Zte ZXR10 5900 Series User Manual

All gigabit-port intelligent routing switch

Hide thumbs Also See for ZXR10 5900 Series:

User manual (133 pages)

Hardware manual (53 pages)

Product description (77 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

page of 208

/ 208
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Chapters

Table of Contents

Need help?

Do you have a question about the ZXR10 5900 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for Zte ZXR10 5900 Series

Page 1 ZXR10 5900/5200 Series All Gigabit-Port Intelligent Routing Switch User Manual (Basic Configuration Volume) Version 2.8.23.A ZTE CORPORATION ZTE Plaza, Keji Road South, Hi-Tech Industrial Park, Nanshan District, Shenzhen, P. R. China 518057 Tel: (86) 755 26771900 Fax: (86) 755 26770801 URL: http://ensupport.zte.com.cn...
Page 2 The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPO- RATION is prohibited.
Page 3: Table Of Contents
About This Manual..........i Safety Description ..........1 Safety Introduction ............1 Symbol Descriptions ............1 Usage and Operation .........3 Configuration Mode............3 Configuring Through Console Port ......... 4 Telnet Connection Configuration ........7 SSH Connection Configuration ........9 Simple Network Management Protocol (SNMP) ....11 Command Mode Function..........12 Command Line Function ..........13 Online Help Command..........13...
Page 4 Setting Welcome Message upon System Boot ....26 Setting Privileged Mode Key ........26 Setting Telnet Username and Password......26 Setting System Time..........27 Setting System Console User Connection Parameters ............27 Setting System Telnet User Connection Parameters ..27 Allowing Multiple Users to Configure System at the Same Time ............27 Viewing System Information ...........28 Viewing Hardware and Software Versions of the...
Page 5 Port Loopback Detection Overview .......40 Configuring Port Loopback Detection ......40 Port Loop Detection Example........41 DOM Configuration ............42 DOM Function Overview ..........42 Configuring DOM ............43 Enabling DOM Function on Port ......43 Viewing Current Optical Module Information ..43 Viewing Module Threshold Information....44 Viewing the Record Information That Module Exceeds Threshold .........45 Network Protocol Configuration ......
Page 6 Configuring ACL Rule ..........60 Configuring Basic ACL Rule.........61 Configuring Extended ACL ........61 Configuring L2 ACL..........62 Configuring Hybrid ACL ........63 Configuring Basic IPV6 ACL ........64 Configuring Extended IPV6 ACL......64 Applying ACL on Physical Port........65 Applying ACL on VLAN..........65 Configuring an ACL to Support Renaming......66 ACL Configuration Example ..........66 ACL Maintenance and Diagnosis........68 QoS Configuration ...........
Page 7 DHCP Configuration ......... 83 DHCP Overview .............83 Configuring DHCP ............84 Configuring IP Pool ............84 Configuring DHCP POOL ..........86 Configuring DHCP POLICY ...........88 Configuring DCHP Server ..........89 Configuring DHCP Snooping ........91 Configuring DHCP Relay..........94 Configuring DHCP Client ..........98 DHCP Configuration Example...........99 DHCP Server Configuration Example ......99 DHCP Relay Configuration Example ......
Page 8 RMON Configuration Example ........120 SysLog Configuration ........... 121 SysLog Overview ............. 121 Configuring SysLog ..........121 Syslog Configuration Example ........123 TACACS+ Configuration ..........124 TACACS+ Overview ..........124 Configuring TACACS+ ..........124 TACACS Configuration Example ......... 127 DOT1X Configuration ........129 DOT1x Overview ............
Page 9 Configuring Administrative Command of IPTV Users ............. 154 IPTV Configuration Example .......... 154 IPTV Maintenance and Diagnosis........155 VBAS Configuration ........157 VBAS Overview ............157 Configuring VBAS ............157 Enabling/Disabling VBAS .......... 157 Enabling/Disabling VBAS in VLAN Mode ...... 158 Configuring VBAS Trust Interface .......
Page 10 DAI Configuration ............177 DAI Overview............177 Configuring DAI............178 DAI Maintenance and Diagnosis......... 178 DAI Configuration Example ........179 MFF Configuration............180 MFF Overview ............180 Configuring MFF ............180 MFF Configuration Example ........181 MFF maintenance and diagnosis ........ 182 POE Configuration .........
Page 11: About This Manual
Chapter 4 Interface This chapter describes port parameters Configuration configuration , port mirroring function, loopback detection and DOM configuration. Chapter 5 Network This chapter describes IP address Protocol Configuration configuration and ARP configuration. Confidential and Proprietary Information of ZTE CORPORATION...
Page 12 ZXR10 5900/5200(V2.8.23.A) Series All Gigabit-Port Intelli- gent Routing Switch User Manual (IPv4 Routing Volume) � ZXR10 5900/5200(V2.8.23.A) Series All Gigabit-Port Intelli- gent Routing Switch User Manual (IPv6 Routing Volume) � ZXR10 Router-Ethernet Switch Command Manual - Command Index Confidential and Proprietary Information of ZTE CORPORATION...
Page 13 ZXR10 Router/Ethernet Switch Command Manual — Protocol Stack I � ZXR10 Router/Ethernet Switch Command Manual — Protocol Stack II � ZXR10 Router/Ethernet Switch Command Manual — Protocol Stack III � ZXR10 Router/Ethernet Switch Information Manual Confidential and Proprietary Information of ZTE CORPORATION...
Page 14 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 15: Safety Description
Safety precautions introduced in this manual are supplementary to the local safety codes. ZTE bears no responsibility in case of universal safety operation requirements violation and safety standards violation in designing, manufacturing and equipment usage.
Page 16 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 17: Usage And Operation
A user can select configuration mode based on the connected network. 1. Configuration of Console Port Connection 2. TELNET Connection Configuration 3. SSHSecure Shell Connection Configuration 4. SNMP Connection Configuration 1 ZXR10 5900/5200 C IGURE ONFIGURATION ODES Confidential and Proprietary Information of ZTE CORPORATION...
Page 18: Configuring Through Console Port
> HyperTerminalon the PC screen to start the Hyper- Terminal, as shown in Figure 2 2 STARTING THE HYPERTERMINAL IGURE Input the related local information in the interface as shown Figure 3 LOCATION INFORMATION IGURE Confidential and Proprietary Information of ZTE CORPORATION...
Page 19 Figure 4 SETTING UP A CONNECTION IGURE 4. Based on serial port connection to the console cable, choose COM1 or COM2 as the serial port is to be connected, as shown Figure 5 Confidential and Proprietary Information of ZTE CORPORATION...
Page 20 5. Enter the properties of the selected serial port as shown in Figure 6 . The port property configuration includes: Bits per Second 9600, Data bit 8, Parity None, Stop bit 1, Data flow control None. Confidential and Proprietary Information of ZTE CORPORATION...
Page 21: Telnet Connection Configuration
Use the following command to admit or refuse telnet’s IP address. line telnet access-class <basic access list> 1. Connect the host directly to the switch and Telnet to the switch. Confidential and Proprietary Information of ZTE CORPORATION...
Page 22 7 RUN TELNET IGURE vi. Click OK to enter the interface as shown inFigure 8 8 TELNET LOGIN IGURE vii.Type the correct user name and password at the prompt to enter into switch configuration status. Confidential and Proprietary Information of ZTE CORPORATION...
Page 23: Ssh Connection Configuration
IP of the switch VLAN interface. 3. Run the SSH client software (putty) on the host. i. Set the IP and port number of the SSH server, as shown inFigure 9 Confidential and Proprietary Information of ZTE CORPORATION...
Page 24 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) 9 SETTING IP ADDRESS AND PORT NUMBER OF IGURE SSH SERVER ii. Set the SSH version numberas shown inFigure 10 Confidential and Proprietary Information of ZTE CORPORATION...
Page 25: Simple Network Management Protocol (Snmp)
Foreground and background shares one MIB management database and the SNMP is used for communications. NMS software supporting the SNMP shall be installed in the back- ground NM server to manage and configure ZXR10 5900/5200. Confidential and Proprietary Information of ZTE CORPORATION...
Page 26: Command Mode Function
<acl-name>} global configuration mode RIP configuration router ripglobal configuration mode ZXR10(config-router)# mode RIP address address-family ipv6 vrf <vrf-name>RIP ZXR10(config-router-af)# configuration mode routing configuration mode OSPF configuration ZXR10(config-router)# router ospf < process-id> global mode configuration mode Confidential and Proprietary Information of ZTE CORPORATION...
Page 27: Command Line Function
Trace route to destination List users who are logining on 2. Input the question mark behind a character or character string to view the list of commands or keywords beginning with that Confidential and Proprietary Information of ZTE CORPORATION...
Page 28: Command Abbreviation
History Commands The input command can be recorded in the user interface. Up to 10 history commands can be recorded and this function is useful for invoking a long or complicated command again. Confidential and Proprietary Information of ZTE CORPORATION...
Page 29 Invoke a history command in the <Ctrl+N> or <¯ ¯ ¯ > buffer backward In the privileged mode, execute the show history command to list the commands input the latest in this mode. Confidential and Proprietary Information of ZTE CORPORATION...
Page 30 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 31: System Management
3. DATAThis directory is for saving log.dat file which records alarm information. Confidential and Proprietary Information of ZTE CORPORATION...
Page 32: Operating File System Management
ZXR10#dir /*view the information in current directory and find the sub-directory of ABC*/ Directory of flash:/ attribute size date time name drwx MAY-17-2004 14:22:10 IMG drwx MAY-17-2004 14:38:22 CFG drwx MAY-17-2004 14:38:22 DATA Confidential and Proprietary Information of ZTE CORPORATION...
Page 33: Ftp/Tftp Overview
5900/5200 as an FTP client from the FTP server. 1. Run wftpd on the background host, and an interface as shownFigure 11 11 WFTPD INTERFACE IGURE 2. Select SecuritySelect User/Rights…and perform the follow- ing operations on the popup dialog box: Confidential and Proprietary Information of ZTE CORPORATION...
Page 34: Configuring Switch As An Tftp Client
Start TFTP server on the background host, and access the ZXR10 5900/5200 as a TFTP client from the TFTP server. 1. Run tftpd on the background host, and an interface as shown Figure 13.. Confidential and Proprietary Information of ZTE CORPORATION...
Page 35 14 CONFIGURING DIALOG BOX IGURE 3. Click OK to finish the settings. Background of TFTP server is implemented. Start the TFTP server, and run copy on the switch to backup/restore files or import/ex- port configurations. Confidential and Proprietary Information of ZTE CORPORATION...
Page 36: Backing Up Data And Restoring Data
Version restoration is to transfer the backup of the software ver- sion file from the background server to the foreground Flash of the switch over FTP/TFTP. Version restoration is important when the upgrade fails. Confidential and Proprietary Information of ZTE CORPORATION...
Page 37: Software Version Upgrade
Type “c” in the Boot state, and press ENTER to enter the param- eter modification state. Change the boot mode to booting from the background FTP; change the FTP server address to that of the background host; change the client and gateway addresses Confidential and Proprietary Information of ZTE CORPORATION...
Page 38 15922273. /*Omitted*/ ********************************************************** Welcome to ZXR10 5928 Switch of ZTE Corporation ********************************************************** ZXR10> 5. If the system starts successfully, the user can use the show version command to check whether the new version is running in the memory.
Page 39: Upgrading The Version At Normality
The user must repeat step 5 to copy the version again. 8. When the system is rebooted successfully, check the running version to confirm the success of upgrade. Confidential and Proprietary Information of ZTE CORPORATION...
Page 40: Configuring System Parameters
Command Function enable secret {0 <password>|5 This sets password. ZXR10(config)# <password>|<password>} Setting Telnet Username and Password Command Function username <username> password This sets Telnet user and ZXR10(config)# <password> password. Confidential and Proprietary Information of ZTE CORPORATION...
Page 41: Setting System Time
By default, absolute-timeout is 1440 minutes and idle-timeout is 120 minutes. Allowing Multiple Users to Configure System at the Same Time multi-user configure Confidential and Proprietary Information of ZTE CORPORATION...
Page 42: Viewing System Information
Versions of the System The following information is displayed after carrying out show version command. ZXR10#show version ZXR10 Router Operating System Software, ZTE Corporation ZXR10 ROS Version V4.08.23 ZXR10_5952 Software, Version ZXR10 5900 V2.8.23.A.12, RELEASE SOFTWARE Copyright (c) 2000-2007 by ZTE Corporation Compiled Jun 14 2009, 11:47:14 System image files are flash:<//flash/img/zxr10.zar>...
Page 43: Interface Configuration
(1000M Ethernet interface) and xgei (10000M Ethernet interface). � <Slot No.> ZXR10 5924/5224 only has one slot. ZXR10 5928/5228/5928-FI/5228-FI/5952/5252 has 5 slots. There are 4 slots at the back of device. Slots numbered from Confidential and Proprietary Information of ZTE CORPORATION...
Page 44: Disabling/Enabling An Ethernet Port
This disables/enables an ZXR10(config-gei_1/x)# Ethernet port. shutdown command sets the physical link state of the port to down, when the port’s link indicator goes off. All ports are enabled by default. Confidential and Proprietary Information of ZTE CORPORATION...
Page 45: Enabling/Disabling Auto-Negotiation On An Ethernet Port
10 negotiation auto no negotiation auto The four are in mutual exclusive relationship. After configuring nego auto speed 100|10, speed and duplex of port are not configured and only can be adaptive. Confidential and Proprietary Information of ZTE CORPORATION...
Page 46: Setting Ethernet Port Duplex Mode
The Ethernet port can also receive pause packets from other devices and do as required by the packets. Confidential and Proprietary Information of ZTE CORPORATION...
Page 47: Allowing/Prohibiting Jumbo Fame On An Ethernet Port
Ethernet port is kept in a reason- able range. This effectively suppresses broadcast storm, helps avoid congestion and ensures normal provisioning of network ser- Confidential and Proprietary Information of ZTE CORPORATION...
Page 48: Setting Multicast Packet Suppression On An Ethernet Port
Ethernet port every second. Viewing Layer 2 Interface Physical Status To view switch layer 2 physical interface running status such as if Short Description the interface is up, duplex, and rate. Confidential and Proprietary Information of ZTE CORPORATION...
Page 49 Prot is DOWN configured. refer to user manual to solve the problem. if this problem can’t be solved contact ZTE client supporting engineer for further handling. Confidential and Proprietary Information of ZTE CORPORATION...
Page 50: Displaying Port Information
10 switchport qinq normal Diagnosing and Analyzing Lines ZXR10 5900/5200 supports cable connection diagnosis and anal- ysis to find out any abnormality and accurately locate the fault for easy network management and troubleshooting. Confidential and Proprietary Information of ZTE CORPORATION...
Page 51: Port Mirroring Configuration
� Support up to one group of ports (eight mirrored ports to the most). � Support cross-board port mirroring, that is, the mirrored port and monitor port can be on different interface boards. Confidential and Proprietary Information of ZTE CORPORATION...
Page 52: Configuring Port Mirroring
1. This example shows single device port mirroring configuration. Port gei_1/3 is connected to a computer, data received is on gei_1/1 and data received/sent is on gei_1/2 are to be moni- tored. This is shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 53 16, port gei_1/3 is connected to other equipment’s mirroring out port, data received is on gei_1/1 and data received/sent is on gei_1/2 are to be monitored, RSPAN’s Vlan is Vlan 10 and the priority is 1. Confidential and Proprietary Information of ZTE CORPORATION...
Page 54: Loopback Detection Configuration
One port supports up to loopback detection of 8 Vlans at the same time. Configuring Port Loopback Detection Step Command Function loop-detect interface <port-name>[e This enables the loopback ZXR10(config)# nable | disable] detection function of one port or multiple ports. Confidential and Proprietary Information of ZTE CORPORATION...
Page 55: Port Loop Detection Example
B with gei_1/1 port. Switch B shuts spanning-tree protocol and loop two ports with one network line. The two ports in loop and the port which connect to switch are in the same Vlans as gei_1/1. Confidential and Proprietary Information of ZTE CORPORATION...
Page 56: Dom Configuration
I2C bus of optical module. It is compared with threshold value. When the current value exceeds the threshold value that manufacturer sets, the alarm will be sent by syslog and SNMP trap. Confidential and Proprietary Information of ZTE CORPORATION...
Page 57: Configuring Dom
(Celsius) (Volts) (mA) (mW) (mW) ------------------------------------------------------------- gei_2/1/23 12.00 5.00 60.00 0.00 1.00 The threshold is related to hardware optical module. If optical module and manufacturer are different the viewed information will be different. Confidential and Proprietary Information of ZTE CORPORATION...
Page 58: Viewing Module Threshold Information
3.30 6.50 6.50 3.50 3.50 gei_1/2 3.30 6.50 6.50 3.50 3.50 The threshold is related to hardware optical module.If optical mod- ule and manufacturer are different the viewed information will be different. Confidential and Proprietary Information of ZTE CORPORATION...
Page 59: Viewing The Record Information That Module Exceeds Threshold
14:57:07 04/29/2008 cur l-w 60.00mA<=80.00mA 14:57:07 04/29/2008 rx l-a -440.00dBm<=-333.01dBm 14:57:07 04/29/2008 rx l-a -440.00dBm<=-333.01dBm The threshold is related to hardware optical module. If optical module and manufacturer are different the viewed information will be different. Confidential and Proprietary Information of ZTE CORPORATION...
Page 60 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 61: Network Protocol Configuration
5lists range of each class. 5 IP ADDRESS RANGE FOR EACH CLASS ABLE Range Class Prefix Network Bit Host Bit Characteristic 0.0.0.0~ Class A 127.255.255.255 Class B 128.0.0.0~ 191.255.255.255 Class C 192.0.0.0~ 223.255.255.255 Confidential and Proprietary Information of ZTE CORPORATION...
Page 62 An IP address with host bits being all "1" serves as the broadcast address of the network. 5. For a legal host IP address, the network part or the host part should not be all "0" or all "1". Confidential and Proprietary Information of ZTE CORPORATION...
Page 63: Configuring Ip Address
IP address, it sends a reply con- taining the MAC address to the source device. The source device obtains the MAC address of the destination device through this re- ply. Confidential and Proprietary Information of ZTE CORPORATION...
Page 64: Configuring Arp
The following example shows the ARP table of the layer 3 interface VLAN1. ZXR10#show arp Address Age(min) Hardware Addr Interface 10.1.1.1 000a.010c.e2c6 vlan1 10.1.100.100 18 00b0.d08f.820a vlan1 10.10.10.2 0000.1111.2222 vlan1 10.10.10.3 0000.1111.2221 vlan1 ZXR10# Confidential and Proprietary Information of ZTE CORPORATION...
Page 65 “s” indicates that it is a static ARP, and “P” indicates that it is a permanent ARP added manually. The number means the time since ARP updates last time. Confidential and Proprietary Information of ZTE CORPORATION...
Page 66 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 67: Switch Stack System
There are two modes for managing stack system: � The serial port cable is connected to any serial port of stack member. Management is implemented by CLI. � Management is implemented by SNMP. Confidential and Proprietary Information of ZTE CORPORATION...
Page 68: Member Specification Of Switch Stack System
3. The MAC address of the switch is the smallest when member priorities are same. Main device will change when the following happen. � The main device leaves from the current stack system. Confidential and Proprietary Information of ZTE CORPORATION...
Page 69: Stack System Member Id
MAC address of new main device. Stack Member Device Priority The higher the switch priority, the greater the possibility of being main device during main device election. The priority range is Confidential and Proprietary Information of ZTE CORPORATION...
Page 70: Stack Member Device Software Version Check And Automatic Upgrade
Therefore stack system configuration won’t lost and the effect on traffic forwarding will be minimized. Confidential and Proprietary Information of ZTE CORPORATION...
Page 71: Configuring Switch Stack System
In stack system, all devices can log in to other devices by session to operate other devices. When logging in to member device, show operation or operation on file system will be carried out and configuring command operation can’t be carried out. That mem- Confidential and Proprietary Information of ZTE CORPORATION...
Page 72: Viewing Switch Stack System Information
The parameter is device ID. show switch status This views current device ZXR10# topology related content. show switch status stack-member-number This views designated device ZXR10# topology content. The parameter is device ID. Confidential and Proprietary Information of ZTE CORPORATION...
Page 73: Acl Configuration
L2 ACL: Match source MAC address, destination MAC address, source VLAN ID, L2 Ethernet protocol type and 802.1p priority value. � Hybrid ACL: Match source MAC address, destination MAC ad- dress, source VLAN ID, source IP address, destination IP ad- Confidential and Proprietary Information of ZTE CORPORATION...
Page 74: Configuring Acl
Configuring ACL Rule When configuring ACL, it is needed to enter ACL configuration mode firstly and then define ACL rules. The following items shall be noted when defining ACL rules: Confidential and Proprietary Information of ZTE CORPORATION...
Page 75: Configuring Basic Acl Rule
IP or IP protocol ny}{<dest><dest-wildcard>|any}[{[precedence number (excluded ICMP, TCP, <pre-value>][tos <tos-value>]}|dscp <dscp-value UDP) >][fragment][time-range <timerange-name>] rule <rule-no>{permit|den This configures the rules ZXR10(config-ext-acl)# y}{<source><source-wildcard>|any}[<rule><port based on TCP. >]{<dest><dest-wildcard>|any}[<rule><port>][est ablished][{[precedence <pre-value>][tos <tos-val ue>]}|dscp <dscp-value>][fragment][time-range <timerange-name>] Confidential and Proprietary Information of ZTE CORPORATION...
Page 76: Configuring L2 Acl
In this example, define a L2 ACL to permit IP packets with the Example source MAC address as 00d0.d0c0.5741 and the 802.1p as 5 from VLAN 10. ZXR10(config)#acl link number 200 ZXR10(config-link-acl)#rule 1 permit any cos 5 douter 10 ingress 00d0.d0c0.5741 0000.0000.0000 Confidential and Proprietary Information of ZTE CORPORATION...
Page 77: Configuring Hybrid Acl
ZXR10(config-hybd-acl)#rule 1 permit udp 210.168.1.0 0.0.0.255 Eq 100 210.168.2.10 0.0.0.0 eq 200 any Egress 00d0.d0c0.5741 0000.0000.0000 ZXR10(config-hybd-acl)#rule 2 deny tcp 192.168.3.0 0.0.0.255 Eq BGP any any ZXR10(config-hybd-acl)#rule 3 deny any any any ingress 0100.2563.1425 0000.0000.0000 Confidential and Proprietary Information of ZTE CORPORATION...
Page 78: Configuring Basic Ipv6 Acl
20.0.0.0.0.0.0.0/16 to pass and deny the packets with MAC address 0012.0001.0002 to pass. ZXR10(config)# ipv6 acl extended 2500 ZXR10(config-ext-v6acl)# rule 1 permit 10::/16 20::/16 ZXR10(config-ext-v6acl)#rule 2 deny fragment any any ingress 0012 0001.0002 0000.0000.0000 Confidential and Proprietary Information of ZTE CORPORATION...
Page 79: Applying Acl On Physical Port
2. One VLAN can only apply one ACL, the new configuration will cover the old one. For example, in vlan configuration mode, the following two commands are configured ip access-group 300 in ip access-group 305 in only ACL 305 takes effects. Confidential and Proprietary Information of ZTE CORPORATION...
Page 80: Configuring An Acl To Support Renaming
3. General Managers of both department A and department B (with their IP addresses as 192.168.1.100 and 192.168.2.100 respectively) may access the Internet and all servers at any time. The IP addresses of the servers are as follows: Confidential and Proprietary Information of ZTE CORPORATION...
Page 81 ZXR10(config-ext-acl)#rule 3 deny tcp any 192.168.4.70 0.0.0.0 time-range working-time ZXR10(config-ext-acl)#rule 4 permit ip any any /*Apply the ACL to the corresponding physical port*/ ZXR10(config)#interface gei_1/1 ZXR10(config-gei_1/1)#ip access-group 100 in ZXR10(config-gei_1/1)#exit ZXR10(config)#interface gei_1/2 ZXR10(config-gei_1/2)#ip access-group 101 in ZXR10(config-gei_1/2)#exit Confidential and Proprietary Information of ZTE CORPORATION...
Page 82: Acl Maintenance And Diagnosis
1. To display the contents of all ACLs with specified list number, use the following command. show acl [<acl-number>|name <acl-name>] 2. To show whether an ACL is applied on a physical port, use the following command. show running-config interface <port-name> Confidential and Proprietary Information of ZTE CORPORATION...
Page 83: Qos Configuration
8. Traffic statistics Traffic Classification Traffic refers to packets passing through switch. Traffic classifica- tion is the process of distinguishing one kind of traffic from another by examining the fields in the packet. Confidential and Proprietary Information of ZTE CORPORATION...
Page 84: Traffic Policing
On the switch, each packet traversing the switch will be assigned a color according to some principle (packet information). Maker colors the IP packet according to result from Meter and the color is marked in DS field. Confidential and Proprietary Information of ZTE CORPORATION...
Page 85: Traffic Shaping
The switch per- forms incoming port output queue operation according to the CoS queue corresponding to 802.1p of packets. In network conges- tion, the queue scheduling is generally used to solve the problem Confidential and Proprietary Information of ZTE CORPORATION...
Page 86: Redirection And Policy Routing
Priority marking is used to reassign a set of service parameters to specific traffic described in the ACL to perform the following operations: 1. Change the CoS queue of the packet and change the 802.1p value. Confidential and Proprietary Information of ZTE CORPORATION...
Page 87: Marking Outside Vlan Value
Color rendering configuration parameters contain cir, cbs, ebs and pir. To use the dual-rate marker algorithm, configure the pir pa- rameter. The ebs parameter indicates the pbs parameter stipu- lated in the protocol. Confidential and Proprietary Information of ZTE CORPORATION...
Page 88: Configuring Traffic Shaping
20 M. ZXR10(config)#interface gei_1/1 ZXR10(config-gei_1/1)#traffic-shape data-rate 20000 burst-size 4 Configuring Queue Bandwidth Limit Command Function traffic-shape queue This configures queue maximum ZXR10(config-gei_1/x)# <queue-no>{max-datarate-limit <max-daterate-vlaue and minimum bandwidth limit. >|min-gua-datarate <min-datarate-vlaue>} Confidential and Proprietary Information of ZTE CORPORATION...
Page 89: Configuring Queue Scheduling And Default 802.1P Of The Port
This example shows the redirection of the packet whose source Example IP address is 168.2.5.5 on the port gei_1/4 to the port gei_1/3. In addition, it is to implement the policy routing to packet whose Confidential and Proprietary Information of ZTE CORPORATION...
Page 90: Configuring Priority Marking
1 on gei_1/4 as 2000. ZXR10(config)#acl standard number 10 ZXR10(config-std-acl)#rule 1 permit 168.2.5.5 ZXR10(config-std-acl)#exit ZXR10(config)#interface gei_1/4 ZXR10(config-gei_1/4)#ip access-group 10 in ZXR10(config-gei_1/4)#exit ZXR10(config)#qos set acl-svlan-map acl 10 rule 1 to out-vlanid 2000 Confidential and Proprietary Information of ZTE CORPORATION...
Page 91: Configuring Traffic Mirroring
ZXR10(config)#qos tail-drop 1 queue-id 1 240 120 120 ZXR10(config)#interface gei_1/8 ZXR10(config-gei_1/8# drop-mode tail-drop 1 Configuring Traffic Statistics Command Function traffic-statistics < acl-number> rrulle-iid This configures traffic statistics. ZXR10(config)# < rule-no> pkt-type { all| green| red| yellow} statistics-type { byte| packet} Confidential and Proprietary Information of ZTE CORPORATION...
Page 92: Qos Configuration Example
20 QOS CONFIGURATION EXAMPLE IGURE Switch configuration: ZXR10(config)#acl extend number 100 ZXR10(config-ext-acl)#rule 1 permit tcp any 192.168.4.70 0.0.0.0 ZXR10(config-ext-acl)#rule 2 permit ip any 192.168.3.100 0.0.0.0 ZXR10(config-ext-acl)#rule 3 permit ip any any Confidential and Proprietary Information of ZTE CORPORATION...
Page 93: Policy Routing Configuration Example
It is required to select different egresses based on IP addresses of users as follows: Users on the sub-network 10.10.0.0/24 use the ISP1 egress. Users on the sub-network 11.11.0.0/24 use the ISP2 egress. Confidential and Proprietary Information of ZTE CORPORATION...
Page 94: Qos Maintenance And Diagnosis
DSCP, use the fol- lowing command. show qos conform-dscp 3. To display 802.1p parameter map table configuration infor- mation according to local-precedence, use the following com- mand. show qos cos-local-map Confidential and Proprietary Information of ZTE CORPORATION...
Page 95 1 2 3 4 5 6 7 0 ZXR10(config)#qos cos-drop-map 2 1 0 2 1 1 0 1 ZXR10(config)#show qos cos-drop-map qos cos-drop-map 2 1 0 2 1 1 0 1 Confidential and Proprietary Information of ZTE CORPORATION...
Page 96 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 97: Dhcp Configuration
Once the lease period expires, the host must request the server for continuous lease. The host cannot continue to lease until it accepts the re- quest, otherwise it must give up unconditionally. Confidential and Proprietary Information of ZTE CORPORATION...
Page 98: Configuring Dhcp
1~16 characters. no ip pool <word> This deletes IP address pool ZXR10(config)# which name corresponds. 2. To configure conflict time in ip pool or delete the orginal con- figuration, use the following commands. Confidential and Proprietary Information of ZTE CORPORATION...
Page 99 ZXR10(config-ip-pool)# et_mask> address range configuration. <net_numberr > a specific subnet network number, <net_maskr > subnet mask. 5. To configure IP pool range or delete corresponding IP address range , use the following commands. Confidential and Proprietary Information of ZTE CORPORATION...
Page 100: Configuring Dhcp Pool
<ip_addr> IP Address <instance_namer> instance name no binding <mac_addr><ip This deletes the original ZXR10(config-dhcp-pool)# _addr>[vrf-instance <instance_ namer>] configuration. 3. To configure a default route or delete the configured content, use the following commands. Confidential and Proprietary Information of ZTE CORPORATION...
Page 101 This configurse ip address ZXR10(config)# ><minutes>]] lease-time. <days> 0~365 <hours> 0~23 <minutes> 0~59 infinite The default is 60 minutes. no lease-time This deletes configured time. ZXR10(config)# 7. To configure other options, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 102: Configuring Dhcp Policy
3. To configure relay agent address or delete the configuration, use the following commands. Step Command Function relay-agent <ip_addr> This configures relay agent ZXR10(config-dhcp-pool)# address. <ip_addr> IP Address no relay-agent This deletes configuration. ZXR10(config-dhcp-pool)# Confidential and Proprietary Information of ZTE CORPORATION...
Page 103: Configuring Dchp Server
Only one function among system built-in DHCP Server function, DHCP Relay function and DHCP Proxy function can be run on the same interface. 3. To bind policy to an interface or delete configuration, use the following commands. Confidential and Proprietary Information of ZTE CORPORATION...
Page 104 This cancels this interface ZXR10(config-if-vlanX)# policy vclass-id select outside DHCP Server policy. 6. To configure DHCP SERVER/RELAY/PROXY ramble function or disable DHCP ramble function, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 105: Configuring Dhcp Snooping
This deletes user binding ZXR10(config)# vlan <vlan><ip address><interface-number> entry from DHCP SNOOPING binding database. 2. To delete the entry of DHCP SNOOPING binding table on layer 2 interface manually, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 106 This cancels configured 82 ZXR10(config)# format option format to restore default format. 6. To configure the policy of forwarding DHCP data packet 82 op- tion or cancel the policy, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 107 This enables DHCP SNOOPING ZXR10(config)# on the specific VLAN. <vlan> the VLAN user belongs to, 1~4094input the range. no ip dhcp snooping vlan <vlan> This cancels DHCP SNOOPING ZXR10(config)# on the specific VLAN. Confidential and Proprietary Information of ZTE CORPORATION...
Page 108: Configuring Dhcp Relay
At the same time, writing ARP table function is invalid for standard mode. Standard forwarding mode performance will be better for big consumer number be- cause it does not deal with the subsequent unicast interaction. Confidential and Proprietary Information of ZTE CORPORATION...
Page 109 Chapter 9 DHCP Configuration Security forwarding mode combines DHCP standard protocol with ZTE patent technology to control and manage all interac- tion of DHCP client and outside DHCP SERVER such as security check. Therefore, DHCP process can work in all DHCP inter- action.
Page 110 This cancels configured 82 ZXR10(config)# option policy to restore default policy. 8. To configure DHCP client server-id that DHCP Relay responses or cancel DHCP client server-id that DHCP Relay responses, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 111 This disables DHCP network ZXR10(config-if-vlanX)# packet request packet that all request on the interface. 12. To enable the interface as DHCP Relay trust or disable the in- terface as DHCP Relay trust, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 112: Configuring Dhcp Client
Command Function ip dhcp client hostname WORD This configures hostname of ZXR10(config-if-vlanX)# dhcp client on the interface. 4. To configure lease information of dhcp client on the interface, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 113: Dhcp Configuration Example
DHCP Configuration Example DHCP Server Configuration Example R1 acts as the DHCP server and default gateway and the host ob- tains IP addresses through the DHCP dynamically, as shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 114: Dhcp Relay Configuration Example
R1 enables DHCP relay function and a single server 10.10.2.2 pro- vides DHCP server function. This mode is usually adopted when a lot of hosts require the DHCP service. This is shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 115: Dhcp Snooping Configuration Example
Enable the DHCP snooping function in the switch can prevent set illusive DHCP server. Now it is needed to enable DHCP Snooping function in vlan 100 and configure the interface gei_1/1 be trust interface. This is shown Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 116: Dhcp Snooping Prevent Static Ip Configuration Example
IP address use by DHCP. Now it is required to forbid the PC to configure the static IP address through the DHCP snooping and dynamic ARP inspection technologies. This illustration is shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 117: Dhcp Maintenance And Diagnosis
5. To view the DHCP snooping Vlan, use the following command. show ip dhcp snooping vlan [<vlan-id>] 6. To view the IP DHCP snooping trust, use the following com- mand. show ip dhcp snooping trust Confidential and Proprietary Information of ZTE CORPORATION...
Page 118 9. To display DHCP pool, use the following command. show ip dhcp pool [<pool-name>] 10. To display DHCP policy, use the following command. show ip dhcp policy [<policy_name>] To handle DHCP server/relay processes, use debug ip dhcpcom- mand. Confidential and Proprietary Information of ZTE CORPORATION...
Page 119: Vrrp Configuration
VRRP group work abnormally. These routers can be configured into multiple groups for mutual backup. The hosts in the domain use different IP addresses as gateway to implement data load balance. Confidential and Proprietary Information of ZTE CORPORATION...
Page 120: Configuring Vrrp
<group> learn This configures how to learn ZXR10(config-if-vlanX)# about the time interval for sending VRRP packets on the interface. 6. To configure authentication character string on the interface, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 121: Vrrp Configuration Example
This example shows that R1 and R2 run in the VRRP protocol between each other. R1 interface address 10.0.0.1 is used as the VRRP virtual address, therefore R1 is considered as a mas- ter router. This is shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 122: Symmetric Vrrp Configuration Example
10.0.0.1. PC3 and PC4 use the virtual router in Group 2 as default gateway with the address 10.0.0.2. R1 and R2 serve as mutual backup. Four hosts cannot communicate with outside world until both routers become invalid. This is shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 123: Vrrp Maintenance And Diagnosis
To perform VRRP maintenance and diagnosis, ZXR10 5900/5200 provides the following commands to view all VRRP configuration information. show vrrp [<group>|brief|interface <interface-name>|all] ZXR10 5900/5200 provides debug vrrp command to display VRRP debug information switch. debug vrrp {state|packet|event|error|all} Confidential and Proprietary Information of ZTE CORPORATION...
Page 124 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 125: Network Management Configuration
1~5; Version is option , the range is 1~3 , the default is 3. Key is valid when authentication is enabled and option; Lock/unlock is used to configure if server is locked and option. Confidential and Proprietary Information of ZTE CORPORATION...
Page 126: Ntp Configuration Example
ZXR10(config-router)# state. NTP Configuration Example This example shows routing switch as a NTP client and assume that the NTP protocol version is 2. This is shown in Figure 28 NTP CONFIGURATION EXAMPLE IGURE Confidential and Proprietary Information of ZTE CORPORATION...
Page 127: Radius Configuration
2. To configure RADIUS authentication group, use the following command. Command Function radius authentication-group This configures RADIUS ZXR10(config)# <group-number> authentication group. 3. To configure the parameters of RADIUS, peform the following steps. Confidential and Proprietary Information of ZTE CORPORATION...
Page 128 This displays the content of ZXR10# group-number|name radiusname|session accounting packets in local session-id|user user-name|sum|all} buffer. clear accounting local-buffer [ group number | This clears the content of ZXR10# all] accounting packets in local buffer. Confidential and Proprietary Information of ZTE CORPORATION...
Page 129: Radius Configuration Example
SNMP community is named by character strings and different communities have read-only or read-write access authorities. Community with read-only authority can only query equipment information. and the community with read-write authority can configure the equipment. Confidential and Proprietary Information of ZTE CORPORATION...
Page 130 NMS and is used to report some emer- gent events. 6. To set the TRAP destination host, use the following command. Command Function snmp-server host [mng]<ip-address>[tra This sets the TRAP destination ZXR10(config)# p|inform][version {1|2c|3 {auth|noauth|priv}}]<com host. munity-name>[udp-port <udp-port>][…<trap-type>] Confidential and Proprietary Information of ZTE CORPORATION...
Page 131 12. To configure TRAP source, use the following command. Command Function snmp-server trap-source <IP address> This configures TRAP source. ZXR10(config)# To configure the users which are allowed to access SNMP engine, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 132: Snmp Configuration Example
The following is an example of SNMP configuration. ZXR10(config)#snmp-server view myViewName 1.3.6.1.2.1 included ZXR10(config)#snmp-server community myCommunity view myview rw ZXR10(config)#snmp host 168.1.1.1 trap ver 1 ospf ZXR10(config)#snmp-server location this is ZXR10 in china ZXR10(config)#snmp-server contact this is ZXR10, tel: (025)2872006 Confidential and Proprietary Information of ZTE CORPORATION...
Page 133: Rmon Configuration
4. To configure an event, use the following command. Command Function rmon event <index>[log][trap This configures an event. ZXR10(config)# <community>][description <string>][owner <string>] 5. To display RMON configuration and relevant information, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 134: Rmon Configuration Example
View RMON alarm information with the show command. ZXR10#show rmon alarm Alarm 1 is active, owned by rmontest Monitors system.3.0 every 10 seconds Taking absolute samples, last value was 54000 Rising threshold is 1000, assigned to event 1 Confidential and Proprietary Information of ZTE CORPORATION...
Page 135: Syslog Configuration
2. To set the log buffer size, use the following command. Command Function logging buffer <buffer-size> This sets the log buffer size. ZXR10(config)# 3. To set log clearance mode, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 136 This sets parameters to pack ZXR10(config)# <hh:mm:ss>|interval <hh:mm:ss>|month information in alarm buffer to <monthday><hh:mmm:ss>|week <weekday><hh:mm file and send it to ftp server. :ss>}[mng]<ftp sever><username><password><alarm file prefix> 9. To set background syslog server parameters, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 137: Syslog Configuration Example
. ZXR10(config)#logging on ZXR10(config)#logging buffer 100 ZXR10(config)#logging mode FULLCLEAR ZXR10(config)#logging console warnings ZXR10(config)#logging level errors ZXR10(config)#logging ftp notificational 168.1.70.100 target target zxralarm.log ZXR10(config)# syslog-server host 192.168.0.100 Confidential and Proprietary Information of ZTE CORPORATION...
Page 138: Tacacs+ Configuration
2. To disable TACACS+ protocol function, use the following com- mmand. Command Function tacacs disable [clear] This disables TACACS+ protocol ZXR10(config)# function. 3. To configure TACACS+ server group member, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 139 Connection timeout time, in range of 1~1000. Unit is second. The configuration here will invalidate the global configuration. Encryption key between NAS and TACACS+ server. The configuration here will invalidate the global configuration. Confidential and Proprietary Information of ZTE CORPORATION...
Page 140 Command parameter description is as follows: Parameter Description <1~1000> timeout time, The unit is second. 1~1000, 5s by default. 9. To configure TACACS+ server group, use the following com- mand. Confidential and Proprietary Information of ZTE CORPORATION...
Page 141: Tacacs Configuration Example
1~31 characters TACACS Configuration Example ZXR10(config)#tacacs enable ZXR10(config)#tacacs-server host 1.1.1.1 ZXR10(config)#tacacs-client 1.1.1.2 ZXR10(config)#aaa authentication login default group zte ZXR10(config)#aaa authentication enable default local group zte ZXR10(config)#aaa authorization login default group zte ZXR10(config)#user-authentication-type tacacs+ ZXR10(config)#user-authorization-type tacacs+ ZXR10(config)#aaa group-server tacacs+ zte ZXR10(config-sg)#server 1.1.1.1...
Page 142 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 143: Dot1X Configuration
Controlled port and uncontrolled port in the IEEE 802.1x pro- tocol are logical concepts and such physical switches are inex- istent in the equipment. The IEEE 802.1x protocol establishes Confidential and Proprietary Information of ZTE CORPORATION...
Page 144: Configuring Dot1X
4. To select an authentication mode, use the following command. Command Function aaa <rule-id> authentication This selects an authentication ZXR10(config-nas)# {local|radius} mode. 5. To select an authentication protocol, use the following com- mand. Confidential and Proprietary Information of ZTE CORPORATION...
Page 145 11. To configure a group name, use the following command. Command Function aaa <rule-id> groupname This configures a group name. ZXR10(config-nas)# <group-name> 12. To bind an AAA control entry with the radius server group, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 146: Configuring Dot1X Parameter
2. To configure the quiet period of dot1x authentication, use the following command. Command Function dot1x quiet-period < period > This configures the quiet period ZXR10(config-nas)# of dot1x authentication. 3. To configure the sending period of dot1x authentication, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 147: Configuring Local Authentication User
2. To delete a local user, use the following command. Command Function clear localuser < user-id > This deletes a local user. ZXR10(config-nas)# 3. To bind the user with the port, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 148: Managing Dot1X Authentication Access User
<client-index>| mac <mac-address>| port authentication users. <port-name>| vlan <vlan-id>] 2. To delete a specific user, use the following command. Command Function clear client [index <client-index>|port This deletes a specific user. ZXR10(config-nas)# <port-name>| vlan <vlan-id>] Confidential and Proprietary Information of ZTE CORPORATION...
Page 149: Managing Multiple Domains Configuration
This deletes domain fullname ZXR10(config-domain)# authentication information. 5. To configure domain name information, use the following com- mand. Command Function domain-name <domain-name> This configures domain name ZXR10(config-domain)# information. no domain-name This deletes domain name ZXR10(config-domain)# information. Confidential and Proprietary Information of ZTE CORPORATION...
Page 150: Configuring 802.1X Vlan Hopping
Configuring 802.1x VLAN Hopping To configure VLAN hopping function at the interface, use the fol- lowing command. Command Function vlanjump {enable|disable}[de This configures VLAN hopping ZXR10(config-gei_1/x)# faultauthvlan <vlan-id>] function at the specific interface. Confidential and Proprietary Information of ZTE CORPORATION...
Page 151: Dot1X Configuration Example
IP addresses of these servers are 10.1.1.1 and 10.1.1.2 respectively. It is required that the former serves as the master authentication/slave charging server and the latter serves as the slave authentication/master charging server. Confidential and Proprietary Information of ZTE CORPORATION...
Page 152: Dot1X Trunk Authentication Application
ZXR10(config-nas)#aaa 1 fullaccount disable ZXR10(config-nas)#aaa 1 radius-server authentication ZXR10(config-nas)#aaa 1 radius-server accounting ZXR10(config-nas)#aaa 1 authen radius Dot1x Trunk Authentication Application Internal network of an enterprise is shown in Figure 30 DOT1X TRUNK AUTHENTICATION APPLICATION IGURE Confidential and Proprietary Information of ZTE CORPORATION...
Page 153: Dot1X Local Authentication Application
ZXR10(config-acctgrp-1)#server 2 10.1.1.2 key aaazte port <auth server port num > ZXR10(config-acctgrp-1)#exit ZXR10(config)#nas ZXR10(config-nas)#create aaa 1 port gei_1/1 ZXR10(config-nas)#aaa 1 control dot1x enable ZXR10(config-nas)#aaa 1 authentication local ZXR10(config-nas)#aaa 1 authorization auto ZXR10(config-nas)#aaa 1 accounting disable Confidential and Proprietary Information of ZTE CORPORATION...
Page 154: Dot1X Multiple Domains Function
When encountering DOT1X problem, we can locate the fault and remove them with relevant debugging commands. Among these commands, show command and debug command may be used. 1. To display Dot1x authentication configuration information, use the following command. show dot1x Confidential and Proprietary Information of ZTE CORPORATION...
Page 155 1. To trace the transceiving packet and handling processes of the dot1x, use the following command. debug nas 2. To trace the process of interacting with the radius, use the following command. debug radius Confidential and Proprietary Information of ZTE CORPORATION...
Page 156 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 157: Cluster Management Configuration
After the cluster is established, command switch provides a management channel for cluster to manage member switch. Mem- ber switch serves as a candidate switch before being added into cluster. Switch which does not support cluster management is called independent switch. Confidential and Proprietary Information of ZTE CORPORATION...
Page 158 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) Cluster management network is formed as shown in Figure 31 CLUSTER MANAGEMENT NETWORKING IGURE Switching rule of four types switches in the cluster is shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 159: Configuring Cluster Management
2. To configure time interval of transmitting ZDP packets, use the following command. Command Function zdp timer <time> This configures time interval of ZXR10(config)# transmitting ZDP packets. 3. To configure the valid holding time of ZDP information, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 160: Configuring Ztp Topology Collection Protocol
5. To set delay in sending ZTP protocol packets on the port, use the following command. Command Function ztp port-delay <time> This sets delay in sending ZTP ZXR10(config)# protocol packets on the port. 6. To conduct once topology collection, use the following com- mand. Confidential and Proprietary Information of ZTE CORPORATION...
Page 161: Establishing Cluster
This sets the holding time ZXR10(config)# between the member and command switch on the command switch. 5. To add a specific equipment or MAC address as a member on the command switch, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 162: Maintaining Cluster
This configures the tftp server ZXR10(config)# on the cluster. 5. To configure the alarm receiver on the cluster, use the following command. Command Function group trap-host <ip_addr> This configures the alarm ZXR10(config)# receiver on the cluster. Confidential and Proprietary Information of ZTE CORPORATION...
Page 163: Cluster Management Configuration Example
1. To display ZDP configuration information, use the following command. show zdp 2. To view ZTP configuration information, use the following com- mand. show ztp 3. To display cluster configuration information, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 164 6. To display group member information, use the following com- mand. show group {member | candidates [mac <mac-address >]} Command debug group-management can be used to trace packet sending, receiving of ZDP and ZTP and its processing during cluster management process. Confidential and Proprietary Information of ZTE CORPORATION...
Page 165: Iptv Configuration
1. To set the least preview time, use the following command. Command Function iptv control login-time This sets the least preview time. ZXR10(config-nas)# 2. To set the max preview counts on global, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 166: Configuring Iptv Channels
Channel number is 0~256. 0~255 are special channels. Each channel must designate a multicast address. 256 is general channel and needn’t to designate multicast address. 2. To set the name of a channel, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 167: Configuring Channel Access Control (Cac)
4. To set maximum preview time of rules, use the following com- mand. Command Function iptv cac-rule <1-256> prvtime This sets maximum preview ZXR10(config)# time of rules. The default is global maximum preview time. Confidential and Proprietary Information of ZTE CORPORATION...
Page 168: Users
ZXR10(config-nas)# iptv channel 1 mvlan 100 ZXR10(config-nas)# iptv channel 1 name cctv1 ZXR10(config-nas)# create iptv cac-rule 1 port gei_1/1 vlan 1 ZXR10(config-nas)# iptv cac-rule 1 prvcount 10 ZXR10(config-nas)# iptv cac-rule 1 prvtime 120 Confidential and Proprietary Information of ZTE CORPORATION...
Page 169: Iptv Maintenance And Diagnosis
3. To display the CAC rule, use the following command. show iptv cac-rule [{ id <channelno>| name<channel-nam e>}] 4. To display online users of IPTV, use the following command. show iptv client [{port<portno>| vlan <vlanid>| device <devno>}] Confidential and Proprietary Information of ZTE CORPORATION...
Page 170 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 171: Vbas Configuration
DSLAM equipment. VBAS protocol is implemented by sending VBAS packet between BAS and DSLAM. Configuring VBAS Enabling/Disabling VBAS Command Function vbas enable This enables VBAS. ZXR10(config)# no vbas enable This disables VBAS. ZXR10(config)# Confidential and Proprietary Information of ZTE CORPORATION...
Page 172: Enabling/Disabling Vbas In Vlan Mode
Enable VBAS on the switch and configure VBAS enable vlan as vlan 1. Configure gei_1/1 as trust interface and interface type is user. Configuration is shown below: ZXR10(config)#vbas enable ZXR10(config)#vlan 1 ZXR10(config-vlan1)#vbas enable ZXR10(config-vlan1)#exit ZXR10(config)#interface gei_1/1 Confidential and Proprietary Information of ZTE CORPORATION...
Page 173: Vbas Maintenance And Diagnosis
In this example gei_1/1 is used to connect BRAS equip- ment. VBAS Maintenance and Diagnosis On the privileged mode, the command debug vbas is used to open VBAS debug function and send VBAS debug information. Confidential and Proprietary Information of ZTE CORPORATION...
Page 174 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 175: Zesr/Zesr+ Configuration
ZESR+ , in double nodes double uplinks networking, improves the current ZESR to meet redundancy protection for uplink and node at the same time in double nodes double uplinks networking. Confidential and Proprietary Information of ZTE CORPORATION...
Page 176: Configuring Zesr/Zesr
{( preforward <1-600>[ preup <0-500>])| (role ring ZESR. {master |transit|zess-master|zess-transit} no zesr ctrl-vlan < 1-4094> This cancels the configuration ZXR10(config)# major-level of major-level ring ZESR. Parameter Description: Parameter Description < 1-4094> Area control vlan, indicating zesr area Confidential and Proprietary Information of ZTE CORPORATION...
Page 177 ZXR10(config)#zesr ctrl-vlan 4000 major-level preforward 20 preup 20 4. This example shows how to configure control vlan as 4000, role as master, hello as 2s, fail as 4s. ZXR10(config)#zesr ctrl-vlan 4000 major-level hello 2 fail 4 Confidential and Proprietary Information of ZTE CORPORATION...
Page 178: Configuring Access Ring Zesr
4. This example shows how to configure control vlan as 4000, level as 1, seg as 1, hello as 2s, fail as 4s ZXR10(config)#zesr ctrl-vlan 4000 level 1 seg 1 hello 2 fail 4 Confidential and Proprietary Information of ZTE CORPORATION...
Page 179: Configuring Zesr Restart-Time
XAMPLE SW1-SW4 buildup ring network, transparently transform 100-200, SW1 is core switch and the entire network exit. SW2-SW4 are convergence switch. Demand that service is not be affected if any link is down. Confidential and Proprietary Information of ZTE CORPORATION...
Page 180 ZXR10_S1(config-gei_1/3)#switchport trunk vlan 4000 ZXR10_S1(config-gei_1/3)#smartgroup 2 mode active ZXR10_S1(config-gei_1/3)#spanning-tree disable ZXR10_S1(config-gei_1/3)#exit ZXR10_S1(config)#interface gei_1/4 ZXR10_S1(config-gei_1/4)#negotiation auto ZXR10_S1(config-gei_1/4)#switchport mode trunk ZXR10_S1(config-gei_1/4)#switchport trunk vlan 100-200 ZXR10_S1(config-gei_1/4)#switchport trunk vlan 4000 ZXR10_S1(config-gei_1/4)#smartgroup 2 mode active ZXR10_S1(config-gei_1/4)#spanning-tree disable ZXR10_S1(config-gei_1/4)#exit Confidential and Proprietary Information of ZTE CORPORATION...
Page 181 ZXR10_S3(config)#zesr ctrl-vlan 4000 level 1 seg 1 role edge- assistant gei_1/2 SW4 configuration Interface instance configuration is as SW2 ZXR10_S4(config)#zesr ctrl-vlan 4000 protect-instance 1 ZXR10_S4(config)#zesr ctrl-vlan 4000 level 1 seg 1 role master gei_1/1 gei_1/2 Confidential and Proprietary Information of ZTE CORPORATION...
Page 182: Zesr And Zesr+ Hybrid Configuration Example
ZXR10_S1(config-gei_1/1)#switchport trunk vlan 4000 ZXR10_S1(config-gei_1/1)#exit //connect ZXR10-2 ZXR10_S1(config)#interface gei_1/2 //configure interface working mode as auto negotiation ZXR10_S1(config-gei_1/2)#negotiation auto ZXR10_S1(config-gei_1/2)#switchport mode trunk ZXR10_S1(config-gei_1/2)#switchport trunk vlan 100-200 ZXR10_S1(config-gei_1/2)#switchport trunk vlan 4000 ZXR10_S1(config-gei_1/2)#exit Node 2 configuration: Confidential and Proprietary Information of ZTE CORPORATION...
Page 183 The configuration such as interface instance of node 4 is the same as that of node 2. //Configure ZESR low-level main node ZXR10_S4(config)#zesr ctrl-vlan 4000 protect-instance 1 ZXR10 s4(config)#zesr ctrl-vlan 4000 level 1 seg 1 role master gei_4/2 gei_4/1 //configure ordinary ZESR master role Confidential and Proprietary Information of ZTE CORPORATION...
Page 184 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 185: Security Configuration
This configures IP Source ZXR10(config-if-vlanX)# ip-source-guard { ip-base| mac-base| Guard of interface. mac-ip-base }[ vlan { default |<vlan-id>}] no ip dhcp snooping This deletes IP Source Guard ZXR10(config-if-vlanX)# ip-source-guard of interface. Confidential and Proprietary Information of ZTE CORPORATION...
Page 186: Ip Source Guard Configuration Example
37, DHCP server connects gei_1/1 on R1, administra- tor sets management DHCP, gei_1/1 belongs to vlan100. DHCP Snooping function is enabled in VLAN100 and interface gei_1/1 is configured as trusted. PC connects gei_1/2 of switch, which be- longs to vlan100. Confidential and Proprietary Information of ZTE CORPORATION...
Page 187: Ip Source Guard Configuration Based On Ip Address And Mac Address
NIC card and source IP address that is distributed by DHCP server. Configuration of R1: ZXR10(config)#ip dhcp snooping enable ZXR10(config)#ip dhcp snooping vlan 100 ZXR10(config)#ip dhcp snooping trust gei_1/1 ZXR10(config)#interface gei_1/2 ZXR10(config-if)#ip dhcp snnoping ip-source-guard mac-ip-base Confidential and Proprietary Information of ZTE CORPORATION...
Page 188: Control Plane Security Configuration
As for the port whose port configuration is NNI, all configured protocol packets are enabled in default. But as for the port whose port configuration is UNI, the default value Confidential and Proprietary Information of ZTE CORPORATION...
Page 189 CPU. When seeing this alarm, user can configure protocol packet discard or limit speed to prevent attack from CPU. Confidential and Proprietary Information of ZTE CORPORATION...
Page 190: Configuration Example
This views protocol packet ZXR10(config)# ets <interfacename> receiving speed configuration and statistics on a certain port. clear protocol-protect {packets-count | This clears protocol statistic ZXR10# buckets-count}<interfacename> count on a certain port. Confidential and Proprietary Information of ZTE CORPORATION...
Page 191: Dai Configuration
2. The speed that ARP packet sent to CPU is configurable. 3. When DHCP SNOOPING is enabled, laye 2 IP ,MAC and port corresponding relationship are checked. Illegal user will be discarded. Confidential and Proprietary Information of ZTE CORPORATION...
Page 192: Configuring Dai
2. To view ARP packet validated inspection information, use the following command. show ip arp inspection configure 3. To view DAI configuration information of VLAN, use the follow- ing command. show ip arp inspection vlan [{<1-4094>| disable | enable | name vlan_name}] Confidential and Proprietary Information of ZTE CORPORATION...
Page 193: Dai Configuration Example
If gei_1/1 is set as trusted interface, host A sends ARP packet(legal/illegal) to switch. Switch forwards ARP packet by hardware to all interfaces that are bound with VLAN 1. Host B can receive ARP packet. When configuring interface lim- Confidential and Proprietary Information of ZTE CORPORATION...
Page 194: Mff Configuration
Step Command Function mff enable This enables MFF function in ZXR10(config-if-vlanX)# VLAN interface. no mff mode This disables MFF function in ZXR10(config-if-vlanX)# VLAN interface. 3. To configure MFF interface type, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 195: Mff Configuration Example
ZXR10(config)# MAC address detection function. MFF Configuration Example As shown in Figure 41, R1 is MFF gateway. PC1 obtains IP address through DHCP. DHCP SNOOPING and MFF are configured on switch Confidential and Proprietary Information of ZTE CORPORATION...
Page 196: Mff Maintenance And Diagnosis
1. This displays MFF global configuration information. show mff configure Example: This configures global configuration information manually. ZXR10# show mff configure MFF Mode :manus MFF Gateway MAC detecting :disable Confidential and Proprietary Information of ZTE CORPORATION...
Page 197 MFF corresponding relationship of specific user. iv. Illustration to displayed command information: Information Description IP Address Subscriber’s IP address Type Entry Type Hardware Address User MAC Address User VLAN ID VlanID : Confidential and Proprietary Information of ZTE CORPORATION...
Page 198 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 199: Poe Configuration
PoE technology can ensure the structured cabling security and the current network normal operation to decrease the cost greatly. Figure 42 displays a common PoE power supply example. Confidential and Proprietary Information of ZTE CORPORATION...
Page 200: Configuring Poe
The default is 15.4. poe priority [critical | high | low] This configures interface ZXR10（config-if）# priority. This command only can be used when this interface doesn’t be enabled PoE function. The default is low. Confidential and Proprietary Information of ZTE CORPORATION...
Page 201: Poe Configuration Example
{firmware-name} device-id <device-id>. This command upgrades Firmware PSE handling software on-line. PoE Configuration Example This examples shows the PoE configuration on switch in a stack system. ZXR10(config)#int gei_2/1/5 ZXR10(config-gei_2/1/5)#poe priority high Confidential and Proprietary Information of ZTE CORPORATION...
Page 202: Poe Maintenance
Function show poe config interface This views interface PoE ZXR10(config)# <infterface-name> configuration. show poe interface <infterface-name> This views interface PoE ZXR10(config)# status configuration. show poe device <device-id> This views PSE status ZXR10(config)# information. Confidential and Proprietary Information of ZTE CORPORATION...
Page 203: Figures
Figure 28 NTP CONFIGURATION EXAMPLE......112 Figure 29 DOT1X RADIUS AUTHENTICATION APPLICATION..137 Figure 30 DOT1X TRUNK AUTHENTICATION APPLICATION ..138 Figure 31 CLUSTER MANAGEMENT NETWORKING....144 Figure 32 SWITCH SWITCHING RULE ......... 145 Confidential and Proprietary Information of ZTE CORPORATION...
Page 204 Figure 38 IP Source Guard Configuration ......173 Figure 39 Man-in-the-middle Attack ........177 Figure 40 DAI Configuration Example ......... 179 Figure 41 Manual Mode Basic MFF Function Configuration Example ............182 Figure 42 POE Power Supply ..........186 Confidential and Proprietary Information of ZTE CORPORATION...
Page 205: Tables
Tables Table 1 CHAPTER SUMMARY ..........i Table 2 COMMAND MODES..........12 Table 3 INVOKING A COMMAND...........15 Table 4 Interface State Abnormal Condition......35 Table 5 IP ADDRESS RANGE FOR EACH CLASS.......47 Confidential and Proprietary Information of ZTE CORPORATION...
Page 206 ZXR10 5900/5200 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 207: Glossary
TELNET - Telecommunication Network Protocol TFTP - Trivial File Transfer Protocol UDP - User Datagram Protocol URPF - Unicast Reverse Path Forwarding UDLD - UniDirectional Link Detection TTL - Time To Live ToS - Type Of Service Confidential and Proprietary Information of ZTE CORPORATION...
Page 208 WRR - Weighted Round Robin ACL - Access Control List BAS - Broadband Access Server AAA - Authentication, Authorization, and Accounting ARP - Address ResolutionProtocol CoS - Class of Service DSLAM - Digital Subscriber Line Access Multiplexer Confidential and Proprietary Information of ZTE CORPORATION...

This manual is also suitable for:

Zxr10 5200 series Zxr10 5924 Zxr10 5928 Zxr10 5928–fi Zxr10 5952 Zxr10 5224 ... Show all

Zte ZXR10 5900 Series User Manual

About this Manual I

System Management

Chapter 3 Systemmanagement Tableofcontents

Interface Configuration

Chapter 4 Interfaceconfiguration Tableofcontents

Dhcp Configuration

Chapter 9 Dhcpconfiguration Tableofcontents

Network Management Configuration

Chapter 11 Networkmanagement Configuration Tableofcontents

Cluster Management Configuration

Chapter 13 Clustermanagement Configuration Tableofcontents

Iptv Configuration

Chapter 14 Iptvconfiguration Tableofcontents

Chapter 18 Poeconfiguration Tableofcontents

Quick Links

Chapters

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Zte ZXR10 5900 Series

Summary of Contents for Zte ZXR10 5900 Series