SignaMax 065-7434 Configuration Manual

24-port 10/100 l3 switch

page of 669

/ 669
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

24-Port 10/100 L3 Switch

Model:

065-7434

Configuration Guide

Revision A1

Table of Contents

Need help?

Do you have a question about the 065-7434 and is the answer not in the manual?

Questions and answers

Summary of Contents for SignaMax 065-7434

Page 1: Configuration Guide
24-Port 10/100 L3 Switch Model: 065-7434 Configuration Guide Revision A1...
Page 2: Table Of Contents
Example of configuring a switch to serve as a ftp server ....................... 63 & C ..........63 ANAGE YSTEM UTHENTICATION OMMAND IERARCHICAL UTHORIZATION Overview ................................. 64 Basic Commands ..............................64 Modify User Level ..............................64 2 SIGNAMAX LLC • www.signamax.eu...
Page 3 Configure Port-based VLAN ..........................111 Mode Types of Ports ................................111 Default VLAN of Ports ................................ 112 MAC-B VLAN ..............................112 ASED IP-S VLAN ............................112 UBNET ASED -VLAN ............................113 ROTOCOL BASED VLAN D ............................113 IVISION RIORITY 3 SIGNAMAX LLC • www.signamax.eu...
Page 4 ......................... 161 ROTOCOL NTER PERATION MSTP P ........................... 162 ROTECTION EATURES ............................166 PPLICATION XAMPLES & M MSTP ............................. 168 ISPLAY AINTAIN Display Command Examples ..........................168 Debugging Commands ............................170 Debugging Command Examples ........................... 170 4 SIGNAMAX LLC • www.signamax.eu...
Page 5 Basic Commands ..............................197 Application Examples ............................199 Monitoring & Debugging ............................200 Monitoring Commands ................................ 200 Monitoring Command Examples ............................200 Debugging Commands ................................ 201 Debugging Command Examples ............................201 IGMP S ................................ 202 NOOPING 5 SIGNAMAX LLC • www.signamax.eu...
Page 6 .................................. 239 VERVIEW ..............................242 ASIC OMMANDS Application Example ............................. 245 Monitoring & Debugging ............................246 Monitoring Commands ................................ 246 Example of Monitoring Commands ............................. 247 Debugging Command ................................249 Example of Debugging Command ............................249 6 SIGNAMAX LLC • www.signamax.eu...
Page 7 Monitoring & Debugging of Port-Isolate ......................281 Monitoring Commands ................................ 281 Monitoring Commands: Example ............................281 ATTACK DETECTION ............................... 282 ........................282 SEUDO SOURCE DDRESS ETECTION Overview ................................282 Basic Commands ..............................283 ..............................283 TTACK ETECTION 7 SIGNAMAX LLC • www.signamax.eu...
Page 8 Basic Commands for Configuring IP Addresses ....................305 Allocate IP Addresses to Interface ........................305 Example ....................................307 Viewing IP Address Configuration ........................308 IP P ................................308 ROTOCOL Basic Commands for Configuring IP Protocol ..................... 309 8 SIGNAMAX LLC • www.signamax.eu...
Page 9 UDP P ................................324 ROTOCOL Basic Commands for Configuring UDP ........................ 324 Configure UDP Protocol Attributes ........................325 Configure Time-To-Time Live of Sending UDP Data Packet ....................325 Configure UDP Accepting recvbuffers Size ........................325 9 SIGNAMAX LLC • www.signamax.eu...
Page 10 ................................366 OSPF D ........................1 YNAMIC OUTE ONFIGURATION Overview ................................... 1 OSPF Basic Commands ............................2 Commands for Configuring OSPF Process..........................2 Commands for Configuring OSPF Area ..........................4 Commands for Configuring OSPF Interface ..........................5 10 SIGNAMAX LLC • www.signamax.eu...
Page 11 Debugging Commands ................................42 Debugging Command Example ............................. 43 ACL CONFIGURATION ............................... 46 ..................................47 VERVIEW Basic Concept ................................47 ACL Classification ..............................48 IP S ........................49 ONFIGURE TANDARD CCESS Basic Commands ..............................49 11 SIGNAMAX LLC • www.signamax.eu...
Page 12 Overview ................................105 Basic Commands ..............................105 Application Example ............................. 107 Monitoring & Debugging ............................107 Commands for Monitoring ..............................107 Example of Monitoring ................................ 107 ............................108 UEUE CHEDULING Overview ................................108 Basic Commands ..............................108 12 SIGNAMAX LLC • www.signamax.eu...
Page 13 ..........................132 ONFIGURATION XAMPLES AAA ..........................134 HECKING AND EBUGGING CONFIGURE EAPS ..............................136 EAPS Basic Commands ............................136 EAPS Configuration Example ..........................142 Configure EAPS Single Ring............................... 142 Configure EAPS sub Rings ..............................144 13 SIGNAMAX LLC • www.signamax.eu...
Page 14 Monitoring Command ................................. 181 Monitoring Command Examples ............................181 Debugging Commands ................................ 184 Debugging Command Examples ............................185 OAM P ............................186 THERNET ROTOCOL Overview ................................186 Basic Commands ..............................187 Application Examples ............................199 14 SIGNAMAX LLC • www.signamax.eu...
Page 15 ..........................243 ONFIGURATION XAMPLE Application Example ............................. 243 ..........................244 ONITORING AND EBUGGING Monitoring Command ............................244 Monitoring Command Example ..........................244 Debugging Command ............................246 Debugging Command Example ..........................246 CONFIGURE POE ............................... 247 15 SIGNAMAX LLC • www.signamax.eu...
Page 16 .................................. 247 VERVIEW POE Function Supported By Signamax Switches....................247 & Q POE ............................248 ONFIGURE UERY Configure POE ..............................248 Query POE Function ............................. 252 Display POE Command ............................... 252 SOFTWARE UPGRADE ............................. 255 ROOT P ..........................255 PGRADE OF ROGRAM Upgrade Hex File of Monitor Program via Console Interface ................
Page 17 Application Example of Loopback ............................297 Monitoring and Debugging of Loopback Detection ....................298 Monitoring Commands of Loopback Detection ........................298 Monitoring Command Examples ............................298 Debugging Commands ................................ 299 Debugging Command Example ..........................299 17 SIGNAMAX LLC • www.signamax.eu...
Page 18: System Foundation
SNMP network management system, please refer to the specification of the network system. Command Operation Modes One Signamax switch provides a specified command-dealing subsystem for managing and executing the system commands, it is called shell. Main functions are as follows: Register the system commands •...
Page 19 For other configuration modes, please refer to the related chapters. Table 1-1 describes how to enter the different command modes and how to switch among them. Table 1-1 system modes and the methods for switching among them: 19 SIGNAMAX LLC • www.signamax.eu...
Page 20 To enter the mode via the switch(config-voice- To run the command exit configuration command voice-port in the port)# to return to the global mode global configuration mode, configuration mode and meanwhile specify the related parameters 20 SIGNAMAX LLC • www.signamax.eu...
Page 21 Switch is the default system name when it leaves the factory. Users can rename the system name by executing the command hostname in the global configuration mode. The change takes effect immediately. 21 SIGNAMAX LLC • www.signamax.eu...
Page 22 The public key chain configuration mode Nam ed- key or addr essed- key The public key configuration mode i p dhcp pool DHCP Configuration mode Figure 1-1 the structure mode of commands 22 SIGNAMAX LLC • www.signamax.eu...
Page 23: Set Up Configuration Environment
The following example explains the HyperTerminal program running in Windows NT: Create connection (figure 1-3) Choose a name for the connection – mp2600 (it can be any other name). Choose a Windows 23 SIGNAMAX LLC • www.signamax.eu...
Page 24 Choose the serial communication port (figure 1-4) COM1 or COM2 can be chose according to the connected serial port. Figure 1-4 choose the serial communication port Configure the parameters of the serial communication port (figure 1-5) Baud ratio——9600bps 24 SIGNAMAX LLC • www.signamax.eu...
Page 25 If configured that login needs to be authenticated, users need to input the user name and password, or press any key to log into directly. The “switch>” prompt is displayed on the terminal after logged into successfully, and then users can configure the switch. 25 SIGNAMAX LLC • www.signamax.eu...
Page 26: Configure Switch Via Telnet
Run the Telnet client application program on the PC in LAN; Configure the default option (preference) of the Telnet terminal: Contents of the configuration should be set as: terminal ->default mode -> simulation option select VT100/ANSI. 26 SIGNAMAX LLC • www.signamax.eu...
Page 27 During configuration of Telnet client program, the option “local response (each display)” should be canceled or it displays contents input by the user adversely effecting the command edit function of shell subsystem. 27 SIGNAMAX LLC • www.signamax.eu...
Page 28 Type in router IP address and establish Telnet connection to the router. Set Host Name as router IP address: 128.255.255.1 Configure port as Telnet (23) Configure terminal type as TCP/IP (Winsock) The other operations are the same as configuration via console interface. 2. Configure via WAN 28 SIGNAMAX LLC • www.signamax.eu...
Page 29 After the address is changed, Telnet may disconnect, the new IP address of the host needs to be input to re-establish the connection. If users log in a Signamax switch from a PC (take WIN2000 as the example), the steps for configuration are as follows: At first, input the user name and password and enter the WIN2000 system;...
Page 30 After the command is executed, the output result is as follows: Connecting to128.255.255.1... Display the system prompt of the switch: switch> Press the key combination “Ctrl ]” to return to the prompt of the telnet program: Microsoft Telnet> 30 SIGNAMAX LLC • www.signamax.eu...
Page 31: Command-Line Interface
Command-line interface provides the following functions for users: Manage the system help information • Input and edit the system commands • Manage the history commands of a interface • Terminal displays the system management • 31 SIGNAMAX LLC • www.signamax.eu...
Page 32 CTRL+F,RIGHT-- current cursor forward a character 2. In any command modes, type “?” to view all commands and the simple description in this command mode. The following table lists commands that can be executed in the privileged user mode. 32 SIGNAMAX LLC • www.signamax.eu...
Page 33 Send a trap to a specified host or all the host in the trap host list show Show running system information Spy some information sshkeygen Generate host key file start Command start sysupdate Update system software telnet Open a telnet connection 33 SIGNAMAX LLC • www.signamax.eu...
Page 34 Print host public key fingerprint flux Show flux information forward Command forward frtimertask Print all tasks scheduled on the frtimer list history Show command history hosts Print current host tables information if-group Interface group info if-list Print ifnet list 34 SIGNAMAX LLC • www.signamax.eu...
Page 35 Show spy switch status ssh-memallocated Show ssh allocated memory stack Print the Process stack utilization information standby Virtual Backup Switch Protocol (VBRP) information startup-config Print system startup configuration information sysadmin Show tasks cared sysjob Print sysJob information 35 SIGNAMAX LLC • www.signamax.eu...
Page 36: Error Message Of Command-Line
Type “*** ?” for a list of subcommands The input command is not complete 或者 % Incomplete command switch#wh The input character string is an unclear command % Ambiguous command: wh % Please select: whoami 36 SIGNAMAX LLC • www.signamax.eu...
Page 37: History Command
Editing Features Command-line interface provides basic command-editing functions supporting multi-line editing with a maximum of 256 characters for each command line. The following table 1-5 lists basic editing functions provided by the subsystem shell. 37 SIGNAMAX LLC • www.signamax.eu...
Page 38: Display Features
Type key ‘-’ or ‘←’ to scroll up one line of the displayed message on screen Type any other keystrokes, the system is not going to display the unfinished messages but display the system prompt directly. 38 SIGNAMAX LLC • www.signamax.eu...
Page 39 The information displayed on screen rolls up one row Enter or “=” or “→” To go on displaying the information of the next row Ctrl-H To return to the beginning of the displayed information Other keys To exit from displaying 39 SIGNAMAX LLC • www.signamax.eu...
Page 40: Configure & Manage System
Configure & Manage System This chapter mainly describes the basic configurations and managements of Signamax s witches, which include the commands for configuring system, managing the user name and password, configuring the parameters of environment, managing the files and viewi ng the system information.
Page 41: Configure System Time
UTC: THU NOV 15 09:36:15 2001 system is UTC. Configure Login Security Service In order to enhance the system security, Signamax switches provide the login security service function. Main functions are as follows: Prevent the brute-force attack on user login password •...
Page 42 The function of preventing the brute-force attack on user login password is to prevent the illegal users from cracking the user name and password used for logging into the Signamax switch. When the system finds that the authentication failure times of continued login from a user reaches the specified times, the system forbids the login connection from that IP address in a given period.
Page 43: Manage System
Example of applying the commands • F ile S ys te m Signamax switches have three kinds of storage mediums. Their functions are as follows: SDRAM i t is used as the space for a switch executing the application programs ：...
Page 44: File System Commands
BootROM file——it is used to store the basic data initialized by system. • Signamax switches construct a DOS-based file system for storing the information that rarely needs to be changed, such as the application programs (protocol software and driver etc.) and BootROM programs of a switch.
Page 45: Examples Of Applying Commands
- # of FAT table copies: /* copies of FAT table */ - # of hidden sectors: /* hidden sectors */ - first cluster is in sector # 24 /* the location of the first cluster in 45 SIGNAMAX LLC • www.signamax.eu...
Page 46: File Management
The examples of applying the commands of file management are as follows: 1. Directory Command Format: Application example: switch(config-fs)#dir size date time name -------- ------ ------ -------- 1930 JAN-01-1980 00:00:00 LOGGING JAN-01-1980 00:00:00 RANDOM 3160 JAN-01-1980 00:00:00 STARTUP 3160 JAN-01-1980 00:00:00 SCRIPT 46 SIGNAMAX LLC • www.signamax.eu...
Page 47 ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:24 random switch(config-fs)#copy flash random flash abc Copying... Completed switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:24 random 47 SIGNAMAX LLC • www.signamax.eu...
Page 48 [vrf vrf-name] dest-ipaddress dest-filename Application example: switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random JAN-01-1980 00:08:26 startup 11577 JAN-01-1980 00:09:10 abc switch(config-fs)#copy flash abc tftp 128.255.42.180 test Completed! switch(config-fs)# 48 SIGNAMAX LLC • www.signamax.eu...
Page 49 Application example: switch(config-fs)#copy startup-config flash abc Copying... Completed switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random JAN-01-1980 00:09:40 startup JAN-01-1980 00:17:08 abc 49 SIGNAMAX LLC • www.signamax.eu...
Page 50 -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random switch(config-fs)#copy running-config flash abc Copying... Completed switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random JAN-01-1980 00:17:08 abc 50 SIGNAMAX LLC • www.signamax.eu...
Page 51 ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random switch(config-fs)#copy running-config startup-config Building Configuration...done switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random JAN-01-1980 00:33:28 startup 51 SIGNAMAX LLC • www.signamax.eu...
Page 52: Application Example
[vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename startup-config Application example: switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random switch(config-fs)#copy ftp 128.255.42.180 123 123 test startup-config Downloading##OK! 52 SIGNAMAX LLC • www.signamax.eu...
Page 53 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random switch(config-fs)#copy tftp 128.255.42.180 test flash abc Downloading##OK! switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random JAN-01-1980 01:01:00 abc switch(config-fs)# 53 SIGNAMAX LLC • www.signamax.eu...
Page 54 -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random switch(config-fs)#xmodemcopy abc 9600 Now ready to receive file.Please send file with XMODEM protocol.If you want to cancel in progress,press CTL+C key... 54 SIGNAMAX LLC • www.signamax.eu...
Page 55 The Data of this file will be lost! if OS is deleted,the system will hangup! Please confirm to continue?(Yes/No)y switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> JAN-01-1980 00:00:26 random switch(config-fs)# 4. View contents of files Command Format: type filename 55 SIGNAMAX LLC • www.signamax.eu...
Page 56: Directory Management
Application example: switch(confgi-fs)#type startup View the contents of the file startup The contexts of file startup hostname switch user Signamax password 0 Signamax 1 enable password OW encrypt enable timeout 0 no service password-encrypt interface loopback0 exit Directory Management The directory management of the switch file system comprises: Print the path that the system locating in;...
Page 57: Manage Configuration File
JAN-01-1980 00:00:00 STARTUP 3160 JAN-01-1980 00:00:00 SCRIPT Manage Configuration File The Contents and Formats of Configuration File The configuration file exists in the file system in the format of text file. The format is as follows: 57 SIGNAMAX LLC • www.signamax.eu...
Page 58 Sort commands according to the relationships among them. All related commands are grouped together and a blank line is used to separate groups. The example of Signamax switch configuration file is as follows: (the detailed meaning of the information is introduced in the following chapters) switch#sh running-config Building Configuration...done...
Page 59 UNI-port-0/3 ethernet uni-type bundling exit port 0/4 port-type uni uni-isolate isolated shutdown ethernet uni-id UNI-port-0/4 ethernet uni-type bundling exit port 0/5 port-type uni uni-isolate isolated shutdown ethernet uni-id UNI-port-0/5 ethernet uni-type bundling exit 59 SIGNAMAX LLC • www.signamax.eu...
Page 60: Load Of Configuration File
L o a d o f Co n fig u ra t io n File The configuration file of a Signamax switch can be edited in a text editor (for example, WordPad) according to the format prescribed in the above section, and can be downloaded to a switch via FTP or TFTP.
Page 61: Save Current System Configuration
The following command can be executed to save the running configuration into the remote host via TFTP: switch#copy running-config tftp A.B.C.D WORD Remote host name saved file name 61 SIGNAMAX LLC • www.signamax.eu...
Page 62: View Current Running Configuration Of Switch
C o n fig u re S witc h t o s e r ve a s F T P s e r ve r Signamax switches can be used as the ftp servers. When a switch serves as an ftp server, it permits the user to access the file system of the switch via ftp mode.
Page 63: Example Of Configuring A Switch To Serve As A Ftp Server
E xa m p le o f c o n f ig u rin g a s witc h to s e r ve a s a ftp s e r ve r In order to make a Signamax switch as an ftp server, the following operations need to be executed...
Page 64: Overview
In order to authorize the executable commands set with different levels for different level of users, the commands of Signamax switch are graded from level 0-15. Here, the level 0 has the lowest right while the level 15 has the highest.
Page 65 4. If no enable password of the corresponding level is configure but the enable authentication means uses the local enable password to authenticate, there are two kinds of situations: 65 SIGNAMAX LLC • www.signamax.eu...
Page 66 For example, execute the command enable 10, then use the fixed user name $enab10$; if the user name exists radius sever, then input user name corresponding password to pass the authentication. 66 SIGNAMAX LLC • www.signamax.eu...
Page 67: Modify Command Level
<Configure AAA >. Modify Command Level Every shell command of Signamax switch IOS has its default level. However the command privileged can be used to modify the default level. Users can only execute the commands whose levels are equal with or lower than the levels of themselves.
Page 68: Example Of Modifying Command Level
Example of Modifying Command Level Configure the level of all sub-commands starting with interface as 2. Command Description switch#configure terminal switch(config)# privilege CONF level 2 command interface To modify the level of the command interface as 2 68 SIGNAMAX LLC • www.signamax.eu...
Page 69: Set Enable Password
To enter the configuration mode of remote config-user authorization ip_addr mask pl_name ip {address ] | pool To set the ip address or the address pool config-user-rset information of a user; pl_name is the name of the address pool 69 SIGNAMAX LLC • www.signamax.eu...
Page 70: Set Line Attributes
IKE extended authentication. Set Line Attributes Signamax series switches support that one console interface user and 16 telnet users and 16 ssh users logging into the device at the same time. Line command can be used to set different attributes for these logins, such as authentications and authorizations.
Page 71 To configure the timeout for user logging in as 60 seconds. switch(config-line)#privilege level 14 To configure the authorized level of a user as 14 switch(config-line)#autocommand show memory To configure to execute the command show memory 71 SIGNAMAX LLC • www.signamax.eu...
Page 72: View Present User Level
Current privilege level is 15 System Tools Command show The types of the information can be viewed via the system command show are as follows: information about the system software and hardware resources • 72 SIGNAMAX LLC • www.signamax.eu...
Page 73 To display the information about the system copyright version To display the information about the versions of the system hardware and software Take 065-7434 Signamax 24-Port 10/100 L3 Switch as an example, partial information is displayed as follows: 1. Display the system stack switch#sh stack...
Page 74 80705230 8669a330 8176 1496 2536 5640 tTffsPTask 802779e8 87fe4cb0 2032 1612 tStaticRt 8049b134 8660dcc0 16368 152 1016 15352 tDot1x 806d6908 85db6de0 6128 5736 tPortMon 806d6908 85da5f60 6128 5828 tElmi 806d6908 85d09c70 20464 300 20164 74 SIGNAMAX LLC • www.signamax.eu...
Page 75 77589184 114580016 32.28% CODE 19632640 19632640 slab 1534292 54496 1588788 96.57% fpss 4784128 4784128 0.00% mbuf 495180 16624824 17120004 2.89% Note: The space of all such memory types exclude code is part of the heap's 75 SIGNAMAX LLC • www.signamax.eu...
Page 76 3. Display the using condition of system buffer switch# show pool detail Driver pool Statistics for the network stack mbuf type number --------- ------ FREE 1024 DATA HEADER SOCKET : 76 SIGNAMAX LLC • www.signamax.eu...
Page 77 SOOPTS FTABLE RIGHTS IFADDR CONTROL : OOBDATA : IPMOPTS : IPMADDR : IFMADDR : MRTABLE : DRV_SCC : DRV_8SA : DRV_8S DRV_16A : DRV_4M336: DRVEXTSCC: DRV_QMC : CPOS M128 ASYNC FPSS ISDN ENCRYPT : RS8234 77 SIGNAMAX LLC • www.signamax.eu...
Page 78 0 number of times waited for space: 0 number of times drained protocols for space: 0 __________________ CLUSTER POOL TABLE _____________________________________________________________________ __________ size clusters free usage ------------------------------------------------------------------------------- 1884 1024 1024 ------------------------------------------------------------------------------- Size: 2078720 bytes 78 SIGNAMAX LLC • www.signamax.eu...
Page 79 SOCKET : RTABLE HTABLE ATABLE SONAME ZOMBIE SOOPTS FTABLE RIGHTS IFADDR CONTROL : OOBDATA : IPMOPTS : IPMADDR : IFMADDR : MRTABLE : DRV_SCC : DRV_8SA : DRV_8S DRV_16A : DRV_4M336: DRVEXTSCC: DRV_QMC : CPOS 79 SIGNAMAX LLC • www.signamax.eu...
Page 80 MPLSINFO : IPSEC IGMP RTSOCK TEST PKTGEN TOTAL 41840 number of mbufs: 41840 number of times failed to find space: 0 number of times waited for space: 0 number of times drained protocols for space: 0 80 SIGNAMAX LLC • www.signamax.eu...
Page 81 2048 ------------------------------------------------------------------------------- Size: 13914880 bytes unregistered pool Statistics for the network stack mbuf type number --------- ------ FREE DATA HEADER SOCKET : RTABLE HTABLE ATABLE SONAME ZOMBIE SOOPTS FTABLE RIGHTS IFADDR CONTROL : OOBDATA : 81 SIGNAMAX LLC • www.signamax.eu...
Page 82 IPMOPTS : IPMADDR : IFMADDR : MRTABLE : DRV_SCC : DRV_8SA : DRV_8S DRV_16A : DRV_4M336: DRVEXTSCC: DRV_QMC : CPOS M128 ASYNC FPSS ISDN ENCRYPT : RS8234 NDSP LABP ADSL MASC LLC2 82 SIGNAMAX LLC • www.signamax.eu...
Page 83 All MBUF pool size : 17120004 bytes 4. Display the information about the system device switch#show device drv name 0 /null 1 /tyCo/0 1 /tyCo/1 3 /flash 3 /flash1 1 /tyCo/M 2 /pipe/temp 3 /config 3 /script 83 SIGNAMAX LLC • www.signamax.eu...
Page 84 6. Display the information about the system version switch#show version Operating System Software 065-7434 Signamax 24-Port 10/100 L3 Switch system image file (flash0: /flash/sp1-g-6.1.0(RL08-ar).bin), version 6.1.0(RL08-ar), Compiled on Aug 12 2008, 17:21:13 Copyright (C) 1999 Signamax (Sichuan) Communication Technology Co., Ltd. All Rights Reserved.
Page 85 MPU CPLD Version : 101 Monitor Version : 1.15 Software Version : 6.1.0(RL08-ar) Software Image File : flash0: /flash/sp1-g-6.1.0(RL08-ar).bin Compiled : Aug 12 2008, 17:21:13 System Uptime is 0 hour 28 minutes 37 seconds 85 SIGNAMAX LLC • www.signamax.eu...
Page 86: Protocol Debugging
7. Display the information about the system copyright 065-7434 Signamax 24-Port 10/100 L3 Switch series modular architecture can incessantly offer clients as many flexible solutions as possible when new services and applications come into exsistence. With full support of the...
Page 87 To configure the log message selected according to config logging monitor {<0-7> | alerts | critical | the severity level and needs to be displayed on the debugging emergencies errors 87 SIGNAMAX LLC • www.signamax.eu...
Page 88 Critical conditions (severity=2) debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) max-size Set max-size parameters notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4) <CR> 88 SIGNAMAX LLC • www.signamax.eu...
Page 89: View Cpu Utilization
The debugging information View CPU Utilization Signamax switches provide tools for viewing the CPU utilization. After enabled the switch for monitoring CPU, users can view the CPU using condition of each task in a period and the total using condition of CPU in a period.
Page 90 866ab0f0 3% ( 3% ( tFwdTask 866a8580 0% ( 0% ( tIfMgt 866914e0 0% ( 0% ( tSDEvent 865b6340 0% ( 0% ( bcmDPC 865a3570 0% ( 0% ( bcmL2X.0 864d38d0 3% ( 3% ( 90 SIGNAMAX LLC • www.signamax.eu...
Page 91 85ea7e00 0% ( 0% ( tPortSec 85daad70 0% ( 0% ( tRtrSla 85e2b8e0 0% ( 0% ( bcmRX3 85fba4d0 0% ( 0% ( bcmRX2 85fb2070 0% ( 0% ( bcmRX1 85fa9c10 0% ( 0% ( 91 SIGNAMAX LLC • www.signamax.eu...
Page 92 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% CPU utilization per minute in the past 60 minutes: 1% 1% 1% 1% 1% 2% CPU utilization per quarter in the past 96 quarters: 92 SIGNAMAX LLC • www.signamax.eu...
Page 93: System Remote Login Service
16 telnet users to be online at the same time. Users can configure the attributes of the telnet login via the command line vty. Meanwhile Signamax switches provide the commands of the telnet client. In the common user mode and the privileged user mode, users can execute the following command to telnet to a device.
Page 94: Ssh
To display the SSH key-pair enable Control Temperature The special models of Signamax switches provide the functions of temperature alarm and system control. Temperature Alarm&System Control When the temperature becomes abnormal and higher than the dormancy temperature, the system automatically enters the dormancy state and sends SNMP TRAP. When the temperature reaches a certain degree, the system automatically recovers to work normally and sends SNMP TRAP.
Page 95: View Status Information&Function Switch
3IN3OUT The special models of Signamax switches provide the functions of three input alarms and three output alarms. Configuration Commands You can describe the alarm name, set alarm disabled or enabled, and set alarm input logic and output logic, which correspond with the input and output system auto lighting.
Page 96: View Status Information
View Status Information The related commands are as follows: Command Description Configuration Mode means display status enable show alarm {in|out} information of all input alarms; out means to display the status information of all output alarms. 96 SIGNAMAX LLC • www.signamax.eu...
Page 97: Configure Ports
Configure Ports This chapter mainly describes the attributes of the ports that Signamax series switches support and how to configure these ports. The contents are as follows: Introduction to ports Configure ports Port The contents of this section: Serial number...
Page 98 P ——Port ：，，， Unit: Indicates the device in a stack; therefore, users need to confirm if the device is in the stacking state when initializing it. The serial number starts from 0. 98 SIGNAMAX LLC • www.signamax.eu...
Page 99: Basic Concept Of Portlist
Port: Indicates physical ports on the device or the card; the serial number of the fixed port on each device, card and sub-card starts from 0. Basic Concept of portlist Whether configuring or displaying, Signamax switches use portlist to select ports. portlist can be one of the following situations: A sing port: such as “0/1”...
Page 100: Enter Port Configuration Mode
“config-port-×/×”; ， Multiple ports r epresented by “config-port-range”. ， When configuring Signamax switches, if you are already in the port configuration mode, you can also re-select or re-configure the port via inputting “port portlist”. 100 SIGNAMAX LLC • www.signamax.eu...
Page 101: Configure Ports
To configure the mode of ports sending signals config-port-×/×, config-port-range To configure the maximum transmission unit config-port-×/×, config-port-range link-delay <second> To configure the reporting delay of state config-port-×/×, config-port-range loopback {external|internal} To perform loop check config-port-×/×, config-port-range 101 SIGNAMAX LLC • www.signamax.eu...
Page 102 Command Description string The character string of the description information of a port Default status: No description information duplex This command is used to configure duplex parameter on one port. duplex {auto|full|half} 102 SIGNAMAX LLC • www.signamax.eu...
Page 103 You can configure storm control for pps(packets per second) and bps(bits per second). To cancel the storm control, use the no format. storm-control {broadcast|multicast|unicast} {pps packets|bps rate-bps} no storm-control {broadcast|multicast|unicast} Syntax Description unicast To control unknown unicast packets 103 SIGNAMAX LLC • www.signamax.eu...
Page 104 After the configuration, the status of the storm control action can be displayed via show storm-control [portlist]. Default status: No storm control action flow control This command is used to configure the flow control of the port. flowcontrol {on|off} Command Description To enable flow control To disable flow control 104 SIGNAMAX LLC • www.signamax.eu...
Page 105 This command is used to configure MTU. mtu num Syntax Description To configure the MTU check of the port; the MTU check is performed only when data packets are input; and the MTU is not checked when data packets 105 SIGNAMAX LLC • www.signamax.eu...
Page 106 After loop check starts, users can cancel it. port-type This command is used to configure the UNI/NNI attribute of the port. To cancel the UNI/NNI attribute, use the no format. port-type {uni|nni} Syntax Description 106 SIGNAMAX LLC • www.signamax.eu...
Page 107: Monitoring & Maintaining
{uni|nni} [ portlist To monitor the UNI/NNI attribute of the port The displayed information includes the UNI/NNI attribute of the port and whether the ports are isolated 107 SIGNAMAX LLC • www.signamax.eu...
Page 108: Monitoring Command Example
The default VLAN of port is 1. Display port statistics switch # show port 0/7 Displayed Result Description and Analysis RxOctets : 18636483 The number of received packet bytes RxUcastPkts : 26525 The number of received unicast 108 SIGNAMAX LLC • www.signamax.eu...
Page 109 1518 bytes and FCS check error or sequence error TotalCollisions The total number of collisions TotalPkts64Octets : 234780 The total number of the packets with 64 bytes TotalPkts65to127Octets : 38003 The total number of the packets with 65-127 bytes 109 SIGNAMAX LLC • www.signamax.eu...
Page 110: Configure Vlan
VLANs cannot communicate with each other directly. VLAN supports IEEE801.Q standard. The value range of VLAN ID is 1-4094. VLAN 1 is the default value and cannot be deleted. 110 SIGNAMAX LLC • www.signamax.eu...
Page 111: Configure Port-Based Vlan
Signamax switches support different VLAN types according to different VLAN division modes. Signamax switches support following VLAN types. Port-based VLAN MAC-address-based VLAN IP-subnet-based VLAN Protocol-based VLAN Configure Port-based VLAN Port-based VLAN is to take a port as a member of the VLAN and add it into the VLAN. The port can forward packets of the VLAN to which the port belongs.
Page 112: Default Vlan Of Ports
VLAN, assign the packet to the corresponding VLAN ID of the network segment. If the packet doesn’t match the network segment configured by the IP subnet VLAN, the packet is assigned to the default VLAN ID of the port. 112 SIGNAMAX LLC • www.signamax.eu...
Page 113: Protocol-Based-Vlan
{all | tag | port config-link-aggregation-x untag} config-port-xxx port mode {access | trunk | *To configure port mode config-link-aggregation-x hybrid} config-port-xxx *To configure Access port to be added to vlanId port access vlan VLAN config-link-aggregation-x 113 SIGNAMAX LLC • www.signamax.eu...
Page 114 This command is used to create the corresponding VLAN of the vlanid. The no format of the command is used to delete the VLAN. vlan vlanId no vlan vlanId Syntax Description vlanId The value range of vlanid is 1-4094. Default status: VLAN 1, which is created automatically by the system Note 114 SIGNAMAX LLC • www.signamax.eu...
Page 115 If the port is configured with vlan dot1q-tunnel, you cannot configure VLAN frame filtering on the port, that is, the port keeps the default configuration and receives all frames. For the configuration of vlan dot1q-tunnel, refer to Chapter 8 of Vlan dot1q tunnel Configuration. 115 SIGNAMAX LLC • www.signamax.eu...
Page 116 The configuration command must be consistent with the port type. Otherwise, the system prompts error information, such as “port 0/1 current mode is not access”. When the Access port is added to VLAN and if the VLAN does not exist, the VLAN is created automatically. Note 116 SIGNAMAX LLC • www.signamax.eu...
Page 117 VLAN and select to mode of exiting the corresponding VLAN. port hybrid vlan vlanId {tagged | untagged} no port hybrid vlan vlanId {tagged | untagged} Syntax Description vlanId The value range of VLAN ID is 1-4094. 117 SIGNAMAX LLC • www.signamax.eu...
Page 118 This command is used to configure the default VLAN (pvid) of Hybrid port. The no format of the command is used to delete the configured default VLAN (pvid) of the port and the default VLAN of the port recovers to 1. port hybrid pvid vlan vlanId no port hybrid pvid vlan 118 SIGNAMAX LLC • www.signamax.eu...
Page 119 VLAN ID is 1-4094. Default status: By default, there are no MAC VLAN items. Note MAC address cannot be broadcast address or multicast address. If the illegal MAC address is input, the system prompts error information. 119 SIGNAMAX LLC • www.signamax.eu...
Page 120 IP subnet VLAN items are valid globally, that is, valid for the whole device. ip-subnet-vlan enable This command is used to enable IP subnet VLAN function. The no format of the command is used to disable IP subnet VLAN function of the port. ip-subnet-vlan enable 120 SIGNAMAX LLC • www.signamax.eu...
Page 121 The packet frame encapsulation format is LLC. The packet frame encapsulation format is SNAP.. SNAP ether-vlaue The packet protocol type; the value range is 0x1-0xFFFF. Default status: By default, there is no protocol profile. Note 121 SIGNAMAX LLC • www.signamax.eu...
Page 122 Default status: The protocol VLAN function of the port is disabled. Note The protocol VLAN function can take effect only when the protocol VLAN function is enabled on the port, there is protocol VLAN profile, and the port is configured with the matching protocol profile. 122 SIGNAMAX LLC • www.signamax.eu...
Page 123: Application Examples
30 tagged The port is added to VLAN10. The VLAN packets are sent with tag. switch(config-port-0/1)# port hybrid pvid vlan 20 To configure the default VLAN of the port 123 SIGNAMAX LLC • www.signamax.eu...
Page 124: Mac-Based Vlan Example
0/1 To enter port 0/1 configuration status switch(config-port-0/1)# protocol-vlan enable To configure the port to enable the protocol VLAN function switch(config-port-0/1)#protocol-vlan profile 1 vlan 10 configure port match corresponding VLAN of the protocol template 124 SIGNAMAX LLC • www.signamax.eu...
Page 125: Debugging & Monitoring
0/25 port 0/26 port 0/27 ----[Tag Port]---- VLAN0002 ----[Untag Port]---- port 0/2 ----[Tag Port]---- port 0/3 Description & analysis: NO. : display serial number VID: VLAN ID VLAN-Name: VLAN description information Port-Name: port name 125 SIGNAMAX LLC • www.signamax.eu...
Page 126 VLAN: The VLAN ID distributed to the Untag packets matching IP subnet The displayed result indicates the existing IP subnet VLAN items of the system and the included details. switch#show protocol-vlan profile Displayed Result: --------------------------PROTOCOL-VLAN-TEMPLATE----------- Profile Frame-type Ether-type 126 SIGNAMAX LLC • www.signamax.eu...
Page 127 Profile: The serial number of the protocol profile VLAN: The VLAN ID distributed to Untag packets matching the protocol profile of the port The displayed result indicates the configurations of the matching protocol profile of the port and the distributed VLAN ID. 127 SIGNAMAX LLC • www.signamax.eu...
Page 128: Manage & Configure Mac Address Table
Manage & Configure MAC Address Table This chapter mainly describes the management and configuration of 065-7434 Signamax 24- Port 10/100 L3 Switch MAC address table. The contents of this chapter are as follows: Mac address table management and configuration Manage & Configure MAC Address Table...
Page 129: Basic Commands For Managing Mac Address Table
[port trunk-id link-aggregation portlist trunk-id | link-aggregation port config-port-xx | To enable the function of learning MAC mac-address learning config-link-aggregationx address config-port-xx | To disable the function of learning MAC no mac-address learning config-link-aggregationx address 129 SIGNAMAX LLC • www.signamax.eu...
Page 130 MAC address or static filtered MAC address. mac-address static H.H.H vlan vlan-id {port portnum | link-aggregation trunk-id | drop} no mac-address static H.H.H vlan vlan-id {port portnum | link-aggregation trunk-id | drop} 130 SIGNAMAX LLC • www.signamax.eu...
Page 131 { 0 | 10 -1000000} Syntax Description It is to disable the aging function. The learned MAC address is not aged. 10-1000000 It is the aging time of the learned MAC address and the unit is second. 131 SIGNAMAX LLC • www.signamax.eu...
Page 132 This command is to enable the function of learning MAC address. The no format of the command can be used to disable the function of learning MAC address. mac-address learning no mac-address learning 132 SIGNAMAX LLC • www.signamax.eu...
Page 133: Application Example
A p p lic a tio n E xa mp le Application network environment Connect to 065-7434 Signamax 24-Port 10/100 L3 Switch through console port or telnet to configure and manage the MAC address table. 133 SIGNAMAX LLC • www.signamax.eu...
Page 134: Manage & Monitor Mac Address Table
This command is to view the aging time of MAC address. show mac-address aging-time This command is to display the maximum number of learned MAC addresses show mac-address max-mac-count of a port. { port portlist | link-aggregation trunk-id } 134 SIGNAMAX LLC • www.signamax.eu...
Page 135: Example Of Monitoring Commands
TRAP means that the packet is sent to CPU, but not forwarded; F&T means that the packet is forwarded and sent to CPU. FLAG: The tag for the MAC address configuration. C means that the MAC address is configured 135 SIGNAMAX LLC • www.signamax.eu...
Page 136 The static MAC address 0003.0FFF.DD40 is on VLAN1 and is bound to port 0/1; it is configured through shell command and forwarded normally. switch#show mac-address max-mac-count port 0/1 Displayed result: port 0/1 max learning mac: 300 The maximum number of learned MAC addresses on port 0/1 is 300. 136 SIGNAMAX LLC • www.signamax.eu...
Page 137: Configure Link Aggregation
Configure Link Aggregation Signamax switches support link aggregation function which comprises two modes: manual aggregation and protocol aggregation. This chapter mainly describes how to configure Signamax switch to perform link aggregating. The contents are: Introduction to link aggregation Commands for configuring link aggregation...
Page 138: Basic Commands Of Link Aggregation
The device supports creating up to 16 aggregation groups. link-aggregation agg-id mode {manual | lacp} no link-aggregation agg-id Syntax Description agg-id The aggregation group ID and the value range is 1-16 138 SIGNAMAX LLC • www.signamax.eu...
Page 139 Syntax Description priority The system priority and the value range is 1-65535. C onfiguration mode G lobal configuration mode 【】 D efault status B y default, the system priority is 32768. 【】 139 SIGNAMAX LLC • www.signamax.eu...
Page 140 Syntax Description priority The system priority and the value range is 1-65535 C onfiguration mode P ort configuration mode 【】 D efault status T he default port priority is 32768. 【】 140 SIGNAMAX LLC • www.signamax.eu...
Page 141: Application Examples
To create manual aggregation group 1 switch (config)#port 0/0-0/3 To enter the port mode switch (config-port-range)#link-aggregation 1 manual To add a port into an aggregation group in manual mode Mode 2 P rotocol aggregation ： 141 SIGNAMAX LLC • www.signamax.eu...
Page 142: Monitoring & Debugging Link Aggregation
*To display the aggregation information of a specified aggregation group show link-aggregation port [port_no] *To display the aggregation information of a port The symbol “*” before the command description means that there is the configuration example to describe the command in details later 142 SIGNAMAX LLC • www.signamax.eu...
Page 143: Example Of Monitoring Commands
Port number, the ID of the aggregation group, the mode of adding the port into the aggregation group selected: NO Whether the port is in the selected state attached: NO Whether the port is in the attached state 143 SIGNAMAX LLC • www.signamax.eu...
Page 144: Debugging Commands
Enable the command debug lac event switch#debug lac event switch#configure terminal switch(config)#link-aggregation 1 mode manual switch(config)#port 0/1-0/5 switch(config-port-range)#link-aggregation 1 manual switch(config)#port 0/3 switch(config-port-0/3)#no link-aggregation 1 144 SIGNAMAX LLC • www.signamax.eu...
Page 145 00:10:43: LAC: LAC_EVENT_AGG_DESTROY event happened The event information of deleting an aggregation group 2. Use the command debug lac machine to view the event information of state machine change when a port is added into a manual aggregation group. 145 SIGNAMAX LLC • www.signamax.eu...
Page 146 Enable the command debug lac machine switch#debug lac pdu switch#configure terminal switch(config)#link-aggregation 1 mode lacp switch(config)#port 0/1 switch(config-port-0/1)#link-aggregation 1 active Displayed Result Analysis 13:53:11: LAC: port 0/1 tx pdu info: The port sends the pdu information 146 SIGNAMAX LLC • www.signamax.eu...
Page 147 Actor: 01-14-80-00-00-01-22-33-44-07-03-81-80-00-00-02-C5-00-00-00 Partner: 02-14-80-00-00-00-00-00-00-00-00-02-80-00-00-02-42-00-00-00 13:53:11: LAC: port 0/1 rx pdu info: The port receives the pdu Actor: 01-14-80-00-00-01-12-34-00-33-03-90-80-00-00-02-C5-00-00-00 information Partner: 02-14-80-00-00-00-00-00-00-00-00-02-80-00-00-02-42-00-00-00 147 SIGNAMAX LLC • www.signamax.eu...
Page 148: Configure Mstp
The STP defined in IEEE802.1D cannot be transferred rapidly. Even the point-to-point link or edge port must wait for the delay time of 30s to transfer to forwarding state. RSTP defined in IEEE 802.1W is the improved version of STP protocol. The “Rapid” is reflected 148 SIGNAMAX LLC • www.signamax.eu...
Page 149 They are independent from each other and realize the load balance of VLAN data when forwarding data. MSTP has the features of rapid convergence and fault recovering. MSTP is compatible with STP and RSTP. 149 SIGNAMAX LLC • www.signamax.eu...
Page 150: Configuring Mstp: Basic Commands
To enable STP function on the port config-port-xxx config-link-aggregation-x region-name This command is to set the name of MST domain. The no format of the command is to recover the default name of the domain. region-name name 150 SIGNAMAX LLC • www.signamax.eu...
Page 151 Configuring the MST domain names of bridges the same does not mean that the bridges are in the same MST domain. The two or more bridges belong to one MST domain only when the name, revision level, example and VLAN mapping of the MST domains are the same. 151 SIGNAMAX LLC • www.signamax.eu...
Page 152 Example 0 of MST domain cannot be deleted. One VLAN cannot be mapped to multiple examples. When the mapping between a VLAN and MSTI example is deleted, the VLAN is automatically mapped to example 0. 152 SIGNAMAX LLC • www.signamax.eu...
Page 153 MSTP BPDU packets. When connected to the device running STP, the ports automatically transfer to work in STP compatibility mode. When MSTP protocol is enabled, modifying the working mode causes the re-starting of the protocol, which results in the short interruption of the network. 153 SIGNAMAX LLC • www.signamax.eu...
Page 154 The bigger the maximum number of hops of the MST domain, the larger the scale of the MST domain. Only the maximum number of hops of the MST domain configured on domain root device can restrict the scale of MST domain. 154 SIGNAMAX LLC • www.signamax.eu...
Page 155 FORWARD TIME of the device related with diameter of the switching network. Usually, the bigger the diameter, the longer FORWARD TIME. Note that if FORWARD TIME is too short, the 155 SIGNAMAX LLC • www.signamax.eu...
Page 156 Here, the bigger the priority value, the higher the priority. The bridge example priority can be configured through the following command. The no format of the command can be used to recover the default value. spanning-tree mst instance instance-id priority priority-number 156 SIGNAMAX LLC • www.signamax.eu...
Page 157 B y default, MSTP function is disabled globally. 【【【【】】】】 By default, MSTP function is disabled globally. The other configurations can take effect only when the MSTP function of the device is enabled. spanning-tree pathcost method 157 SIGNAMAX LLC • www.signamax.eu...
Page 158 Syntax Description instance-id MST spanning tree example ID. The value range is 0–63. cost-value The example path cost of the port. The value range is 1– 200000000. 158 SIGNAMAX LLC • www.signamax.eu...
Page 159 When a port is not connected to other bridges or shared link, but connected to the user terminal, the port is regarded as the edge port. When the network topology changes, the edge 159 SIGNAMAX LLC • www.signamax.eu...
Page 160 When the port works in the full-duplex mode, set the port as the point-to-point link type; when the port works in the half-duplex mode, set the port as the shared link type. spanning-tree enable 160 SIGNAMAX LLC • www.signamax.eu...
Page 161: Mstp Protocol Inter-Operation
By default, the inter-operation feature of a port with the Cisco device is disabled. It is necessary to enable the inter-operation feature on a port only when the port is inter- 161 SIGNAMAX LLC • www.signamax.eu...
Page 162: Mstp Protection Features
MSTP provides BPDU Guard function to prevent this kind of attack. After enabling the BPDU protection function is enabled on the device and a port configured with edge port attributes receives BPDU packets, MSTP shuts down the port and uses LOG information to prompt the user. 162 SIGNAMAX LLC • www.signamax.eu...
Page 163 BPDU with higher priority. Here, the current legal root bridge loses the place of the root bridge, which causes the wrong 163 SIGNAMAX LLC • www.signamax.eu...
Page 164 If receiving the BPDU packets again, the port takes part in the spanning tree calculation again. You can use the command spanning-tree guard loop to enable the Loop Guard protection function of the port. The no format of the command or spanning-tree guard none can be 164 SIGNAMAX LLC • www.signamax.eu...
Page 165 By default, the Loop Guard protection function of the port is disabled. The Root Guard protection function and Loop Guard protection function cannot be enabled at the same time. 165 SIGNAMAX LLC • www.signamax.eu...
Page 166: Application Examples
To map VLAN 20 configuration to example 2 SwitchA(config-mst-region)#instance 3 vlan 30 To map VLAN 30 configuration to example 3 SwitchA(config-mst-region)#instance 4 vlan 40 To map VLAN 40 configuration to example 4 SwitchA(config-mst-region)#active configuration pending To activate the above MST domain configurations 166 SIGNAMAX LLC • www.signamax.eu...
Page 167 SwitchD(config-mst-region)#instance 4 vlan 40 To map VLAN 40 configuration to example 4 SwitchD(config-mst-region)#active configuration pending To activate the above MST domain configurations SwitchD(config-mst-region)#exit To exit the MST domain configuration mode SwitchD(config)#spanning-tree enable To enable MSTP protocol globally 167 SIGNAMAX LLC • www.signamax.eu...
Page 168: Display & Maintain Mstp
After configuring MSTP, the user can view the MSTP domain configurations via the display configuration commands, including the current effective configurations and the configurations waiting to take effect. SwitchA#show spanning-tree mst configuration Displayed Result Description and Analysis Spanning-tree mst configuration used currently: To indicate that the following display 168 SIGNAMAX LLC • www.signamax.eu...
Page 169 The role, status, path cost and type of all ---------- ---- --------- -------- --------------- ports in the example bridge port 0/7 Alte DIS 200000 128. 8 P2P port 0/3 Root FWD 200000 128. 4 P2P 169 SIGNAMAX LLC • www.signamax.eu...
Page 170: Debugging Commands
Figure 7-2 In the above simple network environment, Switch A and Switch B are configured with enabling MSTP; they are connected with network cables. View the status change of the spanning tree by enabling DEBUG command. 170 SIGNAMAX LLC • www.signamax.eu...
Page 171 The port status changes Learning. from DISCARDING to 了 05:24:10: %MSTP-7-TRANS: Port 0/7 (INST 0) state trans from Learning to LEARNING, and then to Discarding. FORWARDING. 05:24:10: %MSTP-7-TRANS: Port 0/7 (INST 0) state trans from Discarding to Forwarding. 171 SIGNAMAX LLC • www.signamax.eu...
Page 172: Configure Vlan Dot1Q Tunnel
802.1Q Tag in the original 802.1Q of the packet, but to replace the original 802.1Q Tag of the packet with the new items of the 802.1Q table; and the packet still has only one layer of 802.1Q table items. 172 SIGNAMAX LLC • www.signamax.eu...
Page 173: Basic Vlan Dot1Q Tunnel Function
0x8100. By default, the value range of the external VLAN Tag in the Vlan dot1q tunnel packet is 0x8100. Different manufactures may set different values for the external VLAN Tag in the Vlan dot1q tunnel packet, such as 0x9100. 173 SIGNAMAX LLC • www.signamax.eu...
Page 174: Basic Commands
This command is used to configure the selective vlan dot1q-tunnel items of the port. The no format of the command is used to delete the configured selective vlan dot1q-tunnel items of the port. vlan dot1q-tunnel vlanId vlanId no vlan dot1q-tunnel vlanId 174 SIGNAMAX LLC • www.signamax.eu...
Page 175 (Tag frames and Untag frames) to pass. For port type configuration and VLAN frame filtering configuration, refer to Chapter 4 of Configure VLAN. vlan dot1q-tunnel mapping 175 SIGNAMAX LLC • www.signamax.eu...
Page 176 It is recommended that the user does not configure VLAN frame filtering on the port and keep the default configuration, that is, the port should allow all frames (Tag frames and Untag frames) to pass. 176 SIGNAMAX LLC • www.signamax.eu...
Page 177 This command is used to configure the value of the priority field in the inner Tag to be copied to the priority field in the outer Tag. The no format of the command is used to delete the configuration. inner-priority-trust enable no inner-priority-trust enable 177 SIGNAMAX LLC • www.signamax.eu...
Page 178: Application Examples
The port configures flexible items and encapsulates outer Tag 100 for received VLAN 10 packets. PE1(config-port-0/1)# vlan dot1q-tunnel drop The port configuration only supports flexible items. PE1(config-port-0/2)#port mode hybrid To set the port as Hybrid port 178 SIGNAMAX LLC • www.signamax.eu...
Page 179 PE2(config-port-0/3)#port trunk allowed vlan 200 To set port 0/3 to allow VLAN 200 to pass Caution The user must ensure that the network devices between PE1 and PE2 can permit vlan dot1q tunnel packets to pass via configuration. 179 SIGNAMAX LLC • www.signamax.eu...
Page 180: Debugging & Monitoring
The displayed result shows the flexible vlan dot1q-tunnel items configured on the port and the details. switch#show vlan dot1q-tunnel mapping Displayed result: -------------------- -------VLAN DOT1Q-TUNNEL MAPPING-------------------- Port Former VlanId Mapping VlanId -------------------- --------------------- ---------------------------------------------------- 180 SIGNAMAX LLC • www.signamax.eu...
Page 181: Example Of Configuring Vlan Dot1Q Tunnel
To delete the configuration of enabling vlan dot1q-tunnel function on a port. switch(config-port-0/1)#no vlan dot1q-tunnel 10 To delete the configuration for the items in the flexible vlan dot1q-tunnel table of a 181 SIGNAMAX LLC • www.signamax.eu...
Page 182: Example Of Applying Vlan Dot1Q Tunnel
Customer C via the VLAN 100 of the carrier network. The VLAN 20 packet of the Customer B connects with the VLAN 20 packet of the Customer C via the VLAN 200 of the carrier network. 182 SIGNAMAX LLC • www.signamax.eu...
Page 183 To configure the port0/2 only supports the items in the flexible table; the packets that do not match the items in the flexible table are discarded, that is, the non-VLAN20 packets are discarded. PE1(config-port-0/2)# vlan dot1q-tunnel drop To configure the port0/3 as a Trunk port PE1(config-port-0/3)#port mode trunk 183 SIGNAMAX LLC • www.signamax.eu...
Page 184 To configure the port0/3 to permit the VLAN100, the VLAN 200 to pass PE2(config-port-0/3)#port trunk allowed vlan 100 PE2(config-port-0/3)#port trunk allowed vlan 200 Users need to ensure the network devices between PE1 and PE2 permitting vlan dot1q tunnel packets to pass via configuration. 184 SIGNAMAX LLC • www.signamax.eu...
Page 185: Configure L2 Protocol Tunnel
Configure L2 Protocol Tunnel This chapter describes L2 protocol tunnel function that Signamax series switches support and how to configure the function. The contents of this chapter are as follows: Introduction to L2 protocol control Application examples Debugging and monitoring Overview L2 protocol control is to control the L2 protocol packets received on the port.
Page 186: Basic Commands
This command is used to configure the special multicast MAC address replacing the L2 protocol destination MAC address, which is valid on the whole device. The no format of the command is used to delete the replaced special MAC address. By default, the special multicast MAC address is 01-00-0c-cd-cd-d0. 186 SIGNAMAX LLC • www.signamax.eu...
Page 187 Gmrp protocol gmrp Gvrp protocol gvrp lacp protocol lacp Stp (mstp) protocol Separation function discard Transparent transmission function peer Tunnel function tunnel Default status: By default, the transparent transmission function is enabled on the port. 187 SIGNAMAX LLC • www.signamax.eu...
Page 188: Application Example 1
To set the stp protocol tunnel function of the port PE1 (config-port-0/3)#port mode trunk To set the port as Trunk port PE1 (config-port-0/3)#port trunk allowed vlan 10 To set the port allow VLAN 10 to pass PE2 configuration: 188 SIGNAMAX LLC • www.signamax.eu...
Page 189: Debugging & Monitoring
01:51:16: %L2PC-7-EVENT: port 0/2 receives STP packet To convert the STP 01:51:16: %L2PC-7-EVENT: non-tunnel ports send STP tunnel packet in vlan 10 protocol packets to tunnel 01:51:18: %L2PC-7-EVENT: port 0/2 receives STP packet packets and then send out the 189 SIGNAMAX LLC • www.signamax.eu...
Page 190 01:51:20: %L2PC-7-EVENT: port 0/2 receives STP packet STP tunnel port (the STP 01:51:20: %L2PC-7-EVENT: non-tunnel ports send STP tunnel packet in vlan 10 protocol tunnel function is not enabled on the port) of VLAN 190 SIGNAMAX LLC • www.signamax.eu...
Page 191: Configure L2 Multicast
The common modules of L2 multicast integrates the information to form the forwarding software table of L2 multicast and then refresh the forwarding information to switching chip to form the hardware forwarding table of L2 multicast. 191 SIGNAMAX LLC • www.signamax.eu...
Page 192: Basic Commands
This command is to configure the number of multicast groups to which a port can be added. in the port mode. The no format of the command can be used to recover the default number of multicast MACs that can be added to a port. multicast-group maximum-number num no multicast-group maximum-number 192 SIGNAMAX LLC • www.signamax.eu...
Page 193 Description To restrict the number of added multicast groups. The value range is 0–1024. D efault status F or 065-7434 Signamax 24-Port 10/100 L3 Switch, the default number of 【】 multicast groups added to the port is 1024. [no] ip l2-multicast drop-unknown...
Page 194: Monitoring & Debugging
Displayed result: L2 Multicast Table [forwarding]: Current L2 Multicast 1 entry ---- -------- ------------------ --------------------------------------------- NO. VID Group MAC address Port Number ---- -------- ------------------ --------------------------------------------- 0100.5E00.010C [M] 0/1 0/5 Description and analysis: 194 SIGNAMAX LLC • www.signamax.eu...
Page 195: Debug Commands
00:42:10: VLAN ID: 2, MAC Address: 0100.5E00.010C To create L2 multicast forwarding 00:42:10: Action: Create static multicast group, Port Set Type: Port set type normal(overlay) items, deliver the 00:42:10: Updater: ADMIN switching chip and generate hardware 00:42:10: Port map: forwarding items 195 SIGNAMAX LLC • www.signamax.eu...
Page 196: L2 Static Multicast
L2 multicast forwarding table and switching chip hardware forwarding table are formed via L2 public modules. The contents of this section are as follows: Introduction • Basic commands • Application examples • Debugging and monitoring • 196 SIGNAMAX LLC • www.signamax.eu...
Page 197: Introduction
This command is used to configure the static multicast items with a specified VLAN and multicast MAC address. The no form of the command is used to delete the specified static multicast items. multicast-group MACAddress vlan vlan_num no multicast-group MACAddress vlan vlan_num 197 SIGNAMAX LLC • www.signamax.eu...
Page 198 Here, the port refers to the logical port of an aggregation group. link-aggregation _LINKAGGREGATION_ {member | forbidden} no link-aggregation { _LINKAGGREGATION_ | all} Syntax Description LINKAGGREGATION Aggregation group ID member Member mode forbidden Forbidden mode All non-convergence mode 198 SIGNAMAX LLC • www.signamax.eu...
Page 199: Application Examples
0/3. PC1 can receive video programs, but PC2 and PC3 cannot. Switch configuration: Command Description switch(config)#vlan 2 To specify VLAN 2 switch(config-vlan2)#description VLAN0002 To specify VLAN description character string switch(config-vlan2)#exit To exit to global configuration mode 199 SIGNAMAX LLC • www.signamax.eu...
Page 200: Monitoring Command Examples
M o n ito r in g Co m ma n d E xa mp le s For environment and configuration, refer to L2 static multicast configuration example in the section of L2 static multicast application example. 200 SIGNAMAX LLC • www.signamax.eu...
Page 201: Debugging Commands
0100.5E00.010C vlan 2 switch(config)#no multicast-group 0100.5E00.010C vlan 2 Displayed Result Analysis 01:17:54: l2StaticMcast: L2 static multicast entry (2, 0100.5E00.010C) created To create the static multicast item. The VLAN is 2 and the 201 SIGNAMAX LLC • www.signamax.eu...
Page 202: Igmp Snooping
1. Monitor IGMP packets to set up multicast information. GMP Snooping gets the multicast information by monitoring IGMP packets and decides which ports on the switch can be added to a multicast group and which networks connected to the network has the switch supporting the IGMP protocol. 202 SIGNAMAX LLC • www.signamax.eu...
Page 203: Basic Commands
[vlan ] querier tcn query interval vlan-id ip igmp snooping [vlan ] querier To configure the timeout of the config timeout timer expiry querier no ip igmp snooping [vlan vlan-id ] querier 203 SIGNAMAX LLC • www.signamax.eu...
Page 204 To configure whether the multicast config-port-x/x no ip igmp snooping tcn flood packets flood during TCN config-link-aggregation-x 204 SIGNAMAX LLC • www.signamax.eu...
Page 205 B y default, the querier is not enabled. 【】 ip igmp snooping [vlan vlan-id] querier address ip-address This command is used to configure the querier source address globally or in a VLAN. Syntax Description 205 SIGNAMAX LLC • www.signamax.eu...
Page 206 VLAN ID and the value range is 1-4094 count The query times and the value range is 1-10. D efault status T he default value is 2 times. 【】 ip igmp snooping [vlan vlan-id] querier tcn query interval interval 206 SIGNAMAX LLC • www.signamax.eu...
Page 207 The common port ID and the format is x/y or x/y-x/z la-id The aggregation port ID and the value range is 1-16. D efault status B y default, the static router ports are not configured. 【】 207 SIGNAMAX LLC • www.signamax.eu...
Page 208 This command is used to configure global IGMP version. The no form of the command is used to recover the default value. Syntax Description version The version and the value range is 1-3. D efault status T he default value is 2. 【】 208 SIGNAMAX LLC • www.signamax.eu...
Page 209 This command is used to configure the processing action of filtering rule, including permit and deny. D efault status T he default value is deny. 【】 range addr1 {_CR_ | addr2} This command is used to configure the filtering address range of the filtering rule. The no form 209 SIGNAMAX LLC • www.signamax.eu...
Page 210 T he default action is deny. 【】 ip igmp snooping tcn flood This command is used to configure whether the multicast packets flood on the port during TCN. D efault status T he default value is flood. 【】 210 SIGNAMAX LLC • www.signamax.eu...
Page 211: Application Examples
B can receive the multicast data, but host C cannot. (If IGMP snooping is not enabled, the multicast data floods in the VLAN and the three PCs receive the multicast data.) You just need to enable IGMP snooping globally. The command automatically enables IGMP snooping in all VLANs. Command Description 211 SIGNAMAX LLC • www.signamax.eu...
Page 212: Monitoring & Debugging
M o n ito r in g Co m ma n d E xa mp le s switch#show ip igmp snooping Displayed Result Description and Analysis Global IGMP Snooping configuration: The command show ip igmp snooping is 212 SIGNAMAX LLC • www.signamax.eu...
Page 213 0/1 V2 members 225.0.0.3 port 0/1 V2 members Description & analysis: Vlan: The VLAN ID with which the member port is added to the multicast group Group: the multicast address Version: IGMP report version 213 SIGNAMAX LLC • www.signamax.eu...
Page 214 : 0.0.0.0 query-interval(sec) : 125 max-response-time(sec) : 10 querier-timeout(sec) : 255 tcn query count tcn query interval : 31 operational state : Disabled operational version Vlan 2 querier configuration: ---------------------------------------- admin state : Disabled admin version 214 SIGNAMAX LLC • www.signamax.eu...
Page 215 0100:5E00:010B port 0/1 Description and analysis: Vlan : VLAN ID MAC: Multicast MAC address PortList: port switch#show ip igmp snooping port statistics Displayed Result Port GrpNum ----- ------- port 0/0 port 0/1 port 0/2 port 0/3 215 SIGNAMAX LLC • www.signamax.eu...
Page 216 Description and Analysis IGMPSNOOP config debugging is on. By default, the debugging switch is disabled, so no content is displayed. When enabling a debugging switch (config), you can use the command show ip igmp snooping debugging to 216 SIGNAMAX LLC • www.signamax.eu...
Page 217: Debugging Commands
00:31:55: IgmpSnoop: set igmpSnoopProto disable successfully. This section describes the MVR configuration, including basic configuration commands and debugging commands. The contents of this section are as follows: Introduction • Basic commands • Application examples • Monitoring and debugging • 217 SIGNAMAX LLC • www.signamax.eu...
Page 218: Introduction
This command is used to set/cancel a VLAN as the multicast VLAN. The multicast VLAN must be the existing VLAN and cannot be dynamic VLAN. For MP 065-7434 Signamax 24-Port 10/100 L3 Switch, only one multicast VLAN can be set.
Page 219: Application Examples
0/2 and 0/3 are added to VLAN2 in untagged mode; set VLAN 2 as the multicast VLAN. Enable MVR and enable IGMP Snooping globally. The multicast packets from the multicast source can be received by host A and host B. 219 SIGNAMAX LLC • www.signamax.eu...
Page 220: Monitoring & Debugging
The current multicast VLAN ID is 2. D e b u g g in g Co m ma n d s Command Description [no] debug mvr To set whether to enable the MVR debugging switch 220 SIGNAMAX LLC • www.signamax.eu...
Page 221: Debugging Command Examples
MVR attributes of the VLAN are removed from the 00:21:03: [MVR] call portVlanDependDel() to clear function referencing the VLAN module; send notify vlan(id:2) MVR tag. to inform the event of deleting multicast VLAN. 00:21:03: [MVR] notifyCall event MVR_DEL_VLAN(vlanId:2) successfully. 221 SIGNAMAX LLC • www.signamax.eu...
Page 222: 802.1X Configuration
IP address. When the authentication begins, the EAPOL frame uses 01-80-c2-00-00-03 as the destination MAC address, and uses the MAC address of the sender as the source MAC address. 222 SIGNAMAX LLC • www.signamax.eu...
Page 223: Expansions Of Standard 802.1X
Expansions of Standard 802.1X Signamax series switches not only support the standard 802X protocol but also expand and optimize it to meet various application demands. It supports multiple user access via one port. The standard 802.1X protocol is realized •...
Page 224: Auto Vlan
EAP protocol. Signamax series switches expand this and support the EAP termination mode. The EAP data from the client is not transmitted directly to the authentication server, but the...
Page 225: Guest Vlan
Users obtain 802.1X client software from the Guest VLAN to upgrade the client or execute other application upgrade programs (such as anti-virus software’s, operation system mends). After configured the Guest VLAN on a port successfully, the port is added into the Guest VLAN by the device. 225 SIGNAMAX LLC • www.signamax.eu...
Page 226: Configure 802.1X
Configure the Guest Vlan of 802.1X • Configure the port authentication mode of 802.1X • Configure the re-authentication of 802.1X • Configure the EAPOL packet transparent-transmission of 802.1X • Configure the timer parameters of 802.1X • 226 SIGNAMAX LLC • www.signamax.eu...
Page 227: Basic Commands
1-3600 config-port-range, parameter of the port config-link-aggregation-x dot1x timeout quiet-period { config-port-×/×, To configure the punish timer parameter of 65535 config-port-range, the port config-link-aggregation-x 227 SIGNAMAX LLC • www.signamax.eu...
Page 228 This command is to configure the maximum number of users supported on a port. Command for configuration 228 SIGNAMAX LLC • www.signamax.eu...
Page 229 This command is to configure the EAP mode of a port, EAP relay or EAP termination. Command for configuration dot1x eap-relay {enable|disable} Syntax Description enable To enable the EAP relay mode disable To disable the EAP relay mode (enable the EAP termination mode) 229 SIGNAMAX LLC • www.signamax.eu...
Page 230 】 Support PAP authentication and CHAP authentication when using the EAP termination mode (it is only fit for the client using the Signamax 802.1x client software). When using the EAP relay mode, the supported authentication mechanism depends on the 802.1X client and the authentication server.
Page 231 This command is to configure the uplink port when the EAPOL packets are being transmitted transparently, the no format of the command can be used to cancel the uplink port. dot1x eapol-relay uplink {port| link-aggregation} {portlist} 231 SIGNAMAX LLC • www.signamax.eu...
Page 232 This command is to configure the punishment time (second) of a port. When the number of successive authentication failures reaches the upper limit, the user cannot continue to authenticate in the punishment time. 232 SIGNAMAX LLC • www.signamax.eu...
Page 233 【】 dot1x default This command is to return to the 802.1X default configuration of a port. dot1x default D efault status N one 【】 This command disables the 802.1X function of a port. 233 SIGNAMAX LLC • www.signamax.eu...
Page 234: 802.1X Application Example
To enter the port switch (config-port-0/1)# dot1x port-control enable To enable 802.1x switch (config-port-0/1)# dot1x port-method portbased Port-based authentication switch (config-port-0/1)# dot1x guest-vlan 10 vlan 10 is guest vlan switch(config-port-0/1)# exit To exit the port 234 SIGNAMAX LLC • www.signamax.eu...
Page 235 The port 0/1 is added into the Guest VLAN, and the supplicant and update server are both in VLAN10 at the time. The supplicant can access the Update Server and download the 802.1X client: 235 SIGNAMAX LLC • www.signamax.eu...
Page 236: Monitoring & Maintaining
To display the 802.1x configuration of a specified port; if no port is specified, display the 802.1x configuration of all ports (the ports which are not configured with any 802.1x item are not displayed) Monitoring Command Examples For environment and configuration, refer to Figure 11-3. switch#show dot1x user 236 SIGNAMAX LLC • www.signamax.eu...
Page 237: Debugging Commands
00:44:18: %802.1X-DBG: user[00:05:5d:e4:0e:25] was create. 00:44:18: %802.1X-DBG: port[2]: vlanId[0] Initialize the Dot1x status 00:44:18: %802.1X-DBG: port[2]: (25)reAuthSm enter BEGIN machines. 00:44:18: %802.1X-DBG: port[2]: (25)backAuthSm enter BEGIN 00:44:18: %802.1X-DBG: port[2]: (25)authPaeSm enter BEGIN 00:44:18: %802.1X-DBG: port[2]: eapol-type[eapol-start] 237 SIGNAMAX LLC • www.signamax.eu...
Page 238 00:44:19: %802.1X-DBG: port[2]: send eapol frame success. 00:44:19: %802.1X-DBG: port[2]: (25)backAuthSm enter IDLE 00:44:19: %802.1X-DBG: port[2]: (25)authPaeSm enter AUTHENTICATED 00:44:19: %802.1X-DBG: port[2]: entry add: port[2], vlanId[1], user authentication mac[00:05:5d:e4:0e:25] success. succeeds and the authorized users can access the network resources. 238 SIGNAMAX LLC • www.signamax.eu...
Page 239: Dhcp Snooping Configuration
IP addresses. To make users obtain IP addresses from legal DHCP servers, the DHCP Snooping Security Mechanism allows users to configure a port as trust ports and an untrust ports: 239 SIGNAMAX LLC • www.signamax.eu...
Page 240 This prevents that the DHCP client obtains false IP addresses. DHCP networking The interactive processes between packets of the DHCP Client and packets of the DHCP Server are: 240 SIGNAMAX LLC • www.signamax.eu...
Page 241 2. When a device is receiving a responding packet of DHCP server, if the packet has Option 82, then Option 82 is deleted and the packet transmitted to a DHCP client. If the packet does not have Option 82, then the packet is transmitted directly to a DHCP client. 241 SIGNAMAX LLC • www.signamax.eu...
Page 242: Basic Commands
(by default, it is 100pps) aggregation-x dhcp-snooping trust config-port-xx, *To configure the trust status of the config-link- port aggregation-x The symbol “*” before the command description means that there is the configuration example to describe the command in details. 242 SIGNAMAX LLC • www.signamax.eu...
Page 243 DHCP packet with Option 82 is discarded directly keep DHCP packet with Option 82 is transmitted in original replace To replace Option 82 of the original packet, and then transmit it D efault status r eplace 【】 dhcp-snooping relay-address 243 SIGNAMAX LLC • www.signamax.eu...
Page 244 DHCP servers as trust ports, and configure other ports as untrust ports. By default, the status of ports is untrust. For untrust ports, the DHCP responding packets received from them are filtered. dhcp-snooping trust no dhcp-snooping trust 244 SIGNAMAX LLC • www.signamax.eu...
Page 245: Application Example
Application Example Example of configuring DHCP Snooping 245 SIGNAMAX LLC • www.signamax.eu...
Page 246: Monitoring & Debugging
To exit the port configuration mode Monitoring & Debugging Monitoring Commands For example: Command Description switch#show dhcp-snooping To display information about related configurations of the DHCP Snooping switch#show dhcp-snooping database To display the binding table of the DHCP Snooping 246 SIGNAMAX LLC • www.signamax.eu...
Page 247: Example Of Monitoring Commands
82 processing; dhcp-snooping information policy: option 82 processing policy; dhcp-snooping information format: option 82 filling policy; dhcp-snooping information remote id: to configure the remote ID of option 82; dhcp-snooping port information: dhcp snooping port information table; 247 SIGNAMAX LLC • www.signamax.eu...
Page 248 DHCP request is not successful yet or has been released already by the release message. Ipsgflag: The flag indicates if the item in the table is written into the items in the hardware filtering table. 248 SIGNAMAX LLC • www.signamax.eu...
Page 249: Debugging Command
Receive a REQUEST 00:03:35: dhcp snooping message decode : message from port 0/7, update 00:03:35: destination mac :ffff.ffff.ffff dynamic binding item and 00:03:35: source mac :0005.5dd3.36c6 broadcast it in the VLAN 00:03:35: client mac :0005.5dd3.36c6 249 SIGNAMAX LLC • www.signamax.eu...
Page 250 00:03:35: destination mac :ffff.ffff.ffff configure the dynamic binding 00:03:35: source mac :0000.006c.7d23 item and broadcast it in the 00:03:35: client mac :0005.5dd3.36c6 VLAN 00:03:35: vlan Id :1 00:03:35: message type :5 00:03:35: Broadcast send , vlanId :1,msgType:5 250 SIGNAMAX LLC • www.signamax.eu...
Page 251: Dynamic Arp Inspection Configuration
Use the DHCP snooping table or the IP static binding table configured manually in the IP Source Guard to check ARP packets from the ports on which the ARP-inspection functions are enabled. 251 SIGNAMAX LLC • www.signamax.eu...
Page 252: Basic Commands
To recover the to the default value ip arp inspection log-interval seconds config *To configure the interval for log output no ip arp inspection log-interval the interval for log config To recover output to the default value 252 SIGNAMAX LLC • www.signamax.eu...
Page 253 If the ARP packets during successive 20s exceed the limit, disable the port and recover it automatically after 5 minutes. ip arp inspection rate-limit num Syntax Description Rate limit Default status: 15pps ip source binding 253 SIGNAMAX LLC • www.signamax.eu...
Page 254 D efault status 】】】】 ip arp inspection log-interval This command is to configure the interval for log output, that is how often to output a log. ip arp inspection log-interval { <0-86400> } 254 SIGNAMAX LLC • www.signamax.eu...
Page 255 Syntax Description <0-86400> The DHCP packet with the Option 82 is discarded directly 【【【【 D efault status 】】】】 2 0s 255 SIGNAMAX LLC • www.signamax.eu...
Page 256: Application Example
To exit the port configuration mode switch(config)#ip arp inspection log-buffer 64 To configure the buffer size of a log as 64 switch(config)#ip arp inspection log-level 5 To configure the level of log output as 5 256 SIGNAMAX LLC • www.signamax.eu...
Page 257: Monitoring & Debugging
If one port is disabled enable and rate-limit is the default value, it is not enable displayed. enable ------------------------------------------- switch#show ip arp inspection log-information Displayed Result Description and Analysis SEC-9-DARPLOG: Dynamic ARP checks nine levels of log 257 SIGNAMAX LLC • www.signamax.eu...
Page 258: Debugging Commands
To enable (disable) the switch of the dynamic ARP inspection D e b u g g in g Co m ma n d E xa mp le To view the situation of packet processing via debug ip arp inspection 258 SIGNAMAX LLC • www.signamax.eu...
Page 259 00:23:50: sender mac :1201.7a1a.6771 discarded, and a log is recorded. 00:23:50: target mac :0000.0000.0000 00:23:50: sender ipAddr :128.255.19.107 00:23:50: target ipAddr :128.255.19.107 00:23:50: Drop an arp packet and log in buffer!sender macAddr:1201.7a1a.6771 259 SIGNAMAX LLC • www.signamax.eu...
Page 260: Port Security Configuration
(config-port-0/6)#port-security deny mac-address 0050.bac3.bebd MAC+VID Binding: (config-port-0/6)#port-security permit mac-address 0050.bac3.bebd vlan-id 100 (config-port-0/6)#port-security deny mac-address 0050.bac3.bebd vlan-id 100 MAC+IP Binding: (config-port-0/6)#port-security permit mac-address 0050.bac3.bebd ip-address 128.255.1.1 (config-port-0/6)#port-security deny mac-address 0050.bac3.bebd ip-address 128.255.1.1 (2) IP Rule 260 SIGNAMAX LLC • www.signamax.eu...
Page 261: Configure Port Security
Enable and Disable port security • Configure MAC binding • Configure MAC+VLAN binding • Configure MAC+IP binding • Configure IP rule • Configure MAX rule • Configure address aging time • Configure aging of static address • 261 SIGNAMAX LLC • www.signamax.eu...
Page 262: Basic Commands
The command configures the MAC binding rule of a port. The no format of the command can be used to delete the rule. port-security {permit|deny mac-address mac-address} no port-security {permit|deny mac-address mac-address} 262 SIGNAMAX LLC • www.signamax.eu...
Page 263 The IP address that is bound with the mac address [Default status] none port-security permint|deny ip-address This command configures IP rule of a port. The no format of the command can be used to delete the rule. port-security {permint|deny ip-address start-ip-address [to end-ip-address]} 263 SIGNAMAX LLC • www.signamax.eu...
Page 264 This command enables the static address aging function of a port. The no format of the command can be used to cancel the static address aging function. port-security aging static no port-security aging static [Default status] disable 264 SIGNAMAX LLC • www.signamax.eu...
Page 265: Applying Port Security Example
(config-port-0/7)#port-security permit mac-address 0005.5de4.0e25 To permit the host 0005.5de4.0e25 to communicate switch (config-port-0/7)#port-security deny mac-address 001f.c627.3823 To refuse the host 001f.c627.3823 to communicate switch (config-port-0/7)#port-security maximum 100 permit hosts connected switch (config-port-0/7)#exit To exit the port 265 SIGNAMAX LLC • www.signamax.eu...
Page 266: Monitoring & Maintaining
MAC address 00:05:5D:E4:0E:25 to access and deny MAC address 00:1F:C6:27:38:23 to access. switch# show port-security active-address Displayed result: ------------------------------------------------------------------------------------ Entry Port MAC address VID IP Addr Derivation Age ------------------------------------------------------------------------------------ port 0/7 00:05:5D:E4:0E:25 1 128.255.20.101 MAC 266 SIGNAMAX LLC • www.signamax.eu...
Page 267: Debugging Commands
01:02:14: %PS-DBG: adding a ARL entry: mac[00:05:5d:e4:0e:25], port[8], vlan[1], access the network resources. ip[128.255.42.111]. 01:02:14: %PS-DBG: entry successfully.mac[00:05:5d:e4:0e:25],port[8],vlan[1] 01:02:14: %PS-DBG: entry mac[00:05:5d:e4:0e:25], vlan[1], port[8] was added successfully. 01:06:15: %PS-DBG: port[8]: pkt recv mac[00:1f:c6:27:38:23], vlan[1], type[0806] port receives packet [0806] user 267 SIGNAMAX LLC • www.signamax.eu...
Page 268 [00:1f:c6:27:38:23]. The packet 01:06:15: %PS-DBG: match with MAC_RULE. matches a MAC_RULE and the executed action DENY. 01:06:15: %PS-DBG: action DENY. Prohibit the user from accessing the network resources. 01:06:15: %PS-DBG: deleting ARL entry: mac[00:1f:c6:27:38:23], port[8], vlan[1]. 268 SIGNAMAX LLC • www.signamax.eu...
Page 269: Port Monitoring Configuration
Port Monitoring Configuration The chapter explains the port monitoring function supported by Signamax switches and the configuration procedure. The chapter explains: Port monitoring overview • Port monitoring configuration • Viewing port monitoring information • Application example • Overview The port monitoring function monitors packets to be processed by the switch CPU. It filters superfluous packets in the lower layer to protect the switch from illegal packet attacks.
Page 270: Configure Port Monitoring
To configure TCP connection limit config-port-×/×, {enable|disable} config-port-range 0x0000- To configure monitoring for Ethernet protocol field config-port-×/×, monitor protocol ether 0xffff |stp|garp|gmrp|gvrp| igmp-snoop config-port-range |lacp|ndsp|cmp|eap| loop-detect off} monitor protocol To configure monitoring for IP protocol field config-port-×/×, |ospf|irmp|pim on|off} 270 SIGNAMAX LLC • www.signamax.eu...
Page 271 Aging time (take sampling period as unit) [Default status] 5 monitor permit tcp-connecting The command is to configure the list of hosts, who permit establishment of TCP connection. The no format of the command can be used to delete the configuration. 271 SIGNAMAX LLC • www.signamax.eu...
Page 272 The command is to configure the monitored and non-monitored Ethernet header protocols. The no format of the command can be used to delete the configuration and recover to default configuration. monitor protocol ether {0x0000-0xffff|stp|garp|gmrp|gvrp| igmp-snoop |lacp|ndsp|cmp|eap| loop-detect on|off} no monitor protocol ether Syntax Description 272 SIGNAMAX LLC • www.signamax.eu...
Page 273 (destination port number). The no format of the command can be used to delete the configuration and recover default configuration. monitor protocol tcp-udp {1-65535|telnet|web|snmp|snmp-trap on|off} no monitor protocol tcp-udp Syntax Description 1-65535|telnet|web|snmp|snmp-trap TCP/UDP service (destination port number) To monitor Not monitor [Default status] see note 273 SIGNAMAX LLC • www.signamax.eu...
Page 274 CPU to be half of the configured value. The no format of the command can be used to delete the configuration. 274 SIGNAMAX LLC • www.signamax.eu...
Page 275 The no format of the command is to disable the switch. Syntax Description The backlist item information blacklist-entry Add the backlist item Default status: disable To send TRAP successfully, SNMP parameters need to be configured. 275 SIGNAMAX LLC • www.signamax.eu...
Page 276: Port Monitoring Application Example
Wait a moment and then observe the statistic information about the broadcast packets of the port switch(config-port-range)# show monitor broadcast-packet ---------------------------------------------------------------------------------------- Entry Port Type Count Drop Count Amount Drop Amount ------------------------------------------------------------------------------------- Broadcast 3952 16952 Broadcast 1104 276 SIGNAMAX LLC • www.signamax.eu...
Page 277 50. The other packets are discarded. Because the total amount of the transmitted packets to be processed by CPU is already over 100 and reaches 9991, the host is still in the blacklist in the next period, and is permitted to transmit 50. 277 SIGNAMAX LLC • www.signamax.eu...
Page 278: Port Isolation Configuration
Port Isolation Configuration This chapter explains how to configure the port isolation on 065-7434 Signamax 24-Port 10/100 L3 Switches. Overview The port isolation is based on port security features. Users can specify isolated ports as per their requirements to realize the isolation of data in Layer 2 and Layer 3 between a port and an isolated port.
Page 279 When the configured isolated port is an aggregation port, users need to ensure that the specified aggregation group exists and there is a port in the aggregation group, otherwise the configuration is failed. 279 SIGNAMAX LLC • www.signamax.eu...
Page 280: Applying Port Isolation: Example
Port 0/1 Port 0/3 Example of configuring port-isolate The three ports of 065-7434 Signamax 24-Port 10/100 L3 Switches connect with three terminal devices - port 0/1, port 0/2 and port 0/3 - connect with terminal 1, terminal 2 and terminal 3.
Page 281: Monitoring & Debugging Of Port-Isolate
Isolate-Port: the information about the isolated ports; The above display indicates that port 0/1 isolates port 0/2 and port 0/3, that is, the packets from port 0/1 to port 0/2 and port 0/3 are discarded. 281 SIGNAMAX LLC • www.signamax.eu...
Page 282: Attack Detection
Attack Detection Signamax 3400 switches possess the attack detection function to detect and defend the common network attacks, such as IP Source Address spoofing attack, LAND attack, SYN Flood attack, Smurf attack, Ping Flood attack, TearDrop attack and Netbios/Samba attack.
Page 283: Basic Commands
Detect attacks according to the switch: ICMP flood, Smurf, Fraggle, SYN flood, LAND etc ； Detection of several kinds of attack packets (or monitoring): Anti-attack is passive, especially from the standpoint of packet detection and session-based 283 SIGNAMAX LLC • www.signamax.eu...
Page 284: Basic Commands
{ access-list-number | access-list-name } [ maxcount ] Syntax Description access-list-number The access list number, it can be a number among 1 to 1000. access-list-name The name of the access list, which only supports the standard access list. 284 SIGNAMAX LLC • www.signamax.eu...
Page 285 {access-list-number | access-list-name } [ masklen {number} ] Syntax Description access-list-number The access list number, it can be a number among 1 to 1000 access-list-name The name of the access list, which only supports standard access list 285 SIGNAMAX LLC • www.signamax.eu...
Page 286 {access-list-number | access-list-name } [ maxcount {number} ] Syntax Description access-list-number The access list number, it can be a number among 1 to 1000 access-list-name The name of the access list, which only supports standard access list 286 SIGNAMAX LLC • www.signamax.eu...
Page 287: Scan Detection
To define the maximum addresses can be scanned continuously, 10 by default. port-limit To define the maximum ports can be scanned continuously, 10 by default 287 SIGNAMAX LLC • www.signamax.eu...
Page 288: Monitoring & Debugging
Command Description To display the scan detection parameter show scanprotect information Monitoring Example The displayed result after executing the command show scanprotect: loopback0: Interval=1000ms addr-limit=10 port-limit=10 ban-timeout=15s Ban ip list: Total drop scan pkt: 0 288 SIGNAMAX LLC • www.signamax.eu...
Page 289: Log
The symbol “*” before the command description means that there is the configuration example to describe the command in details later. firewall pseudo-address log The pseudo-source address log has a switch. The no format of the command is to disable the log. 289 SIGNAMAX LLC • www.signamax.eu...
Page 290: Monitoring And Maintaining Firewall
The audit is reset to 0 automatically after the device restarts. show ip interface list This command is to display the application of the access list on each interface. 290 SIGNAMAX LLC • www.signamax.eu...
Page 291: Monitoring Examples
30 permit 92.48.0.0 0.0.255.255 Standard access table 2 defines three rules. It permits the packets from the host 92.49.0.3 on the subnet 92.49.0.0 to pass; permits all packets from the subnet 92.48.0.0; denies the other packets. 291 SIGNAMAX LLC • www.signamax.eu...
Page 292: Netbios/Samba Filtering
Port 138 netbios-dgm the NETBIOS data service used by Samba in Linux Port 139 netbios-ssn the NETBIOS session service used by Samba in Linux Therefore, to realize Netbios/Samba filtering, prohibit ports 137, 138, and 139 of TCP/UDP via ACL. 292 SIGNAMAX LLC • www.signamax.eu...
Page 293: Span Configuration
Configure the RSPAN Destination Session on another switch, and the destination port and the RSPAN VLAN need to be specified; the RSPAN Destination Session sends the data of the RSPAN VLAN to the destination port. 293 SIGNAMAX LLC • www.signamax.eu...
Page 294 RSPAN VLAN RSPAN Vlan should be an idle Vlan for RSPAN using specially, and its Vlan number can be 2- 4094. Users can choose an idle Vlan flexibly when configuring, but need to ensure that all 294 SIGNAMAX LLC • www.signamax.eu...
Page 295: Basic Commands
To clear local configuration of the SPAN Session remote To clear remote configuration of the RSPAN Session After the SPAN Session is configured, users can clear the previous configured parameters via the command no monitor session. 295 SIGNAMAX LLC • www.signamax.eu...
Page 296 } Syntax Description port port-id | link-aggregation linkNum A destination port can be a physical port or aggregation group remote vlan vlan-id To associate the RSPAN VLAN with the RSPAN Source Session 296 SIGNAMAX LLC • www.signamax.eu...
Page 297: Application Example
1 source port 0/1 rx To configure the monitored port, and the type of the monitored traffic is rx switch(config)#monitor session 1 destination port 0/20 To configure the destination port Application Example 2 To configure the remote SPAN Session 297 SIGNAMAX LLC • www.signamax.eu...
Page 298 Command Description switch(config)#port 0/10 To enter the port configuration mode switch(config-port-0/10)#port mode hybrid To configure the port mode as hybrid switch(config-port-0/10)#port hybrid vlan 800 tagged To join vlan 800 in tag mode switch(config-port-0/10)#exit 298 SIGNAMAX LLC • www.signamax.eu...
Page 299 Switch(config)# no monitor session 1 To clear the configuration Switch(config)# monitor session 1 source remote vlan 800 To associate the RSPAN VLAN with the RSPAN Destination Session Switch(config)# monitor session 1 destination port 0/3 To specify the destination port 299 SIGNAMAX LLC • www.signamax.eu...
Page 300: Monitoring & Debugging
SPAN Session name Type: Local Session SPAN type Source Ports: 0/1 Monitored port BOTH: 0/1 Monitoring Type Destination Port: port 0/2 Destination Port Debugging Commands Command Description (no) debug span_monitor To enable (disable) the SPAN debugging switch 300 SIGNAMAX LLC • www.signamax.eu...
Page 301: Switching Interface Configuration
The command configures a switching interface. The no syntax of the command can be used to delete a switching interface. interface vlan vlan-id no interface vlan vlan-id Syntax Description vlan-id The number of VLAN bound with a switching interface 301 SIGNAMAX LLC • www.signamax.eu...
Page 302 D efault status n o switching interface 【】 302 SIGNAMAX LLC • www.signamax.eu...
Page 303: Network Protocol
Signamax switches support Internet network protocols. The Internet Protocol is the protocol based on packets and is used to exchange data via a computer network. Signamax switches support all the demands prescribed in the RFC of Internet Protocol (IP), including IP, ICMP, IGMP, TCP and UDP services.
Page 304: Configure Ip Address
For large-scale network systems, Class A addresses are used, while Class B and Class C IP addresses would most likely be used for medium and small scale network systems. Class D and E addresses are reserved for special use. 304 SIGNAMAX LLC • www.signamax.eu...
Page 305: Basic Commands For Configuring Ip Addresses
"subnet" has emerged. A "subnet" uses several bits of a host number as the subnet. In this way, a large-scale network can be divided to smaller subnets, which validates the network management. Signamax switches support the following IP address features: Supports the feature of class network addresses •...
Page 306 A subnet mask is used to identify the network number of an IP address. When a mask is used to determine a subnet in a network, the mask is regarded as a subnet mask. Signamax switches only support network masks which are composed of several continuous “1” bits with left alignment.
Page 307: Example
Those assistant IP addresses configured for the same interface have priority according to their configuration time. At the same time, these IP addresses are not required in the same network segment (that is, IP addresses have different network numbers) thereby allowing switches to forward packets quickly. 307 SIGNAMAX LLC • www.signamax.eu...
Page 308: Viewing Ip Address Configuration
0 output error ,0 collisions, 0 interface resets, 0 underrun 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier , 0 excessive collision IP Protocol The contents of this section are as follows: 308 SIGNAMAX LLC • www.signamax.eu...
Page 309: Basic Commands For Configuring Ip Protocol
Enable/Disable IP Route Forwarding ip routing Each Signamax switch enables IP route forwarding by default. But it can be disabled under certain conditions, which can be realized under the following operations. Execute the following command in the global configuration mode:...
Page 310: Permit/Prohibit Ip To Send Redirection Messages
The redirection packet of icmp can result in the update of the routing table. The default setting of a Signamax switch is not to update route after the switch receives the redirection icmp packet. But users can select to update the route.
Page 311: Fast Forwarding Route Cache
】 The no format of the command is to disable the route cache. Configure IP Protocol Attributes Signamax switches can be configured with the following IP attributes. Configure IP Protocol Input Queue Configure the following command in global mode: ip option queue-length...
Page 312: Configure Default Time-To-Live (Ttl) Of Sending Data Packet
The no command and default command are used to recover the default value. Time-to-live is not the real time, but the skip times of packets. Tt1 is reduced by 1 every time going through a switch and when ttl is 0, the switch drops the IP packet. 312 SIGNAMAX LLC • www.signamax.eu...
Page 313: Enable Ip Recv-Checksum
E n a b le I P s e n d -c h e c k s u m Configure the following command in global mode: ip option send-checksum ip option send-checksum no ip option send-checksum default ip option send-checksum D efault status B y default, send-checksum is enabled. 【】 313 SIGNAMAX LLC • www.signamax.eu...
Page 314: Observe Ip Statistics
--- Number of packets with wrong addresses fastforwardtotal --- Number of packets that are fast forwarded fastforward --- Number of packets that can be fast forwarded cannotfastforward 0 --- Number of packets that cannot be fast forwarded 314 SIGNAMAX LLC • www.signamax.eu...
Page 315: Debug Ip Layer Packets
In the Internet Protocol stack, the Internet Control Message Protocol (ICMP) provides services such as controls, error reports and network tests, etc. for other protocols in the Internet stack. The Signamax switch supports RFC792, RFC950 and RFC1122. The contents of this section are as follows:...
Page 316: Basic Commands For Configuring Icmp
Disabling Option of Source End Configure in global configuration mode: ip icmp source-quench ip icmp source-quench no ip icmp source-quench 【【【【 Default status】】】】 The option is disabled by default. 316 SIGNAMAX LLC • www.signamax.eu...
Page 317: Display Icmp Statistics
Input histogram: input information echo reply: ---The number of echo replies destination unreachable: times unreachable destination echo： ---The number of echoes 0 message response generated The number of the response packets 317 SIGNAMAX LLC • www.signamax.eu...
Page 318: Tcp Protocol
TCP Protocol The Transmission Control Protocol (TCP) provides a highly reliable data transmission service between application programs. Signamax switches support RFC793, RFC813, RFC879, RFC896 and RFC1122. The contents of this section are as follows: Basic commands for configuring TCP •...
Page 319: Basic Commands For Configuring Tcp
N o t e N o t e “*” before command means it has configuration example description. Configure TCP Attributes Signamax switches can be configured with the following TCP attributes. Configure TCP recvbuffers size ip tcp recvbuffers ip tcp recvbuffers {buffer-size}...
Page 320: Configure Tcp Sendbuffers Size
T he default value is 512 bytes. 【】 The no command and default command are used to recover the default value of TCP max packet segment size. Configure TCP Max Round-trip Time ip tcp round-trip 320 SIGNAMAX LLC • www.signamax.eu...
Page 321: Configure Idle Time
TCP keepalive times, and the value range is keep-count 3-20. D efault status T he default value is 8. 【】 The no command and default command are used to recover the default value of TCP keepalive times. 321 SIGNAMAX LLC • www.signamax.eu...
Page 322: Configure Tcp Using Path Mtu Discovery
0 data packet (0 byte) ---The number packets (byte number) 0 data packet (0 byte) retransmitted ---The number of resent packets (byte number) 0 ack-only packet (0 delayed) ---The number of acknowledge packets 322 SIGNAMAX LLC • www.signamax.eu...
Page 323 0 discarded for bad header offset field number packets discarded because of bad header offset field 0 discarded because packet too short number packets discarded because of too short 0 connection request ---- The number of 323 SIGNAMAX LLC • www.signamax.eu...
Page 324: Udp Protocol
UDP Protocol The User Datagram Protocol (UDP) provides the basic service of data transmission between application programs. Signamax switches support RFC768. The contents of this section are as follows: Basic commands for configuring UDP •...
Page 325: Configure Udp Protocol Attributes
N o t e “*” before command means it has configuration example description. Configure UDP Protocol Attributes Signamax switches can be configured with the following UDP attributes. Configure Time-To-Time Live of Sending UDP Data Packet ip udp default-ttl ip udp default-ttl {time-to-live}...
Page 326: Configure Udp Recv-Checksum
0 incomplete header ---The number of packets with incomplete UDP headers 0 bad data length field ---The n umber of packets with bad UDP data length field 0 bad checksum The number of packets with 326 SIGNAMAX LLC • www.signamax.eu...
Page 327: Socket Interface
A socket is a mechanism that network application programs use to access lower layer network resources. Signamax switches support the standard socket interface mechanism and a series of socket applications. The command Show Ip Sockets can be used to display the usage situation of the TCP/UDP connection used by the system, and is helpful to troubleshoot.
Page 328 Local Address -- indicated the local address and port number of the connection Foreign Address – remote address and port number of the connection vrf–The VRF to which tbe current socket belongs For TCP connection, (State) indicates the TCP state. 328 SIGNAMAX LLC • www.signamax.eu...
Page 329: Configure Route
Configure Route This chapter mainly introduces the routing mechanisms of Signamax switches and how to configure the static route to achieve interconnection of network. The contents are as follows: Brief introduction to routing • Configure static route/default route • Configure RIP route •...
Page 330: Configure Static Route/Default Route
IP packets between source and destination adopt the route specified by users. Compared with the dynamic route protocol, its advantages are security and resource efficiency. The static route is unlike the dynamic route which needs to occupy the line bandwidth. It can 330 SIGNAMAX LLC • www.signamax.eu...
Page 331 The configuration of the static route comprises: Configure static route • Configure default route • Display static route • Debug static route • 331 SIGNAMAX LLC • www.signamax.eu...
Page 332: Basic Commands For Static Route/Default Route
The symbol “*” before the command description means that there is the configuration example to describe the command in details later. Configuration mode means the mode for executing the configuration command, such as config, config-if-xx (interface name) and config-xx (protocol name). 332 SIGNAMAX LLC • www.signamax.eu...
Page 333: Configure Static Route
【【【【】】】】 In practical applications, the configuration of the static route should better adopt the IP address of the next hop. In a point-to-multipoint network (for example, X.25 and FR), users 333 SIGNAMAX LLC • www.signamax.eu...
Page 334 128.255.0.0 255.255.0.0 128.255.1.1 210 To configure a static route which points to the gateway of the next hop, and its administration distance is 210. 2. Configure the administration distance of the static route 334 SIGNAMAX LLC • www.signamax.eu...
Page 335 The unit of period running time of static routing management task is second, and its value range is among 1-60. D efault Status T he default running period is 25 seconds. 【【【【】】】】 Recursion Command 335 SIGNAMAX LLC • www.signamax.eu...
Page 336: Configure Default Route
The administration distance, its value is 1 2 55 ～ No default route is configured 【【【【 D efault Status 】】】】 C onfiguration example 【【【【】】】】 336 SIGNAMAX LLC • www.signamax.eu...
Page 337: Display Static Route
The route which has the vrf_name attribute C onfiguration example 【【【【】】】】 Command Description switch #show ip route static To display all presently configured static routes and default routes 337 SIGNAMAX LLC • www.signamax.eu...
Page 338: Debug Static Route
C ommand mode t he privileged user mode 【【【【】】】】 C onfiguration example 【【【【】】】】 switch#debug ip routing switch(config-if-vlan1)#no shutdown switch(config-if-vlan1)# Displayed Result Analysis 338 SIGNAMAX LLC • www.signamax.eu...
Page 339: Configure Rip Dynamic Route
RIP (Routing Information Protocol) is a kind of distance-vector interior gateway routing protocol (IGP), which is usually applied for the route learning of the simple small-scale networks. The section mainly explains how to configure RIP dynamic routing protocol to interconnect networks. 339 SIGNAMAX LLC • www.signamax.eu...
Page 340: Rip Basic Commands
To configure the RIP timers config-rip timers basic holddown-interval flush-interval config-rip-af version {1 | 2} *To configure the global version of RIP config-rip config-rip-af ip rip authentication mode {text | md5} configure protocol packet config-if-xxx 340 SIGNAMAX LLC • www.signamax.eu...
Page 341 This command is used to enable the RIP protocol and enter the RIP route configuration mode. The no format of the command can be used to disable the RIP protocol. router rip 341 SIGNAMAX LLC • www.signamax.eu...
Page 342 【】 Caution In RIP v2, use the route auto-summary function carefully. Make sure that it is necessary to perform the route auto-summary in the network. Otherwise, it may cause the route loop. default-information originate 342 SIGNAMAX LLC • www.signamax.eu...
Page 343 To configure the management distance of the RIP route; the value range is 1- 255. D efault status d istance-value: 120 【】 distribute-list This command is used to configure the RIP route filtering. It is used to filter the learned 343 SIGNAMAX LLC • www.signamax.eu...
Page 344 (such as the re-distributed routes). The no format of the command is used to cancel the limitation for the maximum number. maximum-prefix max-number [warning-percent] no maximum-prefix Syntax Description 344 SIGNAMAX LLC • www.signamax.eu...
Page 345 When some link layers cannot learn the point-to-point interfaces of the peer address in the different subnets, it is necessary to use the ip route peer-address command to configure the peer IP address and configure the 345 SIGNAMAX LLC • www.signamax.eu...
Page 346 The command is to solve the packet loss problem when the high-speed interface sends the RIP protocol packets to the low-speed interface. The no format of the command is used to recover the default value of the minimum interval of sending the packets in one RIP 346 SIGNAMAX LLC • www.signamax.eu...
Page 347 To configure the buffer size of the RIP received packets; the unit is byte and the value range is 41600-5242880. D efault status b uffer-size: 41600 bytes (the default size of the buffer of the UDP socket 【】 347 SIGNAMAX LLC • www.signamax.eu...
Page 348 To configure the name of the route map of RIP re-distributing other protocol routes To configure the sub-route type of RIP e-distributing other protocol routes; match when the parameter is configured, only the routes that match the sub-type are re-distributed. 348 SIGNAMAX LLC • www.signamax.eu...
Page 349 RIP routing domain. RIP v2 and no auto- summary are recommended. The no format of the command is used to recover the default value of the version used by RIP globally. version {1 | 2} 349 SIGNAMAX LLC • www.signamax.eu...
Page 350 ID is the key ID of the password on key-chain. When getting the packet sending authentication password from Key-chain, the minimum valid sending password of Key ID is got. 350 SIGNAMAX LLC • www.signamax.eu...
Page 351 】】】】 ip rip authentication key-chain This command is used to configure the password chain of RIP v2 protocol packet authentication on the interface. The command needs to be used with the ip rip 351 SIGNAMAX LLC • www.signamax.eu...
Page 352 The no format if the command is used to recover the default value of the version of the received RIP packets on the interface. ip rip receive version {1 / 2} no ip rip receive version 352 SIGNAMAX LLC • www.signamax.eu...
Page 353 0s, that is, do not re-transmit route request packets. 【【【【】】】】 ip rip send version This command is used to configure the version of the sent RIP packets on the interface, 353 SIGNAMAX LLC • www.signamax.eu...
Page 354 If the route update packet is not received from the peer end after the configured timeout time, cancel the regular sending of the route request packet. The no format of the command is used to cancel the standby interface of the RIP interface. ip rip standby interface [timeout timeout-value] 354 SIGNAMAX LLC • www.signamax.eu...
Page 355 】】】】 ip summary-address rip This command is used to configure the address summary of RIP v2 on the interface. The address summary is invalid for RIP v1. The minimum metric in the summarized routes serves 355 SIGNAMAX LLC • www.signamax.eu...
Page 356 To clear the RIP information of a specified VRF To clear the RIP process information, which is equivalent to resetting process process To clear the RIP statistics information statistics D efault status 【】 356 SIGNAMAX LLC • www.signamax.eu...
Page 357: Rip Configuration Example
Description switch-B#configure terminal To enter the global configuration mode switch-B(config)#router rip To enable the RIP routing protocol and enter the RIP configuration mode switch-B(config-rip)#version 2 To configure the version of the RIP protocol as 2 357 SIGNAMAX LLC • www.signamax.eu...
Page 358: Example Of Configuring Rip Learning Ipv4 Route From Standby Interface
E xa m p le o f Co n f ig u rin g RI P L e a rn in g IP v4 Ro u te fro m S ta n d b y In te rfa c e Example networking of configuring RIP learning IPv4 route from the standby interface Illustration 358 SIGNAMAX LLC • www.signamax.eu...
Page 359 To enter the interface configuration mode switch-A(config-if-vlan2)#ip address 10.1.1.2 255.255.255.0 To configure the IP address of the interface switch-A(config-if-vlan2)#ip rip standby vlan 1 To configure the standby interface of vlan2 in RIP as vlan1 to speed up the convergence 359 SIGNAMAX LLC • www.signamax.eu...
Page 360 To configure the IP address of the interface switch-C(config-if-vlan2)#exit To exit the interface configuration mode switch-C(config)#interface vlan 1 To enter the interface configuration mode switch-C(config-if-vlan1)#ip address 12.1.1.2 255.255.255.0 To configure the IP address of the interface 360 SIGNAMAX LLC • www.signamax.eu...
Page 361: Rip Monitoring And Debugging
Kernal max route limit : 21000 Config max route limit : None Distance of routes : 120 Default redistribut metric: 1 Timer update rate : 30 seconds with +/-50% jitter Timer invalid interval : 180 seconds 361 SIGNAMAX LLC • www.signamax.eu...
Page 362: Show Ip Rip Database
T: the route type; N is the direct-connected route covered by RIP; L is the route learned from the neighbor; R is the route of re-distributing other protocol; D is default route generated by configuring the default-information originate command; S is the route 362 SIGNAMAX LLC • www.signamax.eu...
Page 363: Show Ip Rip Statistics
Database route number Interface switchethernet0 statistics Recv bad packets Recv bad routes Sent updates : 21 Request (sent/recv/err) : 1/1/0 Response (sent/recv/err) : 19/9/1 Unknown (sent/recv/err) : 0/0/0 Peer neighbor statistics Peer-address Bad-packets Bad-routes Interface 10.1.1.2 vlan1 363 SIGNAMAX LLC • www.signamax.eu...
Page 364: Show Ip Rip Interface
Description and analysis: The result displays the running information of the RIP protocol interface. show running-config router rip switch-A#show running-config router rip Displayed result: router rip version 2 network vlan1 no auto-summary exit Description and analysis: 364 SIGNAMAX LLC • www.signamax.eu...
Page 365: Show Ip Route Rip
D e b u g g in g Co m ma n d E xa mp le For environment, refer to Example of Configuring RIP Learning IPv4 Route. debug ip rip events switch-A#debug ip rip events Displayed Result Analysis 00:22:08: RIP: RIP[kernel]: instance up Enable the RIP protocol 365 SIGNAMAX LLC • www.signamax.eu...
Page 366 00:26:10: RIP: ROUTE[VRF kernel]: Route 11.1.1.0/24 add into kernal Add the route to the core route table 00:26:09: RIP: ROUTE[VRF kernel]: Route 11.1.1.0/24 delete from kernal Delete the route from the core route table debug ip rip trigger switch-A#debug ip rip trigger 366 SIGNAMAX LLC • www.signamax.eu...
Page 367 00:30:09: RIP: TIMER[garbage]: Next garbage timer interval 133 The timeout time of the next route deleting timer is 133s. 00:32:22: RIP: TIMER[garbage]: Garbage time out 11.1.1.0/24 Deleting route 11.1.1.0/24 times out; delete the route from the database. 367 SIGNAMAX LLC • www.signamax.eu...
Page 369: Ospf Dynamic Route Configuration
Virtual connection: Supports the virtual connection to the backbone area; Incomplete stub area: Supports NSSA area and complies with rfc3101; Demand lines: Supports demand lines and complies with rfc1793; Function of control database overflowing: complies with rfc1765; SIGNAMAX LLC • www.signamax.eu...
Page 370: Ospf Basic Commands
| metric { metric- route domain. The cost, cost value } | metric-type { type-value type and route mapping can route-map { map-name be specified. metric-value config-ospf default-metric Specify the cost of all re- 2 SIGNAMAX LLC • www.signamax.eu...
Page 371 (the mode defined standard} by RFC2328). The default value is standard mode. After times config-ospf transmitting DD or LS-UPD packets exceeds 25, whether ospf retransmit auto-killnbr DOWN neighbor automatically. By default, the neighbor is not DOWN. After 3 SIGNAMAX LLC • www.signamax.eu...
Page 372: Commands For Configuring Ospf Area
OSPF hold-time (that is the minimum interval of two SPF calculations). C om ma nd s for C on fig u rin g OS P F Ar ea Command Description Configuration 4 SIGNAMAX LLC • www.signamax.eu...
Page 373 } md5 { consistent with those of the common OSPF interface. C om ma nd s for C on fig u rin g OS P F I nte rf ac e Configuration Command Description Mode 5 SIGNAMAX LLC • www.signamax.eu...
Page 374 Set the priority of OSPF config-if-xx ip-address priority- ip ospf [ ] priority router. parameter value used during DR election. Set the interval of notifying config-if-xx ip-address ] retransmit- ip ospf the lost connection status of 6 SIGNAMAX LLC • www.signamax.eu...
Page 375: Commands For Configuring Ospf
OSPF process. The OSPF process belonging to one VRF can manage only the interfaces that belong to the VRF. D o not run the OSPF protocol. 【【【【 D efault status 】】】】 7 SIGNAMAX LLC • www.signamax.eu...
Page 376 OSPF routers connected to one OSPF area are consistent and compatible. ip ospf authentication This command is used to specify the authentication mode of the OSPF interface. The no format of the command is used to delete the 8 SIGNAMAX LLC • www.signamax.eu...
Page 377 Configure the un-encrypted password. Configure the encrypted password, used for the script running when enabling the password encrypting service. The user should not configure the command manually. password The password of the text authentication. 9 SIGNAMAX LLC • www.signamax.eu...
Page 378 After configuring one authentication mode, you need to configure the corresponding authentication password so that the authentication can take effect completely. example, after configuring text authentication mode, you need to configure the corresponding text password. 10 SIGNAMAX LLC • www.signamax.eu...
Page 379 This command is used to set the dead time of the neighbor of the interface. The unit is second. If not receiving the hello packets of the 11 SIGNAMAX LLC • www.signamax.eu...
Page 380 The maximum transmission unit of the interface; the value range is 576-65535. D efault status B y default, the maximum transmission unit of the 【【【【】】】】 OSPF interface is not configured and adopts the default value. 12 SIGNAMAX LLC • www.signamax.eu...
Page 381 Point-to-multipoint network point-to-multipoint non- Point-to-multipoint non-broadcast network broadcast D efault status T he network type of the OSPF interface is not 【【【【】】】】 configured and adopts the default value. 13 SIGNAMAX LLC • www.signamax.eu...
Page 382: Configure Basic Parameters Of Ospf Area
[message-digest] no area area-id authentication Syntax Description area-id Area ID authentication Configure the OSPF area as the text authentication authentication message-digest Configure the OSPF area as the MD5 authentication 14 SIGNAMAX LLC • www.signamax.eu...
Page 383 Area ID number The cost of type-3 LSA default route; the value cost range is 0-16777215. D efault status I t is not configured and adopts the default value. 【【【【】】】】 15 SIGNAMAX LLC • www.signamax.eu...
Page 384: Configure Ospf Nssa Area
The area ABR of NSSA always converts type-7 LSA translate-always to type-5 LSA. The election between NSSA ABR decides whether to translate-candidate convert type-7 LSA to type-5 LSA. translate-never The area ABR of NSSA never converts type-7 LSA to 16 SIGNAMAX LLC • www.signamax.eu...
Page 385 To make the area range command become invalid, use the no area range command. area area-id range prefix-range [advertise | not-advertise] no area area-id range prefix-range [advertise | not-advertise] Syntax Description area-id Area ID number prefix-range Summary address 17 SIGNAMAX LLC • www.signamax.eu...
Page 386: Configure Ospf To Re-Distribute Outer Route Summary
Set the tag not-advertise Do not notify after summarizing D efault status D o not summarize. 【】 Note The command takes effect only on ASBR and summarizes the outer routes of OSPF re-distribution. 18 SIGNAMAX LLC • www.signamax.eu...
Page 387: Configure Ospf Virtual Connection
Seconds interval D efault status The virtual connection is not configured. 【【【【】】】】 Note The router to be configured with the virtual connection should be the area edge router. 19 SIGNAMAX LLC • www.signamax.eu...
Page 388: Configure Ospf Demand Circuits
On the demand circuit, the hello packets and LSAs are sent only when initializing the neighbor or the topology changes. If the route needs to be re-calculated because there are important changes on the topology, the 20 SIGNAMAX LLC • www.signamax.eu...
Page 389: Configure Ospf To Generate Default Route
AS edge router to generate a default route to the OSPF route area. default-information originate This command is used to configure the AS edge router to generate a default route to the OSPF route area. You can specify the cost, cost 21 SIGNAMAX LLC • www.signamax.eu...
Page 390: Configure Ospf Reference Bandwidth
C on fig u re OSPF Man ag em e n t Dis tan ce The management distance means the reliability of the route source or the priority level. Usually, it is an integer from 0-255. The bigger the value, the lower the reliability, the lower the priority. 22 SIGNAMAX LLC • www.signamax.eu...
Page 391: Configure Blocking Flooding Lsa On Ospf Interface
LSA flooding on the specified interface by configuring the following commands. database-filter all out Configure the command on one interface and you can block LSA from flooding to the interface. ip ospf [ip-addr] database-filter all out 23 SIGNAMAX LLC • www.signamax.eu...
Page 392 After the total number of the LSAs exceeds the set soft maximum value, provide alarm prompt information when receiving new LSA. D efault status It is not configured. 【】 24 SIGNAMAX LLC • www.signamax.eu...
Page 393: Configure Ospf Route Re-Distribution
D efault status The command is not configured; Do not re- 【【【【】】】】 distribute any protocol. Note After configuring re-distribute command, OSPF router automatically generates AS edge router (ASBR). 25 SIGNAMAX LLC • www.signamax.eu...
Page 394: Configure Ospf Route Filtering
After configuring the command, the route information is not sent or received on the interface. The no format of the command is used to 26 SIGNAMAX LLC • www.signamax.eu...
Page 395 {access {access-name} | prefix {prefix- name} } in | out no area area-id filter-list {access {access-name} | prefix {prefix- name} } in | out Syntax Description area-id The ID of the area receiving or notifying type-3 LSA 27 SIGNAMAX LLC • www.signamax.eu...
Page 396: Configure Ospf Graceful Restart
When flooding LSA during neighbor helper, the LSA update is not checked by default. You can configure the command to enable the OSPF graceful restart helper to perform strict LSA update. The no format 28 SIGNAMAX LLC • www.signamax.eu...
Page 397: Restart Ospf Process
[process-id] process Syntax Description process-id OSPF process number D efault status D o not execute the command. 【】 OSPF Configuration Example E na bl e OS P F Pr oc es s 29 SIGNAMAX LLC • www.signamax.eu...
Page 398 1 area. Switch-B(config-ospf)#exit Switch-B(config)#interface vlan3 Switch-B(config-if- vlan3)# address 30.1.1.1 Configure interface 255.255.255.0 address. Switch-B(config-if- vlan3)#exit Switch-B(config)# int vlan2 Switch-B(config-if- vlan2)# address 70.1.1.2 Configure interface 255.255.255.0 address. Switch-B(config-if- vlan2)# exit Switch -C configuration: 30 SIGNAMAX LLC • www.signamax.eu...
Page 399 Switch-A(config-if- vlan1)# ip ospf authentication-key Configure text authentication password 0 Signamax Switch-A(config-if- vlan1)# ip ospf hello-interval 20 Configure the hello interval Switch-A(config-if- vlan1)#exit Switch-B configuration: Command Description Switch-B(config)#int vlan2 31 SIGNAMAX LLC • www.signamax.eu...
Page 400: Configure Ospf Area Parameters
OSPF switches on the Ethernet networks of switch-A and switch-B, but the text authentication is not configured or the text authentication password is not Signamax, the OSPF neighbor cannot be set up with switch-A or switch-B. C on fig u re OSPF Ar ea Par a me ter s To configure area 1 as MD5 authentication and configure it as stub area, configure as follows.
Page 401 Switch-B(config-std-nacl)# deny host 44.44.44.44 Configure the deny address Switch-B(config-std-nacl)# permit 44.44.44.0 0.0.0.255 Configure permit address Switch-B(config-std-nacl)#exit Switch-B(config)#router ospf 1 Enter the OSPF configuration mode Switch-B(config-ospf)# network 44.44.44.0 0.0.0.255 Specify the OSPF interface and area 1 area 33 SIGNAMAX LLC • www.signamax.eu...
Page 402 Switch-B(config-ospf)# Apply the access list name area filter-list access Signamax to the filtering at the Signamax in in direction of area 0 Switch-B(config-ospf)#exit After the configuration, area 0 cannot learn the route 44.44.44.45/32 of area 1 and can only learn the route 44.44.44.46/32 of area 1.
Page 403: Configure Ospf To Filter Outer Routes
Filter the static route that do not match ACL 33 Switch-C(config-ospf)#exit Switch-C(config)# ip route 88.88.88.88 255.255.255.255 Configure static routes vlan1 Switch-C(config)# ip route 99.99.99.99 255.255.255.255 Configure static routes vlan1 Switch-C(config)#ip access-list standard 33 Configure the standard access list 35 SIGNAMAX LLC • www.signamax.eu...
Page 404: Configure Management Distance Of Ospf Route
Gateway of last resort is not set 26.26.26.26/32 [100/2] via 70.1.1.2, 00:00:04, vlan1 30.1.1.1/32 [100/2] via 70.1.1.2, 00:00:04, vlan1 OE 77.77.77.77/32 [100/20] via 70.1.1.2, 00:00:04, vlan1 Modify the distance of various OSPF route types: Switch-A configuration: 36 SIGNAMAX LLC • www.signamax.eu...
Page 405: Configure Ospf Nssa Area
From the LSA database of area 1 on switch-B, you can see the corresponding NSSA-LSA, as well as the converted AS External LSA. On switch-B, the outer route labeled as N2 type can be learned; on switch-A, the outer route labeled as E2 type can be learned. 37 SIGNAMAX LLC • www.signamax.eu...
Page 406: Configure Ospf Virtual Connection
60.1.1.1 via the transmission area 1. Switch-C(config-ospf)#exit After the configuration, switch-C sets up a neighbor to switch-B via the virtual connection. In this way, area 0 and area 2 are connected. 38 SIGNAMAX LLC • www.signamax.eu...
Page 407: Ospf Monitoring And Debugging
[ display the statistics information about one type of routes, external | inter-area | intra- one specified route and routes. area | statistic] process-id show ip ospf Display the OSPF virtual connection information. virtual-link 39 SIGNAMAX LLC • www.signamax.eu...
Page 408: Monitoring Command Example
1. For example: Display the interface information of OSPF: Switch-A# show ip ospf interface vlan1 Displayed Result Description and Analysis vlan1 is up, line protocol is up OSPF interface name: vlan1 Internet Internet Address 70.1.1.1, 40 SIGNAMAX LLC • www.signamax.eu...
Page 409 LS-Ack received 3 sent 2, Discarded 0 Display OSPF neighbor: Switch-A#show ip ospf 1 neighbor Displayed result: OSPF process 1: Neighbor ID State Dead Time Address Interface 70.1.1.2 Full/DR 00:00:33 70.1.1.2 vlan1 Description and analysis: 41 SIGNAMAX LLC • www.signamax.eu...
Page 410: Debugging Commands
The no format of the command is used to disable the corresponding debugging switch. The debug all command can be used to enable all debugging switches. The no debug all command can be sued to disable all debugging switches. 42 SIGNAMAX LLC • www.signamax.eu...
Page 411: Debugging Command Example
DR is 70.1.1.2 and 00:52:23: OSPF: IFSM[vlan1:70.1.1.1]: IfIndex[1]: BDR is 70.1.1.1. Election[1st]: Backup 70.1.1.1 00:52:23: OSPF: IFSM[vlan1:70.1.1.1]: IfIndex[1]: Election[1st]: DR 70.1.1.2 00:52:23: OSPF: IFSM[vlan1:70.1.1.1]: IfIndex[1]: Election[2nd]: Backup 70.1.1.1 00:52:23: OSPF: IFSM[vlan1:70.1.1.1]: IfIndex[1]: Election[2nd]: DR 70.1.1.2 43 SIGNAMAX LLC • www.signamax.eu...
Page 412 00:52:23: OSPF: SEND[LS-Upd]: To 224.0.0.5 via vlan1:70.1.1.1 it needs to send 00:52:23: OSPF: RECV[LS-Upd]: From 70.1.1.2 update vlan1:70.1.1.1 (70.1.1.2 -> 224.0.0.5) response packets. 00:52:24: OSPF: SEND[LS-Ack]: To 224.0.0.5 via vlan1:70.1.1.1 00:52:24: OSPF: RECV[LS-Ack]: From 70.1.1.2 vlan1:70.1.1.1 (70.1.1.2 -> 224.0.0.5) 44 SIGNAMAX LLC • www.signamax.eu...
Page 413 00:52:32: OSPF: SEND[Hello]: To 224.0.0.5 via vlan1:70.1.1.1 keep neighbor status 00:52:33: OSPF: RECV[Hello]: From 70.1.1.2 via vlan1:70.1.1.1 alive. (70.1.1.2 -> 224.0.0.5) 00:52:33: OSPF: NFSM[vlan1:70.1.1.1-70.1.1.2]: Full (HelloReceived) 00:52:33: OSPF: NFSM[vlan1:70.1.1.1-70.1.1.2]: nfsm_ignore called 00:52:33: OSPF: NFSM[vlan1:70.1.1.1-70.1.1.2]: Full (2- WayReceived) 45 SIGNAMAX LLC • www.signamax.eu...
Page 414: Acl Configuration
Action Group 3 Action1 Action2 There are three kinds of objects that can apply ACL in Signamax S34xx switch, including global object, VLAN object and port object. Global object refers to the switch and the ACL takes effect on all packets entering the switch;...
Page 415: Overview
Reference the Traffic Meter in the configuration parameters of action groups according to the names. The configurations related with ACL function of Signamax S34xx switches include action group configuration, traffic meter configuration and time range configuration, which are described in this chapter.
Page 416: Acl Classification
If named after numbers, the four kinds of access lists all have fixed number ranges. Access list Type Number Range IP standard access list 1–1000 IP extended access list 1001–2000 MAC standard access list 2001–3000 48 SIGNAMAX LLC • www.signamax.eu...
Page 417: Configure Ip Standard Access List
This command is to define the rule of an IP standard access list named after numbers. access-list access-list-number { permit | deny } {any | source source-wildcard | host source} [time-range time-range-name] [action-group action-group-name] 49 SIGNAMAX LLC • www.signamax.eu...
Page 418 [Configuration mode] Global configuration mode [Default status] By default, no access lists and rules are configured. The no format is to delete an access list named after numbers, including all the rules in it. 50 SIGNAMAX LLC • www.signamax.eu...
Page 419 To specify the time range within which the rule time-range takes effect action-group-name To specify the action taken after the rule is action-group matched [Configuration mode] Configuration mode of IP standard access list 51 SIGNAMAX LLC • www.signamax.eu...
Page 420: Application Example
(config)# access-list 2 permit 92.48.0.0 To permit all the packets from 0.0.255.255 subnet 92.48.0.0 switch (config)# access-list 2 deny any To deny the other packets The following definitions can take the same effect. Command Description 52 SIGNAMAX LLC • www.signamax.eu...
Page 421: Configure Ip Extended Access List
To configure an access list comment config-ext- nacl show ip access-list To display the configuration status of an IP Privilege access list mode clear ip access-list To clear the packet statistics of an IP Privilege access list mode 53 SIGNAMAX LLC • www.signamax.eu...
Page 422 Source IP address and wid-card destination destination- Destination IP address and wid-card wildcard precedence precedence The IP priority of the packet. The following values can be configured: <0-7> The value of the IP priority 54 SIGNAMAX LLC • www.signamax.eu...
Page 423 When adopting the port wildcard matching, you can input only a specified value. destination-port destination- To specify a destination port number. It can be a 55 SIGNAMAX LLC • www.signamax.eu...
Page 424 Login (rlogin, 513) Printer service (515) nntp Network News Transport Protocol (119) pim-auto-rp PIM Auto-RP (496) pop2 Post Office Protocol v2 (109) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) 56 SIGNAMAX LLC • www.signamax.eu...
Page 425 This command is to define an IP extended access list, which can be named after numbers and also can be user-defined. The command enters the configuration mode of the IP extended access list. 57 SIGNAMAX LLC • www.signamax.eu...
Page 426 <0-255> The value of the protocol number icmp Specifies Internet error and control packet protocol (ICMP) igmp Specifies the Internet group management protocol (IGMP) Specifies all Internet protocols Specifies the transmission control protocol (TCP) 58 SIGNAMAX LLC • www.signamax.eu...
Page 427 Distinguished service code point. The following values can be configured. <0-63> The value of the distinguished service code point af11 (10) af12 (12) af13 (14) af21 (18) af22 (20) af23 (22) af31 (26) af32 (28) 59 SIGNAMAX LLC • www.signamax.eu...
Page 428 [sequence] { permit | deny } protocol source source-wildcard [operator source-port [source-port-wildcard]] destination destination- wildcard [operator destination-port [destination-port-wildcard]] [ack / fin / psh / rst / syn / urg] [precedence precedence] [tos tos] [dscp dscp] [time-range time-range-name] [action-group action- group-name] remark 60 SIGNAMAX LLC • www.signamax.eu...
Page 429 This command is to display the configuration status and packet matching statistics of an access list. show access-list [{ access-list-number | access-list-name }] Syntax Description access-list-number The serial number of an access list. The value range is 1-5000. 61 SIGNAMAX LLC • www.signamax.eu...
Page 430: Configure Mac Standard Access List
The symbol “*” before the command description means that there is the configuration example to describe the command in details later. access-list This command is to define the rule of a MAC standard access list 62 SIGNAMAX LLC • www.signamax.eu...
Page 431 The number of the MAC standard access list. The value range is 2001-3000. access-list-name The name of a MAC standard access list. [Configuration mode] Global configuration mode [Default status] By default, no access lists and rules are configured. 63 SIGNAMAX LLC • www.signamax.eu...
Page 432 The serial number of a rule comment remark To configure a comment, indicating that the rule does not take part in the matching and only takes part in the comment and separation of the rules. 64 SIGNAMAX LLC • www.signamax.eu...
Page 433: Application Example
Ethernet type of the Ethernet packet and performs corresponding analysis and processing on the packets. Basic Commands Command Description Configuration Mode access-list To configure an access list Config To configure a MAC extended access list Config access-list extended 65 SIGNAMAX LLC • www.signamax.eu...
Page 434 To configure a comment, indicating that the rule does not take part in the matching and only takes part in the comment and separation of the rules. time-range-name time-range To specify the time range within which the rule 66 SIGNAMAX LLC • www.signamax.eu...
Page 435 [precedence priority] [vlan-id vlan-id-number] [time- range time-range-name] Syntax Description sequence The serial number of a rule permit If the conditions are matched, the access is permitted. deny If the conditions are matched, the access is 67 SIGNAMAX LLC • www.signamax.eu...
Page 436 [Configuration mode] Configuration mode of MAC extended access list [Default status] By default, no access lists and rules are configured. The no format of the command is to delete a comment. no sequence 68 SIGNAMAX LLC • www.signamax.eu...
Page 437: Configure Time Range
PCs are permitted to communicate with the outer Internet. You can define the time range in the access list to meet the user requirements. Basic Commands Command Description Config Mode time-range To configure the time range config 69 SIGNAMAX LLC • www.signamax.eu...
Page 438 The periodic time period takes weeks as reference; absolute time period takes day, month and year as reference. The periodic time period requires one day or some days of a week, beginning time and end time to be configured 70 SIGNAMAX LLC • www.signamax.eu...
Page 439 [sequence] absolute start hh:mm [day [ month [ year ] ] ] end hh:mm [day [ month [ year ] ] ] Command Description sequence The serial number of time range. The value range is 1-2147483647. Absolute To define absolute time range Start Beginning time Ending time 71 SIGNAMAX LLC • www.signamax.eu...
Page 440: Time Range Application
Match the rule only when the time range is in the ACTIVE state. When the time range is in the INACTIVE state, ignore the rule during matching and enter the 72 SIGNAMAX LLC • www.signamax.eu...
Page 441 If the status of the bound time range is ACTIVE, execute the packet matching; if the status of the bound time range is INACTIVE, do not execute the packet matching. It seems that the whole ACL does not exist. 73 SIGNAMAX LLC • www.signamax.eu...
Page 442: Configure Environment Parameters
Command Description frequency-number frequency-number is the interval between twice refreshing. The unit is minute and the default value is 1 minute. [Configuration mode] Global configuration mode [Default status] The default value is 1 minute. 74 SIGNAMAX LLC • www.signamax.eu...
Page 443 Disable the binding relationship with the time range enable Enable the binding relationship with the time range. The default value is enable. [Configuration mode] Global configuration mode [Default status] The default value is enable. 75 SIGNAMAX LLC • www.signamax.eu...
Page 444: Basic Commands
Configure Action Group To support packet classification and traffic control, Signamax S34xx switches extend the traditional ACL. In this way, ACL and each permit rule in the ACL can be bound with an action group. Take the corresponding actions on the matched packets. The action group includes the configurations of packet mirroring, packet re- directing, packet modifying, packet traffic control, and packet counting.
Page 445 When using the command 77 SIGNAMAX LLC • www.signamax.eu...
Page 446 [Default status] By default, the action group is not configured with any meter. The no format of the command is used to delete a meter, that is, do not measure the matched packets. no meter 78 SIGNAMAX LLC • www.signamax.eu...
Page 447 QoS policies in later data transmission. The dp in the command means discarding the priority. Once the packet labels to discard the priority, it enters into corresponding queue in the 79 SIGNAMAX LLC • www.signamax.eu...
Page 448 IP packet TOS to remark the internal priority [Configuration mode] Global configuration mode [Default status] By default, no L2 modifying action is configured in the action group. 80 SIGNAMAX LLC • www.signamax.eu...
Page 449 After being modified, the internal priorities are mapped to different queues in the port output direction according to the configuration. 81 SIGNAMAX LLC • www.signamax.eu...
Page 450: Configure Meter
QoS policies in the later data transmission. 82 SIGNAMAX LLC • www.signamax.eu...
Page 451: Basic Commands
Schedule the packet according to the queue scheduling arithmetic configured on the output port. For queue scheduling configuration, please refer to the chapter of Qos configuration. 83 SIGNAMAX LLC • www.signamax.eu...
Page 452 This command is to configure the traffic meter mode as srtcm or trtcm. The configuration is consistent with the definitions of srtcm and trtcm in RFC2697 and RFC2698 standards. For the definitions of CIR, CBS, 84 SIGNAMAX LLC • www.signamax.eu...
Page 453: Apply Acl To Object
Apply ACL to Object After an access list is created, it can be applied on one or more objects to realize the function of filtering ACL packets. For Signamax S34xx switches, the access list can be applied only at the input direction of the objects.
Page 454 Ethernet priority. But the meter configured on VLAN1 colors the packet according to the current measuring result and takes the action of remarking or non-remarking the packet with discarding priority. The two actions do not conflict with each other, so at last the packet is 86 SIGNAMAX LLC • www.signamax.eu...
Page 455: Basic Commands
IP access list on the port or VLAN object. no ip access-group { access-list-number | access-list-name } { in } If the access list applied on the object does not exist, all the packets passing the object are permitted. 87 SIGNAMAX LLC • www.signamax.eu...
Page 456 0/5 To apply MAC standard access list 2001 at the input direction of port 0/5. The access router(config-port-0/5)# access- list takes effect on all Ethernet frames group 2001 in entering the port. router(config-port-0/5)# exit 88 SIGNAMAX LLC • www.signamax.eu...
Page 457: Monitoring And Debugging
To display all ACL configurations or ACL <acl-name> show access-list configurations specified by acl-name; the displayed content includes ACE which is configured in the ACL and match field, time domain, configuration information of action group of each ACE. 89 SIGNAMAX LLC • www.signamax.eu...
Page 458: Monitoring Command Example
20 permit host 0111.0111.0111 time-range tr1 (active) 30 permit 0010.0010.0000 0000.0000.0fff 40 permit any mac access-list extended 3001 permit host 0111.0111.0111 ether-type 0x0800 precedence 7 vlan-id 512time-range tm (active) 20 permit any any ether-type 0x0800 precedence 7 vlan-id 911 90 SIGNAMAX LLC • www.signamax.eu...
Page 459 Rule 20 is effective only when trl is active. Rule 30 is the rule matching source MAC address range and the mask 0000.0000.0fff. matched address 0010.0010.0***. Rule 40 allows any packet to pass. mac access-list extended 3001 91 SIGNAMAX LLC • www.signamax.eu...
Page 460: Show Time-Range
(inactive) Description and analysis: For the command show access-list with the specified name of the access list, only the specified access list configuration in the command is displayed. show time-range switch#show time-range Displayed result: 92 SIGNAMAX LLC • www.signamax.eu...
Page 461 Displayed result: Timerange name:tr1 (STATE:active) 10 absolute start 14:28 12 march 2008 end 14:28 12 march 2009 (active) 20 periodic daily 09:00 to 18:00 (active) 50 periodic weekend 10:00 to 16:00 (inactive) 93 SIGNAMAX LLC • www.signamax.eu...
Page 462: Show Action-Group
Ethernet frame is remarked according to the priority in the IP packet. meter mt2 (active meter): the meter name associated to the action 94 SIGNAMAX LLC • www.signamax.eu...
Page 463: Show Traffic-Meter
(valid meter config): the name of the meter is test; valid meter config means the meter is configured completely. We can 95 SIGNAMAX LLC • www.signamax.eu...
Page 464: Show Acl-Object
1001 (number of rules = 1) 10 permit ip any any action-group test (inactive) Object:port 0/1 IP ACL name:1 (valid) ip access-list standard 1 (number of rules = 1) 10 permit any time-range tr1 (active) action-group act1 (active) 96 SIGNAMAX LLC • www.signamax.eu...
Page 465 The list is not effective on the object. The list is invalid is due to the insufficient hardware resource. After other objects release hardware resources, the system automatically re-distributes the sources. The ACL configuration 97 SIGNAMAX LLC • www.signamax.eu...
Page 466 2001 (number of rules = 3): the ACL information bound to the object, its name is 2001 and there are three rules. 98 SIGNAMAX LLC • www.signamax.eu...
Page 467: Application Example
One is to use ACL to classify packets; the other is to use ACL to control packet flow. The following uses the example to describe the configuration methods of these two applications. 99 SIGNAMAX LLC • www.signamax.eu...
Page 468 IP addresses is the third type. Use DSCP filed to identify the type. The configuration steps are as follows: Command Description switch#config terminal To configure IP standard access list csl switch(config)#ip access-list standard cs1 switch(config-std-nacl)#permit 10.0.0.0 0.0.0.255 action-group rmk1 switch(config-std-nacl)#permit 10.0.1.0 0.0.0.255 action-group rmk2 switch(config-std-nacl)#permit any action-group rmk3 100 SIGNAMAX LLC • www.signamax.eu...
Page 469 Here, the status of ACL named csl bound to the object of the port is valid. This means that the binding is successfully distributed with hardware resources and the configuration is effective. When hardware resources are insufficient, the 101 SIGNAMAX LLC • www.signamax.eu...
Page 470 IP addresses is the third type and the speed is limited as 50Mbps. The configuration steps are as follows: Command Description switch#config terminal To configure IP standard access list csl switch(config)#ip access-list standard cs1 switch(config-std-nacl)#permit 10.0.0.0 0.0.0.255 action-group act1 switch(config-std-nacl)#permit 10.0.1.0 0.0.0.255 action-group 102 SIGNAMAX LLC • www.signamax.eu...
Page 471 Next, the three meters need to be configured. switch(config)#traffic-meter mt1 To configure the meter mt1, mt2, and mt3 switch(config-meter)#meter mode srtcm 5000 1514 1514 switch(config-meter)#exit switch(config)#traffic-meter mt2 switch(config-meter)#meter mode srtcm 1000 1514 1514 switch(config-meter)#exit switch(config)#traffic-meter mt3 switch(config-meter)#meter mode srtcm 50000 1514 1514 103 SIGNAMAX LLC • www.signamax.eu...
Page 472 Here, the resources occupied by the other objects in the system may be released, and then the system redistributes the resources for the ACL. Therefore, the status of the ACL besomes valid. 104 SIGNAMAX LLC • www.signamax.eu...
Page 473: Qos Configuration
The symbol with “*” before the command description means that the command has configured example detail introduction. [no] map-table { lp-dp | dscp-lp | dscp-dscp | dot1p-lp } index to vlaue The priority mapping is configured for the port. It is mapped to the value 105 SIGNAMAX LLC • www.signamax.eu...
Page 474 { lp-dp | dscp-lp | dscp-dscp | dot1p-lp } value no map-table default { lp-dp | dscp-lp | dscp-dscp | dot1p-lp } value 106 SIGNAMAX LLC • www.signamax.eu...
Page 475: Application Example
Example of Monitoring To display the items in the lp-dp mapping table: The command of show maptable lp-dp Displayed results: port0/0 map-table lp-dp 0 to 7 map-table lp-dp 1 to 6 map-table lp-dp 2 to 5 107 SIGNAMAX LLC • www.signamax.eu...
Page 476: Queue Scheduling Mode
Users can configure that after how many packets are scheduled out from a queue, the packets are transmitted to the next queue. The configuration 0 indicates the strict-priority queue. WDRR: Weighted Deficit Round Robin; is amelioration algorithmic. Basic Commands Command Description Config mode 108 SIGNAMAX LLC • www.signamax.eu...
Page 477: Example Of Application
To enter the port mode Switch(config-port-0/1)#queue-schedule wdrr To configure the scheduling mode and the 1 2 3 4 5 6 7 8 weight of each queue as 1-8 respectively. Switch(config-port-0/1)#exit To exit the port mode 109 SIGNAMAX LLC • www.signamax.eu...
Page 478: Application Example 2
2: 3 weight for queue 3: 4 weight for queue 4: 5 weight for queue 5: 6 weight for queue 6 7 weight for queue 7: 8 Discarding Mode The contents are as follows: 110 SIGNAMAX LLC • www.signamax.eu...
Page 479: Overview
(red and yellow) need to be configured. no drop-mode To cancel the configured config-port-*/* discarding mode and recover to the default value tail-drop drop-mode no drop-mode 111 SIGNAMAX LLC • www.signamax.eu...
Page 480: Application Example
Example of Monitoring To display the configuration of port0/1: Command: show drop-mode port 0/1 Display results: port 0/1 drop mode: sred red drop rate: 3 yellow drop rate: 4 112 SIGNAMAX LLC • www.signamax.eu...
Page 481: Rate Limitation
Overview In order to avoid overloading and congestion of information which passes network, Signamax series switches provide rate limitation based on port input direction. It means that it processes limitation to the total rate of port receiving direction. The flow with exceeding rate will be dropped. To...
Page 482: Example Of Application
250048 12288 Flow Shaping The contents are as follows: Brief introduction to the flow shaping • Explanation of commands for configuring flow shaping • Example of Configuration • Overview There are two kinds of flow shaping: 114 SIGNAMAX LLC • www.signamax.eu...
Page 483: Basic Commands
It means the allowed flow size of each bursting. Syntax Description rate To configure the bandwidth threshold with 64k step length and its value range is among 0~16777152. burst-size The range of bursting flow is among 4096~16773120. 115 SIGNAMAX LLC • www.signamax.eu...
Page 484: Example Of Application
To configure the flow shaping 12176 Switch(config-port-0/1)#exit To exit the port mode Example 2 of Application To configure the flow shaping for the queue 1 of the port0/1 Command Description Switch(config)#port 0/1 To enter the port mode 116 SIGNAMAX LLC • www.signamax.eu...
Page 485: Monitoring & Debugging
Example of Monitoring To display the configuration of port0/2: Command: show traffic-shape port 0/1 Display results ： port 0/1 traffic-shape 250048 12288 traffic-shape of queues: queue_id 1024 4096 8192 2048 117 SIGNAMAX LLC • www.signamax.eu...
Page 486: Configure Aaa
*To enter the privilege authentication config mode aaa authentication ppp configure negotiation config authentication aaa authentication xauth configure XAUTH negotiation config authentication aaa authorization *To configure AAA authorization config aaa authorization config-commands enable authorization config commands 118 SIGNAMAX LLC • www.signamax.eu...
Page 487 Note 1. “*” before command means it has configuration example description. 2. The configuration mode refers to the modes that can execute the configuration command, such as config, config-if-xx (interface name), and config-xx (protocol name). 119 SIGNAMAX LLC • www.signamax.eu...
Page 488: Basic Commands For Configuring Aaa
The no form of the command is used to recover the default prompt information. aaa authentication fail-message fail-message no aaa authentication fail-message Syntax Description fail-message The prompt information when you fail to log 120 SIGNAMAX LLC • www.signamax.eu...
Page 489 The name of the method list method Authentication method None: Pass directly without authenticating the identity Enable: Use the valid password to authenticate the identity (the global enable password). Local: Use the local user database to authenticate the 121 SIGNAMAX LLC • www.signamax.eu...
Page 490 This command is used to configure the method list of PPP identity authentication. The no form of the command is used to delete the method list. This command aaa authentication ppp list-name method1[method2…] no aaa authentication ppp list-name 122 SIGNAMAX LLC • www.signamax.eu...
Page 491 Description exec To configure the EXEC authorization command method list network To configure the authorization method list of the network service default To define the default method list list-name The name of the method list 123 SIGNAMAX LLC • www.signamax.eu...
Page 492 None: Do not execute the authorization Radius: Use RADIUS server to request the authorization information. Tacacs: Use TACACS server to request the authorization information. WORD: Use TACACS or RADIUS server to authenticate. WORD is the name of the server group. 124 SIGNAMAX LLC • www.signamax.eu...
Page 493 To obtain more control right to the accounting you can use wait-start, which ensures that the process request of the user can’t be authorized until the RADIUS or TACACS server receives the start-accounting notice. 125 SIGNAMAX LLC • www.signamax.eu...
Page 494 The no form of the command is used to cancel sending temporary accounting record. aaa accounting update {newinfo | periodic number} no aaa accounting update Syntax Description newinfo To send the temporary accounting record to the server once there is new accounting information 126 SIGNAMAX LLC • www.signamax.eu...
Page 495 This command is used to configure the timeout for waiting the response from Tacacs server response. The no form of the command is used to recover the default value. tacacs-server timeout timeout no tacacs-server timeout Syntax Description 127 SIGNAMAX LLC • www.signamax.eu...
Page 496 Otherwise, it cannot take effect. auth-port The authentication port of Radius server acct-port Accounting port of the Radius server D efault status 【】 C ommand mode S erver group configuration mode 【】 server-private (TACACS) 128 SIGNAMAX LLC • www.signamax.eu...
Page 497 The private server is independent from the global configured server, so it can overlap with the global configured server. ip vrf forwarding This command is used to configure the VRF attributes of a server group. ip vrf forwarding vrf-name no ip vrf forwarding 129 SIGNAMAX LLC • www.signamax.eu...
Page 498 This command is used to configure the RADIUS encryption key. The no form of this command is used to delete the RADIUS encryption key. radius-server key key 130 SIGNAMAX LLC • www.signamax.eu...
Page 499 The source interface specified for the VRF (cooperating with the server group) D efault status N o source interface and select the source address 【】 automatically. C ommand mode G lobal configuration mode 【】 131 SIGNAMAX LLC • www.signamax.eu...
Page 500: Aaa Configuration Examples
Enable the accounting command of the exec default stop-only radius session, and a stop-accounting notice is sent to the RADIUS server when the requested user process ends. (config)# accounting Enable the accounting command connection, and 132 SIGNAMAX LLC • www.signamax.eu...
Page 501 To configure the address of the radius server 192.168.0.1 NAS (config)# radius-server key Configure the key of the RADIUS server, and the key Signamax should be the same as that of the NAS server on the RADIUS server. 133 SIGNAMAX LLC • www.signamax.eu...
Page 502: Checking And Debugging Aaa
C ommand mode P rivilege user mode 【】 show accounting This command is used to display the AAA accounting information. show accounting C ommand mode P rivilege user mode 【】 debug aaa authentication 134 SIGNAMAX LLC • www.signamax.eu...
Page 503 RADIUS debugging switch. debug radius [in-plain] no debug radius Syntax Description in-plain To display the RADIUS packet information in the plain text C ommand mode P rivilege user mode 【】 135 SIGNAMAX LLC • www.signamax.eu...
Page 504: Configure Eaps
Primary port config-eaps *To configure the EAPS master node or the master port of transmission node Primary link-aggregation link- config-eaps *To configure EAPS master node or the numbber aggregation master port of the node 136 SIGNAMAX LLC • www.signamax.eu...
Page 505 This command is to configure the control nodes of the EAPS ring and enter EAPS configuration mode. The no format of the command is to delete the EAPS node. eaps ring ring-id master|transmit|edge|assistant 137 SIGNAMAX LLC • www.signamax.eu...
Page 506 The default configuration is the master ring. level0/1 no level D efault Status Master ring 【】 C ommand Mode E APS configuration mode 【【【【】】】】 control vlan 138 SIGNAMAX LLC • www.signamax.eu...
Page 507 】】】】 C ommand mode E APS configuration mode 【【【【】】】】 edge port This command is to configure the EAPS edge port. edge port port-number no edge port port-number 139 SIGNAMAX LLC • www.signamax.eu...
Page 508 To configure the EAPS public port number. The value range is 0/0-0/27. D efault status Undefined 【】 C ommand mode E APS configuration mode 【】 common link-aggregation This command is used to configure EAPS convergence public port common link-aggregation link-number 140 SIGNAMAX LLC • www.signamax.eu...
Page 509 If the transmission node is associated with the assistant edge • node, use the receive timer of the transmission node to receive the edge-hello packets and do not create the receive timer for the assistant edge node. 141 SIGNAMAX LLC • www.signamax.eu...
Page 510: Eaps Configuration Example
Master(config-eaps)# domain id 1 To configure the domain ID as Master (config-eaps)# ring type primary To configure the eaps ring type as the master ring Master config-eaps)# control vlan 3 To configure control vlan 142 SIGNAMAX LLC • www.signamax.eu...
Page 511 (port 0/0) transmit1(config-eaps)# second port 0/1 To configure secondary port of port 0/1 transmit (config-eaps)#eaps start To enable the EAPS protocol The configuration of other transmission node is similar to that of transmission node 1. 143 SIGNAMAX LLC • www.signamax.eu...
Page 512: Configure Eaps Sub Rings
Configure the access node of the master ring (transmit 2): transmit 2 is also the access node of the sub ring and the edge node on the device. Command Description Transmit2#configure terminal Transmit2(config)eaps ring 1 transmit To configure the transmission 144 SIGNAMAX LLC • www.signamax.eu...
Page 513 Transmitm(config-eaps)# domain id 1 To configure the domain ID as 1 Transmitm(config-eaps)# ring type primary To configure the EAPS ring type as the master ring Transmitm(config-eaps)# level 0 To configure the level of EAPS ring as 0 145 SIGNAMAX LLC • www.signamax.eu...
Page 514 Transmitm(config)eaps ring 2 assistant To configure the assistant edge node Transmitm(config-eaps)domain id 1 To configure the domain of the assistant edge node Transmitm(config-eaps) ring type subordinate To configure the ring type as the sub ring 146 SIGNAMAX LLC • www.signamax.eu...
Page 515 [ring-id ] To display node information of EAPS config show eaps port [port-number] To display port information of EAPS config show eaps link-aggregation To display convergence port information config [link-number] of EAPS 147 SIGNAMAX LLC • www.signamax.eu...
Page 516 Link Up messages. Master#show eaps port 0/0 Command Displayed Result Description EAPS port 0/0 0/0 is EAps port. TYPE: PRIMARY The port type is master port. STATUS: UP, Block: UNBLOCK Port is UP and it is non-blocking. 148 SIGNAMAX LLC • www.signamax.eu...
Page 517 About the environment, please refer to figure 25-1; and about the configuration, please refer to the master node configuration. Afer executing debug eaps ring 1 in the master node; insert mesh wire among transmitting nodes and output debug information. 149 SIGNAMAX LLC • www.signamax.eu...
Page 518 FDB-FLUSH_COMP message received from 0/0 by the master node. After executing debug command of debug eaps port 0/0 in the master node; insert mesh wire among transmitting nodes and output debug information. Displayed Result Description 150 SIGNAMAX LLC • www.signamax.eu...
Page 519 00 00 00 00 00 00 00 00 03:37:46: 00 00 03:37:46: EAPS-7-PORT_RECV: port Receive The received message is LINK- LINKDOWN message DOWN message. 03:37:49: EAPS-7-PORT_RECV: port 0/0 Receive LINKUP The received message is LINK-UP message message. 151 SIGNAMAX LLC • www.signamax.eu...
Page 520 03:37:49: 00 3c 00 b5 03 00 33 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03:37:49: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03:37:49: 00 00 152 SIGNAMAX LLC • www.signamax.eu...
Page 521 Use the global configuration command to enable the UDLD function of the device. In the port mode, configure the UDLD enabling status and UDLD working mode of a specified port. 153 SIGNAMAX LLC • www.signamax.eu...
Page 522 D efault Status During this status U DLD function is shutdown. 【【【【】】】】， Note To global UDLD configuration, when it is required to shutdown, the 154 SIGNAMAX LLC • www.signamax.eu...
Page 523 To shutdown UDLD function of the port D efault Status U nder default status, UDLD function is configured at 【【【【】】】】 the end of the port. 155 SIGNAMAX LLC • www.signamax.eu...
Page 524 To exit the port configuration mode SwitchA(config)#udld enable To enable Global UDLD SwitchA (config)#exit To finish UDLD configuration Notes In order to ensure the normal working of UDLD protocol, the switches are configured with the same UDLD working mode. 156 SIGNAMAX LLC • www.signamax.eu...
Page 525 Device UDLD Message Interval 16 Second The message time of equipment is 16s. Device UDLD Info End! To end equipment of global UDLD information switchB#show udld port 0/1 Displayed Result Description and Analysis 157 SIGNAMAX LLC • www.signamax.eu...
Page 526 To display udld sent message packet no debug udld port x/y send- To cancel udld sent message displaying packet To shutdown all debugging information of udld module no debug udld all 158 SIGNAMAX LLC • www.signamax.eu...
Page 527: Example Of Debugging Command
00:00:36: 0x00 0x00 0x00 0x01 mode of each line with 10 bytes. Enable the command debug udld port 0/0 send to check the contents of the UDLD packet received by port 0/0. 159 SIGNAMAX LLC • www.signamax.eu...
Page 528 00:00:36: 0x0f 0x00 0x05 0x00 0x05 0x05 0x00 0x06 0x00 0x0a method of 00:00:36: 0x72 0x6f 0x75 0x74 0x65 0x72 0x00 0x07 0x00 0x08 sending data is 00:00:36: 0x00 0x00 0x00 0x01 the same to the way of receiving data. 160 SIGNAMAX LLC • www.signamax.eu...
Page 529 It is defined by a series of maintenance points (MP) configured on the port. The maintenance domain name identifies the MD. According to the 802.1ag multi-domain OAM network model, MD has 161 SIGNAMAX LLC • www.signamax.eu...
Page 530 Loopback checking function • Link tracking function • Basic Commands Configuration Command Description Mode domain-name ethernet cfm domain level *To set the domain name config level-id [inward | outward] and domain level and enter the cfm-domain mode 162 SIGNAMAX LLC • www.signamax.eu...
Page 531 MEP and the database information of the remote peer MEP configured in the maintenance domain. ethernet cfm domain domain-name level lev4el-id [inward | outward] no ethernet cfm domain domain-name level level-id [inward | outward] 163 SIGNAMAX LLC • www.signamax.eu...
Page 532 This command is used to configure the remote peer MEP list used for cross check in the maintenance set. The no format of the command is used to delete the remote peer MEP for cross check. 164 SIGNAMAX LLC • www.signamax.eu...
Page 533 To specify the service instance name service-instance To set the destination MEP ID mpid mac-address To specify the destination MAC address mpid To specify the local source MEP ID source D efault Status 【】 165 SIGNAMAX LLC • www.signamax.eu...
Page 534 This command is used to enable TRAP sending switch of CFM module The command has no format. snmp-server enable traps ethernet cfm [fault] Syntax Description Fault Open the sending of CFM fault warning TRAP D efault Status 【【【【】】】】 166 SIGNAMAX LLC • www.signamax.eu...
Page 535 VLAN 100 and enter the ethernet-si mode Switch-A(config-ethernet-si)#exit To exit ethernet-si mode Switch-A(config-ethernet-cfm)#exit To exit ethernet-cfm mode Switch-A(config)# port 0/0 To specify port 0/0 and enter the port mode Switch-A(config-port-0/0)#port access vlan 100 VLAN 100 of the specified port 167 SIGNAMAX LLC • www.signamax.eu...
Page 536 The MEP whose the domain level is dom_l7_vlan100 service-instance ser_vlan100 mpid configured as 7 and ID as 200 Switch-B(config-port-0/0)# ethernet cfm enable To enable the CFM function on the port Switch-B(config)# port 0/1 To specify port 0/1 and enter the 168 SIGNAMAX LLC • www.signamax.eu...
Page 537 To enable the CFM function on the port Switch-C(config-port-0/1)#exit To exit the port mode After the configuration, you can see the following prompt information on the console port, prompting that the remote peer MEP is received and is 169 SIGNAMAX LLC • www.signamax.eu...
Page 538 Ingress(Action) Relay Action Hops Host Next MAC Egress(Action) Forwarded ---------------------------------------------------------------------------- switch-C 00017.AB6C.7D12 port 0/1(ingOk) Relay by FDB 00017.AB6C.7D32 port 0/0(egrOk) Forwarded switch-B 00017.AB6C.7D32 port 0/1(ingOk) Hit Target 00017.AB6C.7D22 --(--) Not Forwarded Ethernet link trace complete. 170 SIGNAMAX LLC • www.signamax.eu...
Page 539 --------------------------------------------------------------------- port 0/1 Enabled 00017.AB6C.7D12 Domain: dom_l7_vlan100, Service Instance: ser_vlan100: --------------------------------------------------------------------- MPID Level Type VLAN Port CC-Status --------------------------------------------------------------------- port 0/0 Enabled 00017.AB6C.7D12 Description and analysis: The above displays the configuration information of the local MEP. 171 SIGNAMAX LLC • www.signamax.eu...
Page 540 The above displays the remote peer MEP database information. show ethernet cfm port For the environment and configuration, refer to “Configure CFM” in the application example. Switch-A# show ethernet cfm port Displayed result: Port ID:2 Port Name:port 0/1 CFM Status:Enabled 172 SIGNAMAX LLC • www.signamax.eu...
Page 541 00:10:04: CFM CCM [SEND]: Continuity check message send from The MEP with local ID MEP: 100 as 100 sends the CCM VLAN ID: 100, MD level: 7 packets with level as 7. Local MAC: 00017.AB6C.7D12 173 SIGNAMAX LLC • www.signamax.eu...
Page 542 00:02:51: 01 00 0C 08 01 73 77 69 74 63 68 2D 41 00 00 00 00:02:51: CFM PKT [RECV]: Received a LTR packet from port 0/1, Receive an LTR packet. VLAN 100 00:02:51: CFM PKT [RECV]: CFM packet size: 65 bytes 174 SIGNAMAX LLC • www.signamax.eu...
Page 543 The E-LMI defined by the standard gets enough EVC and UNI status information from the PE port and sends it, and UNI and EVC configure information for CE to complete its configuration. The standard references the frame relay local management interface (FR-LMI) standard. Currently, 175 SIGNAMAX LLC • www.signamax.eu...
Page 544 If the running mode of equipment E-LMI protocol is not configured as CE before, the E-LMI protocol default running mode as config-port-xx ethernet lmi {n391 <1-65000>| n393 <2- configure 10>| t391 <5-30>| t392 <5-30>} parameters of the E-LMI 176 SIGNAMAX LLC • www.signamax.eu...
Page 545 The default value is 15s. Default Status N391: By default, it is 360. N393: By default, it is 4. T391: By default, it is 10. T392: By default, it is 15. 177 SIGNAMAX LLC • www.signamax.eu...
Page 546 CFM configuration mode switch(config-ethernet-cfm)# service-instance gold- To configure a CFM management chief-shop vlan 100 example, whose name is gold-chief- shop and service Vlan Id is 100 switch(config-ethernet-si)exit To exit the CFM domain configuration mode 178 SIGNAMAX LLC • www.signamax.eu...
Page 547 To exit and return to the enable configuration mode switch(config-evc)# exit To enter the global configuration mode switch(config)#port 0/1 enable E-LMI protocol globally and make it run in the PE mode. Here, the E-LMI protocol is also enabled on Port 0/1. 179 SIGNAMAX LLC • www.signamax.eu...
Page 548 E-LMI protocol as CE and enable E-LMI protocol function at the port 0/1. Command Description switch# configure terminal To enter the global configuration mode switch(config)#ethernet lmi ce To configure the running mode of the E-LMI protocol as CE switch(config)#port 0/1 enter into Port 180 SIGNAMAX LLC • www.signamax.eu...
Page 549 PE/CE. gateway# show ethernet lmi evc Displayed result: Status Evc-Id Port Name Active evc1 ag-port-0/1 PartiallyActive evc-Signamax ag-port-0/2 Inactive evc-gold ag-port-0/3 Description and analysis: Status: The current status of EVC Evc-Id:EVC ID 181 SIGNAMAX LLC • www.signamax.eu...
Page 550 This command is used to display E-LMI protocol statistics information on the appointed port. The command is valid only on CE port. gateway#show ethernet lmi statistic port 0/1 Displayed result: Displayed Result Description and Analysis 182 SIGNAMAX LLC • www.signamax.eu...
Page 551 Invalid non-Mandatory IE: The number of error non-mandatory IE in received E-LIM packets Unrecognized IE: The number of unrecognizable IEs Unexpected IE: The number of unexpected IEs Short Message: The number of too short messages 183 SIGNAMAX LLC • www.signamax.eu...
Page 552 [port To enable event debug information of E-LMI string | <1-16> link-aggregation module debug ehternet lmi info port [port To enable the common debug information of E- string | link-aggregation <1-16> LMI module 184 SIGNAMAX LLC • www.signamax.eu...
Page 553 10:42:44: [E-LMI] ag-port-0/1 EVENT: Enter fsm: PT timer times out Event[ELMI_EVE_PT_TIMEOUT], Status[ELMI_ST_ACTIVE]. in the ELMI_ST_ACTIVE 10:42:44: [E-LMI] ag-port-0/1 EVENT: Restart Timer391 OK. state. 10:42:44: [E-LMI] ag-port-0/1 EVENT: Exit fsm: Status was changed Re-start the PT from ELMI_ST_ACTIVE to ELMI_ST_ACTIVE. timer 185 SIGNAMAX LLC • www.signamax.eu...
Page 554 The Ethernet OAM functions include: Discover and set up Ethernet OAM connection Monitor the link of Ethernet OAM connection Remote fault analysis of Ethernet OAM connection Remote loopback of Ethernet OAM connection MIB variable request of Ethernet OAM connection 186 SIGNAMAX LLC • www.signamax.eu...
Page 555 {low | high} {none | processing of error signal error-disable-interface} periodical checking of the Ethernet link monitoring ethernet oam link-monitor frame-seconds To set the window period of config-port-×× window window-value error frame second checking 187 SIGNAMAX LLC • www.signamax.eu...
Page 556 It is used to set the maximum buffer memory number of event-log information of the Ethernet OAM. The no format of the command resumes the default value of the maximum buffer memory number of event-log information of the Ethernet OAM. ethernet oam event-log cache-size size-value 188 SIGNAMAX LLC • www.signamax.eu...
Page 557 This command is used to set the interval of sending hello packets (that is information OAMPDU) of the Ethernet OAM. The no format of the command is used to recover the default value. ethernet oam hello-rate rate-value no ethernet oam hello-rate [rate-value] 189 SIGNAMAX LLC • www.signamax.eu...
Page 558 To set the window period of error signal checking of Ethernet OAM link monitoring. The value range is 1-60 and the unit is second. D efault Status w indow-value: 1s 【【【【】】】】 190 SIGNAMAX LLC • www.signamax.eu...
Page 559 To set the error response processing of the low threshold of error signal checking of Ethernet OAM link monitoring high To set the error response processing of the high threshold of error signal checking of Ethernet 191 SIGNAMAX LLC • www.signamax.eu...
Page 560 To set the high threshold of error frame checking of Ethernet OAM link monitoring none To set the threshold of error frame checking of Ethernet OAM link monitoring as not monitor threshold-value To set the threshold of error frame checking of 192 SIGNAMAX LLC • www.signamax.eu...
Page 561 Syntax Description window-value To set the window period of error frame checking of Ethernet OAM link monitoring. The value range is 1-60 and the unit is second. D efault Status w indow-value: 1s 【】 193 SIGNAMAX LLC • www.signamax.eu...
Page 562 [none | error-disable-interface] Syntax Description To set the error response processing of the low threshold of error frame checking of Ethernet OAM link monitoring high To set the error response processing of the high 194 SIGNAMAX LLC • www.signamax.eu...
Page 563 {low | high} [none | threshold-value] Syntax Description To set the low threshold of error frame second checking of Ethernet OAM link monitoring high To set the high threshold of error frame second 195 SIGNAMAX LLC • www.signamax.eu...
Page 564 The no format of the command is used to recover the default value. ethernet oam log-message shutdown no ethernet oam log-message shutdown D efault Status B y default, the log information of Ethernet OAM is 【】 196 SIGNAMAX LLC • www.signamax.eu...
Page 565 Description port-num Port which detects remote loop-back link time-value Time for detecting remote loop-back link, its unit is second and value range is 1-600. D efault status N one. 【】 clear ethernet oam event-log 197 SIGNAMAX LLC • www.signamax.eu...
Page 566 Syntax Description port-list To clear the port list of statistics information of Ethernet OAM D efault Status W hen no connection is specified, clear all the 【【【【】】】】 connections. 198 SIGNAMAX LLC • www.signamax.eu...
Page 567 To enter the port configuration mode Switch-B (config-port-0/0)#ethernet oam enable To enable Ethernet OAM Switch-B (config-port-0/0)#exit To exit the port configuration mode Monitoring & Debugging M o nit or i ng C om m a nd s Command Description 199 SIGNAMAX LLC • www.signamax.eu...
Page 568 For the environment and configuration, refer to “Configure Running Ethernet OAM” in the application example. Switch-A# show ethernet oam discovery detail Displayed result: Capability codes: U - Unidirection, R - Remote Loopback, L - Link Event, V - Variable Retrieval 200 SIGNAMAX LLC • www.signamax.eu...
Page 569 Timeout in :4sec/200msec Information OAMPDU Critical link events: None Local stable: Stable Remote stable: Stable OAM version: 1 Revision:0 Parser state: Forward Multiplexer state: Forward Mode:Active Capability:R L MTU size:1500 Vendor ID (oui):0x00 0x01 0x7A (Signamax) 201 SIGNAMAX LLC • www.signamax.eu...
Page 570 Switch-A# show ethernet oam event-log Displayed result: Link port 0/0 event log, counter 3, cache size 50 Index [6] event Dying-gasp log Time stamp: 00:00:17 Vendor ID (oui): 0x00 0x01 0x7A (Signamax) Location: Local Window: 0 Threshold: 0 Errors: 0...
Page 571 Window: 0 Threshold: 0 Errors: 0 Running total: 0 Event total: 0 Index[4] event Dying-gasp log Time stamp: 00:00:17 Vendor ID (oui): 0x00 0x01 0x7A (Signamax) Location: Remote Window: 0 Threshold: 0 Errors: 0 Running total: 0 Event total: 0 Description and analysis: The above displays the event-log information.
Page 572 Frames lost due to ethernet OAM multiplexer: 0 Local link event counter Link fault: 0 Dying gasp: 0 Critical event: 0 Errored symbol: 0 Errored frame: 0 Errored frame-period: 0 Errored frame-seconds: 0 Remote link event counter 204 SIGNAMAX LLC • www.signamax.eu...
Page 573 OAMPDU, length 50, src addr 00017.AB6C.7D02, dest addr OAMPDU packets 0180.C200.0002 00:09:16: ETH-OAM INFO-RCV[port 0/0]: Recv information OAMPDU, length 50, src addr 0001.5B6C.7D02, dest addr 0180.C200.0002 00:09:16: ETH-OAM Info TLV: type 1, len 16, version 1, 205 SIGNAMAX LLC • www.signamax.eu...
Page 574 464, State 0x00, config 0x0D, pduConfig 0x05DC, 00:09:16: ETH-OAM vendor ID (oui) 0x00 0x01 0x7A (Signamax), vendor specific info 0x00 0x00 0x00 0x00 00:09:16: ETH-OAM Info TLV: type 2, len 16, version 1, revision 450, State 0x00, config 0x0D, pduConfig 0x05DC,...
Page 575 Configure EVC This chapter describes EVC supported by Signamax series switch and how to configure EVC. The main contents: Introduction to EVC EVC configuration EVC monitoring command EVC application example Introduction to EVC EVC Basic Concepts EVC is proposed by MEF. It is the virtual connection to connect two or more UNIs and exchange Ethernet service frames between them.
Page 576 The frames do not need to be copied between leaf nodes. It is applied in IPTV. Signamax RL08 devices do not directly support this kind of EVC, but can indirectly support it via configuring port isolation and L3 forwarding features between UNIs.
Page 577 EVC; QING function in EVC information is invalid on the config-port- port range evc-id To delete the configuration of config-port- no qinq bind evc 209 SIGNAMAX LLC • www.signamax.eu...
Page 578 127 characters and space is allowed among characters. By default, EVC has no description information. To delete the configured description information, use no description. description string no description Syntax Description 210 SIGNAMAX LLC • www.signamax.eu...
Page 579 45 characters. D efault status U ndefined 【【【【】】】】 svlan-id The command is used to configure the information about SVLAN, including SVLAN ID and QINQ types. 211 SIGNAMAX LLC • www.signamax.eu...
Page 580 3. 3. When QINQ type is mapping, only one cevlan can be configured. qinq-mode The command is used to configure QINQ mode. qinq-mode {one|multiple} Syntax Description To configure QINQ mode as one, in which the SVLAN and CEVLAN information cannot be 212 SIGNAMAX LLC • www.signamax.eu...
Page 581 The ID of the local port, such as 0/1; only a single port can be input mep-id MEP ID, which range from 1 to 8191 link-number The number of the aggregation port group; currently, 16 convergence port groups are supported, that is, range from 1 to 16. 213 SIGNAMAX LLC • www.signamax.eu...
Page 582 CELVLANs are mapped to each EVC all-to-one One UNI port is bound to one EVC, and all CEVLANs are mapped to the EVC. multiplexing One UNI port is bound to multiple EVCs, and one CELVLAN is mapped to one EVC 214 SIGNAMAX LLC • www.signamax.eu...
Page 583 EVC action group C onfiguration mode G lobal configuration mode 【【【【】】】】【【【【 D efault status 】】】】 N o EVC action groups are configured. 215 SIGNAMAX LLC • www.signamax.eu...
Page 584 { red | yellow } Meter mode The command is used to configure meter mode as srtcm or trtcm. The configuration is consistent with the definitions of srtcm and trtcm in 216 SIGNAMAX LLC • www.signamax.eu...
Page 585 】】】】 D efault status 8 02.1p labeling action is not configured. 【【【【】】】】 The no format is used to delete the configuration of 802.1p labeling action. no remark-dot1p 217 SIGNAMAX LLC • www.signamax.eu...
Page 586 【【【【 D efault status 】】】】 The no format of the command is used to delete EVC action group. no evc-policy outer-vlan { outer-vlan-id | any } { outer-priority | 218 SIGNAMAX LLC • www.signamax.eu...
Page 587 To enable evc debugging switch: Command: debug evc events Displayed result: 1d:03:08:23: Deal evcAdd, evc id:evc. /* create one EVC */ 1d:03:08:23: Evc_lock. 1d:03:08:23: Deal evcFind, evc id:evc. 1d:03:08:23: Not find evc. 219 SIGNAMAX LLC • www.signamax.eu...
Page 588 0/1: (number of evc rules = 3) evc-policy outer-vlan 1 1 inner-vlan 1 1 evc-action action0 (inactive) (valid) evc-policy outer-vlan 2 3 inner-vlan 4 5 evc-action action1 (active) (valid) evc-policy outer-vlan 42 3 inner-vlan 14 5 evc-action action2 (active) (valid) 220 SIGNAMAX LLC • www.signamax.eu...
Page 589 The following is a typical application example of combining EVC and E- LMI. For the configurations and related concepts of other function modules, such as E-LMI, refer to the corresponding technical manuals and configuration manuals. Illustration 221 SIGNAMAX LLC • www.signamax.eu...
Page 590 (config-evc)#remote-mepid 2000 Add MEPID 2000 of remote UNI in virtual connection, corresponding configured MEPID detected by CFM. switch (config-evc)#remote-mepid 3000 Add MEPID 3000 of remote UNI in virtual connection, corresponding configured MEPID detected by CFM. 222 SIGNAMAX LLC • www.signamax.eu...
Page 591 Enter into port configuration mode. switch (config-port-range)# qinq bind Bind EVC to port 0/1 and 0/2 EVC_Provider active For the configurations of PE2, PE3 and CE1, please refer to the related configuration manuals of CFM. 223 SIGNAMAX LLC • www.signamax.eu...
Page 592 Configure LLDP Signamax switch supports LLDP protocol function. The character mainly describes how to configure LLDP protocol of Signamax switch to process informing and discovering neighbor. The main contents: Brief introduction to LLDP protocol Commands for Configuring LLDP protocol Configure LLDP Protocol...
Page 593 { basic-tlv{all| To choose TLV not sent by the config-port- XXX port-description|system- port config-link- capability| system- aggregation-XXX description| system-name} | dot1-tlv{ all|port-vlan-id protocol-vlan-id | vlan-name} |dot3-tlv{ link- aggregation mac-physic| max-frame-size| power } | 225 SIGNAMAX LLC • www.signamax.eu...
Page 594 This command is used to configure admin-status of the port and enable the capability to receive the LLDPDU. The no format of the command is used to disable the command lldp receive no lldp receive D efault status e nable 【】 Lldp transmit 226 SIGNAMAX LLC • www.signamax.eu...
Page 595 This command is used to configure the updating period. The no format of the command is used to restore the default value. The configured 227 SIGNAMAX LLC • www.signamax.eu...
Page 596 The protocol VLAN ID protocol of the port vlan-name The VLAN name of the port, ; the vlan name information corresponding toof the former 10 vlan ids is send sent according to the size of vlan id. 228 SIGNAMAX LLC • www.signamax.eu...
Page 597 MED Capabilities TLV, and then you can configure to release other kinds of TLVs of LLDP-MED; at first, you need to prohibit releasing other kinds of TLVs of LLDP-MED, and then you can prohibit releasing the LLDP-MED Capabilities TLV. 229 SIGNAMAX LLC • www.signamax.eu...
Page 598: Lldp Configuration Example
Start LLDP function of the port switch(config-port-0/2)#lldp tlv-select med-tlv Choose to send MED TLV switch(config-port-0/2)#exit Exit the interface Configuration of Sw2: Command Description switch(config)#lldp run Start LLDP function switch(config)#lldp holdtime 150 Configure survival period as 150s 230 SIGNAMAX LLC • www.signamax.eu...
Page 599 To show the statistics information sent received packets of the local common port portId show lldp tlv-select [port[ ]|link- To show the released tlv type aggregation[aggId]] information chosen local port 231 SIGNAMAX LLC • www.signamax.eu...
Page 600 The time of the neighbor to be aged is 116 seconds. Remote port : 00:01:7a:4f:48:6f Port id TLV value of the neighbor is 00:01:7a:4f:48:6f. Remote name : switch The system name of the neighbor is switch. 232 SIGNAMAX LLC • www.signamax.eu...
Page 601 The port is configured to release system-description description TLV. basic-tlv system-name The port is configured to release system-name TLV. dot1-tlv port-vlan-id The port is configured to release port-vlan-id TLV. dot1-tlv protocol-vlan- The port is configured to release protocol-vlan-id TLV. 233 SIGNAMAX LLC • www.signamax.eu...
Page 602 01:04:47: LLDP: AG LINK UP EVENT ON PORT 1 The event of responding to AG1 port UP 01:05:52: LLDP: AG PORT INVALID EVENT ON The event of responding PORT 1 to AG1 port invalid 234 SIGNAMAX LLC • www.signamax.eu...
Page 603 TLVs 0C-06-73 77-69-74-63-68-0E-04-00-12-00-12-10-0C-05-01-80-FF- 2A-31-03 00-00-00-01-00-FE-06-00-80-C2-01-00-01-FE-07-00-80- C2-02-06 00-6E-FE-07-00-80-C2-02-06-00-78-FE-0E-00-80-C2-03- 00-01-07 44-45-46-41-55-4C-54 00:18:04: LLDP: basic-port-description TLV recieved 00:18:04: LLDP: basic-system-name TLV recieved 00:18:04: LLDP: basic-system-description TLV recieved 00:18:04: LLDP: basic-system-capabilities TLV recieved 00:18:04: LLDP: basic-management-address TLV recieved 235 SIGNAMAX LLC • www.signamax.eu...
Page 604 Commands for Clearing Statistics Command Description clear lldp-global counters To clear the global statistics clear lldp-global neighbor To clear all neighbor information clear lldp link-aggregation aggId neighbor To clear the neighbor information of the aggregation port 236 SIGNAMAX LLC • www.signamax.eu...
Page 605 To clear the statistics information of the packets sent and received by the aggregation port portId clear lldp port counter To clear the statistics information of the packets sent and received by the common port 237 SIGNAMAX LLC • www.signamax.eu...
Page 606 Configure SLA Signamax routers support SLA function. This chapter describles how to enable the SLA function to realize the detection function. Brief introduction to the SLA protocol Basic commands of the SLA protocol SLA configuration example Overview SLA (Service-level agreement) defines the service level provided by the operator to custormers.
Page 607 [hh:mm(:ss) {date {month year}|CR}][after hh:mm(:ss)][now][CR] ageout ageout-time life {forever|{life-time repeat repeat-times}} Syntax Description entity start To start a new rtr scheduling schedule-id rtr-id [hh:mm(:ss) {date {month schedule-id : The ID of the started scheduling 239 SIGNAMAX LLC • www.signamax.eu...
Page 608 1 to 2147483647; the default value is 600; the unit is second. packetnum Set the times of receiving and sending packets during a test period; the value range is from 1 to 10; the default value is 10 240 SIGNAMAX LLC • www.signamax.eu...
Page 609 When the statistics result of the bi-directional delay exceeds the threshold, execute the alarming operation. The bi-directional delay is defined as time difference from the source port sending the packet to the destination port receiving the packet. The unit is ms. 241 SIGNAMAX LLC • www.signamax.eu...
Page 610 The alarm threshold of the packet loss rate; the value range is from 1 to 100; the unit is percent. D efault Status T he default value of the parameter is 500%. 【】 242 SIGNAMAX LLC • www.signamax.eu...
Page 611 Switch1(config)#rtr schedule 1 entity 1 start now Start the scheduling 1 to schedule ageout 200 life forever rtr entity 1 and start scheduling at once; the ageout time is 200s; the survival time is forever. 243 SIGNAMAX LLC • www.signamax.eu...
Page 612 CurLogSize:0 Maxlogsize:0 ****************type:SLA**************** Create time: 02:42:27 01/10/2008 Modification time: 02:42:55 01/10/2008 Entry state: Stop CFM maintance domain name: Signamax.com CFM maintance domain service id: vlan200 Source mepid: 1025 Destination mepid: 2017 Cycle time: 10(s) PktNumPerCycl: 2 Avgcycle number: 2...
Page 613 Switch1#show rtr log 1 Displayed result: Create time: 02:42:27 01/10/2008 Modification time: 02:42:55 01/10/2008 Entry state: Run CFM maintance domain name: Signamax.com CFM maintance domain service id: vlan200 Source mepid: 1025 Destination mepid: 2017 Cycle time: 10(s)
Page 614 Sending packets: mdId[Signamax.com], maId[vlan200], srcMepId[1025], desMepId[2017], please wait... 00:52:59: %SLA-LOG:FUNCTION rtrSlaAlarm(561): Alarm: Exceed the average uni-delay was exceeded threshold: rtrEntId[1], theshold and display value[766ms], threshold[500ms]. alarm information 00:49:24: %SLA-LOG:FUNCTION rtrSlaNodeDel(1074): Delete Delete sla entity rtr sla entity(1) 246 SIGNAMAX LLC • www.signamax.eu...
Page 615: Configure Poe
PD devices. The POE function of Signamax switches provides power through the 4/5 and 7/8 lines of RJ45. Each POE port on Signamax 065-7434 Signamax 24-Port 10/100 L3 Switches supports up to 15.4W power. 247 SIGNAMAX LLC • www.signamax.eu...
Page 616 To configure power managing mode of POE Config system dynamic-priority | static-fifs | static-priority} The connection of the PD device can be checked only when POE port is enabled. The above commands work in PORT mode. 248 SIGNAMAX LLC • www.signamax.eu...
Page 617 {critical | high | medium | low} Syntax Description critical the highest priority of critical high high priority medium middle priority low priority D efault Status L ow priority 【】 249 SIGNAMAX LLC • www.signamax.eu...
Page 618 The command is used for configuring power management mode of POE system. power manage { manual | dynamic-fifs | dynamic-priority | static-fifs | static-priority} Syntax Description manual Manually management mode: it detects PD equipment 250 SIGNAMAX LLC • www.signamax.eu...
Page 619 【】 Notes The total power of POE system which is supplied by the 065-7434 Signamax 24-Port 10/100 L3 Switch serial switches can support the largest power of POE port to supply electricity at the same time. In this way, the four management modes including static and dynamic are not...
Page 620 To display management mode of current system: switch# show power manage Power-Over-Ethernet system configuration: Displayed Result Description and Analysis Power Management Mode : Manual Manually management mode System Total Power : 150.0W The useable total power of 252 SIGNAMAX LLC • www.signamax.eu...
Page 621 : User defined Restriction mode of port power is user configuration mode. Max Power : 7.0 The largest power of user configuration is 7.0W. High-Vol-Recover Time : 10 The resuming time of over- pressure is 10 minutes. 253 SIGNAMAX LLC • www.signamax.eu...
Page 622 Voltage of PD Powered device power : 0.1W Power of PD Powered device temperature : 45 ℃ Temperature of POE port To display the configuration information and PD status information of POE port: switch# show power summary 254 SIGNAMAX LLC • www.signamax.eu...
Page 623: Software Upgrade
Software Upgrade The software upgrade of Signamax IOS software comprises two kinds of situation: One is the upgrade of the ROOT program (That is, Monitor or the root program), and its main functions include the management and allocation of the flash space with the low upgrade-frequency; and the other is the upgrade of the program (IOS).
Page 624 Step 1: Run and configure TFTP/FTP server. Either Signamax TFTP server, CISCO TFTP or other TFTP/FTP server can be used to upgrade the bin file of application. We take Signamax TFTP server as an example to describe the upgrade: Open Signamax TFTP server, click “Option (O)”...
Page 625 Download " sp1-g-6.1.0.bin " (5963936 Bytes) successed erase flash ... success. write flash ... success. verify flash ... success. MP3400# The above information indicates that IOS file is erased and written successfully. Now, you can restart the switch. 257 SIGNAMAX LLC • www.signamax.eu...
Page 626: Network Test Tools
Network Test Troubleshooting This chapter explains how to use the network testing tool of Signamax switches, and how to diagnose when there are faults. The contents of this chapter: Network test tools How to diagnose network faults Network Test tools The switch provides four kinds of test tools in command line status.
Page 627 After you execute the ping <CR> command, you can input optional parameters alternately. following examples explain 259 SIGNAMAX LLC • www.signamax.eu...
Page 628 Validate reply data? [no]: y Whether or not the received ICMP data packet should be examined. Data pattern [abcd]: asdf Specify the data value of ICMP request packet; the default value is abcd. 260 SIGNAMAX LLC • www.signamax.eu...
Page 629 C ommand format 【】 groupping xxxx [-l/-n/-t/-w/-g] P arameter explanation 【】 Syntax Description xxxx groupping peer IP address or host name To set the length of the sent ICMP echo request － packet 261 SIGNAMAX LLC • www.signamax.eu...
Page 630 -----traceroute vrf C ommand format 【】 traceroute xxxx P arameter explanation 【】 Syntax Description xxxx Destination IP or host name D efault stauts 【】 Note 262 SIGNAMAX LLC • www.signamax.eu...
Page 631 2 192.168.8.254 16 ms 33 ms 16 ms E xample 2 【】 When the user chooses extending command, configure the options of source route, recording timestamp, and displaying details. switch#traceroute Option Description Target address hostname: 263 SIGNAMAX LLC • www.signamax.eu...
Page 632 !N——network is not reachable !H——host is not reachable !S——source routing failure is not reachable !A——forbidden access is not reachable network forbidden access, host forbidden access, management forbidden access !F——packet fragment is not reachable ?——receive unknown type packet 264 SIGNAMAX LLC • www.signamax.eu...
Page 633: Network Interface
Display system startup parameter command Display system task command Display system stack command For the show commands of the protocols and various interfaces, please refer to related chapters. The following is some show commands of the 265 SIGNAMAX LLC • www.signamax.eu...
Page 634 Display system stack information For professional users, the debugging functions (debug command) provided by Signamax switches can also be used for fault location. The related debugging functions are provided for most protocols and functions that Signamax switches support. For details, please refer to related chapters.
Page 635 Ethernet. (2) Whether Ethernet works normally The Ethernet interfaces of Signamax switches support various kinds of rates and full-duplex/half-duplex working mode. Its working mode and transmitting rate can be auto-sensing via auto-negotiation. If the configuration is auto-sensing, users need to check if configured rate and working mode are consistent.
Page 636 To set the frequency of the input clock config-pwe3 common clock on the CLK socket; the value range is frequency 10000000-25000000; it must be the integer multiple of 8000; by default, it is 25000000. The setting is used when rtp 268 SIGNAMAX LLC • www.signamax.eu...
Page 637 Loss of Signal Clear Loss of Frame Detect" Loss of Frame Clear Pause Packet Received report mac Retry Limit Exceeded Transmit Underrun Lack Of Buffer report bundle D efault status n o report 【】 269 SIGNAMAX LLC • www.signamax.eu...
Page 638 120 are used for E1; 100 and 110 are used for T1 display status statistics enable show controller tdm slot/unit information of the TDM port To clear the statistics information of the enable clear controller tdm slot/unit TDM port 270 SIGNAMAX LLC • www.signamax.eu...
Page 639 LIU; payload is realized in the framer. Bi-directional loopback, that is, perform local and loopback dual remote loopback at the same time. It is realized in LIU. D efault status N ot defined 【】 271 SIGNAMAX LLC • www.signamax.eu...
Page 640 To delete the description character config-bundle no description string of bundle payload type {raw | hdlc} *To select the payload type of config-bundle bundle payload {bytes | frames} *To select the payload size of config-bundle 272 SIGNAMAX LLC • www.signamax.eu...
Page 641 Only in this mode, the configuration of clock source recovery is meaningful. The payload is the HDLC frame from the TDM bit flow. In payload type hdlc this mode, the connected TDM device can be framed or 273 SIGNAMAX LLC • www.signamax.eu...
Page 642 The smaller the payload, the more Ethernet frames generated per unit time. PWE3 Configuration Examples Two 065-7434 Signamax 24-Port 10/100 L3 Switches connect to one DSU/CSU device respectively and are inter-connected via PSN to realize the service communication of the DSU/CSU devices at two sides, as follows.
Page 643 Create an unframed bundle and name it channel-group as ces0/0:0. unframed SW-2(config-tdm)#bundle ces0/0:0 Enter the bundle configuration. SW-2 (config-bundle)#xconnect 1.1.1.2 1 Enable bundle connection. The peer destination IP address is 1.1.1.2 and bundle ID is 1. 275 SIGNAMAX LLC • www.signamax.eu...
Page 644 Local IP address - 1.1.1.2 Remote IP The local IP address, destination IP address - 1.1.1.1 ID - 1 address and ID of bundle ETH Rx Good Packets – 4157 The statistics of the packets received 276 SIGNAMAX LLC • www.signamax.eu...
Page 645 CE line clock P E external clock P E recovery clock C E line clock －－－ CE line clock P E external clock P E external clock C E line clock －－－ 277 SIGNAMAX LLC • www.signamax.eu...
Page 646 Domain Name Resolution Service Signamax switches support DNS to help the processing of IP packets. The main contents of this chapter: Overview Basic commands Overview Each IP address can have one unique associated host name. Signamax switch software saves one host name to the high-speed buffer of the address mapping.
Page 647 Signamax switches reserve a table with the host names and the corresponding addresses, that is, the mapping of host names to addresses. The advanced protocols such as telnet adopt the host name to identify the network device (host).
Page 648 DNS service, and then use the local host name Cache to finish the domain name resolution. ip name-order {dns-first | dns-only | local-first} 280 SIGNAMAX LLC • www.signamax.eu...
Page 649 DNS server query is preferential. dns-first Query only on the DNS server. dns-only The local query is preferential. local-first D efault status T he default value is local-first. 【【【【】】】】 281 SIGNAMAX LLC • www.signamax.eu...
Page 650 VLANs. The layer-2 communication function between sub-VLANs is the same as the layer-2 communication function of common VLANs. The mode of adding ports into sub-VLAN is the same as that of adding ports into common VLANs, 282 SIGNAMAX LLC • www.signamax.eu...
Page 651 VLANs and sub-VLANs. description This command is used to configure Super-VLAN description information. description description Syntax Description description The Super-VLAN description information; it is the printable character string with a length of 32 bytes. 283 SIGNAMAX LLC • www.signamax.eu...
Page 652 ARP proxy function. arp proxy enable no arp proxy enable D efault status T he ARP proxy function is disabled. 【【【【】】】】 284 SIGNAMAX LLC • www.signamax.eu...
Page 653 6 Add the port to VLAN 6 switch(config-port-0/6)#port access vlan 8 Add the port to VLAN 8 switch(config-port-0/7)#port access vlan 8 Add the port to VLAN 8 switch(config)#super-vlan 10 Create Super-VLAN 10 285 SIGNAMAX LLC • www.signamax.eu...
Page 654 NO.: displays the serial number; Description: the Super-VLAN description information; Arp Proxy: whether to enable the ARP proxy in Super-VLAN; SubVlan Member: the sub-VLAN members associated with Super-VLAN; The displayed result shows the basic information of Super-VLAN and the 286 SIGNAMAX LLC • www.signamax.eu...
Page 655 Sub-VLAN members in the system. 287 SIGNAMAX LLC • www.signamax.eu...
Page 656: Ip Source Guard Configuration
When the filtering mode of the port is IP+MAC filtering: If the source MAC address and source IP address of the packet are the same as the recorded MAC address and IP address in the bound items, the port forwards the packet; otherwise, discard it. 288 SIGNAMAX LLC • www.signamax.eu...
Page 657 IP Source Guard binding function on other ports, you need to add the switching chip hardware resources or delete some binding items. After 289 SIGNAMAX LLC • www.signamax.eu...
Page 658 IP address 【【【【 D efault status 】】】】 Application Examples A pp li c at i on i n N o n- DHC P Envir on m e nt 290 SIGNAMAX LLC • www.signamax.eu...
Page 659: Ip Source Guard Configuration Example
8.8.8 Configure the static binding items vlan 1 8.8.8.8 A pp li c at i on i n D H C P E nv ir onm en t IP Source Guard configuration example 2 291 SIGNAMAX LLC • www.signamax.eu...
Page 660 M o nit or i ng C om m a nd For example: Command Description Display the configuration information of the IP Source switch#show source Guard function guard switch#show ip binding Display the information of the static binding table table 292 SIGNAMAX LLC • www.signamax.eu...
Page 661 0006.0007.0007 1.6.6.7 write ------ 0002.0002.0002 2.2.2.2 write ------ 0006.0007.0006 1.6.6.6 write ------ 0001.0001.0001 1.1.1.1 write ------ 0003.0003.0003 4.4.4.4 write ------ Description and analysis: macAddr: the MAC address of the user; 293 SIGNAMAX LLC • www.signamax.eu...
Page 662 00:09:53: IP Source Guard notify deal : The event of event :DHCPSP_DATA_CHANGE,portId:1,macAddr:001f.c659.bf processing the data change of the DHCP SNOOPING module. 00:05:31: IP Source Guard notify deal : Process the valid event :PM_EVENT_AG_VALID,portId:link-aggregation 1 events of the port 294 SIGNAMAX LLC • www.signamax.eu...
Page 663: Loopback Detection Configuration
Loopback Detection Configuration This chapter describes how to configure the loopback detection on 065- 7434 Signamax 24-Port 10/100 L3 Switch. The main content of this chapter: Loopback detection configuration Loopback Detection Configuration The main contents of this section: Overview Basic commands of loopback detection...
Page 664: Basic Commands Of Loopback Detection
T he loopback detection function is disabled on the 【【【【】】】】 port. Caution When disabling the loopback detection function, there are three options. Down is used when the user knows that the loop is removed and hopes 296 SIGNAMAX LLC • www.signamax.eu...
Page 665 Illustration Port 0/1 of 065-7434 Signamax 24-Port 10/100 L3 Switch_1 is connected to port 0/2 of 065-7434 Signamax 24-Port 10/100 L3 Switch_2 via the network cable; use the network cable to connect port 0/3 of 065-7434 Signamax 24-Port 10/100 L3 Switch_2 with port 0/4 of 065-7434 Signamax 24-Port 10/100 L3 Switch_2;...
Page 666: Monitoring And Debugging Of Loopback Detection
10 loopback detection packets as 10s. 065-7434 Signamax 24-Port 10/100 Complete loopback detection Switch_1(config-port-0/0)#exit configuration 065-7434 Signamax 24-Port 10/100 L3 Switch_2 configuration: Command Description 065-7434 Signamax 24-Port 10/100 Enter the port configuration mode Switch_2 (config)# port 0/2-0/4 065-7434 Signamax...
Page 667 This section uses an example to describe the using and information of the debugging command. For environment and configuration, refer to the application example of the loopback detection. Enable the debugging information of 065-7434 Signamax 24-Port 10/100 L3 Switch_1. 065-7434 Signamax...
Page 668 00-01-7A-4F-49-57-00-01-7A-4F-49-54-81-00-40-0A-90-00-00-00-01- ten loopback detection 00-00-02 packets, the port 00:40:11: %LOOP_BACK_DETECTED: port 0/1 State: changes from blocking LBD_LINK_DOWN to forwarding. 00:40:11: %LOOP_BACK_DETECTED: port 0/1 send tag packet : 00-01-7A-4F-49-57-00-01-7A-4F-49-54-81-00-40-0A-90-00-00-00-01- 00-00-02 00:40:12: %LOOP_BACK_DETECTED: port 0/1 State: 300 SIGNAMAX LLC • www.signamax.eu...
Page 669 00:40:17: %LOOP_BACK_DETECTED: port 0/1 send tag packet : 00-01-7A-4F-49-57-00-01-7A-4F-49-54-81-00-40-0A-90-00-00-00-01- 00-00-02 00:40:18: %LOOP_BACK_DETECTED: Loop-back detected on port 0/1. The port link status changed to up. 00:40:18: %INEPROTO-5-UPDOWN: Line protocol on port 0/1 ,changed blocking to forwarding BCM.0> 301 SIGNAMAX LLC • www.signamax.eu...

SignaMax 065-7434 Configuration Manual

System Foundation

Configure & Manage System

Configure Ports

Configure Vlan

Manage & Configure Mac Address Table

Configure Link Aggregation

Configure Mstp

Configure Vlan Dot1Q Tunnel

Configure L2 Protocol Tunnel

Configure L2 Multicast

802.1X Configuration

Dhcp Snooping Configuration

Dynamic Arp Inspection Configuration

Port Security Configuration

Port Monitoring Configuration

Port Isolation Configuration

Attack Detection

Span Configuration

Switching Interface Configuration

Network Protocol

Quick Links

Configuration Guide

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for SignaMax 065-7434

Summary of Contents for SignaMax 065-7434