Page 2
ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners.
Contents About This Manual ..................I Chapter 1 System Overview ..............1-1 Chapter 2 Usage and Operation..............2-1 2.1 Configuration Modes ..................2-1 2.2 Command Modes....................2-7 2.3 Common Command Parameters ................2-11 2.4 Usage of Command Line .................. 2-12 Chapter 3 System Management ..............3-1 3.1 File System Operation ..................
About This Manual Purpose This manual is suitable for easy-maintenance secure switches of ZXR10 2900E (V2.05.10) series (ZXR10 2910E-PS/2918E-PS/2918E/2928E-PS/2928E/2952E, also ZXR10 2900E series in the body, and switches, or this series of switches in the general part). These switches include:...
The data message can be forwarded at wire-speed after being filtered and processed by flow classification. Ports provide high throughput, low packet discarding rate and low time delay and jitter, which satisfy the demand of the key application. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 10
SSH/SNMPv3 protocol supplies network management security. à Multilevel security of console can prevent unauthenticated users changing the à switch configuration. RADIUS/TACACS+ identification authentication puts the switch under the à centralized control and prevents unauthorized user from modifying configuration. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 11
It supports CLI command lines including Console, Telnet and SSH to access the switch. It supports Web network management. It supports ZTE Group Manage Protocol (ZGMP) group management. Functions ZXR10 2900E series switches use the Store and Forward mode, and supports layer-2 switching at wire-speed.
Page 12
It supports 802.3ah Ethernet OAM. It supports SFLOW. It supports L2 protocol transparent transmission. It supports syslog function. It supports the function of client end.. It supports network management static route configuration. It supports ZGMP group manage. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 13
It supports ZXNM01 unified network management. It supports the uploading and downloading of TFTP version/configuration. It supports the uploading and downloading of version/configuration. ZXR10 2910E-PS/2918E-PS/2928E-PS supports function complying with the 802.3af standard. At most 30 W power supply is supported. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 14
ZXR10 2900E Series Configuration Guide This page intentionally left blank. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
The console port connection configuration uses VT100 terminal mode. 1. Select Start > Programs > Accessories > Communications > HyperTerminal on the PC screen to start the HyperTerminal, see Figure 2-2. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
2. Enter the related local information in the open dialog box, see Figure 2-3. Figure 2-3 Location Information Dialog Box After the Connection Description dialog box appears, enter a name and select an icon for the new connection, see Figure 2-4. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Figure 2-4 Connection Description Dialog Box 3. Based on the serial port connected to the console cable, select COM1 or COM2 as the serial port to be connected, see Figure 2-5. Figure 2-5 Connect To Dialog Box SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Use the command create user <name>{admin | guest}[<0-15>] (the length of user name does not exceed 15 characters) to create a new management user, and the command set user local <name> login-password [<string>] (the length of login-password does not exceed 16 characters) to set the login password. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Figure 2-7. Figure 2-7 Run Telnet 2. Click OK. A Telnet window is displayed, see Figure 2-8. Figure 2-8 Telnet Window 3. Enter the username and password to enter the user mode of the switch. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 20
{local|radius}<name> admin-password <string> admin-password <string>: the length cannot exceed 16 characters. 4. Enable web network management function (by default, this function is disabled) and set listening port. set web enable set web listen-port < 80,1025-49151 > SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
“>” as shown below: zte> The default host name is zte. The user can modify the host name by using the command hostname <name> (the name length cannot exceed 200 characters). In the user mode, you can use the command exit to exit the switch configuration or use the command show to view the system configuration and operation information.
Page 22
To return to the global configuration mode from the file system configuration mode, use the command exit or press <Ctrl+Z>. NAS Configuration Mode In the global configuration mode, use the command config nas to enter the NAS configuration mode, as shown below: zte(cfg)#config nas SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 23
In the global configuration mode, use the command config ingress-acl basic number <1-99> to enter the basic ingress ACL configuration mode, as shown below: zte(cfg)#config ingress-acl basic number 10 zte(ingress-basic-acl)# In the basic ingress ACL configuration mode, you can add, delete and move the rules of basic ingress ACL with specific ACL number .
Page 24
ZXR10 2900E Series Configuration Guide zte(cfg)#config ingress-acl link number 200 zte(ingress-link-acl)# In the layer-2 ingress ACL configuration mode, you can add, delete and move the rules of layer-2 ingress ACL with specific ACL number. To return to the global configuration mode from layer-2 ingress ACL configuration mode, use the command exit or press <Ctrl+Z>.
Chapter 2 Usage and Operation zte(cfg)#config egress-acl extend number 500 zte(egress-extend-acl)# In the extended egress ACL configuration mode, you can add, delete and move the rules of extended egress ACL with specific ACL number. To return to the global configuration mode from extended egress ACL configuration mode, use the command exit or press <Ctrl+Z>.
1. In any command mode, enter a question mark "?" behind the DOS prompt of the system, and a list of all commands in the mode and the brief description of the commands will appear. For example: 2-12 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 27
Parameter not enough (0x4000003f) zte(cfg)#create user ? <string> user name(maxsize:15) zte(cfg)#create user houyx ? 2-13 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
ZXR10 2900E Series Configuration Guide admin create an administrator guest create a guest zte(cfg)#create user houyx guest ? <cr> <0-15> specify user's priviledge zte(cfg)#create user houyx guest zte(cfg)# <cr> Command Abbreviations In ZXR10 2900E, a command or keyword can be shortened into a character or string that uniquely identifies this command or keyword.
Page 29
“—– more —– Press Q or <Ctrl+C> to break —–” appears at the bottom of the current page. You can press any key to turn pages or press Q or <Ctrl+C> to stop the output. 2-15 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 30
ZXR10 2900E Series Configuration Guide This page intentionally left blank. 2-16 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 31
Enters file system configuration zte(cfg)#config tffs mode. zte(cfg-tffs)#md <directory name> Creates a directory. zte(cfg-tffs)#rename <file-name> <file-name> Modifies the directory name. Changes the current directory, zte(cfg-tffs)#cd <directory name> and opens this directory. zte(cfg-tffs)#ls Lists the current directories. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 32
<directory name> Enters the directory. zte(cfg-tffs)#tftp <A.B.C.D> download <remote-file-name Downloads/Uploads the version >[<local-file-name>] zte(cfg-tffs)# tftp <A.B.C.D> upload through TFTP. <local-file-name>[<remote-file-name>] Version Download/Upload Through FTP Through the FTP, you can back up and restore the version files and configuration files of the switch.
TFTP server application software is started at the back end to communicate with the switch (TFTP client) to implement the file backup and recovery. Steps 1. Run the tftpd software at the back-end host. The interface is shown in Figure 3-1. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
3. Click the second Browse to select the log file name, click OK to complete the configuration, see Figure 3-2. Figure 3-2 Tftpd Settings Dialog Box After the TFTP configuration is completed, perform the TFTP operations on the switch. For details, see the later sections. – End of Steps – SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
3-3. The FileZilla Server window is displayed, see Figure 3-4. Figure 3-3 Connect to Server Dialog Box Figure 3-4 FileZilla Server Window 2. Click Edit > Uers and create a user name and password by referring to Figure 3-5. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
After that, you can perform FTP application operations on the switch. The scenarios for FTP and TFTP are the same, including the configuration import and export and automatic software download. For details, refer to the following sections. – End of Steps – SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
FLASH memory. This file can also be uploaded to the TFTP server for viewing, modification and bulk configuration. zte(cfg-tffs)#cd cfg zte(cfg-tffs)#tftp 192.168.1.102 upload startrun.dat zte(cfg-tffs)#cd .. Import the configuration information startrun.dat is the configuration file in text and is generated by using the command write.
The following command can be used to back up a configuration file in the FLASH memory to the back-end TFTP Server: zte(cfg-tffs)#cd cfg zte(cfg-tffs)#tftp 192.168.1.102 upload startrun.dat zte(cfg-tffs)#cd .. Recover the configuration file Execute the following command to download the configuration file in the back-end TFTP...
Page 39
DHCP download flag is disabled, config file is found. DHCP download will not startup, when system reboot. DHCP config file(option-67) *.dat will be translated to ZXR10_2928E.dat. DHCP snooping-and-option82 is disabled. DHCP client is enabled. DHCP client broadcast-flag is enabled. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
The automatically uploaded files are stored in the flash sub folder in theupload/download directory configured by the TFTP server. The names of the files respectively are startrun mm_dd_yy.dat and toPmac mm_dd_yy.dat, where “mm”, “dd”, and “yy” indicate the date on which the upload occurs. 3-10 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Assume that the TFTP server address is 10.40.89.78, and the configuration is save to the server once per 10 days. The configuration commands are as follows: zte(cfg)#set auto-saveconfig serverip 10.40.89.78 zte(cfg)#set auto-saveconfig period 10 zte(cfg)#set auto-saveconfig enable Caution! The enable command should be configured after the server IP is configured.
Page 42
In global configuration mode, use the command show version to display the system hardware and software version information. The displayed contents are as follows: zte(cfg)#show version ZXR10 Router Operating System Software, ZTE Corporation: ZXR10 2928E Version Number : 2928E Series V2.05.10.05 Copyright (c) 2001-2012 By ZTE Corporation...
Page 43
2. Restart the switch. At the HyperTerminal, press any key as prompted to enter the [ZXR10 Boot] status. ZXR10 2928E BootRom Version v1.08 Compiled Feb 27 2012 10:32:29 Copyright (c) 2010 by ZTE Corporation. boot location [0:Net,1:Flash] : 0 actport serverip : 10.40.89.78...
Page 44
5. Start the TFTP server software on the back-end server and configure the TFTP by referring to the TFTP configuration. 6. In the ZX10 Boot status, enter zte, enter the BootManager status of the switch. Enter ? to display the command list for this state.
File system configuration includes the following commands: Command Function md <directory name> Creates a directory. zte(cfg-tffs)# remove <file-name> Deletes a file or directory. zte(cfg-tffs)# rename <file-name><file-name> Modifies a file or directory name. zte(cfg-tffs)# Displays a sub-directory and file. zte(cfg-tffs)# 3-15 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 46
<1-30> Sets the interval for automatically zte(cfg)# uploading the configuration file (unit: day). show auto-saveconfig (all configuration mode) Displays the status of the automatic upload function. 3-16 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 48
<yyyy-mm-dd> time <hh:mm:ss> Sets switch date and time. zte(cfg)# set date summer-time {one-year Sets the time period when the daylight saving time is used. zte(cfg)# | repeating}{date <yyyy-mm-dd><hh:m m:ss><yyyy-mm-dd><hh:mm:ss>| week <week><day><month><year><hh:mm:ss><wee k><day><month><year><hh:mm:ss>}[<60-1440>] SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Clears automatic reboot configuration. clear reboot-time zte(cfg)# Permits or forbids printing the real alarm log information to terminal monitor {on | off} zte(cfg)# the terminal. terminal log {on | off} Permits or forbids writing log. zte(cfg)# SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 50
(all configuration modes) Displays the current date and time. show reboot-time (all configuration modes) Displays automatic reboot configuration. show cpu (all configuration modes) Displays CPU usage at the duration of 5 s, 30 s and 2 m. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Sets the working mode of port to full duplex or half duplex. Sets the speed of port to 10 Mbps, 100 Mbps, or 1000 zte(cfg)#set port <portlist> speed {10 | 100 | 1000 | auto} Mbps. zte(cfg)#set port <portlist> mdix {auto | normal | Sets line sequence identification function.
Enables or disables the port jumbo function. zte(cfg)#set port <portlist> pvid <1-4094> Sets a default port PVID. zte(cfg)#set port statistics mode {ingress | egress | both} Sets packet statistics mode. zte(cfg)#set sleep-mode {enable | disable} Enables or disables port sleep mode.
Figure 4-1 PoE Application ZXR10 2900E-PS series switch supports the following PoE features: ZXR10 2900E-PS series switch includes ZXR10 2910E-PS,ZXR10 2918E-PS and ZXR10 2928E-PS.The device can provide power supply for the PD complying with 802.3af/802.3at standard and the single port can provide up to 30 W power.
Page 54
Command Function zte(cfg)#set poe port <portlist>{enable | disable} Enables or disables the port function. zte(cfg)#set poe port <portlist> pd-max-power {15.4 | 4.0 | 7.0 | ext.18 Sets the maximum power supply of the | ext.27 | ext.30} port. zte(cfg)#set poe port <portlist> priority {critical | high | low} Sets the port power supply priority.
Chapter 4 Service Configuration zte(cfg)#set poe port 1-16 priority low zte(cfg)#set poe port 1-16 enable Configuration Verification zte(cfg)#show poe status port 12 port: 12 power up : on power device : delivering power power device type : standard power device 802.3af classification...
Page 56
<1-3> add source-port <portlist>{ingress | Adds an egress or ingress mirroring egress} source port according to session. zte(cfg)#set mirror session <1-3> add dest-port <1-28>{ingress | egress| Adds an egress or ingress mirroring rspan} destination port according to session.
Figure 4-2 Port Mirroring Configuration Instance Configuration Procedure 1. The following example describes how to set port mirroring in ingress direction. zte(cfg)#set mirror session 1 add source-port 1 ingress zte(cfg)#set mirror session 1 add dest-port 2 ingress zte(cfg)#set mirror statistical sample-interval 100 ingress...
<vlanlist>{enable | disable}. Enables or disables a VLAN. Adds a port into VLAN and configures zte(cfg)#set vlan <vlanlist> add port <portlist>[untag | tag] the location in VLAN. zte(cfg)#set vlan <vlanlist> delete port <portlist> Deletes the port from VLAN.
Page 59
Note: By default, VLAN1 is enabled, all ports are in VLAN1 and in untag mode. Configuration Procedure zte(cfg)#set vlan 100 add port 1, 2 untag zte(cfg)#set vlan 100 add port 7, 8 tag zte(cfg)#set port 1, 2 pvid 100 zte(cfg)#set vlan 100 enable...
Figure 4-3 VLAN Transparent Transmission Configuration InstanceNetwork Topology Configuration Procedure 1. Configuration of switch A zte(cfg)#set vlan 2 add port 16 tag zte(cfg)#set vlan 2 add port 1 untag zte(cfg)#set vlan 3 add port 16 tag zte(cfg)#set vlan 3 add port 3 untag...
Page 61
The MAC table configuration includes the following commands: Command Function Enables or disables the security function of a zte(cfg)#set port <portlist> security {enable | disable} port. Enables or disables the unregistered multicast zte(cfg)#set port <portlist> multicast-filter {enable | disable} filter function of a port.
Page 62
Sets the source MAC address or destination .HH.HH> vlan <1-4094> MAC address filter function. zte(cfg)#set mac learning {global | port <1-28>| trunk <1-15>| vlan Sets MAC address learning mode based on <1-4094>}{enable | disable | mode {automatic | cpu-controlled}} global/port/trunk/VLAN.
Sets the function of not learning specified MAC |mac-address <HH.HH.HH.HH.HH.HH.HH> mac-mask addresses <HH.HH.HH.HH.HH.HH.HH>[vlan <1-4094>]} zte(cfg)#set mac learning except {port <portlist>| trunk Debinds ports/trunks and all sessions. <trunklist>}session unbind zte(cfg)#set mac learning except {port <portlist>| trunk Sets the binding relation between ports/trunks <trunklist>}session <1-100>{bind|unbind}...
Page 64
<1-15>{add | delete} port <portlist> an LACP aggregation group. Sets aggregation mode of an LACP zte(cfg)#set lacp aggregator <1-15> mode {dynamic | static | mixed } aggregation group. Sets the mode used by the port to zte(cfg)#set lacp port <portlist> mode {active | passive} participate in the aggregation.
ZXR10 2900E Series Configuration Guide zte(cfg)#set vlan 3 add trunk 3 tag zte(cfg)#set vlan 3 add port 4 untag zte(cfg)#set port 2 pvid 2 zte(cfg)#set port 4 pvid 3 zte(cfg)#set vlan 2-3 enable Configuration Verification The results of implementing the following command on the two switches are similar.
Page 67
<1-4094>{add | delete} group Adds or deletes static multicast group <A.B.C.D>[port <portlist>| trunk <trunklist>] based on VLAN. zte(cfg)#set igmp snooping vlan <1-4094>{add | delete} smr {port <portlist>| Adds or deletes routing port or trunk on trunk <trunklist>} the specified VLAN.
Page 68
{enable | disable} Enables or disables filtering function. Adds or deletes the filtering of group in zte(cfg)#set igmp filter {add | delete} groupip <A.B.C.D.> vlan <vlanlist> the specified VLAN. Adds or deletes the filtering of source in zte(cfg)#set igmp filter {add | delete} sourceip <A.B.C.D.>...
Sets the maximum number of multicast zte(cfg)#set mld snooping add maxnum <1-256> vlan <vlanlist> groups of a specific VLAN. zte(cfg)#set mld snooping vlan <1-4094> add group <ipv6-address> port Adds a static group to a specific VLAN <portlist> and adds a port to the static group.
<1-25> response when the last member leaves. Enables or disables the query function zte(cfg)#set mld snooping query vlan <vlanlist>{enable | disable} in a specific VLAN. zte(cfg)#set mld snooping query version {v1 | v2} Sets the MLD version of query packets.
Page 73
VLAN and names the <channel-name>[id <0-1031>]] channel and allocates ID. Adds channel (multicast group) to the zte(cfg-nas)#iptv channel mvlan <1-4094> groupip <A.B.C.D> count specified VLAN in batch and names <1-1032>[prename <prename>] channels in batch. zte(cfg-nas)#iptv channel name <channel-name> rename <new-name>...
Page 74
{enable | disable} Enables or disables the CAC control. zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] service {start | remove | Sets user service state. pause | resume} zte(cfg-nas)#iptv port <portlist>[vlan <1-4094>] control-mode {package | Sets user multicast control mode.
Page 75
<0-255>]] allocates an ID to each channel. zte(cfg-nas)#iptv channel-group name <channel-group-name> rename Modify the channel group name. <new-name> zte(cfg-nas)#iptv channel-group {name <channel-group-name>| id-list < Enable/disable the channel group log channel-group-list>} cdr {enable | disable} function. zte(cfg-nas)#iptv channel-group {name <channel-group-name>| id-list Specifies the preview configuration file <channel-group-list>}{viewfile-name <viewfile-name>| viewfile-id...
4000 group 225.1.1.1 name CCTV1 id 1 zte(cfg-nas)#iptv port 1 service start zte(cfg-nas)#iptv port 1 control-mode channel zte(cfg-nas)#iptv port 1 channel id-list 1 order zte(cfg-nas)#iptv port 1 add mvlan 4000 uvlan 100 Configuration Verification Check configuration zte(cfg-nas)#show iptv rule MaxRuleNum:64...
4000 group 225.1.1.1 name CCTV1 id 1 zte(cfg-nas)#iptv port 1 service start zte(cfg-nas)#iptv port 1 control-mode channel zte(cfg-nas)#iptv port 1 channel id 1 preview 4. Configure the preview template zte(cfg-nas)#iptv view-profile name VPF1.PRF zte(cfg-nas)#iptv view-profile name VPF1.PRF count 2 zte(cfg-nas)#iptv view-profile name VPF1.PRF...
Page 79
IST area and these instances are valid only in this area. An instance is equivalent to an RSTP, except that the instance needs to perform BPDU interaction with bridges outside this area. MSTP topological structure is shown as Figure 4-9. 4-33 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
According to port role, the state after the calculation being steady is shown in Table 4-1. Table 4-1 Port Role and Port State Port role Port state Master Forward Root Forward Designated Forward 4-34 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 81
Enables or disables port stp function. zte(cfg)#set stp port <portlist> linktype {point-point | shared} Sets port connection type. zte(cfg)#set stp port <portlist> packettype {IEEE | CISCO | HUAWEI | Sets instance port packet type. HAMMER | extend } Checks the current STP protocol type zte(cfg)#set stp port <portlist>...
Figure 4-10 STP Configuration Instance Configuration Procedure zte(cfg)#set stp enable /*enable the stp protocol of switch1 and switch2*/ zte(cfg)#set stp forceversion stp /*set STP forceversion as stp*/ Configuration Verification 1. Check the STP state of switch 1 in the system view.
Figure 4-11 RSTP Configuration Instance Configuration Procedure zte(cfg)#set stp enable /*enable STP protocol of switch1 and switch2*/ zte(cfg)#set stp forceversion rstp /*set forceversion of stp as rstp*/ Configuration Verification 1. Check the STP state of switch 1 in the system view.
MST area) to realize link backup and block the loop in the net. The configuration is as follows: establish mapping between instance 1 and service VLAN10-20; set Name as zte, Revision as 10. Take switch1 as the root bridge in instance 1. Figure 4-12 MSTP Configuration Instance...
Page 86
(cfg)#set stp name zte /*set switch1 and switch2 in the same area*/ zte(cfg)#set stp revision 10 zte(cfg)#set stp instance 1 add vlan 10-20 Configuration Verification 1. Check the STP state of switch 1 and switch 2 in the system view.
MAC address, source VLAN ID and 802. 1p priority value. 6. Basic egress ACL: Only match source IP address. 7. Extended egress ACL: Match source IP address, destination IP address, IP protocol type, TCP source port number, TCP destination port number, UDP 4-42 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 89
Configuring ACL The ACL configuration includes the following commands: Command Function zte(cfg)#set port <portlist> acl mode {port | vlan} Sets port ACL binding mode. zte(cfg)#set port <portlist> acl <1-799>{enable | disable} Binds ACL instance to the port. zte(cfg)#set vlan <vlanlist> acl <1-399>{enable | disable} Binds ACL instance to the VLAN.
Page 90
Sets the rule that an extended ingress {<source-ipaddr><sip-mask>| any}{<destination-ipaddr><dip-mask>| ACL is used to match ICMP packet. any}[icmp-type <0-254><icmp-code>][dscp <0-63>][fragment] zte(extend-acl-group)#rule <1-500>{permit | deny} ip {<source-ipaddr><sip- Sets the rule that an extended ingress mask>| any}{<destination-ipaddr><dip-mask>| any}[dscp <0-63>][fragment] ACL is used to match IP packet.
Page 91
Sets the rule that a hybrid ingress ACL r-ipaddr><sip-mask>| any}{<target-ipaddr><tip-mask>| any}[cos <0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| is used to match ARP packet. any][<dest-mac><dmac-mask>| any] zte(hybrid-acl-group)#rule <1-500>{permit | deny} any {[ether-type <1501 Sets the rule that a hybrid ingress ACL -65535>][cos <0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| is used to match non-IPv6 packet. any][<dest-mac><dmac-mask>| any]} zte(hybrid-acl-group)#rule <1-500>{permit | deny} ipv6 <ip-protocol>{<s...
Page 92
Sets the rule that a global ingress ACL any}[cos <0-7>][<vlan-id>[<vlan-mask>]][<source-mac><smac-mask>| is used to match ARP packet. any][<dest-mac><dmac-mask>| any] zte(global-acl-group)#rule <1-500>{permit | deny} port {<1-28>| any} any Sets the rule that a global ingress ACL {[ether-type <1501-65535>][cos <0-7>][<vlan-id>[<vlan-mask>]][<source-m is used to match non IPv6 packet.
Page 93
Creates a layer-2 egress ACL instance zte(cfg)#config egress-acl link number < 600-699> and configures it. zte(egress-link-acl)#rule < 1-500>{ permit | deny} ip {[ coss < 0-7>][< Sets a layer-2 egress ACL which vlan-id>[< vlan-mask>]][< dest-mac>< dmac-mask>| any]} matches the IP packet.
Page 94
< 0-63>][ fragment][ coss < 0-7>][< vlan-id>[< vlan-mask>]][< matches the protocol field of IPv4. source-mac>< smac-mask>| any][< dest-mac>< dmac-mask>| any] zte(egress-hybrid-acl)#rule < 1-500>{ permit | deny} ip {< source-ipaddr>< sip-mask>| any}{< destination-ipaddr>< dip-mask>| any}[ dsscp < 0-63>][ Sets a hybrid egress ACL which fragment][ coss <...
2 deny arp any 192.168.0.1 255.255.255.255 zte(ingress-hybrid-acl)#exit zte(cfg)#set port 1-24 acl 300 enable zte(cfg)#set time-range worktime range period 09:00 to 18:00 daily zte(cfg)#set time-range worktime acl 300 rule 1 enable zte(cfg)#set time-range worktime acl 300 rule 2 enable 4.13 QoS Configuration QoS Overview QoS can provide end-to-end data switching telecommunication with high quality.
Page 97
Command Function zte(cfg)#set qos priority-mapping port <1-28> default-up <0-7> Sets the default port UP priority. zte(cfg)#set qos priority-mapping port <1-28> trust-mode {dscp-priority | Sets the port trusted mode. port-profile | user-priority} zte(cfg)#set qos priority-mapping port <1-28>{remapping-dscp | remark Sets packet UP/DSCP {dscp-priority | user-priority}}{enable | disable} remark/remapping based on port.
Page 98
<1-24>{packet-rate which <0-148810> is the maximum of <0-148810>[packet-lenth <64-10240>]| disable} packet transmission rate. zte(cfg)#set qos traffic-limit fe-port <1-24> packet-type {broadcast | Sets the packet type that rate limit known-uc | multicast | tcp-syn | unknown-uc}{enable | disable} function limits.
Page 99
Displays egress shaping configuration. Displays anti-dos attacking show anti-dos (all configuration modes) configuration. zte(cfg)#set qos policer <0-383> mode {aware | blind} cir <32-1048576> cbs <20000-268435456>{ebs <20000-268435456>| pir <32-1048576> pbs Sets flow policer. <20000-268435456>} zte(cfg)#set qos policer <0-383> exceed-action red {no-operation | drop Sets flow policing action.
Page 100
| disable-modify} ACL matches. Uses QoS profile to modify the specified zte(cfg)#set policy remark in egress-acl < 400-799> rrulle < 1-500> up { flow UP/DSCP field that the egress no-change |< 0-7>} dscp { no-change |< 0-63>} ACL matches.
Chapter 4 Service Configuration Command Function Clears the configuration that the zte(cfg)#clear policy harddrop in acl <1-800> rule <1-500> specified flow implements harddrop operation. Clears the counter that counts the zte(cfg)#clear qos policy-counter <counterlist> specified flow. zte(cfg)#clear qos policer-counter <counterlist>...
The common layer-2 protocols are shown below. Protocol Number Protocol 0x00 0x02 LACP/OAM 0x03 802.1x 0x09 ZGMP 0x0E LLDP 0x21 GVRP Configuring Layer 2 Protocol Transparent Transmission The configuration of layer-2 protocol transparent transmission includes the following commands: 4-59 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
To configure the IPv4 layer-3 function, use the config router command to enter into layer-3 configuration mode first. Configuring IPv4 Layer 3 Functions The configuration of the IPv4 L3 functions includes the following contents: 4-61 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 108
Enables or disables the hardware zte(cfg-router)#hardware-iproute {enable | disable} routing function. Displays the ARP table item information zte(cfg-router)#show arp [static | dynamic | invalid | ipport <0-63>[static | and free ARP function status according dynamic | invalid]| ipaddress <A.B.C.D>] to various rules.
The configuration of IPv6 Layer 3 functions includes the following commands: Command Function Sets a VLAN associated with an IPv6 zte(cfg-router)#set ipv6port <0> vlan <1-4094> Layer 3 interface. zte(cfg-router)#set ipv6port <0> ipv6address {<ipv6Addr/M>|<ipv6Addr Sets an IPv6 address and address prefix ><wildcard>}...
Chapter 4 Service Configuration Command Function Enables or disables the inspection of zte(cfg)#set arp-inspection validate {ip | dst-mac | src-mac}{enable | disable} each field of ARP packet. Enables or disables DAI function based zte(cfg)#set arp-inspection vlan <vlanlist>{enable | disable} on VLAN.
ZXR10 2900E Series Configuration Guide zte(cfg)#set arp-inspection vlan 1 enable zte(cfg)#set arp-inspection port 49 untrust zte(cfg)#set arp-inspection port 49 limit 15 zte(cfg)#set arp-inspection validate ip enable zte(cfg)#set arp-inspection validate dst-mac enable zte(cfg)#set arp-inspection validate src-mac enable Note: DAI detection condition: the port sent is non-trusted port, DAI function is enabled on the VLAN.
Page 113
The attributes used by this switch are primarily standard attributes defined in the rfc2865, rfc2866, and rfc2869. The EAP protocol is used between the switch and the subscriber. Three types of identity authentication methods are provided between the RADIUS servers: PAP, CHAP, and 4-67 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
The server uses the user password it stores and the MD5 algorithm to encrypt the Challenge string. Then it compares this Challenge string with the encrypted password of the server and returns a response accordingly. Figure 4-21 shows the process of using the CHAP mode for identity authentication. 4-68 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Figure 4-22 USING EAP MODE FOR IDENTITY AUTHENTICATION Configuring Access Service The access service configuration includes the following commands: Command Function zte(cfg)#set port <portlist> vlanjump {enable [defaultauthvlan <1-4094>]| Enables or disables the vlan jump after user 802.1x authentication. disable]} 4-69 SJ-20120409144109-002|2012-07-02(R1.0)
Page 116
Deletes all clients. zte(cfg-nas)#clear client index <0-255> Clears the specified client. Deletes the client end user of specified zte(cfg-nas)#clear client {port <portlist>| vlan <vlanlist>} port/VLAN. Displays 802.1x configuration show dot1x (all configuration modes) information. Displays the information of all access show client (all configuration modes) users.
Page 117
Sets the authentication control mode of force-unauthorized | force-authorized} the port. Sets the authentication mode of the zte(cfg-nas)#aaa-control port <portlist> protocol {pap | chap | eap } port. Enables or disables port accounting zte(cfg-nas)#aaa-control port <portlist> accounting {enable | disable} function.
Page 118
Sets the shared password of ISP zte(cfg-nas)#radius isp <ispname> sharedsecret <string> domain (public key). Sets or deletes the full account of the zte(cfg-nas)#radius isp <ispname> fullaccount {enable | disable} domain. zte(cfg-nas)#radius isp <ispname> defaultisp {enable | disable} This specifies a default domain.
Configuring MAC Authentication The MAC authentication configuration includes the following commands: Command Function Enables or disables the MAC zte(cfg-nas)#aaa-control mac-authentication {enable | disable } authentication function. zte(cfg-nas)#aaa-control mac-authentication session <1-3> range Adds the range of MAC addresses that <HH.HH.HH.HH.HH.HH><HH.HH.HH.HH.HH.HH> need authentication in unit of session.
4. In this way, data between user network 1 and user network 2 can be transmitted transparently. The VLAN ID of the user network can be planned regardless of the conflict with the VLAN ID in the ISP network. Configuring QinQ The QinQ configuration includes the following commands: 4-75 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
1. Configuration of switch A: zte(cfg)#set garp en zte(cfg)#set gvrp en zte(cfg)#set gvrp port 1 en zte(cfg)#set vlan 10-20 en zte(cfg)#set vlan 10-20 add port 1 2. Configuration of switch B: zte(cfg)#set garp en zte(cfg)#set gvrp en zte(cfg)#set gvrp port 1 en...
Snooping, namely DHCP packet filtering, is to detect legality of DHCP packets based on some special rules and filter illegal packets. Use Option82 technique to provide more additional information, and then strengthen the network safety ability. 4-82 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 129
| china-tel | dsl-forum| henan-rtf}| off}| subscriber-ID {on <string>| off}| Sets option82 sub-option. reserve {on tag <1-255> value <string>| off}} zte(cfg)#set dhcp option82 mode port <1-52>{default | drop | modify | Sets the mode of port dynamic user information association.
Page 130
Sets message type sent by server when domain-name | route | static-route | tftp-server-name} DHCP client interacts with server. zte(cfg-router)#clear ipport < 0-63> dhcp client { class-id | client-id | Clears DHCP client optional sending hostname | lease } information configuration.
Command Function Enables/Disables DHCP udp-check zte(cfg)#set dhcp special udp-light-check {enable | disable} function globally. Enables/Disables snooping function of zte(cfg)#set dhcp snooping vlan <vlanlist>{ disable | enable } a VLAN globally. Configuring DHCP snooping/Option82 Configuration Description As shown in Figure 4-27, PC can get IP address from specified DHCP server and prevent other illegal DHCP servers from affecting hosts in the network.
{enable | disable} snooping function globally. Enables or disables the DHCPv6 zte(cfg)#set dhcpv6 snooping {add | delete} port <portlist> snooping function on a port. Sets the attribute of a port in the zte(cfg)#set dhcpv6 port <1-28>{server | cascade | client} DHCPv6 snooping function.
Page 134
Enables or disables the DHCPv6 zte(cfg)#set dhcpv6 option18 {enable | disable} Option18 function globally. Enables or disables the DHCPv6 zte(cfg)#set dhcpv6 option18 {add | delete} port <portlist> Option18 function on a port. Enables or disables the DHCPv6 zte(cfg)#set dhcpv6 option37 {enable | disable} snooping function globally.
DHCP server from affecting the PCs on the network. Figure 4-29 DHCPv6 Snooping/Option82 Configuration Instance Configuration Procedure zte(cfg)#set dhcpv6 snooping enable zte(cfg)#set dhcpv6 snooping add port 49,50 zte(cfg)#set dhcpv6 port 49 client zte(cfg)#set dhcpv6 port 50 server zte(cfg)#set dhcpv6 ip-source-guard add port 49...
Port connecting to user network is called cascade port and port connecting to BAS server is called trust port. Typical network of VBAS is shown in Figure 4-30. Figure 4-30 VBAS Typical Network Configuring VBAS The VBAS configuration includes the following commands: 4-90 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Displays PPPoE+ global configuration. show pppoe-plus port <1-28> (all configuration modes) Displays port rid configuration. Sets the mode for dynamic user zte(cfg)#set pppoe-plus mode port <1-28>{default | drop | modify } information processing at the port. PPPoE-PLUS Configuration Instance Configuration Description...
To shorten the time of network fault convergence, ZTE provides ZESR (ZTE Ethernet Smart Ring). ZESR is based on EAPS (RFC 3619) and improved on it. ZESR checks if the ring is proper and ensures that there is only one logical link between any two nodes, which effectively prevents the broadcast storm caused by data loop.
VLAN composed of all the ports in the ring. The protected VLAN must contain all the above ports. ZESR Domain sets a master and multi transit nodes. Each node connects with the ring with two ports: primary port and secondary port. 4-94 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Figure 4-34 ZESR running state when the ring is “link failure” When the loop is link restore, as shown in Figure 4-35, master detects the link recovery, blocks the secondary port and sets lop as complete state. 4-95 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
ID, control VLAN and protection VLAN. These switches are interconnected. One or more EAPS domains exist on a physical loop. Each EAPS domain defines its master node, transmission node and assistant node. Figure 4-36 Multi-Ring Multi-Domain 4-96 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
S3, S4, S5 and S6 locate on segment 1 of level 1 are up, master node S5 will block its secondary port, and if the states of some links are Down, the secondary port of the master node will be enabled. Figure 4-38 Non level 0 Segment Link 4-97 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Multiple domains are supported on one segment of link, realizing traffic sharing. ZESR Tangent Ring For the reason that ZESR edge-node has heavy burden, ZESR tangent ring adopts the design of using multi ctrl vlans to protect the same group of protected vlans. 4-98 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Linkhello frame detection between the two adjacent nodes of the loop. Only when both state are up, the link is up. Otherwise the link is down. 4-99 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 146
<1-4> major-level preforward-timer <3-600> Sets preforward-timer, preup-timer and preup-timer <0-500> linkdown-failtimer <8-500> linkdown-failtimer on the primary ring. zte(cfg)#set zesr domain <1-4> level <1-2> segment<1-4> mode {master | Sets the node attribute of secondary transit | edge-master | edge-transit} ring.
Page 147
Chapter 4 Service Configuration Command Function zte(cfg)#set zesr domain <1-4> linkhello {add | delete} port <1-28> Adds or deletes linkhello port. zte(cfg)#set zesr domain <1-4> linkhello-timer <1-3> linkhello-failtimer Sets linkhello packet sending interval <3-9> and linkhello mechanism timeout. Enables or disables linkhello zte(cfg)#set zesr domain <1-4>...
Page 149
P1 is the Primary Port, P2 is the Secondary Port, S3 and S4 are the assisting nodes. The protect instance in the ring is 1, the protected data is VLAN 100 and the protocol VLAN is VLAN 4000. 4-103 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 152
2. S5 is the Smart Link node. P1 is the PrimaryPort. P2 is the SecondaryPort. The protect instance in the ring is 1, the protected data is VLAN 100 and the protocol VLAN is VLAN 4000. 4-106 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 155
As shown in Figure 4-44, configure ZESS on the ZTE devices from SW-1 or SW-6. The devices are connected to devices of another vender. It is required to enable STP. When the link is changed over, SW-1 is responsible for sending TCN to inform the uplink devices to clear the MAC entities.
(virtual point to point) Ethernet link. It has the important meaning for connection management of Last One Mile. The faults take place constantly on Last One Mile. ZXR10 2900E series switch supports IEEE 802.3ah. Ethernet OAM Main Function 4-111 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 158
{enable | disable} function. Enables or disables OAM function on zte(cfg)#set ethernet-oam port <portlist>{enable | disable} port. zte(cfg)#set ethernet-oam port <portlist> period <1-10> timeout <2-20> Enables or disables OAM function on mode {active | passive} port. Sets remote-loopback timeout value on zte(cfg)#set ethernet-oam remote-loopback timeout <1-10>...
Chapter 4 Service Configuration Command Function Enables or disables link monitor zte(cfg)#set ethernet-oam port <portlist> link-monitor {enable | disable} function. zte(cfg)#set ethernet-oam port <portlist> link-monitor symbol-period Sets the symbol period event which is threshold <1-65535> window <1-65535> used for link monitor.
Page 160
: 00.d0.d0.29.28.02 /*the system MAC of the remote device. The MAC address is 00.00.00.00.00.00 when discovery fails.*/ PDU Revision : 967 zte(cfg)#set ethernet-oam remote-loopback port 2 start zte(cfg)#show ethernet-oam port 2 discovery PortId 2: ethernet oam enabled Local DTE ----------- 4-114 SJ-20120409144109-002|2012-07-02(R1.0)
Page 161
: yes Mac Address : 00.d0.d0.29.28.02 PDU Revision : 28 zte(cfg)#set ethernet-oam remote-loopback port 2 stop /*disable OAM remote-loopback on port2. The switch replies OAM discovery success.*/ The key points of configuration: The switch gives the following prompts when OAM discovery failure occurs, or starting and stopping remote loopback.
QinQ adds SPVLAN tag based on ports. That is, in the same Customer port, according to difference between traffic carried CVLAN tags, provide corresponding SPVLAN tag based on user demands. Configuring SQinQ The SQinQ configuration includes the following commands: 4-117 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 164
997,998 add port 1 untag zte(cfg)#set vlan 997,998 add port 2 tag zte(cfg)#set vlan 10,12,997,998 enable zte(cfg)#set vlan sqinq session 1 customer-port 1 customer-vlan 10 uplink-vlan 997 zte(cfg)#set vlan sqinq session 2 customer-port 1 customer-vlan 12 uplink-vlan 998 Configuration Verification The following example shows how to show the SVLAN instance.
VLANs in operator’s network, the VLAN convergence function needs to be fulfilled in the switches in access layer to transmit the same service, which is transferred by different users in different VLANs, through one VLAN. 4-119 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Uplink: replace the CVLAN with SVLAN based on “Interface+customer VLAN”. Downlink: replace the SVLAN in the outermost layer with CVLAN based on “SVLAN + Destination MAC address”. The whole system supports 400 sessions, up to 400 CVLANs can be supported. 4-120 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 167
Function Sets the VLAN Mapping function. When the VLAN Mapping is enabled, the uplink traffic is normally forwarded zte(cfg)#set vlan mapping session <session_id> customer-port <<port-id> in SPVLAN. The downlink traffic is customer-vlan <vlan-list> uplink-vlan <vlan-id> normally forwarded in SPVLAN. When reaching the user port, it is transformed to the corresponding CVLAN tag.
The following example shows how to configure the VLAN Mapping instance. zte(cfg)#set vlan 1-100,1000 add port 1,24 tag zte(cfg)#set vlan 1-100,1000 enable zte(cfg)#set vlan mapping session 1 customer-port 1 customer-vlan 1-100 uplink-vlan 1000 Configuration Verification The following example shows how to show the SVLAN instance.
{ingress | egress}{enable | disable} on an ingress or an egress. Sets the reloading mode on an sFlow zte(cfg)#set sflow {ingress | egress} reload-mode { continue | cpu} ingress or egress. Sets the sampling mode on an sFlow zte(cfg)#set sflow ingress sample-mode {all | forward} ingress or egress.
Page 170
Sets PP protocol priority. zte(cfg)#set protocol-protect mac-drop {disable | enable} Enables the mac drop function. zte(cfg)#set protocol-protect mac-drop rule <1-128> bind port <portlist> Binds the mac drop rule with the port. Clears the number of messages zte(cfg)#clear protocol-protect mac-drop counter [port <portlist>] dropped by the mac drop function.
Chapter 4 Service Configuration Figure 4-49 PP Configuration Instance Configuration Procedure zte(cfg)#set igmp snooping enable zte(cfg)#set igmp snooping add vlan 1 zte(cfg)#set dhcp snooping-option enable zte(cfg)#set dhcp snooping add port 1-3 Configuration Verification Use Host1 to send DHCP Discover packets. View alarm information on the switch.
Page 172
Sets the LLDP neighbor holding time. Sets the maximum number of neighbors zte(cfg)#lldp max-neighbor <1-31> that can be discovered by LLDP. Enables or disables all LLDP functions zte(cfg)#lldp {port <portlist>| trunk <trunklist>}{enable | disable} on a specific port. 4-126 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
{port <portlist>| trunk <trunklist>}{rxenable | rxdisable} function on a specific port. Sets the optional MED TLV type sent zte(cfg)#lldp port <portlist> med-tlv-select <tlv type>{enable | disable} on a port. Sets the maximum number of neighbors zte(cfg)#lldp {port <portlist>| trunk <trunklist>} max-neighbor <1-8>...
Configuring Single Port Loop Detection The configuration of single port loop detection includes the following contents: Command Function Sets the interval for sending loop zte(cfg)#set loopdetect sendpktinterval <5-60> detection packet. 4-128 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 175
<portlist> vlan <vlanlist>{enable|disable} port in a specific VLAN. Enables or disables port protection zte(cfg)#set loopdetect port <portlist> protect {enable | disable} when a loop occurs on a port. Enables or disables cross-device loop zte(cfg)#set loopdetect extend port <portlist>{enable | disable} detection on a port.
ZXR10 2900E Series Configuration Guide Figure 4-51 Single Port Loop Detection Configuration Topology Configuration Procedure zte(cfg)#set loopdetect port 1 enable Configuration Verification Check the loop detection state of Switch 2: zte(cfg)#show loopdetect The block-delay of loopdetect (min) The packet interval of loopdetect : 15...
It is necessary to use the reset or recovery command to recover the communication ability of the port. Generally, UDLD shuts down a port in the following situations. 4-131 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 178
Command Function zte(cfg)#udld port <portlist>{enable|disable} Enables or disables UDLD on a port. zte(cfg)#udld port <portlist> mode {aggressive | normal} Sets the mode of a port in UDLD. Sets the interval of sending messages zte(cfg)#udld port <portlist> message timer <7-90> after UDLD enters the BiDirectional status and the port is steady.
Terminal Access Controller Access-Control System Plus (TACACS+) is developed from TACACS and XTACACS. It is the latest version of TACACS (not compatible with the previous two versions). It is a popular AAA protocol at present. 4-133 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 180
Sets the default server group zte(cfg-nas)#tacacs-plus adminauthen default group <group-name> authenticated for TACACS+ management. Sets the default server group for zte(cfg-nas)#tacacs-plus accounting commands default group <group-name> TACACS+ MML accounting. Sets the default server group for zte(cfg-nas)#tacacs-plus accounting exec default group <group-name> TACACS+ user accounting.
The time range configuration includes the following commands: Command Function zte(cfg)#set time-range <word> period <hh:mm> to <hh:mm>{daily | day-off | day-working | monday | tuesday | wednesday | thursday | friday Sets a periodic time range. | saturday | sunday} zte(cfg)#set time-range <word>...
This ends until the message reaches the destination or cannot be further forwarded. Link Trace Reply (LTR): A unicast CFM protocol data unit. It is sent by the MP receiving an LTM to reply to the LTM. 4-139 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 186
Function zte(cfg)#cfm {disable|enable} Enables/disables the CFM function. Creates a CFM md zte(cfg)#create cfm md-session <1-16> name <string> level <0-7> zte(cfg)#create cfm md-session <1-16> ma-session <1-32> name <string> Creates a CFM ma zte(cfg)#create cfm md-session <1-16> ma-session <1-32> mep-session Creates a CFM local mep <1-64>...
Page 187
Chapter 4 Service Configuration Command Function zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the status of cfm mep ccm sending ccm-send {disable|enable} packets of . zte(cfg)#cfm md-session <1-16> ma-session <1-32> mep-id <1-8191> Sets the status of cfm mep ccm ccm-receive {disable|enable} receiving packets.
ANI and remote-ID. Sets the DHCP relay information of zte(cfg-router)#set ipport <0-63> dhcp relay {agent | server <A.B.C.D>} ipport. Clears the DHCP relay information of zte(cfg-router)#clear ipport <0-63> dhcp relay {agent | server <A.B.C.D>} ipport.
Page 200
ZXR10 2900E Series Configuration Guide This page intentionally left blank. 4-154 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 201
Configuring REMOTE-ACCESS The REMOTE-ACCESS configuration includes the following commands: Command Function Enables or disable remote access zte(cfg)#set remote-access {any | specific} control function. zte(cfg)#set remote-access ipaddress <A.B.C.D>[<A.B.C.D>][{snmp Permits or denies the login mode | telnet | ssh | web}{permit | deny}] of IP address.
Page 202
Only allow the network management user to access the switch from 192.168.1.0/24 through Telnet SSH SNMP Web. Configuration Procedure zte(cfg)#set remote-access specific zte(cfg)#set remote-access ipaddress 192.168.1.0 255.255.255.0 zte(cfg)#show remote-access Whether check remote manage address: YES Allowable remote manage address(es) and application(s): 192.168.1.0/255.255.255.0...
The required settings when using Putty to log in to switch are as follows. a. Set the IP address and port number of the SSH Server, as shown in Figure 5-2. Figure 5-2 SETTING IP ADDRESS AND PORT NUMBER OF THE SSH SERVER SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
For the first time to log in, the user confirmation is needed, as shown in Figure 5-4. Figure 5-4 USER CONFIRMATION REQUIRED IN THE FIRST LOGIN d. The SSH login result is shown in Figure 5-5. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
2. Log in to the switch and use the related set command as a user with a lower permission (for example, Level 11). Execute the zte(cfg)#set stp enable command. The system will prompt that the user is not allowed to use the command.
Page 208
<1-99>] basic acl ID with the community name. Creates a view name. The default zte(cfg-snmp)#create view < string >[{include | exclude}<mib-oid>] setting is include, which includes mib subtree. Sets specific community name zte(cfg-snmp)#set community <string> view <string>...
Page 209
MacOverload | poe | StpBridgeRoleChange | StpPortStateChange alarms, MAC list variation | temperature | all}{enable | disable} notification, and ping notification. zte(cfg-snmp)#set group <string> v3 {auth | noauth | priv}[read Sets the SNMP V3 group name <string>[write <string>[notify <string>]]] and group security level.
Page 210
Create a community named “zte” with the read/write authority and the view named “vvv”, and then associate the community “zte” with the view “vvv”. Specify the IP address of the host receiving traps as 10.40.92.105, and the community as “zte”.
5.6 ZGMP ZGMP Overview ZGMP is ZTE Group Manage Protocol. A cluster is a combination consisting of a set of switches in a specific broadcast domain. This set of switches forms a unified management domain, providing an external public network IP address and management interface, as well as the ability to manage and access each member in the cluster.
Figure 5-7 shows the cluster management networking. Figure 5-7 CLUSTER MANAGEMENT NETWORKING Figure 5-8 shows the changeover rule of the four roles of switches within a cluster. 5-16 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
The ZGMP configuration includes the following commands: Command Function zte(cfg-group)#set zdp {enable | disable} Enables or disables ZDP function. zte(cfg-group)#set zdp {port <portlist>| trunk <trunklist>}{enable | Enables or disables the ZDP function based on port/trunk. disable} Sets the time interval for sending zte(cfg-group)#set zdp timer <5-255>...
Page 218
<name> Sets cluster name. Sets the protocol broadcast zte(cfg-group)#set group mac-mode {standard | extend [mac address mode of cluster <HH.HH.HH.HH.HH.HH>]} management as standard mode. Sets IP address of internal public zte(cfg-group)#set group syslogsvr <A.B.C.D>...
Page 219
Chapter 5 Management Command Function Sets IP address of internal public zte(cfg-group)#set group tftpsvr <A.B.C.D> TFTP Server of cluster. Displays cluster configuration show group (all configuration modes) information. Displays candidate switches show group candidate (all configuration modes) information. Displays cluster member switches show group member [<1-255>] (all configuration modes)
Figure 5-9 CLUSTER MANAGEMENT NETWORKING Configuration Procedure 1. Configure the public network IP address of the command switch and the gateway. zte(cfg)#set vlan 2525 enable zte(cfg)#set vlan 2525 add port 1-24 tag zte(cfg)#config router zte(cfg-router)#set ipport 25 ipaddress 100.1.1.10/24 zte(cfg-router)#set ipport 25 vlan 2525 zte(cfg-router)#set ipport 25 enable zte(cfg-router)#iproute 0.0.0.0/0 100.1.1.1...
Page 221
Connecting ... Mem1.zte> Mem1.zte>enable password: Mem1.zte (cfg)#set vlan 4000 enable Mem1.zte (cfg)#set vlan 4000 add port 1-16 tag 4. Delete the cluster created on VLAN 1. Cmdr.ZTE(cfg-group)#set group delete member 1-3 Deleting member id : 1 Successed to del member!
WEB Configuration Management WEB Configuration Management System Information Check Click directory tree on the left of system main page, Configuration > System, open system information page (by default, Configuration directory is expansive), as shown Figure 5-12. 5-24 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Apply button to submit to complete the configuration. Port Management Port State Information Check Click directory tree on the left of system main page, Configuration > Port > Port State, open port state information page as shown in Figure 5-13 5-25 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
“Duplex” and “Speed” are meaningless. Port Configuration Information Check Click directory tree on the left of main page, Configuration > Port > Port Parameter, open port configuration information page, as shown in Figure 5-14. 5-26 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Single Port Configuration Single port configuration: click the Config button in the line of port to be configured in port configuration information page list to open configuration page of this port, as shown in Figure 5-15. 5-27 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Bulk port configuration: select multiple ports in port configuration information page list (select Select All to select all ports), and then click Apply to open bulk port configuration page, as shown in Figure 5-16. 5-28 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
When the number of page is more than one page, click previous or next to switch page or select page number in GO drop-down box. 5-29 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
2. Enter VLAN number in VLAN number page( such as "1, 3-5"), click Apply to enter single VLAN configuration or bulk VLAN configuration page, respective description are as follows: Figure 5-19 shows the single VLAN configuration interface. à 5-30 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
VLAN configuration. à Figure 5-20 Bulk VLAN Configuration Page Admin of Select items is used to enable VLAN. Port is ordinary port of bulk VLAN configuration. Trunk is Trunk group of bulk VLAN configuration. 5-31 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Community physical port Community Trunk Community trunk port PVLAN Configuration Click directory tree Configuration > PVLAN > Pvlan Configure on the left of main page, open PVLAN configuration page, as shown in Figure 5-22. 5-32 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Port Mirroring Management Port Mirroring Information Check Click directory tree Configuration > MIRROR > Mirror Overview on the left of main page, open Mirror information page, refer to Figure 5-23. 5-33 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Refer to Figure 5-24. Figure 5-24 Mirroring Port Configuration Page The source port and destination port can be configured in this page. After setting, click Apply to submit to complete the configuration. LACP Management 5-34 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
When setting same configuration of bulk aggregation port attribute , click the corresponding check box to select multiple aggregation ports (select Select All to select all ports), and then click Set to open configuration page of bulk aggregation port, as shown in Figure 5-26. 5-35 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
5-27. Figure 5-27 Aggregation Group Information Page The Description of Information Displayed: Parameter Description Attached Ports attached ports in aggregation group Active Ports active ports in aggregation group GroupMode aggregation mode of aggregation group 5-36 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Monitoring Information Terminal Log Check Click directory tree Monitoring > Terminal Log on the left of main page, open terminal log information page, as shown in Figure 5-29. 5-37 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Figure 5-30 Port Statistics Information Page Click Refresh button to update port statistics information. Select port in PortNumber drop-down box to get the port statistics. statistics includes: Statistics Data Overview Parameter Description ReceivedBytes Received bytes ReceivedFrames Received frames 5-38 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
This page displays configuration information of switch. System Maintenance Configuration Saving Page Click directory tree Maintenance > Save on the left of main page, open saving configuration information page, as shown in Figure 5-32. 5-39 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Click directory tree Maintenance > Reboot on the left of main page, open reboot function page, as shown in Figure 5-33. Figure 5-33 Reboot Function Page Click Ok to reboot the switch or click Cancel to cancel reboot. 5-40 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Click Browse..., browse and select the file to be uploaded, as shown in Figure à 5-35, and then click Ok to upload file. Figure 5-35 Browse and Select the File Note: For safety and application, only allow “zImage”, “bootrom.bin”, “startrun.dat” and “to_permmac.dat” to be uploaded. 5-41 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
By default, the Modify tab is displayed. Modify the login password and management password, and then click Apply to submit. Adding User Click add button in user management page, open Adding User page, as shown in Figure 5-37 5-42 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Select the user to be deleted, and then click Apply to submit. 5.9 M_Button Introduction to the M_Button Function The M_button function is used to display the key statistics data and indicate the key events through the panel indicators, which facilitates device maintenance. 5-43 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 244
If the network management address is not configured, the five indicators turn yellow at the same time and then they are not lit. After 20 seconds, the next PING flow will start. 5-44 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Internet login service. With this protocol, users can perform operations on a remote switch through the local PC. A ZTE switch can be used as both a Telnet client and a Telnet server. Telnet Configuration Telnet configuration includes: 5-45 SJ-20120409144109-002|2012-07-02(R1.0)
ZXR10 2900E Series Configuration Guide Command Function Enables/disables the Telnet server zte(cfg)#set Telnet server {enable | disable} function, which is enabled by default. Displays the Telnet configuration and show Telnet (for all configuration modes) status. Telnet Configuration Instance Configuration Description Figure 5-39, a switch has a layer-3 port with the IP address 192.168.1.1/24, and...
Chapter 5 Management Execute the Telnet command on the PC, see Figure 5-40. Figure 5-40 Execute the Telnet Command on the PC For the Telnet login result, see Figure 5-41. Figure 5-41 Telnet Login Result 5-47 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 248
ZXR10 2900E Series Configuration Guide This page intentionally left blank. 5-48 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Monthly Maintenance Items 1. Sum up the everyday operation every month a. Sum up the routine problem. If necessary, discuss with ZTE maintenance personnel. b. Sum up and accumulate the maintenance experience in the routine maintenance for more efficient maintenance.
Use the show vct port <1-28> command to check the VCT detection result of the specified port. Example 1 zte(cfg)#show vct port 1 Cable Test Result for Port 1 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
TX PAIR : Cable Test Passed. No problem found. Cable Length is unknown. Example 2 zte(cfg)#show vct port 8 Cable Test Result for Port 8 RX PAIR : Cable Test Passed. Cable is open. Approximately 7 meters from the tested port.
1. The browser version is too low. 2. The wrong address and port number are inputted on the browser address column. 3. The communication fault between host and device. 4. Switch does not configure management port or correct IP address. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
6.3.6 Losing Enable Enable Password Fault Phenomenon When users log in to the switch and input the password, they cannot enter global configuration mode. Fault Analysis and Location Use the wrong password when users enter global configuration mode. SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Most students complete the registration and activation of account number. When the preparation is completed, our company enables DOT1X port SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 256
2900Es are not same, the diagnosis result is company B accounting server configuration problem. The engineer of company B checks the alarm information of their server, find that the alarm of AP not support user auth type exists, that is, the authentication types SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
CPU utilization is no more than 5%. Solution 1. Filter the MAC address of this PC with fault on the access layer switch and prohibit the PC from accessing the internet, which prevents it from influencing the other users SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 258
2. Notice the school center equipment room, prohibit the host from logging in to the network before that the hardware of the host is not formatted and the system is installed again. 3. The PCs of the whole network install ARP dedicated check and kill tool. 6-10 SJ-20120409144109-002|2012-07-02(R1.0) ZTE Proprietary and Confidential...
Page 262
ZXR10 2900E Series Configuration Guide Figure 5-22 PVLAN Configuration Page..............5-33 Figure 5-23 Mirror Information Page ............... 5-34 Figure 5-24 Mirroring Port Configuration Page ............5-34 Figure 5-25 LACP Basic Attribute Page ..............5-35 Figure 5-26 Bulk Aggregation Port Configuration Page ........... 5-36 Figure 5-27 Aggregation Group Information Page ...........
Page 263
Tables Table 2-1 Common Command Parameters ............. 2-12 Table 2-2 Functional Keys Descriptions ..............2-14 Table 4-1 Port Role and Port State................4-34 Table 4-2 Syslog Log Information................4-77 Table 6-1 Maintenance Period of Ethernet Switch ............. 6-2...
Page 264
Tables This page intentionally left blank.
Page 265
Glossary - Access Control List - Address Resolution Protocol - Class of Service DHCP - Dynamic Host Configuration Protocol DSCP - Differentiated Services Code Point GARP - Generic Attribute Registration Protocol - Internet Protocol IPTV - Internet Protocol Television LACP - Link Aggregation Control Protocol LLDP - Link Layer Discovery Protocol...
Page 266
- Transfer Control Protocol TFTP - Trivial File Transfer Protocol UDLD - UniDirectional Link Detection - User Datagram Protocol VBAS - Virtual Broadband Access Server VLAN - Virtual Local Area Network - Virtual Private Network ZESR - ZTE Ethernet Switch Ring VIII...