Page 1 ZXR10 8900 Series 10 Gigabit Routing Switch User Manual (Basic Configuration Volume) Version 2.8.02.C ZTE CORPORATION ZTE Plaza, Keji Road South, Hi-Tech Industrial Park, Nanshan District, Shenzhen, P. R. China 518057 Tel: (86) 755 26771900 Fax: (86) 755 26770801 URL: http://ensupport.zte.com.cn...
Page 2 The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPO- RATION is prohibited.
Page 3: Table Of Contents
Contents About This Manual..........i Safety Instructions..........1 Safety Introduction ............1 Safety Description ............1 Usage and Operation .........3 Configuration Modes ............3 Configuring Serial Interface Connection ......4 Configuring Telnet Connection ........6 Configuring SSH Connection......... 9 Configuring SNMP Connection ........11 Command Modes............12 Command Line Usage ............14 Online Help...............14...
Page 4 System Parameter Configuration........28 Configuring a Hostname ..........28 Configuring a Welcome Message ........29 Configuring a Password of Privileged Mode ....29 Configuring Telnet Username and Password....29 Configuring System Time..........30 Configuring Version Load Selection.......30 Saving Command Log File...........31 Configuring Saving Time of Alarm Log ......32 System Information View..........33 Viewing Hardware and Software Versions......33 Viewing Current Running Configuration Informa-...
Page 5 Configuring TCP Rate Limit..........49 Configuring Switch of Optical or Electrical Port ....49 Viewing Port Information ..........49 Diagnosing and Testing Link ........51 Port Mirroring Configuration ..........52 Port Mirroring Overview ..........52 Configuring Port Mirroring ...........52 Port Mirroring Configuration Example ......52 ERSPAN Configuration ............54 ERSPAN Overview............54 Configuring ERSPAN............55 Establishing One ERSPAN Session ........55...
Page 6 DHCP Snooping Preventing False DHCP Server Configuration Example ........70 DHCP Snooping Preventing Static IP Configuration Example ............70 DHCP Maintenance and Diagnosis ........71 VRRP Configuration ......... 73 VRRP Overview .............73 Configuring VRRP ............74 VRRP Configuration Examples..........74 Basic VRRP Configuration Example .......74 Symmetric VRRP Configuration Example .......75 VRRP Maintenance and Diagnosis........76 ACL Configuration..........
Page 7 Traffic Statistics............95 Queue-Based Bandwidth Upper and Lower Threshold ............95 HQoS ...............95 Configuring QoS ............96 Configuring Traffic Monitoring ........96 Configuring Traffic Rate Limit ........97 Configuring Layer 3 Rate Limit ........97 Configuring Queue Scheduling........98 Configuring Policy Routing ..........99 Configuring Priority Mark ..........99 Configuring Tail Discarding........
Page 8 DOT1x Maintenance and Diagnosis......... 120 Cluster Management Configuration ....121 Cluster Management Overview ........121 Configuring Cluster Management ........123 Enabling ZDP ............123 Enabling ZTP............124 Setting up a Cluster ..........124 Maintaining a Cluster ..........125 Configuring Cluster Operation Commands ....125 Cluster Management Configuration Example....
Page 9 IPTV Overview ............141 Configuring IPTV ............141 Configuring IPTV Global Parameters ......141 Configuring Global Parameters of IPTV Preview .... 142 Configuring IPTV CDR Parameters ......142 Configuring IPTV Channels........143 Configuring IPTV Service Package ......143 Configuring IPTV Preview Template ......144 Configuring CAC ............
Page 10 Enabling/Disabling IPFIX Module ....... 163 Setting IPFIX Memory Entries ......163 Setting Aging Time of Active Stream....163 Setting Aging Time of Inactive Stream ....164 Setting Sampling Rate ........164 Setting NM Server Address and L4 Port ID..164 Setting Source Address for Network Device Sending Packets ........
Page 11: About This Manual
About This Manual This manual provides procedures and guidelines that support the Purpose operation of ZXR10 8900 Series (V2.8.02.C) 10 Gigabit Routing Switch. This manual is intended for engineers and technicians who perform Intended Audience operation activities on ZXR10 8900 Series (V2.8.02.C) 10 Gigabit Routing Switch.
Page 12 Hardware Installation Manual � ZXR10 8900 Series (V2.8.02.C) 10 Gigabit Routing Switch Hardware Manual � ZXR10 8900 Series (V2.8.02.C) 10 Gigabit Routing Switch User Manual (Basic Configuration Volume) � ZXR10 8900 Series (V2.8.02.C) 10 Gigabit Routing Switch User Manual (Ethernet Switching Volume) �...
Page 13: Safety Instructions
Safety precautions introduced in this manual are supplementary to the local safety codes. � ZTE bears no responsibility in case of universal safety oper- ation requirements violation and safety standards violation in designing, manufacturing and equipment usage. Safety Description Contents deserving special attention during configuration of ZXR10 8900 series switch are explained in the following table.
Page 14 ZXR10 8900 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 15: Usage And Operation
Table of Contents Configuration Modes ............3 Command Modes...............12 Command Line Usage ............14 Configuration Modes ZXR10 8900 series switch provides multiple configuration modes, as shown in Figure 1. User can select appropriate configuration mode according to the connected network. IGURE...
Page 16: Configuring Serial Interface Connection
One end is DB9 serial interface (connecting to computer serial interface). The other end is RJ45 interface (connecting to Console interface in MP board of ZXR10 8900 series switch). Serial connection configuration adopts VT100 terminal mode, using the HyperTerminal tool provided by Windows OS.
Page 17: Figure 3 Hyperterminal Configuration 2
Chapter 2 Usage and Operation IGURE YPER ERMINAL ONFIGURATION 4. Click Ok. COM port attribute setup window appears, as shown in Figure 4. Fill in the parameter values, as shown in Table IGURE YPER ERMINAL ONFIGURATION Confidential and Proprietary Information of ZTE CORPORATION...
Page 18: Configuring Telnet Connection
Note: If the switch fails to be connected, set the value of bits per second to 9600. 5. Click Ok to complete setting. ZXR10 8900 series switch con- figuration window appears. At this point start command oper- ation. Result: Serial interface connection has been configured.
Page 19: Figure 5 Running Telnet
Note: � ZXR10 8900 series switch allows up to four Telnet users logging in simultaneously. If “**” appears after inputting username and password, it indicates that the number of users reaches the limit, please retry later or re-login after logging out other users.
Page 20 ZXR10 8900 Series User Manual (Basic Configuration Volume) To configure a telnet connection to a switch through a VLAN port, Configuring Telnet Connection perform the following steps. through Host 1. Configure IP addresses of VLAN and VLAN interface through Console port.
Page 21: Configuring Ssh Connection
SSH falls into two parts including server and client terminal. ZXR10 8900 series switch serves as the server of SSH. Host logs in to the switch by running SSH client terminal. To configure SSH connection, perform the following steps.
Page 22: Figure 8 Setting Ip Address And Port Of Ssh Server
ZXR10 8900 Series User Manual (Basic Configuration Volume) Note: The SSH server function is disabled by default. 2. Connect the host network interface to the Ethernet port of the switch. Enable the host to ping the IP address of VLAN interface in the switch.
Page 23: Configuring Snmp Connection
SNMP adopts management, based on server and client terminal. Background NM server serves as the SNMP server, and the fore- ground network equipment. ZXR10 8900 series switch serves as SNMP client terminal. Foreground and background share the same MIB management database, performing communication by SNMP protocol.
Page 24: Command Modes
One command can only be executed under specific mode. Input a question mark (?) under any command mode to query the applicable commands under the mode. Major command modes of ZXR10 8900 series switch are described in ABLE OMMAND...
Page 25 � In the modes other than user EXEC mode and privileged EXEC mode, use end command or press Ctrl+z to return to the priv- ileged EXEC mode. Confidential and Proprietary Information of ZTE CORPORATION...
Page 26: Command Line Usage
ZXR10 8900 Series User Manual (Basic Configuration Volume) Command Line Usage Online Help In command mode, available command list is displayed if a ques- tion mark (?) is entered that follows the system prompt. Com- mand key word list and parameters can be obtained through online help.
Page 27: Command Abbreviation
Note: All commands in the command line operation are case-insensitive. Command Abbreviation ZXR10 8900 series switch allows abbreviating commands and key word to character or character string identifying the command or key word uniquely. For example, abbreviate show command to sh or sho.
Page 28 ZXR10 8900 Series User Manual (Basic Configuration Volume) Operation Description This recalls commands in the Press Ctrl+P or - - - history buffer in a forward sequence This recalls commands in the Press Ctrl+N or ¯ ¯ ¯ history buffer in a backward...
Page 29: System Management
System Information View ...........33 File System Management File System Overview On ZXR10 8900 series switch, FLASH in MP board is used as major storage device that is for storing ZXR10 8900 series switch version files and configuration files. When upgrading software version and saving configuration, an operation over FLASH is necessary.
Page 30: Operating File System Management
If IMG, CFG or DATA is unavailable in FLASH, create them manually with mkdir command. Operating File System Management ZXR10 8900 series switch provides many commands for file oper- ations. Command format is similar to DOS commands as present in Microsoft Windows Operating System.
Page 31: Ftp/Tftp Connection Configuration
65007616 bytes total (48863232 bytes free) ZXR10# FTP/TFTP Connection Configuration ZXR10 8900 series switch serves as the client terminal of FTP/TFTP. It is possible to take files backup and to restore them. On ZXR10 8900 series switch, configuration can be imported by FTP/TFTP.
Page 32: Configuring A Switch As Ftp Client Terminal
ZXR10 8900 Series User Manual (Basic Configuration Volume) Configuring a Switch as FTP Client Terminal Enable FTP server software in the background host and switch Prerequisites communicates as client terminal. To configure switch serving as FTP client terminal, perform the Context following steps.
Page 33: Configuring A Switch As Tftp Client Terminal
To configure a switch serving as TFTP client terminal, perform the Context following steps. 1. Run TFTPD software in the background host. Steps A window appears, as shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 34: Figure 12 Tftpd Window
ZXR10 8900 Series User Manual (Basic Configuration Volume) 12 TFTPD W IGURE INDOW 2. Click Tftpd > Configure. Adialog box appears. Click Browse, and select the file saving version files or configuration files, such as D:\IMG. After configuration is completed, a dialog box appears, as...
Page 35: File Backup And Restoration
If the system fails to load new version, users can restore the old version from the background server. Software version file backup is similar to configuration file backup. Confidential and Proprietary Information of ZTE CORPORATION...
Page 36: Restoring System Software Version
� Connect the configuration port (Console port of MP board) of ZXR10 8900 series switch to the serial interface of background host by configuration cable delivered with the product. Con- nect management Ethernet interface of the device (10/100M...
Page 37 � Start the background FTP server. To upgrade the version at abnormality, perform the following steps. Context 1. Start ZXR10 8900 series switch using HyperTerminal and press Steps any key to enter Boot status. The following content appears. ZXR10 System Boot Version: 1.0...
Page 38: Upgrading Version At Normality
If the new version file is unavailable, it indicates the file copy failure, please execute step 6 to re-copy the version. 8. Restart ZXR10 8900 series switch and follow the methods in step 4, and boot the system from FLASH enabled, at this time, “Boot path”...
Page 39: Upgrading Version Without Interrupting System
� Connect the configuration port (Console port of MP board) of ZXR10 8900 series switch to the serial interface of background host by configuration cable delivered with the product. Con- nect management Ethernet interface of the device (10/100M Ethernet interface) to network interface of background host by straight-through Ethernet cable.
Page 40: System Parameter Configuration
ZXR10 8900 Series User Manual (Basic Configuration Volume) board. The line interface cards should be rebooted after the ver- sion update. To update the version without interrupting the system, perform the following steps. 1. View the information of the current version.
Page 41: Configuring A Welcome Message
To prevent an unauthorized user from modifying the configuration, use the following command. Command Function enable secret {0 <password>|5 This sets password ZXR10(config)# <password>|<password>} Configuring Telnet Username and Password To set Telnet username and password, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 42: Configuring System Time
ZXR10 8900 Series User Manual (Basic Configuration Volume) Command Function username <username> password This sets Telnet user and ZXR10(config)# <password> password Configuring System Time To set system time, use the following command. Command Function clock set <current-time><month><day This sets system time ZXR10(config)# ><year>...
Page 43: Saving Command Log File
Note: By default, the file is saved in flash/data directory, and file name is logfile.txt. To save command log file, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 44: Configuring Saving Time Of Alarm Log
ZXR10 8900 Series User Manual (Basic Configuration Volume) Command Function write cmdlog {flash | sd}[start-time This saves the contents in ZXR10# <date><time>][end-time <date><time>][filename command log buffer as a file. <filepath/file>] The file is saved in flash/data directory. Parameter descriptions: Parameter Description start-time <date><time>...
Page 45: System Information View
To view hardware and software versions of the system, use the following command. Command Function show version This displays the version ZXR10# information about the software and hardware of system Viewing Current Running Configuration Information To view running configuration, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 46: Viewing Cpu Information
When malfunction occurs on network, it is required to collect di- agnosis information as soon as possible and solve the problem. It is an urgent task to analyze the malfunction, and usually some important information is not collected. ZXR10 8900 series switch Confidential and Proprietary Information of ZTE CORPORATION...
Page 47 Spanning tree state on port � Protocol VLAN information � Selective QinQ information � MPLS/VPN LDP information � MPLS/VPN LSP information � VPN routing information � QoS information To view system diagnosis information, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 48 ZXR10 8900 Series User Manual (Basic Configuration Volume) Command Function show diagnostic information[{[detail[{[module This displays information of the ZXR10# <module-name>[|{begin | exclude | include}]][|{begin whole system for malfunction | exclude | include}]}]]|[module <module-name>[|{be analysis when malfunction gin | exclude | include}]]|[save]}]...
Page 49: Cli Privilege Classification
The administrators have the highest level (Level 15). Therefore, they can set the levels of different commands. CLI privilege classification function consists of two parts: privilege level maintenance of commands and users, as shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 50: Configuring Cli Privilege Classification
ZXR10 8900 Series User Manual (Basic Configuration Volume) 14 CLI P IGURE RIVILEGE LASSIFICATION UNCTION When a device is booted, each command has a default privilege Privilege Level Maintenance of level. Administrators can modify the privilege levels of the com- Commands mands.
Page 51: Configuring An Enabling Password
Administrators can configure an enabling password for each privi- lege level. When a user with lower privilege level wants to obtain a higher privilege level, the user should input the enabling pass- word. Confidential and Proprietary Information of ZTE CORPORATION...
Page 52: Configuring Privilege Level Of A Command
Administrators configure the privilege level to 1 for a user named test, as shown below. ZXR10(config)#username test password test privilege 1 The enabling password of privilege level 12 is configured to “zte”, as shown below. ZXR10(config)#enable secret level 12 zte...
Page 53 VLAN mode is hybrid, pvid 1 MTU 1500 bytes BW 1000000 Kbits Last clearing of "show interface" counters never 120 seconds input rate: 0 Bps, 0 pps 120 seconds output rate: 5 Bps, 0 pps ..Confidential and Proprietary Information of ZTE CORPORATION...
Page 54: Cli Privilege Classification Configuration Example
ZXR10 8900 Series User Manual (Basic Configuration Volume) CLI Privilege Classification Configuration Example Use user privilege level 15 to configure a user named test with privilege level of 10. The configuration is shown below. ZXR10(config)#username test password test privilege 10...
Page 55: Port Configuration
ZXR10 8900 series switch names the ports in the following way: Port Naming Rules Port type_Slot No./Port No.
Page 56: Enabling An Ethernet Port
ZXR10 8900 Series User Manual (Basic Configuration Volume) GEI: Gigabit Ethernet Interface XGEI: 10 Gigabit Ethernet Interface � Slot No. ZXR10 8908 provides 10 plug-in slots that are numbered from top to down, where No. 5 and No. 6 are MP plug-in slots and rest are the interface board module plug-in slots.
Page 57: Configuring Duplex Mode
Configuring Ethernet Port Rate To configure Ethernet port rate, perform the following steps. Step Command Function This accesses port interface {<port-name>|byname ZXR10(config)# <by-name>} configuration mode speed {10|100|1000} This configures Ethernet port ZXR10(config-if)# speed Confidential and Proprietary Information of ZTE CORPORATION...
Page 58: Configuring Traffic Control
ZXR10 8900 Series User Manual (Basic Configuration Volume) Note: Only the Ethernet electrical interface can be configured with port rate. Before configuring the port rate, disable auto-negotiation function first. Configuring Traffic Control To configure Ethernet port traffic control, perform the following steps.
Page 59: Configuring Broadcast Storm Suppression
100% means that the broadcast storm passing through the port is not suppressed. Configuring Multicast Suppression To configure multicast suppression of Ethernet port, perform the following steps. Confidential and Proprietary Information of ZTE CORPORATION...
Page 60: Configuring Unknown Unicast Suppression
ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function interface {<port-name>|byname This accesses port ZXR10(config)# <by-name>} configuration mode multicast-limit {{percent This configures multicast ZXR10(config-if)# <percent>}|{value <value>}} suppression of Ethernet port Configuring Unknown Unicast Suppression To configure unknown unicast suppression of Ethernet port, per- form the following steps.
Page 61: Configuring Fefi Function
{copper | fiber} This switches optical or ZXR10(config-if)# electrical port Note: This command only can not be used on purely optical or electrical interfaces. Viewing Port Information To view port information, perform the following steps. Confidential and Proprietary Information of ZTE CORPORATION...
Page 62 ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function show interface [<port-name>] This views status information ZXR10(config)# of Ethernet port show zfid [interface <port-list>] This views information on ZXR10(config)# port that enables fast port detection function show linkage-group [id]...
Page 63: Diagnosing And Testing Link
Chapter 5 Port Configuration Diagnosing and Testing Link ZXR10 8900 series switch supports cable line diagnosis analysis test function that detects the line abnormality or line connection abnormality. This test locates the exact position of cable fault, facilitating network management and locating fault.
Page 64: Port Mirroring Configuration
It can retrieve the data of mirrored port in the monitoring port by mirroring. Through which it can perform network flow analysis, and error diagnosis. Port mirroring function on ZXR10 8900 series switch complies with the following rules: � It supports up to 8 groups of port mirroring, each can support up to 8 mirrored ports.
Page 65: Figure 15 Port Mirroring Configuration Example
Configuration information of port mirroring is shown below. ZXR10(config)#show monitor session 1 Session 1 ----------------------------------------------- Source Ports: Port: gei_1/1 Monitor Direction: rx Port: gei_1/2 Monitor Direction: both Destination Port: Port: gei_3/3 ----------------------------------------------- Confidential and Proprietary Information of ZTE CORPORATION...
Page 66: Erspan Configuration
ZXR10 8900 Series User Manual (Basic Configuration Volume) ERSPAN Configuration ERSPAN Overview Port mirroring can be divided into SPAN, RSPAN and ERSPAN: � SPAN indicates copying packets on one or more ports (source port) to a monitoring port (destination port) of this device for packet monitoring and analysis.
Page 67: Configuring Erspan
As shown in Figure 1, set up a tunnel between Switch1 and Switch2, use interface gei_1/1 of Switch1 as mirror source port, and configure ERSPAN mirroring. With this configuration, packets passing through interface gei_1/1 of Switch1 will be encapsulated Confidential and Proprietary Information of ZTE CORPORATION...
Page 68: Port Loop Detection Configuration
If there is a loop, the switch will take measures. This can avoid broadcast storm. On ZXR10 8900 series switch, port loop detection function can be configured to detect loop on a port or all ports. By default, the detection function is disabled.
Page 69: Port Loop Detection Configuration Example
This example shows how to configure loop detection function. As shown in Figure 18, gei_1/1 on S1 belongs to VLAN1 and VLAN2. Port loop detection function is enabled on gei_1/1 in VLAN1 and VLAN2. Confidential and Proprietary Information of ZTE CORPORATION...
Page 70: Figure 18 Port Loop Detection Configuration Example
ZXR10 8900 Series User Manual (Basic Configuration Volume) 18 P IGURE ETECTION ONFIGURATION XAMPLE Configuration on S1: ZXR10(config)#interface gei_1/1 ZXR10(config-if)#switchport mode trunk ZXR10(config-if)#switchport trunk vlan 1-2 ZXR10(config-if)#exit ZXR10(config)#loop-detect interface gei_1/1 enable ZXR10(config)#loop-detect interface gei_1/1 vlan 1-2 enable ZXR10(config)#loop-detect reopen-time 5 The information on gei_1/1 is shown below.
Page 71: Network Protocol Configuration
Range of each class is shown in Table 5 IP A ABLE DDRESS FOR LASS Prefix Network Class Characteristic Host Bit Range 0.0.0.0 to Class A 127.255.255.255 128.0.0.0 to Class B 191.255.255.255 192.0.0.0 to Class C 223.255.255.255 Confidential and Proprietary Information of ZTE CORPORATION...
Page 72 ZXR10 8900 Series User Manual (Basic Configuration Volume) Prefix Network Class Characteristic Host Bit Range Class 224.0.0.0 to 1110 Multicast address 239.255.255.255 240.0.0.0 to Class E 1111 Reserved 255.255.255.255 Some addresses of Class A, B and C are reserved for private net- works.
Page 73: Configuring Ip Address
ARP table according to IP address, if MAC address of destination device is found in the ARP table, transmitting ARP request is not needed. Dynamic Confidential and Proprietary Information of ZTE CORPORATION...
Page 74: Configuring Arp
ZXR10 8900 Series User Manual (Basic Configuration Volume) entries in the ARP table will be deleted automatically after a period of time, which is called ARP aging time. Configuring ARP To configure ARP, perform the following steps. Step Command Function arp timeout <seconds>...
Page 75: Arp Query Example
21 and internal VLAN-ID of 31. ZXR10#show arp exvlanID 21 invlanID 31 Arp protect whole is disabled The count is 2 IPAddress Age HardwareAddress interface ExVlanID InVlanID --------------------------------------------------------- 10.1.1.1 0000.0000.0001 qinq1 10.1.1.2 0000.0000.0001 qinq1 Confidential and Proprietary Information of ZTE CORPORATION...
Page 76 ZXR10 8900 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 77: Dhcp Configuration
Once the lease period expires, the host must request the server for continuous lease. The host cannot continue to lease until the server accepts the request, otherwise it must give up unconditionally. Confidential and Proprietary Information of ZTE CORPORATION...
Page 78: Dhcp Snooping Overview
DHCP server locates when the DHCP server and client host are not in the same sub-network. This function is called DHCP relay. ZXR10 8900 series switch can act as a DHCP server or DHCP relay to forward DHCP information. DHCP Snooping Overview DHCP brings convenience for IP address allocation, but it also brings problems.
Page 79: Configuring Dhcp Relay
DHCP server displayed on DHCP Client is actually the address of the server. Therefore, the security mode can protect the server from attack. Configuring DHCP Snooping To configure DHCP snooping, perform the following steps. Confidential and Proprietary Information of ZTE CORPORATION...
Page 80: Dhcp Configuration Examples
ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function ip dhcp snooping enable This enables DHCP snooping ZXR10(config)# process ip dhcp snooping vlan <vlan-id> This enables DHCP snooping ZXR10(config)# in a VALN ip dhcp snooping trust <port-number> This configures an interface...
Page 81: Dhcp Relay Configuration Example
IGURE ELAY ONFIGURATION XAMPLE Configuration on the switch: ZXR10(config)#interface vlan10 ZXR10(config-if)#ip dhcp mode relay ZXR10(config-if)#ip address 10.10.1.1 255.255.255.0 ZXR10(config-if)#ip dhcp relay agent 10.10.1.1 ZXR10(config-if)#ip dhcp relay server 10.10.2.2 security ZXR10(config-if)#exit ZXR10(config)#ip dhcp enable Confidential and Proprietary Information of ZTE CORPORATION...
Page 82: Dhcp Snooping Preventing False Dhcp Server
ZXR10 8900 Series User Manual (Basic Configuration Volume) DHCP Snooping Preventing False DHCP Server Configuration Example DHCP server 1 connects with fei_1/1 of the switch. DHCP Server 1 is configured by administrator. DHCP server 2 connects with fei_1/2 of switch, and it is a private and illegal server. Fei_1/1 and fei_1/2 belong to vlan100.
Page 83: Dhcp Maintenance And Diagnosis
[<vlan-id>] This displays configuration ZXR10# information of VLAN that enables DHCP snooping function show ip dhcp snooping trust This displays configuration ZXR10# information of DHCP snooping trust interface Confidential and Proprietary Information of ZTE CORPORATION...
Page 84 ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function show ip dhcp snooping database slot This views information in ZXR10# <slot-id> DHCP Snooping database show ip arp inspection vlan [<vlanl-id>] This displays configuration ZXR10# information of VLAN that...
Page 85: Vrrp Configuration
VRRP group work abnormally. These routers can be configured into multiple groups for mutual backup. The hosts in the domain use different IP addresses as gateway to implement data load balance. Confidential and Proprietary Information of ZTE CORPORATION...
Page 86: Configuring Vrrp
ZXR10 8900 Series User Manual (Basic Configuration Volume) Configuring VRRP To configure VRRP, perform the following steps. Step Command Function interface vlan<vlan-number> This enters Later 3 VLAN ZXR10(config)# interface configuration mode vrrp <group> ip <ip-address>[sec This sets a VRRP virtual IP...
Page 87: Symmetric Vrrp Configuration Example
10.0.0.1. PC3 and PC4 use virtual router in Group 2 as default gateway with address 10.0.0.2. R1 and R2 serve as mu- tual backup. Four hosts cannot communicate with outside world until both routers become invalid. This is shown in Figure Confidential and Proprietary Information of ZTE CORPORATION...
Page 88: Vrrp Maintenance And Diagnosis
ZXR10 8900 Series User Manual (Basic Configuration Volume) 24 S VRRP C IGURE YMMETRIC ONFIGURATION XAMPLE Configuration on R1: ZXR10_R1(config)#interface vlan 1 ZXR10_R1(config-if)#ip address 10.0.0.1 255.255.0.0 ZXR10_R1(config-if)#vrrp 1 ip 10.0.0.1 ZXR10_R1(config-if)#vrrp 2 ip 10.0.0.2 Configuration on R2: ZXR10_R2(config)#interface vlan 1 ZXR10_R2(config-if)#ip address 10.0.0.2 255.255.0.0...
Page 89: Acl Configuration
Packet matching rules defined by the ACL are also used in other conditions where distinguishing traffic is needed. For instance, the matching rules can define the traffic classification rule in the QoS. ZXR10 8900 series switch provides seven types of ACLs: � Standard ACL Only source IP addresses are matched against the ACL.
Page 90: Np-Based Acl Overview
ZXR10 8900 Series User Manual (Basic Configuration Volume) � Layer 2 ACL Source/destination MAC address, source VLAN ID, Layer 2 Ethernet protocol type and 802.1p priority value are matched against the ACL. � Hybrid ACL Source/destination MAC address, source VLAN ID, source/des- tination IP address, TCP source/destination port number, UDP source/destination port number are matched against the ACL.
Page 91: Configuring Acls
This example describes how to define a standard ACL which al- Example lows access of messages from network 192.168.1.0/24 but denies messages from source IP address 192.168.1.100. ZXR10(config)#acl basic number 10 ZXR10(config-std-acl)#rule 1 deny 192.168.1.100 0.0.0.0 Confidential and Proprietary Information of ZTE CORPORATION...
Page 92: Defining Extended Acl
ZXR10 8900 Series User Manual (Basic Configuration Volume) ZXR10(config-std-acl)#rule 2 permit 192.168.1.0 0.0.0.255 Defining Extended ACL To configure extended ACL, perform the following steps. Step Command Function acl extend {number <acl-number>|n This enters extended ACL ZXR10(config)# ame <acl-name>| alias <alias-name>}[match-order...
Page 93: Defining Layer 2 Acl
|arp | ip}[cos | incos | dinvlan | doutervlan | egress | ingress | time-range] move <rule-no> after This moves a rule ZXR10(config-hybd-acl)# <rule-no> attach time-range <Time This binds a time range to a ZXR10(config-hybd-acl)# range name> to <rule id> rule Confidential and Proprietary Information of ZTE CORPORATION...
Page 94: Defining Standard Ipv6 Acl
ZXR10 8900 Series User Manual (Basic Configuration Volume) This example describes how to configure a hybrid ACL. It is re- Example quired to implement the following functions: � Permit access of UDP messages from network 210.168.1.0/24, destination IP address 210.168.2.10, destination MAC address 00d0.d0c0.5741, source port 100 and destination port 200.
Page 95: Defining Customized Acl
Rule is 0x1111. � Mask is 0x000f. � Offset is 4 bytes. ZXR10(config)#acl user-define number 3000 ZXR10(config-user-acl)#rule 1 permit tag 1 4 0x1111 0x000f Configuring Time Range To configure time range, perform the following steps. Confidential and Proprietary Information of ZTE CORPORATION...
Page 96: Applying Acl To Physical Port
ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function time-range enable This enables time range ZXR10(config)# function time-range <time-range-name> This enters time range ZXR10(config)# configuration mode absolute start <hh:mm:ss><mm-d This configures absolute time ZXR10(config-tr)# d-yyyy>[end <hh:mm:ss><mm-dd-yyyy>] range periodic {daily | monday | tuesday...
Page 97: Applying Acl To Virtual Port
As shown in Figure 25, Switch A and Switch B back up for each Example other. Switch C receives two same data flows. To avoid this phe- nomenon, an event linkage ACL rule is configured. Confidential and Proprietary Information of ZTE CORPORATION...
Page 98: Figure 25 Configuring Event Linkage Acl Rule
ZXR10 8900 Series User Manual (Basic Configuration Volume) 25 C ACL R IGURE ONFIGURING VENT INKAGE How to configure? 1. Define one event list. The prerequisite of event trigger is that interface gei_1/1 is down; 2. Define one standard ACL, where rule 1 permits all packets to pass through, rule 2 denies all packets.
Page 99: Applying Np-Based Acl
This applies NP-based ACL to ZXR10(config-if)# | acl name r>{in | out} Smartgroup interface To cancel application of NP-based ACL to Smartgroup interface, use no ip access-group senior <acl-numbe | acl name r>{in | out} command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 100: Acl Configuration Example
ZXR10 8900 Series User Manual (Basic Configuration Volume) ACL Configuration Example A company has an Ethernet switch, to which users of both A and B department and servers are connected. This is shown in Figure 26. The relevant provisions are as follows: �...
Page 101: Acl Maintenance And Diagnosis
[<acl-number>|name <acl-name>] This displays the contents of ZXR10# all ACLs or of the ACL with specified list number show running-config interface <port-name> This displays the configuration ZXR10# information of an Ethernet port Confidential and Proprietary Information of ZTE CORPORATION...
Page 102 ZXR10 8900 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 103: Qos Configuration
QoS provides the follow- ing functions: � Traffic classification � Traffic policing � Traffic shaping � Queue scheduling and default 802.1p � Redirection and policy routing � Priority marking � Traffic mirroring � Traffic statistics Confidential and Proprietary Information of ZTE CORPORATION...
Page 104: Traffic Classification
IGURE RAFFIC ONITORING ORKING ZXR10 8900 series switch implements Single Rate Three Color Marker (SrTCM) (RFC2697) and Two Rate Three Color Marker (TrTCM) (RFC2698) functions, which both support color-blind and color-aware modes. Meter works in two modes: color-blind mode and color-aware mode.
Page 105: Traffic Shaping
Outgoing port bandwidth traffic shaping Queue Scheduling and Default 802.1p Each physical port of the ZXR10 8900 series switch supports eight output queues (queue 0 to queue 7) called CoS queues. Switch performs incoming port output queue operation according to the queue corresponding to 802.1p of packets.
Page 106: Policy Routing
ZXR10 8900 Series User Manual (Basic Configuration Volume) ZXR10 8900 series switch supports Strict Priority (SP), Weighted Round Robin (WRR) and Dynamic Weighted Round Robin (DWRR) queue scheduling modes. Eight output queues of a port can adopt different modes respectively.
Page 107: Traffic Mirroring
HQoS has the following functions. HQoS Functions � Supporting hierarchical scheduling The most obvious characteristic of HQoS is hierarchical sched- uling. It is used to simulate complex networks. Confidential and Proprietary Information of ZTE CORPORATION...
Page 108: Configuring Qos
ZXR10 8900 Series User Manual (Basic Configuration Volume) � Supporting mass of queues Different queues mean users of different services. HQoS can store packets received within 200ms at lone speed on a port. This can avoid congestion. � Supporting mass of scheduling nodes Scheduling node is the main member to create topology model.
Page 109: Configuring Traffic Rate Limit
20M, and ingress rate to be 10M. ZXR10(config)#interface gei_1/1 ZXR10(config-if)#traffic-limit rate-limit 20000 bucket-size 4 out ZXR10(config-if)#traffic-limit rate-limit 10000 bucket-size 4 in Configuring Layer 3 Rate Limit To configure Layer 3 rate limit, perform the following steps. Confidential and Proprietary Information of ZTE CORPORATION...
Page 110: Configuring Queue Scheduling
600K 168.1.2.4 300K Configuring Queue Scheduling ZXR10 8900 series switch supports SP and WRR queue scheduling modes. When these two modes are mixed used, SP has a higher priority over WRR. To configure queue scheduling, use the following command. Command...
Page 111: Configuring Policy Routing
IP address 168.2.5.5 on port gei_5/1 to 34, and select 4 for output queues. ZXR10(config)#acl basic number 10 ZXR10(config-basic-acl)#rule 1 permit 168.2.5.5 ZXR10(config-basic-acl)#exit ZXR10(config)#priority-mark 10 rule-id 1 dscp 34 cos 4 ZXR10(config)#interface gei_5/1 ZXR10(config-if)#ip access-group 10 in Confidential and Proprietary Information of ZTE CORPORATION...
Page 112: Configuring Tail Discarding
ZXR10 8900 Series User Manual (Basic Configuration Volume) Configuring Tail Discarding To configure tail discarding, perform the following steps. Step Command Function qos tail-drop <session-index> This configures parameters of ZXR10(config)# queue-id <queue-id><green-threshold><yellow-thr packets to be discarded eshold><red-threshold> interface <interface-name> This enters interface...
Page 113: Configuring Cos Local Priority Mapping
1 is 1, priority of queue 2 is 2, and the rest are deduced by analogy. ZXR10(config)#qos cos-local-map 1 2 3 4 5 6 7 ZXR10(config)#interface gei_1/1 ZXR10(config-if)#trust-cos-local enable Configuring DSCP Priority Mapping To configure DSCP priority mapping, perform the following steps. Confidential and Proprietary Information of ZTE CORPORATION...
Page 114: Configuring Traffic Mirroring
ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function qos conform-dscp <dscp-list><dscp-v This configures DSCP priority ZXR10(config)# alue><cos-value><drop-priority> mapping. interface <interface-name> This accesses L2 configuration ZXR10(config)# interface. trust-dscp enable This applies DSCP priority ZXR10(config-if)# mapping. By executing command trust-dscp disable, DSCP priority map- ping can be cancelled.
Page 115: Configuring Queue-Based Bandwidth Upper And Lower Threshold
This configures a matching rule ZXR10(config-fclass)# <rule-no>) | tunnel <1-4096>| vlan <1-4094>| vip in traffic class configuration <1-16384>}| phb {be | af1 | af2 | af3 | af4 | ef | cs6 | mode cs7}} Confidential and Proprietary Information of ZTE CORPORATION...
Page 116: Configuring Wred Policy
ZXR10 8900 Series User Manual (Basic Configuration Volume) One traffic class can only match one ACL rule. If an ACL rule matches flow-class, the class must exist and the class can not be deleted. Corresponding ACL and rule number must exist.
Page 117: Configuring Wfq Policy
WFQ policy. By default, the weight is 1. Configuring Traffic Shaping To configure traffic shaping policy, perform the following steps. 1. To create or enter a traffic shaping policy, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 118: Configuring Hqos Policy
ZXR10 8900 Series User Manual (Basic Configuration Volume) Command Function shaping-profile <profile-name>[level This creates or enters a traffic ZXR10(config)# <2-4>] shaping policy Instructions: Users enter traffic shaping policy view after inputting this � command. If the policy does not exist, users should input level to create a policy.
Page 119 By default, a traffic class is associated with a default WRED policy of corresponding level. To cancel WRED policy of a traffic class, use no wred-profile command. 7. To apply shaping policy to a traffic class, use the following com- mand. Confidential and Proprietary Information of ZTE CORPORATION...
Page 120 ZXR10 8900 Series User Manual (Basic Configuration Volume) Command Function shaping-profile This applies shaping policy to a ZXR10(config-qpolicy-class)# <profile-name> traffic class By default, a traffic class is associated with a default shaping policy of corresponding level. Traffic class of level 1 can not be associated with a shaping policy.
Page 121: Qos Configuration Examples
VOD server with IP address 192.168.4.70. To ensure QoS of VOD, it should be configured with a higher priority. Internal users can access Internet through proxy 192.168.3.100. However, band- width of Network A and B should be limited and traffic statistics is required. Confidential and Proprietary Information of ZTE CORPORATION...
Page 122: Figure 28 Typical Qos Configuration Example
ZXR10 8900 Series User Manual (Basic Configuration Volume) 28 T IGURE YPICAL ONFIGURATION XAMPLE Configuration on the switch: ZXR10(config)#acl extended number 100 ZXR10(config-ext-acl)#rule 1 permit tcp any 192.168.4.70 0.0.0.0 ZXR10(config-ext-acl)#rule 2 permit ip any 192.168.3.100 0.0.0.0 ZXR10(config-ext-acl)#rule 3 permit ip any any...
Page 123: Policy Routing Configuration Example
ZXR10(config)#redirect in 10 rule-id 2 next-hop 200.1.1.1 ZXR10(config)#interface gei_1/1 ZXR10(config-if)#ip access-group 10 in ZXR10(config-if)#exit ZXR10(config)#interface gei_1/2 ZXR10(config-if)#ip access-group 10 in QoS Maintenance and Diagnosis To configure QoS maintenance and diagnosis, use the following command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 124 ZXR10 8900 Series User Manual (Basic Configuration Volume) Command Function show qos [name <acl-name>| number This views QoS configuration ZXR10(config)# <acl-number>] information This example shows how to view QoS configuration information. Example ZXR10(config)#acl standard number 1 ZXR10(config-std-acl)#rule 1 permit 100.1.1.1...
Page 125: Dot1X Configuration
Controlled and uncontrolled ports in the IEEE 802.1x protocol are logical concepts and such physical switches are inexistent in the equipment. The IEEE 802.1x protocol establishes a logical au- Confidential and Proprietary Information of ZTE CORPORATION...
Page 126: Configuring Dot1X
ZXR10 8900 Series User Manual (Basic Configuration Volume) thentication channel for each user and other users cannot use the logical channel after the port is enabled. Authentication server is usually a RADIUS server. In authentication Authentication Server System server user-related information is stored such as the VLAN where the user locates, CAR parameter, priority and access control list of the user.
Page 127: Configuring Dot1X Parameters
This configures the timeout of ZXR10(config-nas)# the dot1x authentication dot1x max-requests <count> This configures maximum ZXR10(config-nas)# request times of dot1x authentication Configuring Local Authentication User To configure local authentication user, perform the following steps. Confidential and Proprietary Information of ZTE CORPORATION...
Page 128: Managing Dot1X Authentication User
ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function This enters nas configuration ZXR10(config)# mode create localuser <user-id>[name This creates a local user ZXR10(config-nas)# <user-name>][password <user-password>] localuser <user-id> port This binds the user with the ZXR10(config-nas)# <port-name> port localuser <user-id>...
Page 129: Dot1X Configuration Examples
Set the encryption key to be “aaazte” when the system ex- changes packets with the authentication RADIUS server. Set the system to resend packets to the RADIUS server if no re- sponse comes from this server within five seconds after the Confidential and Proprietary Information of ZTE CORPORATION...
Page 130: Dot1X Relay Authentication Application
ZXR10 8900 Series User Manual (Basic Configuration Volume) previous sending, and packets can be resent for five times at most. Direct the system to remove the user domain name from the user name and before sending it to the RADIUS server.
Page 131: Dot1X Local Authentication Application
ZXR10(config-nas)#localuser 3 mac 00d0.d0d0.1689 In the above configuration, local authentication function on the au- thenticator switch is enabled to implement the application require- ment of the enterprise. According to the above configuration, only Confidential and Proprietary Information of ZTE CORPORATION...
Page 132: Dot1X Maintenance And Diagnosis
ZXR10 8900 Series User Manual (Basic Configuration Volume) 00d0.d0d0.1234, 00d0.d0d0.1456 and 00d0.d0d0.1689 network card addresses are accessed and the Internet access duration of these three users, named as A0001, A0002 and A0003, is summed up. Duration is recorded on the Radius server.
Page 133: Cluster Management Configuration
There is only one command switch in a cluster. Command switch can collect equipment topology and establish a cluster automati- cally. After the cluster is established, command switch provides a management channel for cluster to manage member switch. Mem- Confidential and Proprietary Information of ZTE CORPORATION...
Page 134: Figure 32 Cluster Management Network
ZXR10 8900 Series User Manual (Basic Configuration Volume) ber switch serves as a candidate switch before being added into cluster. Switch which does not support member switch is called independent switch. Cluster management network is formed as shown in Figure...
Page 135: Configuring Cluster Management
Chapter 12 Cluster Management Configuration 33 S IGURE WITCHING Configuring Cluster Management Enabling ZDP To enable ZTE Discovery Protocol (ZDP), perform the following steps. Step Command Function zdp enable This enable ZDP function ZXR10(config)# globally interface <interface-name> This enters interface...
Page 136: Enabling Ztp
ZXR10 8900 Series User Manual (Basic Configuration Volume) Enabling ZTP To enable ZTE Topology Protocol (ZTP), perform the following steps. Step Command Function ztp enable This enables ZTP function ZXR10(config)# globally interface <interface-name> This enters interface ZXR10(config)# configuration mode ztp enable...
Page 137: Maintaining A Cluster
This logs in from the command ZXR10# switch to member switch or from the member switch to command switch copy <source-device><source-file><destination This uploads or downloads ZXR10# -device><destination-file> files through the cluster tftp server on the member switch Confidential and Proprietary Information of ZTE CORPORATION...
Page 138: Cluster Management Configuration Example
ZXR10 8900 Series User Manual (Basic Configuration Volume) Cluster Management Configuration Example This example describes how to connect two devices to implement cluster management, as shown in Figure 34 C IGURE LUSTER ANAGEMENT ONFIGURATION XAMPLE Configuration steps are as follows: 1.
Page 139 [member-num This displays group member ZXR10# <mem_id>] information Note: To trace transmitting and receiving packets condition and handling condition of cluster management processes ZDP and ZTP with d ebug group command. Confidential and Proprietary Information of ZTE CORPORATION...
Page 140 ZXR10 8900 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 141: Network Management Configuration
Internet. Without adequate NTP synchronization, organi- zations cannot expect their network and applications to function properly. ZXR10 8900 series switch acts as the NTP client. Configuring NTP To configure NTP, perform the following steps.
Page 142: Ntp Configuration Example
ZXR10 8900 Series User Manual (Basic Configuration Volume) NTP Configuration Example This example shows routing switch as an NTP client and assume that the NTP protocol version is 2. Network topology is shown in Figure 35 NTP C IGURE ONFIGURATION...
Page 143: Configuring A Radius Authentication Group
This configures retransmis- ZXR10(config-acctgrp-1)# sion times of RADIUS server nas-ip-address <NAS IP This configures nas-ip of ZXR10(config-acctgrp-1)# address> RADIUS server server <number><ipaddre This configures RADIUS ZXR10(config-acctgrp-1)# ss> key <keystr> port <portnum> server and its parameters Confidential and Proprietary Information of ZTE CORPORATION...
Page 144: Viewing Radius Information
ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function user-name-format This configures format of ZXR10(config-acctgrp-1)# {include-domain | strip-domain} name sent to RADIUS server by BRAS vendor {enable | disable} This enables or disables ZXR10(config-acctgrp-1)# attributes defined by vendor...
Page 145: Snmp Configuration
SNMP protocol. It is required to configure specific SNMP server for the rouging switch as SNMP agent and define contents and authorities availably collected by NMS. ZXR10 8900 series switch supports multiple versions of SNMP. Configuring SNMP SNMPv1/v2c adopts the community authentication mode.
Page 146: Snmp Configuration Example
Network Management System (NMS) without request. It is used to report emergent and important events. � For step 6, ZXR10 8900 series switch supports 5 types of con- ventional traps: snmp, bgp, ospf, rmon and stalarm. SNMP Configuration Example This example describes the configuration of SNMP.
Page 147: Configuring Rmon
64: 92955, 65-127: 14204, 128-255: 1116, 256-511: 4479, 512-1023: 85856, 1024-1518:2547 This example describes how to configure and enable RMON history Example control entry. ZXR10(config)#interface fei_1/1 ZXR10(config-if)#rmon collection history 1 bucket 10 interval 10 owner rmontest Confidential and Proprietary Information of ZTE CORPORATION...
Page 148: Syslog Configuration
SysLog Configuration SysLog Overview ZXR10 8900 series switch allows user to set and query logs. Log information makes it easy for maintaining routing switch regu- larly. Log information allows viewing alarm information and port status changes on routing switch. Logs can be displayed on the configured terminals in real time, or saved on routing switch or a background log server in files.
Page 149: Configuring Syslog
SysLog Configuration Example This example describes the setting SysLog. Before configuring SysLog, enable the log function with logging on command. ZXR10(config)#logging on ZXR10(config)#logging buffer 100 ZXR10(config)#logging mode FULLCLEAR ZXR10(config)#logging console warnings ZXR10(config)#logging level errors Confidential and Proprietary Information of ZTE CORPORATION...
Page 150: Lldp Configuration
ZXR10 8900 Series User Manual (Basic Configuration Volume) LLDP Configuration LLDP Overview Link Layer Discovery Protocol (LLDP) is a new protocol defined in 802.1ab. It enables that neighbor devices can send messages to each other. LLDP is used to update physical topology information and create a device management information database.
Page 151: Configuring Lldp
36 LLDP C IGURE ONFIGURATION XAMPLE Configuration of S1: Zxr10#conf t Zxr10(config)#lldp enable interface gei_1/1 Configuration of S2: Zxr10#conf t Zxr10(config)#lldp enable interface gei_1/1 Show configuration results: Confidential and Proprietary Information of ZTE CORPORATION...
Page 152 ZXR10 8900 Series User Manual (Basic Configuration Volume) � Showing global information of line card Zxr10#show lldp config -------------------------------------- Lldp enable: enabledRxTx Lldp hellotime: 30s Lldp holdtime: 120s Lldp maxneighbor: 128 Lldp curneighbor: 28 ------------------------------------- � Showing interface information Zxr10#show lldp config interface gei_1/1...
Page 153: Iptv Configuration
To configure IPTV global parameters, perform the following steps. Step Command Function iptv control {enable|disable} This configures IPTV function ZXR10(config)# iptv cac {enable | disable} This configures IPTC Channel ZXR10(config)# Access Control (CAC) function Confidential and Proprietary Information of ZTE CORPORATION...
Page 154: Configuring Global Parameters Of Iptv Preview
ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function iptv sms-server <server-ip> This configures the IP address ZXR10(config)# of service management system server iptv sms-server-port <port-number> This configures the port of ZXR10(config)# service management system server Configuring Global Parameters of...
Page 155: Configuring Iptv Channels
| name < channel-name>} Configuring IPTV Service Package To configure IPTV service package, perform the following steps. Step Command Function iptv package name <package-name This creates an IPTV service ZXR10(config)# >[pkgid <package-id>] package Confidential and Proprietary Information of ZTE CORPORATION...
Page 156: Configuring Iptv Preview Template
ZXR10 8900 Series User Manual (Basic Configuration Volume) Step Command Function iptv package <package-name> This adds a channel to the ZXR10(config)# channel < idlist>{deny|permit|preview} package and sets the privilege of the channel no iptv package {all |{ This deletes the package or a ZXR10(config)# package-name [<package-name>]| package-id...
Page 157: Configuring Iptv Fast Leave
User who connects to port gei_1/1 is a requesting user of multicast Example group 224.1.1.1. Vlan ID of this multicast group is 100. There is only one channel with ID of 0. Configuration is shown below. Confidential and Proprietary Information of ZTE CORPORATION...
Page 158: Iptv Maintenance And Diagnosis
ZXR10 8900 Series User Manual (Basic Configuration Volume) ZXR10(config)#iptv control enable ZXR10(config)#iptv cac enable ZXR10(config)#iptv channel mvlan 100 group 224.1.1.1 ZXR10(config)#interface gei_1/1 ZXR10(config-if)#iptv service start ZXR10(config-if)#iptv control-mode channel ZXR10(config-if)#iptv channel id 0 User who connects to port gei_1/1 in Vlan1 is the preview user of Example multicast group 224.1.1.1.
Page 159 [{ ((port < port> ) | ((NPC < This shows online IPTV users. ZXR10# slot-no> )}][{ ((vlan-id < vlan-id> ) | (( vlan-name < vlan-name> )}] show iptv channel statistics [channel-id This shows channel statistics. ZXR10# <channel-id>] Confidential and Proprietary Information of ZTE CORPORATION...
Page 160 ZXR10 8900 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 161: Vbas Configuration
This enables VBAS function in ZXR10(config-vlan)# a designated VLAN vbas trust This configures a VBAS ZXR10(config-if)# vbas port-type {user|net} This configures a designated ZXR10(config-if)# port as VBAS user port or network port Confidential and Proprietary Information of ZTE CORPORATION...
Page 162: Vbas Configuration Example
ZXR10 8900 Series User Manual (Basic Configuration Volume) Note: � To disable VBAS, use no vbas enable command in global con- figuration mode. � To disable VBAS in a designated VLAN, use no vbas enable command in vlan configuration mode.
Page 163: Cpu Attack Protection Configuration
When protocol protection module discovers that some kind of protocol packets are transmitted to platform in a high rate, the module makes alarm. This warns users that there may be some kind of Confidential and Proprietary Information of ZTE CORPORATION...
Page 164: Cpu Attack Protection Principle
ZXR10 8900 Series User Manual (Basic Configuration Volume) protocol packets attacking CPU. When such alarm appears, disable protocol protection function to protect CPU from being attacked. Note: After protocol protection functions of SNMP and RADIUS are dis- abled, they are not affected and work normally.
Page 165: Configuring Ipv6 Protocol Protection
<protocol name><alarm-limit> IPv6 protocol protection ipv6 protocol-protect This configures the average ZXR10(config-if)# average-rate mode <protocol-name><10-600> rate of IPv6 protocols ipv6 protocol-protect peak-rate This configures the peak rate ZXR10(config-if)# mode <protocol-name><100-1000> of IPv6 protocols Confidential and Proprietary Information of ZTE CORPORATION...
Page 166: Configuring Layer 2 Protocol Protection
ZXR10 8900 Series User Manual (Basic Configuration Volume) Note: IPv6 protocols that are supported by CPU attack protection include mld, na, ns, ra, rs, common icmp6, bgp6, rip6, ospf6, ldptcp6, ldpudp6, telnet6 and pim6. Configuring Layer 2 Protocol Protection To configure Layer 2 protocol protection, perform the following steps.
Page 167 Chapter 16 CPU Attack Protection Configuration ZXR10(config-if)#ipv6 protocol-protect mode icmp enable ZXR10(config-if)#ipv6 protocol-protect alarm mode icmp 3200 Confidential and Proprietary Information of ZTE CORPORATION...
Page 168 ZXR10 8900 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 169: Urpf Configuration
S2 and S3. Attackers may wage an attack by randomly changing source ad- dress in the packet. In this example, source address is one of reserved non-global IP addresses and thus is unreachable. A legal Confidential and Proprietary Information of ZTE CORPORATION...
Page 170: Configuring Urpf
ZXR10 8900 Series User Manual (Basic Configuration Volume) IP address may also be used to wage an attack as long as it is unreachable. Another network model is shown in Figure Module 2 38 S IGURE OURCE DDRESS NOOPING The attacker may forge a source address that is the address of another legal network and exists in global routing table.
Page 171: Urpf Configuration Example
Strict URPF is configured on interface fei_1/2 on S1 so as to pre- vent the users behind network 192.168.0.0/24 from maliciously attacking networks behind S1. Configuration on S1: ZXR10(config)#interface fei_1/2 ZXR10(config-if)#sw ac vlan 10 ZXR10(config-if)#ip verify strict ZXR10(config-if)#exit ZXR10(config)#int vlan 10 ZXR10(config-if)#ip address 192.168.0.1 255.255.255.0 Confidential and Proprietary Information of ZTE CORPORATION...
Page 172: Urpf Maintenance And Diagnosis
ZXR10 8900 Series User Manual (Basic Configuration Volume) URPF Maintenance and Diagnosis To configure maintenance and diagnosis of URPF, perform the fol- lowing steps. Step Command Function show interface This shows statistical count of ZXR10# URPF on an interface show ip traffic...
Page 173: Ipfix Configuration
Each distinguished data flow can be traced separately and counted accu- rately, its flow direction characteristics such as transmit direction and destination can be recorded, and the start time, end time, ser- Confidential and Proprietary Information of ZTE CORPORATION...
Page 174: Sampling
ZXR10 8900 Series User Manual (Basic Configuration Volume) vice type, contained packet number, byte number and other traffic information can be performed statistics. As a macro analysis tool for network communication, Netflow tech- nology doesn’t analyze the specific data contained in each packet...
Page 175: Data Output
This sets aging time of active ZXR10(config)# stream. As for long time active stream, in case it exceeds the set aging time, this data flow will age out, in minutes, 30 minutes by default. Confidential and Proprietary Information of ZTE CORPORATION...
Page 176: Setting Aging Time Of Inactive Stream
ZXR10 8900 Series User Manual (Basic Configuration Volume) Setting Aging Time of Inactive Stream Command Functions ip stream cache inactive <number> This sets aging time of inactive ZXR10(config)# stream. If data of a flow are not updated within the specified time, the aging information will be notified to stream record, in seconds, 15 seconds by default.
Page 177: Configuring Topn
TCP flag. Deleting Template Command Functions no ip stream template template-name This deletes one template. ZXR10(config)# Running Template Command Functions ip stream template template-name This runs template. ZXR10(config)# Confidential and Proprietary Information of ZTE CORPORATION...
Page 178: Ipfix Configuration Example
ZXR10 8900 Series User Manual (Basic Configuration Volume) IPFIX Configuration Example An IPFIX configuration example is given here with network topol- ogy as shown in Figure 40 IPFIX C IGURE ONFIGURATION XAMPLE ZXR10_R1(config)#ip stream enable ZXR10_R1(config)#interface gei_2/12 ZXR10_R1(config-if)#netflow-sample ingress unicast 100 ZXR10_R1(config-if)#netflow-sample egress unicast 100 ZXR10_R1(config)#ip strem exprot destination 192.168.1.1 2055...
Page 179 L3 protocol type, the number of packets or the number of bytes (corresponding to TOPNS setting). 3. To show template configuration, execute the following com- mand: show ipstream-template This shows configuration of template, that is, fields contained in template. Confidential and Proprietary Information of ZTE CORPORATION...
Page 180 ZXR10 8900 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 181: Figures
Figure 30 Dot1x Radius Authentication Application ....117 Figure 31 Dot1x Relay Authentication Application....118 Figure 32 Cluster Management Network ......122 Figure 33 Switching Rule ..........123 Figure 34 Cluster Management Configuration Example..126 Confidential and Proprietary Information of ZTE CORPORATION...
Page 182 ZXR10 8900 Series User Manual (Basic Configuration Volume) Figure 35 NTP Configuration Example ......... 130 Figure 36 LLDP Configuration Example ....... 139 Figure 37 Source Address Snooping 1 ........ 157 Figure 38 Source Address Snooping 2 ........ 158 Figure 39 URPF Configuration Example ....... 159 Figure 40 IPFIX Configuration Example .......
Page 183: Tables
Tables Table 1 CHAPTER SUMMARY ..........i Table 3 Parameter Values............. 6 Table 4 Command Modes ............12 Table 5 IP Address for Each Class ........59 Table 6 ACL Descriptions ............78 Confidential and Proprietary Information of ZTE CORPORATION...
Page 184 ZXR10 8900 Series User Manual (Basic Configuration Volume) This page is intentionally blank. Confidential and Proprietary Information of ZTE CORPORATION...
Page 185: List Of Glossary
RADIUS - Remote Authentication Dial In User Service RARP - Reverse Address Resolution Protocol RFC - Request For Comments RMON - Remote Monitoring SNMP - Simple Network Management Protocol SP - Strict Priority Confidential and Proprietary Information of ZTE CORPORATION...
Page 186 ZXR10 8900 Series User Manual (Basic Configuration Volume) SSH - Secure Shell TCP - Transmission Control Protocol TELNET - Telecommunication Network Protocol TFTP - Trivial File Transfer Protocol TLV - Type Length Value ToS - Type Of Service UDLD - UniDirectional Link Detection...

Zte ZXR10 8900 Series User Manual

Chapter 3 Systemmanagement Tableofcontents

Chapter 5 Portconfiguration Tableofcontents Portbasicconfiguration.....................................................43

Chapter 9 Aclconfiguration Tableofcontents Acloverview...................................................................77

Chapter 13 Networkmanagement Configuration Tableofcontents

Quick Links

Related Manuals for Zte ZXR10 8900 Series

Summary of Contents for Zte ZXR10 8900 Series