alarm Function
5.2.4 Configuring the MAC Address Learning or Aging Alarm Function Purpose This section describes how to configure the MAC address learning or aging alarm function. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Procedure Purpose Enable the MAC address...
Page 105: Displaying L2 Mac Address Entries
5.2.5 Displaying L2 MAC Address Entries Purpose This section describes how to quickly locate the specified MAC address entry for convenient query of specific information. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Procedure Purpose Display the L2 static...
Page 106 Procedure Purpose Display configured 1. Access the privileged user view, global configuration view, MAC address learning common user view, interface configuration view (Ethernet or Trunk), limit rules VLAN configuration view, or interface group configuration view. 2. Run the following commands: show mac-limit ...
Page 107: Arp Configuration
5.3 ARP Configuration The Address Resolution Protocol (ARP) mapping table can be maintained dynamically or manually. Static ARP is the mapping from manually configured IP address to MAC address. You can check, add, or delete entries of the ARP mapping table by using manual maintenance commands. 5.3.1 Adding or Deleting Static ARP Mapping Entries Manually Purpose This section describes how to add/delete static ARP mapping entries manually.
Page 108  ip arp ip-address mac-address { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number.subinterface vlan vlan-id vpn-instance name  ip arp ip-address mac-address { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number vlan vlan-id inner-vlan inner-vid ...
Page 109: Clearing Dynamic Arp Mapping Entries
5.3.2 Clearing Dynamic ARP Mapping Entries Purpose This section describes how to clear dynamic ARP mapping entries. You can manually delete all dynamic ARP mapping entries when necessary. This command cancels mappings between IP and MAC addresses, which may lead to temporary access failures to some nodes.
Page 110: Configuring Dynamic Arp Mapping Entry Aging Time
Configuration under  show ip arp { ethernet | xgigaethernet | multi-instance VPN is 10gigaethernet | 25gigaethernet | 40gigaethernet | also supported. 100gigaethernet } interface-number  show ip arp eth-trunk trunk-number  show ip arp vpn-instance name。 Display the 1. Access the common user view. maximum number of 2.
Page 111: Enabling The Arp Module To Forward Host Routes
5.3.5 Enabling the ARP Module to Forward Host Routes Purpose This section describes how to enable the ARP module to forward host routes or disable such forwarding. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Procedure Purpose...
Page 112: Link Aggregation Configuration
5.4 Link Aggregation Configuration 5.4.1 Overview of Port Aggregation Port aggregation is to aggregate multiple ports into one single aggregation group to implement traffic sharing among member ports and improve connection reliability. Link aggregation is divided into manual aggregation, dynamic LACP aggregation, and static LACP aggregation. Ports in the same aggregation group must have the same port type.
Page 113 Purpose Procedure 3. Run the mode { manual | lacp-static } command to configure a working mode for Eth-Trunk. Add member Method 1: interfaces to Eth-Trunk 1. Access the global configuration view. 2. Access the Eth-Trunk interface configuration view. 3. Run the command add { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number to add member interfaces.
Page 114: Configuring Enhanced Load Balancing
Purpose Procedure  remove { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number  remove { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number to { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number Configure the timeout...
Page 115 Purpose Procedure Create an 1. Access the global configuration view. 2. Run the schedule-profile { profile-name | default } command to enhanced load balancing template access the enhanced load balancing template view. and enter the template view Configure the load 1.
Page 116: Maintenance And Debugging
5.4.4 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the LACP function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View the LACP...
Page 117 Purpose Procedure Enable or disable 1. Access the privileged user view. debugging of a load 2. Run the following commands:  debug schedule-profile { config | event | all } balancing template no debug schedule-profile { config | event | all } ...
Page 118: Typical Link Aggregation Example
5.4.5 Typical Link Aggregation Example Network Requirements Configure a link aggregation group on two directly connected switches to improve the bandwidth and reliability between them. The requirements are as follows. The link between the two devices provides the redundancy backup function. If part of ...
Page 119 active 32768 0x19 0x19 0xa9d7f8 Partner's information: Port Flags SysPri PortPri AdminKey OperKey OperPort OperState DevID 32768 32768 0x19 0x9dfb6c 0x00046798185d gigaethernet-1/0/2 Port Status: Up and bind Flag: S – Device is sending Slow LACPDUs F – Device is sending fast LACPDUs Local information: Mode Flags...
Page 120: Vlan Configuration
5.5 VLAN Configuration 5.5.1 Overview of VLAN Meaning of VLAN A local area network (LAN) is logically divided into multiple subsets and each subset has its own broadcast domain called a virtual local area network (VLAN). Briefly, VLAN sets the devices in a LAN into different network segments logically but not physically to implement broadcast domain isolation in the LAN.
Page 121: Configuring An Interface-Based Vlan
Purpose Procedure 1. Access the global configuration view. Create a VLAN 2. Run the vlan vlan-id1 [ vlan-id2 ] command to create one or and access the VLAN view more VLANs and access the VLAN view. Delete one VLAN or 1.
Page 122: Configuring Other Parameters Of Vlan
Purpose Procedure Set the link type 1. Access the global configuration view. (also called interface 2. Access the interface group configuration view (Ethernet or Trunk). 3. Run the port link-type { access | trunk | hybrid | default } type) for an interface command to set the link type for an interface.
Page 123: Maintenance And Debugging
Purpose Procedure 3. Run the unknown-unicast { forward | drop } command to configure how a VLAN processes an unknown unicast packet before forwarding the packet. Configure how a 1. Access the global configuration view. VLAN processes an 2. Run the following commands to configure how a VLAN unknown unicast packet processes an unknown unicast packet before forwarding the packet: before forwarding the...
Page 124: Configuration Example
Purpose Procedure 2. Run the show interface vlan config command to view the VLAN interface configuration. View VLAN information 1. Access the privileged user view, global configuration view, common user view, interface configuration view (Ethernet or Trunk), VLANIF configuration view, VLAN configuration view, interface group configuration view, or batch interface configuration view.
Page 125 Figure 5-3 VLAN configuration topology Configuration 1. Configure Switch-1. Switch-1#configure %Enter configuration commands. End with Ctrl+Z or command "quit" & "end" # Create VLAN 100 and access its configuration view. Switch-1(config)#interface vlan 100 Switch-1(config-vlan-100)# # Describe VLAN 100 as Development100. Switch-1(config-vlan-100)#description Development100 # Add interfaces xgigaethernet1/0/1, xgigaethernet1/0/2, and xgigaethernet1/0/3 to VLAN 100, and configure VLAN 100 as the PVID of these interfaces.
Page 126 # Describe VLAN 200 as Market200. Switch-1(config-vlan-200)#description Market200 # Add interfaces gigaethernet1/0/4 and gigaethernet1/0/5 to VLAN 100, and configure VLAN 200 as the PVID of these interfaces. Switch-1(config-vlan-100)#quit Switch-1(config)# Switch-1(config)#interface 10gigaethernet 1/0/4 Switch-1(config-10ge1/0/4)#port hybrid vlan 200 untagged Switch-1(config-10ge1/0/4#port hybrid pvid 200 Switch-1(config-10ge1/0/4)#quit Switch-1(config)#interface 10gigaethernet 1/0/5 Switch-1(config-10ge1/0/5)#port hybrid vlan 200 tagged...
Page 127: Vlan Mapping Configuration
5.6 VLAN Mapping Configuration 5.6.1 Overview of VLAN Mapping VLAN mapping replaces the inner and outer VLAN tags in data frames to implement mapping between user VLAN and carrier VLAN. Based on VLAN tag replacement, the VLAN aggregation function enables transmission of user services according to the carrier's network planning.
Page 128 Purpose Procedure 3. Run the vlan-mapping enable command to enable VLAN mapping. 4. Run the following commands:  vlan-mapping vlan outside-vlan-id map-vlan outside-mapping-vlan-id  vlan-mapping vlan outside-vlan-id map-vlan outside-mapping-vlan-id remark- 8021p priority Configure the N:1 VLAN conversion 1. Run the configure command to access the entry (In N:1 mode, multiple user-side global configuration view.
Page 129 Purpose Procedure L2 VLAN tag (In N:1 mode, multiple 2. Run the interface { gigaethernet | VLAN tags are mapped to the port's xgigaethernet } interface-number command or outer VLAN tag to form a double-layer interface eth-trunk trunk-number command to tag, and the outer VLAN ID of the access the interface configuration view or interface packet is matched to add the outer...
Page 130 Purpose Procedure  vlan-mapping vlan outside-vlan-id inner-vlan inner-vlan-id1 to inner-vlan-id 2 map- vlan outside-mapping-vlan-id  vlan-mapping vlan outside-vlan-id inner-vlan inner-vlan-id1 to inner-vlan-id 2 map- vlan outside-mapping-vlan-id remark-8021p priority Map inner and outer VLAN IDs to the 1. Run the configure command to access the specified VLAN ID of the new single- global configuration view.
Page 131 Purpose Procedure  no vlan-mapping vlan outside-vlan-id to outside-mapping-vlan-id Configure the action of replacing the 1. Run the configure command to access the packet VLAN ID in the flow action global configuration view. 2. Run the interface { gigaethernet | xgigaethernet } interface-number command or interface eth-trunk trunk-number command to access the interface configuration view or interface...
Page 132: Maintenance And Debugging
5.6.3 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the VLAN mapping function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable VLAN 1.
Page 133: Qinq Configuration
5.7 QinQ Configuration 802.1Q-in-802.1Q (QinQ) indicates encapsulating the VLAN tag of a user private network into the public network VLAN tag so that the packets contain two layers of VLAN tags to be transmitted in the backbone network (public network) of the carrier. The packet in the public network is transmitted only according to the outer VLAN tag (public VLAN Tag), and the private VLAN tag of users is filtered.
Page 134: Configuring Flexible Qinq For A Single Vlan Or A Batch Of Vlans
5.7.2 Configuring Flexible QinQ for a Single VLAN or a Batch of VLANs Purpose This section describes how to configure flexible QinQ for a single VLAN or a batch of VLANs. When a packet in this VLAN needs to traverse the carrier's network, you can use this command to add a VLAN tag to the packet to form a dual-layer VLAN.
Page 135: Maintenance And Debugging
Delete the 1. Run the configure command to access the global configuration view. configured 2. Run the interface interface-type interface-number command to access flexible QinQ the interface configuration view (Ethernet or Trunk). 3. Run the following commands:  no vlan-stacking all ...
Page 136: Configuration Example
5.7.4 Configuration Example Network Diagram Figure 5-5 QinQ configuration topology Configuration Example of configuration: 1. Add Interface 1 and Interface 2 to VLAN 100 and VLAN 200 in tag mode. 2. Configure a QinQ entry on Interface 1. 3. Capture packets on the interfaces to view the VLAN translation results and determine whether the QinQ entry is effective.
Page 137: Configuring An Arp Proxy
5.8 Configuring an ARP Proxy 5.8.1 Introduction to ARP Proxy ARP proxy includes routed ARP proxy, intra-VLAN ARP proxy, inter-VLAN ARP proxy, and protocol- based ARP proxy. Routed ARP Proxy Routed ARP proxy enables communication among PCs or switches in the same network segment but on different physical networks.
Page 138: Configuring An Arp Proxy
Protocol-based ARP Proxy The ARP proxy module provides an array of protocol binding structures. The protocol needing proxy adds the IP and MAC addresses of the proxy to the array. When the ARP module receives an ARP request from the local machine, it calls the callback function registered by the ARP proxy to find the protocol binding array.
Page 139 Purpose Procedure configuration view, or remain in the current privileged user view, or access the VLANIF configuration view or sub-interface configuration view. 2. Run the show arp-proxy config command. Display the 1. Run the disable command to return to the common user view, run the interface configure command to access the global configuration view, run the information of the...
Page 140: Configuration Example
5.8.4 Configuration Example Network Requirements Configure a routed ARP proxy as shown in Figure 5-6. Connect 10GE 1/1 and 10GE 1/2 of Switch A to two hosts in the same network segment 172.16.0.0/16, respectively. No default gateway is configured for Host A and Host B. Enable routed ARP proxy for the switch so that hosts on different physical networks can communicate with each other.
Page 141 Switch(config-10ge1/0/1)#quit (2) Enable routed ARP proxy for VLAN 1 Switch(config)#interface vlan 1 Switch(config-vlan-1)#arp-proxy enable Switch(config-vlan-1)# quit (3) Create VLAN 2, configure its IP address, and add GE 1/0/2 to VLAN 2 Switch(config)#interface vlan 2 Switch(config-vlan-2)#ip address 172.16.2.1/24 Switch(config-vlan-2)#no shutdown Switch(config)#interface 10gigaethernet 1/0/2 Switch(config-10ge1/0/2)#join vlan 2 untagged Switch(config-10ge1/0/2)#pvid 2 Switch(config-10ge1/0/2)#no shutdown...
Page 142: Configuring Port Security
5.9 Configuring Port Security 5.9.1.1 Enabling or Disabling Port Security Purpose This section describes how to enable or disable port security. After the port security function is enabled on an interface, MAC addresses learned on this interface are saved as secure dynamic MAC addresses, which will not be aged out.
Page 143: Configuring The Maximum Number Of Secure Mac Addresses Learned By An Interface
5.9.1.3 Manually Adding a Secure MAC Address Purpose This section describes how to add or delete a secure MAC address manually. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Manually add a 1. Run the configure command to access the global configuration secure MAC address view.
Page 144: Configuring Protection Action For The Port Security Function
Purpose Procedure 1. Run the configure command to access the global configuration Configure the maximum number of view. 2. Run the interface interface-type interface-number command to secure MAC addresses learned by an interface access the configuration view of an interface or interface group configuration view.
Page 145: Configuring Port Isolation
5.10 Configuring Port Isolation 5.10.1 Port Isolation Overview To enable L2 isolation among packets, users can add different ports to different VLANs but this may waste the limited VLAN resources. The port isolation function can isolate ports in the same VLAN. Users only need to add ports to an isolation group to isolate L2 data among ports in the isolation group.
Page 146 Purpose Procedure  join port-isolate group group-id  join port-isolate group group-list Delete an interface 1. Access the global configuration view. from an isolation 2. Access the interface configuration view or interface group group configuration view. 3. Run the following commands: ...
Page 147: Maintaining Port Isolation
5.10.3 Maintaining Port Isolation Purpose This section describes how to check or locate the fault when the port isolation function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View information...
Page 148: Configuring An Mlag Group And System Parameters
5.11 Configuring MLAG 5.11.1 Introduction to MLAG In a data center scenario, to provide redundancy, each set-top switch is connected to two aggregated switches. To avoid looping, half of the uplinks are blocked by spanning tree, thus reducing the available bandwidth between the aggregation layer and the rack by 50%. There is bandwidth waste in data center networks.
Page 149: Configuring Mlag View Parameters
Purpose Procedure Configure an LACP 1. Access the global configuration view. 2. Run the lacp mlag system-id mac-address command. MLAG system ID Configure LACP 1. Access the global configuration view. 2. Run the lacp mlag priority { priority-value | default } command. MLAG system priority Configure a 1.
Page 150 Purpose Procedure Configure an Eth- 1. Access the global configuration view. 2. Run the mlag-group mlag-group command to access the MLAG Trunk interface as a peer-link interface configuration view. 3. Run the peerlink interface eth-trunk trunk-number command. Cancel the 1. Access the global configuration view. 2.
Page 151 Purpose Procedure  source-address ipv6-address vpn-instance name  source-address ipv6-address vpn-instance name peer-address peer-ipv6-address  no source-address Configure a 1. Access the global configuration view. sending interval timer 2. Run the mlag-group mlag-group command to access the MLAG of Hello packets configuration view.
Page 152: Maintenance And Debugging
5.11.4 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the MLAG function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable MLAG 1. Remain in the current privileged user view. debugging 2.
Page 153: Configuration Example
5.11.5 Configuration Example 5.11.5.1 Typical L2 MLAG Case Network Requirements SW1 and SW2 are downlink switches, and the master and slave switches are members of the MLAG domain and run MLAG. The numbers at both ends of the link represent port numbers. The peer addresses of the master and slave switches are 192.168.1.1 and 192.168.1.2, respectively.
Page 154 2. Configure the switch Master Switch(config)#interface eth-trunk 1 Switch(config-eth-trunk1)#mode lacp-static Switch(config-eth-trunk1)#add 10gigaethernet 1/0/1 Switch(config-eth-trunk1)#exit Switch(config)#interface eth-trunk 2 Switch(config-eth-trunk2)#mode lacp-static Switch(config-eth-trunk2)#add 10gigaethernet 1/0/2 Switch(config-eth-trunk2)#exit Switch(config)#interface eth-trunk 3 Switch(config-eth-trunk3)#mode lacp-static Switch(config-eth-trunk3)#add 10gigaethernet 1/0/3 Switch(config-eth-trunk3)#exit Switch(config)#mlag-group 1 Switch(config-mlag-1)#priority 100 Switch(config-mlag-1)#peerlink interface eth-trunk 3 Switch(config-mlag-1)#mlag 1 interface eth-trunk 1 Switch(config-mlag-1)#mlag 2 interface eth-trunk 2 Switch(config-mlag-1)#source-address 192.168.1.1 peer-address 192.168.1.2...
Page 155: Typical L3 Mlag Case
Switch(config-mlag-1)#peerlink interface eth-trunk 3 Switch(config-mlag-1)#mlag 1 interface eth-trunk 1 Switch(config-mlag-1)#mlag 2 interface eth-trunk 2 Switch(config-mlag-1)#source-address 192.168.1.2 peer-address 192.168.1.1 Switch(config-mlag-1)#dad enhance enable Switch(config-mlag-1)#up-delay 240 auto-recovery interval 60 Switch(config)#lacp mlag system-id 00:00:00:01:02:03 (configure the MAC address of the master switch on the slave switch) 5.11.5.2 Typical L3 MLAG Case Network Requirements SW1 and SW2 are downlink switches, and the master and slave switches are members of the MLAG...
Page 156 1. Configure SW1 and SW2 Switch(config)#interface eth-trunk 1 Switch(config-eth-trunk1)#mode lacp-static Switch(config-eth-trunk1)#add 10gigaethernet 1/0/1 Switch(config-eth-trunk1)#add 10gigaethernet 1/0/2 2. Configure the switch Master Switch(config)#vlan 10,20 Switch(config)#interface vlan 10 Switch(config-vlanif-10)#ip address 100.0.0.1 Switch(config-vlanif-10)#exit Switch(config)#interface vlan 20 Switch(config-vlanif-10)#ip address 100.0.1.1 Switch(config-vlanif-10)#exit Switch(config)#interface eth-trunk 1 Switch(config-eth-trunk1)#mode lacp-static Switch(config-eth-trunk1)#add 10gigaethernet 1/0/1 Switch(config-eth-trunk1)#port link-type access...
Page 157 Switch(config-mlag-1)#up-delay 240 auto-recovery interval 60 3. Configure the switch Slave Switch(config)#vlan 10,20 Switch(config)#interface vlan 10 Switch(config-vlanif-10)#ip address 100.0.0.1 Switch(config-vlanif-10)#exit Switch(config)#interface vlan 20 Switch(config-vlanif-10)#ip address 100.0.1.1 Switch(config-vlanif-10)#exit Switch(config)#interface eth-trunk 1 Switch(config-eth-trunk1)#mode lacp-static Switch(config-eth-trunk1)#add 10gigaethernet 1/0/1 Switch(config-eth-trunk1)#port link-type access Switch(config-eth-trunk1)#port default vlan 10 Switch(config-eth-trunk1)#exit Switch(config)#interface eth-trunk 2 Switch(config-eth-trunk2)#mode lacp-static...
Page 158: Chapter 6 Ip Service Configuration
Chapter 6 IP Service Configuration This chapter describes IP services of the Switch. 6.1 Configuring IPv4 6.1.1 Configuring In-band, Out-of-band, and Loopback IP Addresses Purpose This section describes how to configure in-band, out-of-band, and loopback IP addresses. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 159: Configuration Commands Of Interface Ip Address
6.1.2 Configuration Commands of Interface IP Address Purpose This section describes configuration commands of interface IP address. The operation sets the IP address and the mask address of the interface on the device to implement interconnection in the network. To enable an interface to connect to multiple subnets, you can configure multiple IP addresses for the interface, where one IP address functions as a primary IP address and other IP addresses function as secondary IP addresses.
Page 160 Purpose Procedure  ip prefix-list listname { deny | permit } ipv4- address/mask-length greater-equal prefix-length less-equal prefix length  ip prefix-list listname index index-number { deny | permit } ipv4-address/mask-length  ip prefix-list listname index index-number { deny | permit } ipv4-address/mask-length { greater-equal | less-equal } prefix-length ...
Page 161: Configuring The Tcp Connection Count
6.1.3 Configuring the TCP Connection Count Purpose This section describes how to configure an IP address for a VLANIF interface. The operation limits the maximum number of TCP connections. For example, when a Telnet service is enabled on the switch, you can set the maximum number of connections. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 162: Viewing The Tcp/Udp Connection Status
6.1.5 Viewing the TCP/UDP Connection Status Purpose This section describes how to view the current TCP/UDP connection status entry. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure View the current 1. Access the common user view, global configuration view, or TCP/UDP connection privileged user view.
Page 163: Viewing System Ip Interface Information
6.1.7 Viewing System IP Interface Information Purpose This section describes how to view the system IP interface information. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View the IPv4 1.
Page 164 Figure 6-1 IPv4 address configuration topology Configuration Configure an IP address for VLAN10 of Switch Switch#configure Switch(config)#interface vlan 10 Switch(config-vlan-10)#ip address 10.18.11.1/24 Switch(config-vlan-10)#ip address 10.18.12.1/24 sub Switch(config-vlan-10)#quit Switch(config)# Switch(config)#interface 10gigaethernet 1/0/1 Switch(config-10ge1/0/1)#port hybrid vlan 10 untagged Switch(config-10ge1/0/1)#port hybrid pvid 10 Switch(config-10ge1/0/1)#quit...
Page 165: Configuring Ipv6
6.2 Configuring IPv6 6.2.1 Configuring Basic IPv6 Functions 6.2.1.1 Configuring IPv6 Addresses Purpose This section describes how to configure the IPv6 unicast address, anycast address, multicast address, and link local address on an interface manually. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Set the IPv6 address...
Page 166: Configuring A Static Ipv6 Routing Entry
Purpose Procedure Enable IPv6 neighbors 1. Access the VLANIF configuration view or BD interface to forward host routes or configuration view. 2. Run the ipv6 nd direct-route { enable | disable } command. disable such forwarding Configure an IPv6 1. Access the VLANIF configuration view or BD interface slave address specific for configuration view.
Page 167: Configuring The Ipv6 Unicast Routing Forwarding Function
6.2.1.3 Configuring the IPv6 Unicast Routing Forwarding Function Purpose This section describes how to enable or disable the IPv6 unicast routing forwarding function. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable the IPv6 1.
Page 168: Configuring Other Functions Of Ipv6
6.2.2 Configuring Other Functions of IPv6 6.2.2.1 Checking IPv6 Network Connectivity and Host Reachability Purpose This section describes how to check whether the IPv6 network connection is faulty or how to monitor the network line quality. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Check IPv6...
Page 169 Purpose Procedure  ping6 ipv6-address { -n | -l | -w } value -s ipv6-source- address -t  ping6 ipv6-address { -n | -l | -w } value -t  ping6 ipv6-address { -n | -l | -w } value vpn-instance name ...
Page 170: Configuring The Ipv6 Neighbor Discovery Function
Purpose Procedure Configure a local 1. Access the VLANIF configuration view. 2. Run the ipv6 address auto link-local command. address of an automatically generated link Delete the local 1. Access the VLANIF configuration view. 2. Run the no ipv6 address auto link-local command. address of the automatically generated link...
Page 171: Configuring An Ipv6 Static Neighbor Entry
Purpose Procedure the IPv6 neighbor 2. Run the flush ipv6 neighbor dynamic command in the global table configuration view. Flush all static 1. Run the configure command in the privileged user view to access the entries in the IPv6 global configuration view. neighbor table 2.
Page 172: Configuring The Ipv6 Debugging Function
6.2.4 Configuring the IPv6 Debugging Function Purpose This section describes debugging for received and sent IPv6 packets, neighbor discovery, and routing. This operation is used for maintaining and debugging the device IPv6 protocol stack. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable debugging for...
Page 173: Viewing The Ipv6 Configuration
6.2.5 Viewing the IPv6 Configuration Purpose This section describes how to view the IPv6 configuration. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure View the interface 1. Access the common user view, privileged user view, global IPv6 basic configuration view, or VLANIF configuration view.
Page 174: Configuration Example
Purpose Procedure Display the IPv6 1. Access the common user view, privileged user view, global VLAN interface configuration view, or VLANIF configuration view. 2. Run the show ipv6 interface vlan vlan-id command. information Display the entry 1. Access the common user view, privileged user view, or global information of an IPv6 configuration view.
Page 175 Configuration 1. Configure an IP address for VLAN10 of Switch-1. Switch-1#configure Switch-1(config)#interface vlan 10 # Enable the IPv6 function for the interface. Switch-1(config-vlan-10)#ipv6 enable Switch-1(config-vlan-10)#ipv6 address 2001::1/64 Switch-1(config-vlan-10)#quit Switch-1(config)# Switch-1(config)#interface 10gigaethernet 1/0/1 Switch-1(config-10ge1/0/1)#port hybrid vlan 10 untagged Switch-1(config-10ge1/0/1)#port hybrid pvid 10 Switch-1(config-10ge1/0/1)#quit 2.
Page 176: Configuring Dhcp
6.3 Configuring DHCP 6.3.1 Introduction to DHCP Background A PC connected to the Internet needs to know its IP address and other information before sending or receiving data, such as gateway address, subnet mask, and DNS server IP address. The PC can obtain the information via the Bootstrap Protocol (BOOTP), which is a remote boot protocol appearing earlier.
Page 177 DHCP relay  The DHCP relay is the relay transponder of DHCP packets. It is located between the DHCP client and the DHCP server that are in different network segments to provide the relay service. It removes the constraint that the DHCP client and DHCP server must be located in the same network segment.
Page 178 Option 121: The classless routing option, which includes a group of classless static  routes (that is, the mask of the destination address can be any value and can be used to divide the subnet). When the client receives this option, it adds these static routes to the routing table.
Page 179: Introduction To Dhcp Server
Compared with BOOTP, DHCP provides more abundant network configuration for the  client. DHCP has the following disadvantages:  When there are multiple DHCP servers in the network, one DHCP server cannot identify the IP addresses that have been leased by other servers. ...
Page 180 DHCP Server Address Management The DHCP server selects the IP address and other related parameters from the address pool and allocates them to the client. After the device serving as the DHCP server receives the DHCP request from the client, it selects an idle IP address from an appropriate address pool according to the configuration and sends the address together with other related parameters (such as the DNS server address and address lease period) to the client.
Page 181: Introduction To Dhcp Relay
Address matching detection (anti-static IP user)  When the DHCP server allocates the IP address to a user, it records the binding relationship between the IP address and MAC address. You can also configure the user address entry manually (that is, the static binding between the IP address and MAC address).
Page 182 Option 82 Supported by DHCP Relay In case the DHCP server and the DHCP client are not in the same subnet, the DHCP relay agent is required to forward DHCP request packets if the client wants to be allocated with the IP address from the DHCP server.
Page 183 Figure 6-4 DHCP security network diagram  Scheduled update of user table entries When the DHCP client obtains the IP address from the DHCP server via the DHCP relay, the DHCP relay records the binding relationship between the IP address and MAC address.
Page 184: Configuring The Dhcp Server
6.3.4 Configuring the DHCP Server Prerequisite Make sure the DHCP client and Switch can communicate with each other properly. Purpose This section describes how to configure the DHCP server to allocate IP addresses. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable DHCP...
Page 185 Purpose Procedure 1. Run the configure command to access the global configuration Enable DHCP globally on the device view. 2. Run the dhcp start command. 1. Run the configure command to access the global configuration Set the working mode of DHCP interface to view.
Page 186: Maintenance And Debugging
6.3.7 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the DHCP function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable DHCP relay 1.
Page 187: Configuration Example
Purpose Procedure server information in run the interface vlan vlan-id command to access the VLANIF the network configuration view, or remain in the current privileged user view. 2. Run the show dhcp fake-server command. 6.3.8 Configuration Example Network Requirements The DHCP server assigns IP addresses dynamically to clients located in different network segments 10.1.1.0/24 and 10.1.2.1/24.
Page 188 Configuration 1. Configure the DHCP server. // Configure the IP address of Vlan-interface100 of the DHCP server. Switch#configure Switch(config)#dhcp start Switch(config)#interface vlan 100 Switch(config-vlan-100)#ip address 192.168.1.100/24 2. Configure the DHCP relay. // Configure the IP address of Vlan-interface10 of the DHCP relay and set its working mode to Relay. Switch#configure Switch(config)#dhcp start Switch(config)#interface vlan 10...
Page 189: Configuring Dhcp Client
6.4 Configuring DHCP Client 6.4.1 DHCP Client Overview Working Principle of DHCP Client DHCP adopts the client/server communication mode. The client submits a configuration application to the server and the server returns the configuration information to implement dynamic configuration, such as the IP address.
Page 190: Configuring Basic Functions Of Dhcp Client
2. If no response is received from the DHCP server when the tenancy period reaches 87.5% (T2) of its validity period, the DHCP client broadcasts a packet to the DHCP Server to request a lease renewal. If the DHCP Client receives an ACK packet, the lease renewal is successful.
Page 191: Configuring Option Information In Auto-Config Mode And Customization Mode
6.4.3 Configuring Option Information in Auto-config Mode and Customization Mode Prerequisite The DHCP server has been configured in the network. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure the 1. Run the configure command to access the global configuration view. auto-config mode 2.
Page 192: Maintenance And Debugging
Purpose Procedure option and the  dhcp client auth-message option authmessage-value sub-options sub-option sub-authmessage-value Configure the 1. Run the configure command to access the global configuration view. image-file option 2. Run the following commands: and the sub-  dhcp client image-file option imagefile-value options ...
Page 193: Configuration Example
Purpose Procedure View 1. Access the common user view. information about 2. Run the following commands:  show dhcpv6 interface a DHCPv6 show dhcpv6 interface { ethernet | xgigaethernet | interface  10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number.subinterface View 1.
Page 194 1. Configure a VLAN for an interface on the DHCP client switch. Switch#configure Switch(config)#vlan 2 Switch(vlan-2)#quit Switch(config)#interface xge1/0/2 Switch(config-10ge1/0/2)#no shutdown Switch(config-10ge1/0/2)#port hybrid vlan 2 untagged Switch(config-10ge1/0/2)#port hybrid pvid 2 Switch(config-10ge1/0/2)#quit 2. Enable automatic dynamic IP address obtaining for the DHCP client. Switch(config)#interface vlan 2 Switch(config-vlan-2)#ip address dhcp enable 3.
Page 195 5. Verify the configuration result of tenancy update, updated from 23:59:50 to 23:59:56. Switch(config)#show dhcp client DHCP client information: Interface:vlan-2 Current state…..: Bound Allocated IP……: 10.18.11.2 Subnet Mask…..:255.255.255.0 Server IP……….:10.18.11.1 Allocated lease..:86400 seconds Lease T1 time…:43200 seconds Lease T2 time…:75600 seconds Lease Obtained.:2100/06/28 Mon 5:24:55 AM Lease timeout…:2100/06/29 Tue 5:24:55 AM Transaction ID….:0x7f43...
Page 196: Chapter 7 Configuring L3 Ip
Chapter 7 Configuring L3 IP This chapter describes the basic content, configuration procedure, and configuration examples of the routing function of the Switch. 7.1 Configuring Basic IP Routing Functions 7.1.1 Configuring ECMP Purpose This section describes how to configure ECMP. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 197: Configuring Static Routes
7.2 Configuring Static Routes 7.2.1 Configuring Static IPv4 Routes Purpose This section describes how to add or delete a static IPv4 route. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Add a static IPv4...
Page 198: Maintenance And Debugging
7.2.2 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the static route configuration function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View one or...
Page 199: Configuring Ospf
7.3 Configuring OSPF 7.3.1 OSPF Overview 7.3.1.1 Background Information Open Shortest Path First (OSPF) is developed by the OSPF working group of Internet Engineering Task Force. It is designed for TCP/IP networks and supports CIDR and the function of marking external routing information.
Page 200: Protocol Features
7.3.1.2 Protocol Features  Wide application range: OSPF supports networks of various scales with up to hundreds of routers.  Fast convergence: OSPF sends an update packet once the network topology changes so that other nodes in the AS can synchronize the change quickly. ...
Page 201 Based on the directed graph, each OSPF router uses the SPF algorithm to calculate a tree of the shortest path taking itself as the root. The tree shows the routing of each node in the AS. Router ID To run the OSPF protocol, a router must have a router ID. Router ID is an integer of 32 bits without symbols, which is the unique identifier of the router in the AS.
Page 202: Neighbor And Adjacency
LSA Types The description of routing information in OSPF is encapsulated in LSA and then transmitted. Common LSA types are as follows. Router LSA (type 1): Generated by each router. It describes the router link status and overhead, and is transmitted within the attributed area. Network LSA (type 2): Generated by the designated router (DR).
Page 203 7.3.1.4 OSPF Area and Route Aggregation Area Setting As the network scale is expanding, the quantity of routers that run OSPF is increasing. The network and routers change as follows: Network change The probability of topology change increases and the network becomes unstable, leading to the transmission of a large number of OSPF protocol packets in the network and reduction of network bandwidth utilization.
Page 204 by network topology change. Router Types As shown in Figure 7-2, OSPF routers can be classified into the following four types according to their locations in the AS: Internal router All interfaces of an internal router belong to one OSPF area. An ABR can belong to more than two areas, one of which must be the backbone area.
Page 205 Backbone Area After areas are set for OSPF, not all areas are equal. One area is different, which is called the backbone area. Its area ID is 0. The backbone area is responsible for routing between areas. The routing information between non- backbone areas must be transmitted via the backbone area.
Page 206 Precautions about stub area configuration: The backbone area cannot be configured as a stub area. To configure an area as a stub area, all routers in the area must be configured to belong to the stub area. No ASBR can exist in the stub area. That is, routes outside the AS cannot be transmitted within the local area.
Page 207: Route Aggregation
Figure 7-3 NSSA Route Aggregation Route aggregation is a process where ABR aggregates routes with the same prefix into one route to be distributed to other areas. After an AS is divided into different areas, route aggregation can be performed between areas to reduce routing information and the routing table size and thereby speed up router calculation.
Page 208: Ospf Network
Type 1 external route is the received IGP route (for example, a static route or RIP route). Because this type of route is highly trusted, the calculated external route overhead is consistent with the route overhead inside the AS, and is comparable to the OSPF route overhead. That is, the overhead of type 1 external route equals the overhead from the local router to corresponding ASBR plus the overhead from ASBR to the destination address of the route.
Page 209: Dr/Bdr Election
DR and BDR In a broadcast network and NBMA network, any two routers transmit information to each other. If n routers exist in the network, nx(n–1)/2 adjacency relationships must be established. Therefore, the routing change of any router leads to several times of transmission, which wastes bandwidth resources. To solve this problem, OSPF defines designated router (DR), backup designated router (BDR), and the router other than DR and BDR (called DR Other).
Page 210: Ospf Packet Format
Features of DR/BDR election DR can be elected only if the interface type is broadcast or NBMA. Interfaces of P2P or P2MP type need no DR election. DR is a concept in a network segment for the router interface. A router may be DR on one interface and may be BDR or DR Other on other interfaces.
Page 211: Hello Packet
Authentication: The value depends on the authentication type. If the authentication type is 0, this field is not defined; if the authentication type is 1, this field indicates the password; if the authentication type is 2, this field contains the information of the key ID, MD5 authentication data length, and SN. The MD5 authentication data is appended to the OSPF packet but not included in the Authentication field.
Page 212 DD Packet When two routers synchronize the database, the DD packet is used to describe their own LSDBs, including the header of each LSA in the LSDB (the header of LSA can identify an LSA uniquely). The LSA header occupies only a small data volume in the entire LSA, which reduces the protocol packet traffic between routers.
Page 213 LSR Packet After two routers exchange the DD packet, they know which LSAs of the peer router do not exist in the local LSDB. In this case, the LSR packet is sent to request the required LSA from the peer. The request includes the abstract of the required LSA.
Page 214: Lsack Packet
LSAck Packet The LSAck packet is used to confirm the received LSU packet, including the header of LSA (one LSAck packet can confirm multiple LSAs). The LSU packet format is shown in the figure below. LSA Header Format All LSAs share the same header. The format is shown in the figure below. The meanings of the main fields are as follows.
Page 215: Router Lsa
Router LSA The format of router LSA is shown in the figure below. The meanings of the main fields are as follows. Link State ID: ID of the router that generates the LSA first. V (Virtual Link): If the router that generates the LSA is the end of the virtual connection, set this field to E (External): If the router that generates the LSA is an ASBR, set this field to 1.
Page 216: Network Lsa
Network LSA Network LSA is sent by the DR in the broadcast network or NBMA network. LSA records the IDs of all routers in the network, as shown in the following figure. The meanings of the main fields are as follows. Link State ID: Interface address of the DR router.
Page 217: As-External Lsa
AS-External LSA Generated by ASBR, AS-External LSA describes the information of the route destined outside the AS, as shown in the figure below. The meanings of the main fields are as follows. Link State ID: Destination address outside of the AS to be advertised. Network Mask: Mask of the destination address to be advertised.
Page 218: Configuring Ospf
7.3.2 Configuring OSPF 7.3.2.1 Configuring Global OSPF 7.3.2.1.1 Enabling an OSPF Process Purpose This section describes how to enable and disable an OSPF process. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Enable the default OSPF...
Page 219: Resetting An Ospf Process
7.3.2.1.3 Resetting an OSPF Process Purpose This section describes how to reset an OSPF process. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Reset an OSPF 1.
Page 220: Configuring An Ospf Node
7.3.2.2 Configuring an OSPF Node 7.3.2.2.1 Configuring a Router-id or Router ID Purpose This section describes how to configure a Router-id or router ID. Background By default, no Router-id or router ID is configured for the system, and the switch selects an interface IP address as its router ID.
Page 221: Configuring A Stub Area
7.3.2.2.3 Configuring a Stub Area Purpose This section describes how to configure a stub area. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure a common 1.
Page 222: Configuring An Nssa
7.3.2.2.4 Configuring an NSSA Purpose This section describes how to configure an NSSA. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure an NSSA 1. Access the global configuration view. 2.
Page 223: Configuring Area Aggregation
7.3.2.2.5 Configuring Area Aggregation Purpose This section describes how to configure area aggregation. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure area 1. Access the global configuration view. aggregation 2.
Page 224: Enabling The Frr Function
7.3.2.2.7 Enabling the FRR Function Purpose This section describes how to enable fast route redistribution (FRR). Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Enable FRR 1.
Page 225: Enabling The Opaque Function
Purpose Procedure Implement GR 1. Access the global configuration view. 2. Access the OSPFv2 configuration view. 3. Run the graceful-restart begin command. 7.3.2.2.9 Enabling the Opaque Function Purpose This section describes how to enable the opaque function. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 226: Configuring Ospf Ttl
7.3.2.2.11 Configuring OSPF TTL Purpose This section describes how to configure OSPF TTL. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Set a valid 1. Access the global configuration view. TTL value of 2.
Page 227 Purpose Procedure  no redistribute { rip | ospf | isis } process-id dst-address dst-mask Configure a 1. Access the global configuration view. routing policy of 2. Access the OSPFv2 configuration view. redistribution 3. Run the redistribute { static | connect | rip | bgp | isis | ospf } route- policy policy-name command.
Page 228: Enabling The Trap Report Function Of Ospf
Purpose Procedure Set to 1. Access the global configuration view. redistribute 2. Access the OSPFv2 configuration view. routes 3. Run the redistribute { rip | isis | ospf } process-id command. Cancel route 1. Access the global configuration view. redistribution 2.
Page 229: Configuring A Reference Bandwidth Of Ospf Overhead
7.3.2.2.14 Configuring a Reference Bandwidth of OSPF Overhead Purpose This section describes how to configure a reference bandwidth of OSPF overhead. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure a...
Page 230: Configuring An Ospf Interface
Purpose Procedure Configure default 1. Access the global configuration view. route advertisement 2. Access the OSPFv2 configuration view. 3. Run the default-route-advertise always command. Cancel default 1. Access the global configuration view. route advertisement 2. Access the OSPFv2 configuration view. 3.
Page 231 Purpose Procedure time of an OSPF 2. Access the VLANIF configuration view or loopback interface interface configuration view. 3. Run the following commands:  ip ospf dead-interval interval  ip ospf dead-interval default Configure the 1. Access the global configuration view. retransmission 2.
Page 232: Configuring Bfd
Purpose Procedure address as the configuration view, BD interface configuration view, Ethernet routing interface source IPv4 configuration view, or GRP routing interface configuration view. address 2. Run the no ip ospf source sub-address command. 7.3.2.3.2 Configuring BFD Purpose This section describes how to configure BFD. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 233: Configuring A Passive Interface
Purpose Procedure 3. Run the ip ospf mtu-ignore { enable | disable } command. 7.3.2.3.4 Configuring a Passive Interface Purpose This section describes how to configure a passive interface. Background A passive interface refers to an OSPF interface that does not send or receive protocol messages and does not establish any neighbor relation.
Page 234: Viewing Ospf Configuration
7.3.2.4 Viewing OSPF Configuration Purpose This section describes how to view the OSPF configuration. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Display the 1. Access the common user view, privileged user view, global configuration brief OSPF view, OSPFv2 route configuration view, VLANIF configuration view, or information...
Page 235 Purpose Procedure Display the 1. Access the common user view, privileged user view, global configuration OSPF area view, OSPFv2 route configuration view, VLANIF configuration view, or information loopback interface configuration view. 2. Run the following commands:  show ip ospf area show ip ospf area (A.B.C.D) ...
Page 236 Purpose Procedure  show ip ospf database expire { include | exclude | begin } substring string  show ip ospf database expire count  show ip ospf database expire process process  show ip ospf database expire process process { include | exclude | begin } substring string ...
Page 237: Ospf Configuration Example
7.3.3 OSPF Configuration Example 7.3.3.1 Example of Configuring Basic OSPF Functions Network Requirements As shown in Figure 7-4, all devices run OSPF and the AS is divided into 3 areas. Switch_1 and Switch_2 are ABRs for transmitting routes among areas. After configuration, each router can learn the routes destined for all network segments in the AS.
Page 238: Configuration Verification
Switch_2(config-ospf-1)#network 1.1.1.0 255.255.255.0 area 0 Switch_2(config-ospf-1)#network 4.1.1.0 255.255.255.0 area 2 Switch_2(config)# Switch_3: Switch_3(config)#router ospf Switch_3(config-ospf-1)#router-id 3.1.1.3 Switch_3(config-ospf-1)#network 3.1.1.0 255.255.255.0 area 1 Switch_3(config)# Switch_4: Switch_4(config)#router ospf Switch_4(config-ospf-1)#router-id 4.1.1.4 Switch_4(config-ospf-1)#network 4.1.1.0 255.255.255.0 area 2 Switch_4(config)# Configuration Verification Run the show ip ospf neighbor command to view the following OSPF information: OSPF Process 1 IpAddress NeighborID...
Page 239: Configuring An Ospf Stub Area
LinkId ADV Router Seq# CheckSum 3.1.1.3 3.1.1.3 0x80000001 0x5fde SummaryNetwork LSA (area 1) LinkId ADV Router Seq# CheckSum 1.1.1.0 1.1.1.1 0x80000001 0x15dc 4.1.1.0 1.1.1.1 0x80000002 0xd7b1 Run the show ip ospf route command to check the following OSPF information: OSPF Instance 1 Dest Mask Nexthop...
Page 240 Configuration The basic configuration and topology are the same as those described in 7.3.3.1 Example of Configuring Basic OSPF Functions. Configure Area 1 as a stub area. Switch_1: Switch_1(config)#router ospf Switch_1(config-ospf-1)#area 1 stub Switch_1(config)# Switch_3: Switch_3(config)#router ospf Switch_3(config-ospf-1)# area 1 stub Switch_3(config)# Introduce a type 5 LSA with the address 100.1.1.1 to Switch_4 Configuration Verification...
Page 241: Configuring Ospf Nssa
7.3.3.3 Configuring OSPF NSSA Network Requirements As shown in Figure 7-6, all devices run OSPF. The AS is divided into 3 areas. Switch_1 and Switch_2 are ABRs that transmit the routes between areas. After configuration, each device can learn the routes destined for all network segments in the AS. Network Diagram Figure 7-6OSPF NSSA network diagram Configuration...
Page 242 The database of NSSA has a default LSA of the NSSA type, which is absent from the databases of normal areas. Switch_3(config-ospf-1)#show ip ospf database Database of OSPF Process 1 Router LSA (area 1) LinkId ADV Router Seq# CheckSum 1.1.1.1 1.1.1.1 0x80000002 0x9934...
Page 243 3.1.1.0 255.255.255.0 3.1.1.3 Network INTRA 4.1.1.0 255.255.255.0 3.1.1.1 Network INTER View the following on Switch_4 Database: Switch_4# ASExternal LSA LinkId ADV Router Seq# CheckSum 100.1.1.0 1.1.1.1 0x80000001 0x4701 Route: Switch_4# show ip ospf route OSPF Instance 0 Dest Mask Nexthop Type PathType Areaid...
Page 244: Configuring Redistribution
7.3.3.4 Configuring Redistribution Network Requirements As shown in Figure 7-7, two routers run OSPF and are located in Area 0. Assume that Switch_1 needs to import external routes to OSPF. The following requirements are posed on external route import: 1. Receive all direct routes and adopt the default configuration. 2.
Page 245: Configuring Aggregation
Configure redistribution. Switch_2(config-ospf-1)#redistribute connected Switch_2(config-ospf-1)#redistribute static metric 2000 type 2 Switch_2(config-ospf-1)#redistribute static 10.1.1.0 255.255.255.0 metric 100 type 2 Switch_2(config-ospf-1)#redistribute static Switch_2(config-ospf-1)#redistribute rip 20.1.1.0 255.255.255.0 not-advertise Switch_2(config-ospf-1)#redistribute rip Configuration Verification After configuration is complete, check the database of A to determine whether the imported external LSA meets requirements.
Page 246 Figure 7-8 OSPF aggregation network diagram Configuration For basic OSPF configuration, see 7.3.3.1 Example of Configuring Basic OSPF Functions. Switch_1: Switch_1(config-ospf-1)#area 1 range 10.1.0.0 255.255.0.0 advertise Switch_1(config-ospf-1)#area 1 range 20.1.0.0 255.255.0.0 no-advertise Switch_1(config-ospf-1)#area 2 nssa # Configure all routers of Area 2 in such way. Switch_2: Switch_2(config-ospf-1)#area 3 stub Switch_2(config-ospf-1)#area 3 stub no-summary...
Page 247: Configuring An Authentication Mode
7.3.3.6 Configuring an Authentication Mode Network Requirements The configuration requirements are shown in Figure 7-9: 1. Implement simple password authentication between Switch_1 and Switch_2, and set the password to test. 2. Establish a virtual link between Switch_1 and Switch_4, implement MD5 authentication between the two routers, and set the password to aaa and ID to 100.
Page 248: Configuring Bfd
Switch_2: Switch_2(config)#interface vlan 1 Switch_2(config-vlan-1)#ip ospf authentication simple-password test Switch_2(config-vlan-1)#exit Switch_2(config)#interface vlan 2 Switch_2(config-vlan-1)#ip ospf authentication md5 110 ccc Switch_2(config-vlan-1)#exit Switch_3: Switch_3(config-vlan-1)#router ospf Switch_3(config-ospf-1)#area 0 authentication md5 110 ccc Switch_4: Switch_4(config)#router ospf Switch_4(config-ospf-1)#area 1 virtual-link 1.1.1.1 authentication md5 aaa 100 Configuration Verification After configuration is complete, check that the neighbor relationship is normal.
Page 249: Configuring Gr
Switch_1: Switch_1(config)#interface vlan 4 Switch_1(config-vlan-4)#bfd enable Switch_1(config-vlan-4)#ip ospf bfd enable Switch_2: Switch_2(config)#interface vlan 4 Switch_2(config-vlan-4)#bfd enable Switch_2(config-vlan-4)#ip ospf bfd enable Configuration Verification Switch_1(config-vlan-4)#show ip ospf bfd session OSPF Process 1 NeighborAddress NeighborID BFDState 1.1.1.2 1.1.1.2 Switch_2(config-vlan-4)#show ip ospf bfd session OSPF Process 1 NeighborAddress NeighborID...
Page 250 Configuration For basic OSPF configuration, see 7.3.3.1 Example of Configuring Basic OSPF Functions. GR configuration Switch_1: Switch_1(config)#router ospf Switch_1(config-ospf-1)# graceful-restart Switch_1(config-ospf-1)# graceful-restart period 60 Switch_2: Switch_2(config)#router ospf Switch_2(config-ospf-1)# graceful-restart helper Configuration Verification Use the plugging/unplugging method for testing. After the GR initiator and GR helper are configured, unplug the active core switch card of the GR initiator and check that the original traffic between the devices is not interrupted.
Page 251: Configuring Ospfv3
7.4 Configuring OSPFv3 7.4.1 OSPFv3 Overview 7.4.1.1 Basic OSPFv3 Concepts OSPFv3 runs inside an AS. To reduce the routing information size, OSPFv3 divides an AS into different areas. Each area is marked by an area ID, which is in the format of IPv4 address here. Figure 7-12 shows an example of area division.
Page 252 Other areas must connect with the backbone area. As shown in Figure 7-12, area 36.0.0.0 and area 40.0.0.0 connect with the backbone area through R2 and R3 respectively. In this way, each of R2 and R3 is connected to two areas. In OSPFv3, routers connected to two or more areas are called ABRs. Figure 7-12Router R6 connects with area 36.0.0.0 and area 37.0.0.0, and thus is an ABR.
Page 253: Route Diffusion
Figure 7-13 Adjacency relationship on an Ethernet link 7.4.1.2 Route Diffusion The work of OSPFv3 is basically divided into the adjacency establishment process and the subsequent triggered update process. OSPFv3 uses five types of protocol messages to accomplish protocol functions: Hello message, DDP message, LSR message, LACK message, and LSU message. The Hello message checks the status of a neighbor and negotiates adjacency establishment parameters and selection or DR and BDR.
Page 254 Figure 7-14 Work process of OSPFv3 All OSPFv3 messages except for the Hello message are related to the route information. In OSPFv3, an information unit carrying the route information is called link state advertisement (LSA). There are seven types of LSA: router LSA, network LSA, intra-area prefix LSA, intra-area router LSA, external LSA, link state LSA, and inter-area prefix LSA.
Page 255: Ospfv3 Lsa Types
7.4.1.3 OSPFv3 LSA Types Router-LSAs The frame format of Router-LSA is shown in Figure 7-15: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 +-+-+-+--+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ LS Age |0|0|1|...
Page 256 Differences with OSPFv2: Meaning of the LSID field. OSPFv3 takes fragmentation into consideration. One router can generate one or more Router-LSAs for one area and distinguish these Router-LSAs by LSID. This can avoid the generation of large packets in OSPFv2 due to too many interfaces in the area, resulting in underlying IP fragmentation.
Page 257 Network-LSA is generated in the same way as that in OSPFv2 but has the following changes: LSID is the interface ID of DR. In OSPFv2, LSID is the interface address of DR. It does not contain the mask and has no Net Mask field. The option field is the logic OR of the option in LINKLSA advertised by the FULL neighbor.
Page 258 Inter-Area-Router-LSAs The frame format of Inter-Area-Router-LSA is shown in Figure 7-18: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ LS Age |0|0|1|...
Page 259 AS-External-LSAs The frame format of AS-External-LSA is shown in Figure 7-19: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ LS Age |0|1|0|...
Page 260 Link-LSAs The frame format of Link-LSA is shown in Figure 7-20: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ LS Age |0|0|0|...
Page 261 Link-LSA is not available in OSPFv2. A router generates a Link-LSA for each link. Link-LSAs are generated as long as the interface IP address is available after device startup. Link-LSA is not generated for virtual links. LSID is the interface ID of the router.
Page 262 Intra-Area-Prefix-LSAs The frame format of Intra-Area-Prefix-LSA is shown in Figure 7-21 (LSID does not indicate an address): 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ LS Age |0|0|1|...
Page 263 Describe the prefix of a network Stub interface - the current Router-LSA is referenced. The referenced LSID is 0, and the referenced router ID is the ID of the router itself. Describe the prefix of a router BCAST interface with a FULL neighbor - Network-LSA is referenced. The referenced LSID is the interface ID of DR on the link L and the referenced router ID is the ID of DR.
Page 264: Configuring Ospfv3
 The LSA contains the directly connected host (this is optional).  If one or more virtual links pass through this area, contain a global IPv6 interface address (if not configured), set the LA bit in the option, and set prefix length to 128 and overhead to 0.
Page 265: Enabling The Vpn Instance Designated By An Ospfv3 Process
7.4.2.1.2 Enabling the VPN Instance Designated by an OSPFv3 Process Purpose This section describes how to enable the VPN instance designated by an OSPFv3 process. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable the VPN 1.
Page 266: Clearing Ospfv3 Statistics
7.4.2.1.4 Clearing OSPFv3 Statistics Purpose This section describes how to clear OSPFv3 statistics. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Clear 1. Run the configure command in the privileged user view to access the OSPFv3 global configuration view.
Page 267: Configuring A Stub Area
7.4.2.2.2 Configuring a Stub Area Purpose This section describes how to configure a stub area. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure a common 1. Run the configure command in the privileged user view to stub area access the global configuration view.
Page 268: Configuring An Nssa
7.4.2.2.3 Configuring an NSSA Purpose This section describes how to configure an NSSA. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure an 1. Run the configure command in the privileged user view to access the NSSA global configuration view.
Page 269: Configuring Area Aggregation
7.4.2.2.4 Configuring Area Aggregation Purpose This section describes how to configure area aggregation. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure 1. Run the configure command in the privileged user view to access the area global configuration view.
Page 270: Configuring Gr
7.4.2.2.6 Configuring GR Purpose This section describes how to configure graceful restart (GR). Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable GR 1. Run the configure command in the privileged user view to access the global configuration view.
Page 271: Configuring An Interval For Route Calculation
7.4.2.2.7 Configuring an Interval for Route Calculation Purpose This section describes how to configure an interval of route calculation. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure an 1. Run the configure command in the privileged user view to access the interval for route global configuration view.
Page 272: Enabling The Trap Report Function Of Ospfv3
Purpose Procedure Configure a 1. Run the configure command in the privileged user view to access the routing policy of global configuration view. redistribution 2. Run the router ipv6 ospf command to access the OSPFv3 configuration view. 3. Run the redistribute { connect | static | rip | bgp | isis | ospf } route- policy policy-name command.
Page 273: Configuring An Ospfv3 Port
7.4.2.3 Configuring an OSPFv3 Port 7.4.2.3.1 Configuring OSPFv3 Interface Parameters Purpose This section describes how to configure the parameters of an OSPFv3 interface. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Add an 1. Run the configure command in the privileged user view to access the interface to a global configuration view.
Page 274 Purpose Procedure 3. Run the following commands:  ipv6 ospf cost cost  ip ospf cost default Configure an 1. Run the configure command in the privileged user view to access the interval for global configuration view. sending Hello 2. Run the interface vlan N command to access the VLANIF configuration packets by an view.
Page 275: Configuring Bfd
7.4.2.3.2 Configuring BFD Purpose This section describes how to configure BFD. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure 1. Run the configure command in the privileged user view to access the global configuration view. 2.
Page 276: Configuring A Passive Interface
7.4.2.3.4 Configuring a Passive Interface Purpose This section describes how to configure a passive interface. Background A passive interface refers to an OSPFv3 interface that does not send or receive protocol messages and does not establish any neighbor relationship. However, the interface route is included in the Router-LSA for internal route propagation.
Page 277: Configuring Ospfv3 Debugging
7.4.2.4 Configuring OSPFv3 Debugging Purpose This section describes how to configure OSPFv3 debugging. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable 1. Access the privileged user view. global 2. Run the command debug ospf6 { global | all | lsa | hello | packet | debugging neighbor | interface | ip-route | rtm | spf | syn | graceful-restart | nbrchange | frr | error }.
Page 278: Viewing Ospfv3 Configuration
7.4.2.5 Viewing OSPFv3 Configuration Purpose This section describes how to view the OSPFv3 configuration. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Display the 1. Access the common user view. brief OSPFv3 2. Run the following commands: information ...
Page 279 Purpose Procedure Display the 1. Access the common user view. OSPFv3 2. Run the following commands: database  show ipv6 ospf database information  show ipv6 ospf database process process-id  show ipv6 ospf database area area-id show ipv6 ospf database area area-id process process-id ...
Page 280: Ospfv3 Configuration Example
Purpose Procedure Display the 1. Access the common user view. OSPFv3 trap 2. Run the show ipv6 ospf trap command. information Display the 1. Access the common user view. OSPF BFD 2. Run the show ipv6 ospf bfd session command. session information 7.4.3 OSPFv3 Configuration Example...
Page 281 Data Preparation Interface addresses of Switch_1: 2001::1/64 and 2003::1/64 Interface addresses of Switch_2: 2001::2/64 and 2004::2/64 Interface address of Switch_3: 2003::3/64 Interface address of Switch_4: 2004::4/64 Configuration Switch_1: Switch_1(config)#router ipv6 ospf Switch_1(config-ospfv3-1)#router-id 1.1.1.1 Switch_1(config-ospfv3-1)#quit Switch_1(config)#interface vlan 10 Switch_1(config-if-vlan10)#ipv6 ospf area 0 Switch_1(config-if-vlan10)#quit Switch_1(config)# Switch_1(config)#interface vlan 30...
Page 282: Configuration Verification
Switch_4: Switch_4(config)#router ipv6 ospf Switch_4(config-ospfv3-1)#router-id 4.1.1.4 Switch_4(config-ospfv3-1)#quit Switch_4(config)#interface vlan 40 Switch_4(config-if-vlan40)#ipv6 ospf area 0 Configuration Verification Run the show ipv6 ospf neighbor command to view the following OSPFv3 information: OSPFv3 process 1 NeighborId Priority State Interface Instance Aging UpTime IpAddress 1.1.1.2 Full vlan10...
Page 283: Configuring A Stub Area
7.4.3.2 Configuring a Stub Area Network Requirements This case shows how to configure an OSPFv3 stub area to make you familiar with the OSPFv3 stub area configuration process. The topology is shown in Figure 7-23. Network Diagram Figure 7-23 Stub area topology Configuration Suggestion All devices run OSPFv3.
Page 284 Configuration The basic configuration and topology are the same as those described in 7.4.3.1 Configuring Basic OSPFv3 Functions. Configure Area 1 as a stub area. Switch_1: Switch_1(config)#router ipv6 ospf Switch_1(config-ospfv3-1)#area 1 stub Switch_1(config)# Switch_3: Switch_3(config)#router ipv6 ospf Switch_3(config-ospfv3-1)# area 1 stub Switch_3(config)# Introduce a type 5 LSA with the address 2013:0122::1/64 to Switch_4 Switch_4:...
Page 285: Configuring An Nssa
7.4.3.3 Configuring an NSSA Network Requirements This case shows how to configure an OSPFv3 stub area to make you familiar with the OSPFv3 stub area configuration process. The topology is shown in Figure 7-24. Network Diagram Figure 7-24 NSSA topology Configuration Suggestion All devices run OSPFv3.
Page 286: Configuring Bfd
Switch_3: Switch_3(config)#router ipv6 ospf Switch_3(config-ospfv3-1)# area 1 nssa Switch_3(config)# Configuration Verification The database of NSSA has a default LSA of the NSSA type, which is absent from the databases of normal areas. Import the static route 1111:1011::1/64 to Switch_3, and redistribute static routes. Import the static route 2222:1011::1/64 to Switch_4 and check whether Switch_3 has any external route.
Page 287 Configuration Basic configuration: Switch_1: Switch_1(config)#router ipv6 ospf Switch_1(config-ospfv3-1)#router-id 1.1.1.1 Switch_1(config-ospfv3-1)#quit Switch_1(config)#interface vlan 10 Switch_1(config-if-vlan10)#ipv6 ospf area 0 Switch_1(config-if-vlan10)#quit Switch_2: Switch_2(config)#router ipv6 ospf Switch_2(config-ospfv3-1)#router-id 2.1.1.2 Switch_2(config-ospfv3-1)#quit Switch_2(config)#interface vlan 10 Switch_2(config-if-vlan10)#ipv6 ospf area 0 Switch_2(config-if-vlan10)#quit BFD configuration: Switch_1: Switch_1(config)#interface vlan 4 Switch_1(config-vlan-10)#bfd enable Switch_1(config-vlan-10)#ipv6 ospf bfd enable Switch_2: Switch_2(config)#interface vlan 4...
Page 288: Configuring Gr
7.4.3.5 Configuring GR Network Requirements This case shows how to configure the OSPFv3 GR configuration to make you familiar with the OSPFv3 GR configuration process. The topology is shown in Figure 7-26. Network Diagram Figure 7-26 GR function case topology Configuration Suggestion Two devices run OSPFv3 and are located in Area 0.
Page 289 Configuration Verification Use the plugging/unplugging method for testing. After the GR initiator and GR helper are configured, unplug the active core switch card of the GR initiator and check that the original traffic between the devices is not interrupted.
Page 290: Configuring Bgp
7.5 Configuring BGP 7.5.1 BGP Overview 7.5.1.1 Background Information Border Gateway Protocol (BGP) is used to control the propagation of routes and select the best route. BGP is a dynamic routing protocol used between Autonomous Systems (AS). The earlier versions are BGP-1 (RFC1105), BGP-2 (RFC1163), and BGP-3 (RFC1267).
Page 291: Basic Concepts
7.5.1.3 Basic Concepts BGP-4 provides a set of new mechanisms to support CIDR, including supporting network prefix broadcast and cancelling the concept "class" in BGP networks. BGP-4 also supports route aggregation, including aggregation of AS paths. These changes provide support for the proposed supernet solution. Main route attributes include: ...
Page 292: Bgp4 Route Advertisement
Figure 7-27 BGP neighbors BGP advertises the routes obtained from EBGP to all its BGP peers, including IBGP and EBGP. It does not advertise the routes obtained from IBGP to its IBGP peers. When advertising routes to EBGP, ensure that BGP waits until IGP propagates the same route in the local AS, and then advertises the route to other ASs.
Page 293: Bgp4 Messages
Figure 7-28 BGP route selection flowchart 7.5.1.4.3 BGP4 Messages BGP supports four types of messages: Open, KeepAlive, Update, and Notification. All these messages are transmitted via TCP. Open message The Open message is the first message after TCP connection used by the BGP neighbor is established.
Page 294: Bgp4 Attributes
7.5.1.4.4 BGP4 Attributes BGP defines a large number of route attributes to describe routes in more detail. During route selection, BGP needs to judge the route attributes to select routes that meet specific policy requirements. ORIGIN Specifies the source of a route. It can be set to any of the following values: IGP: Network reachability information is inside the original AS EGP: Get network reachability information through EGP INCOMLETE: Get network reachability information in other means...
Page 295: Bgp4 Route Selection Policies
7.5.1.4.5 BGP4 Route Selection Policies Select the route with the highest Local_Pref first. Select aggregated routes (aggregated routes have higher priority than non- aggregated routes) first. Select the route with the shortest AS_Path first. Select the route whose Origin is IGP first, followed by EGP and then Incomplete. Select the route with the lowest MED value first.
Page 296: Bgp4 Route Aggregation
7.5.1.4.7 BGP4 Route Aggregation In a large network, the BGP routing table is very large, and route aggregation can greatly reduce the size of the routing table. Route aggregation is actually a process of combining multiple routes. In this way, when BGP can only advertise the aggregated route to its peers, instead of advertising all specific routes.
Page 297: Bgp4 Confederation
7.5.1.4.11 BGP4 Confederation Confederation is another method to deal with the surge of IBGP network connections within an AS. It divides an AS into several sub-ASs. A full connection is established between IBGP peers in each sub- AS and an EBGP connection is established between IBGP peers in different sub-ASs. BGP speakers that do not belong to a confederation treat multiple sub-ASs belonging to the same confederation as a whole, and do not need to know internal sub-ASs.
Page 298: Bfd For Bgp Features
Address Family BGP uses address family to distinguish different network layer protocols. For values of address family, see RFC1700 (Assigned Numbers). MP-BGP extension applications, including VPN extension, should be configured in their respective address family views. 7.5.1.4.13 BFD for BGP Features Bidirectional Forwarding Detection (BFD) is used in IPv4 to accelerate link failure detection for BGP.
Page 299: Configuring Bgp
7.5.2 Configuring BGP 7.5.2.1 Configuring Basic BGP4 Functions Purpose This section describes how to configure basic BGP4 functions. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Access or 1.
Page 300 Purpose Procedure 3. Run the neighbor ipv4-address password password command. Delete MD5 1. Access the global configuration view. authentication for 2. Access the BGP configuration view or BGP-VPNv4 address family a neighbor view. 3. Run the no neighbor ipv4-address password command. Configure the 1.
Page 301: Configuring Bgp4 Route Advertising
7.5.2.2 Configuring BGP4 Route Advertising Purpose This section describes how to configure BGP4 route advertising. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Enable route 1. Access the global configuration view. aggregation and set to 2.
Page 302 Purpose Procedure 3. Run the no neighbor ipv4-address route-refresh command. Advertise the 1. Access the global configuration view. specified route 2. Access the BGP configuration view or BGP-VPNv4 address family view. 3. Run the network network-address network-mask command. Delete the specified 1.
Page 303: Configuring Bgp4 Route Attributes
7.5.2.3 Configuring BGP4 Route Attributes Purpose This section describes how to configure BGP4 route attributes. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure the 1. Access the global configuration view. default MED 2.
Page 304: Configuring Bgp4 Route Policies
Purpose Procedure AS ID, not the 3. Run the neighbor ipv4-address public-as-only command. private AS ID, in the BGP update packet to be sent 7.5.2.4 Configuring BGP4 Route Policies Purpose This section describes how to configure BGP4 route policies. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 305: Configuring Bfd For Bgp
Purpose Procedure route policy for a 3. Run the neighbor ipv4-address route-policy route-policy-name designated { export | import } command. neighbor Delete an import 1. Access the global configuration view. or export route 2. Access the BGP configuration view. policy for a 3.
Page 306: Configuring A Bgp4 Confederation
Purpose Procedure view, BGP-VPN IPv4 address family configuration view, or BGP-VPN IPv6 address family configuration view. 3. Run the cluster-id router-id command. Specify a 1. Access the global configuration view. neighbor as 2. Access the BGP configuration view or BGP-VPNv4 address family view. the reflector 3.
Page 307: Configuring Bgp4 Gr
Purpose Procedure Delete a 1. Access the global configuration view. designated 2. Access the BGP configuration view. confederation 3. Run the no confederation peer-as autonomy-system-number command. member 7.5.2.8 Configuring BGP4 GR Purpose This section describes how to configure BGP4 GR. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 308: Configuring A Bgp Family Address
7.5.2.9 Configuring a BGP Family Address Purpose This section describes how to configure a BGP family address. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Enter the IPv4 unicast 1.
Page 309 Purpose Procedure Display the 1. Access the common user view, BGP configuration view, privileged user basic BGP view, global configuration view, BGP address family configuration view, or configuration BGP-VPNv4 address family view. 2. Run the show ip bgp config command. Display all 1.
Page 310: Bgp Configuration Example
7.5.3 BGP Configuration Example 7.5.3.1 Basic BGP4 Configuration Network Requirements As shown in Figure 7-29, all switches run BGP. An EBGP connection is created between R1 and R2 and an IBGP full connection is created among R2, R3, and R4. Network Diagram Figure 7-29 Network diagram of basic BGP configuration Switch...
Page 311 Configuration Suggestion Configure basic BGP functions as follows: 1. Create an IBGP connection among R2, R3, and R4. 2. Create an EBGP connection between R1 and R2. 3. Run the network command on R1 to advertise the route and view the routing tables of R1, R2, and 4.
Page 312 2. Configure an EBGP connection Configure R1. R1(config)# router bgp 65008 R1(config-bgp)#router-id 1.1.1.1 R1(config-bgp)#neighbor 192.1.1.1 remote-as 65009 Configure R2. R2(config-bgp)#neighbor 192.1.1.2 remote-as 65008 R2(config-bgp)#quit View the connection state of the BGP peer R1(config)#show ip bgp neighbor 3. Set R1 to advertise the route 20.0.0.0/8 Set R1 to advertise a route.
Page 313: Configuring Interaction Between Bgp4 And Igp
7.5.3.2 Configuring Interaction Between BGP4 and IGP Network Requirements As shown in Figure 7-30, OSPF is used as IGP inside AS65009, an EBGP connection is created between R1 and R2, and R3 runs OSPF, not BGP. Network Diagram Figure 7-30 Network diagram of configure interaction between BGP and IGP Switch Interface VLAN...
Page 314 Data Preparation Prepare the following data to complete the configuration in this example: VLAN IDs corresponding to the interfaces. See Figure 7-30. IP addresses of the VLAN interfaces. See Figure 7-30. The Router ID of R1 is 1.1.1.1 and the AS ID is 65008. The router IDs of R2 and R3 are 2.2.2.2 and 3.3.3.3 respectively, and the AS number is 65009.
Page 315 3. Configure interaction between BGP and IGP Enable BGP to import OSPF routes on R2. R2(config-bgp)#redistribute ospf R2(config-bgp)#quit View the R1 routing table. R1(config)#show ip bgp route Enable OSPF to import BGP routes on R2. R2(config)#router ospf R2(config-ospf-1)#redistribute bgp R2(config-ospf-1)#quit View the R3 routing table.
Page 316: Configuring A Bgp4 Route Reflector
7.5.3.3 Configuring a BGP4 Route Reflector Network Requirements As shown in Figure 7-31, R1 is a non-client. R2 is the router reflector of Cluster1 and R4 and R5 are its clients. An IBGP connection is created between them, and thus routes do not need to be reflected between clients.
Page 317: Data Preparation
Gigaethernet 1/0/3 VLAN 70 10.1.7.1/24 Gigaethernet 1/0/4 VLAN 80 10.1.8.1/24 Gigaethernet 1/0/5 VLAN 90 10.1.9.1/24 Gigaethernet 1/0/1 VLAN 40 10.1.4.2/24 Gigaethernet 1/0/2 VLAN 60 10.1.6.1/24 Gigaethernet 1/0/1 VLAN 50 10.1.5.2/24 Gigaethernet 1/0/2 VLAN 60 10.1.6.2/24 Gigaethernet 1/0/1 VLAN 70 10.1.7.2/24 Gigaethernet 1/0/1 VLAN 80 10.1.8.2/24...
Page 318 R2(config-bgp)#cluster-id 10.10.10.10 R2(config-bgp)#quit Configure R3. R3(config)#router bgp 65010 R3(config-bgp)#router-id 3.3.3.3 R3(config-bgp)#neighbor 10.1.7.2 route-reflector-client R3(config-bgp)#neighbor 10.1.8.2 route-reflector-client R3(config-bgp)#neighbor 10.1.9.2 route-reflector-client R3(config-bgp)#cluster-id 20.20.20.20 R3(config-bgp)#quit View the R4 routing table. R4(config)#show ip bgp route As shown in the routing table, R4 has learned from R2 the router advertised by R1.
Page 319: Configuring A Bgp4 Confederation
7.5.3.4 Configuring a BGP4 Confederation Network Requirements As shown in Figure 7-32, multiple devices in the network run BGP. To reduce the number of IBGP connections, divide these devices into three sub-ASs: AS6500, AS65002, and AS65003. An IBGP full connection is created among three devices in AS65001. Network Diagram Figure 7-32 Network diagram of configuring a confederation Switch...
Page 320 Configuration Suggestion Configure a BGP confederation as follows: 1. Configure a BGP confederation for switches in AS200. 2. Create an IBGP connection in AS65001. 3. Create an EBGP connection between AS100 and AS200, and view the routing information. Data Preparation Prepare the following data to complete the configuration in this example: VLAN IDs corresponding to the interfaces.
Page 321 Configure R3. R3(config)#router bgp 65003 R3(config-bgp)#router-id 3.3.3.3 R3(config-bgp)#confederation identifier 200 R3(config-bgp)#confederation peer-as 65001 R3(config-bgp)#confederation peer-as 65002 R3(config-bgp)#neighbor 10.1.2.1 remote-as 65001 R3(config-bgp)#quit 2. Create an IBGP connection inside AS65001. Configure R1. R1(config)#router bgp 65001 R1(config-bgp)#neighbor 10.1.3.2 remote-as 65001 R1(config-bgp)#neighbor 10.1.4.2 remote-as 65001 R1(config-bgp)#neighbor 10.1.3.2 next-hop-local R1(config-bgp)#neighbor 10.1.4.2 next-hop-local R1(config-bgp)#quit...
Page 322: Configuring Bfd For Bgp
Configure R6. R6(config)#router bgp 100 R6(config-bgp)#router-id 6.6.6.6 R6(config-bgp)#neighbor 200.1.1.1 remote-as 200 R6(config-bgp)#network 9.1.1.0 255.255.255.0 R6(config-bgp)#quit 4. View the configuration result. View the BGP routing table of R2. R2(config)#show ip bgp route View the BGP routing table of R4. R4(config)#show ip bgp route 7.5.3.5 Configuring BFD for BGP Network Requirements As shown in Figure 7-33, R1 belongs to AS100, R2 and R3 belong to AS200, and an EBGP connection...
Page 323 Switch Interface VLAN IP Address Gigaethernet 1/0/1 VLAN 10 200.1.2.1/24 Gigaethernet 1/0/2 VLAN 20 200.1.1.1/24 Gigaethernet 1/0/1 VLAN 30 9.1.1.1/24 Gigaethernet 1/0/2 VLAN 20 200.1.1.2/24 Gigaethernet 1/0/3 VLAN 40 192.1.1.1/24 Gigaethernet 1/0/1 VLAN 10 200.1.2.2/24 Gigaethernet 1/0/2 VLAN 30 9.1.1.2/24 Configuration Suggestion Configure BFD for BGP as follows: 1.
Page 324 R2(config-bgp)#network 9.1.1.0 255.255.255.0 R2(config-bgp)#quit Configure R3. R3(config)#router bgp 200 R3(config-bgp)#router-id 3.3.3.3 R3(config-bgp)#neighbor 200.1.2.1 remote-as 100 R3(config-bgp)#neighbor 9.1.1.1 remote-as 200 R3(config-bgp)#network 9.1.1.0 255.255.255.0 R3(config-bgp)#network 192.1.1.0 255.255.255.0 R3(config-bgp)#quit On R1, check whether a BGP neighbor is established. R1(config-bgp)#show ip bgp neighbor 2. Configure the MED value. Configure the MED values sent by R2 and R3 to R1 according to the policy.
Page 325 3. Enable BFD and configure the sending and receiving intervals, and local detection multiple. Enable BFD for R1. R1(config)#bfd enable R1(config)#router bgp 100 R1(config-bgp)#neighbor 200.1.1.2 bfd enable Enable BFD for R2. R2(config)#bfd enable R2(config)#router bgp 200 R2(config-bgp)#neighbor 200.1.1.1 bfd enable Display all BFD sessions established by BGP on R1.
Page 326: Configuring Isis
7.6 Configuring ISIS 7.6.1 ISIS Overview 7.6.1.1 Background Information Internet is developing quickly and used by more and more users with different needs, and thousands of network terminals communicate with each other via Internet. Therefore, dynamic routing protocols are required by intermediate devices (routers and L3 switches) on networks to guide packet forwarding and provide accurate and effective routing information for packet forwarding.
Page 327: Functions And Features
7.6.1.3 Functions and Features ISIS runs directly on the link layer. Its working process consists of establishing a neighbor relationship, synchronizing LSDBs, and calculating routes. The process of forming a neighbor relationship varies with the type of network, and the conditions for establishing adjacency are: Only neighboring routers at the same layer can become neighboring routers.
Page 328 Level-2 router: A Level-2 router is responsible for routing between areas. It can form an adjacency relationship with Level-2 routers in another area, and maintains a Level- 2 LSDB which contains routing information between areas. All Level-2 routers and Level-1-2 routers form the backbone network of a routing domain and are responsible for communication between different areas.
Page 329 ISIS packets are directly encapsulated in data link frames, and are divided into three categories: Hello packet: used to establish and maintain adjacencies, also known as IIH (IS-to-IS Hello PDUs). Level-1 routers in a broadcast network use Level-1 LAN IIH, Level-2 routers in a broadcast network use Level-2 LAN IIH, and the routers in a P2P network use P2P IIH.
Page 330 If an IPv4 adjacency (IPv4-only) needs to be established between ISs, both interfaces need to be enabled with ISIS and configured with valid IPv4 addresses and be in the same network segment (for a P2P network, the IP addresses of routers at two ends can be in different network segments when the following function is enabled: do not check the peer IP address when a PPP interface is allowed to receive Hello packets).
Page 331 After ISIS establishes a neighbor relationship, for broadcast links, it selects a DIS for maintaining database updates and uses LSP flooding and SNP packets to synchronize databases. For P2P link, it directly uses CSNP and PSNP for database synchronization. LSP packet flooding means that, after a router advertises its own LSP to its neighboring routers, the neighboring routers transmit the same LSP packet to other neighbors except for the router that sent the LSP.
Page 332 Figure 7-38 Flowchart of synchronizing databases on a P2P link After synchronizing databases, ISIS uses the SPF algorithm to calculate the loop-free SPF tree according to the link state information in the databases, and restricts the route calculation type according to the type of the adjacency relationship established with neighbors: When an IPv4 adjacency relationship is established with a neighbor, only IPv4 routes are calculated and generated.
Page 333: Configuring Isis
7.6.2 Configuring ISIS 7.6.2.1 Basic ISIS Configuration Purpose This section describes basic ISIS configuration, including enabling all ISIS interfaces, enabling ISIS for an interface and starting an ISIS process, configuring a network entity title, and setting a global ISIS overload bit. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 334: Configuring Basic Isis Parameters
7.6.2.2 Configuring Basic ISIS Parameters Purpose This section describes how to configure basic ISIS parameters, including the interface link, interface priority, and packet interval. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure an...
Page 335 Purpose Procedure links under an 2. Access the VLANIF configuration view or interface group configuration ISIS interface or view. cancel the 3. Run the following commands: configuration  isis default-metric { level-1 | level-2 | ppp } default-metric  no isis default-metric { level-1 | level-2 | ppp } Configure a 1.
Page 336: Configuring An Isis Circuit Level
Purpose Procedure padding function 3. Run the following commands: for Hello packets  isis hello padding sent by an ISIS  no isis hello padding interface Add an ISIS 1. Access the global configuration view. interface to a 2. Access the VLANIF configuration view, loopback interface configuration designated mesh view, or interface group configuration view.
Page 337: Configuring Isis Lsp
7.6.2.4 Configuring ISIS LSP Purpose This section describes how to configure ISIS LSP, including configuring an LSP refresh interval, and maximum lifetime, enabling checking checksum of the received LSP packets globally, and enabling receiving MTU values of LSP packets globally. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 338: Configuring Isis Route Aggregation
Purpose Procedure Enable or disable 1. Access the global configuration view. route redistribution 2. Access the ISIS configuration view. and introduce 3. Run the following commands: routing information  redistribute { connect | static | rip | bgp | ospf | isis } of other routing { level-1 | level-2 | level-1-2 } protocols...
Page 339: Configuring Isis Authentication
7.6.2.7 Configuring ISIS Authentication Purpose This section describes how to configure ISIS authentication, including enabling or disabling area authentication or domain authentication for all ISIS interfaces, and enabling or disabling an ISIS interface to authenticate Hello packets in a designated manner and with a designated password. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 340: Configuring Isis Bfd
7.6.2.8 Configuring ISIS BFD Purpose This section describes how to configure ISIS BFD, including enabling or disabling BFD for an ISIS interface. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Enable or...
Page 341: Enabling Other Isis Function Modules
7.6.2.10 Enabling Other ISIS Function Modules Purpose This section describes how to enable or disable other ISIS function modules, including enabling or disabling TE, FRR, and SNMP alarm for all interfaces. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 342: Viewing The Isis Configuration
7.6.2.11 Viewing the ISIS Configuration Purpose This section describes how to view the ISIS configuration. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Display 1. Access the common user view, privileged user view, global information about configuration view, VLANIF configuration view, loopback interface an ISIS database of...
Page 343 Purpose Procedure Display mapping 1. Access the common user view, privileged user view, global of the ISIS dynamic configuration view, VLANIF configuration view, loopback interface host configuration view, or ISIS configuration view. 2. Run the show ip isis hostname command. Display 1.
Page 344: Isis Configuration Example
7.6.3 ISIS Configuration Example 7.6.3.1 Configuring Basic ISIS Functions Network Requirements This task is to complete basic ISIS configuration to make you familiar with the ISIS configuration process and the roles of AREA, LEVEL, and SYSID in ISIS configuration. The topology is shown in Figure 7-39. Network Diagram Figure 7-39 Basic ISIS configuration topology Configuration Suggestion...
Page 345 Switch_3 NET is 20.0003.0003.0003.00, and addresses of its two interfaces are 2.1.1.1/24 and 3.1.1.1/24. Switch_4 NET is 30.0004.0004.0004.00, and addresses of its two interfaces are 3.1.1.2/24 and 4.1.1.2/24. Switch_5 NET is 30.0005.0005.0005.00 and its interface address is 4.1.1.1/24. Configuration Switch_1: Switch_1(config)#router isis Switch_1(config-isis-1)#net 10.0001.0001.0001.00 Switch_1(config-isis-1)#is-type level-1...
Page 346: Configuration Verification
Switch_4: Switch_4 (config)#router isis Switch_4 (config-isis-2)#net 30.0004.0004.0004.00 Switch_4 (config-isis-2)#is-type level-1-2 Switch_4 (config-isis-2)#exit Switch_4 (config)#int vlan 3 Switch_4 (config-vlan-3)#ip router isis Switch_4 (config-vlan-1)#exit Switch_4 (config)#int vlan 4 Switch_4 (config-vlan-4)#ip router isis Switch_5: Switch_5 (config)#router isis Switch_5 (config-isis-1)#net 30.0005.0005.0005.00 Switch_5 (config-isis-1)#is-type level-1 Switch_5 (config-isis-1)#exit Switch_5 (config)#int vlan 4 Switch_5 (config-vlan-4)#ip router isis...
Page 347: Configuring Isis Route Aggregation
Configuration Suggestion Two devices run ISIS and are located in the same area. Assume that Switch_1 has external routes that are learned through other routing protocols and need to be imported to ISIS, but the requirements for external routes are as follows: Receiving all direct routes and redistributing them to level-1 devices.
Page 348: Configuring Isis Authentication
Configuration Suggestion Switch_1 has 10 routes: 10.1.1.0/24 to 10.1.10.0/24. It is hoped to reduce the routing table size of Switch_3, so that when Switch_2 advertises Area1's routes to Area2, the routes are aggregated to 10.1.0.0/16. For this purpose, you can run the route aggregation command on Switch_2. After the configuration, Switch_3 only learns 10.1.0.0/16 from Area1.
Page 349 Configuration Suggestion Meet the following rules for packets between Switch_1 and Switch_2: Configure simple password authentication for Level-1 Hello packets. The password is 123456. Configure MD5 authentication for Level-2 Hello packets. The password is fhn. Configure simple password authentication for Level-1 LSP packets. The password is 12345. Configure MD5 authentication for Level-2 LSP packets.
Page 350: Configuring Isis Bfd
7.6.3.5 Configuring ISIS BFD Network Requirements This case shows how to configure ISIS BFD to make you familiar with the ISIS BFD configuration process. The topology is shown in Figure 7-43. Network Diagram Figure 7-43 ISIS BFD topology Configuration Suggestion Both devices run ISIS, BFD is enabled globally, and BFD is enabled for ISIS interfaces.
Page 351: Configuring Isis Gr
7.6.3.6 Configuring ISIS GR Network Requirements This case shows how to configure ISIS GR to make you familiar with the ISIS GR configuration process. The topology is shown in Figure 7-44. Network Diagram Figure 7-44 ISIS GR topology Configuration Suggestion Both devices run ISIS and are located in the same area.
Page 352: Configuring A Routing Policy
7.7 Configuring a Routing Policy 7.7.1 Overview of Routing Policy Routing Policy A routing policy is used to change the path of transmitting network traffic. In order to implement a routing policy, you can define a group of match rules and configuration rules and then apply them to the routing policies for route advertisement, reception, and import.
Page 353 7.7.2 Configuring an Address Prefix List Purpose This section describes how to configure an address prefix list to filter routing information. The matched object is the destination address field in routing information. Procedure Caution  Tables are differentiated based on the list-name and IP address type. ...
Page 354: Configuring A Routing Policy
Purpose Procedure Create a filter rule to fully match 1. Access the global configuration view. network segment addresses with length 2. Run the ip prefix-list listname [ index index- of MASKLEN number ] { permit | deny } ipv4-address mask-length command.
Page 355 Purpose Procedure Create a routing 1. Access the global configuration view. policy and access 2. Run the route-policy policy-name { permit | deny } node node- the routing policy number command. configuration view (Optional) 1. Access the global configuration view. Configure a MATCH 2.
Page 356: Applying A Routing Policy To Ospf
7.7.4 Applying a Routing Policy to OSPF Purpose This section describes how to apply a routing policy in OSPF to reference the ACL or address prefix list to filter received routes. Only the routes satisfying the conditions are accepted. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 357: Applying A Routing Policy To Isis
Purpose Procedure Apply a routing 1. Access the global configuration view. policy to routes 2. Access the BGP configuration view. received by the BGP 3. Run the neighbor ipv4-address route-policy route-policy-name neighbor import command. Apply a routing 1. Access the global configuration view. policy to routes 2.
Page 358: Maintenance And Debugging
7.7.7 Maintenance and Debugging Purpose This section describes how to check or locate the fault when the routing policy function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View the global...
Page 359 Switch Interface VLAN IP Address 10Gigaethernet1/0/1 VLAN 10 200.1.1.2/24 10Gigaethernet1/0/2 VLAN 20 200.1.2.2/24 10Gigaethernet1/0/1 VLAN 10 200.1.1.1/24 10Gigaethernet1/0/2 VLAN 30 10.1.1.1/24 10Gigaethernet1/0/1 VLAN 20 200.1.2.1/24 10Gigaethernet1/0/2 VLAN 30 10.1.1.2/24 Configuration Suggestion Configure BGP load sharing and apply a routing policy to modify MED attributes as follows: 1.
Page 360: Configuring An Ospf Routing Policy
# Configure R3. R3(config)#router bgp 65009 R3(config-bgp)#router-id 3.3.3.3 R3(config-bgp)#neighbor 200.1.2.2 remote-as 65008 R3(config-bgp)#neighbor 10.1.1.1 remote-as 65009 R3(config-bgp)#network 10.1.1.0 255.255.255.0 R3(config-bgp)#quit # View the R1 routing table. As shown in the routing table, there are two next hops for the BGP route 10.1.1.0/24, namely 200.1.1.1 and 200.1.2.1, both of which are the optimal routes.
Page 361 Interface addresses of Switch_1: 1.1.1.1/24 and 3.1.1.1/24 Interface addresses of Switch_2: 1.1.1.2/24 and 4.1.1.2/24 Configuration 1. Configure Switch_1. Switch_1(config)#router ospf Switch_1(config-ospf-1)#router-id 1.1.1.1 Switch_1(config-ospf-1)#network 1.1.1.0 255.255.255.0 area 0 Switch_1(config-ospf-1)#network 3.1.1.0 255.255.255.0 area 1 Switch_1(config)# 2. Configure Switch_2. Switch_2(config)#router ospf Switch_2(config-ospf-1)#router-id 1.1.1.2 Switch_2(config-ospf-1)#network 1.1.1.0 255.255.255.0 area 0 Switch_2(config-ospf-1)#network 4.1.1.0 255.255.255.0 area 2 Switch_2(config)#...
Page 362: Configuring Policy Routes
7.8 Configuring Policy Routes 7.8.1 Policy Route Overview Policy Route Protocol Overview Traditionally, ordinary packets are forwarded by querying the forwarding table based on the destination address of packets. When it is necessary to forward packets by source IP address, packet length, or other packet attributes, a new routing mechanism is required, that is, the policy route.
Page 363: Configuring The Policy Route Function
7.8.2 Configuring the Policy Route Function Purpose This section describes how to configure the policy route function. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Create or modify a 1. Run the configure command to access the global configuration policy route and a view.
Page 364 Purpose Procedure Configure the next 1. Run the configure command to access the global configuration hop IP address view. configured for a 2. Run the policy-based-route name { permit | deny } node node- packet to which a id command to create or modify a policy-based route and a node, and policy route is applied access the policy route configuration view.
Page 365: Maintenance And Debugging
Purpose Procedure Delete a policy 1. Run the configure command to access the global configuration route applied to an view. interface 2. Run the corresponding command to access the interface configuration view (Trunk or Ethernet). 3. Run the no ip policy-based-route policyname command. 7.8.3 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the policy route function fails to...
Page 366: Configuration Example
7.8.4 Configuration Example 7.8.4.1 Configuring an ACL-based Policy Route Network Requirements As shown in Figure 7-47, define a policy route aaa. All IP packets received by 10GE1/1/2 are sent through 10GE1/1/3 to the next hop 1.1.2.2. Other packets are still forwarded according to the routing table.
Page 367: Configuring Hwroute
Configuration 1. Configure an ACL and match IP packets based on ACL filter 1. Switch(config)#filter-list 1001 Switch(configure-filter-ipv4-1001)#filter 1 ip any any Switch(configure-filter-ipv4-1001)#filter 1 action permit 2. Define the policy rule and action. Switch (config) policy-based-route aaa permit node 5 Switch (config -policy-based-route-aaa-5) if-match acl 1001 Switch (config -policy-based-route-aaa-5) apply ip-address next-hop 1.1.2.2 Switch (config -policy-based-route-aaa-5) quit 3.
Page 368 Purpose Procedure  no debug hwroute { arp | route | tunnel | ilm | l2vpn | evpn | l3vpn | rtm | all } View an IPv4 1. Run the disable command to return to the common user view. routing entry 2.
Page 369: Chapter 8 Configuring Qos
Chapter 8 Configuring QoS This chapter describes the basic content, configuration procedure, and configuration examples of the QoS function of the Switch. 8.1 Configuring DiffServ 8.1.1 DiffServ Overview In traditional IP networks, each router makes its best effort to send all packets in the principle of first-in- first-out (FIFO) to the destination address, but does not ensure the packet transmission reliability, transmission delay, and other performance.
Page 370: Configuring Diffserv
Switch allows users to perform simple traffic classification on packets based on the mapping between packet priority defined in the DiffServ domain and PHB. For packets from upstream devices, the DiffServ domain is bound to the inbound interface of the packets, and map the priority information carried in the packets to the corresponding PHB and color in the DiffServ domain.
Page 371: Creating A Diffserv Domain And Configuring Priority Mapping
8.1.2.2 Creating a DiffServ Domain and Configuring Priority Mapping Purpose This section describes how to create a DiffServ domain and configure priority mapping. A DiffServ domain consists of a group of connected DiffServ nodes, which adopt the same service providing strategy and implement the same set of PHB groups.
Page 372: Configuring Priority Of Packets Trusted By A Port
Purpose Procedure an IP packet to 3. Run the command ip-dscp-inbound dscp-priority default phb { be | PHB and mark the af1 | af2 | af3 | af4 | ef | cs6 | cs7 } { green | yellow | red }. packet color At the outbound 1.
Page 373: Applying A Diffserv Domain
Purpose Procedure Configure 1. Access the global configuration view. priority of packets 2. Access the interface configuration view (Ethernet or Trunk) or trusted by a port interface group configuration view. 3. Run the trust { 8021p | diffserv | dscp | none } { inner | outer } command.
Page 374: Checking The Configuration Result
8.1.2.5 Checking the Configuration Result Purpose This section describes how to check the configuration result. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Check the 1. Access the common user view, privileged user view, global configuration configuration view, DiffServ configuration view, interface configuration view result...
Page 375: Network Diagram
Network Diagram Figure 8-1 DiffServ configuration network diagram Configuration Suggestion Configure priority mapping based on simple flow classification as follows Create VLANs and interfaces so that the enterprise user and residential user can access the network through Switch. Create a DiffServ domain and map the 802.1p priority to the PHB and color. Configure the trusted packet priority at inbound interfaces 10GE1/0/1 and 10GE1/0/2 of Switch.
Page 376 Configuration 1. Create VLANs and interfaces. 2. Create DiffServ domains. On Switch, configure DiffServ domains ds1 and ds2, and map the 802.1p priority of the enterprise user and residential user to the service level. Switch(config)#diffserv domain ds1 Switch(config-dsdomain-ds1)#8021p-inbound 0 phb af4 green Switch(config-dsdomain-ds1)#quit Switch(config)#diffserv domain ds2 Switch(config-dsdomain-ds2)#8021p-inbound 0 phb af2 green...
Page 377 802.1p Priority Color green green green green green By default, the mappings between PHBs, colors, and 802.1p priorities of egress VLAN packets in a DiffServ domain are as follows. Color 802.1p Priority green yellow green yellow green yellow green yellow green yellow green...
Page 378 By default, the mappings between DSCP priorities, PHBs, and colors of ingress IP packets in a DiffServ domain are as follows. DSCP Color DSCP Color green green green green green green green green green yellow green green green green green green green green...
Page 379 By default, the mappings between PHBs, colors, and DSCP priorities of egress IP packets in a DiffServ domain are as follows. Color DSCP green yellow green yellow green yellow green yellow green yellow green yellow green yellow green yellow...
Page 380: Configuring Traffic Policing And Traffic Shaping
8.2 Configuring Traffic Policing and Traffic Shaping Purpose Traffic-based traffic policing enables a switch to limit the rate of traffic in compliance with the traffic classification rules. By policing the traffic rate, the switch discards traffic beyond the rate limiting, so that traffic entering the switch is limited within a reasonable range, thereby protecting network resources and carrier's interests.
Page 381 Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Bind a meter 1. Access the global configuration view. 2. Access the filter configuration view. 3. Run the filter rule-number meter meter-number command. Unbind a filter from 1.
Page 382: Configuring Queue Scheduling And Congestion Control
8.3 Configuring Queue Scheduling and Congestion Control 8.3.1 Introduction to Queue Scheduling and Congestion Control Impact of Congestion Congestion is a type of additional delay caused by decreased forwarding rate due to insufficient resources. The bottleneck of link bandwidth causes congestion, which results from the shortage of resources that are used for data forwarding and processing (such as allocable processor time, buffer, and memory resource).
Page 383: Configuring Queue Scheduling And Congestion Control
8.3.2 Configuring Queue Scheduling and Congestion Control Purpose This section describes how to configure queue scheduling and congestion control. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure the 1.
Page 384 Purpose Procedure Delete a 1. Access the global configuration view. designated WRED 2. Run the no drop-profile drop-profile-name command. drop profile Enable the COS 1. Access the global configuration view. ECN function 2. Access the interface configuration view (Ethernet) or interface group configuration view.
Page 385: Maintenance And Debugging
8.3.3 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the queue scheduling and congestion control functions fail to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 386: Configuration Example
8.3.4 Configuration Example 8.3.4.1 Example of Configuring SP Scheduling Network Requirements After traffic is transmitted from interfaces 10GE1/0/1, 10GE1/0/2, and 10GE1/0/3 from Site 1 to Site 2, congestion occurs on interface 10GE1/0/1. It is required to apply the SP scheduling algorithm. Network Diagram Figure8-2 Network diagram of port queue priority scheduling Configuration...
Page 387 # Configure interface 10GE1/0/3. S1#configure S1(config)#interface 10gigaethernet 1/0/3 S1(config-10ge1/0/3)#priority 3 S1(config-10ge1/0/3#quit Exit the configuration of interface 10GE1/0/3. 2. Configure Site 2. # Configure an ACL rule. S2#configure S2(config)#filter-list 1001 S2(configure-filter-ipv4-1001)#filter 1 ip 10.164.1.0/24 10.164.9.9/32 S2(config-filter1)#filter 1 action cos 7 # Configure interface 10GE1/0/1. S2#configure S2(config)#interface 10ge 1/0/1 S2(config-10ge1/0/1)#cos schedule sp...
Page 388: Chapter 9 Configuring Multicast Service
Chapter 9 Configuring Multicast Service This chapter describes how to configure the multicast service of the Switch. 9.1 Configuring IGMP Snooping 9.1.1 Overview of IGMP Snooping Basic Principle of IGMP Snooping IGMP snooping is the abbreviation of Internet Group Management Protocol snooping. It is the multicast restriction mechanism running on L2 devices.
Page 389 Static L2 multicast has the following features: Configure interfaces to join a multicast group statically to avoid protocol packet attack. Use the mechanism of directly searching the multicast packet forwarding table to reduce network delay. Prevent unregistered users from receiving multicast packets and provide paid services. ...
Page 390: Configuring Static L2 Multicast
9.1.2 Configuring Static L2 Multicast Background In Metro Ethernet, when a user host has the long-term requirement for receiving multicast data flows from a multicast group, an interface can be configured to join the multicast group in a static way. Purpose After configuring this function, users can receive registered multicast data flows stably and timely for a long time.
Page 391: Configuring Multicast Vlan Copy
Purpose Procedure Create the 1. Access the global configuration view. multicast group pre- 2. Run the igmp-snooping group-address group-address mvlan join function vlan-id command. 9.1.3 Configuring Multicast VLAN Copy Background The multicast VLAN copy function can be used to manage and control the multicast source and multicast group members, enable users in different VLANs to receive the same multicast stream, and reduce waste of bandwidth.
Page 392: Configuring Igmp Snooping
Purpose Procedure forwarding mode for a multicast VLAN Enable the 1. Access the global configuration view. multicast copy 2. Access the multicast VLAN configuration view. function for a 3. Run the igmp-snooping multicast-vlan enable command. multicast VLAN Configure an 1. Access the global configuration view. uplink interface for 2.
Page 393 Purpose Procedure Enable IGMP 1. Access the global configuration view. snooping globally 2. Run the igmp-snooping start command. Create a multicast 1. Access the global configuration view. VLAN 2. Run the vlan vlan-list command to create a VLAN for which IGMP snooping needs to be enabled.
Page 394 Purpose Procedure 2. Run the igmp-snooping query-interval { query-interval | default } command to configure the query packet sending interval for the querier. (The parameter is shared among multicast VLANs.) 3. Run the igmp-snooping robust-count { robust-count | default } command to configure the IGMP robust count for the querier.
Page 395 Purpose Procedure when the STP 3. Run the igmp-snooping fast-switch { enable | disable } snooping changes command. Enable or disable 1. Access the global configuration view. sending the general 2. Access the multicast VLAN configuration view. query function when 3.
Page 396 Purpose Procedure multicast on an 3. Run the igmp-snooping ctrlmode { enable | disable } command. interface Configure the 1. Access the global configuration view. global aging time for 2. Run the igmp-snooping router-aging-time { router-aging-time | router interfaces default } command. Configure static 1.
Page 397: Maintenance And Debugging
9.1.5 Maintenance and Debugging Purpose This section describes how to check or locate the fault when the IGMP snooping function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View the IGMP...
Page 398 Purpose Procedure  show igmp-snooping egress-port interface { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number View the multicast 1. Access the common user view, privileged user view, global group table entry configuration view, interface configuration view (Ethernet or Trunk), information of IGMP MVLAN configuration view, interface group configuration view, or batch snooping...
Page 399: Configuration Example
9.1.6 Configuration Example 9.1.6.1 Example of Configuring Static L2 Multicast Network Requirements Switch interface 10GE1/0/1 connects to the router at the multicast source side. Interface 10GE1/0/2 connects to the user host. It is required that, by configuring the static L2 multicast function, all hosts in VLAN 100 receive the multicast data with group address 225.1.1.1 for a long time, as shown in Figure 9-1.
Page 400 Switch(config-10ge1/0/2)#quit Switch(config)# igmp-snooping mvlan 100 Switch(config-igmpsnoop-mvlan100)#quit Switch(config)# 3. Enable IGMP snooping for the interface. Switch(config)#interface 10gigaethernet 1/0/1 Switch(config-10ge1/0/1)#igmp-snooping enable Switch(config-10ge1/0/1)#quit Switch(config)#interface 10gigaethernet 1/0/2 Switch(config-10ge1/0/2)#igmp-snooping enable Switch(config-10ge1/0/2)#quit Switch(config)# 4. Configure GE1/0/1 as a static router interface. Switch(config)#igmp-snooping mvlan 100 Switch(config-igmpsnoop-mvlan100)#igmp-snooping uplink-port gigaethernet 1/0/1 Switch(config-igmpsnoop-mvlan100)#quit Switch(config)# 5.
Page 401: Example Of Configuring Igmp Snooping
9.1.6.2 Example of Configuring IGMP Snooping Network Requirements Switch interface 10GE1/0/1 connects to the router at the multicast source side. Interface 10GE1/0/2 connects to the user host. It is required that, by configuring the IGMP snooping function, all the three hosts in VLAN 100 receive the multicast data with group addresses 225.1.1.1 and 225.1.1.2 for a long time, as shown in Figure 9-2.
Page 402 2. Create a VLAN and the corresponding multicast VLAN. Add the interface to the VLAN. Switch(config)#vlan 100 Switch(vlan-100)#quit Switch(config)#interface 10gigaethernet 1/0/1 Switch(config-10ge1/0/1)#port hybrid vlan 100 tagged Switch(config-10ge1/0/1)#quit Switch(config)#interface 10gigaethernet 1/0/2 Switch(config-10ge1/0/2)#port hybrid vlan 100 tagged Switch(config-10ge1/0/2)#quit Switch(config)# igmp-snooping mvlan 100 Switch(config-igmpsnoop-mvlan100)#quit Switch(config)# 3.
Page 403: Example Of Configuring Multicast Vlan Copy
Switch#show igmp-snooping egress-port Total Entry(s) : 2 Group Address : 225.1.1.1 MVlan : 100 Source Address : * Interface : xge-1/0/2 Type : static Expires : --- OutVlan : V3 Mode : invalid Group Address : 225.1.1.2 MVlan : 100 Source Address : * Interface : xge-1/0/2 Type : static...
Page 404 Figure 9-3 Multicast copy topology Configuration 1. Enable the IGMP snooping protocol globally. Switch#configure Switch(config)#igmp-snooping start Switch(config)# 2. Create a VLAN and the corresponding multicast VLAN. Add the interface to the VLAN. Switch(config)#vlan 2,3,100 Switch(config)#interface 10gigaethernet 1/0/1 Switch(config-10ge1/0/1)#port hybrid vlan 100 tagged Switch(config-10ge1/0/1)#quit Switch(config)#interface 10gigaethernet 1/0/2 Switch(config-10ge1/0/2)#port hybrid vlan 2 tagged...
Page 405 3. Enable IGMP snooping for the interface. Switch(config)#interface 10gigaethernet 1/0/1 Switch(config-10ge1/0/1)#igmp-snooping enable Switch(config-10ge1/0/1)#quit Switch(config)#interface 10gigaethernet 1/0/2 Switch(config-10ge1/0/2)#igmp-snooping enable Switch(config-10ge1/0/2)#quit Switch(config)#interface 10gigaethernet 1/0/3 Switch(config-10ge1/0/3)#igmp-snooping enable Switch(config-10ge1/0/3)#quit Switch(config)# 4. Enable the multicast copy function for the multicast VLAN and configure user VLANs. Switch(config)#igmp-snooping mvlan 100 Switch(config-igmpsnoop-mvlan100)#igmp-snooping forwarding-mode ip Switch(config-igmpsnoop-mvlan100)#igmp-snooping multicast-vlan enable...
Page 406 Switch#show igmp-snooping egress-port Total Entry(s) : 6 Group Address : 225.0.0.1 MVlan : 100 Source Address : * Interface : xge-1/0/2 Type : static Expires : --- OutVlan : V3 Mode : invalid Group Address : 225.0.0.1 MVlan : 100 Source Address : * Interface : xge-1/0/3 Type : static...
Page 407 Expires : --- OutVlan : V3 Mode : invalid Group Address : 225.0.0.3 MVlan : 100 Source Address : * Interface : xge-1/0/3 Type : static Expires : --- OutVlan : V3 Mode : invalid...
Page 408: Configuring Igmp
9.2 Configuring IGMP 9.2.1 Introduction to IGMP IGMP Overview Internet Group Management Protocol (version 3) (IGMP) is used by IPv4 routers to discover multicast members on their directly connected network segments. Multicast members are host nodes that want to receive multicast data. Through the IGMP protocol, routers can know whether there are members of IPv4 multicast group on their directly connected network segment, and establish and maintain the membership of multicast group.
Page 409: Igmp Working Principle
Received IGMP packets not carrying this option will be dropped. You can configure whether the Router-Alert option must be included in the header of received or sent IGMP packets as needed.  IGMP query controller You can set performance parameters such as sending interval and robust count of General Query packets as needed.
Page 410: Joining An Ipv4 Multicast Group
9.2.2.2 Joining an IPv4 Multicast Group Figure 9-4 IGMP query response As shown in Figure 9-4, assume that Host 1 and Host 3 want to receive IPv4 multicast data sent to IPv4 multicast group G1, and Host 1 wants to receive IPv4 multicast data sent to IPv4 multicast group G2. The process for the host to join IPv4 multicast group and for the IGMP querier (Router B) to maintain IPv4 multicast group membership is as follows.
Page 411: Leaving An Ipv4 Multicast Group
(4) However, because Host 1 is concerned about G2, it will still send a report packet to G2 by multicast to announce that it belongs to G2. (5) After the above query and response process, IGMP routers know that there are members of G1 and G2 in the local network segment, so the IPv4 multicast routing protocol (such as IPv4 PIM) generates (*, G1) and (*, G2) multicast forwarding items as the forwarding basis of IPv4 multicast data, where "*"...
Page 412: Filtering Multicast Sources
9.2.2.4 Filtering Multicast Sources Figure 9-5 IPv4 multicast stream path of specific source group IGMPv1 runs between hosts and routers When Host 2 joins IPv4 multicast group G, it cannot select an IPv4 multicast source, so whether Host 2 needs the information or not, IPv4 multicast information from Source 1 and Source 2 will be delivered to Host B.
Page 413: Multicast Group State
(2) As shown in Figure 9-5, there are two IPv4 multicast sources in the network: Source 1 (S1) and Source 2 (S2), both of which send IPv4 multicast packets to IPv4 multicast group G. Host 2 is only interested in the information sent from Source 1 to G, but not the information from Source 2.
Page 414 Purpose Procedure Enable IGMP globally 1. Access the global configuration view. 2. Run the igmp start command to enable IGMP globally. 3. Run the igmp or igmp vpn-instance vpn-instance-name command to enable IGMP for an instance. Enable IGMP on an 1.
Page 415: Configuring Igmp Performance Parameters
Purpose Procedure multicast source address 3. Run the no igmp static-group group-address source source- from an interface address command. Delete the created 1. Access the global configuration view. static IGMP multicast 2. Access the VLANIF configuration view. group and specified 3.
Page 416 Purpose Procedure Configure an IGMP [Configure an IGMP packet option globally] packet option 1. Access the global configuration view. 2. Access the IGMP configuration view. 3. Run the require-router-alert command to specify that IGMP packets received must contain the Router-Alert option in packet headers. Or run the send-router-alert command to specify that IGMP packets sent by devices carry the Router-Alert option in packet headers globally.
Page 417 5. Run the max-response-time { interval | default } command to configure the Maximum Response Delay for an IGMP query packet (this command is applicable only in the IGMP configuration view). 6. Run the timer other-querier-present { interval | default } command to configure the IGMP other querier present timer globally.
Page 418: Configuring The Igmp Limit Function
9.2.5 Configuring the IGMP Limit Function Background The IGMP Limit function is generally configured on the last hop switch that connects users. Prerequisite Before configuring IGMP Limit Function, you must configure reachable IP routes between nodes on the network and configure basic IGMP functions referring to the section 9.2.3. Purpose Configure IGMP Limit to limit the number of multicast groups that an interface can join.
Page 419: Maintenance And Debugging
9.2.6 Maintenance and Debugging Purpose This section describes how to check or locate the fault when the IGMP function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View the...
Page 420: Configuration Example
Purpose Procedure  show igmp interface vlan vlan-id  show igmp interface { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number show igmp interface { ethernet | xgigaethernet |  10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number.subinterface View all 1.
Page 421 Figure 9-6 IGMP configuration network diagram Configuration 1. Create VLAN 3 and configure its IP address. Enable GE1/0/2 and GE1/0/3 to join VLAN 3. Switch#configure Switch(config)#interface vlan 3 Switch(config-vlan-3)#ip address 1.1.1.2/24 Switch(config-vlan-3)#quit Switch(config)#interface 10gigaethernet 1/0/2 Switch(config-10ge1/0/2)#port hybrid vlan 3 untagged Switch(config-10ge1/0/2)#port hybrid pvid 3 Switch(config-10ge1/0/2)#no shutdown Switch(config-10ge1/0/2)#quit...
Page 422 Switch(config-vlan-3)#igmp enable Switch(config-vlan-3)#igmp version v3 Switch(config-vlan-3)#igmp static-group 226.1.1.1 egress-port gigaethernet 1/0/3 Switch(config-vlan-3)#quit Switch(config)# 3. Check the configuration result. # After Host 1 sends an IGMP join packet, run the following commands to view the information. Switch#show igmp config igmp start igmp VID:3 igmp enable...
Page 423: Configuring Mld Snooping
Switch#show igmp source all VID Group-Address Source-Address Expiry-Time Mode Ingress-Port Status 225.0.0.1 0.0.0.0 include unknown dynamic 226.1.1.1 0.0.0.0 include unknown static Switch#show igmp egress-port all Group-Address Source-Address Egress-Port Status 225.0.0.1 0.0.0.0 ge-1/0/2 dynamic 226.1.1.1 0.0.0.0 ge-1/0/3 static 9.3 Configuring MLD Snooping 9.3.1 Overview of MLD Snooping The MLD Snooping protocol has the following features: Static L2 multicast: Adding an interface to a multicast group statically can avoid...
Page 424: Configuring Mld Snooping
9.3.2 Configuring MLD Snooping Purpose By listening to the multicast protocol packets transmitted between routers and hosts, the MLD snooping can maintain the interface information of multicast packets, so as to manage and control the forwarding of multicast data packets and to realize L2 multicasting. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 425 Purpose Procedure Configure a forwarding 1. Run the configure command to access the global configuration mode for the multicast view. VLAN 2. Run the mld-snooping mvlan vlan-id command to access the To set to the IP mode, multicast VLAN configuration view. the VLAN of the multicast 3.
Page 426 Purpose Procedure 2. Run the mld-snooping mvlan vlan-id command to access the multicast VLAN configuration view. 3. Run the mld-snooping report-suppress { enable | disable } command. Enable or disable a 1. Run the configure command to access the global configuration querier for a multicast view.
Page 427 Purpose Procedure Enable or disable the 1. Run the configure command to access the global configuration fast switchover function view. when the STP topology 2. Run the mld-snooping mvlan vlan-id command to access the changes multicast VLAN configuration view. 3. Run the mld-snooping fast-switch { enable | disable } command.
Page 428: Maintenance And Debugging
9.3.3 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the MLD snooping function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable MLD 1.
Page 429: Configuration Example
Purpose Procedure multicast VLAN interface vlan vlan-id command to access the VLANIF configuration table view, or remain in the current privileged user view. 2. Run the show mld-snooping mvlan command. Display the 1. Run the disable command to return to the common user view, run information about a the configure command to access the global configuration view, run the multicast source...
Page 430 Figure 9-7 Network diagram of MLD snooping configuration Configuration 1. Enable the MLD snooping protocol globally. Switch#configure Switch(config)# mld-snooping start; Switch(config)# 2. Create a VLAN and the corresponding multicast VLAN. Add the interface to the VLAN. Switch(config)#vlan 100 Switch(vlan-100)#quit Switch(config)#interface xge1/0/1 Switch(config-10ge1/0/1)#port hybrid vlan 100 tagged Switch(config-10ge1/0/1)#quit Switch(config)#interface xge1/0/2...
Page 431 Switch(config-mldsnoop-mvlan100)#quit Switch(config)# 3. Enable the MLD snooping protocol on the interface. Switch(config)#interface xge1/0/1 Switch(config-10ge1/0/1)#mld-snooping enable Switch(config-10ge1/0/1)#quit Switch(config)#interface xge1/0/2 Switch(config-10ge1/0/2)#mld-snooping enable Switch(config-10ge1/0/2)#quit Switch(config)# 4. Configure GE1/0/1 as a static router interface. Switch(config)#mld-snooping mvlan 100 Switch(config-mldsnoop-mvlan100)#mld-snooping uplink-port xge1/0/1 Switch(config-mldsnoop-mvlan100)#quit Switch(config)# 5. Configure the static multicast group Switch(config)#interface xge1/0/2 Switch(config-10ge1/0/2)#mld-snooping static-group group-address FF1E::1 mvlan 100 Switch(config-10ge1/0/2)#mld-snooping static-group group-address FF1E::2 mvlan 100...
Page 432: Configuring Static L2 Multicast
Group Address : ff1e::1 MVlan : 100 Source Address : * Interface : xge-1/0/2 Type : static Expires : --- OutVlan : 100 V2 Mode : invalid Group Address : ff1e::2 MVlan : 100 Source Address : * Interface : xge-1/0/2 Type : static Expires : --- OutVlan : 100...
Page 433 Figure 9-8 Network diagram of static L2 multicast Configuration 1. Enable the MLD snooping protocol globally. Switch#configure Switch(config)# mld-snooping start; Switch(config)# 2. Create a VLAN and the corresponding multicast VLAN. Add the interface to the VLAN. Switch(config)#vlan 100 Switch(vlan-100)#quit Switch(config)#interface xge1/0/1 Switch(config-10ge1/0/1)#port hybrid vlan 100 tagged Switch(config-10ge1/0/1)#quit Switch(config)#interface xge1/0/2...
Page 434 3. Enable the MLD snooping protocol on the interface. Switch(config)#interface xge1/0/1 Switch(config-10ge1/0/1)#mld-snooping enable Switch(config-10ge1/0/1)#quit Switch(config)#interface xge1/0/2 Switch(config-10ge1/0/2)#mld-snooping enable Switch(config-10ge1/0/2)#quit Switch(config)# 4. Configure GE1/0/1 as a static router interface. Switch(config)#mld-snooping mvlan 100 Switch(config-mldsnoop-mvlan100)#mld-snooping uplink-port xge1/0/1 Switch(config-mldsnoop-mvlan100)#quit Switch(config)# 5. Configure the static multicast group Switch(config)#interface xge1/0/2 Switch(config-10ge1/0/2)#mld-snooping static-group group-address FF1E::1 mvlan 100 Switch(config-10ge1/0/2)#quit...
Page 435: Configuring Multicast Vlan Copy
9.3.4.3 Configuring Multicast VLAN Copy Network Requirements As shown in Figure 9-9, the switch interface GE1/0/1 is connected to the router on the multicast source side and belongs to VLAN 100. The interfaces GE1/0/2 and GE1/0/3 are connected to the user host, and belong to VLAN 2 and VLAN 3 respectively.
Page 436 Configuration 1. Enable the MLD snooping protocol globally. Switch#configure Switch(config)# mld-snooping start; Switch(config)# 2. Create a VLAN and the corresponding multicast VLAN. Add the interface to the VLAN. Switch(config)#vlan 2,3,100 Switch(config)#interface xge1/0/1 Switch(config-10ge1/0/1)#port hybrid vlan 100 tagged Switch(config-10ge1/0/1)#quit Switch(config)#interface xge1/0/2 Switch(config-10ge1/0/2)#port hybrid vlan 2 tagged Switch(config-10ge1/0/2)#quit Switch(config)#interface xgigaethernet 1/0/3...
Page 437 4.Enable the multicast copy function for the multicast VLAN and configure user VLANs. Switch(config)#mld-snooping mvlan 100 Switch(config-mldsnoop-mvlan100)#mld-snooping forwarding-mode ip Switch(config-mldsnoop-mvlan100)#mld-snooping multicast-vlan enable Switch(config-mldsnoop-mvlan100)#mld-snooping multicast user-vlan 2,3 Switch(config-mldsnoop-mvlan100)#quit Switch(config)# 5. Configure GE1/0/1 as a static router interface. Switch(config)#mld-snooping mvlan 100 Switch(config-mldsnoop-mvlan100)#mld-snooping uplink-port xge1/0/1 Switch(config-mldsnoop-mvlan100)#quit Switch(config)# 6.
Page 438 Switch#show mld-snooping egress-port Total Entry(s) : 6 Group Address : ff1e::1 MVlan : 100 Source Address : * Interface : ge-1/0/2 Type : static Expires : --- OutVlan : 100 V2 Mode : invalid Group Address : ff1e::1 MVlan : 100 Source Address : * Interface : ge-1/0/3 Type : static...
Page 439 Group Address : ff1e::3 MVlan : 100 Source Address : * Interface : ge-1/0/2 Type : static Expires : --- OutVlan : 100 V2 Mode : invalid Group Address : ff1e::3 MVlan : 100 Source Address : * Interface : ge-1/0/3 Type : static Expires : --- OutVlan : 100...
Page 440: Chapter 10 Configuring Security Function
Chapter 10 Configuring Security Function This chapter describes the basic content, configuration procedure, and configuration examples of the security function of the Switch. 10.1 Configuring Time-range 10.1.1 Overview of Time-range Background Time-range is a timing module used to limit the effective time range of commands. It can be used with ACL and other functions.
Page 441: Configuring The Start Time Range Of A Time-Range Module
10.1.3 Configuring the Start Time Range of a Time-range Module Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure the 1. Access the global configuration view. absolute start 2.
Page 442: Maintenance And Debugging
Purpose Procedure Configure the 1. Access the global configuration view. time range for a 2. Run the time-range list list-number command to access a time-range time-range module module every 3. Run the time-range range-number everyweekend hh:mm:ss to weekend hh:mm:ss command to configure the weekend time range of the time-range module.
Page 443: Configuring Ip Address Prefix Filter
10.2 Configuring IP Address Prefix Filter 10.2.1 Overview of Address Prefix Filter Table An address prefix filter table provides a set of ordered filter rules based on routing address domains (IP address, address prefix length range, and application rule) to enable selective use of different paths to obtain IP routing entries.
Page 444: Maintenance And Debugging
Purpose Procedure segment address of prefix mask 2. Run the command ip prefix-list list-name [ index length index-number ] { deny | permit } ip-address/mask-length greater-equal min-range. Create a filter rule (with the route 1. Run the configure command to access the global address mask length smaller than or configuration view.
Page 445: Configuring Acl
Purpose Procedure View rules in a rule 1. Run the disable command to return to the common user view, table run the configure command to access the global configuration view, or remain in the current privileged user view. 2. Run the show ip prefix-list [ list-name ] command. View information of 1.
Page 446: Configuring An L2 Acl
ACLs Supported by Switch Switch supports the following types of ACLs:  L2 ACL: Classifies data packets mainly based on the source MAC address, destination MAC address, VLAN, priority, protocol type, rate limiting template, and time range template.  L3 ACL: Performs more refined classification of data packets based on the source IP address, destination IP address, source port number, destination port number, protocol type, priority, fragmentation, TTL, rate limiting template, and time range template.
Page 447 Purpose Procedure  filter rule-number mac { src-mac-address/M | any } { dst-mac- address/M | any }  filter rule-number mac { src-mac-address/M | any } { dst-mac- address/M | any } { customer | provider } (any | vlan-id | vlan-id1/vlan- id2 } { any | priority } ...
Page 448 Purpose Procedure  filter rule-number action redirect { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number  filter rule-number action redirect eth-trunk trunk-number filter rule-number action { insert-inner-vid | insert-outer-  vid } vlan-id  filter rule-number action replace-inner-vid vlan-id filter rule-number action replace-outer-vid vlan-id ...
Page 449: Configuring An L3 Acl
10.3.3 Configuring an L3 ACL Background An ACL is a series of lists composed of rules and actions. Before configuring an L3 ACL rule, you need to create an L3 ACL and specify the ACL type number in the range 1001 to 2000. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 450 Purpose Procedure  filter rule-number ip { src-ip-address/M | any} { dst-ip- address/M | any } fragment  filter rule-number src-ip { src-ip-address | any } src-mask { src-ip-mask | any} dst-ip { dst-ip-address | any } dst-mask { dst-ip- mask | any } fragment ...
Page 451 Purpose Procedure { dst-port-number | any | destination-port-number-range } { syn | synack | ack | fin }  filter rule-number tcp { src-ip-address/M | any } { src-port- number | any | source-port-number-range } { dst-ip-address/M | any } { dst-port-number | any | destination-port-number-range } { syn | synack | ack | fin } fragment ...
Page 452 Purpose Procedure  filter rule-number igmp { src-ip-address/M | any } { dst-ip- address/M | any }  filter rule-number igmp src-ip { src-ip-address/M | any } src- mask { src-ip-mask | any } dst-ip { src-ip-mask | any } dst-mask { dst- ip-mask | any } ...
Page 453: Configuring A Mixed Acl
Purpose Procedure  filter rule-number action replace-inner-vid vlan-id  filter rule-number action replace-outer-vid vlan-id  filter rule-number action remove-inner-vid vlan-id  filter rule-number action remove-outer-vid vlan-id filter rule-number action { outer-tag-priority | inner-tag-  priority } Priority-value  filter rule-number action { cos | precedence } priority-value filter rule-number action dscp dscp ...
Page 454 Purpose Procedure Create a 1. Access the global configuration view. mixed ACL 2. Run the filter-list acl-number [ name filter-name ] command to create a mixed ACL and access mixed ACL configuration view. Configure a 1. Access the global configuration view. mixed ACL rule 2.
Page 455: Configuring An L3 Acl6
10.3.5 Configuring an L3 ACL6 Background An ACL is a series of lists composed of rules and actions. Before configuring ACL6 rules, create an L3 ACL6 and assign a number in the range of 3001-4000 to the ACL6. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Create an L3 ACL6...
Page 456 Purpose Procedure  filter rule-number tcp6 { src-ip6-address/M | any } { src- port-number | any | src-port-range } { dst-ip6-address/M | any } { dst-port-number | any | dst-port-range } { syn | synack | ack | fin } filter rule-number tcp6 { src-ip6-address/M | any } { src- ...
Page 457: Configuring Acl Optional Functions
Purpose Procedure  filter filter-rule-number action mirror group group- number  filter rule-number action redirect { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number  filter rule-number action redirect eth-trunk trunk- number filter rule-number action { insert-inner-vid | insert- ...
Page 458  Creating an ACL rate limiting template After an ACL rate limiting template is created and bound to an ACL rule, data packets are filtered according to different rate limiting rules.  Creating an ACL counter template After an ACL counter template is created and bound to an ACL rule, statistics are collected on data packets according to different types of counting.
Page 459 Purpose Procedure 8. Run the time-range range-number everyweekday hh:mm:ss to hh:mm:ss command to configure the workday time range (weekdays except the weekends) of the time-range module. 9. Run the time-range range-number everyweekend hh:mm:ss to hh:mm:ss command to configure the weekend time range of the time-range module.
Page 460: View And Debugging
Purpose Procedure 2. Run the command counter counter-number { packet | byte | all } sort { green | red | greenred | greenyellow | redyellow | total } to configure a counter template. 3. Access the ACL configuration view. 4.
Page 461 Purpose Procedure View the ACL 1. Access the common user view, privileged user view, global configuration configuration file view, filter configuration view, interface configuration view (Ethernet or information Trunk), VLANIF configuration view, interface group configuration view, or batch interface configuration view. 2.
Page 462: Configuration Example
10.3.8 Configuration Example 10.3.8.1 Example of Configuring an L2 ACL Network Requirements The switch Switch works as a gateway and connects to user PCs. It is required to configure an ACL to reject packets with source MAC address 0001-0203-0405 and destination MAC address 0102-0304- 0506, as shown in Figure 10-1.
Page 463: Example Of Configuring An L3 Acl
10.3.8.2 Example of Configuring an L3 ACL Network Requirements Different departments of the corporate network are interconnected via the switch. It is required to configure an IPv4 ACL to prevent the R&D department from accessing the salary query server (IP address: 10.164.9.9) during work time (08:30 to 17:30) and to allow the CEO office to access the salary query server at any time without restriction, as shown in Figure 10-2.
Page 464 Configuration 1. Configure the time-range. Switch#configure Switch(config)#time-range list 1 Switch(config-timerange1)#time-range 1 everyweekday 8:30:00 AM to 5:30:00 PM Switch(config-timerange1)#quit 2. Configure an ACL to allow the CEO office to access the salary query server. Switch(config)# filter-list 1001 Switch(configure-filter-ipv4-1001)#filter 1 ip 10.164.1.0/24 10.164.9.9/32 Switch(configure-filter-ipv4-1001)#filter 1 action permit Switch(configure-filter-ipv4-1001)#quit 3.
Page 465: Example Of Configuring A Mixed Acl
10.3.8.3 Example of Configuring a Mixed ACL Network Requirements The switch Switch works as a gateway and connects to user PCs. It is required to configure an ACL to send packets with source MAC addresses in the 00:01:02:00:00:00/24 network segment and source IP addresses in the 1:2:3:1/24 network segment to the CPU, as shown in Figure 10-3.
Page 466: Example Of Configuring A Rate Limiting Template
10.3.8.4 Example of Configuring a Rate Limiting Template Network Requirements The switch Switch works as a gateway and connects to user PCs. It is required to configure an ACL to limit the rate of packets with source MAC address 0001-0203-0405 received by interface GE1/0/2 of the switch Switch, and change the DSCP value of yellow packets to AF11, as shown in Figure 10-4.
Page 467: Example Of Configuring A Counter Template
10.3.8.5 Example of Configuring a Counter Template Network Requirements The switch Switch works as a gateway and connects to user PCs. It is required to configure an ACL to count the number of packets with source IP addresses in the 10.1.1.1/24 network segment that are received by interface GE1/0/2 of the switch Switch, as shown in Figure 10-5.
Page 468: Configuring Cpu Defense
10.4 Configuring CPU Defense 10.4.1 CPU Defense Overview This module implements CPU defense in following ways: 1. Whitelist A whitelist is a collection of legitimate users or high-priority users. You can define an ACL to configure a whitelist and packets matching the characteristics of the whitelist will be processed first. This can actively protect existing services and protect high-priority user services.
Page 469: Configuring Cpu Defense
10.4.2 Configuring CPU Defense Purpose The application scenario of anti-attack policies varies with the product. For integrated devices, the anti- attack policies can only be applied globally. For distributed devices, the anti-attack policies and applied globally or applied on slots. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 470: Maintenance And Debugging
Purpose Procedure 2. Run the no car packet-type { telnet | ftp | snmp | bpdutunnel | fib6hit | fibhit | icmp | ssh | tcp | total } command. Configure the 1. Run the corresponding command to access the global description of a CPU configuration view, VLANIF configuration view, interface configuration defense policy...
Page 471: Configuring Anti-Attack
10.5 Configuring Anti-Attack 10.5.1 Configuring a Rate Threshold Purpose This section describes how to configure the rate threshold for various protocol types. iptoself refers to protocol packets of the switch and ipforward refers to forwarded packets. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure a...
Page 472 Purpose Procedure Configure the item 1. Run the corresponding command to access the interface of checking whether configuration view (Ethernet or Trunk) or interface group configuration ARP packets match view. the binding table 2. Run the following commands:  arp-antiattack check user-bind check-item { ip- address | mac-address | vlan } ...
Page 473: Configuring Arp Interface Anti-Attack Parameters
Purpose Procedure rate and committed 2. Run the antiattack dos-limit { fragment | tcp-syn | icmp-flood } information rate of car cir { value | default } command. DoS anti-attack limit to the specified packet 10.5.3 Configuring ARP Interface Anti-attack Parameters Purpose This section describes how to configure ARP interface anti-attack parameters.
Page 474: Anti-Attack Module Debugging
Purpose Procedure Configure the 1. Run the corresponding command to access the interface maximum number of configuration view (Ethernet or Trunk) or interface group configuration ARP mapping entries view. that an interface can 2. Run the arp-limit vlan vlan-id maxnum maxnum command. learn Cancel the upper 1.
Page 475: Viewing The Arp Anti-Attack Configuration
Purpose Procedure Disable DoS anti-attack 1. Access the privileged user view. debugging 2. Run the no debug dos-antiattack { all | config | dev | info } command. Reset the DoS anti- 1. Access the common user view. attack limit statistics 2.
Page 476: Configuring Ip Source Guard
Purpose Procedure 2. Run the show arp-antiattack config command. Display the 1. Run the corresponding command to access the common user view, check items for privileged user view, global configuration view, interface configuration ARP packet check view, VLANIF configuration view (Ethernet or Trunk interface), or interface against the binding group configuration view.
Page 477: Basic Concepts
Dynamic modification of IP addresses. A type of attack program is developed for IP address spoofing by bypassing upper-layer network software and dynamically modifying its IP address (or IP-MAC address pair) when receiving/sending packets. IP source guard (IPSG) is an L2 interface feature that provides a checking mechanism to ensure that the packet received by an interface can also be received by all other interfaces.
Page 478: Functions
IP Source Binding Table The IP source binding table can be configured manually on the switch in static mode, or can be learned automatically by the switch via the DHCP snooping binding table. Static configuration is simple and fixed with low flexibility. Therefore, you are advised to use IPSG in conjunction with DHCP snooping so that the IP source binding table can be generated from the DHCP snooping binding table.
Page 479: System Features
10.6.1.4 System Features IPSG has the following system features:  Filters IP traffic based on a set of conditions including the source IP address, port number, MAC address, and VLAN.  Works independently or in conjunction with DHCP snooping.  Takes precedence over DHCP snooping in terms of configuration.
Page 480: Configuring Check Items
10.6.3 Configuring Check Items Purpose This section describes how to view the IPSG check items. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Enable the IP packet 1.
Page 481: Configuring A Static Binding Entry
Purpose Procedure Enable or disable the 1. Access the global configuration view. IP packet checking alarm 2. Run the user-bind alarm untrust-user { enable | disable } function command. Configure an IP packet 1. Access the global configuration view. checking alarm threshold 2.
Page 482: Configuring Aaa/Radius
Purpose Procedure  no user-bind static interface { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet | eth-trunk } interface-number  no user-bind static ip ipv4-address  no user-bind static mac src-mac-address  no user-bind static vlan vlan-id 10.7 Configuring AAA/Radius 10.7.1 AAA Overview AAA is short for Authentication, Authorization and Accounting.
Page 483 Authentication Function AAA supports the following authentication modes: No authentication: Trusts users and skips the validity checking. This mode is generally  not used.  Local authentication: Configures user information (including the username, password, and attributes of local users) on the device. Local authentication is quick and lowers the operation cost, but information storage is limited by the hardware condition.
Page 484: Accessing The Aaa Configuration View
Authorization Function AAA supports the following authorization modes: Direct authorization: Trusts users and authorizes users directly. The user authority is  the default authority of the system.  Local authorization: Authorizes users according to the relevant attributes configured for the local user account on the device. ...
Page 485 Purpose Procedure Create an AAA 1. Access the global configuration view. authentication 2. Access the AAA configuration view. method 3. Run the following commands:  aaa authentication { dot1x | login | enable } method name server-group groupname  aaa authentication { dot1x | login | enable } method name server-group groupname { local | none } ...
Page 486: Configuring An Aaa Authorization Method
10.7.4 Configuring an AAA Authorization Method Purpose This section describes how to create an AAA authorization method. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Create an AAA 1.
Page 487: Configuring An Aaa Accounting Method
10.7.5 Configuring an AAA Accounting Method Purpose This section describes how to create an AAA accounting method. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Configure the remote 1.
Page 488: Creating And Deleting A Server Group
10.7.6 Creating and Deleting a Server Group Purpose This section describes how to create and delete a server group. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Create a server 1.
Page 489 Purpose Procedure Create a RADIUS 1. Access the global configuration view. server based on 2. Access the AAA configuration view. IPv4 addresses 3. Run the command radius-server name ip-address ipv4-address key key auth-port { auth-port | default } acc-port { acc-port | default }. Configure the 1.
Page 490: Configuring A Tacacs Server
10.7.8 Configuring a TACACS Server Purpose This section describes how to configure a TACACS server. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Create a TACACS 1.
Page 491: Configuring An Aaa Terminal
a request packet sent 3. Run the following commands: to a TACACS server  tacacs-server name src-ip ip-address  no tacacs-server name src-ip Delete a TACACS 1. Access the global configuration view. server 2. Access the AAA configuration view. 3. Run the no tacacs-server name command. 10.7.9 Configuring an AAA Terminal Purpose This section describes how to configure an AAA terminal.
Page 492: Displaying The Aaa Configuration
Purpose Procedure check at a specified privilege level Configure 1. Access the global configuration view. authorization for 2. Access the line configuration view. commands in the global 3. Run the command authorization config-command command. configuration view Configure a 1. Access the line configuration view. password of the local 2.
Page 493: Debugging Aaa
Purpose Procedure Display the AAA 1. Access the privileged user view, global configuration view, or AAA method configuration view. information 2. Run the following commands:  show aaa method  show aaa method name Display the AAA 1. Access the common user view, privileged user view, global server name configuration view, or AAA configuration view.
Page 494: Configuration Example
Purpos Procedure Enable or 1. Access the privileged user view. disable AAA 2. Run the following commands: debugging  debug aaa { auth | author | acct | sys | method | server | session | radius | tacacs | all } ...
Page 495: Dot1X Aaa Tacacs Authentication
10.7.12.2 DOT1X AAA TACACS Authentication Network Diagram The network diagram of authentication based on DOT1x and AAA is shown below. User 1 and User 2 connect to Dot1x-enabled interfaces GE1/0/1 and GE1/0/2 of the switch. TACACS Server 1 connects to the devices through interface GE1/0/7 and the IP address is 10.18.11.190.
Page 496: Configuring
10.8 Configuring 802.1x 10.8.1 802.1x Overview Based on traditional Ethernet devices, the port-based network access control technology uses the IEEE 802.1x protocol to authenticate and authorize users based on Ethernet interface point-to-point connection. Therefore, Ethernet devices can meet the requirements of Telecom carriers, and play an important role in broadband MAN construction.
Page 497: Configuring 802.1X Authorization
10.8.2 Configuring 802.1x Authorization 10.8.2.1 Enabling or Disabling 802.1x Globally Purpose This section describes how to enable or disable the 802.1x protocol globally. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Enable 802.1x...
Page 498: Configuring 802.1X Parameters
10.8.2.3 Configuring 802.1x Parameters Purpose This section describes how to configure 802.1x parameter on an interface or globally. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure (Optional) Set the 1.
Page 499 Purpose Procedure Set an authentication 1. Access the interface configuration view (Ethernet) or interface method for 802.1x users group configuration view. 2. Run the dot1x authentication auth-method { eap | chap | pap } command. Set the timeout 1. Access the interface configuration view (Ethernet) or interface duration for the response group configuration view.
Page 500: Deleting 802.1X Users
Purpose Procedure Delete the configured 1. Access the interface configuration view (Ethernet) or interface guest VLAN from an group configuration view. interface 2. Run the no dot1x guest vlan command. Configure the VLAN 1. Access the interface configuration view (Ethernet or Trunk) or allocation mode used by interface group configuration view.
Page 501: Viewing The 802.1X Configuration
Purpose Procedure Delete all the 1. Access the global configuration view. 802.1x users or the 2. Run the following commands: local user accounts  no dot1x authentication user all  no dot1x interface { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number user all Unbind the default 1.
Page 502: Configuring Storm Suppression
Purpose Procedure 2. Run the command show dot1x statistic { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number. 10.9 Configuring Storm Suppression 10.9.1 Configuring Storm Suppression Logging/Trap Function Purpose Configure the storm suppression logging and trap function. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 503: Configuring A Storm Suppression Threshold And Percentage
10.9.2 Configuring a Storm Suppression Threshold and Percentage Purpose This section describes how to configure a storm suppression threshold and percentage. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure the 1. Run the configure command to access the global configuration maximum and view.
Page 504: Maintenance And Debugging
10.9.4 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the storm suppression function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure View the storm 1.
Page 505: Chapter 11 Configuring Reliability
Chapter 11 Configuring Reliability This chapter describes the basic content, configuration procedure, and configuration examples of the reliability management of the Switch. 11.1 Configuring MSTP 11.1.1 Overview of STP Origin of STP In the L2 switched network, a loop can cause proliferation and infinite loop of packets within the loop network, which results in broadcast storms, occupies all effective bandwidth, and makes the network unavailable.
Page 506: Overview Of Rstp
Disadvantage of STP With the development of network technology and further application, the disadvantage of STP has been exposed in applications. The defect of STP is mainly reflected in the convergence rate. When the topology changes, the new configuration message spreads across the network after a period of time.
Page 507: Overview Of Mstp
Disadvantages of RSTP RSTP is improved in many ways compared with STP and is backward compatible with STP. RSTP is applicable to hybrid networks. However, both RSTP and STP belong to Single Spanning Tree (SST). RSTP has disadvantages in the following three aspects: ...
Page 508 MSTP Algorithm Initial state Each port of each device generates a configuration message that makes it the root bridge at the initial time. The common root and domain root constitute its bridge ID. The external root path cost and internal root path cost are 0. The designated bridge ID is the local bridge ID.
Page 509 The following assumptions are made to facilitate subsequent description:  In initial condition, the information carried in the packet sent by the PB port of the bridge B includes the common root RB; the external root path cost ERCB; the domain root RRB;...
Page 510 (3) Root path priority vector The root path priority vector is calculated based on the port priority vector. If the port priority vector is from the bridge of a different domain, the external root path  cost of the root path priority is the sum of the port path cost and the external root path cost of the port priority vector.
Page 511  There are no common root and external root path cost in the MSTI priority vector. It is only composed of the domain root, internal root path cost, designated bridge ID, designated port ID, and the ID of the port receiving BPDU packets. ...
Page 512 The port priority vector of all ports of the device is the same as the message priority vector in the initial state. In the initial state, the port of every device is the designated port and sends the message priority vector announcing its role of the root bridge.
Page 513 BP2 determines the role of the port by comparing the designated priority vector with the port priority vector of the BP1 port and BP2 port. Because the designated priority vector of BP1 takes precedence over the port priority vector, the role of BP1 is the designated port and the BP1 port regularly sends the designated priority vector {A:0:A:10:B:BP1:BP2} that announces Switch_1 as the common root and domain root.
Page 514: Configuring A Switch To Join A Designated Mst Domain
Figure 11-2 Traffic forwarding path after calculation 11.1.4 Configuring a Switch to Join a Designated MST Domain Background Two switches belong to the same domain as long as the following configurations of them are the same:  MST domain name ...
Page 515 Purpose Procedure (You must 3. Run the stp config-name string command to set an STP domain configure the STP name. working mode of the 4. Run the stp instance instance-id vlan vlan-list command to switch to MSTP or configure the applied VLAN of the MSTI. default first) 5.
Page 516: Configuring Mstp Parameters
11.1.5 Configuring MSTP Parameters Background Before modifying MSTP parameters, perform the following tasks:  Configuring physical attributes of the port  Configuring the port to join the VLAN  Configuring the switch to join the designated MST domain Purpose This section describes how to change the values of MSTP parameters. In a specific network environment, you can change the values of MSTP parameters to achieve the optimal result.
Page 517 Purpose Procedure Enable or disable 1. Access the global configuration view. point-to-point 2. Access the interface configuration view (Ethernet or Trunk), management for an interface group configuration view, or batch interface configuration interface view. 3. Run the stp { enable | disable } command to enable STP. 4.
Page 518 Purpose Procedure Configure the current 1. Access the global configuration view. interface to perform the 2. Access the interface configuration view (Ethernet or Trunk) or mode check interface group configuration view. 3. Run the stp { enable | disable } command to enable STP. 4.
Page 519 Purpose Procedure entering cross-switch combined work mode Clear STP statistics 1. Run the configure command to access the global configuration view. 2. Access the interface configuration view (Ethernet or Trunk), interface group configuration view, or batch interface configuration view. 3. Run the stp { enable | disable } command to enable STP. 4.
Page 520: Configuring Mstp Protection
11.1.6 Configuring MSTP Protection Background  BPDU protection For access-layer devices, generally, the access port is directly connected to the user terminal (such as PC) or file server. At this time, you can set the access port as the edge port to achieve fast migration of these ports.
Page 521  TC protection After receiving TC-BPDU messages, the switch deletes MAC address entries and ARP entries. If somebody forges TC-BPDU packets to attack the switch maliciously, the switch receives a lot of TC- BPDU messages in a short time. Frequent deletion operations cause a great burden on the device and threaten network stability.
Page 522: Maintenance And Debugging
Purpose Procedure Enable or disable the 1. Access the global configuration view. STP loop protection 2. Access the interface configuration view (Ethernet or Trunk) or function for an interface interface group configuration view. 3. Run the stp loop-guard { enable | disable } command. Enable or disable 1.
Page 523 Purpose Procedure View the STP 1. Access the common user view. configuration file 2. Run the show stp config command. information of the switch View the STP 1. Access the common user view. information of the switch 2. Run the show stp information command. View the STP instance 1.
Page 524 Purpose Procedure  show stp process interface View statistics on the 1. Access the common user view. TC/TCN packets sent 2. Run the show stp tc-bpdu statistic command. and received on interfaces View topology change 1. Access the common user view. statistics 2.
Page 525: Configuration Example
11.1.8 Configuration Example Network Requirements Four switches support MSTP: Switch_1, S780E_2, Switch_3, and Switch_4. Configure the basic MSTP functions as shown in the following network diagram.  Set Switch_1 and Switch_3 in the same domain named Domain 1 and create Instance 1.
Page 526 Configuration 1. Configure Switch_1. # Add Switch_1 to Domain 1. Switch_1#configure %Enter configuration commands. End with Ctrl+Z or command "quit" & "end" Switch_1(config)#stp Switch_1(config-stp)#stp mode mstp Switch_1(config-stp)#stp config-name Domain1 Switch_1(config-stp)#stp instance 1 vlan 1-10 Switch_1(config-stp)#stp revision-level 1 # Configure Switch_1 priority to 0 in Instance 0 to ensure that Switch_1 is the CIST common root. Switch_1(config-stp)#stp priority 0 # Set Switch_1 priority to 0 in Instance 1 to ensure that Switch_1 is the domain root of Instance 1.
Page 527 Switch_2(config-stp)#stp priority 4096 # Create VLAN 2 to VLAN 20 and add interfaces 10GE1/0/1 and 10GE1/0/2 of Switch_2 to VLAN 1 to VLAN 20 respectively. Enable the STP function and root protection function for the interfaces. Switch_2(config)#vlan 2-20 Switch_2(config)#interface 10gigaethernet1/0/1 Switch_2(config-10ge1/0/1)#port link-type trunk Switch_2(config-10ge1/0/1)#port trunk allow-pass vlan 1-20 Switch_2(config-10ge1/0/1)#stp enable...
Page 528 Switch_3(config-10ge1/0/2)#stp enable Switch_3(config-10ge1/0/2)#quit Switch_3(config)#interface 10gigaethernet1/0/1 Switch_3(config-10ge1/0/1)#stp enable Switch_3(config-10ge1/0/1)#stp edged-port enable Switch_3(config-10ge1/0/1)#port hybrid pvid 20 Switch_3(config-10ge1/0/1)#port hybrid vlan 20 untagged Switch_3(config-10ge1/0/1)#quit Switch_3(config)# 4. Configure Switch_4. # Add Switch_4 to Domain 2. Switch_4#configure %Enter configuration commands. End with Ctrl+Z or command "quit" & "end" Switch_4(config)#stp Switch_4(config-stp)#stp mode mstp Switch_4(config-stp)#stp config-name Domain2...
Page 529: Configuring Bfd
11.2 Configuring BFD 11.2.1 Overview of BFD Basic Concept Bidirectional Forwarding Detection (BFD) is a set of unified detection mechanisms that are used for detecting communication failures between forwarding devices in the network. BFD provides light-burden and short-time detection of communication failures between neighboring forwarding devices, and also provides real time detection to any media and protocol layer.
Page 530: Echo Function
Echo Function BFD detection is classified into asynchronous detection mode and on-demand detection mode. The echo function is an additional function of two detection modes. When the echo function is enabled, a node sends a series of BFD ECHO packets to a neighbor, and the neighbor reflects the packets to the transmit node.
Page 531 Purpose This section describes how to configure the BFD function to rapidly detect and monitor the connectivity of IP routing between directly connected devices in the network. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 532 Purpose Procedure  bfd track track-number remote-ip ipv4-address1 local-ip ipv4- address2  bfd track track-number remote-ip ipv4-address1 vlan vlan-id  bfd track track-number remote-ip ipv4-address1 bfd track track-number remote-ip6 ipv6-address1 local-ip ipv6-  address2 vlan vlan-id  bfd track track-number remote-ip6 ipv6-address1 local-ip ipv6- address2 vlan vlan-id one-arm-echo ...
Page 533: Configuring Bfd Parameters
Purpose Procedure (Optional) 1. Access the global configuration view. Configure the 2. Run the bfd trap { enable | disable } command. BFD session status trap function Delete track 1. Access the global configuration view. information from a 2. Run the following commands: physical interface no bfd track all ...
Page 534: Maintenance And Debugging
11.2.4 Maintenance and Debugging Purpose This section describes how to check or locate the fault when the BFD function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View information of...
Page 535: Applying Multi-Hop Detection
11.2.5.1 Applying Multi-hop Detection Network Requirements Three switches are connected as shown below. It is required to configure BFD multi-hop detection to detect the multi-hop path between Switch_1 and Switch_3. It is also required to add the interfaces to VLAN, create interface VLANIF, and configure an IP address on it. Network Diagram Figure 11-4 BFD multi-hop detection network diagram Configuration...
Page 536 2. Configure Switch_2. # Add interface xgigaethernet1/0/1 to VLAN 2, and set the IP address to 10.1.1.2/16. Switch_2#configure Switch_2(config)#interface vlan 2 Switch_2(config-vlan-2)#ip address 10.1.1.1/16 Switch_2(config-vlan-2)#quit Switch_2(config)#interface xgigaethernet 1/0/1 Switch_2(config-10ge1/0/1)#port hybrid pvid vlan 2 Switch_2(config-10ge1/0/1)#port hybrid vlan 2 untagged Switch_2(config-10ge1/0/1)#quit Switch_2(config)# # Add interface xgigaethernet1/0/2 to VLAN 3, and set the IP address to 10.2.1.1/16.
Page 537: Configuring Efm
11.3 Configuring EFM 11.3.1 Overview of EFM Usage of EFM Ethernet in the First Mile (EFM) is a short name of the operations, administration, and maintenance (OAM) part in the IEEE802.3ah protocol. EFM mainly defines the OAM of the subscriber access network and addresses the installation, monitoring, and maintenance of Ethernets and MANs.
Page 538: Supported Efm Features
11.3.2 Supported EFM Features Link Discovery Link discovery refers to the process of establishing a link by the EFM, which is the first period of Ethernet EFM. During the process, the connected Ethernet EFM instances exchange Information PDUs to notify remote devices of their own EFM configuration information and EFM support and capabilities on the local devices.
Page 539: Link Monitoring
Caution Only EFM entities in active mode have permissions to set a remote entity to the loopback mode. If both entities are in active mode and one entity has already sent a loopback command to the other one and yet receives a loopback command from the other entity while it is waiting for response, the MAC addresses of the two entities are compared, and the entity with a greater MAC address enters the loopback status.
Page 540: Configuring Efm Link Discovery
 Link Fault: The receiving side detects signal loss, such as optical signal failure on the remote side. The function is supported only when the link supports independent sending and receiving (one-way transmission). Link fault is not supported for non-one- way transmission at IEEE 802.3ah.
Page 541 Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable or 1. Run the configure command in the privileged user view to access the disable the EFM global configuration view. protocol on an 2. Run the interface { gigaethernet | xgigaethernet } interface-number interface command to access the Ethernet interface configuration view or run the interface eth-trunk trunk-number command to access the Trunk interface...
Page 542 Purpose Procedure Configure the 1. Run the configure command in the privileged user view to access the error frame global configuration view. window and 2. Run the interface { gigaethernet | xgigaethernet } interface-number threshold command to access the Ethernet interface configuration view or run the interface eth-trunk trunk-number command to access the Trunk interface configuration view, or access the interface group configuration view.
Page 543: Configuring Efm Remote Loopback
Purpose Procedure Disable error 1. Run the configure command in the privileged user view to access the frame second global configuration view. detection 2. Run the interface { gigaethernet | xgigaethernet } interface-number command to access the Ethernet interface configuration view or run the interface eth-trunk trunk-number command to access the Trunk interface configuration view, or access the interface group configuration view.
Page 544 Purpose Procedure Enable EFM 1. Run the configure command in the privileged user view to access the remote loopback global configuration view. 2. Run the interface { gigaethernet | xgigaethernet } interface-number command to access the Ethernet interface configuration view or run the interface eth-trunk trunk-number command to access the Trunk interface configuration view, or access the interface group configuration view.
Page 545: Configuring Efm Link Monitoring
11.3.5 Configuring EFM Link Monitoring Purpose This section introduces how to configure the EFM link monitoring function, including configuring support for link detection and setting the error symbol period window and threshold, error frame window and threshold, error frame period window and threshold, error frame second window and threshold, action (interface linkage) at error occurrence, and latency for automatic restoration to UP on the EFM linkage interface.
Page 546 Purpose Procedure the error interface eth-trunk trunk-number command to access the Trunk interface frame configuration view, or access the interface group configuration view. detection 3. Run the command efm link-monitor frame-period threshold threshold interval value rangewindow window { window value range | default }. Disable 1.
Page 547: Configuring Efm Link Fault Notification
Purpose Procedure interface eth-trunk trunk-number command to access the Trunk interface configuration view, or access the interface group configuration view. 3. Run the command no efm link-monitor high-threshold action { disable- on-error | trap | all }. Configure 1. Run the configure command in the privileged user view to access the the linkage global configuration view.
Page 548: Maintenance And Debugging
Purpose Procedure Configure that 1. Run the configure command in the privileged user view to access the an interface global configuration view. does not support 2. Run the interface { gigaethernet | xgigaethernet } interface-number critical events command to access the Ethernet interface configuration view or run the interface eth-trunk trunk-number command to access the Trunk interface configuration view, or access the interface group configuration view.
Page 549 Purpose Procedure View 1. Access the corresponding view as follows: information about  Run the disable command to return to the common user the EFM OAM view. session between  Run the configure command to access the global a specified configuration view.
Page 550: Configuration Example
Purpose Procedure 2. Run the following commands:  show efm status all  show efm status interface { gigaethernet | xgigaethernet } interface-number  show efm status interface eth-trunk trunk-number View the 1. Access the corresponding view as follows: summary of all ...
Page 551 Network Diagram Figure 11-5 EFM configuration topology Configuration 1. Configure Switch A. // Enable the EFM protocol for interface 10gigaethernet1/0/1 on Switch A. SwitchA#configure SwitchA(config)#interface xge1/0/1 SwitchA(config-10ge1/0/1)#efm enable // Configure the EFM mode of interface 10gigaethernet1/0/1 to passive. SwitchA(config-ge1/0/1)#efm mode passive 2.
Page 552: Configuring Cfm
11.4 Configuring CFM 11.4.1 Overview of CFM Introduction to CFM IEEE 802.1ag Connectivity Fault Management (CFM) defines OAM functions of connectivity fault check, fault confirmation, fault locating, and fault indication based on Ethernet bearer network. It is suitable for end-to-end scenarios of large-scale networking and is a network-level OAM. Features of CFM CFM has the following features: ...
Page 553  Among the roles of customer, provider, and carrier, the default distribution of MD levels is as follows: Three MD levels are allocated for the customer role: 7, 6, and 5. Two MD levels are allocated for the supplier role: 4 and 3. Three MD levels are allocated for the carrier role: 2, 1, and 0.
Page 554  CFM defines two types of MEPs by direction: UP MEP and DOWN MEP. UP MEP, also called inward MEP, can be understood as an uplink port of Ethernet service flow, which is associated with UNI. UP MEP sends and receives CFM packets through the forwarding and relay function of the bridge (the switches and related products produced by Switch use the MIP corresponding to the MEP), and the port where the UP MEP is located does not send and receive CFM packets.
Page 555: Supported Cfm Features
11.4.3 Supported CFM Features Ethernet Continuity Check (ETH-CC) is an active OAM function, one of the most basic and most important functions in CFM. It provides the possibility for implementing CFM. It can be understood as the extension of the L3 BFD protocol on L2 Ethernet, usually using Class 1 multicast MAC addresses. It is used to detect loss of continuity (LOC) between any pair of MEPs in an MEP.
Page 556: Configuring Basic Cfm Functions
CFM fault confirmation can be performed in two ways:  Unicast ETH-LB is a VLAN-based L2 MAC-Ping-MAC protocol. Multicast ETH-LB uses Class 1 multicast MAC addresses. It is a VLAN-based L2  MAC-Ping-MACs-in-VLAN protocol. LBR uses unicast addresses. LTR/LTM Link Tracing (CFM Connectivity Fault Locating) CFM fault locating, also known as Ethernet link tracing (ETH-LT), is an on-demand CFM function, which can be understood as an extension of IP Trace on L2 Ethernet, and is a VLAN-based L2 MAC-Trace protocol.
Page 557 The requirements for creating MEPs in the same MA of the same bridge are as follows:  MEPs of the inward interface type and MEPs of the outward interface type cannot coexist.  MEPs and RMEPs in the same MA cannot coexist on the same switch. ...
Page 558 Purpose Procedure 3. Run the no md name name command to delete a specified MD or run the no md all command to delete all MDs. Create an MA, 1. Run the configure command in the privileged user view to access the access the MA global configuration view.
Page 559 Purpose Procedure 3. Run the md name name level level command to access the MD configuration view. 4. Run the ma name name vlan vlan-id command to access the MA configuration view. 5. Run the no mep all command. Create an MIP 1.
Page 560 Purpose Procedure (Optional) 1. Run the configure command in the privileged user view to access the Create or delete global configuration view. a VLAN 2. Run the cfm command to access the CFM configuration view from the mapping table global configuration view. automatically 3.
Page 561 Purpose Procedure Enable or 1. Run the configure command in the privileged user view to access the disable CC for global configuration view. all MEPs in an 2. Run the cfm command to access the CFM configuration view from the global configuration view.
Page 562: Configuring Cfm Parameters
Parameter Description Value vlan-list Specifies a VLAN mapping list. The value is an integer ranging from 1 to 4094. mep-id Specifies an RMEP ID. The value is an integer ranging from 1 to 1891. mep-id-list Specifies a list of RMEP IDs. The value is an integer ranging from 1 to 1891.
Page 563 Purpose Procedure 5. Run the ccm-interval { 300Hz | 10ms | 100ms | 10s | 1min | 10min | default } command. Configure the 1. Run the configure command in the privileged user view to access the CC loss global configuration view. threshold for 2.
Page 564 Purpose Procedure 3. Run the md name name level level command to access the MD configuration view. 4. Run the ma name name vlan vlan-id command to access the MA configuration view. 5. Run the mip-ccdb aging-time { aging-time | default } command. Configure the 1.
Page 565: Attached Table
Purpose Procedure 5. Run the trace-replay aging-time { aging-time | default } command. Attached table: Parameter Description Value vlan-id Specifies a VLAN ID. The value is an integer ranging from 1 to 4094. level Specifies a level. The value is an integer ranging from 0 to mep-id Specifies a local MEP ID.
Page 566: Configuring Cfm Fault Confirmation
Parameter Description Value defer Indicates that the Sender ID TLV content is determined by the MD management object. aging-time Specifies the aging time of The value is an integer ranging from 1 to LTR responses. 65535, in seconds. default Uses the default aging 1000s time of LTR responses.
Page 567 Purpose Procedure  cfm ping mac mac-address mep vlan vlan-id level level mepid mep-id priority priority-value -c packet-count -s packet-size -t packet-timeout  cfm ping mac mac-address mep vlan vlan-id level level mepid mep-id Configure remote 1. Remain in the current privileged user view. MEP ping for locating 2.
Page 568: Configuring Cfm Fault Locating
Parameter Description Value remote-mep-id Specifies the MEP ID of a The value is an integer ranging from 1 to remote network bridge. 1891. priority-value Specifies a priority. The value is an integer ranging from 0 to packet-count Specifies the times of ping. The value is an integer ranging from 1 to 1024.
Page 569 Purpose Procedure Configure MAC 1. Remain in the current privileged user view. address tracing for 2. Run the following commands: locating any CFM  cfm trace mac mac-address mep vlan vlan-id level connectivity fault level mepid local-mep-id  cfm trace mac mac-address mep vlan vlan-id level level mepid local-mep-id priority priority cfm trace mac mac-address mep vlan vlan-id level ...
Page 570 Purpose Procedure  cfm trace remote-mep remote-mep-id mep vlan vlan- id level level mepid local-mep-id priority priority -t packet-timeout { fdb-only | ccdb }  cfm trace remote-mep remote-mep-id mep vlan vlan- id level level mepid local-mep-id { fdb-only | ccdb } ...
Page 571: Maintenance And Debugging
Parameter Description Value priority Specifies a priority. The value is an integer ranging from 0 to 7. packet-timeout Specifies a wait timeout duration of The value is an integer ranging response packets. from 1 to 60, in seconds. The default value is 5 seconds. ttl-value Specifies the maximum number of The value is an integer ranging...
Page 572 Purpose Procedure Enable CFM packet 1. Remain in the current privileged user view. transmission 2. Run the following commands: debugging  debug cfm packet { ccm-out | ccm-in | lbr-out | lbr-in | lbm-out | lbm-in | ltr-in | ltr-out | ltm-in | ltm-out | ais-out | ais- in | lock-out | lock-in | all } interface { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number...
Page 573 Purpose Procedure 2. Run the show cfm mep or show cfm mep vlan vlan-id level level mepid mep-id command View the summary 1. Run the disable command to return to the common user view. or details of an MEP 2. Run the show cfm mep ccdb or show cfm mep ccdb remote- CCDB mep-id vlan vlan-id level level mepid mep-id command.
Page 574: Configuration Example
11.4.9 Configuration Example Network Requirements This example shows how to configure CFM in multiple MAs. Allocate devices wh-s7808, cs-s3628, nc-s3628, hf-s3628, and zz-s3628 to MD1 and set the MD level to 1. Allocate devices cd-s2200, gz-s2200, sh-s2200, and bj-s2200 to MD2 and set the MD level to 6. Each MD can add its own MAs.
Page 575 Configuration Configure each bridge as follows: 1. Configure MD1. 1) Configure wh-XXXX wh-XXXX#configure wh-XXXX(config)#cfm wh-XXXX(config-cfm)#md name md1 level 1 wh-XXXX(config-md-md1)#ma name ma1 vlan 1 wh-XXXX(config-md-md1-ma-ma1)#quit wh-XXXX(config)#interface xgigaethernet 1/0/1 to xgigaethernet 1/0/4 wh-XXXX(config-xg1/0/1->xg1/0/4)#cfm mip vlan 1 level 1 2) Configure cs-s3628 cs-s3628#configure cs-s3628(config)#cfm cs-s3628(config-cfm)#md name md1 level 1...
Page 576 nc-s3628(config-10ge1/0/7)#quit nc-s3628(config)#interface 10gigaethernet 1/0/8 nc-s3628(config-10ge1/0/8)# cfm mip vlan 1 level 6 nc-s3628(config-10ge1/0/8)#cfm mep vlan 1 level 1 mepid 100 inward nc-s3628(config-10ge1/0/8)#cfm mep vlan 1 level 1 mepid 100 ccm enable 4) Configure hf-s3628 hf-s3628#configure hf-s3628(config)#cfm hf-s3628(config-cfm)#md name md1 level 1 hf-s3628(config-md-md1)#ma name ma1 vlan 1 hf-s3628(config-md-md1-ma-ma1)# quit hf-s3628(config-cfm)#md name md2 level 6...
Page 577 2. Configure MD2. 1) Configure cd-s2200 cd-s2200#configure cd-s2200(config)#cfm cd-s2200(config-cfm)#md name md2 level 6 cd-s2200(config-md-md2)#ma name ma2 vlan 1 cd-s2200(config-md-md2-ma-ma2)#quit cd-s2200(config)#interface fastethernet 1/0/6 cd-s2200(config-fe1/0/6)#cfm mep vlan 1 level 6 mepid 1 cd-s2200(config-fe1/0/6)#cfm mep vlan 1 level 6 mepid 1 ccm enable 2) Configure gz-s2200 gz-s2200#configure gz-s2200(config)#cfm...
Page 578: Configuring Y.1731
11.5 Configuring Y.1731 11.5.1 Y.1731 Overview Introduction to Y.1731 Fault Management Protocol Ethernet was used for LAN environments and had a poor operation, administration, and management (OAM) capability. To achieve the same level of services as traditional bearer transport networks, Y.1731 was developed by ITU-T SG13, which defines OAM functions of connectivity fault check, fault confirmation, fault locating, and fault indication based on Ethernet bearer network.
Page 579: Basic Concepts Of Y.1731 Fault Management Instance
 The connectivity fault check function defined by ITU-T Y.1731 supports a packet transmission frequency of 300 Hz per second, and distinguishes different service instances by the VLAN Tagged field, so it is especially suitable for the protection switching requirements of carrier Ethernet. The Y.1731 connectivity check packet has become the connectivity check standard of ...
Page 580 Figure 11-8 Format of an ICC-based MEG ID MEG Level (MEL) Generally, a bridge configured with multiple MEGs uses the VLAN tag field to distinguish Y.1731 data frames of different MEGs. When data frames cannot be distinguished by VLAN tags, the Y.1731 data frames of multiple MEGs can be distinguished by the MEG levels.
Page 581 MEG Point (MEP) MEP is a point of an MEG and is used to determine the boundary of each MEG for Y.1731 fault management. It sends and terminates Y.1731 data frames for fault management and performance monitoring. On a bridge port without MEP, Y.1731 packets and Ethernet service flow with the same VLAN tag have the same forwarding process.
Page 582 MAC Address of a Y.1731 Frame (DA) Y.1731 has both opcodes using unicast MAC addresses and opcodes using multicast MAC addresses. There are two types of multicast MAC addresses in Y.1731:  Multicast Class 1 DA 01:80:C2:00:00:30—01:80:C2:00:00:37  Multicast Class 2 DA 01:80:C2:00:00:38—01:80:C2:00:00:3F OAM Type DAs for frames with OAM PDU...
Page 583: Supported Y.1731 Features
11.5.3 Supported Y.1731 Features Caution Switches and related products of Switch cannot process ETH-CC/ETH-LTR/ETH- LTM/ETH-AIS/ETH-LCK packets exceeding 256 bytes. ETH-CC ETH-CC is a proactive OAM function. It can detect Loss of Continuity (LOC) between any pair of MEPs in an MEG, an incorrect connection between two MEGs, a connection to an incorrect MEP in an MEG, and other faults.
Page 584 There are two types of Y.1731 fault confirmation:  Unicast ETH-LB is a VLAN-based L2 MAC-Ping-MAC protocol. Multicast ETH-LB uses Class 1 multicast MAC addresses. It is a VLAN-based L2  MAC-Ping-MACs-in-VLAN protocol. LBR uses unicast addresses. The Y.1731 fault confirmation message is sent from an MEP to the designated MEP (MIP) to help the MEP locate the fault located in the MEG precisely.
Page 585 ETH-LTR/LTM Ethernet Fault Locating Y.1731 fault locating is also known as Ethernet link tracing (ETH-LT) and is an on-demand OAM function. The Y.1731 fault locating function detects the route from the local device MEP to the destination device MEP or MIP in the same MEG or locates the fault point by sending the query packet LTM (using the Class 2 MAC address) and receiving the response packet LTR (using the unicast address).
Page 586 Faults are divided into the following two types as an example: Abnormal signal in the case of ETH-CC execution in an MEG, mainly including" Loss of continuity (LOC) between any pair of MEPs in an MEG;   Undesired connectivity between two MEGs (with error contained and different MEG IDs);...
Page 587: Configuring Basic Y.1731 Functions
Caution In environments where blocking protocols are running, LCK may lead to ambiguity between the port forwarding state and the actual expected port forwarding state. Therefore, restrict the use of LCK in scenarios where blocking protocols are running. 11.5.4 Configuring Basic Y.1731 Functions Background The simplest configuration process for implementing basic Y.1731 functions is as follows: 1.
Page 588 Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Create an 1. Run the configure command in the privileged user view to access the MEP. global configuration view. 2. Run the interface gigaethernet interface-number command to access the Ethernet interface configuration view or run the interface eth-trunk trunk-number command to access the Trunk interface configuration view.
Page 589 Purpose Procedure  y1731 mep vlan vlan-id level level mepid mepid-id ccm priority priority { enable | disable } (Optional) 1. Run the configure command in the privileged user view to access the Configure the global configuration view. MAC address of 2.
Page 590 Purpose Procedure Disable AIS for 2. Run the y1731 command in the global configuration view to access the an MEG Y.1731 configuration view. 3. Run the meg vlan vlan-id level level icc icc string umc umc string command to access the configuration view of an existing MEG. 4.
Page 591 Attached table: Parameter Description Value interface- Specifies the ID of a The value is an integer in the range of <1- number physical interface. 12>/<1-48>. trunk-number Specifies an aggregation The value is an integer ranging from 1 to interface number. 128.
Page 592: Configuring Y.1731 Parameters
11.5.5 Configuring Y.1731 Parameters Purpose This section describes how to adjust Y.1731 parameters to better implement point-to-point connectivity fault check in Ethernet. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Delete all 1. Run the configure command in the privileged user view to access the MEGs global configuration view.
Page 593 Purpose Procedure 3. Run the meg vlan vlan-id level level icc icc string umc umc string command to access the configuration view of an existing MEG. 4. Run the ais loss-threshold { loss-threshold | default } command. Configure the 1. Run the configure command in the privileged user view to access the AIS transmission global configuration view.
Page 594 Purpose Procedure 4. Run the lock loss-threshold { loss-threshold | default } command. Configure the 1. Run the configure command in the privileged user view to access the global configuration view. transmission 2. Run the y1731 command in the global configuration view to access the period of an Y.1731 configuration view.
Page 595 Purpose Procedure Configure the 1. Run the configure command in the privileged user view to access the aging time of global configuration view. LTR responses 2. Run the y1731 command in the global configuration view to access the Y.1731 configuration view. 3.
Page 596 Parameter Description Value loss-threshold Specifies the AIS loss The value is an integer ranging from threshold. 2 to 255. default Specifies the default AIS loss threshold. loss-threshold Specifies the CCM loss The value is an integer ranging from threshold. 2 to 255. default Specifies the default CCM loss threshold.
Page 597: Configuring Y.1731 Fault Configuration
11.5.6 Configuring Y.1731 Fault Configuration Purpose This section describes how to send a test packet and receive the response packet to check whether the local device can ping the destination device when you need to manually check connectivity of a link between two devices.
Page 598 Purpose Procedure  y1731 ping remote-mep remote-mep-id mep vlan vlan-id level level mepid mep-id priority priority -c packet-count -s packet- size -t packet-timeout Configure all 1. Remain in the current privileged user view. remote MEP ping 2. Run the following commands: for locating a ...
Page 599: Configuring Y.1731 Fault Locating
11.5.7 Configuring Y.1731 Fault Locating Purpose This section describes how to send a test packet and receive the response packet to check whether the route from the local device to the destination device is reachable or locate the fault point when you need to manually check connectivity of a link between two devices.
Page 600 Purpose Procedure Configure remote MEP 1. Remain in the current privileged user view. tracing for locating a 2. Run the following commands: Y.1731 connectivity fault  y1731 trace remote-mep remote-mep-id mep vlan vlan-id level level mepid mep-id  y1731 trace remote-mep remote-mep-id mep vlan vlan-id level level mepid mep-id -t packet-timeout ...
Page 601: Configuring Bidirectional Throughput Test
11.5.8 Configuring Bidirectional Throughput Test Purpose This section describes how to configure bidirectional throughput test to test the throughput between links of physical interfaces of a pair of MEPs. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure...
Page 602 Purpose Procedure | dmr-in | dmm-out | dmm-in | exp | vsp | all } interface { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number  debug y1731 packet { ccm-out | ccm-in | lbr-out | lbr-in | lbm-out | lbm-in | ltr-in | ltr-out | ltm-in | ltm-out | ais- out | ais-in | lock-out | lock-in | tst-out | tst-in | mcc-out | mcc-in | lmr-out | lmr-in | lmm-out | lmm-in | 1dm | dmr-out...
Page 603 Purpose Procedure View the summary or 1. Run the disable command to access the common user view. details of an MEP CCDB 2. Run the show y1731 ccdb or show y1731 ccdb remote-mep- id vlan vlan-id level level mepid mep-id command. View the Y.1731 1.
Page 604: Configuration Example
11.5.10 Configuration Example Network Requirements This example shows how to configure Y.1731 connectivity fault management in multiple MEGs. Allocate wh-s4608, cs-s3628, nc-s3628, hf-s3628, and zz-s3628 to the MEG icc v1 umc fhn1 and configure the MEG level to 1. Allocate cd-s2200, gz-s2200, sh-s2200, and bj-s2200 to the MEG icc v1 umc fhn6 and configure the MEG level to 6.
Page 605 Configuration Configure each bridge as follows: 1. Configure icc v1 umc fhn1. 1) Configure wh-s4608 wh-s4608#configure wh-s4608(config)#y1731 wh-s4608(config-y1731)#meg vlan 1 level 1 icc v1 umc fhn1 wh-s4608(config-meg-v1-fhn1)#quit wh-s4608(config)#interface xgigaethernet 3/0/1 to xgigaethernet 3/0/4 wh-s4608(config-xg3/0/1->xg3/0/4)#y1731 mip vlan 1 level 1 2) Configure cs-s3628 cs-s3628#configure cs-s3628(config)#y1731 cs-s3628(config-y1731)#meg vlan 1 level 1 icc v1 umc fhn1...
Page 606 nc-s3628(config-10ge1/0/8)#y1731 mep vlan 1 level 1 mepid 100 ccm enable nc-s3628(config-10ge1/0/8)#y1731 mep vlan 1 level 1 mepid 100 ais enable 4) Configure hf-s3628 hf-s3628#configure hf-s3628(config)#y1731 hf-s3628(config-y1731)#meg vlan 1 level 1 icc v1 umc fhn1 hf-s3628(config-meg-v1-fhn1)#quit hf-s3628(config-y1731)#meg vlan 1 level 6 icc v1 umc fhn6 hf-s3628(config-meg-v1-fhn6)#quit hf-s3628(config)#interface 10gigaethernet 1/0/5 hf-s3628(config-10ge1/0/5)#y1731 mip vlan 1 level 1...
Page 607 cd-s2200(config-meg-v1-fhn6)#quit cd-s2200(config)#interface fastethernet 1/0/6 cd-s2200(config-fe1/0/6)#y1731 mep vlan 1 level 6 mepid 1 cd-s2200(config-fe1/0/6)#y1731 mep vlan 1 level 6 mepid 1 ccm enable 7) Configure gz-s2200 gz-s2200#configure gz-s2200(config)#y1731 gz-s2200(config-y1731)#meg vlan 1 level 6 icc v1 umc fhn6 gz-s2200(config-meg-v1-fhn6)#quit gz-s2200(config)#interface fastethernet 1/0/9 gz-s2200(config-fe1/0/9)# y1731 mep vlan 1 level 6 mepid 10 gz-s2200(config-fe1/0/9)#y1731 mep vlan 1 level 6 mepid 10 ccm enable 8) Configure sh-s2200...
Page 608: Configuring G.8032
11.6 Configuring G.8032 11.6.1 Overview of G.8032 Advantages of G.8032 ITU-T G.8032 defines the automatic protection switching mechanism of Ethernet ring network and overcomes two weaknesses of IETF RFC3619 EAPS:  In case of loss of fault notification or failure of triggering fault notification, the polling mechanism takes a long time to detect and discover the fault, and cannot meet the protection switching time requirement of 50 ms.
Page 609  Ring protection link (RPL): A blocked link on a ring. When another link fails, this link is unlocked to take over traffic forwarding from the failed link.  RPL neighbor node: A node that blocks a port of RPL. ...
Page 610: Fault Detection Mechanism
Clear: This command has the following functions: a. Clears the manual protection request command FS or MS; b. Recovers to the normal state before the WTR or WTB timer times out if recovery is permitted; c. Triggers loop recovery in irrecoverable mode.
Page 611 The node sends the remote defect indication (RDI) frame from the port with a fault detected. If the fault is unidirectional, the downlink node of the link detects the RDI frame. Node B detects the CC frame loss of Node A, detects the fault of port b2, and advertises the RDI to Node A, as shown in Figure 11-17. Figure 11-17 Unidirectional link fault detection If the node is faulty, the neighboring nodes at both ends of the faulty node detect CC frame loss in the specific time, as shown in Figure 11-18.
Page 612: Single-Ring Protection Switching
11.6.3 G.8032 Single-ring Protection Switching The RPL is blocked in normal state, as shown in Figure 11-19. Figure 11-19 Singe-ring link normal state Loop switching can be performed in three modes: forced switch, link failure, and manual switch, in descending order of priority. 11.6.3.1 Forced Switch When the loop is in idle state, if forced switch is performed on a node of the ring, the port is blocked and the other port is enabled.
Page 613 Figure 11-20 State change after forced switch on S1 in idle state Caution 1. If the forced switch command has been entered on one port of a node, forced switch cannot be performed on the other port. As shown in Figure 5, after forced switch is performed on the S port of S1, forced switch cannot be performed on the P port.
Page 614: Automatic Protection Switching Via Link Failure Detection
11.6.3.2 Automatic Protection Switching via Link Failure Detection When a link failure is detected, the faulty port is blocked and the SF signal is sent. Other nodes of the ring receive the RAPS-SF signal and enable non-failing ports. In this way, the RPL owner node enables the blocked port to switch traffic to the RPL link.
Page 615: Manual Switch
After receiving the RAPS (NR, RB) message, other nodes of the ring update FDB and cancel port blocking, and the non-RPL owner node at the other end of the RPL blocks the RPL port and updates FDB. The ring recovers to idle state, as shown in Figure 11-23. Figure 11-23 Ring recovers to the idle state after the WTR timer times out In irrecoverable mode, after the faulty link recovers, the two neighboring nodes at both ends of the link still block ports and send the RAPS-NR message to notify that the fault is cleared.
Page 616 Figure 11-24 State change after manual switch on S1 in idle state Caution 1. If manual switch is performed on other nodes when the ring is in manual switch state, the switch request is denied. 2. If the node that initiates the manual switch request receives a command of a higher priority, it clears the manual switch request and processes the request of a higher priority.
Page 617: Multi-Ring Protection Switching Mechanism Upon Single Point Of Failure
11.6.4 G.8032 Multi-ring Protection Switching Mechanism upon Single Point of Failure G.8032 can provide link protection switching for the multi-ring topology where rings are intersecting via a single-point or multi-ring topology where rings are connected via a shared link. For the multi-ring topology where rings are intersecting via a single point, the protection switching of each ring complies with the protection switching mechanism of a simple ring.
Page 618: Intersecting Ring Protection Switching Mechanism Upon Multi-Point Fault
Figure 11-26 Shared link fault If the sub-ring link fails, the failure is also handled according to the single-ring failure protection switching mechanism. Forced switch and manual switch are also applicable to the multi-ring topology, and the handling mechanism is the same as the single-ring handling mechanism. 11.6.5 G.8032 Intersecting Ring Protection Switching Mechanism upon Multi-Point Fault 11.6.5.1 Virtual Link Fault Detection Mechanism...
Page 619 According to Y.1731, if a node does not receive a CC response from the peer end within a time 3.5 times of the CC sending interval, the link fails. In actual situations, the ring can hardly perform protection switching within 10 ms (3.33 x 3.5). Then, a problem occurs. As shown in Figure 11-27, if the major ring does not enter the protected state within 10 ms after the C-D link fails, CC determines that the link A-B in the major ring fails.
Page 620: Protection Switching Mechanism Upon Multiple Points Of Failure
11.6.5.2 Protection Switching Mechanism upon Multiple Points of Failure When a virtual link fails, the sub-ring enters the protected state and nodes on the major ring communicate with each other through the sub-ring. When the virtual link is restored, to avoid generation of a super-ring, when the interconnected nodes C and D detect that the virtual link is restored, they block ports c3 and d3 and advertise RAPS (NR), and the node E serves as an RPL owner and starts a WTR timer, as shown in Figure 11-28.
Page 621: Configuring The Basic G.8032 Functions
Figure 11-29 Island link prevention during virtual link recovery When the WTR of node E times out, the RPL port is blocked and the RAPS (NR, RB) message is advertised. The system processes the problem as a simple ring recovery process. In this way, virtual link protection is implemented.
Page 622 Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure a node 1. Run the configure command in the privileged user view to access role for a G.8032 the global configuration view. instance 2. Run the g8032 command to access the G.8032 configuration view from the global configuration view.
Page 623: Configuring The G.8032 Timer Parameters
Purpose Procedure 3. Run the g8032 instance instance-number { port1 | port2 } fs command. Perform manual 1. Run the configure command in the privileged user view to access switch on a port of a the global configuration view. G.8032 instance 2.
Page 624: Maintenance And Debugging
Purpose Procedure Configure the 1. Run the configure command in the privileged user view to access WTR timer cycle of the global configuration view. a G.8032 instance 2. Run the g8032 command to access the G.8032 configuration view from the global configuration view. 3.
Page 625 Purpose Procedure Enable 1. Remain in the current privileged user view. G.8032 2. Run the debug g8032 { in | out | packet | sm | timer | event | all } debugging command. Disable 1. Remain in the current privileged user view. G.8032 2.
Page 626: Configuring Udld
11.7 Configuring UDLD 11.7.1 Configuring UDLD Functions Purpose This section introduces how to configure the basic UDLD functions for unidirectional link fault detection. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure a UDLD 1.
Page 627: Maintenance
Purpose Procedure 3. Run the udld cisco-checksum { enable | disable } command. Configure an UP 1. Run the configure command to access the global configuration delay time for UDLD view. interfaces globally 2. Run the udld global up-delay { delay-value | default } command.
Page 628: Configuration Example
Purpose Procedure 1. Run the corresponding command to access the common user Display the UDLD view. configuration 2. Run the show udld config command. 11.7.3 Configuration Example Network Requirements Switch 1 and Switch 2 are connected to each other with two pairs of fiber optical cables. Both switches support UDLD.
Page 629 Configuration Suggestion Set the global shutdown mode to Automatic on Switch 1. Set the global shutdown mode to Automatic on Switch 2. Enable UDLD for gigaethernet 1/0/1 of Switch 1. Enable UDLD for gigaethernet 1/0/2 of Switch 2. Simulate the unidirectional status. Configuration Switch1: Switch1(config)#udld uni-shutdown auto...
Page 630: Chapter 12 Configuring Device Management
Chapter 12 Configuring Device Management This chapter describes the basic content, configuration procedure, and configuration examples of the device management of the Switch. 12.1 Configuring Device Hardware 12.1.1 Overview The hardware configuration for the Switch indicates the operations on the hardware resource using the commands during the device operation after the hardware is installed.
Page 631: Configuring The Device Fan
Purpose Procedure Check the 1. Access the common user view, privileged user view, or global configuration result configuration view. 2. Run the show cpu command to view the CPU usage and configuration. 3. Run the show cpu config command to view the current configuration file information of the device CPU.
Page 632: Configuring The Device Memory
12.1.4 Configuring the Device Memory Purpose This section describes how to set the upper and lower limit of memory usage, and to understand the current memory usage of the device using the memory monitoring and alarm report functions. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 633: Viewing The Device Cpu Usage
Purpose Procedure Set the 1. Access the global configuration view. temperature 2. Run the temperature monitor { enable | disable } command to monitoring function enable or disable the temperature monitoring function. and temperature 3. Run the temperature { temperature-number | all } trap { enable | alarm reporting disable } command to enable or disable the temperature alarm reporting function...
Page 634: Configuring The Mirroring Function
Maintenance and Debugging 12.1.7 Purpose This section describes how to debug the device hardware parameters and locate the fault. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View the version 1.
Page 635: Mirroring Classification
12.2.2 Mirroring Classification Switch supports port mirroring and flow mirroring. Port mirroring includes local mirroring and remote mirroring.  Local port mirroring, also called local switched port analyzer (SPAN), indicates that the source mirroring port and destination mirroring port are on the same switch. ...
Page 636: Configuring Local Port Mirroring
12.2.3 Configuring Local Port Mirroring Purpose This section describes how to configure the local port mirroring function to monitor or analyze the messages passing through a port on the device in the case that the source mirroring port and destination mirroring port are on the same device.
Page 637: Configuring Flow Mirroring
12.2.4 Configuring Flow Mirroring Purpose This section describes how to configure the flow mirroring function to monitor or analyze the messages with some specific features that pass through the device. Note: Before configuring remote flow mirroring, make sure the L2 network between devices is connected or the L3 network is reachable.
Page 638: Configuration Example
Purpose Procedure 9. Run the mirror { ingress | egress | both } group group-list command to configure the mirroring function on the source mirroring port. Disable the 1. Access the interface configuration view or interface group configuration flow mirroring view.
Page 639 Network Diagram Figure 12-1 Network diagram of configuring local port mirroring Configuration 1. Configure each interface to allow both departments to communicate with the data monitoring device. # Create VLAN 10, VLAN 20, and VLAN 30, and add interfaces 10GE1/0/1, 10GE1/0/2, and 10GE1/0/3 to VLAN 10, VLAN 20, and VLAN 30 respectively.
Page 640: Example Of Configuring Local Flow Mirroring
Switch(config-vlan-3)#ip address 10.18.11.1/24 Switch(config-vlan-3)#quit Switch(config)# 2. Create a local mirror group and its observing interface. # Create the local mirror group 1 on Switch and configure its observing interface to 10GE1/0/3. Switch(config)#mirror group 1 10gigaethernet 1/0/3 3. Configure the mirroring function of the source mirroring port. # Configure interfaces 10GE1/0/1 and 10GE1/0/2 as the source mirroring ports on Switch to monitor the data packets transmitted by Department 1 and Department 2.
Page 641 Figure 12-2Network diagram of configuring local flow mirroring Configuration 1. Configure each interface to allow both departments to communicate with the data monitoring device. # Create VLAN 10, VLAN 20, and VLAN 30, and add interfaces 10GE1/0/1, 10GE1/0/2, and 10GE1/0/3 to VLAN 10, VLAN 20, and VLAN 30 respectively.
Page 642: Configuring Log Management
Switch(config-vlan-3)#ip address 10.18.11.1/24 Switch(config-vlan-3)#quit Switch(config)# 2. Create a local mirror group and its observing interface. # Create the local mirror group 1 on Switch and configure its observing interface to 10GE1/0/3. Switch(config)#mirror group 1 10gigaethernet 1/0/3 3. Configure the flow classification rules and flow mirroring processing action, and apply the policy to the source mirroring port.
Page 643: Displaying Or Clearing The Log Information
12.3.2 Configuring Log Management 12.3.2.1 Enable or Disable the Logging Function Purpose This section describes how to enable or disable the logging function of the switch. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable the logging 1.
Page 644: Configuring Action Information
Purpose Procedure system running information Clear abnormal logs 1. Access the privileged user view. 2. Run the clear abnormal-log command. Clear the log buffer 1. Access the global configuration view. 2. Run the clear logging {logbuffer|trapbuffer} command. Clear all the content 1.
Page 645 Purpose Procedure threshold for a  logging source { aaa | acl | antiattack | arp | arp-antiattack | arp- specified type probe | bfd | bgp | cli | counter | cpu | cpu-defend | ddm | default | of logs for a devcomm | dhcp | dhcp-client |did | diffserv | dot1x | evpn | fan | specified action...
Page 646: Configuring The Syslog Server
Purpose Procedure pppoeplus | protocol-vlan | policy-route | rawip | rawip6 | rip | rlink | route | route-policey | scheduleprofile | snmp | soa | ssh | stg | stp | storm-control | storm-suppression | system | temperature | tcp | tcp6 | time-range | udp | udp6 | udr | uinetsck | virtual-cable-test | vlan-mapping | vlan-stacking | vtp | vxlan | slot } action { console | monitor | logfile | logbuffer | trap | trapbuffer | syslog | smtp } { log |...
Page 647: Configuring Log Files
12.3.2.5 Configuring Log Files Purpose The section describes how to configure a log file size and quantity. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure the log file 1. Access the global configuration view. size for each module 2.
Page 648: Saving Log Files
12.3.2.6 Saving Log Files Purpose This section describes how to save log files. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure Manually save log 1. Access the global configuration view. files 2.
Page 649: Viewing The Log Configuration
12.3.2.7 Viewing the Log Configuration Purpose This section describes how to check whether the configuration is correct after configuring the log management function and relevant parameters. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 650 Purpose Procedure | isis | iss | lacp | link-flap | llt | lldp | loopcheck | l3vpn | mac-vlan | mad | mam | memory | mirror | mlag | mld | mld-snooping | mlink | mvrp | nd-snooping | ndp | ntp | ospf | ospf6 | patch | pim | port- isolate | power | pppoeplus | protocol-vlan | policy-route | rawip | rawip6 | rip | rlink | route | route-policey | scheduleprofile | snmp | soa | ssh | stg | stp | storm-control | storm-suppression | system |...
Page 651: Configuring Ddm
12.4 Configuring DDM 12.4.1 DDM Overview In an optical fiber link, locating the location of the fault is crucial to rapid recovery of services. Digital Diagnostic Monitoring (DDM), an intelligent optical module, can be used to allow network management units to monitor the temperature, supply power voltage, laser bias current, and transmit and receive optical power of the transceiver module in real time.
Page 652 Purpose Procedure Configure the bias current 1. Access the global configuration view. thresholds of an optical module 2. Access the interface configuration view. port 3. Run the laser bias-current-threshold low-threshold high-threshold command. Configure to automatically 1. Access the global configuration view. obtain the bias current 2.
Page 653: Maintenance And Debugging
Purpose Procedure Configure to automatically 1. Access the global configuration view. obtain the voltage thresholds of 2. Access the interface configuration view. an optical module port 3. Run the laser voltage-threshold auto command. Enable or disable the Error- 1. Access the global configuration view. Down function triggered when 2.
Page 654: Configuring Patches For System Or A Specified Line Card
Purpose Procedure View the detailed hardware 1. Access the common user view. information about the module 2. Run the command show laser hardware { ethernet | with a specific optical module xgigaethernet | 10gigaethernet | 25gigaethernet | port 40gigaethernet | 100gigaethernet } interface-number detailed.
Page 655: Activating A Patch
Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual. Purpose Procedure Load a patch file 1. Access the global configuration view. downloaded to the 2. Run the patch patch-number load filename command to load a device to the patch in the patch package matching the board on the active/standby system...
Page 656: Deactivating A Patch
Purpose Procedure activated active/standby master control board and set its mode to permanent. permanently or Permanent patches are still active after the device is restarted. temporarily View the 1. Access the privileged user view. configuration result 2. Run the show patch information command to view all patches in the system.
Page 657: Deleting A Patch
12.5.5 Deleting a Patch Purpose This section describes how to delete a patch. Before deleting an activated patch, you must deactivate the patch first and then delete it. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 658: Configuring Stg
12.6 Configuring STG 12.6.1 STG Overview An STP Group (STG) is a forwarding control set of all interface VLANs. The STG protocol module is a switch chip API. 12.6.2 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the STG function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 659: Chapter 13 Configuring O&M Management
Chapter 13 Configuring O&M Management This chapter describes the basic content, configuration procedure, and configuration examples of the O&M management of the Switch. 13.1 Configuring NTP 13.1.1 NTP Overview Network Time Protocol (NTP) provides the switch with the network clock synchronization function, which includes an NTP server and an NTP client.
Page 660  Multicast mode The client listens to the multicast message packet from the server. After receiving the first multicast message packet, to estimate the network delay, the client first enables a short server/client mode to exchange messages with the remote server. The client enters the multicast mode, continues to listen to the arrival of multicast message packets, and synchronizes the local clock according to the incoming multicast message packets.
Page 661: Configuring Basic Ntp Functions
13.1.2 Configuring Basic NTP Functions Purpose This section describes how to configure basic NTP functions to know how to configure NTP working modes. Preparation You have configured the link layer protocol, network layer IP address, or routing protocol of devices on the network to ensure that NTP packets between devices are reachable.
Page 662 Purpose Procedure  ntp unicast-server ipv4-address source-interface vlan vlan-id  ntp unicast-server ipv4-address version { 1 | 2 | 3 | 4 }  ntp unicast-server ipv4-address version { 1 | 2 | 3 | 4 } authentication-keyid key-id  ntp unicast-server ipv4-address version { 1 | 2 | 3 | 4 } authentication-keyid key-id source-interface loopback loopback-id ntp unicast-server ipv4-address version { 1 | 2 | 3 | 4 }...
Page 663 Purpose Procedure 3. Run the following commands:  ntp multicast-client  ntp multicast-client ipv4- address Configure the NTP multicast server: 1. Access the global configuration view. 2. Access the VLANIF configuration view. 3. Run the following commands:  ntp multicast-server ...
Page 664: Configuring The Ntp Security Mechanism
Purpose Procedure  ntp unicast-peer ipv4-address version { 1 | 2 | 3 | 4 } authentication-keyid key-id source-interface loopback loopback-id  ntp unicast-peer ipv4-address version { 1 | 2 | 3 | 4 } authentication-keyid key-id source-interface vlan vlan-id ntp unicast-peer ipv4-address version { 1 | 2 | 3 | 4 } ...
Page 665 Purpose Procedure Enable or disable 1. Access the global configuration view. trusting of any MD5 2. Access the NTP configuration view. authentication key 3. Run the trusted-keyid trusted-keyid time { enable | disable } command. Enable or disable 1. Access the global configuration view. the concurrency 2.
Page 666 Purpose Procedure  ntp broadcast-server authentication-keyid key-id version { 1 | 2 | 3 | 4 }  ntp broadcast-server authentication-keyid key-id version { 1 | 2 | 3 | 4 } ipv4-address Configure the Configure the NTP multicast client: authentication mode 1.
Page 667: Maintenance And Debugging
13.1.4 Maintenance and Debugging Purpose This section describes how to check or locate the fault when the NTP function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View the global NTP...
Page 668 Configuration Step 1: (omitted) Configure a VLAN and interface for the NTP server and client and that the server can ping the client. Step 2: Configure the NTP server as the master clock and configure its number of layers. Server(config-ntp)#master Server(config-ntp)#stratum 2 Step 3: Configure the number of layers for the NTP client.
Page 669: Configuring Rmon
13.2 Configuring RMON 13.2.1 RMON Overview Introduction Remote Monitor (RMON) is a monitoring standard that enables network monitors and console systems to exchange network monitoring data. RMON gives network administrators more flexibility to select consoles and network monitors that meet special network requirements. Currently, RMON has two versions: RMON v1 and RMON v2.
Page 670: Configuring A Statistical Table
compares the examples with the configured threshold. Includes the host-related Host address, packet, received byte, Host statistics that are discovered in transmitted byte, and broadcast transmission. the network. Prepares a host description HostTop list, with the listed elements Statistical value, host, start and end of a cycle, sorted based on a statistical base rate, and duration.
Page 671: Configuring A Control History Table
13.2.3 Configuring a Control History Table Purpose This section describes how to configure RMON to periodically collect statistics on the specified port and save the collected statistics to the history table. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 672: Configuring An Event List
13.2.5 Configuring an Event List Purpose This section describes how to configure RMON to enable the device to record a log and (or) generate an alarm when an event exceeds the alarm threshold. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure...
Page 673 Purpose Procedure View 1. Access the common user view, privileged user view, global configuration of configuration view, interface configuration view (Ethernet or Trunk), RMON event interface group configuration view, or batch interface configuration view. control entries 2. Run the show rmon event command. View 1.
Page 674: Configuring Snmp
13.3 Configuring SNMP 13.3.1 Overview of SNMP Introduction The Simple Network Management Protocol (SNMP) is the most widely used network management protocol and industry standard. It guarantees the transmission of management information between any two points, helping network administrators query information, modify configurations, isolate and diagnose faults, plan capacity, and generate reports on any network node.
Page 675: Configuring The Snmp Maintenance Information
The management information base (MIB) is used to describe the tree hierarchy. It is a collection of the standard variable definitions of the monitored network device. In the figure above, management object B can be identified uniquely by a string of number {1.2.1.1}. The string of number is the object identifier of the management object.
Page 676: Configuring Basic Snmp Functions
Purpose Procedure Designate an administrator 1. Access the global configuration view. contact method 2. Run the snmp contact contact-info command. Designate the location of a 1. Access the global configuration view. managed device 2. Run the snmp location location-info command. Configure the supported 1.
Page 677 Purpose Procedure Create an SNMP user 1. Access the global configuration view. 2. Run the following commands to create user information to enable the user in the designated group to access the device:  snmp user user-name group group-name no- auth-no-priv ...
Page 678: Configuring The Trap Sending Function
13.3.4 Configuring the Trap Sending Function Background The trap message is actively sent by the managed device to reort critical events. The managed device sends this message only after being configured with the trap function. Purpose This section describes how to configure the device to send the trap message actively. Procedure Perform the corresponding steps according to different purposes, as shown below.
Page 679 Purpose Procedure  snmp trap-source vlan vlan-id Designate the 1. Run the configure command to access the global configuration destination host for view. receiving SNMP trap 2. (IPv4) Run the following commands: messages snmp trap-server ipv4-address security-name { v1 | v2 ...
Page 680: Maintenance And Debugging
13.3.5 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the SNMP function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual Purpose Procedure View the SNMP...
Page 681: Configuring Lldp
Purpose Procedure View the SNMP view 1. Access the common user view, privileged user view, or global information configuration view. 2. Run the show snmp view command. View the alarm 1. Access the common user view. information state of the 2.
Page 682: Lldp Working Principle
LLDP Terms  LLDP: Link Layer Discovery Protocol LLDPDU: Link Layer Discovery Protocol Data Unit   MIB: Management Information Base  SNAP: Subnetwork Access Protocol  TTL: time to live (value) 13.4.2 LLDP Working Principle LLDP Port Working Mode An LLDP port supports the following four working modes: ...
Page 683: Configuring Lldp Basic Functions
13.4.3 Configuring LLDP Basic Functions Purpose This section describes how to configure the LLDP so as to discover the network topology, obtain device capability and configuration information from remote devices, detect inconsistent or incorrect configurations that may affect upper-layer application interworking, and help locate inconsistencies or errors on a network consisting of devices provided by different manufacturers.
Page 684 Purpose Procedure (Optional) 1. Access the global configuration view, interface configuration view Configure the LLDP (Ethernet), or interface group configuration view. frame transmission 2. Run the lldp tx-interval { tx-interval | default } command. interval (Optional) 1. Access the global configuration view, interface configuration view Configure the (Ethernet), or interface group configuration view.
Page 685 Purpose Procedure LLDP TLV on an 2. Access the interface configuration view or interface group interface configuration view. 3. Run the command lldp basic-tlv-tx { port-description | system- name | system-description | system-capability | all } { enable | disable }. (Optional) Enable 1.
Page 686: Maintenance And Debugging
Purpose Procedure  lldp location-id civic-address civic-address country- code ca-type ca-value ca-type ca-value ca-type ca-value ca-type ca- value  lldp location-id civic-address civic-address country- code ca-type ca-value ca-type ca-value ca-type ca-value ca-type ca- value ca-type ca-value  lldp location-id civic-address civic-address country- code ca-type ca-value ca-type ca-value ca-type ca-value ca-type ca- value ca-type ca-value ca-type ca-value ...
Page 687 Purpose Procedure View 1. Access the common user view, privileged user view, global information about configuration view, or interface configuration view. an LLDP interface 2. Run the following commands:  show lldp interface  show lldp interface { ethernet | xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number ...
Page 688: Configuration Example
Purpose Procedure of a specified 2. Run the command show lldp local interface { ethernet | interface xgigaethernet | 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } interface-number. Clear the 1. Access the global configuration view. counter of an 2. Access the interface configuration view or interface group LLDP interface configuration view.
Page 689 Following the above-mentioned steps, a full topology and configuration information of each device are obtained, as shown in Figure 13-3. Network Diagram Figure 13-3 LLDP configuration network diagram Configuration Suggestion On Switch_1, set the LLDP working mode to Rx-Tx and the management address to 10.1.1.1. On Switch_2, set the LLDP working mode to Rx-Tx and the management address to 10.1.1.2.
Page 690 2. Configure Switch_2. Switch_2(config)#interface 10gigaethernet 1/0/1 Switch_2(config-10ge1/0/1)#no shutdown Switch_2(config-10ge1/0/1)#lldp admin-status rx-tx Switch_2(config-10ge1/0/1)#lldp management-address 10.1.1.2 enable 3. Configure Switch_3. Switch_3(config)#interface 10gigaethernet 1/0/1 Switch_3(config-10ge1/0/1)#no shutdown Switch_3(config-10ge1/0/1)#lldp admin-status rx-tx Switch_3(config-10ge1/0/1)#lldp management-address 10.1.1.3 enable 4. Configure Switch_4. Switch_4(config)#interface 10gigaethernet 1/0/1 Switch_4(config-10ge1/0/1)#no shutdown Switch_4(config-10ge1/0/1)#lldp admin-status rx-tx Switch_4(config-10ge1/0/1)#lldp management-address 10.1.1.4 enable 5.
Page 691: Configuring Packet Capturing
13.5 Configuring Packet Capturing 13.5.1 Overview of CPU Packet Capturing When CPU debugging is enabled, you can view details of CPU transmission and receiving. This function can be used to debug the device when a device fault occurs. 13.5.2 Maintenance and Debugging Purpose This section describes how to view data packets sent by the device to the CPU when a device fault occurs.
Page 692 Purpose Procedure  capture cpupkt interface mgt-eth mgt-eth-number { arp | lldp | loopback | dot3ah | lacp | dot1x | cfm | y1731 | g8032 | g8031 | eaps | dlip | mlag | mpls | stp | isis | iss | bfd | sync | arp | ip | ospf | igmp | icmp | udp | dhcp | ldp-hello | bfd-udp | tcp | bgp | ldp-tcp | ipv6 | icmpv6 | icmpv6-echo-request | icmpv6-echo- reply | icmpv6-rs | icmpv6-ra | icmpv6-ns | icmpv6-na | icmpv6-...
Page 693 Purpose Procedure reply | icmpv6-rs | icmpv6-ra | icmpv6-ns | icmpv6-na | icmpv6- redirect | ospfv3 | all | other } statistic  show cpupkt interface mgt-eth mgt-eth-number { arp | lldp | loopback | dot3ah | lacp | dot1x | cfm | y1731 | g8032 | g8031 | eaps | dlip | mlag | mpls | stp | isis | iss | bfd | sync | arp | ip | ospf | igmp | icmp | udp | dhcp | ldp-hello | bfd-udp | tcp | bgp | ldp-tcp | ipv6 | icmpv6 | icmpv6-echo-request | icmpv6-echo-...
Page 694: Configuring Telemetry
13.6 Configuring Telemetry 13.6.1 Telemetry Overview Telemetry is a technology that remotely collects data at a high speed from physical devices or virtual devices. Devices periodically send information such as interface traffic statistics and CPU or memory data to the collector in push mode. Compared with the question-and-answer interaction provided by the traditional pull mode, the push mode provides a more real-time and high-speed data collection function.
Page 695: Configuring Sampling Data
13.6.3 Configuring Sampling Data Purpose Before configuring Telemetry static subscription sampling data, you must create a sampling sensor group and specify the sampling path and filter conditions. Procedure Perform the corresponding steps according to different purposes, as shown below. For parameter description, see Switch Command Reference Manual.
Page 696: Maintenance And Debugging
13.6.4 Maintenance and Debugging Purpose This section describes how to check, debug or locate the fault when the Telemetry function fails to work. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure View the configuration 1.
Page 697: Configuring Nqa
13.7 Configuring NQA 13.7.1 Overview of NQA Features of the quality analysis (NQA):  Test type: ICMP-Echo  NQA association  Threshold alarms 13.7.2 NQA Test Mechanism ICMP-Echo test mechanism Compliant with RFC-2925, the ICMP-echo test is run by sending ICMP packets to calculate the network response time and packet loss rate.
Page 698: Configuring An Icmp-Echo Test
NQA association comprises three modules: Monitoring module: Monitors link states, network performance, and the like, and notifies the track module of the detection results. Track module: After receiving detection results from the monitoring module, the track module changes the track item status in time and notifies the application module. Note that the track module resides between the application module and monitoring module, which can block differences of different monitoring modules and provide a unified interface for different application modules.
Page 699: Configuring Json-Rpc
Purpose Procedure relevant test  DUT2 (config-nqa-123-456)#type icmp-echo parameters.  DUT2 (nqa-123-456-icmp-echo)#destination ip 3.3.3.1 Configuring 1. Enter global configuration view. optional 2. Run the following commands: parameters  DUT2 (nqa-123-456-icmp-echo)#probe count 10  DUT2 (nqa-123-456-icmp-echo)#probe timeout 500  DUT2 (nqa-123-456-icmp-echo)# frequency 5000 Configuring 1.
Page 700 The format of JSON-RPC protocol compliant data sent or received by the user is as follows:  The user request URL is http://{api_ip}:{api_port}/command-api The parameter api_ip is the network IP address of the interface service, which can be configured through the out-of-band management port or the service port, and api_port is the request port, which is 8080 by default.
Page 701: Error Code
The format of a JSON-RPC response is "jsonrpc": "2.0", "result": [ // Return of command line 1 "sourceDetails": "!Device running configuration:\n!version V410R240.." // Return of command line 2 "sourceDetails": " %Enter configuration commands.End with Ctrl+Z or command 'quit' & 'end'\n" // Return of command line 3 "errorCode": -3001, // Error code...
Page 702: Configuring Basic Json-Rpc Functions
 API error codes Error Code Meaning -1000 Common error -2000 Internal error -2001 JSON-RPC API version not supported -2002 paramas and cmds attributes for JSON-RPC not specified -2003 Return method not support. Data must be in json or text format.
Page 703 Purpose Procedure Access the global configuration view. Starting / Run the batch-cmd jsonrpc enable command to start services. stopping services Run the batch-cmd jsonrpc disable command to stop services. Access the global view. Run the batch-cmd jsonrpc bind-ip ip-address command to set an IP Setting an IP address for interface services.
Page 704: Configuring User Authentication
13.8.3 Configuring User Authentication Purpose This section introduces how to authenticate accounts for JSON-RPC interface services and set users' privileges. Procedure The JSON-RPC interface services use the same account system with the network management system of the switches. The account setting procedures are the same as those for the network management system.
Page 705 Figure 13-4 Network diagram of upgrading the switch locally Preparations Before using SecureCRT to log in to the switch via serial port, configure the baud rate on SecureCRT to 115200, and select the number of the PC serial port connected to the switch, as shown in the following figure.
Page 706 Log in to the switch through the serial port and enter the username and password. Run the configure command to access the global configuration view. Run the interface mgt-eth 0/0/0 command to access the out-of-bound interface configuration view. Run the ip address 223.1.10.103/24command to configure an IP address for the switch (in the same network segment of the IP address of the PC network card).
Page 707 After the upgrade file is downloaded, run the upgrade os system all command to upgrade the switch version. After the switch is upgraded, run the reboot command to restart the switch. Check after Upgrading After the switch is restarted, log in to the switch through the serial port and enter the default username and password.
Page 708: Configuring L3Vpn
13.10 Configuring L3VPN 13.10.1 Overview of L3VPN Introduction Multiprotocol Label Switching (MPLS) L3VPN is a type of provider edge (PE)-based L3VPN technology in the VPN solution designed for service providers (SPs). It uses BGP to distribute VPN routes and uses MPLS to forward VPN packets in the SP backbone network.
Page 709: Packet Forwarding
 A PE router is located at the edge of the SP network and is directly connected to the user CE. In an MPLS network, all processing on VPN occurs on PE.  A P router is the backbone router in the SP network. It is not directly connected to CE and only requires the basic MPLS forwarding capability.
Page 710 Figure 13-6 VPN packet forwarding diagram Site 1 sends an IP packet whose destination address is 1.1.1.2, and the packet is transmitted by CE 1 to PE 1. PE 1 searches for the VPN instance table entry according to the interface and destination address to be reached by the packet, forwards the packet after matching, and adds double tags (inner layer and outer layer tags) to the packet.
Page 711: Configuring L3Vpn
Routing information exchange from local CE to ingress PE: After establishing an adjacency relationship with the directly connected PE, CE distributes the VPN route of the local site to PE. Routing protocols such as static routing, RIP, OSPF, IS-IS, or EBGP can be used between CE and PE. No matter which type of routing protocol is used, CE always distributes standard IPv4 routes to PE.
Page 712: Creating A Vpn Instance
13.10.2.1 Creating a VPN Instance Purpose This section describes how to create a VPN instance and access the VPN instance view. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Create a 1. Run the configure command to access the global configuration view. VPN instance 2.
Page 713: Configuring A Vpn Target
13.10.2.3 Configuring a VPN Target Purpose This section describes how to configure a VPN target. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure a 1. Run the configure command to access the global configuration view. VPN target 2.
Page 714: Configuring The Descriptive Information Of A Vpn Instance
13.10.2.4 Configuring the Descriptive Information of a VPN Instance Purpose This section describes how to configure the descriptive information of a VPN instance. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Configure 1. Run the configure command to access the global configuration view. the descriptive 2.
Page 715: Maintenance And Debugging
Caution 1. Running the ip binding vpn-instance command will delete the L3 attributes (such as IP address and routing protocol) configured on the interface. Reconfiguration is required if necessary. 2. The same interface cannot be used as the AC interface of both L2VPN and L3VPN. After an interface is bound to L2VPN, the L3 attributes (such as IP address and routing protocol) configured on the interface become invalid.
Page 716 Purpose Procedure instance name command in the global configuration view to access the VPN instance configuration view. 2. Run the following commands:  show ip vpn-instance verbose; show ip vpn-instance vpn-instance-name verbose  Display the 1. Remain in the current privileged user view, or run the configure configuration of a command to access the global configuration view, or run the ip vpn- VPN instance...
Page 717 Purpose Procedure  import-rib public protocol static route-policy policy- name;  import-rib vpn-instance vpn-instance-name protocol static; import-rib vpn-instance vpn-instance-name protocol  static route-policy policy-name;  no import-rib public protocol static; no import-rib vpn-instance vpn-instance-name  protocol static. Import a VPN 1.
Page 718: Chapter 14 Configuring Data Center Features
Chapter 14 Configuring Data Center Features This chapter describes the basic content, configuration procedure, and configuration examples of VXLAN. 14.1 Configuring VXLAN 14.1.1 VXLAN Overview Restrictions of traditional data center networks have facilitated emergence of new technologies. Virtual Extensible Local Area Network (VXLAN) is a result of joint efforts of global renowned vendors such as VMware and Cisco.
Page 719: Vxlan Data Encapsulation Format
As shown in Figure 14-1, VXLAN is added with the following new elements:  VXLAN Tunnel Endpoints (VTEPs) VTEPs are edge devices in VXLAN and the start and end points of a VXLAN tunnel. All VXLAN packets are processed on VTEP. A VTEP can be either an independent network device or a server where a virtual machine is located.
Page 720 As shown in Figure 14-2, VXLAN adopts the MAC-in-UDP encapsulation mode. It encapsulates the original data packet with a specific VXLAN header at the VTEP entrance and transmits the packet to the peer VTEP through a VXLAN tunnel, at which the packet is decapsulated (removing the header) and sent to the destination machine.
Page 721: Vxlan Packet Forwarding Mechanism
14.1.1.3 VXLAN Packet Forwarding Mechanism Establish a VXLAN Tunnel Figure 14-3 Network diagram of establishing a VXLAN Tunnel As shown in Figure 14-3, the network has multiple VTEPs. Then, between which VTEPs do we need to establish a VXLAN tunnel? As we know, through the VXLAN tunnel, the L2 domains can break through the physical boundaries and realize the communication between VMs in L2 network.
Page 722 Figure 14-4 Network diagram of establishing a VXLAN tunnel Packets Entering a VXLAN Tunnel Not all packets entering the switch will pass through the VXLAN tunnel (or the packets may just undergo the ordinary L2 or L3 forwarding process). Three types of interfaces are defined in traditional networks: Access, Trunk, and Hybrid.
Page 723 Stream Types Packets Processing before Processing after receiving and encapsulati Allowed to Enter a encapsulating packets decapsulating VXLAN packets on type VXLAN Tunnel dot1q Only packets with Before VXLAN After VXLAN decapsulation: the specified VLAN encapsulation, the If the inner original packet tag are allowed to outer VLAN tag of the carries a VLAN tag, replace this...
Page 724: Configuring A Vxlan
14.1.2 Configuring a VXLAN Purpose This section describes how to configure a VXLAN. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Create a BD and 1. Run the configure command. access the BD 2. Run the bridge-domain bd-id command. configuration view Delete a BD 1.
Page 725 Purpose Procedure Configure a VLAN 1. Run the configure command. for a sub-interface 2. Run the command interface { ethernet | xgigaethernet | with the 10gigaethernet | 25gigaethernet | 40gigaethernet | 100gigaethernet } encapsulation mode interface-number. dot1q 3. Run the encapsulation dot1q vlan-id command Delete the VLAN 1.
Page 726: Configuring Grpc Logs
Purpose Procedure Delete the source 1. Run the configure command. IP address of a 2. Run the interface nve nve-id command. tunnel 3. Run the no tunnel source command. Enable the switch 1. Run the configure command. to forward or drop 2.
Page 727: Configuring Did
14.1.4 Configuring DID Purpose This section describes how to configure the destination IP detect (DID) function. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Debug DID 1. Remain in the privileged user view. 2. Run the debug did { event | detect | cmd | off | all } command. View the DID peer 1.
Page 728: Configuration Example
Purpose Procedure Display VNI 1. Run the corresponding command to access the privileged user information view or global configuration view. 2. Run the show vxlan vni command. Display information 1. Run the corresponding command to access the privileged user about VXLAN view or global configuration view.
Page 729 Configuration Suggestion Configure basic VXLAN L2 interconnection functions as follows: 1. Create an L3 connection between VTEP1 and VTEP2. 2. Bind sub-interfaces to BDs at the access side of VTEP1 and VTEP2. 3. Configure an NVE interface and tunnel for VTEP1 and VTEP2. Data Preparation Prepare the following data to complete the configuration in this example: Network interface through which network members can interconnect with each other.
Page 730 VTEP1(config-vlan-20)#exit VTEP1(config)#interface 10gigaethernet 1/0/2 VTEP1(config-10ge1/0/2)#no shutdown VTEP1(config-10ge1/0/2)#port hybrid vlan 20 untagged VTEP1(config-10ge1/0/2)#port hybrid pvid 20 VTEP1(config-10ge1/0/2)#exit # Configure a VXLAN tunnel for the NVE interface. VTEP1(config)#interface nve 1 VTEP1(config-nve-1)#tunnel source 10.18.1.1 VTEP1(config-nve-1)#vni 100 ucast-peer 10.18.1.2 VTEP1(config-nve-1)#exit Step 2 Configure VTEP2 in the same way as VTEP1 with reversed source and destination tunnel addresses.
Page 731: Typical Scenario (Static Tunnel) In Which Users In Different Network Segments Interconnect With Each Other Through A Vxlan Tunnel
VTEP2(config-nve-1)#vni 100 ucast-peer 10.18.1.1 VTEP2(config-nve-1)#exit Step 3 Debug VXLAN. After configuring VTEP1 and VTEP2, ping PC3 from PC1. If PC3 cannot be pinged, view the MAC address tables on VTEP1 and VTEP2 and check whether the MAC address of the PC3 VXLAN tunnel is displayed on VTEP1 and whether the MAC address of the PC1 on VTEP2.
Page 732 Configuration Suggestion Configure basic VXLAN L3 interconnection functions as follows: 1. Create an L3 connection among VTEP1, L3GW, and VTEP2. Established a VXLAN tunnel between VTEP1 and L3 gateway, and between VTEP2 and L3 gateway. 2. Bind sub-interfaces to BDs at the access side of VTEP1 and VTEP2. Configure an NVE interface and tunnel at the network side of VTEP1 and VTEP2.
Page 733 VTEP1(config-10ge1/0/1.1)#encapsulation untag 5 VTEP1(config-10ge1/0/1.1)#bridge-domain bind 1 VTEP1(config-10ge1/0/1.1)#exit # Configure a network interface connecting with L3GW. VTEP1(config)#interface vlan 10 VTEP1(config-vlan-10)#ip address 10.18.1.1 255.255.255.0 VTEP1(config-vlan-10)#exit VTEP1(config)#interface 10gigaethernet 1/0/2 VTEP1(config-10ge1/0/2)#no shutdown VTEP1(config-10ge1/0/2)#port hybrid vlan 10 untagged VTEP1(config-10ge1/0/2)#port hybrid pvid 10 VTEP1(config-10ge1/0/2)#exit # Configure a VXLAN tunnel for the NVE interface. VTEP1(config)#interface nve 1 VTEP1(config-nve-1)#tunnel source 10.18.1.1 VTEP1(config-nve-1)#vni 100 ucast-peer 10.18.1.2...
Page 734 VTEP2(config-10ge1/0/2)#port hybrid pvid 20 VTEP2(config-10ge1/0/2)#exit # Configure a VXLAN tunnel for the NVE interface. VTEP2(config)#interface nve 1 VTEP2(config-nve-1)#tunnel source 10.18.2.1 VTEP2(config-nve-1)#vni 200 ucast-peer 10.18.2.2 VTEP2(config-nve-1)#exit Step 3 Configure L3GW. # Configure an L3 interface for interconnecting with VTEP1 and VTEP2. L3GW(config)#interface vlan 10 L3GW(config-vlan-10)#ip address 10.18.1.2 255.255.255.0 L3GW(config-vlan-10)#exit...
Page 735 L3GW(config)#bridge-domain 1 L3GW(config-bridge-domain -1)#vxlan vni 100 L3GW(config-bridge-domain-1)#exit L3GW(config)#interface bridge-domain 1 L3GW(config-if-bridge-domain1)#ip address 10.18.3.254 255.255.255.0 L3GW(config-if-bridge-domain1)# exit L3GW(config)#bridge-domain 2 L3GW(config-bridge-domain-2)#vxlan vni 200 L3GW(config-bridge-domain-2)#exit L3GW(config)#interface bridge-domain 2 L3GW(config-if-bridge-domain2)#ip address 10.18.4.254 255.255.255.0 L3GW(config-if-bridge-domain2)#exit Step 4 Debug VXLAN. After configuring VTEP1, VTEP2, and L3GW, ping PC3 from PC1. If PC3 cannot be pinged, view the ARP address table on L3GW and check whether ARPs of PC1 and PC3 VXLAN tunnel are displayed.
Page 736: Configuring Evpn
14.2 Configuring EVPN 14.2.1 EVPN Overview Ethernet Virtual Private Network (EVPN) is an L2 VPN technology. The control plane uses MP-BGP to advertise EVPN routing information, and the data plane uses VXLAN encapsulation to forward packets. EVPN has the following features except for the advantages of MP-BGP and VXLAN: Simple configuration: It realizes automatic discovery of VTEPs, automatic ...
Page 737: Maintenance And Debugging
Purpose Procedure 3. Run the no evpn command. Configure an RD 1. Run the configure command to access the global configuration for an EVPN view. instance 2. Run the bridge-domain bd-id command to access the BD configuration view. 3. Run the evpn command to access the EVPN instance. 4.
Page 738 Purpose Procedure 2. Run the no debug evpn { error | nm | event | all } command. View 1. Run the configure command to access the global configuration view or information remain in the privileged user view. about an EVPN 2.
Page 739: Configuration Example
14.2.4 Configuration Example Network Requirements In an EVPN-based data center L2 application scenario, it is required that S2 and S3 can interconnect with each other at L2 and VMA and VMG can access each other. Network Diagram Figure 14-7 EVPN network diagram Configuration 1.
Page 740 S1(config-10ge1/0/1)#port trunk allow-pass vlan 4000 S1(config-10ge1/0/1)#quit S1(config)#interface xgigaethernet 1/0/2 S1(config-10ge1/0/2)#port link-type trunk S1(config-10ge1/0/2)#port trunk allow-pass vlan 4001 S1(config-10ge1/0/2)# // Configure S2: Switch(config)# Switch(config)#hostname S2 S2(config)#vlan 4000 S2(vlan-4000)#quit S2(config)#interface xgigaethernet 1/0/1 S2(config-10ge1/0/1)#port link-type trunk S2(config-10ge1/0/1)#port trunk allow-pass vlan 4000 S2(config-10ge1/0/1)# // Configure S3: Switch(config)# Switch(config)#hostname S3 S3(config)#vlan 4001...
Page 741 S1(config)#interface vlan 4001 S1(config-vlan-4001)#ip address 2.1.2.1/24 S1(config-vlan-4001)#quit S1(config)# // Configure S2: S2(config)# S2(config)#interface loopback 1 S2(config-loopback-1)#ip address 1.1.1.2/32 S2(config-loopback-1)#quit S2(config)#interface vlan 4000 S2(config-vlan-4000)#ip address 2.1.1.2/24 S2(config-vlan-4000)#quit S2(config)# // Configure S3: S3(config)# S3(config)#interface loopback 1 S3(config-loopback-1)#ip address 1.1.1.3/32 S3(config-loopback-1)#quit S3(config)#interface vlan 4001 S3(config-vlan-4001)#ip address 2.1.2.2/24 S3(config-vlan-4001)#quit S3(config)#...
Page 742 // Configure S2: S2(config)#router ospf 1 S2(config-ospf-1)#network 1.1.1.2 255.255.255.255 area 0 S2(config-ospf-1)#network 2.1.1.0 255.255.255.0 area 0 S2(config-ospf-1)# // Configure S3: S3(config)#router ospf 1 S3(config-ospf-1)#network 1.1.1.3 255.255.255.255 area 0 S3(config-ospf-1)#network 2.1.2.0 255.255.255.0 area 0 S3(config-ospf-1)# 4. After the OSPF route is configured, loopback interfaces can be connected with each other. Take S2 ping S3 as an example.
Page 743 // Configure S3: S3(config)#bridge-domain 401 S2(config-bridge-domain401)#vxlan vni 401 S2(config-bridge-domain401)#evpn S2(config-bridge-domain401)#evpn route-distinguisher 1:401 S2(config-bridge-domain401)#evpn vpn-target 1:401 both 6. Set the NVE neighbor learning protocol on S2 and S3 to BGP. // Configure S2: S2(config)#interface nve 2 S2(config-nve2)#tunnel source 1.1.1.2 S2(config-nve2)#vni 401 replication-protocol bgp // Configure S3: S3(config)#interface nve 2 S3(config-nve2)#tunnel source 1.1.1.3...
Page 744: Configuring Netconf
14.3 Configuring NETCONF 14.3.1 NETCONF Overview Overview of NETCONF Network Configuration Protocol (NETCONF) is an effective method to solve configuration problems in network management and considered as a next-generation network management protocol. NETCONF is defined in RFC 6241 to replace the Command Line Interface (CLI), Simple Network Management Protocol (SNMP), and other proprietary configuration mechanisms.
Page 745: Configuring Netconf
14.3.2 Configuring NETCONF Purpose This section describes how to configure NETCONF. Procedure Perform the corresponding steps according to different purposes, as shown below. Purpose Procedure Enable or disable 1. Run the configure command to access the global configuration the NETCONF view.
Page 746 Preparation You have deployed NETCONF Manager. Configuration 1. Configure an IP address for Switch management network interface. Switch(config)#interface ethernet 0/0/0 Switch(config-eth0/0/0)#ip address 10.1.1.1/24 Switch(config-eth0/0/0)#quit Switch(config)# 2. Configure SSH. Switch(config)#sshd Switch(config)#ssh 10.1.1.12 user client1 Switch(config)#ssh login local 3. Enable NETCONF. Switch(config)#netconf enable...
Page 747: Chapter 15 Virtualization Configuration
Chapter 15 Virtualization Configuration This chapter describes the basics, configuration process, and configuration examples of virtualization configuration for switches. 15.1 Stack Command Configuration 15.1.1 Overview of Stack Commands Main features of the ISS protocol  Powerful network scalability. A stack system can be easily extended by adding member devices to improve its processing capability and increase ports and bandwidth.
Page 748: Stack Port
Switching from stack mode to standalone mode clears all service configurations and stack- related configurations, while switching from standalone mode to stack mode automatically saves the stack configurations. A device in standalone mode runs in the same way as an ordinary device. It can only be stacked in stack mode with other devices which are also in stack mode.
Page 749: Member Priority
Figure 15-2 Stack System Stack Domain Stack domain ID is a mandatory attribute when you enable stack for a device (stack member). Only members with the same stack domain ID can form a stack. Member number The member number is an attribute of a stack member, which is unique in a stack. This member number must be configured before switching from standalone mode to stack mode.
Page 750: How A Switch Stack Works
15.1.2 How a Switch Stack Works How to create a switch stack Physical connections Stack members are connected to each other through stack ports. Each switch has two default stack connections: Stack Connection 1 and Stack Connection 2. If the switch uses dedicated stack ports (e.g., Higig ports), the stack connection is set when the system initially detects the stack ports.
Page 751 During topology collection, a member number conflict may occur between different sites. The member number will be selected as per certain rules. The stack port not selected will be shut down and automatically detached from the stack system. Member sites that are automatically detached can only be added to the stack again after a manual intervention to change the member number and reboot.
Page 752 Online removal of a master member As shown in the figure below, after master member 1 is removed from a stack, the system re-elects a master named master member 2 and now comprises only one member. Figure 15-5 Online removal of a master member Online removal of a slave member As shown in the figure below, after slave member 2 is removed from a stack, the role of master member 1 is unchanged.
Page 753 As shown in the figure below, after stack splitting, stack system 1 still operates properly since its master (i.e., master member 1) does not change. Nevertheless, stack system 2 elects slave member 2 as its master. These two stack systems run independently. Figure 15-7 Splitting of a Stack Note that two independent stacks using the same system configuration (MAC/IP) may lead to anomalies in the switch system.
Page 754: Configuring The Link Topology
Figure 15-8 Merging of Stacks 15.1.3 Configuring the Link Topology Purpose Configure the link topology. Procedure Connect port 1 of Site 1 to port 1 of Site 2. Perform appropriate steps for your purposes by referring to the table below, and refer to the Switch Command Line Manual for parameter descriptions.
Page 755 Site Purpose Procedure  Switch(config-stack-port-1) no shutdown  Switch(config-stack-port-1) quit Switching to stack 1. Enter the global configuration view. mode (reboot 2. Run the Switch (config)#iss mode iss required, select "Y") command. 1. Enter the global configuration view. Setting 2. Run the following commands: member ID ...
Page 756 1. Overview Thank you for purchasing PLANET 800-watt AC power supply. Power Supply Unit Input Range DCS-PWR800-AC 90 to 264V AC Open the box of the Redundant Power Supply unit and carefully unpack it. The box should contain the following item:...
Page 757 Figure 4-1: Removing the power supply unit Copyright © PLANET Technology Corp. 2024. Contents are subject to revision without prior notice. PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners. – 7 –...

This manual is also suitable for:

Dcs-7342-48y8c