1. Manuals
  2. Brands
  3. Accton Technology Manuals
  4. Switch
  5. ES4626
  6. Management manual

Accton Technology ES4626 Management Manual

Accton layer 3 gigabit switch management guide
Hide thumbs
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
Table of Contents

Advertisement

Quick Links

Download this manual
ES4626/ES4650
Layer 3 Gigabit Switch
Management Guide
1
www.edge-core.com

Advertisement

Table of Contents
loading

Related Manuals for Accton Technology ES4626

Summary of Contents for Accton Technology ES4626

  • Page 1 ES4626/ES4650 Layer 3 Gigabit Switch Management Guide www.edge-core.com...

  • Page 2: Preface

    Preface ES4626/ES4650 is a routing switch that can be deployed as the core layer device for campus and enterprise networks, or as an aggregation device for IP metropolitan area networks (MAN). The ES4626 provides 24 fixed 1000MB port (4 of which are fixed 1000MB Combo fiber cable port/copper cable ports) and 2 10GB XFP ports.

  • Page 3: Table Of Contents

    Preface Contents Chapter 1 Switch Management _________________________________________ 12 Management Options ____________________________________________ 12 1.1.1 Out-of-band Management ____________________________________________ 12 1.1.2 In-band Management________________________________________________ 15 Management Interface____________________________________________ 21 1.2.1 CLI Interface ______________________________________________________ 21 1.2.2 WEB Interface _____________________________________________________ 28 Chapter 2 Basic Switch Configuration ____________________________________ 30 Basic Switch Configuration Commands ___________________________ 30 2.1.1 calendar set ________________________________________________________ 30...
  • Page 4 2.2.4 traceroute _________________________________________________________ 46 2.2.5 show ______________________________________________________________ 47 2.2.6 debug _____________________________________________________________ 53 Configuring Switch IP Addresses _________________________________ 53 2.3.1 Configuring Switch IP Addresses Task Sequence _________________________ 53 2.3.2 Commands for Configuring Switch IP Addresses _________________________ 54 SNMP ___________________________________________________________ 56 2.4.1 Introduction to SNMP _______________________________________________ 56 2.4.2 Introduction to MIB _________________________________________________ 57...
  • Page 5 3.4.1 Monitor and Debug Commands _______________________________________115 3.4.2 Port Troubleshooting Help____________________________________________116 WEB Management ______________________________________________ 116 3.5.1 Ethenet port configuration ___________________________________________116 3.5.2 Vlan interface configuration __________________________________________118 3.5.3 Port mirroring configuration_________________________________________ 120 3.5.4 Port debug and maintenance _________________________________________ 120 Chapter 4 MAC Table Configuration ____________________________________ 123 Introduction to MAC Table _______________________________________ 123 4.1.1 Obtaining MAC Table ______________________________________________ 123...
  • Page 6 VLAN Troubleshooting Help _____________________________________ 160 5.4.1 Monitor and Debug Information______________________________________ 160 5.4.2 VLAN Troubleshooting Help_________________________________________ 162 WEB Management ______________________________________________ 162 5.5.1 Vlan configuration _________________________________________________ 162 5.5.2 GVRP configuration________________________________________________ 168 5.5.3 VLAN debug and maintenance _______________________________________ 169 Chapter 6 MSTP Configuration ________________________________________ 171 MSTP Introduction ______________________________________________ 171 6.1.1 MSTP Region _____________________________________________________ 171...
  • Page 7 802.1X Configuration____________________________________________ 211 8.2.1 802.1X Configuration Task Sequence ___________________________________211 8.2.2 802.1X Configuration Command _____________________________________ 216 802.1X Apply Example___________________________________________ 226 802.1X Trouble Shooting ________________________________________ 227 8.4.1 802.1X Debug and Monitor Command_________________________________ 227 8.4.2 802.1X Troubleshooting _____________________________________________ 232 WEB Management ______________________________________________ 233 8.5.1 RADIUS client configuration ________________________________________ 233 8.5.2...
  • Page 8 10.3 Port Channel Example_________________________________________ 262 10.4 Port Channel Troubleshooting Help ____________________________ 264 10.4.1 Monitor and Debug Commands ______________________________________ 264 10.4.2 Port Channel Troubleshooting Help ___________________________________ 269 10.5 Web Management _____________________________________________ 270 10.5.1 LACP port group configuration ______________________________________ 270 10.5.2 LACP port configuration ____________________________________________ 271 Chapter 11 DHCP Configuration ________________________________________ 272 11.1 Introduction to DHCP ___________________________________________ 272...
  • Page 9 12.4.3 Time difference _______________________________________________________ 308 12.4.4 Show sntp ___________________________________________________________ 308 Chapter 13 QoS Configuration _________________________________________ 309 13.1 QoS__________________________________________________________ 309 13.1.1 Introduction to QoS ________________________________________________ 309 13.1.2 QoS Configuration __________________________________________________311 13.1.3 QoS Example______________________________________________________ 325 13.1.4 QoS Troubleshooting Help___________________________________________ 327 13.1.5 Web Management__________________________________________________ 333 13.2 PBR__________________________________________________________ 345 13.2.1...
  • Page 10 15.3.2 RIP Configuration _________________________________________________ 369 15.3.3 Typical RIP Scenario _______________________________________________ 385 15.3.4 RIP Troubleshooting Help ___________________________________________ 387 15.4 OSPF ________________________________________________________ 389 15.4.1 Introduction to OSPF_______________________________________________ 389 15.4.2 OSPF Configuration________________________________________________ 392 15.4.3 Typical OSPF Scenario______________________________________________ 417 15.4.4 OSPF Troubleshooting Help _________________________________________ 424 15.5 Web Management _____________________________________________ 433 15.5.1...
  • Page 11 16.6 IGMP_________________________________________________________ 485 16.6.1 Introduction to IGMP ______________________________________________ 485 16.6.2 IGMP configuration ________________________________________________ 486 16.6.3 Typical IGMP Scenario _____________________________________________ 492 16.6.4 IGMP Troubleshooting Help _________________________________________ 492 16.7 web Management _____________________________________________ 495 16.7.1 Multicast common configuration _____________________________________ 495 16.7.2 PIM-DM configuration _____________________________________________ 496 16.7.3 PIM-SM configuration ______________________________________________ 496 16.7.4...

  • Page 12: Chapter 1 Switch Management

    Chapter 1 1.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. ES4626/ES4650 provides two management options: in-band management and out-of-band management. 1.1.1 Out-of-band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
  • Page 13 Serial port cable One end attach to the RS-232 serial port, the other end to the Console port. ES4626/ES4650 Functional Console port required. Step 2 Entering the HyperTerminal Open the HyperTerminal included in Windows after the connection established. The example below is based on the HyperTerminal included in Windows XP.
  • Page 14 Fig 1-4 Opening HyperTerminal (3) 4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity checksum”, “1” for stop bit and “none” for traffic control; or, you can also click “Revert to default” and click “OK”. Fig 1-5 Opening HyperTerminal (4) Step 3 Entering switch CLI interface:...

  • Page 15: In-Band Management

    Attaching to file system ... done. Loading nos.img ... done. Starting at 0x10000... Current time is WED APR 20 09: 37: 52 2005 ES4626 Series Switch Operating System, Software Version ES4626 1.1.0.0, Copyright (C) 2001-2006 by Accton Technology Corporation http: //www.edge-core. com. ES4626 Switch 26 Ethernet/IEEE 802.3 interface(s)

  • Page 16: Management Via Telnet

    3) If not 2), Telnet client can connect to an IP address of the switch via other devices, such as a router. ES4626/ES4650 is a Layer 3 switch that can be configured with several IP addresses. The following example assumes the shipment status of the switch where only VLAN1 exists in the system.
  • Page 17 configuration prompts are assumed to be “switch” hereafter if not otherwise specified): Switch> Switch>en Switch#config Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.0 Switch(Config-If-Vlan1)#no shutdown Step 2: Run Telnet Client program. Run Telnet client program included in Windows with the specified Telnet target. Fig 1-7 Run telnet client program included in Windows Step 3: Login to the switch Login to the Telnet configuration interface.

  • Page 18: Management Via Http

    Telnet CLI interface after login is the same as in that in the Console interface. Fig 1-8 Telnet Configuration Interface 1.1.2.2 Management via HTTP To manage the switch via HTTP, the following conditions should be met: 1) Switch has an IP address configured 2) The host IP address (HTTP client) and the switch’s VLAN interface IP address are in the same network segment;...
  • Page 19 Step 2: Run HTTP protocol on the host. Open the Web browser on the host and type the IP address of the switch. Or run directly the HTTP protocol on the Windows. For example, the IP address of the switch is “10.1.128.251”.
  • Page 20 Fig 1-10 Web Login Interface Input the right username and password, and then the main Web configuration interface is shown as below.

  • Page 21: Management Interface

    Fig 1-11 Main Web Configuration Interface 1.2 Management Interface 1.2.1 CLI Interface CLI interface is familiar to most users. As aforementioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands.

  • Page 22: Configuration Modes

    Fuzzy match support 1.2.1.1 Configuration Modes Fig 1-12 Shell Configuration Modes 1.2.1.1.1 User Mode On entering the CLI interface, entering user entry system first. If as common user, it is defaulted to User Mode. The prompt shown is “Switch>”, the symbol “>” is the prompt for User Mode.

  • Page 23: Global Mode

    Interface Mode for configuration of all the interfaces. 1.2.1.1.3.1 Interface Mode Use the interface command under Global Mode can enter the interface mode specified. ES4626/ES4650 provides three interface type: VLAN interface, Ethernet port and port-channel, and accordingly the three interface configuration modes. Interface Type Entry...
  • Page 24 port-channel <port-channel-nu mber> command under Global Mode. 1.2.1.1.3.2 VLAN Mode Using the vlan <vlan-id> command under Global Mode can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode. 1.2.1.1.3.3 DHCP Address Pool Mode Type the ip dhcp pool <name>...

  • Page 25: Configuration Syntax

    1.2.1.2 Configuration Syntax ES4626/ES4650 provides various configuration commands. Although all the commands are different, they all abide by the syntax for ES4626/ES4650 configuration commands. The general command format of ES4626/ES4650 is shown below: cmdtxt <variable> { enum1 | … | enumN } [option] Conventions: cmdtxt in bold font indicates a command keyword;...

  • Page 26: Shortcut Key Support

    1.2.1.4 Help function There are two ways in ES4626/ES4650 for the user to access help information: the “help” command and the “?”. Access to Help Usage and function Help Under any command line prompt, type in “help”...

  • Page 27: Input Verification

    “?” 1. Under any command line prompt, enter “?” to get a command list of the current mode and related brief description. 2. Enter a “?” after the command keyword with a embedded space. If the position should be a parameter, a description of that parameter type, scope, etc, will be returned;...

  • Page 28: Web Interface

    Therefore, Shell will only recognize the command if “sh ru” is entered. 1.2.2 WEB Interface ES4626/ES4650 has HTTP Web management function. Users can configure and examine the switch through a Web browser. By conducting the following configurations, users can realize the Web management.
  • Page 29 1.2.2.2 Interface Panel On the top of the management page, the switch interface shows the current status of the ports. Click the ports which are in the state of “Link Up”, the port statistics are shown on the right.

  • Page 30: Chapter 2 Basic Switch Configuration

    Chapter 2 Basic Switch Configuration 2.1 Basic Switch Configuration Commands The basic configuration for the switch including all the commands for entering and exiting the Admin Mode and Interface Mode, setting and displaying switch clock and displaying system version information. 2.1.1 calendar set Command: calendar set <HH>...

  • Page 31: Enable

    2.1.3 enable Command: enable Function: Enter Admin Mode from User Mode. Parameter: 0 and 15 are user access levels. 0 is normal user level. In this level, users can enter Admin Mode and conduct major commands such as show, ping and traceroute etc. But users can‘t enter Global Mode.

  • Page 32: Exec Timeout

    Function: Modify the password to enter Admin Mode from the User Mode, press Enter after type in this command displays <Current password> and <New password> parameter for the users to configure. Parameter: 0 is normal user access level, users can enter Admin Mode and conduct major commands such as show, ping and trace route etc.

  • Page 33: Exit

    Example: Set timeout value for the switch to exit Admin Mode to 6 minutes. Switch(Config)#exec timeout 6 2.1.7 exit Command: exit Function: Exit the current mode to the previous mode. Under Global Mode, this command will return the user to Admin Mode, and in Admin Mode to User Mode, etc. Command mode: All configuration modes.

  • Page 34: Hostname

    Parameter <hostname> is the string for the prompt, up to 30 characters are allowed. Command mode: Global Mode Default: The default prompt is ES4626/ES4650. Usage Guide: With this command, the user can set the command line prompt of the switch according to their own requirements.

  • Page 35: Uername Nopassword

    Switch(Config)#username admin password 0 admin Switch(Config)# Related Command: username nopassword、username access-level、show users 2.1.12 username nopassword Command: username <user_name> nopassword Function: Set the username for logging on the switch and set the password as null. Parameter: <user_name> is the username. It can’t exceed 16 characters. Command mode: Global Mode Usage Guide: This command is used to set the username for logging on the switch and set the password as null.

  • Page 36: Set Default

    2.1.16 setup Command: setup Function: Enter the Setup Mode of the switch. Command mode: Admin Mode Usage Guide: ES4626/ES4650 provides a Setup Mode, in which the user can configure IP addresses, etc. 2.1.17 language Command: language {chinese|english} Function: Set the language for displaying the help information.

  • Page 37: Maintenance And Debug Commands

    ES4626/ES4650 provides various debug commands including ping, telnet, show and debug, etc. to help the users to check system configuration, operating status and locate problem causes.

  • Page 38: Telnet

    Telnet employs the Client-Server mode, the local system is the Telnet client and the remote host is the Telnet server. ES4626/ES4650 can be either the Telnet Server or the Telnet client.

  • Page 39: Telnet Task Sequence

    must be dropped. 2.2.2.2 Telnet Task Sequence 1. Configuring Telnet Server 2. Telnet to a remote host from the switch. 1. Configuring Telnet Server Command Global Mode ip telnet server no ip telnet server telnet-server securityip <ip-addr> no telnet-server securityip <ip-addr> Admin Mode monitor no monitor...

  • Page 40: Ip Telnet Server

    Usage Guide: This command is used when the switch is used as a client, the user logs in to remote hosts for configuration with this command. ES4626/ES4650 can only establish TCP connection to one remote host as the Telnet client. If a connection to another remote host is desired, the current TCP connection must be dropped.

  • Page 41: Ssh

    no ip telnet server Function: Enable the Telnet server function in the switch: the “no telnet-server enable” command disables the Telnet function in the switch. Default: Telnet server function is enabled by default. Command mode: Global Mode Usage Guide: This command is available in Console only. The administrator can use this command to enable or disable the Telnet client to login to the switch.

  • Page 42: Ssh Configuration Commands

    requirements of SSH2.0. It supports SSH2.0 client software such as SSH Secure Client and putty. Users can run the above software to manage the switch remotely. The switch presently supports RSA authentication, 3DES cryptography protocol and SSH user password authentication etc. 2.2.3.2 SSH Server Configuration Sequence SSH Server Configuration Command...
  • Page 43 2.2.3.3.1 ssh-server enable Command: ssh-server enable no ssh-server enable Function: Enable SSH function on the switch; the “no ssh-server enable” command disables SSH function. Command mode: Global Mode Default: SSH function is disabled by default. Usage Guide: In order that the SSH client can log on the switch, the users need to configure the SSH user and enable SSH function on the switch.
  • Page 44 Command mode: Global Mode Default: SSH authentication timeout is 180 seconds by default. Example: Set SSH authentication timeout to 240 seconds. Switch(Config)#ssh-server timeout 240 2.2.3.3.4 ssh-server authentication-retries Command: ssh-server authentication-retries < authentication-retries > no ssh-server authentication-retries Function: Configure the number of times for retrying SSH authentication; the “no ssh-server authentication-retries”...
  • Page 45 2.2.3.3.6 monitor Command: monitor no monitor Function: Display SSH debug information on the SSH client side and stop displaying SSH debug information on the Console; the “no monitor” command stops displaying SSH debug information on the SSH client side and enables to display SSH debug information on the Console.

  • Page 46: Traceroute

    2.2.3.5.1 show ssh-user Command: show ssh-user Function: Display the configured SSH usernames. Parameter: Admin Mode Example: Switch#show ssh-user test Related command: ssh-user 2.2.3.5.2 show ssh-server Command: show ssh-server Function: Display SSH state and users which log on currently. Command mode: Admin Mode Example: Switch#show ssh-server ssh-server is enabled...

  • Page 47: Show

    Parameter: <ip-addr> is the target host IP address in dot decimal format. <hostname> is the hostname for the remote host. <hops> is the maximum gateway number allowed by Traceroute command. <timeout> Is the timeout value for test packets in milliseconds, between 100 –...

  • Page 48: Show History

    Example: Check for currently enabled debug switch. Switch#show debugging STP: Stp input packet debugging is on Stp output packet debugging is on Stp basic debugging is on Switch# Related command: debug 2.2.5.3 dir Command: dir Function: Display the files and their sizes in the Flash memory. Command mode: Admin Mode Example: Check for files and their sizes in the Flash memory.

  • Page 49: Show Memory

    2.2.5.5 show memory Command: show memory Function: Display the contents in the memory. Command mode: Admin Mode Usage Guide: This command is used for switch debug purposes. The command will interactively prompt the user to enter start address of the desired information in the memory and output word number.

  • Page 50: Show Interfaces Switchport

    2.2.5.7 show startup-config Command: show startup-config Function: Display the switch parameter configurations written into the Flash memory at the current operation, those are usually also the configuration files used for the next power-up. Default: If the configuration parameters read from the Flash are the same as the default operating parameter, nothing will be displayed.

  • Page 51: Show Tcp

    Port VID : 1 Trunk allowed Vlan : ALL 2.2.5.9 show tcp Command: show tcp Function: Display the current TCP connection status established to the switch. Command mode: Admin Mode Example: Switch#show tcp LocalAddress LocalPort ForeignAddress 0.0.0.0 0.0.0.0 0.0.0.0 Displayed information LocalAddress LocalPort ForeignAddress...

  • Page 52: Show Users

    Usage Guide: Use this command to view the version information for the switch, including hardware version and software version. 。 Example: Switch#show vers ES4626 Device, Apr 14 2005 11: 19: 29 HardWare version is 2.0, SoftWare version packet is ES4626_1.1.0.0, BootRom version is ES4626_1.0.4 Copyright (C) 2001-2006 by Accton Technology Corporation..

  • Page 53: Debug

    In BootP/DHCP mode, the switch operates as a BootP/DHCP client, send broadcast packets of BootPRequest to the BootP/DHCP servers, and the BootP/DHCP servers assign the address on receiving the request. In addition, ES4626/ES4650 can act as a DHCP server, and dynamically assign network parameters such as IP addresses, gateway addresses and DNS server addresses to DHCP clients DHCP Server configuration is detailed in later chapters.

  • Page 54: Commands For Configuring Switch Ip Addresses

    no ip address <ip_address> <mask> [secondary] 2. BootP configuration Command ip address bootp no ip address bootp 3.DHCP Command ip address dhcp no ip address dhcp 2.3.2 Commands for Configuring Switch IP Addresses 2.3.2.1 ip address Command: ip address <ip-address> <mask> [secondary] no ip address [<ip-address>...

  • Page 55: Ip Address Dhcp

    Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.1 255.255.255.0 Switch(Config-If-Vlan1)#exit Switch(Config)# Related command: ip address bootp、ip address dhcp 2.3.2.2 ip address bootp Command: ip address bootpno ip address bootp Function: Enable the switch to be a BootP client and obtain IP address and gateway address through BootP negotiation;...

  • Page 56: Snmp

    Switch (Config-If-Vlan1)# ip address dhcp Switch (Config-If-Vlan1)#exit Switch (Config)# Related command: ip address, ip address bootp 2.4 SNMP 2.4.1 Introduction to SNMP SNMP (Simple Network Management Protocol) is a standard network management protocol widely used in computer network management. SNMP is an evolving protocol. SNMP v1 [RFC1157] is the first version of SNMP which is adapted by vast numbers of manufacturers for its simplicity and easy implementation;...

  • Page 57: Introduction To Mib

    device ports are on Up/Down status or the network topology changes, Agents can send Trap messages to NMS to inform the abnormal events. Besides, NMS can also be set to alert to some abnormal events by enabling RMON function. When alert events are triggered, Agents will send Trap messages or log the event according to the settings.

  • Page 58: Introduction To Rmon

    In this figure, the OID of the object A is 1.2.1.1. NMS can locate this object through this unique OID and gets the standard variables of the object. MIB defines a set of standard variables for monitored network devices by following this structure. If the variable information of Agent MIB needs to be browsed, the MIB browse software needs to be run on the NMS.

  • Page 59: Snmp Configuration

    Statistics: Maintain basic usage and error statistics for each subnet monitored by the Agent. History: Record periodical statistic samples available from Statistics. Alarm: Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON Agent records. Event: A list of all events generated by RMON Agent.
  • Page 60 3. Configure IP address of SNMP management base Command snmp-server securityip <ip-address> no snmp-server securityip <ip-address> snmp-server SecurityIP enable snmp-server SecurityIP disable 4. Configure engine ID Command snmp-server engineid < engine-string > no snmp-server engineid < engine-string > 5. Configure user Command snmp-server user...

  • Page 61: Snmp Configuration Commands

    <oid-string> {include|exclude} no snmp-server view <view-string> 8. Configuring TRAP Command snmp-server enable traps no snmp-server enable traps snmp-server host <host-address {v1|v2c|{v3 {NoauthNopriv|AuthNopriv|AuthPriv}}} <user-string> no snmp-server host <host-address> {v1|v2c|{v3 {NoauthNopriv|AuthNopriv |AuthPriv}}} <user-string> 9. Enable/Disable RMON Command rmon enable no rmon enable 2.4.4.2 SNMP Configuration Commands 2.4.4.2.1 snmp-server...
  • Page 62 2.4.4.2.2 snmp-server community Command: snmp-server community <string> {ro|rw} nmp-server community <string> Function: Configure the community string for the switch; the “no snmp-server community <string>” command deletes the configured community string. Parameter: <string> is the community string set; ro|rw is the specified access mode to MIB, ro for read-only and rw for read-write.
  • Page 63 no snmp-server engineid Function: Configure the engine ID; the “no snmp-server engineid < engine-string >” command restores the default engine ID. Parameter: <engine-string> is the engine ID which is 1-32 hexadecimal characters. Command mode: Global Mode Default: The engine ID is manufacturer number + local MAC address by default. Example 1: Set the engine ID to A66688999F.
  • Page 64 snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv} Function: Configure a new SNMP server group; the “no snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv}” command deletes the group. Parameter: <group-string > is the group name; NoauthNopriv means no encryption and no authentication; AuthNopriv means authentication and no encryption; AuthPriv means authentication and encryption;...
  • Page 65 Command: snmp-server host <host-address> {v1|v2c|{v3 {NoauthNopriv|AuthNopriv|AuthPriv}}} <user-string> no snmp-server host <host-address> {v1|v2c|{v3 {NoauthNopriv|AuthNopriv |AuthPriv}}} <user-string> Function: This command functions differently for different versions of SNMP. For SNMP v1/v2, this command is used to configure Trap community string and the IP address of the NMS which receives SNMP Trap messages.

  • Page 66: Typical Snmp Configuration Examples

    Example 1: Set the secure IP address to 1.1.1.5 Switch(config)#snmp-server securityip 1.1.1.5 Example 2: Delete the secure IP address Switch(config)#no snmp-server securityip 1.1.1.5 2.4.4.2.10 snmp-server SecurityIP enable Command: snmp-server SecurityIP enable snmp-server SecurityIP disable Function: Enable or disable secure IP address check function on the NMS. Command mode: Global Mode Default: Secure IP address check function is enabled by default.

  • Page 67: Snmp Troubleshooting Help

    Switch(Config)#snmp-server community private rw Switch(Config)#snmp-server community public ro Switch(Config)#snmp-server securityip 1.1.1.5 The NMS can use “private” as the community string to access the switch with read-write permission, or use “public” as the community string to access the switch with read-only permission.
  • Page 68 Command mode: Admin Mode Example: Switch#show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs...

  • Page 69: Show Snmp Status

    snmp packets output too big errors maximum packet size no such name errors bad values errors general errors response PDUs trap PDUs 2.4.6.1.2 show snmp status Command: show snmp status Function: Display SNMP configuration information. Command mode: Admin Mode Example: Switch#show snmp status Trap enable RMON enable...

  • Page 70: Show Snmp Engineid

    2.4.6.1.3 show snmp engineid Command: show snmp engineid Function: Display SNMP engine ID information. Command mode: Admin Mode Example: Switch#show snmp engineid SNMP engineID: 3138633303f1276c Displayed information SNMP engineID Engine Boots 2.4.6.1.4 show snmp user Command: show snmp user Function: Display user name information. Command mode: Admin Mode Example: Switch#show snmp user...

  • Page 71: Show Snmp View

    Example: Switch#show snmp group Group Name: initial Read View: one Write View: <no writeview specified> Notify View: one Displayed information Group Name Security level Read View Write View Notify View <no writeview specified> 2.4.6.1.6 show snmp view Command: show snmp view Function: Display view information.

  • Page 72: Switch Upgrade

    SNMP debug function and verify debug information. If users still can’t solve the SNMP problems, Please contact our technical and service center. 2.5 Switch Upgrade ES4626/ES4650 provides two ways for switch upgrade: BootROM upgrade and the TFTP/FTP upgrade under Shell. 2.5.1 BootROM Upgrade...
  • Page 73 Step 2: Press “ctrl+b” on switch boot up until the switch enters BootROM monitor mode. The operation result is shown below: ES4626 Management Switch Copyright (c) 2001-2004 by Accton Technology Corporation. All rights reserved. Reset chassis ... done. Testing RAM...
  • Page 74 BootRom version: 1.0.4 Creation date: Jun 9 2006, 14: 54: 12 Attached TCP/IP interface to lnPci0. [Boot]: Step 3: Under BootROM mode, run “setconfig” to set the IP address and mask of the switch under BootROM mode, server IP address and mask, and select TFTP or FTP upgrade. Suppose the switch address is 192.168.1.2/24, and PC address is 192.168.1.66/24, and select TFTP upgrade, the configuration should like: [Boot]: setconfig...

  • Page 75: Ftp/Tftp Upgrade

    Step 6: After successful upgrade, execute “run” command in BootROM mode to return to CLI configuration interface. [Boot]: run(or reboot) Other commands in BootROM mode DIR command Used to list existing files in the FLASH. [Boot]: dir boot.rom boot.conf nos.img startup-config temp.img CONFIG RUN command...
  • Page 76 FTP in Global Mode to be nos.img, other IMG system files will be rejected. Boot file: refers to the file initializes the switch, also referred to as the ROM upgrade file (Large size file can be compressed as IMG file). In ES4626/ES4650, the boot file is...
  • Page 77 Active configuration file: refers to the active configuration sequence use in the switch. In ES4626/ES4650, the active configuration file stores in the RAM. In the current version, the active configuration sequence running-config can be saved from the RAM to FLASH by...
  • Page 78 acknowledgement (4) Shut down TFTP server 1. FTP/TFTP client configuration (1)FTP/TFTP client upload/download file Command Admin Mode copy <source-url> <destination-url> [ascii | binary] (2)For FTP client, server file list can be checked. Global Mode dir <ftpServerUrl> 2. FTP server configuration (1)Start FTP server Command Global Mode...
  • Page 79 Command Global Mode tftp-server retransmission-number number > (3)Modify TFTP server connection retransmission time Command Global Mode tftp-server retransmission-number number > 2.5.2.2.2 FTP/TFTP Configuration Commands 2.5.2.2.3 copy(FTP) Command: copy <source-url> <destination-url> [ascii | binary] Function: FTP client upload/download file Parameter: <source-url> is the source file or directory location to be copied; <destination-url>...
  • Page 80 enters a command like copy <filename> ftp: // or copy ftp: // <filename> and press Enter, the following prompt will appear: ftp server ip address [x.x.x.x] : ftp username> ftp password> ftp filename> This prompts for the FTP server address, username, password and file name. Example: (1)Save the mirror in FLASH to FTP server 10.1.1.1, the login username for the FTP server is “Switch”, and the password is “Accton”.
  • Page 81 no ftp-server enable Function: Start FTP server, the “no ftp-server enable” command shuts down FTP server and prevents FTP user from logging in. Default: FTP server is not started by default. Command mode: Global Mode Usage Guide: When FTP server function is enabled, the switch can still perform ftp client functions.
  • Page 82 keyword Source/Target IP address running-config Active configuration file startup-config Start up configuration file nos.img System file boot.rom System boot file Command mode: Admin Mode Usage Guide: The command provides command line prompt messages. If the user enters a command like copy <filename> tftp: // or copy tftp: // <filename> and press Enter, the following prompt will appear: tftp server ip address>...
  • Page 83 Related command: tftp-server timeout 2.5.2.2.9 tftp-server retransmission-number Command: tftp-server retransmission-number <number> Function: Set the retransmission time for TFTP server Parameter: < number> is the time to re-transfer, the valid range is 1 to 20. Default: The default value is 5 retransmission. Command mode: Global Mode Example: Modify the retransmission to 10 times.
  • Page 84 ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; the switch acts as a FTP/TFTP client, the IP address of the switch management VLAN is 10.1.1.2. Download “nos.img” file in the computer to the switch. FTP Configuration Computer side configuration: Start the FTP server software on the computer and set the username “Switch”, and the...
  • Page 85 Switch (Config-If-Vlan1)#no shut Switch (Config-If-Vlan1)#exit Switch (Config)#ftp-server enable Switch(Config)# username Switch password 0 Admin Computer side configuration: Login to the switch with any FTP client software, with the username “Admin” and password “switch”, use the command “get nos.img 12_25_nos.img” to download “nos.img” file from the switch to the computer.
  • Page 86 Switch#copy tftp: //10.1.1.1/ Profile2 Profile2 Switch#copy tftp: //10.1.1.1/ Profile3 Profile3 Scenario 5: ES4626/ES4650 acts as FTP client to view file list on the FTP server. Synchronization conditions: The switch connects to a computer by a Ethernet port, the computer is a FTP server with an IP address of 10.1.1.1; the switch acts as a FTP client, and the IP address of the switch management VLAN1 interface is 10.1.1.2.

  • Page 87: Monitor And Debug Commands

    200 PORT Command successful. 150 Opening ASCII mode data connection for /bin/ls. recv total = 480 nos.img nos.rom parsecommandline.cpp position.doc qmdict.zip shell maintenance statistics.xls … (some display omitted here) show.txt snmp.TXT 226 Transfer complete. Switch (Config)# 2.5.2.4 FTP/TFTP Troubleshooting Help 2.5.2.4.1 Monitor and Debug Commands 2.5.2.4.1.1...

  • Page 88: Ftp Troubleshooting Help

    Command mode: Admin Mode Example: Switch#show tftp timeout : 60 Retry Times : 10 Displayed information Timeout Retry Times 2.5.2.4.2 FTP Troubleshooting Help When upload/download system file with FTP protocol, the connectivity of the link must be ensured, i.e., use the “Ping” command to verify the connectivity between the FTP client and server before running the FTP program.

  • Page 89: Tftp Troubleshooting Help

    226 Transfer complete. If the switch is upgrading system file or system start up file through FTP, the switch must not be restarted until “close ftp client” or “226 Transfer complete.” is displayed, indicating upgrade is successful, otherwise the switch may be rendered unable to start.

  • Page 90: Web Management

    2.6 WEB Management Click Switch Basic Configuration. Users can deploy the switch basic configuration such as enter or quit privileged mode, enter or quit interface mode, show switch clock and show switch system version etc. 2.6.1 Switch Basic Configuration Click Switch Basic Configuration, Switch Basic Configuration. Users can configure switch clock, CLI prompt message and timeout value for exiting Admin Mode etc.

  • Page 91: Snmp Configuration

    2.6.2 SNMP Configuration Click Switch Basic Configuration, SNMP Configuration. The switch SNMP configuration is shown. Users can configure SNMP. 2.6.2.1 SNMP manager configuration Click Switch Basic Configuration, SNMP Configuration, SNMP manager configuration. Configure switch community string. See the equivalent CLI command at 2.4.4.2.2 Community string (0-255 character) - Configure community string Access priority - Specify access mode to MIB.

  • Page 92: Configure Ip Address Of Snmp Manager

    2.6.2.3 Configure ip address of snmp manager Click Switch Basic Configuration, SNMP Configuration. Users can configure the secure IP address for NMS allowed to access the switch. See the equivalent CLI command at 2.4.4.2.6 Security ip address - NMS secure IP address State - Valid means to set;...

  • Page 93: Switch Upgrade

    configuration. Users can configure switch RMON: Snmp Agent state - Enable/disable the switch as SNMP agent. See the equivalent CLI command at 2.4.4.2.3 RMON state - Enable/disable RMON on the switch. See the equivalent CLI command at 2.4.4.2.1 Trap state - Enable the switch to send Trap messages. See the equivalent CLI command at 2.4.4.2.4 For example: Set Snmp Agent state to Enabled, set RMON state to Enabled, set Trap state to Enabled, and then click Apply.

  • Page 94: Tftp Server Configuration

    file in binary format For example: Get system file nos.img from TFTP server 10.1.1.1. Input the information as below, and then click Apply 2.6.3.2 TFTP server configuration Click TFTP server service. The configuration page is shown. See the equivalent CLI command at 2.2.2.2 The explanation of each field is as below: Server state - Server status, enable or disable.

  • Page 95: Monitor And Debug Command

    Server file name - Server file name Operation type – Upload means to upload file, Download means to download file. Transmission type-ascii means to transmit file in ASCII format, binary means to transmit file in binary format 2.6.3.4 FTP server configuration Click FTP server service.

  • Page 96: Debug Command

    Debug command - Debug command Show clock - Show clock. See the equivalent CLI command at 2.2.4.1 Show flash - Show flash file information. See the equivalent CLI command at 2.2.4.3 Show history - Show recent user input history. See the equivalent CLI command at 2.2.4.4 Show running-config - Show the current effective switch configuration.

  • Page 97: Switch Basic Information

    Click show switchport interface. The configuration page is shown. See the equivalent CLI command at 2.2.4.8 The explanation of each field is as below: Port - Port list Select port1/1, and then click Apply. The port Vlan information is shown. 2.6.4.3 Other Other parts are quite straight forward.

  • Page 98: Switch On-Off Configuration

    2.6.6 Switch on-off configuration Click Switch on-off information node. The configuration page is shown. The explanation of each field is as below: RIP Status - Enable or disable RIP. See the equivalent CLI command at 15.3.2.2.17 IGMP Snooping – Enable or disable IGMP Snooping. See the equivalent CLI command at 7.2.2.1 Switch GVRP Status –...

  • Page 99: Telnet Service Configuration

    2.6.8 Telnet service configuration On the mainpage, click Talent server configuration on the left column Users can configure telnet service. Click Telnet server user configuration to configure telnet service. See the equivalent CLI command at 2.2.2.3.3: Telnet server State – Enable or disable telnet server. See the equivalent CLI command at 2.2.2.3.3 Click Telnet security IP to configure secure IP address which can configure telnet service.

  • Page 100: Basic Host Configuration

    2.6.10 Basic host configuration Basic host configuration - Set the mapping relationship between the host and IP address. See the equivalent CLI command at 2.1.8 Set Hostname to London, set IP address to 200.121.1.1,and then click Apply. The configuration is applied on the switch.

  • Page 101: Chapter 3 Port Configuration

    Chapter 3 Port Configuration 3.1 Introduction to Port The front panel of ES4626 provide 4 Combo ports (these Combo ports can be configured as either 1000MB copper ports or 1000MB SFP fiber ports, but only one type can be selected), 20 1000MB copper ports and 2 XFP 10GB fiber port.
  • Page 102 Command Interface Mode interface ethernet <interface-list> 2. Configure the properties for the Ethernet ports Command Interface Mode combo-forced-mode { copper-forced | copper-preferred-auto | sfp-forced | sfp-preferred-auto } no combo-forced-mode shutdown no shutdown description<string> no description mdi { auto | across | normal } no mdi speed-duplex {auto | force10-half | force10-full...

  • Page 103: Ethernet Port Configuration Commands

    3.2.1.2 Ethernet Port Configuration Commands 3.2.1.2.1 Rate-limit Command: rate-limit {input|output} <level> no rate-limit {input|output} Function: Enable the bandwidth control function for the port: the “no bandwidth control” command disables the bandwidth control function for the port. Parameter: <level>is the bandwidth limit in Mbps, the valid value ranges from 1 to 10000 M;...
  • Page 104 Command mode: Interface Mode Default: The default setting for combo mode of combo ports is fiber cable port first. Usage Guide: The combo mode of combo ports and the port connection condition determines the active port of the combo ports. A combo port consists of one fiber port and a copper cable port.

  • Page 105: Flow Control

    The ports of ES4626/ES4650 support 802.3X fallback flow control ; the ports work in half duplex mode, supporting fallback flow control. If the...
  • Page 106 Function: Sets the cable types supported by the Ethernet port; the “no mdi” command sets cable type auto-identification. This command is not supported on the ES4626/ES4650 ports of 1000MB and above, these ports have auto-identification set for cable types. Parameter: auto indicates auto identification of cable types; across indicates crossover cable support only;...
  • Page 107 Command mode: Interface Mode Default: No name is set by default. Usage Guide: This command facilitates the management of the switch. The user can name the ports according to their usage, for example, 1/1-2 ports used by the financial department, and they can be named "financial”; 2/9 port is used by the engineering department, and can be named “engineering”;...
  • Page 108 to pass through the switch at line speed. Parameter: use dlf to limit unicast traffic for unknown destination; multicast to limit multicast traffic; broadcast to limit broadcast traffic. <packets> stands for the number of packets allowed to pass through per second for non-10Gb ports; for 10 Gb ports, this is the number of packets allowed to pass through multiplies 1,040.

  • Page 109: Vlan Interface Configuration

    Command: speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | { {force1g-half | force1g-full} [nonegotiate [master | slave]] } } no speed-duplex Function: Set the speed and duplex mode for 1000Base-TX or 100Base-TX ports; the “no speed-duplex” command restores the default speed and duplex mode setting, i.e. auto speed negotiation and duplex.

  • Page 110: Vlan Interface Configuration Commands

    Configure the IP address for VLAN interface and enables VLAN interface. 1. Enter VLAN Mode Command Global Mode address {<ip-address> [secondary] | bootp | dhcp} no ip address [<ip-address> <mask>] 2. Configure the IP address for VLAN interface and enables VLAN interface. Command VLAN Mode ip address <ip-address>...
  • Page 111 VLAN interface. A VLAN interface can have only one primary IP address but multiple secondary IP address. Both primary IP address and secondary IP address can be used for SNMP/Web/Telnet management. In addition, ES4626/ES4650allows IP address to be obtained through BootP/DHCP.

  • Page 112: Port Mirroring Configuration

    ES4626/ES4650 support one mirror destination port only. The number of mirror source port is not limited, one or more ports can be used. Multiple source ports can be within the same VLAN or across several VLANs.

  • Page 113: Port Monitor

    3.2.3.3 Port Mirroring Configuration 3.2.3.3.1 port monitor Command: port monitor <interface-list> [rx| tx| both] no port monitor <interface-list> Parameter: <interface-list> is the list of the monitored source interfaces; rx is the inbound traffic of the monitored source interface; tx is the outbound traffic of the monitored source interface;...

  • Page 114: Port Configuration Example

    3.2.3.5.2 Device Mirroring Troubleshooting Help If problems occur configuring port mirroring, please check the following first for causes: Whether the mirror destination port is a member of a trunk group or not, if yes, modify the trunk group. If the throughput of mirror destination port is smaller than the total throughput of mirror source port(s), the destination port will not be able to duplicate all source port traffic;...

  • Page 115: Port Troubleshooting Help

    SW3: Switch3(Config)#interface ethernet 1/10 Switch3(Config-Ethernet1/10)# speed-duplex force100-full Switch3(Config-Ethernet1/10)#duplex full Port Troubleshooting Help 3.4.1 Monitor and Debug Commands 3.4.1.1 clear counters Command: clear counters [{ethernet <interface-list> | vlan <vlan-id> | port-channel <port-channel-number> | <interface-name>}] Function: Clear the statistics of the specified port. Parameter: <interface-list>...

  • Page 116: Port Troubleshooting Help

    sent/received. Usage Guide: If no port is specified, then information for all ports will be displayed. Example: Display information about port 4/1. Switch#show interfaces status ethernet 4/1 3.4.2 Port Troubleshooting Help Here are some situation frequently occurs in port configuration and the advised solutions: Two connected fiber interfaces won’t link up if one interface is set to auto negotiation but the other to forced speed/duplex.

  • Page 117: Bandwidth Control

    support. See the equivalent CLI command at 3.2.1.2.6 Admin Status – Enable or disable port. See the equivalent CLI command at 3.2.1.2.9 speed/duplex status – Set port duplex. The supported types include: 1000M/Half and 1000M/Full. See the equivalent CLI command at 3.2.1.2.2 and 3.2.1.2.10 port flow control status –...

  • Page 118: Vlan Interface Configuration

    configure port bandwidth control. See the equivalent CLI command at 3.2.1.2.1 Port – Specify the port Bandwidth control level – Port bandwidth control; valid ranges is 1 to 10000 in Mbps. Control type –input and output means that bandwidth control is applied to the inbound and outbound traffic;...

  • Page 119: Allocate Ip Address For L3 Port

    page is shown. Users can configure port Layer 3 information such as IP address and network mask etc. 3.5.2.1 Allocate IP address for L3 port Click Port configuration, Vlan interface configuration, Allocate IP address for L3 port. Users can configure port Layer 3 IP address. See the equivalent CLI command at 3.2.2.2.2: Port –...

  • Page 120: Port Mirroring Configuration

    3.5.3 Port mirroring configuration Click Port configuration, Port mirroring configuration. Users can configure port mirroring. 3.5.3.1 Mirror configuration Click Port configuration, Port mirroring configuration, Mirror configuration. Users can configure port mirroring for source interface and destination interface. Source Interface configuration. See the equivalent CLI command at 3.2.3.3.1: session –...

  • Page 121: Show Port Information

    3.5.4.1 Show port information Click Port configuration, Port debug and maintenance, Show port information. The port statistics information is shown. See the equivalent CLI command at 3.4.1.2 For example: Select to display Ethernet1/1, and then click Refresh. The statistics information of port Ethernet 1/1 is shown.

  • Page 123: Chapter 4 Mac Table Configuration

    Chapter 4 MAC Table Configuration 4.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses. Static MAC addresses are manually configured by the user, have the highest priority and are permanently effective (will not be overwritten by dynamic MAC addresses);...
  • Page 124 The topology of the figure above: 4 PCs connected to ES4626/ES4650, where PC1 and PC2 belongs to a same physical segment (same collision domain), the physical segment connects to port 1/5 of ES4626/ES4650; PC3 and PC4 belongs to the same physical segment that connects to port 1/12 of ES4626/ES4650.

  • Page 125: Forward Or Filter

    The switch will forward or filter received data frames according to the MAC table. Take the above figure as an example, assuming ES4626/ES4650 has learnt the MAC address of PC1 and PC3, and the user manually configured the mapping relationship for PC2 and PC4 to ports.

  • Page 126: Mac Table Configuration

    table, the switch will broadcast the unicast frame. When VLANs are configured, the switch will forward unicast frame within the same VLAN. If the destination MAC address is found in the MAC table but belonging to different VLANs, the switch can only broadcast the unicast frame in the VLAN it belongs to.

  • Page 127: Mac-Address-Table Discard

    Function: Add or modify static address entry , the “no mac-address-table” command delete static address entries and dynamic address entries. Parameter: static stands for static address entry; dynamic for dynamic address entry; <mac-addr> for MAC address to add or delete; <interface-name> for port name to forward the MAC frame;...

  • Page 128: Typical Configuration Examples

    Typical Configuration Examples MAC:00-01-22-22-22-22 MAC:00-01-11-11-11-11 Fig 4-2 MAC Table typical configuration example Scenario: Four PCs as shown in the above figure connect to port 1/5, 1/7, 1/9, 1/11 of switch, all the four PCs belong to the default VLAN1. As required by the network environment, dynamic learning is enabled.

  • Page 129: Troubleshooting Help

    Command: show mac-address-table <mac-addr>] Function: Show the current MAC table Parameter: static static entry; aging-time address aging time; discardiia filter entry; <mac-addr> entry’s MAC address; <vlan-id> entry’s VLAN number; <interface-name> entry’s interface name Command mode: Admin mode Default: MAC address table is not displayed by default. Usage guide: This command can display various sorts of MAC address entries.

  • Page 130: Mac Address Binding Configuration

    However, in some cases, security or management policy may require MAC addresses to be bound with the ports, only data stream from the binding MAC are allowed to be forwarded in the ports. That is to say, after a MAC address is bound to a port, only the data stream destined for that MAC address can flow in from the binding port, data stream destined for the other MAC addresses that not bound to the port will not be allowed to pass through the port.

  • Page 131: Mac Address

    switchport port-security <value> no switchport port-security timeout switchport port-security mac-address <mac-address> switchport port-security mac-address <mac-address> Admin Mode clear port-security dynamic [address <mac-addr> | interface <interface-id>] MAC address binding property configuration Command Interface Mode switchport port-security <value> no switchport port-security maximum <value>...
  • Page 132 port enabling MAC address binding must not be a Trunk port. Example: Enable MAC address binding function for port 1and and lock the port. When a port is locked, the MAC address learning function for the port will be disabled. Switch(Config)#interface Ethernet 1/1 Switch(Config-Ethernet1/1)#port security 4.5.1.2.2.2...
  • Page 133 4.5.1.2.2.4 switchport port-security mac-address Command: switchport port-security mac-address <mac-address> no switchport port-security mac-address <mac-address> Function: Add static secure MAC address; the “no switchport port-security mac-address” command deletes static secure MAC address. Command mode: Interface Mode Parameter: <mac-address> stands for the MAC address to be added/deleted. Usage Guide: The MAC address binding function must be enabled before static secure MAC address can be added.

  • Page 134: Mac Address Binding Troubleshooting Help

    Parameter: < value> is the up limit for static secure MAC address, the valid range is 1 to 128. Default: The default maximum port secure MAC address number is 1. Usage Guide: The MAC address binding function must be enabled before maximum secure MAC address number can be set.
  • Page 135 4.5.1.3.1.1 show port-security Command: show port-security Function: display the global configuration of secure ports. Command mode: Admin Mode Default: Configuration of secure ports is not displayed by default. Usage Guide: This command displays the information for ports that are currently configured as secure ports.
  • Page 136 secure port. Example: Switch# show port-security interface ethernet 1/1 Ethernet1/1 Port Security : Enabled Port status : Security Up Violation mode : Protect Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Lock Timer is ShutDown Mac-Learning function is : Closed Displayed information Port Security :...

  • Page 137: Web Management

    Vlan Mac Address 0000.0000.1111 -------------------------------------------------------------------------------------------------- Total Addresses : 1 Displayed information Vlan Mac Address Type Ports Total Addresses 4.5.1.3.2 MAC Address Binding Troubleshooting Help Enabling MAC address binding for ports may fail in some occasions. Here are some possible causes and solutions: If MAC address binding cannot be enabled for a port, make sure the port is not executing Spanning tree, port aggregation and is not configured as a Trunk port.

  • Page 138: Unicast Address Configuration

    4.6.1.1 Unicast address configuration Click MAC address table configuration, MAC address table configuration, Unicast address configuration. Users can add and delete MAC address. See the equivalent CLI command at 4.2.2: MAC address – Specify MAC address VID – Vlan number of the MAC address Configuration type –...
  • Page 139 and then click Apply. All the static MAC addresses on the interface Ethernet 1/1 are deleted. 4.6.1.3 Static MAC query Click MAC address table configuration, MAC address table configuration, Static MAC query. Users can query MAC address. See the equivalent CLI command at 4.4.1.1: Query by VID –...

  • Page 140: Mac Address Table Configuration

    CLI command at 4.4.1.1: 4.6.2 MAC address table configuration Click MAC address table configuration, MAC address binding configuration. Users can configure secure port features. 4.6.2.1 Enbale port Mac-binding Click MAC address table configuration, MAC address binding configuration, Enbale port Mac-binding. Users can configure secure port features. 4.6.2.1.1 Enbale port Mac-binding Click MAC address table configuration, MAC address binding configuration, Enable...

  • Page 141: Dynamic Mac Converting

    Port – Specify port For example: Select port Ethernet1/1, and then click Apply. The port Ethernet1/1 is locked. Click Remove to disable port MAC address binding. 4.6.2.2.2 Dynamic MAC converting Click MAC address table configuration, MAC address binding configuration, Lock port, Dynamic MAC converting.

  • Page 142: Clearing Port Mac

    Port – Specify the port Port security MAC –Port security MAC address Operation type – add static security address; Remove static security address For example: Select port Ethernet1/1; set MAC address to 00-11-11-11-11-11; Select add static security address, and then click Apply. The configuration is applied on the switch.

  • Page 143: Port Violation Mode

    Port – Specify the port Max security MAC number (1-128) – Maximum MAC number For example: Select port Ethernet1/1; set Max security MAC number to 30, and then click Apply. The configuration is applied on the switch. Click Remove to restore the default setting.
  • Page 144 specified port. See the equivalent CLI command at 4.5.1.3.1.3 Show all port-security – Show secure port configuration. See the equivalent CLI command at 8.5.1.3.1.1 Show all port-security address – Show secure port MAC address. See the equivalent CLI command at 4.5.1.3.1.3 Click Show Port Configuration.

  • Page 145: Chapter 5 Vlan Configuration

    IEEE announced IEEE 802.1Q protocol to direct the standardized VLAN implementation, and the VLAN function of ES4626/ES4650 is implemented following IEEE 802.1Q. The characteristics of VLAN technology is a big LAN can be partitioned into many separate broadcast domains dynamically to meet the demands.

  • Page 146: Vlan Configuration

    VLAN and GVRP (GARP VLAN Registration Protocol) defined by 802.1Q are implemented in ES4626/ES4650. The chapter will describe the use and configuration of VLAN and GVRP in details. VLAN Configuration 5.2.1 VLAN Configuration Task Sequence Creating or deleting VLAN Specifying or deleting VLAN name...
  • Page 147 4. Set Trunk port Command Interface Mode Switchport allowedvlan remove <vlan-list>} no switchport allowed vlan switchport native vlan <vlan-id> no switchport native vlan 5. Set Access port Command Interface Mode switchport allowed add vlan <vlan-id> no switchport access vlan 6. Disable/Enable VLAN Ingress Rules Command Global Mode switchport ingress-filteringno switchport...

  • Page 148: Vlan Configuration Commands

    5.2.2 VLAN Configuration Commands 5.2.2.1 vlan Command: vlan <vlan-id>[name <vlan-name>] no vlan <vlan-id>[name] Function: Create a VLAN and enter VLAN configuration mode, and can set VLAN name. In VLAN Mode, the user can assign the switch port to the VLAN. The “no vlan <vlan-id>”...

  • Page 149: Switchport Interface

    Switch(Config-ethernet1/8)#switchport mode access Switch(Config-ethernet1/8)#switchport access vlan 100 Switch(Config-ethernet1/8)#exit 5.2.2.3 switchport interface Command: switchport interface <interface-list> no switchport interface <interface-list> Function: Specify Ethernet port to VLAN; the “no switchport interface <interface-list>” command deletes one or one set of ports from the specified VLAN. <interface-list>...

  • Page 150: Switchport Trunk Allowed Vlan

    Switch(Config-ethernet1/8)#exit 5.2.2.5 switchport trunk allowed vlan Command: switchport trunk allowed vlan {<vlan-list>|all} no switchport trunk allowed vlan Function: Set trunk port to allow VLAN traffic; the “no switchport trunk allowed vlan” command restores the default setting. Parameter: <vlan-list> is the list of VLANs allowed to pass through in the specified Trunk port;...
  • Page 151 Switch(Config-ethernet1/5)#exit 5.2.2.7 switchport ingress-filtering Command: switchport ingress-filtering no switchport ingress-filtering Function: Enable the VLAN ingress rule for a port; the “no vlan ingress disable” command disable the ingress rule. Command mode: Interface Mode Default: VLAN ingress rules are enabled by default. Usage Guide: When VLAN ingress rules are enabled on the port, when the system receives data it will check source port first, and forwards the data to the destination port if it is a VLAN member port.

  • Page 152: Typical Vlan Application

    Primary VLAN; set VLAN200 to Isolated VLAN; set VLAN300 to Community VLAN. 5.2.2.9 private-vlan association Command: private-vlan association no private-vlan association Function: Set Private VLAN association; the “no private-vlan association” command cancels Private VLAN association. Parameter: <secondary-vlan-list> Sets Secondary VLAN list which is associated to Primary VLAN.
  • Page 153 Fig 5-2 Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requirements. The three VLANs are VLAN2, VLAN100 and VLAN200. Those three VLANs must cross location A and B. One switch is placed in each site, and cross-location requirement can be met if VLAN traffic can be transferred between the two switches.

  • Page 154: Gvrp Configuration

    Switch(Config)#vlan 2 Switch(Config-Vlan2)#switchport interface ethernet 1/2-4 Switch(Config-Vlan2)#exit Switch(Config)#vlan 100 Switch(Config-Vlan100)#switchport interface ethernet 1/5-7 Switch(Config-Vlan100)#exit Switch(Config)#vlan 200 Switch(Config-Vlan200)#switchport interface ethernet 1/8-10 Switch(Config-Vlan200)#exit Switch(Config)#interface ethernet 1/11 Switch(Config-Ethernet1/11)#switchport mode trunk Switch(Config-Ethernet1/11)#exit Switch(Config)# Switch B: Switch(Config)#vlan 2 Switch(Config-Vlan2)#switchport interface ethernet 1/2-4 Switch(Config-Vlan2)#exit Switch(Config)#vlan 100 Switch(Config-Vlan100)#switchport interface ethernet 1/5-7 Switch(Config-Vlan100)#exit Switch(Config)#vlan 200...

  • Page 155: Gvrp Configuration Task Sequence

    can receive VLAN dynamic register information from the other switches, and update local VLAN register information according the information received. GVRP enabled switch can also populate their won VLAN register information to the other switches. The VLAN register information populated includes local static information manually configured and dynamic information learnt from the other switches.

  • Page 156: Gvrp Commands

    5.3.2 GVRP Commands 5.3.2.1 garp timer join Command: garp timer join <timer-value> no garp timer join Function: Set the join timer for GARP; the “ no garp timer join” command restores the default timer setting. Parameter: < timer-value> is the value for join timer, the valid range is 100 to 327650 Command mode: Interface Mode Default: The default value for join timer is 200 ms.

  • Page 157: Garp Timer Hold

    5.3.2.3 garp timer hold Command: garp timer hold <timer-value> no garp timer hold Function: Set the hold timer for GARP; the “ no garp timer hold” command restores the default timer setting. Parameter: < timer-value> is the value for GARP hold timer, the valid range is 100 to 327650 ms.

  • Page 158: Typical Gvrp Application

    no bridge-ext gvrp Function: Enable the GVRP function for the switch or the current Trunk port; the “no gvrp” command disables the GVRP function globally or for the port. Command mode: Interface Mode and Global Mode. Default: GVRP is disabled by default. Usage Guide: Port GVRP can only be enabled after global GVRP is enabled.
  • Page 159 protocol is to be configured in the switch. Configure GVRP in Switch A, B and C, enable Switch B to learn VLAN100 dynamically so that the two workstation connected to VLAN100 in Switch A and C can communicate with each other through Switch B without static VLAN100 entries.

  • Page 160: Vlan Troubleshooting Help

    Switch(Config)#vlan 100 Switch(Config-Vlan100)#switchport interface ethernet 1/2-6 Switch(Config-Vlan100)#exit Switch(Config)#interface ethernet 1/11 Switch(Config-Ethernet1/11)#switchport mode trunk Switch(Config-Ethernet1/11)# bridge-ext gvrp Switch(Config-Ethernet1/11)#exit 5.4 VLAN Troubleshooting Help 5.4.1 Monitor and Debug Information 5.4.1.1 show vlan Command: show vlan [brief| summary] [id <vlan-id>] [name <vlan-name>] Function: Display detailed information for all VLANs or specified VLAN. Parameter: brief stands for brief information;...

  • Page 161: Show Garp Timer

    Universal Vlan: Total Existing Vlans is: 2 Displayed information VLAN Name Type Media Ports Universal Vlan Dynamic Vlan 5.4.1.2 show garp timer Command: show garp timer [<interface-name>] Function: Display the global and port information for GARP. Parameter: <interface-nam> stands for the name of the Trunk port to be displayed. Command mode: Admin Mode Usage Guide: N/A.

  • Page 162: Vlan Troubleshooting Help

    GVRP will not work properly. It is recommended to avoid enabling GVRP and RSTP at the same time in ES4626/ES4650. If GVRP is to be enabled, RSTP function for the ports must be disabled first. 5.5 WEB Management Click Vlan configuration.

  • Page 163: Vid Allocation

    remove vlan. 5.5.1.1.1 VID allocation Click Vlan configuration, Vlan configuration, Create/Remove VLAN, VID allocation. Users can add or remove vlan. See the equivalent CLI command at 5.2.2.1: Operation type – Add new VID: Add a new vlan; Remove: Remove a vlan VID –...

  • Page 164: Allocate Port For Vlan

    5.5.1.2 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Allocate ports for VLAN. Users can configure the vlan information on the switch. 5.5.1.2.1 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Allocate ports for VLAN, Allocate port for Vlan.

  • Page 165: Trunk Port Configuration

    Type – Specify port type: access, trunk. See the equivalent CLI command at 5.2.2.5 Vlan ingress rules – Enable or disable vlan ingress rule. See the equivalent CLI command at 5.2.2.8 For example: Select port Ethernet1/1; select Type to Trunk; select Enable Vlan ingress rules, and then click Apply.

  • Page 166: Vlan Setting For Access Port

    Set trunk native vlan: Set the native vlan of the port. See the equivalent CLI command at 5.2.2.7: Port – Specify the port Trunk native vlan – Specify native vlan id Operation type – Set native vlan: Add new VLAN; Remove native vlan: Leave the native vlan For example: Select port Ethernet1/8;...
  • Page 167 from the specified VLAN: Port – Specify the port Vlan ID – Specify VLAN ID For example: Select port Ethernet1/1; select Vlan ID 1, and then click Apply. The port Ethernet 1/1 is added to VLAN 1. The results are shown in Information Display window: 5.5.1.6 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Enable/Disable Vlan ingress rule.

  • Page 168: Gvrp Configuration

    5.5.2 GVRP configuration Click Vlan configuration, GVRP configuration. Users can configure GVRP. 5.5.2.1 Enable global GVRP Click Vlan configuration, GVRP configuration, Enable global GVRP. Users can enable or disable GVRP globally. See the equivalent CLI command at 5.3.2.5. For example: Select Enable GVRP, and then click Apply. The GVRP is enabled globally on the switch.

  • Page 169: Vlan Debug And Maintenance

    5.5.3 VLAN debug and maintenance Click Vlan configuration, Vlan debug and maintenance. Users can view Vlan information on the switch. 5.5.3.1 show Vlan Click Vlan configuration, VLan debug and maintenance, show Vlan. The Vlan information is shown on Information display window. See the equivalent CLI command at 5.4.1.1 5.5.3.2 show garp Click Vlan configuration, VLan debug and maintenance, show garp.

  • Page 170: Show Gvrp

    5.5.3.3 show gvrp Click Vlan configuration, VLan debug and maintenance, show gvrp. The GVRP information is shown on Information display window. See the equivalent CLI command at 5.4.1.3...

  • Page 171: Chapter 6 Mstp Configuration

    Chapter 6 MSTP Configuration MSTP Introduction The MSTP (Multiple STP) is a new spanning-tree protocol which is based on the STP and the RSTP. It runs on all the bridges of a bridged-LAN. It calculates a common and internal spanning tree (CIST) for the bridge-LAN which consists of the bridges running the MSTP, the RSTP and the STP.

  • Page 172: Operations Within An Mstp Region

    Figure 6-1 Example of CIST and MST Region In the above network, if the bridges are running the STP other the RSTP, one port between Bridge M and Bridge B should be blocked. But if the bridges in the yellow range run the MSTP and are configured in the same MST region, MSTP will treat this region as a bridge.

  • Page 173: Port Roles

    The MSTI is only valid within its MST region. An MSTI has nothing to do with MSTIs in other MST regions. The bridges in a MST region receive the MST BPDU of other regions through Boundary Ports. They only process CIST related information and abandon MSTI information.
  • Page 174 spanning-tree no spanning-tree Global Mode spanning-tree mode {mstp|stp} no spanning-tree mode Interface Mode spanning-tree mcheck 2. Configure instance parameters Command Global Mode spanning-tree <instance-id> priority <bridge-priority> no spanning-tree mst <instance-id> priority Interface Mode spanning-tree mst <instance-id> cost <cost> no spanning-tree mst <instance-id> cost spanning-tree <instance-id>...
  • Page 175 Command Global Mode spanning-tree mst configuration no spanning-tree mst configuration MSTP region mode instance <instance-id> vlan <vlan-list> instance <instance-id> <vlan-list>] name <name> no name revision-level <level> no revision-level abort exit 4. Configure MSTP time parameters Command Global Mode spanning-tree forward-time <time> no spanning-tree forward-time spanning-tree hello-time <time>...

  • Page 176: Mstp Configuration Command

    Command Interface Mode spanning-tree link-type {auto|force-true|force-false} no spanning-tree link-type spanning-tree portfast no spanning-tree portfast 6.2.2 MSTP Configuration Command 6.2.2.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode. Command mode: MSTP Region Mode Usage Guide: This command is to quit MSTP region mode without saving the current configuration.
  • Page 177 no instance <instance-id> [vlan <vlan-list>] Function: In MSTP region mode, create the instance and set the mappings between VLANs and instances; The command “no instance <instance-id> [vlan <vlan-list>]” removes the specified instance and the specified mappings between the VLANs and instances.
  • Page 178 Command: revision-level <level> no revision-level Function: In MSTP region mode, this command is to set revision level for MSTP configuration; The command “no revision-level” restores the default setting to 0. Parameter: <level> is revision level. The valid range is from 0 to 65535. Command mode: MSTP Region Mode Default: The default revision level is 0.
  • Page 179 working with hello time and max age. The parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly. 2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds) Example: In global mode, set MSTP forward delay time to 20 seconds. Switch(Config)#spanning-tree forward-time 20 6.2.2.8 spanning-tree hello-time Command: spanning-tree hello-time <time>...
  • Page 180 6.2.2.10 spanning-tree maxage Command: spanning-tree maxage <time> no spanning-tree maxage Function: Set the max aging time for BPDU; The command “no spanning-tree maxage” restores the default setting. Parameter: <time> is max aging time in seconds. The valid range is from 6 to 40. Command mode: Global Mode Default: The max age is 20 seconds by default.
  • Page 181 Command mode: Interface Mode Default: The port is in the MSTP mode by default. Usage Guide: If a network which is attached to the current port is running IEEE 802.1D STP, the port converts itself to run in STP mode. The command is used to force the port to run in the MSTP mode.
  • Page 182 Name MAC address of the bridge Revision Usage Guide: Whether the switch is in the MSTP region mode or not, users can enter the MSTP mode, configure the attributes, and save the configuration. When the switch is running in the MSTP mode, the system will generate the MST configuration identifier according to the MSTP configuration.
  • Page 183 6.2.2.16 spanning-tree mst port-priority Command: spanning-tree mst <instance-id> port-priority <port-priority> no spanning-tree mst <instance-id> port-priority Function: Set the current port priority for the specified instance; The command “no spanning-tree mst <instance-id> port-priority” restores the default setting. Parameter: <instance-id> sets the instance ID. The valid range is from 0 to 48; <port-priority>...

  • Page 184: Mstp Example

    portfast” sets the current port as non-boundary port. Command mode: Interface Mode Default: All the ports are non-boundary ports by default when enabling MSTP. Usage Guide: When a port is set to be a boundary port, the port converts its status from discarding to forwarding without bearing forward delay.
  • Page 185 Address Bridge Priority 32768 Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 1 200000 Port 2 200000 Port 3 Port 4 Port 5 Port 6 Port 7 By default, the MSTP establishes a tree topology (in blue lines) rooted with SW1. The ports marked with “x”...
  • Page 186 SW2(Config)#vlan 30 SW2(Config-Vlan30)#exit SW2(Config)#vlan 40 SW2(Config-Vlan40)#exit SW2(Config)#vlan 50 SW2(Config-Vlan50)#exit SW2(Config)#spanning-tree mst configuration SW2(Config-Mstp-Region)#name mstp SW2(Config-Mstp-Region)#instance 3 vlan 20;30 SW2(Config-Mstp-Region)#instance 4 vlan 40;50 SW2(Config-Mstp-Region)#exit SW2(Config)#interface e1/1-7 SW2(Config-Port-Range)#switchport mode trunk SW2(Config-Port-Range)#exit SW2(Config)#spanning-tree SW3: SW3(Config)#vlan 20 SW3(Config-Vlan20)#exit SW3(Config)#vlan 30 SW3(Config-Vlan30)#exit SW3(Config)#vlan 40 SW3(Config-Vlan40)#exit SW3(Config)#vlan 50 SW3(Config-Vlan50)#exit SW3(Config)#spanning-tree mst configuration...
  • Page 187 SW4(Config)#vlan 30 SW4(Config-Vlan30)#exit SW4(Config)#vlan 40 SW4(Config-Vlan40)#exit SW4(Config)#vlan 50 SW4(Config-Vlan50)#exit SW4(Config)#spanning-tree mst configuration SW4(Config-Mstp-Region)#name mstp SW4(Config-Mstp-Region)#instance 3 vlan 20;30 SW4(Config-Mstp-Region)#instance 4 vlan 40;50 SW4(Config-Mstp-Region)#exit SW4(Config)#interface e1/1-7 SW4(Config-Port-Range)#switchport mode trunk SW4(Config-Port-Range)#exit SW4(Config)#spanning-tree SW4(Config)#spanning-tree mst 4 priority 0 After the above configuration, SW1 is the root bridge of the instance 0 of the entire network.
  • Page 188 Figure 6-3 The Topology Of the Instance 0 after the MSTP Calculation Figure 6-4 The Topology Of the Instance 3 after the MSTP Calculation...

  • Page 189: Mstp Troubleshooting

    Figure 6-5 The Topology Of the Instance 4 after the MSTP Calculation MSTP 6.4 MSTP Troubleshooting 6.4.1 Monitoring And Debugging Command 6.4.1.1 show spanning-tree Command: show spanning-tree [mst [<instance-id>]] [interface <interface-list>] [detail] Function: Display the MSTP Information. Parameter: <instance-id> sets the instance ID. The valid range is from 0 to 48; <interface-list>...
  • Page 190 ########################### Instance 0 ########################### Self Bridge Id : 32768 - 00: 03: 0f: 01: 0e: 30 Root Id : 16384.00: 03: 0f: 01: 0f: 52 Ext.RootPathCost : 200000 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID : 128.1 Current port list in Instance 0: Ethernet1/1 Ethernet1/2 (Total 2)

  • Page 191: Show Mst Configuration

    -------------- ------- --------- --- ---- ------------------ ------- Ethernet1/1 128.001 Ethernet1/2 128.002 Displayed Information Bridge Information Standard STP version Bridge MAC Bridge MAC address Bridge Times Max Age, Hello Time and Forward Delay of the bridge Force Version Version of STP Instance Information Self Bridge Id The priority and the MAC address of the current bridge for the...
  • Page 192 Command mode: Privileged Mode Usage Guide: In the privileged mode, this command can show the parameters of the MSTP configuration such as MSTP name, revision, VLAN and instance mapping. Example: Display the configuration of the MSTP on the switch. Switch#show spanning-tree mst config Name switch Revision...

  • Page 193: Mstp Troubleshooting Help

    6.4.1.4 debug spanning-tree Command: debug spanning-tree no debug spanning-tree Function: Enable the MSTP debugging information; The command “no debug spanning-tree” disables the MSTP debugging information Command mode: Privileged Mode Usage Guide: This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, then they can use this command to display the relevant debugging information.

  • Page 194: Chapter 7 Igmp Snooping Configuration

    ES4626/ES4650 provides IGMP Snooping and is able to send a query from the switch so that the user can use ES4626/ES4650 in IP multicast.
  • Page 195 2. Configure IGMP Snooping Command Global Mode ip igmp snooping vlan <vlan-id> no ip igmp snooping vlan <vlan-id> ip igmp snooping vlan <vlan-id> mrouter interface <interface –name> no ip igmp snooping vlan <vlan-id> mrouter igmp snooping vlan immediate-leave no ip igmp snooping vlan <vlan-id> immediate-leave ip igmp snooping vlan <vlan-id>...

  • Page 196: Igmp Snooping Configuration Command

    query max-response-time 7.2.2 IGMP Snooping Configuration Command 7.2.2.1 ip igmp snooping Command: ip igmp snooping no ip igmp snooping Function: Enable the IGMP Snooping function in the switch: the “no ip igmp snooping” command disables the IGMP Snooping function. Command mode: Global Mode Default: IGMP Snooping is disabled by default.

  • Page 197: Ip Igmp Snooping Vlan Static

    vlan <vlan-id> mrouter” command deletes multicast router port. Parameter: <vlan-id> is the specified VLAN number; <interface –name> is the specified multicast router port number. Command mode: Global Mode Default: No M-Router port is set in the default VLAN. Usage Guide: M-Router port must be set in a VLAN enabled IGMP Snooping, or the IGMP packet will be discarded so that IGMP Snooping cannot be performed in the specified VLAN.

  • Page 198: Ip Igmp Snooping Vlan Query

    leave function. Parameter: <vlan-id> is the VLAN number specified. Command mode: Global Mode Default: This function is disabled by default. Usage Guide: Enabling IGMP fast leave function speeds up the process for port to leave multicast group. This command is valid only in Snooping, and is not applicable to Query.

  • Page 199: Igmp Snooping Example

    robustness; parameter means better network conditions. The user can set the robustness parameter according to their network conditions. Example: Set the robustness parameter for the IGMP Query of VLAN 100 to 3. Switch(C onfig)#ip igmp snooping vlan 100 query robustness 3 7.2.2.8 ip igmp snooping vlan query interval Command: ip igmp snooping vlan <vlan-id>...
  • Page 200 Fig 7-1 Enabling IGMP Snooping function As shown in the above figure, a VLAN 100 is configured in the switch, including port 1, 2, 6, 10 and 12 on slot 1. Four hosts are connected to port 2, 6, 10, 12 respectively and the multicast router is connected to port 1.
  • Page 201 traffic of program 2 and port 12 will not receive traffic of program 1. Scenario2IGMPQuery Fig 7-2 The switches as IGMP Queriers The configuration of Switch2 is the same as the switch in scenario 1, Switch1 takes the place of Multicast Router in scenario 1. Let’s assume VLAN 60 is configured in Switch1, including port 1, 2, 6, 10 and 12.

  • Page 202: Igmp Snooping Troubleshooting Help

    Multicast Configuration The same as scenario 1. IGMP Snooping listening result: Similar to scenario 1. IGMP Snooping Troubleshooting Help 7.4.1 Monitor and Debug Commands 7.4.1.1 show ip igmp snooping Command: show ip igmp snooping [vlan <vlan-id>] Parameter: <vlan-id> is id of VLAN to display the IGMP Snooping information. Command mode: Admin Mode Usage Guide: If VLAN id is not specified, then summary information for IGMP Snooping and Query in all VLAN will be displayed.
  • Page 203 igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port : (null) -------------------------------- IGMP information for VLAN 4: igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port : (null) -------------------------------- IGMP information for VLAN 511: igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port : (null)
  • Page 204 igmp snooping status igmp snooping vlan status igmp snooping vlan mrouter port igmp snooping vlan mrouter state igmp snooping vlan mrouter present igmp snooping vlan immediate leave igmp snooping vlan query igmp snooping vlan robustness igmp snooping vlan query interval igmp snooping vlan query max response time igmp snooping vlan query TX igmp snooping vlan query SX...

  • Page 205: Debug Igmp Snooping

    port igmp snooping vlan mrouter state igmp snooping vlan mrouter present igmp snooping vlan query TX igmp snooping vlan query SX igmp snooping multicast mac igmp snooping multicast port 7.4.1.2 show mac-address-table multicast Command: show mac-address-table multicast [vlan <vlan-id>] Function: Display information for the multicast MAC address table. Parameter: <vlan-id>...

  • Page 206: Igmp Snooping Troubleshooting Help

    Example: Enable IGMP Snooping debug. Switch# debug ip igmp snooping 7.4.2 IGMP Snooping Troubleshooting Help IGMP Snooping function cannot be used with IGMP Query, Snooping is not available when Query is enabled. The user must make sure whether IGMP Snooping or IGMP Query is to be enabled.

  • Page 207: Snooping Configuration

    VLAN ID – Configure query vlan ID Query State – query state: open or close. See the equivalent CLI command at 7.2.2.6 Robustness – Robustness. See the equivalent CLI command at 7.2.2.7 Query Interval – Query interval. See the equivalent CLI command at 7.2.2.8 Max Response –...

  • Page 208: Igmp Snooping Static Multicast Configuration

    7.5.3 IGMP Snooping static multicast configuration Click IGMP Snooping static multicast configuration. Users can configure IGMP Snooping static multicast. 7.5.3.1 IGMP Snooping static multicast configuration The explanation of each field is as below: VLAN ID – Configure Vlan ID Multicast group member port – Configure multicast group member port Multicast address –...

  • Page 210: Chapter 8 802.1X Configuration

    Chapter 8 802.1X CONFIGURATION 8.1 802.1X Introduction IEEE 802.1X is a kind of port-based network access control technology. The access equipment is authenticated and controlled at the physical access level of LAN equipment. The physical access level used here means the ports of switch equipment. If the user equipment connected to such kind of ports pass the authentication, then the resources of LAN is available to be visited;...

  • Page 211: Configuration

    access control unit (access switch); EAP protocol is also adopted between access control unit and authentication server. Authentication data is sealed in EAP messages, which are included in other high-layer protocol messages, such as RADIUS, so as to reach authentication server through complex network. The port-based network access control classifies the ports where equipment end provide services to customer end into two virtual ports: controlled port and uncontrolled port.
  • Page 212 2) Configure port access control method: base on MAC address or base on port 3) Configure switch 802.1x extend function 3. The configuration of something about user access equipment(not required) 4. The configuration of something about RADIUS server 1) Configure RADIUS authentication key 2) Configure RADIUS server 3) Configure RADIUS service parameter 1.Enable switch 802.1x function...
  • Page 213 Command port configuration mode dot1x port-control {auto|force-authorized|force-una uthorized } no dot1x port-control port configuration mode dot1x port-control {auto|force-authorized|force-una uthorized } no dot1x port-control 2) Configure port access control method Command port configuration mode dot1x port-method {macbased | portbased} no dot1x port-method dot1x max-user <number>...
  • Page 214 Command Global configuration mode dot1x macfilter enable no dot1x macfilter enable dot1x accept-mac <mac-address> [interface <interface-name>] dot1x accept-mac <mac-address> [interface <interface-name>] dot1x eapor enable no dot1x eapor enable 3. Some interrelated configuration about Supplicant Command Global configuration mode dot1x max-req <count> no dot1x max-req dot1x re-authentication no dot1x re-authentication...
  • Page 215 dot1x timeout tx-period <seconds> no dot1x timeout tx-period privileged configuration mode dot1x re-authenticate [interface <interface-name>] 4. Some interrelated configuration about Authentication Server(RADIUS server) 1) Configure RADIUS authentication key Command Global configuration mode radius-server key <string> no radius-server key 2) Configure RADIUS Server Command Global configuration mode radius-server...

  • Page 216: Configuration Command

    radius-server retransmit <retries> no radius-server retransmit radius-server timeout <seconds> no radius-server timeout 8.2.2 802.1X Configuration Command 8.2.2.1 aaa enable Command: aaa enable no aaa enable Function: Enable switch AAA authentication disable AAA authentication function . Command mode : global configuration mode Parameter: None Default: switch AAA authentication function is not enabled Instructions: If you want to achieve switch 802.1x authentication function, must enable...

  • Page 217: Dot1X Eapor Enable

    Example: Enable the switch AAA accounting function. Switch(Config)#aaa-accounting enable 8.2.2.3 dot1x accept-mac Command: dot1x accept-mac <mac-address> [interface <interface-name>] no dot1x accept-mac <mac-address> [interface <interface-name>] Function: adds one MAC address list to dot1x address filter table. If specify port, the add list only be suitable for specific port;...

  • Page 218: Dot1X Enable

    8.2.2.5 dot1x enable Command: dot1x enable no dot1x enable Function: Enable switch global and port 802.1x function; use the “no” command to disable 802.1x function . Command mode: global configuration mode and port configuration mode Default: switch without enable 802.1x function in global mode; if switch enables 802.1x function in global, then the port default without enable 802.1x function.
  • Page 219 Command: dot1x macfilter enable no dot1x macfilter enable Function: Enable switch dot1x address filter function; use the “no” command to disable dot1x address filter function. Command mode: global configuration mode Default: switch disable dot1x address filter function. Instructions: While enable switch dot1x address filter function, switch will filter authentication MAC address, only the authentication requirement which from dot1x address filter list will be accepted.
  • Page 220 Switch(Config-Ethernet1/3)#dot1x max-user 5 8.2.2.10 dot1x port-control Command: dot1x port-control {auto|force-authorized|force-unauthorized } no dot1x port-control Function: Configure port 802.1x authorize status; use the “no” command to restore default. Parameter: auto is used to enable 802.1x authentication, confirm the port is in authorized status or unauthorized status according to the authentication information between switch and suppliant;...
  • Page 221 Command: dot1x re-authenticate [interface <interface-name>] Function: Configure the 802.1x re-authenticate to all port or some specific port in time, not need to wait for time to expire. Parameter: <interface-name>is port ID, if there’s no parameter, it means all port. Command mode: privilege configuration mode Instructions: This command which belong to privilege mode, after configured this command, switch re-authenticate to client at once, not need to wait re-authenticate clock expire.
  • Page 222 8.2.2.15 dot1x timeout re-authperiod Command: dot1x timeout re-authperiod <seconds> no dot1x timeout re-authperiod Function: Configure switch re-authenticate time interval to supplicant; use the “no” command to restore default. Parameter: <seconds>re-authenticate time interval, unit is second, The range: 1~65535. Command mode: global configuration mode Default: Default is 3600 seconds.
  • Page 223 according to configuration gradation; if configure primary, will use this RADIUS server first. Command mode: global configuration mode Default: system without configure RADIUS accounting server. Instructions: This command for specify accounting RADIUS server IP address and port ID which connect with switch, may configure many command. The parameter<port-number>for specify accounting port ID, this port ID must be the same as the accounting port ID which in specific RADIUS server, default is 1813, if configure the port ID as 0, accounting port will random produce, may cause configuration invalid.
  • Page 224 8.2.2.19 radius-server dead-time Command: radius-server dead-time <minutes> no radius-server dead-time Function: Configure the recover time after RADIUS server dead; use the “no” command to restore default configuration. Parameter: <minutes>is the recover time after RADIUS server dead in minutes, The range: 1~255. Command mode: global configuration mode Default: Default is 5 minutes.
  • Page 225 Function: Configure RADIUS authentication message retransmit times; use the “no” command to restore default configuration. Parameter: <retries>is RADIUS server retransmit times, The range: 0~100. Command mode: global configuration mode Default: Default is 3 times. Instructions: After this command specify switch sending data packet to RADIUS server, the times which need to retransmit this data packet when it cannot receive RADIUS server response.

  • Page 226: Apply Example

    8.3 802.1X Apply Example 1 0 . 1 . 1 . 2 1 0 . 1 . 1 . 1 Ra d i u s Se r v e r 1 0 . 1 . 1 . 3 Figure 8-2 IEEE802.1x configuration example topology figure Computer connect to switch port 1/2, IEEE802.1x authentication function in port 1/2 is enabled, the access method adopt default method is based on MAC address authentication.

  • Page 227: Trouble Shooting

    8.4 802.1X Trouble Shooting 8.4.1 802.1X Debug and Monitor Command 8.4.1.1 show aaa config Command: show aaa config Function: Displays the existing configuration commands while the switch works as RADIUS client. Command mode: privilege mode Instructions: Display switch whether is enable aaa authentication, accounting function, and authentication key, authentication, accounting server information, etc.
  • Page 228 accounting server[1].Host IP = 192.168.1.208 Time Out = 3 Retransmit = 3 Dead Time = 5 Account Time Interval = 0 Display Content Is Aaa Enabled Is Account Enabled MD5 Server Key authentication server sum authentication server[X].Host IP .Udp Port Is Primary Is Server Dead .Socket No...

  • Page 229: Show Radius Count

    8.4.1.2 show aaa authenticated-user Command: show aaa authenticated-user Function: Displays the online authenticated users. Command mode: privilege mode Instructions: Other online user information is typically used for technical support engineers for diagnosis and troubleshooting. Example: Switch#show aaa authenticated-user ------------------------- authenticated users ------------------------------- User-name Retry-time WaitingNum...

  • Page 230: Show Dot1X

    Example: 1. Show radius authenticated-user statistics information. Switch #show radius authenticated-user count --------------------- Radius user statistic--------------------- The authenticated online user num is: The total user num is: 2. Show radius authenticating-user statistics information and others Switch #sho radius authencating-user count --------------------- Radius user statistic--------------------- The authenticating user num is: The stopping user num is:...
  • Page 231 Authentication Method: Port based Status Authorized Port-control Auto Supplicant 00-03-0F-FE-2E-D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Display Content Global 802.1x Parameters reauthenabled reauth-period quiet-period tx-period max-req authenticator mode Mac Filter MacAccessList : dot1x-EAPoR 802.1x enabled...

  • Page 232: Troubleshooting

    Backend State Machine Backend state machine status Reauthentication State Reauthentication state machine status Machine 8.4.1.6 debug aaa Command: debug aaa no debug aaa Function: Enable aaa debug information; use the “no” command to close aaa debug information. Command mode: privilege configuration mode Parameter: None Instructions: Enables aaa debug information, may check the negotiation process of Radius protocol, it’s conduce to debug trouble when have troubles.

  • Page 233: Web Management

    port. For enabling the 802.1x authentication function, it is necessary to disable the trunk functions of the port. If the switch is configured correctly and the authentication is still not passed, it is recommended to examine whether links are established between the switch and RADIUS server, the switch and 802.1x;...

  • Page 234: Radius Authentication Configuration

    authentication and accounting)It is equivalent to CLI command 8.2.2.19. System recovery time (1-255 minute) - Configure the recover time after RADIUS server dead. It is equivalent to 8.2.2.18. RADIUS Retransmit times(0-100) - Configure RADIUS authentication message retransmit times. It is equivalent to CLI command 8.2.2.20. RADIUS server timeout (1-1000 second) - Configure RADIUS server timeout timer.

  • Page 235: Configuration

    8.5.1.3 RADIUS accounting configuration Click Authentication configuration, RADIUS client configuration, RADIUS accounting configuration. Configure RADIUS accounting server IP address and monitor port ID. It is equivalent to CLI command 8.2.2.16. Accounting server IP - server IP address. Accounting server port (optional) – is the accounting server port ID, The range: 0~65535, the “0”...
  • Page 236 configuration management list, user may configure switch 802.1x function. 8.5.2.1 802.1X Configuration Click Authentication configuration, 802.1X configuration, 802.1X configuration. Configure 802.1x global configuration: 802.1x status – Enable, disable switch 802.1x function. It is equivalent to CLI command 8.2.2.5. Maximum retransmission times of EAP-request/identiry (1-10 second) - Configure sending EAP-request/MD5 frame maximum times before switch did not receive suppliant response and restart authentication.

  • Page 237: X Port Authentication Configuration

    8.5.2.2 802.1X port authentication configuration Click Authentication configuration, 802.1X configuration, 802.1X port authentication configuration. Configure port 802.1xFunction: Port – assign port 802.1x status – port 802.1x status, Enable, 802.1x function is enable; Close, 802.1x function is close, the same as CLI command 8.2.2.5. Authentication type - Configure port 802.1x authentication status.

  • Page 238: X Port Status List

    Add a MAC address table to dot1x address filter. It is equivalent to CLI command 8.2.2.3. Port –If specify port, the added list only suitable for specific port, specify All Ports, the added list suitable for all port. Mac – added MAC address Operation type –...

  • Page 239: Chapter 9 Acl Configuration

    Chapter 9 ACL Configuration 9.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguards the security of networks. The user can lay down a set of rules according to some information specific to the packet, each rule describes the action for a packet with certain information matched: “permit”...

  • Page 240: Access List Action And Global Default Action

    9.1.3 Access list Action and Global Default Action There are two access list action and default action: “permit” or “deny”. The following rules apply: An access list can consist of several rules. Filtering of packets is to compare packet conditions to the rules, from the first rule to the first matched rule; the rest of the rules will not be processed.
  • Page 241 1. Configuring access list (1) Configuring a numbered standard IP access list Command Global Mode access list <num> {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} no access list <num> (2) Configuring a numbered extensive IP access list Command Global Mode access...
  • Page 242 access list <num> {deny | permit} {eigrp | gre | igrp | ipinip | ip | <int>} {{<sIpAddr> <sMask>} | any-source {host-source {{<dIpAddr> <dMask>} {host-destination <dIpAddr>}} <prec>] [tos <tos>] no access list <num> (3)Configuring a standard IP access list basing on nomenclature a.
  • Page 243 [no] {deny permit} <sMask>} any-source <sIpAddr>}} {{<dIpAddr> any-destination <dIpAddr>}} [<icmp-type> [precedence <prec>] [tos <tos>] [no] {deny permit} <sMask>} any-source <sIpAddr>}} {{<dIpAddr> any-destination <dIpAddr>}} [<igmp-type>] <prec>] [tos <tos>] [no] {deny | permit} tcp {{<sIpAddr> <sMask>} any-source {host-source [s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination <dIpAddr>}} [d-port <dPort>] [ack | fin | psh | rst | syn | urg] [precedence <prec>] [tos <tos>]...

  • Page 244: Acl Configuration Commands

    firewall disable (2) Configure default action. Command Global Mode firewall default permit firewall default deny Bind access-list to a specific direction of the specified port. Command Physical Interface Mode ip access-group <name> {in|out } access-group {in|out} 9.2.2 ACL Configuration Commands 9.2.2.1 access-list(extended) Command: access-list <num>...
  • Page 245 [tos <tos>] no access-list <num> Function: Create a numbered extended IP access rule for specific IP protocol or all IP protocols; if the numbered extended access list of specified number does not exist, then an access list will be created using this number. The “no” form command deletes a numbered extended IP access list.

  • Page 246: Firewall Default

    Example: Create a standard IP access list numbered 20, allowing packets from 10.1.1.0/24 and deny packets from 10.1.1.0/16. Switch(Config)#access list 20 permit 10.1.1.0 0.0.0.255 Switch(Config)#access list 20 deny 10.1.1.0 0.0.255.255 9.2.2.3 firewall Command: firewall { enable | disable} Function: Enable or disable firewall. Parameter: Enable for allow firewall function;...
  • Page 247 <name>” command delete the name-based extended IP access list Parameter: <name> is the name for access list, the character string length is 1 – 8, pure digit sequence is not allowed. Command mode: Global Mode Default: No IP address is configured by default. Usage Guide: When this command is run for the first time, only an empty access list with no entry will be created.
  • Page 248 Example: Bind access list “aaa” to the incoming direction of the port. Switch(Config-Ethernet1/1)#ip access-group aaa in 9.2.2.8 permit | deny(extended) Command: [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>] [no] {deny | permit} igmp {{<sIpAddr>...

  • Page 249: Acl Example

    9.2.2.9 permit | deny(standard) Command: {deny | permit} {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} no {deny | permit} {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} Function: Create a standard name-based IP access rule; the “no” form command deletes the name-based standard IP access rule Parameter: Parameter: <sIpAddr>...

  • Page 250: Acl Troubleshooting Help

    Firewall Status: Enable. Firewall Default Rule: Permit. Switch#show access lists access list 110(used 1 time(s)) access list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21 Switch#show access-group interface ethernet 1/10 interface name: Ethernet1/10 the ingress acl use in firewall is 110. ACL Troubleshooting Help 9.4.1 ACL Debug and Monitor Commands 9.4.1.1 show access lists...

  • Page 251: Show Firewall

    access list 10 deny any-source access list 100(used 1 time(s)) access list 100 deny ip any-source any-destination access list deny any-source any-destination 9.4.1.2 show access-group Command: show access-group [interface <name>] Function: display ACL binding information for the port. Parameter: <name> is the port name. Default: N/A.

  • Page 252: Acl Troubleshooting Help

    Usage Guide: Example: Switch#show firewall Firewall Status: Enable. Firewall Default Rule: Permit. Displayed information Firewall Status: Enable. Firewall Default Rule: Permit. 9.4.2 ACL Troubleshooting Help The check for entries in the ACL is in a top-down order, and ends whenever an entry is matched.

  • Page 253: Add Standard Numeric Ip Acl Configuration

    extended ACL Filter configuration - Enable filter globally. ACL filter is binded to the port by default. 9.5.1 Add standard numeric IP ACL configuration Click Numeric ACL configuration, Add standard numeric. Users can configure ACL. See the equivalent CLI command at 9.2.2.2 The explanation of each field is as below: ACL number - ACL number (1 –...
  • Page 254 Users can configure the following types of numeric ACL: Add ICMP numeric extended ACL - Add ICMP numeric extended ACL Add IGMP numeric extended ACL - Add IGMP numeric extended ACL Add TCP numeric extended ACL - Add TCP numeric extended ACL Add UDP numeric extended ACL - Add UDP numeric extended ACL Add numeric extended ACL for other protocols - numeric extended ACL for other protocols Click the node.

  • Page 255: Standard Acl Name Configuration

    For other protocols, the following fields need to be configured: Matched protocol – Specify the matched protocol: IP, EIGRP, OSPF, IPINIP and Input protocol manually. When “Input protocol manually, users can imput protocol number. For example: Configure an extended ACL numbered 110 which denies the TCP packets with the source address as 10.0.0.0/24 and target port as 21.

  • Page 256: Extended Acl Name Configuration

    Source IP address – Specify source IP address Reverse network mask – Specify reverse network mask Operation type – Add; Remove For example: Add a stanard name ACL. Set ACL name to ac1; configure other fields; set Operation type to Add, and then click Apply. 9.5.5 Extended ACL name configuration Click ACL name configuration.

  • Page 257: Acl Port Binding Configuration

    to pass; “refuse” is used to deny packets to pass. See the equivalent CLI command at 9.2.2.4 For example: Set Packet filtering to Enable; set Firewall default action to accept, and then click Apply. 9.5.7 ACL port binding configuration Click Filter configuration. The configuration page is shown.. See the equivalent CLI command at 9.2.2.7 The explanation of each field is as below: Port –...

  • Page 258: Chapter 10 Port Channel Configuration

    Channel fails, the other ports will undertake traffic of that port through traffic allocation algorithm. Traffic allocation algorithm is determined by the hardware. ES4626/ES4650 offers 2 methods for configuring port aggregation: manual Port Channel creation, and LACP (Link Aggregation Control Protocol) dynamic Port Channel creation.

  • Page 259: Port Channel Configuration

    8 port groups and 8 ports in each port group are supported. Once ports are aggregated, they can be used as a normal port. ES4626/ES4650 has built-in aggregation interface configuration mode, the user can perform related configuration in this mode just like in the VLAN and physical port configuration mode.

  • Page 260: Port Channel Configuration Commands

    Command Interface Mode port-group <port-group-number> mode {active|passive|on} no port-group <port-group-number> 3. Enter port-channel configuration mode. Command Global Mode interface <port-channel-number> 10.2.2 Port Channel Configuration Commands 10.2.2.1 port-group Command: port-group <port-group-number> [load-balance { src-mac|dst-mac | dst-src-mac | src-ip| dst-ip|dst-src-ip}] no port-group <port-group-number> [load-balance] Function: Create a port group and set the load balance method for that group.
  • Page 261 Delete a port group. Switch(C onfig)#no port-group 1 10.2.2.2 port-group mode Command: port-group <port-group-number> mode {active|passive|on} no port-group <port-group-number> Function: Add the physical port to the port channel; The command “no port-group <port-group-number>” removes the port from the port channel. Parameter: <port-group-number>...

  • Page 262: Port Channel Example

    Scenario 1: Configuring Port Channel in LACP. Fig 10-2 Configuring Port Channel in LACP The switches in the description below are all ES4626/ES4650 switches. As shown in the figure, port 1, 2, 3 of Switch1 are access ports that belong to vlan1, add those three port to group1 in active mode;...
  • Page 263 Switch2 (Config)#port-group 2 Switch2 (Config)#interface eth 1/6 Switch2 (Config-Ethernet1/6)#port-group 2 mode passive Switch2 (Config-Ethernet1/6)#exit Switch2 (Config)# interface eth 1/8-9 Switch2 (Config-Port-Range)#port-group 2 mode passive Switch2 (Config-Port-Range)#exit Switch2 (Config)#interface port-channel 2 Switch2 (Config-If-Port-Channel2)# Configuration result: Shell prompts ports aggregated successfully after a while, now port 1, 2, 3 of Switch1 forms a aggregated port named “Port-Channel1”, port 6, 8, 9 of Switch2 forms an aggregated port named “Port-Channel2”;...

  • Page 264: Port Channel Troubleshooting Help

    Switch1 (Config-Ethernet1/2)#exit Switch1 (Config)#interface eth 1/3 Switch1 (Config-Ethernet1/3)# port-group 1 mode on Switch1 (Config-Ethernet1/3)#exit Switch2#config Switch2 (Config)#port-group 2 Switch2 (Config)#interface eth 1/6 Switch2 (Config-Ethernet1/6)#port-group 2 mode on Switch2 (Config-Ethernet1/6)#exit Switch2 (Config)# interface eth 1/8-9 Switch2 (Config-Port-Range)#port-group 2 mode on Switch2 (Config-Port-Range)#exit Configuration result: Add port 1, 2, 3 of Switch1 to port-group1 in order, and we can see joining a group in “on”...
  • Page 265 Command mode: Admin Mode Usage Guide: If “port-group-number” is not specified, then information for all port groups will be displayed. Example: Add port 1/1 and 1/2 to port-group1. 1. Display summary information for port-group1. Switch# show port-group 1 brief Port-group number : 1 Number of ports in porg-group : 2 Number of port-channels : 0 Displayed information...
  • Page 266 port Ethernet1/2 : both of the port and the agg attributes are not equal the general information of the port are as follows: portnumber: 2 partner_oper_key: 0x0002 actor_oper_port_key: 0x0102 mode of the port: ACTIVE lacp_aware: enable begin: FALSE port_enabled: FALSE the attributes of the port are as follows: mac_type: ETH_TYPE speed_type: ETH_SPEED_100M duplex_type: FULL...
  • Page 267 Switch# show port-group 1 port Sorted by the ports in the group 1 : -------------------------------------------- the portnum is 1 port Ethernet1/1 related information: Actor part Administrative port number port priority 0x8000 aggregator id port key 0x0100 port state LACP activety LACP timeout Aggregation Synchronization...
  • Page 268 Selected Displayed information Explanation portnumber Port number port priority Port Priority system system ID system priority System Priority LACP activety Whether port is added to the group in “active” mode, 1 for yes. LACP timeout Port timeout mode, 1 for short timeout. Aggregation Whether aggregation is possible for the port, 0 for independent port that do not allow aggregation.

  • Page 269: Port Channel Troubleshooting Help

    Number of port Port number in the port-channel. Standby port Port that is in “standby” status, which means the port is qualified to join the channel but cannot join the channel due to the maximum port limit, thus the port status is “standby” instead of “selected”.

  • Page 270: Web Management

    LACP cannot be used on port enabled Security and 802.1x, therefore it cannot be enabled if those two protocols are present on the port. Port Channel Configuration 10.5 Web Management Click Port Channel configuration. LACP port group configuration node and LACP port configuration node are shown.

  • Page 271: Lacp Port Configuration

    10.5.2 LACP port configuration Click LACP port configuration. The configuration page is shown. See the equivalent CLI command at 10.2.2.2 The explanation of each field is as below: group num - Group number Port - Specify the port Port mode - Configure port mode: active, passive or on Operation type - Add port to group or Remove port from group For example: Set group num to 1;...

  • Page 272: Chapter 11 Dhcp Configuration

    Chapter 11 DHCP Configuration 11.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway, DNS server, default route and host image file position within the network.

  • Page 273: Dhcp Server Configuration

    DHCP packets so that the DHCP packets exchange can be completed between the DHCP client and server. ES4626/ES4650 can act as both a DHCP server and a DHCP relay. DHCP server supports not only dynamic IP address assignment, but also manual IP address binding (i.e.
  • Page 274 Command DHCP Address Pool Mode network-address <network-number> [mask | prefix-length] no network-address default-router [address1[address2[…address8]]] no default-router dns-server [address1[address2[…address8]]] no dns-server domain-name <domain> no domain-name netbios-name-server [address1[address2[…address8]]] no netbios-name-server netbios-node-type {b-node|h-node|m-node|p-node|<typ e-number>} no netbios-node-type bootfile <filename> no bootfile next-server [address1[address2[…address8]]] next-server [address1[address2[…address8]]] option <code>...

  • Page 275: Dhcp Server Configuration Commands

    Command DHCP Address Pool Mode hardware-address <hardware-address> [{Ethernet | IEEE802|<type-number>}] no hardware-address host <address> <prefix-length> ] no host client-identifier <unique-identifier> no client-identifier client-name <name> no client-name 3. Enable logging for address conflicts Command Global Mode ip dhcp conflict logging no ip dhcp conflict logging Admin Mode clear ip dhcp conflict <address | all>...
  • Page 276 Example: The path and filename for the file to be imported is “c: \temp\nos.img”. Switch(dhcp-1-config)#bootfile c: \temp\nos.img Related command: next-server 11.2.2.2 client-identifier Command: client-identifier <unique-identifier> no client-identifier Function: Specify the unique ID of the user when binding address manually; the “no client-identifier”...
  • Page 277 Command: default-router <address1>[<address2>[…<address8>]] no default-router Function: Configure default gateway(s) for DHCP clients; the “no default-router” command deletes the default gateway. Parameter: address1…address8 are IP addresses, in dotted decimal format. Default: No default gateway is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: The IP address of default gateway(s) should be in the same subnet as the DHCP client IP, the switch supports up to 8 gateway addresses.
  • Page 278 Switch(dhcp-1-config)#domain-name company.com.cn 11.2.2.7 hardware-address Command: hardware-address IEEE802|<type-number>}] no hardware-address Function: Specify the hardware address of the user when binding address manually; the “no hardware-address” command deletes the setting. Parameter: <hardware-address> is the hardware address in Hex; Ethernet | IEEE802 is the Ethernet protocol type, <type-number>...

  • Page 279: Ip Dhcp Conflict Logging

    This command is used with “hardware address” command or “client identifier” command when binding address manually. If the identifier or hardware address of the requesting client matches the specified identifier or hardware address, the DHCP server assigns the IP address defined in “host”...

  • Page 280: Ip Dhcp Pool

    Usage Guide: This command can be used to exclude one or several consecutive addresses in the pool from being assigned dynamically so that those addresses can be used by the administrator for other purposes. Example: Reserve addresses from 10.1.128.1 to 10.1.128.10 from dynamic assignment. Switch(Config)#ip dhcp excluded-address 10.1.128.1 10.1.128.10 11.2.2.11 ip dhcp pool Command: ip dhcp pool <name>...
  • Page 281 DHCP, while too short duration results in increased network traffic and overhead. The default lease duration of ES4626/ES4650 is 1 day. Example: Set the lease of DHCP pool “1” to 3 days 12 hours and 30 minutes.
  • Page 282 cancels the setting. Parameter: b-node stands for broadcasting node, h-node for hybrid node that broadcasts after point-to-point communication; m-node for hybrid node communicates in point-to-point after broadcast; p-node for point-to-point node; <type-number> is the node type in Hex from 0 to FF. Default: No client node type is specified by default.

  • Page 283: Service Dhcp

    Command: next-server <address1>[<address2>[…<address8>]] no next-server Function: Set the server address for storing the client import file; the “no next-server” command cancels the setting. Parameter: address1…address8 are IP addresses, in the dotted decimal format. Command Mode: DHCP Address Pool Mode Usage Guide: This command configures the address for the server hosting client import file.

  • Page 284: Dhcp Relay Configuration

    Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP service enables, both DHCP server and DHCP relay are enabled. ES4626/ES4650 can only assign IP address for the DHCP clients and enable DHCP relay when DHCP server function is enabled.

  • Page 285: Dhcp Relay Configuration Task Sequence

    but can also send other specified UDP broadcast packet to specified servers. 11.3.1 DHCP Relay Configuration Task Sequence 1. Enable DHCP relay. 2. Configure DHCP relay to forward DHCP broadcast packet. 3. Configure DHCP relay to forward other UDP broadcast packet. 4.
  • Page 286 11.3.2.1 ip forward-protocol udp Command: ip forward-protocol udp <port> no ip forward-protocol udp <port> Function: Set DHCP relay to forward UPD broadcast packets on the port; the “no ip forward-protocol udp <port>” command cancels the service. Default: DHCP relay forwards DHCP broadcast packet by default (UDP port 67). Command mode: Global Mode Usage Guide: The forwarding destination address is set in the “ip helper-address”...

  • Page 287: Dhcp Configuration Example

    Too save configuration efforts of network administrators and users, a company is using ES4626/ES4650 as a DHCP server. The Admin VLAN IP address is 10.16.1.2/16. The local area network for the company is divided into network A and B according to the office locations.
  • Page 288 Switch(dhcp-A-config)#dns-server 10.16.1.202 Switch(dhcp-A-config)#netbios-name-server 10.16.1.209 Switch(dhcp-A-config)#netbios-node-type H-node Switch(dhcp-A-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.1.200 10.16.1.210 Switch(Config)#ip dhcp pool B Switch(dhcp-B-config)#network 10.16.2.0 24 Switch(dhcp-B-config)#lease 1 Switch(dhcp-B-config)#default-route 10.16.2.200 10.16.2.201 Switch(dhcp-B-config)#dns-server 10.16.2.202 Switch(dhcp-B-config)#option 72 ip 10.16.2.209 Switch(dhcp-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.2.200 10.16.2.210 Switch(Config)#ip dhcp pool A1 Switch(dhcp-A1-config)#host 10.16.1.210 Switch(dhcp-A1-config)#hardware-address 00-03-22-23-dc-ab Switch(dhcp-A1-config)#...

  • Page 289: Dhcp Troubleshooting Help

    Switch (Config)#vlan 2 Switch (Config-Vlan-2)#exit Switch (Config)#interface Ethernet 1/2 Switch (Config-Erthernet1/2)#switchport access vlan 2 Switch (Config-Erthernet1/2)#exit Switch (Config)#interface vlan 2 Switch (Config-if-Vlan2)#ip address 10.1.1.1 255.255.255.0 Switch (Config-if-Vlan2)#exit Switch (Config)#ip forward-protocol udp 67 Switch (Config)#interface vlan 1 Switch (Config-if-Vlan1)#ip help-address 10.1.1.10 Switch (Config-if-Vlan1)#exit Switch (Config)#ip forward-protocol udp 69 Switch (Config)#interface vlan 1...

  • Page 290: Clear Ip Dhcp Binding

    11.5.1.1 clear ip dhcp binding Command: clear ip dhcp binding {<address> | all } Function: Delete the specified IP address-hardware address binding record or all IP address-hardware address binding records. Parameter: <address> is the IP address that has a binding record, in dotted decimal format.

  • Page 291: Clear Ip Dhcp Server Statistics

    Related command: ip dhcp conflict logging,show ip dhcp conflict 11.5.1.3 clear ip dhcp server statistics Command: clear ip dhcp server statistics Function: Delete the statistics for DHCP server, clear the DHCP server count. Command mode: Admin Mode Usage Guide: DHCP count statistics can be viewed with “show ip dhcp server statistics”...

  • Page 292: Show Ip Dhcp Conflict

    11.5.1.5 show ip dhcp conflict Command: show ip dhcp conflict Function: Display log information for address that has conflict record. Command mode: Admin Mode Example: Switch# show ip dhcp conflict IP Address Detection method 10.1.1.1 Ping Displayed information IP Address Detection method Detection Time 11.5.1.6 show ip dhcp server statistics...

  • Page 293: Debug Ip Dhcp Server

    Message BOOTREPLY DHCPOFFER DHCPACK DHCPNAK DHCPRELAY DHCPFORWARD Switch# Displayed information Address pools Database agents Automatic bindings Manual bindings Conflict bindings Expired bindings Malformed message Message Received BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Message Send BOOTREPLY DHCPOFFER DHCPACK DHCPNAK DHCPRELAY DHCPFORWARD 11.5.1.7 debug ip dhcp server Send 1911...

  • Page 294: Dhcp Troubleshooting Help

    In such case, DHCP server should be examined for an address pool that is in the same segment of the switch VLAN, such a pool should be added if not present, (This does not indicate ES4626/ES4650 cannot assign IP address for different segments, see solution 2 for details.) In DHCP service, pools for dynamic IP allocation and manual binding are conflicting, i.e., if...

  • Page 295: Enable Dhcp

    11.6.1.1 Enable DHCP Click DHCP configuration, DHCP server configuration, Enable DHCP. Users can enable or disable DHCP server, and configure logging server: DHCP server status – Enable or disable DHCP server. See the equivalent CLI command at 11.2.2.19 Conflict logging status – Enable or disable conflict logging. See the equivalent CLI command at 11.2.2.9 Logging server(optional) –...

  • Page 296: Client Dns Server Configuration

    Network mask to 255.255.255.0; set DHCP client node type to broadcast node; set Address lease timeout to 3 day 12 hour 30 minute, and then click Apply. The configuration is applied on the switch. 11.6.1.3 Client's default gateway configuration Click DHCP configuration, DHCP server configuration, Client's default gateway configuration.

  • Page 297: Client Wins Server Configuration

    configuration. Users can configure DHCP client DNS server. See the equivalent CLI command at 11.2.2.5: DHCP pool name – Select DHCP pool DNS server - Configure DNS server. Users can configure maximum eight DNS servers. DNS server 1 has the highest priority and DNS server 8 has the lowest priority. For example: Select DHCP pool name to 1;...

  • Page 298: Dhcp File Server Address Configuration

    11.6.1.6 DHCP file server address configuration Click DHCP configuration, DHCP server configuration, DHCP file server address configuration. Users can configure DHCP client bootfile name and file server: DHCP pool name – Select DHCP pool name DHCP client bootfile name (1-128 character) – Specify bootfile name. See the equivalent CLI command at 11.2.2.1 File server –...

  • Page 299: Dhcp Network Parameter Configuration

    11.6.1.7 DHCP network parameter configuration Click DHCP configuration, DHCP server configuration, DHCP network parameter configuration. Users can specify DHCP network parameters. See the equivalent CLI command at 11.2.2.18: DHCP pool name – Select DHCP pool name Code(0-254) – Specify network code Network parameter value type –...

  • Page 300: Dhcp Packet Statistics

    11.6.1.9 Excluded address Click DHCP configuration, DHCP server configuration, Manual address pool configuration.Users can configure the exclusive addresses on the DCHP pool. See the equivalent CLI command at 11.2.2.10: Starting address – Specify starting address Ending address - Specify ending address Operation type –...

  • Page 301: Dhcp Relay Configuration

    11.6.2 DHCP relay configuration Click DHCP configuration, DHCP relay configuration. Users can configure DHCP relay. 11.6.2.1 DHCP relay configuration Click DHCP configuration, DHCP relay configuration, DHCP relay configuration. Users can configure DHCP relay: DHCP forward UDP configuration: Configure DHCP port to forward UDP packets. See the equivalent CLI command at 11.3.2.1: Port –...

  • Page 302: Dhcp Debugging

    IP address – Specify server IP address L3 Interface – Specify layer 2 interface For example: Set IP address to 192.168.1.5; set L3 Interface to Vlan1, and then click Add. The configuration is applied on the switch. Configure the relay policy to non-forward: Click Apply, DHCP relay is disabled on the switch;...

  • Page 303: Delete Dhcp Server Statistics Log

    11.6.3.3 Delete DHCP server statistics log Click DHCP configuration, DHCP debugging, Delete DHCP server statistics log. Users can delete DHCP server statistics and restore the counter to zero. For example: Click Apply. All the DHCP statistics are deleted. 11.6.3.4 Show IP-MAC binding Click DHCP configuration, DHCP debugging, Show IP-MAC binding.

  • Page 304: Chapter 12 Sntp Configuration

    NTP hosts through the Internet, and use those hosts to provide time synchronization service for other clients in LAN. ES4626/ES4650 has SNTPv4 client implemented and support SNTP client unicast described in RFC2030; SNTP client multicast and anycast are not supported, nor is SNTP server function.

  • Page 305: Clock Timezone

    Command: sntp poll <interval> no sntp poll Function: Set the interval for SNTP client to send request to NTP/SNTP; the “no sntp polltime” command cancels polltime set and restores the default setting. Parameter: < interval> is the interval value from 16 to 16284. Default: The default poll is 64 seconds.

  • Page 306: Typical Sntp Configuration Examples

    Switch3 Fig 12-1 Typical SNTP Configuration All ES4626/ES4650 switches in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured. There should be reachable route between any ES4626/ES4650 and the two SNTP/NTP servers.

  • Page 307: Web Management

    Command mode: Admin Mode Example: Display current SNTP configuration. Switch#show sntp SNTP server Version 2.1.0.2 12.3.1.2 debug sntp Command: debug sntp {adjust | packets | select } no debug sntp {adjust | packets | select} Function: Display or disable SNTP debug information. Parameter: adjust stands for SNTP clock adjustment information;...

  • Page 308: Time Difference

    command at 12.1.2 For example: Set Interval to 128, and then click Apply. The configuration is applied on the switch. 12.4.3 12.4.3 Time difference Click SNTP configuration, Time difference. Users can configure SNTP client time difference. See the equivalent CLI command at 12.1.3 Time zone –...

  • Page 309: Chapter 13 Qos Configuration

    Chapter 13 QoS Configuration 13.1 QoS 13.1.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.

  • Page 310: Qos Implementation

    packet header, occupying 6 bits, in the range of 0 to 63, and is downward compatible with IP Precedence. Classification: The entry action of QoS, classifying packet traffic according to the classification information carried in the packet and ACLs. Policing: Ingress action of QoS that lays down the policing policy and manages the classified packets.

  • Page 311: Qos Configuration

    If devices of each hop in a network support differentiated service, an end-to-end QoS solution can be created. QoS configuration is flexible, the complexity or simplicity depends on the network topology and devices and analysis to incoming/outgoing traffic. 13.1.1.3 Basic QoS Model The basic QoS consists of five parts: Classification, Policing, Remark, Queuing and Scheduling, where classification, policing and remark are sequential ingress actions, and Queuing and Scheduling are QoS egress actions.
  • Page 312 different policies. 3. Configure a policy map. After data steam classification, a policy map can be created to associate with the class map created earlier and enter class mode. Then different policies (such as bandwidth limit, priority degrading, assigning new DSCP value) can be applied to different data streams.
  • Page 313 Global Mode policy-map <policy-map-name> no policy-map <policy-map-name> class <class-map-name> no class <class-map-name> set {ip dscp <new-dscp> | ip precedence <new-precedence>} dscp <new-dscp> precedence <new-precedence>} police <rate-kbps> [exceed-action {drop policed-dscp-transmit}] police <rate-kbps> [exceed-action {drop policed-dscp-transmit}] aggregate-policer <aggregate-policer-name> <burst-kbyte> exceed-action |policed-dscp-transmit} aggregate-policer <aggregate-policer-name>...
  • Page 314 no mls qos trust mls qos cos {<default-cos> } no mls qos cos service-policy {input <policy-map-name> | output <policy-map-name>} service-policy {input output <policy-map-name>} mls qos dscp-mutation <dscp-mutation-name> no mls qos dscp-mutation <dscp-mutation-name> 5. Configure queue out method and weight Command Interface Mode queue bandwidth...

  • Page 315: Qos Configuration Commands

    mls qos map {cos-dscp <dscp1...dscp8> | dscp-cos <dscp-list> dscp-mutation <dscp-mutation-name> <out-dscp> |ip-prec-dscp <dscp1...dscp8> | policed-dscp <dscp-list> <mark-down-dscp>} no mls qos map {cos-dscp | dscp-cos | dscp-mutation <dscp-mutation-name> ip-prec-dscp | policed-dscp} 13.1.2.2 QoS Configuration Commands 13.1.2.2.1 mls qos Command: mls qos no mls qos Function: Enables QoS in Global Mode;...
  • Page 316 Switch(Config)#no class-map c1 13.1.2.2.3 match Command: match {access-group <acl-index-or-name> | ip dscp <dscp-list>| ip precedence <ip-precedence-list>| vlan <vlan-list>} no match {access-group | ip dscp | ip precedence | vlan } Function: Configure the matching criterion in the class map: the “no match {access-group | ip dscp | ip precedence | vlan }”...
  • Page 317 Example: Create and delete a policy map named “p1”. Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#exit Switch(Config)#no policy-map p1 13.1.2.2.5 class Command: class <class-map-name> no class <class-map-name> Function: Associate a class to a policy map and enter the policy class map mode; the “no class <class-map-name>”...
  • Page 318 Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#set ip precedence 3 Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit 13.1.2.2.7 police Command: police <rate-kbps> policed-dscp-transmit}] police <rate-kbps> policed-dscp-transmit}] Function: Configure a policy to a classified traffic; the “no police <rate-kbps> <burst-kbyte> [exceed-action {drop | policed-dscp-transmit}]” command deletes the specified policy. Parameter: <rate-kbps> is the average baud rate (in kb/s) of classified traffic, range from 1,000 to 10,000,000;...

  • Page 319: Police Aggregate

    no mls qos aggregate-policer <aggregate-policer-name> Function: Define a policy set that can be used in one policy map by several classes; the “no mls qos aggregate-policer <aggregate-policer-name>” command deletes the specified policy set. Parameter: <aggregate-policer-name> is the name of the policy set; <rate-kbps> is the average baud rate (in kb/s) of classified traffic, range from 1,000 to 10,000,000;...

  • Page 320: Mls Qos Trust

    13.1.2.2.10 mls qos trust Command: mls qos trust [cos [pass-through-dscp]|dscp [pass-through-cos]| ip-precedence [pass-through-cos] |port priority <cos>] [no] mls qos trust Function: Configure port trust; the “no mls qos trust” command disables the current trust status of the port. Parameter: cos configures the port to trust CoS value; cos pass-through-dscp configures the port to trust CoS value but does not change packet DSCP value;...
  • Page 321 Command mode: Interface Mode Example: Set the default CoS value of port ethernet 1/1 to 5, i.e., packets coming in through this port will be assigned a default CoS value of 5 if no CoS value present. Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)#mls qos cos 5 13.1.2.2.12 service-policy...

  • Page 322: Queue Bandwidth

    Command mode: Interface Mode Usage Guide: For configuration of DSCP mutation mapping on the port to take effect, the trust status of that port must be “trust DSCP”. Applying DSCP mutation mapping allows DSCP value specified directly convert to new DSCP value without class and policy process.

  • Page 323: Mls Qos Map

    queue mode wrr Function: Queue mode strict configure the queue out. Configure the queue to the output queue queue mode wrr restores wrr queue out Default: non-queue mode. Command mode: Interface Mode Usage Guide: When queue queue out mode is used, packets are no longer sent with WRR weighted algorithm, but send packets queue after queue.
  • Page 324 precedence to DSCP and policed DSCP mapping; the “no mls qos map {cos-dscp dscp-cos ip-prec-dscp | policed-dscp}” command restores the default mapping. Parameter: cos-dscp <dscp1...dscp8> defines the mapping from CoS value to DSCP, <dscp1...dscp8> are the 8 DSCP value corresponding to the 0 to 7 CoS value, each DSCP value is delimited with space, ranging from 0 to 63;...

  • Page 325: Qos Example

    1 2 3 4 5 6 7. Switch(Config)#mls qos map cos-dscp 0 1 2 3 4 5 6 7 13.1.3 QoS Example Scenario 1: Enable QoS function, change the queue out weight of port ethernet 1/1 to 1: 1: 2: 2: 4: 4: 8: 8, and set the port in trust CoS mode without changing DSCP value, and set the default CoS value of the port to 5.
  • Page 326 Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#police 10000 4000 exceed-action drop Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit Switch(Config)#interface ethernet 1/2 Switch(Config-Ethernet1/2)#service-policy input p1 Configuration result: An ACL name 1 is set to matching segment 192.168.1.0. Enable QoS globally, create a class map named c1, matching ACL1 in class map; create another policy map named p1 and refer to c1 in p1, set appropriate policies to limit bandwidth and burst value.

  • Page 327: Qos Troubleshooting Help

    precedence. Thus inside the QoS domain, packets of different priority will go to different queues and get different bandwidth. The configuration steps are listed below: QoS configuration in Switch1: Switch#config Switch(Config)#access-list 1 permit 192.168.1.0 0.0.0.255 Switch(Config)#mls qos Switch(Config)#class-map c1 Switch(Config-ClassMap)#match access-group 1 Switch(Config-ClassMap)# exit Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#class c1...

  • Page 328: Show Mls Qos Interface

    Example: Switch #show mls-qos Qos is enabled Displayed information Qos is enabled 13.1.4.1.2 show mls qos aggregate-policer Command: show mls qos aggregate-policer [<aggregate-policer-name>] Function: Display policy set configuration information for QoS. Parameter: <aggregate-policer-name> is the policy set name. Default: N/A. Command mode: Admin Mode Example: Switch #show mls qos aggregate-policer policer1...
  • Page 329 Example: Switch #show mls qos interface ethernet 1/2 Ethernet1/2 default cos: 0 DSCP Mutation Map: Default DSCP Mutation Map Attached policy-map for Ingress: p1 Displayed information Ethernet1/2 default cos: 0 DSCP Mutation Map: Mutation Map Attached policy-map for Ingress: p1 Switch # show mls qos interface buffers ethernet 1/2 Ethernet1/2 packet number of 8 queue:...

  • Page 330: Show Mls Qos Maps

    Queue and weight type: QType Switch # show mls qos interface policers ethernet 1/2 Ethernet1/2 Attached policy-map for Ingress: p1 Displayed information Ethernet1/2 Attached policy-map for Ingress: p1 Switch # show mls qos interface statistics ethernet 1/2 Device: Ethernet1/2 Classmap classified Displayed information Ethernet1/2...
  • Page 331 IpPrecedence-dscp map: ipprec: 0 1 2 3 4 5 6 7 ------------------------------------- dscp: 0 8 16 24 32 40 48 56 Dscp-cos map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 4 4 4 4 4 4 4 4...
  • Page 332 Displayed information Class map name: c1 Match acl name: 1 13.1.4.1.6 show policy-map Command: show policy-map [<policy-map-name>] Function: Display policy map of QoS. Parameter: < policy-map-name> is the policy map name. Default: N/A. Command mode: Admin Mode Usage Guide: Display all configured policy-map or specified policy-map information. Example: Switch # show policy -map Policy Map p1...

  • Page 333: Web Management

    If the policy is too complex to be configured due to hardware resource limit, error massages will be provided. 13.1.5 Web Management Select QoS configuration and it consist of six sections as following: Enable QoS Class-map configuration Policy-map configuration Apply QoS to port Egress-queue configuration QoS mapping configuration 13.1.5.1 Enable QoS...
  • Page 334 13.1.5.2.1 Add/Remove Class-map Click Add/Remove class-map then entry the configure page. It is equivalent to CLI command 13.1.2.2.2. All sections describe as following: Class - map name Operation type-Create class table and Remove class table. Adding class-map name, specify the class-map name, select Create class table, then click Apply.
  • Page 335 13.1.5.3 Policy-map Configuration Click Policy-map configuration to display the extension, including five sections: Add/Remove policy-map Policy-map priority configuration Policy-map bandwidth configuration Add/Remove aggregate policer Apply aggregate policer 13.1.5.3.1 Add/Remove Policy-map Click Add/Remove policy-map then entry the configure page. It is equivalent to CLI command 13.1.2.2.4.
  • Page 336 13.1.5.3.2 Policy-map Priority Configuration Click Policy-map priority configuration to entry configure page. It is equivalent to CLI command 13.1.2.2.6. All sections describe as following: Policy-map name Class-map name Priority type. DSCP value or IP precedence value Priority value Operation type. Set or Remove. To configure Policy-map priority, select p1 to Policy-map name, input c1 to Class-map name, select IP precedence value to Priority type, input 3 to Priority value, select Set to Operation type, then click Apply.
  • Page 337 drop and policied-dscp-transmit, the latter is by a mapping function between given DSCP and corresponding policy and mark the DSCP into the packet. Operation type-Set or Remove. To configure Policy-map bandwidth configuration, select p1 to Policy-map name, input c1 to Class-map name, all sections choose as default setting, select Set to Operation type, then click Apply.

  • Page 338: Apply Qos To Port

    Click Apply aggregate policer to entry the configure page. It is equivalent to CLI command 13.1.2.2.9. All sections describe as following: Aggregate policer name Policy-map name Class-map name To apply the aggregate policer agg1 by c1 class-map, input the graphic presentation value, then click Add.

  • Page 339: Port Default Cos Configuration

    Default-Will back to startup setting. This command will modify the configuration. The parameter will take effect alternative port trust status and port priority. To configure the port Ethernet 1/1 with trust mode, should set the packet by COS value classification first and keep it without changing DSCP value. Choosing the Ethernet1/1 port and select the cos and pass-through-dcsp for Port trust status, then click Apply.

  • Page 340: Apply Dscp Mutation Mapping

    Operation-Set or Remove Reset-Will set column as startup defaults. This command will not modify the configuration. Apply-Will take effort to all setting. This command will modify the configuration. If would like to set the policy-map in port Ethernet 1/1. Choosing Ethernet1/1 for port and p1 for policy-map;...

  • Page 341: Mapping Cos Values To Egress Queue

    Click Egress-queue WRR weight configuration to entry the configure page. equivalent to CLI command 13.1.2.2.14. All sections describe as following: Port nameWeight for queue 0-7 Operation-Set or Remove Reset-Will set column as startup defaults. This command will not modify the configuration.

  • Page 342: Qos Mapping Configuration

    Click Mapping CoS values to egress queue to entry the configure page. It is equivalent to CLI command 13.1.2.2.16. All sections describe as following: Queue-ID CoS value-Mapping CoS values to Egress queue. Up to 8 queue to be supported. Reset-Will set column as startup defaults. This command will not modify the configuration.

  • Page 343: Dscp Mutation Mapping

    Operation-Set or Remove If would like applying CoS value 2 to map DSCP value 20, it should input the DSCP value 20 in CoS value 2 column, selecting Set for Operation type, then click Apply. 13.1.5.6.2 DSCP-to-CoS Mapping Click DSCP-to-CoS mapping to entry configure page. All sections describe as following: DSCP 1-8-DSCP value CoS Value-DSCP value mapping to CoS value...

  • Page 344: Dscp Mark Down Mapping

    Set for Operation type, then click Apply. 13.1.5.6.4 IP-Precedence-to-DSCP Mapping Click IP-Precedence-to-DSCP mapping to entry the configure page. All sections describe as following: IP-Precedence-IP precedence value 0~7 DSCP-IP precedence value mapping to DSCP value Operation type-Set or Remove If would like to set the IP precedence value 2 mapping to DSCP value 20, it should input the DSCP value 20 in IP precedence value 2 column, selecting Set for Operation type, then click Apply.

  • Page 345: Pbr

    click Apply. 13.2 PBR This chapter describes how to configure the PBR through the examples. 13.2.1 PBR Introduction The PBR (Policy-Based Routing) allows modifying the next hop of the packets according to IP source address, IP destination address, IP precedence, ToS, IP protocol, source port number and destination port number etc.

  • Page 346: Mls Qos

    13.2.2.2 PBR Command 13.2.2.2.1 mls qos Commands: mls qos no mls qos Function: Enable the QoS globally, and the PBR is enabled automatically; The command “no mls qos” disables the QoS and the PBR globally. Command mode: Global Mode Default: The PBR is disabled. Usage Guide: When the QoS is enabled, the PBR is enabled automatically.
  • Page 347 Parameter: access-group <acl-index-or-name> specifies the ACL. The attribute is the ACL number or name. Default: By default, there is no match. Command mode: Class-map Mode Usage Guide: Only one match can be set in one class-map. When the ACL applies to the PBR, the actions of permit and deny are to specify the next hop or not to specify the next hop when IP messages meet the match.
  • Page 348 Command mode: Policy-map Mode Usage Guide: Before create a policy-map class, users must create a policy-map and enter the policy mode; Inside a policy-map, users can set the next hop according to the traffic. The priority of the classes is decided by the sequence of configuration. For example, if class c1 is configured before class c2, c1 has high priority than c2.

  • Page 349: Pbr Example

    Parameter: input <policy-map-name> applies the specified policy-map to the current port for the inbound traffic; output <policy-map-name> applies the specified policy-map to the current port for the outbound traffic. Default: By default, there is no bound policy-map. Command mode: Interface Mode Usage Guide: The port trust and applied port policy-map are mutually exclusive.
  • Page 350 Configuration Result: Set the ACL a1 which includes 2 policies. The first policy allows the traffic which has the source IP address as 192.168.1.0/24. The second policy denies the traffic which has the source IP address as 192.168.1.0/24 and has the destination IP address as 192.168.0.0/16.

  • Page 351: Chapter 14 L3 Forward Configuration

    ES4626/ES4650 can forward IP packets by hardware, the forwarding chip of ES4626/ES4650 has a host route table and default route table. Host route table stores host route connect to the switch directly, default route table stores segment routes (after aggregation algorithm process).

  • Page 352: Layer3 Interface Configuration

    14.1.2 Layer3 interface configuration 14.1.2.1 Layer3 Interface Configuration Task Sequence Create Layer3 Interface Command Global Mode interface vlan <vlan-id> no interface vlan <vlan-id> 14.1.2.2 Layer3 Interface Configuration Commands 14.1.2.2.1 interface vlan Command: interface vlan <vlan-id> no interface vlan <vlan-id> Function: Create a VLAN interface (a Layer3 interface) ; the “no interface vlan <vlan-id>”...

  • Page 353: Ip Forwarding

    Gateway devices can forward IP packets from one subnet to another; such forwarding uses the route to find a path. IP forwarding of ES4626/ES4650 is done with the participation of hardware and wire speed forwarding can be achieved. In addition, flexible management is provided to adjust and monitor forwarding.

  • Page 354: Ip Forwarding Troubleshooting Help

    Usage Guide: This command is used to optimize the aggregation algorithm: if the route table contains no default route, the next hop most frequently referred to will be used to construct a virtual default route to simplify the aggregation result. This method has the benefit of more effectively simplifying the aggregation result.
  • Page 355 0 parameter, 0 timestamp, 0 timestamp replies Sent: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: TcpActiveOpens TcpCurrEstab TcpInErrs...

  • Page 356: Arp

    quench 0 parameter, 0 timestamp, 0 timestamp replies Sent: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: UDP statistics: 14.2.3.1.2...

  • Page 357: Arp Configuration

    Furthermore, ES4626/ES4650 supports the configuration of proxy ARP for some applications. For instance, when an ARP request is received on the port, requesting an IP address in the same IP segment of the port but not the same physical network, if the port enabled proxy ARP, the port would reply to the ARP its own MAC address and forward the actual packets received.

  • Page 358: Arp Forwarding Troubleshooting Help

    Command mode: VLAN Interface Mode Usage Guide: Static ARP entries can be configured in the switch. Example: Configure static ARP for interface VLAN1. Switch(Config-If-Vlan1)#arp 1.1.1.1 00-03-0f-f0-12-34 eth 1/2 14.3.2.2.2 ip proxy-arp Command: ip proxy-arp no ip proxy-arp Function: Enable proxy ARP for VLAN interface; the “no ip proxy-arp” command disables proxy ARP.
  • Page 359 “static” for static ARP entry; “dynamic” for dynamic ARP entry; “count” displays number of ARP entries. Command mode: Admin Mode Usage Guide: Displays the content of current ARP table such as IP address, MAC address, hardware type and interface name, etc. Example: Switch#sh arp Total arp items: 3, matched: 3, Incomplete: 0...

  • Page 360: Debug Arp

    14.3.3.1.3 debug arp Command: debug arp no debug arp Function: Enable the ARP debug function: the “no debug arp” command disables this debug function. Default: ARP debug is disabled by default. Command mode: Admin Mode Usage Guide: Display contents for ARP packets received/sent, including type, source and destination address, etc.

  • Page 361: Chapter 15 Routing Protocol Configuration

    CPU. For this reason, although both routers and switches can perform route selection, layer3 switches have a great advantage over routers in data forwarding. ES4626/ES4650 is a layer3 switch.. The following describes basic theory and methods used in layer3 switch route selection.

  • Page 362: Static Route

    To avoid too large route table, a default route can be set. Once route table lookup fails, the default route will be chosen for forwarding packets. The table below describes the routing protocols supported by ES4626/ES4650 and the default route lookup priority value.

  • Page 363: Introduction To Default Route

    convenient for load balance and route backup. However, it also has its own defects. Static route, as its name indicates, is static. It won’t modify the route automatically on network failure, and manual configuration is required on such occasions, therefore it is not suitable for mid and large-scale networks.

  • Page 364: Static Route Configuration Commands

    Command mode: Global Mode Usage Guide: When configuring the next hop for static route, next hop IP address can be specified for routing packets. The default preference of all route type in ES4626/ES4650 is listed below: Route Type Direct route...

  • Page 365: Show Ip Route

    15.2.3.2.2 show ip route Command: show ip route [dest <destination>] [mask <destMask>] [nextHop <nextHopValue>] [protocol {connected | static | rip| ospf | ospf_ase | bgp | dvmrp}] [<vlan-id>] [preference <pref>] [count] Function: Display the route table. Parameter: <destination> is the destination network address; <destMask> is the mask for destination network;...

  • Page 366: Configuration Scenario

    15.2.4 Configuration Scenario The figure below is a simple network consisting of three ES4626/ES4650 layer3 switches, the network mask for all switches and PC IP addresses is 255.255.255.0. PC1 and PC3 are connected via the static route set in Swtich1 and Switch3; PC3 and PC2 are connected via the static route set in Swtich3 to Switch2;...

  • Page 367: Troubleshooting Help

    Switch(Config)#ip route 10.1.4.0 255.255.255.0 10.1.3.1 Configuration of layer3 switch Switch-2 Switch#config Switch(Config)#ip route 0.0.0.0 0.0.0.0 10.1.3.2 This way, ping connectivity can be established between PC1 and PC3, and PC2 and PC3 15.2.5 Troubleshooting Help 15.2.5.1 Monitor and Debug Commands Command Admin Mode show ip route Use the “show ip route”...
  • Page 368 RIP is first introduced in ARPANET, this is a protocol dedicated to small, simple networks. RIP is a distance vector routing protocol based on the Bellman-Ford algorithm. Network devices running vector routing protocol send 2 kind of information to the neighboring devices regularly: •...

  • Page 369: Rip Configuration

    224.0.0.9). Subnet mask field and RIP authentication filed (simple plaintext password and MD5 password authentication are supported), and support variable length subnet mask. RIP-II used some of the zero field of RIP-I and require no zero field verification. layer3 switches send RIP-II packets in multicast by default, both RIP-I and RIP-II packets will be accepted.
  • Page 370 Disable RIP 1. Enable RIP The basic configuration for running RIP on ES4626/ES4650 is quite simple, usually, the user need only enable RIP and enable sending and receiving RIP packets, i.e., send and receive RIP packets according to default RIP configuration (ES4626/ES4650 send RIP-II packets and receive RIP-I/RIP-II packets by default).
  • Page 371 [no] rip broadcast 2) Configure RIP routing parameters. a. Configure route aggregation Command RIP configuration mode auto-summary no auto-summary b. configure route introduction (default route metric, configure routes of the other protocols to be introduced in RIP) Command RIP configuration mode default-metric <value>...
  • Page 372 authentication <name-of-chain> no ip rip authentication key 3) Configure other RIP parameters a. Configure RIP routing priority b. Configure zero field verification for RIP packets c. Configure timer for RIP update, timeout and hold-down Command RIP configuration mode rip preference <value> no rip preference [no] rip checkzero timer...

  • Page 373: Rip Configuration Commands

    ip rip receive version {1 | 2 | 1 2} no ip rip receive version ip rip receive version none ip rip send version none 4. Disable RIP Command Global Mode no router rip RIP (Routing Information Protocol) is a dynamic interior routing protocol based on distance vector.
  • Page 374 router rip timer basic version show ip protocols show ip rip debug ip rip packet debug ip rip recv debug ip rip send 15.3.2.2.1 auto-summary Command: auto-summary no auto-summary Function: Configure route aggregation; the “no auto-summary” command disables route aggregation. Parameter: N/A.

  • Page 375: Ip Rip Authentication Key

    command to introduce routes of the other protocols without specifying detailed route metric, the default route metric set by “default-metric” command applies. Example: Set the default route metric for introducing routes of the other protocols into RIP to 3. Switch(Config-router-rip)#default-metric 3 Related command: redistribute 15.3.2.2.3 ip rip authentication key...

  • Page 376: Ip Rip Metricin

    Related command: ip rip authentication key 15.3.2.2.5 ip rip metricin Command: ip rip metricin <value> no ip rip metricin Function: Set the additional route metric receiving RIP packets on the interface; the “no ip rip metricin” command restores the default setting. Parameter: <...

  • Page 377: Ip Rip Receive Version

    Related command: no ip rip send version 15.3.2.2.8 ip rip send version none Command: ip rip send version none Function: Disable sending RIP packets on the interface Default: Sending RIP packet is enabled by default. Command mode: Interface Mode Usage Guide: This command is used with the other two commands “ip rip output” and “ip rip work”, “ip rip work”...

  • Page 378: Ip Rip Work

    interface. 15.3.2.2.11 ip rip work Command: ip rip work no ip rip work Function: Configure the interface to run RIP or not; the “no ip rip work” command disables RIP packet sending/receiving on the interface. Default: After enabling RIP, RIP is enabled on the ports by default. Command mode: Interface Mode Usage Guide: This command is equal to “no ip rip send version &...

  • Page 379: Rip Broadcast

    protocols are introduced without metric value, the default metric value is used. Command mode: RIP configuration Mode Usage Guide: Use this command to introduce routes of the other routing protocols as RIP route to improve RIP performance. Example: Set on the route metric of OSPF route to 5, and static route metric to 8. Switch(Config-Router-Rip)#redistribute ospf metric 5 Switch(Config-Router-Rip)#redistribute static metric 8 15.3.2.2.14...

  • Page 380: Router Rip

    default setting. Parameter: < value> is the priority value, ranging from 0 to 255. Default: The default RIP priority is 120. Command mode: RIP configuration mode Usage Guide: Each routing protocol has its own priority, the value of which is decided by the specific routing policy.

  • Page 381: Show Ip Protocols

    Usage Guide: The system advertises RIP update packets every 30 seconds by default. If no update packet form a route is received after 180 seconds, this route is considered to be invalid. However, the route will be kept in the route table for another 120 seconds, and will be deleted after that.

  • Page 382: Show Ip Rip

    Example: Switch#sh ip protocols RIP information rip is turning on default metrict 16 neighbour is: NULL preference is 100 rip version information is: interface send version vlan2 V2BC vlan3 V2BC vlan4 V2BC Displayed information RIP is turning on default metric neighbour is: Preference rip version information...

  • Page 383: Debug Ip Rip Packet

    rip is turning on default metric 16 neighbour is preference is 100 Displayed information rip is turning on default metric 16 neighbour is preference is 100 15.3.2.2.22 debug ip rip packet Command: debug ip rip packet no debug ip rip packet Function: Enable the RIP packet debug function for sending/receiving: the “no debug IP packet”...

  • Page 384: Debug Ip Rip Recv

    00: 04: 20: start at 260********************* received a rip packet from rip packet cmd : 2 version: 1 15.3.2.2.23 debug ip rip recv Command: debug ip rip recv no debug ip rip recv Function: Enable the RIP packet debug function for receiving: the “no debug ip rip recv” command disables the debug function.

  • Page 385: Typical Rip Scenario

    command disables the debug function. Default: Debug is disabled by default. Command mode: Admin Mode Example: Switch#debug ip rip send 00: 02: 50: start at 170********************* send packets to 11.11.11.2 packet header: cmd: response, version: 1 dest 159.226.0.0 00: 02: 50: start at 170********************* send packets to 159.226.255.255 packet header: cmd: response, version: 1...
  • Page 386 Configuration of layer3 switch SwitchA !Configuration of the IP address for interface vlan1 SwitchA#config SwitchA(Config)# interface vlan 1 SwitchA(Config-If-Vlan1)# ip address 10.1.1.1 255.255.255.0 SwitchA (Config-If-vlan1)#exit !Configuration of the IP address for interface vlan2 SwitchA(Config)# interface vlan 2 SwitchA(Config-If-vlan2)# ip address 20.1.1.1 255.255.255.0 !Enable RIP SwitchA(Config)#router rip SwitchA(Config-router-rip)#exit...

  • Page 387: Rip Troubleshooting Help

    SwitchC(Config-If-vlan2)# ip address 20.1.1.2 255.255.255.0 SwitchC (c config-If-vlan2)#exit !Enable RIP SwitchC(Config)#router rip SwitchC(Config-router-rip)#exit !Enable vlan2 to send/receive RIP packets SwitchC(Config)#interface vlan 2 SwitchC (Config-If-vlan2)#ip rip work SwitchC (Config-If-vlan2)exit SwitchC(Config)#exit SwitchC# 15.3.4 RIP Troubleshooting Help 1. Monitor and Debug Commands 2. RIP Troubleshooting Help 15.3.4.1 Monitor and Debug Commands Command Admin Mode...
  • Page 388 Explanation to displayed information: Displayed information Automatic network summarization is not in effect default metric for redistribute is : 16 neigbour is preference is : 100 (2)show ip route The “show ip route” command can be used to display the information about RIP routes in the route table: destination IP addresses, network masks, next hop IP addresses, and forwarding interfaces, etc.

  • Page 389: Ospf

    Displayed information Automatic network summarization is not in effect default metric for redistribute is : neigbour is: Preference RIP version information 15.3.4.2 RIP Troubleshooting Help In configuring and using RIP, the RIP may fail to run properly due to reasons such as physical connection failure or wrong configurations.
  • Page 390 algorithm to generate a route table based on that database. Autonomous system (AS) is a self-managed interconnected network. In large networks, such as the Internet, a giant interconnected network is broken down to autonomous systems. Big enterprise networks connecting to the Internet are independent AS, since the other host on the Internet are not managed by those AS and they don’t share interior routing information with the layer3 switches on the Internet.
  • Page 391 autonomous system, they can be grouped as internal switches, edge switches, AS edge switches and backbone switches). OSPF supports load balance and multiple routes to the same destination of equal costs. OSPF supports 4 level routing mechanisms (process routing according to the order of route inside an area, route between areas, first category exterior route and second category exterior route).

  • Page 392: Ospf Configuration

    to be configured as STUB areas to reduce the topology database size. Type4 LSA (ASBR summary LSA) and type5 LSA (AS exterior LSA) are not allowed to flood into/through STUB areas. STUB areas must use the default routes, the layer3 switches on STUB area edge advertise the default routes to STUB areas by summary LSA, those default routes flood inside STUB only and will not get out of STUB area.
  • Page 393 a. Configure OSPF packet verification b. Set the OSPF interface to receive only c. Configure the cost for sending packets from the interface d. Configure OSPF packet sending timer parameter (timer of broadcast interface sending HELLO packet to poll, timer of neighboring layer3 switch invalid timeout, timer of LSA transmission delay and timer of LSA retransmission.
  • Page 394 ip ospf enable area <area_id> no ip ospf enable area 2. Configure OSPF sub-parameters (1) Configure OSPF packet sending mechanism parameters a. Configure OSPF packet verification b. Set the OSPF interface to receive only c. Configure the cost for sending packets from the interface Command Interface Mode ip ospf authentication { simple...
  • Page 395 default redistribute tag <tag> no default redistribute tag default redistribute cost <cost> no default redistribute cost default redistribute <time> no default redistribute interval default redistribute limit <routes> no default redistribute limit b. Configure the routes of the other protocols to introduce to OSPF. Command OSPF protocol configuration mode redistribute...

  • Page 396: Ospf Configuration Commands

    virtuallink neighborid transitarea <area_id> <time> deadinterval [ retransmit <time> ] [ transitdelay <time> ] no virtuallink neighborid <router_id> transitarea <area_id> d. Configure the priority of the interface when electing designated layer3 switch (DR). Command Interface Mode ip ospf priority <priority> no ip ospf priority 3.

  • Page 397: Default Redistribute Cost

    router ospf stub cost virtuallink neighborid show ip ospf show ip ospfase show ip ospf cumulative show ip ospf database show ip ospf interface show ip ospf neighbor show ip ospf routing show ip ospf virtual-links show ip protocols debug ip ospf event debug ip ospf lsa debug ip ospf packet debug ip ospf spf...

  • Page 398: Default Redistribute Limit

    Command Mode: OSPF protocol configuration mode Usage Guide: OSPF introduces exterior routing information regularly and advertise the information throughout the autonomous system. This command is used to modify the interval for introducing exterior routing information. Example: Set the interval in OSPF for introducing exterior routes to 3 second. Switch(Config-Router-Ospf)#default redistribute interval 3 15.4.2.2.3 default redistribute limit...

  • Page 399: Default Redistribute Type

    15.4.2.2.5 default redistribute type Command: default redistribute type { 1 | 2 } no default redistribute type Function: Set the default route type(s) for exterior routes introduction; the “no default redistribute type” command restores the default setting. Parameter: 1 and 2 stand for type1 and type2 exterior routes, respectively. Default: The system assumes to introduce Type2 exterior routes by default.

  • Page 400: Ospf Enable Area

    Function: Set the cost for running OSPF on the interface; the “no ip ospf cost” command restores the default setting. Parameter: < cost> is the OSPF cost, ranging from 1 to 65535. Default: The default cost for OSPF protocol is 1. Command mode: Interface Mode Example: Set the OSPF route cost of interface vlan1 to 3.
  • Page 401 Example: Specify interface vlan1 to area 1. Switch(Config-If-Vlan1)#ip ospf enable area 1 15.4.2.2.10 ip ospf hello-interval Command: ip ospf hello-interval <time> no ip ospf hello-interval Function: Configure the interval for sending HELLO packets from the interface; the “no ip ospf hello-interval” command restores the default setting. Parameter: <time>...

  • Page 402: Ip Ospf Priority

    15.4.2.2.12 ip ospf priority Command: ip ospf priority <priority> no ip ospf priority Function: Set the priority of the interface in “designated layer3 switch” (DR) election; the “no ip ospf priority” command restores the default setting. Parameter: < priority> is the priority value, ranging from 0 to 255. Defaulted: The priority of the interface when electing designated layer3 switch is 1.
  • Page 403 Command: ip ospf tranmsit-delay <time> no ip ospf transmit-delay Function: Set the delay time before sending link-state advertisement (LSA); the “no ip ospf transmit-delay” command restores the default setting. Parameter: <time> is the delay time for the link-state advertisement transmission in seconds, ranging from 1 to 65535.

  • Page 404: Redistribute Ospfase

    default setting. Parameter: ase means the priority is used when introducing exterior routes outside the AS; <preference > is the priority value ranging from 1 to 255. Default: The default priority of OSPF protocol is 110; the default priority to introduce exterior route is 150.

  • Page 405: Router Ospf

    OSPF is selected to be the layer3 switch ID number ES4626/ES4650 layer3 switch used the first UP layer3 interface in the switch as the router id by default. If no IP address is configured in all interfaces of the layer3 switch, this command must be used to specify the layer3 switch ID number, otherwise OSPF would not work.

  • Page 406: Virtuallink Neighborid

    Usage Guide: An area can be configured to a STUB area if the area has only one egress point (connect to one layer3 switch only), or need not select egress point for each exterior destination. Type4 LSA (ASBR summary LSA) and type5 LSA (AS exterior LSA) are not allowed to flood into/through STUB areas, this saves the resource for processing exterior routing information for layer3 switches inside the area.

  • Page 407: Show Ip Ospf Ase

    Example: Switch#show ip ospf my router ID is 11.11.4.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 0 interface count: 1 80times spf has been run for this area net range: LSRefreshTime is1800 area ID 1 interface count: 1 41times spf has been run for this area net range: netid11.11.3.255...

  • Page 408: Show Ip Ospf Cumulative

    Displayed information Destination AdvRouter NextHop SeqNumber Type Cost 15.4.2.2.24 show ip ospf cumulative Command: show ip ospf cumulative Function: Display OSPF statistics. Default: Not displayed. Command mode: Admin Mode Example: Switch#show ip ospf cumulative IO cumulative type HELLO 1048 LS Req LS Update LS Ack ASE count...

  • Page 409: Show Ip Ospf Database

    AS internal route 4 AS external route 0 Displayed information IO cumulative type Areaid 15.4.2.2.25 show ip ospf database Command: show ip ospf database [ {asb-summary| external | network | router | summary} ] Function: Display OSPF link-state database information. Default: Not displayed.
  • Page 410 LS ID ADV rtr (Net's IP) 11.11.1.0 11.11.4.1 11.11.2.255 11.11.4.1 11.11.3.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) Area 2>>>>>>>> Area ID: 1 LS ID ADV rtr (Router ID) 11.11.2.1 11.11.2.1 14.14.14.1 14.14.14.1 11.11.4.1 11.11.4.1 Router LSA 11.11.2.1 11.11.2.1 14.14.14.1 14.14.14.1 11.11.4.1...

  • Page 411: Show Ip Ospf Interface

    (Ext Net's IP) Displayed information OSPF router ID Area 1>>>>>>>> Area ID: 0 Router LSAs Network LSAs Summary Network LSAs ASBR Summary LSAs 15.4.2.2.26 show ip ospf interface Command: show ip ospf interface <interface> Function: Display OSPF interface information. Parameter: <interface> stands for the interface name. Default: Not displayed.

  • Page 412: Show Ip Ospf Neighbor

    Type Priority Transit Delay Authentication key Timer: Hello、Poll、Dead、Retrans Number of Neigbors Nubmer of Adjacencies Adjacencies 15.4.2.2.27 show ip ospf neighbor Command: show ip ospf neighbor Function: Display OSPF neighbor node information. Default: Not displayed. Command mode: Admin Mode Usage Guide: OSPF neighbor information can be checked by the output of this command.

  • Page 413: Show Ip Ospf Routing

    interface ip 52.1.1.1 area id 0 interface ip 100.1.1.1 area id 0 interface ip 110.1.1.1 area id 0 interface ip 150.1.1.1 area id 0 router id 12.2.0.0 router ip addr 150.1.1.2 state NFULL priority 0 DR 150.1.1.1 BDR 0.0.0.0 last hello 59011 last exch 49607 Displayed information interface ip...
  • Page 414 Destination Cost Dest Type Displayed information AS internal routes AS external routes Destination Area Cost Dest Type Next Hop ADV rtr 15.4.2.2.29 show ip ospf virtual-links Command: show ip ospf virtual-links Function: Display OSPF virtual link information. Default: Not displayed. Command mode: Admin Mode Example: Switch#show ip ospf virtual-links...

  • Page 415: Debug Ip Ospf Event

    7times spf has been run for this area net range: LSRefreshTime is1800 RIP information rip is shutting down Displayed information OSPF is running My router ID Preference Ase perference Export metric Export tag Area ID Interface count N times spf has been run for this area Net range LSRefreshTime 15.4.2.2.31...

  • Page 416: Debug Ip Ospf Packet

    Command mode: Admin Mode 15.4.2.2.33 debug ip ospf packet Command: debug ip ospf packet no debug ip ospf packet Function: Enable the OSPF packet debug function; the “no debug ip ospf packet” command disables this debug function. Default: Debug is disabled by default. Command mode: Admin Mode Example: Switch#debug ip ospf packet...

  • Page 417: Typical Ospf Scenario

    Typical OSPF Scenario Scenario 1: OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five ES4626/ES4650 layer3 switches for example, where layer3 switch Switch1 and Switch5 make up OSPF area 0, layer3 switch Switch2 and Switch3 form OSPF area 1 (assume vlan1 interface of layer3 switch Switch1 belongs to area 0), layer3 switch Switch4 forms OSPF area2 (assume vlan2 interface of layer3 Switch5 belongs to area 0).
  • Page 418 Switch1(Config)#interface vlan2 Switch1 (Config-if-vlan2)#ip ospf enable area 0 Switch1 (Config-if-vlan2)#exit Switch1(Config)#exit Switch1# Layer3 switch Switch2: !Configure the IP address for interface vlan1 and vlan2. Switch2#config Switch2(Config)# interface vlan 1 Switch2(Config-if-vlan1)# ip address 10.1.1.2 255.255.255.0 Switch2(Config-if-vlan1)#no shut-down Switch2(Config-if-vlan1)#exit Switch2(Config)# interface vlan 3 Switch2(Config-if-vlan3)# ip address 20.1.1.1 255.255.255.0 Switch2(Config-if-vlan3)#no shut-down Switch2(Config-if-vlan3)#exit...
  • Page 419 Switch3(Config-if-vlan3)#exit Switch3(Config)#exit Switch3# Layer3 switch Switch4: !Configuration of the IP address for interface vlan3 Switch4#config Switch4(Config)# interface vlan 3 Switch4(Config-if-vlan3)# ip address30.1.1.2 255.255.255.0 Switch4(Config-if-vlan3)#no shut-down Switch4(Config-if-vlan3)#exit !Enable OSPF protocol, configure the OSPF area interfaces vlan3 resides in. Switch4(Config)#router ospf Switch4(Config-router-ospf)#exit Switch4(Config)#interface vlan 3 Switch4(Config-if-vlan3)#ip ospf enable area 0 Switch4(Config-if-vlan3)#exit...
  • Page 420 Switch5(Config)#exit Switch5# Scenario 2: Typical OSPF protocol complex topology. SW I TCH1 SW I TCH2 Dom ai n 1 SW I TCH9 SW I TCH12 Dom ai n 3 Fig 15-4 Typical complex OSPF autonomous system. The figure is a typical complex OSPF autonomous system network topology. Area1 include network N1-N4 and layer3 switch Switch1-Switch4, area2 include network N5-N7 and layer3 switch Switch7, Switch8, Switch10 and Switch11, area3 include N8-N10, host H1 and layer3 switch Switch9, Switch11 and Switch12, and network N8-N10 share a...
  • Page 421 network N11 and N15. In addition, layer3 switch Switch3 and Switch4 must summary the topology of area 1 to the backbone area (area 0, all non-0 areas must be connected via area 0, direct connections are not allowed), and advertise the networks in area 1 (N1-N4) and the costs from Switch3 and Switch4 to those networks.
  • Page 422 Switch1(Config-If-Vlan2)exit !Configuration of the IP address and area number for interface vlan1 Switch1(Config)# interface vlan 1 Switch1(Config-If-Vlan1)#ip address 20.1.1.1 255.255.255.0 Switch1(Config-If-Vlan1)#ip ospf enable area 1 Switch1(Config-If-Vlan1)#exit 2)Switch2: !Configuration of the IP address for interface vlan2 Switch2#config Switch2(Config)# interface vlan 2 Switch2(Config-If-Vlan2)# ip address 10.1.1.2 255.255.255.0 Switch2(Config-If-Vlan2)#exit !Enable OSPF protocol, configure the area number for interface vlan2.
  • Page 423 Switch3(Config-If-Vlan2)#exit !Configuration of the IP address and area number for interface vlan3 Switch3(Config)# interface vlan 3 Switch3(Config-If-Vlan3)#ip address 20.1.3.1 255.255.255.0 Switch3(Config-If-Vlan3)#ip ospf enable area 1 Switch3(Config-If-Vlan3)#exit !Configuration of the IP address and area number for interface vlan1 Switch3(Config)# interface vlan 1 Switch3(Config-If-Vlan1)#ip address 10.1.5.1 255.255.255.0 Switch3(Config-If-Vlan1)#ip ospf enable area 0 !Configure MD5 key authentication.

  • Page 424: Ospf Troubleshooting Help

    15.4.4 OSPF Troubleshooting Help 1. Monitor and Debugging Commands 2. OSPF Troubleshooting Help 15.4.4.1 Monitor and Debugging Commands Command Admin Mode Show interface status Show ip ospf Show ip route Show ip ospf ase Show ip ospf cumulative Show ip ospf database Show ip ospf interface Show ip ospf neighbor Show ip ospf routing...
  • Page 425 (1)show ip ospf Example: Switch#show ip ospf my router ID is 11.11.4.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 0 interface count: 1 80times spf has been run for this area net range: LSRefreshTime is1800 area ID 1 interface count: 1 41times spf has been run for this area net range:...
  • Page 426 A 5.1.2.0 255.255.255.0 A 5.1.3.0 255.255.255.0 A 5.1.4.0 255.255.255.0 A 5.1.5.0 255.255.255.0 A 5.1.6.0 255.255.255.0 A 5.1.7.0 255.255.255.0 A 5.1.8.0 255.255.255.0 A 5.1.9.0 255.255.255.0 A 5.1.10.0 255.255.255.0 A 5.1.11.0 255.255.255.0 A 5.1.12.0 255.255.255.0 A 5.1.13.0 255.255.255.0 A 5.1.14.0 255.255.255.0 A 5.1.15.0 255.255.255.0 A 5.1.16.0 255.255.255.0...
  • Page 427 IO cumulative type HELLO 1048 LS Req LS Update LS Ack ASE count checksum 0 original LSA 340 LS_RTR 179 LS_ASE 0 received LSA 325 Areaid 0 nbr count 1 interface count 1 spf times 120 DB entry count 6 LS_RTR 2 LS_NET 2 LS_SUM_NET 3 LS_SUM_ASB 0 LS_ASE 3 Areaid 1 nbr count 2...
  • Page 428 11.11.4.1 11.11.4.1 11.11.4.2 11.11.4.2 Router LSA 11.11.4.1 11.11.4.1 11.11.4.2 11.11.4.2 LS ID ADV rtr (DR's IP) 11.11.4.2 11.11.4.2 LS ID ADV rtr (Net's IP) 11.11.1.0 11.11.4.1 11.11.2.255 11.11.4.1 11.11.3.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) Area 2>>>>>>>> Area ID: 1 LS ID ADV rtr (Router ID)
  • Page 429 11.11.1.1 11.11.4.1 11.11.1.3 14.14.14.1 LS ID ADV rtr (Net's IP) 11.11.4.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) LS ID Route type ADV rtr Age Sequence Cost Checksu (Ext Net's IP) Displayed information OSPF router ID Area 1>>>>>>>> Area ID: 0 Router LSAs Network LSAs Summary Network LSAs...
  • Page 430 Area Net type cost State Type Priority Transit Delay Authentication key Timer: Hello、Poll、Dead、Retrans Number of Neigbors Nubmer of Adjacencies Adjacencies (7)show ip ospf neighbor The “show ip ospf neighbor” command can be used to display information about the neighbor OSPF layer3 switches. For example, displayed information can be: Switch#show ip ospf neighbor interface ip 12.1.1.1...
  • Page 431 state NFULL priority 0 DR 150.1.1.1 BDR 0.0.0.0 last hello 66289 last exch 49607 Displayed information interface ip area id router id router ip addr state priority last hello last exch (8)show ip ospf routing The “show ip ospf routing” command can be used to display information about the OSPF route table.
  • Page 432 For example, displayed information can be: Switch#show ip ospf virtual-links no virtual-link (10)show ip protocols “show ip protocols” command can be used to display the information of the routing protocols running in the switch. For example, displayed information can be: Switch#sh ip protocols OSPF is running.

  • Page 433: Web Management

    All interface and link protocols are in the UP state (use “show interface status” command). Then IP addresses of different network segment should be configured in all interfaces. Enable OSPF(use “router rip” command) first, then configure OSPF areas for appropriate interfaces to reside in. Next, note the nature of OSPF –...

  • Page 434: Rip

    15.5.2 Click RIP configuration. Users can configure RIP: Enable RIP – Enable RIP, including: Enable RIP – Enable RIP Enable port to receive/transmit RIP packet – Configure the port to receive/transmit RIP packet RIP parameter configuration – Configure RIP parameters, including: Enable imported route –...
  • Page 435 the equivalent CLI command at 15.3.2.2.11 The explanation of each field is as below: Port – Port name Enable port to receive/transmit RIP packet – set; cancel For example: Disable to receive/transmit RIP packet on vlan2. Select vlan1; select vlan1; select cancel, and then click Apply.
  • Page 436 15.5.2.5 RIP port configuration Click RIP port imported route. The configuration page is shown. The explanation of each field is as below: Port – Specify the port Receiving RIP version – Configure receiving RIP version on the port: version 1, version 2 and version 1 and 2.
  • Page 437 15.5.2.6 Global RIP mode configuration Click RIP mode configuration. The configuration page is shown. The explanation of each field is as below: Set receiving/sending RIP version for all ports – Configure receiving/sending RIP version for all ports: version1, version2 and Cancel (default version). See the equivalent CLI command at 15.3.2.2.19 Auto-summary –...

  • Page 438: Ospf

    15.5.2.7 RIP timer configuration Click RIP timer configuration. The configuration page is shown. See the equivalent CLI command at 15.3.2.2.18 The explanation of each field is as below: Update timer – Update packet timer Invalid timer – RIP route invalid timer Holddown timer –...

  • Page 439: Ospf Network Range Configuration

    15.5.3.1.1 Enable/disable OSPF Click OSPF enable. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.19 The explanation of each field is as below: OSPF enable - OSPF enable; OSPF disable Reset – Clear the selection For example: Enable OSPF protocol. Select OSPF enable, and then click Apply. 15.5.3.1.2 OSFP Router-ID configuration Click Router-ID configuration.

  • Page 440: Configure Ospf Area For Port

    15.5.3.1.4 Configure OSPF area for port Click OSPF area configuration for port. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.9 The explanation of each field is as below: Vlan port – Vlan port list Area ID – Area ID Reset –...
  • Page 441 For example: Set OSFP port Vlan1 to use MD5 authentication with the password of 123abc and with KeyID of 1. Select Vlan Port to Vlan1; set Authentication mode to MD5; set Authentication key to 123abc; set KeyID to 1, and then click Apply. 15.5.3.2.2 OSPF passive interface configuration Click Passive interface configuration.

  • Page 442: Ospf Imported Route Parameter Configuration

    Sending link-state packet delay – Configure sending link-state packet delay on the port. See the equivalent CLI command at 18.4.2.2.14 Sending link-state packet retransmit interval – Specify sending link-state packet retransmit interval to neighbor router. See the equivalent CLI command at 15.4.2.2.13 Reset - Reset Default - Restore the default value.

  • Page 443: Import External Routing Information

    15.5.3.3.2 Import configuration Click Import external routing information. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.17. The explanation of each field is as below: Imported type – Configure imported route type: Static, RIP, connected,BGP Type – Specify - Set default imported route type. 1 and 2 stand for Type 1 external route and Type 2 external route.

  • Page 444: Ospf Virtual Link Configuration

    Priority – set priority value 15.5.3.4.2 OSPF STUB area and default route cost configuration Click OSPF STUB area and default route cost. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.20 The explanation of each field is as below: Cost –...

  • Page 445: Port Dr Priority Configuration

    15.5.3.4.4 Port DR priority configuration Click Port DR priority configuration. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.12 The explanation of each field is as below: Vlan Port – Specify Vlan port Priority – Specify priority 15.5.3.5 OSPF debug Click OSPF debug.

  • Page 447: Chapter 16 Multicast Protocol Configuration

    Chapter 16 Multicast Protocol Configuration 16.1 Multicast Protocol Overview 16.1.1 Introduction to Multicast When sending information (including data, voice and video) to a small number of users in the network, there are several ways of transmission, for instance, the unicast method that establish a separate data transmission channel for each user or the broadcast method sending information to all users in the network regardless of whether they need the information or not.

  • Page 448: Multicast Address

    16.1.2 Multicast Address The multicast packets uses Class D IP address as their destination addresses, ranging from 224.0.0.0 to 239.255.255.255. Class D addresses cannot be used in the source IP address field of an IP packet. In unicast, the path a packet travels is from the source address to the destination address, and the packet is transfer in the network hop-by-hop.

  • Page 449: Ip Multicast Packets Forwarding

    224.0.0.18 VRRP When transferring unicast IP packets on Ethernet, the destination MAC address is the MAC of the receiver. However, in transferring multicast packets, as the destination is no longer one specific recipient but a group with unknown members, the destination address used Is the multicast MAC address.

  • Page 450: Common Multicast Configurations

    multicast feature can be conveniently used to provide some new value-added services, including online live broadcast, network TV, remote education, remote medical service, network radio, realtime video/audio meeting that can be summarized in the following three fields: Multimedia and stream application. Data warehouse and financial (like stocks) application.

  • Page 451: Pim-Dm

    239.255.0.1 1.1.1.100 Switch # Displayed information Explanation Name The interface list used by the multicast protocol and basic information for the interfaces. Index Index number for the interface Group Multicast forwarding entry group address Origin Multicast forwarding entry source address Multicast forwarding entry ingress interface Wrong The number of multicast packets (to this forwarding entry) from...

  • Page 452: Pim-Dm Configuration

    upstream nodes to inform the upstream node that no more forwarding for that multicast group is necessary. The upstream nodes will delete the corresponding interface, multicast forwarding entry(S,G), from the outgoing interface list. Hence a shortest path tree (SPT) rooted by source S is established. The prune process is initiated by leaf routers first. The above procedures are referred to as the Flooding-Prune process.
  • Page 453 Command Interface Mode ip pim dense-mode no ip pim dense-mode 2. Configure PIM-DM sub-parameters Configure PIM-DM interface parameters a. Configure PIM-DM HELLO packet interval Command Interface Mode ip pim hello-interval <hello-interval-seconds> no ip pim hello-interval 3. Disable PIM-DM protocol Command Interface Mode no ip pim dense-mode 16.3.2.2 PIM-DM Configuration Commands...

  • Page 454: Typical Pim-Dm Scenario

    Parameter: N/A. Default: PIM-DM protocol is disabled by default. Command mode: Interface Mode Usage Guide: Example: Enable PIM-DM protocol on interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip pim dense-mode 16.3.2.4 ip pim hello-interval Command: ip pim hello-interval <hello-interval-seconds> no ip pim hello-interval Function: Set interval for sending PIM-DM HELLO packets in the interface;...

  • Page 455: Pim-Dm Troubleshooting Help

    SWITCHA Et her net 1/ 2 vl an1 Fig 16-1 Typical PIM-DM environment The followings are the configurations of SwitchA and SwitchB. (1) Configuration of SwitchA: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim dense-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan2 Switch(Config-If-Vlan1)# ip pim dense-mode (2) Configuration of SwitchB: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim dense-mode...

  • Page 456: Show Ip Pim Mroute Dm

    show ip pim interface debug ip pim 16.3.4.1.1 show ip pim mroute dm Command: show ip pim mroute dm Function: Display the PIM-DM packet forwarding entry Parameter: N/A. Default: No display by default. Command mode: Admin Mode Usage Guide: This command is used to display PIM-DM multicast forwarding entries, or the forwarding entries in the system FIB table for forwarding multicast packets.

  • Page 457: Show Ip Pim Neighbor

    Displayed information (5.1.1.100, 225.0.0.1) Incoming interface Outgoing interface list Prune interface list 16.3.4.1.2 show ip pim neighbor Command: show ip pim neighbor [<ifname>] Function: Display information for neighbors of the PIM interface. Parameter: <ifname> is the interface name, i.e. display PIM neighbor information of the specified interface.

  • Page 458: Debug Ip Pim

    Parameter: <ifname> is the interface name, i.e. display PIM information of the specified interface. Default: PIM information is displayed by default on all interfaces. Command mode: Admin Mode Example: Display PIM information of interface vlan 1. Switch#sh ip pim interface vlan 1 Interface Vlan1 : 2.1.1.2 owner is pimdm, Vif is 1, Hello Interval is 30 Neighbor-Address Interface...

  • Page 459: Pim-Sm

    16.3.4.2 PIM-DM Troubleshooting Help In configuring and using PIM-DM protocol, the PIM-DM protocol may fail to run properly due to reasons such as physical connection failure or wrong configurations. The user should ensure the following: Good condition of the physical connection. All interface and link protocols are in the UP state (use “show interfaces status”...

  • Page 460: Pim-Sm Configuration

    leaf router and the RP will created a (*, G) entry in their forwarding table, indicating packets sent by any source to multicast group G applies to this entry. When RP receives a packet sending to multicast group G, the packet will move along the established route to reach the leaf router and the host.
  • Page 461 1) Configure PIM-SM HELLO packet interval 2) Configure a interface as the PIM-SM area border (2) Configure PIM-SM global parameters Configure a switch as the candidate BSR. Configure a switch as the candidate RP. 3. Disable PIM-SM protocol 1. Enable PIM-SM protocol Basic configuration of PIM-SM routing protocol on Route switch is quite simple: just enable PIM-SM in the appropriate interfaces.
  • Page 462 ip pim bsr-candidate <ifname> [hashlength] [Priority] no ip pim bsr-candidate Configure a switch as the candidate RP. Command Interface Mode ip pim rp-candidate <ifname> [group-list access-list] [interval interval] no ip pim rp-candidate [<ifname>] 3. Disable PIM-SM protocol Command Interface Mode no ip pim sparse-mode 16.4.2.2 PIM-SM Configuration Commands ip pim sparse-mode...
  • Page 463 16.4.2.2.1 ip pim sparse-mode Command: ip pim sparse-mode no ip pim sparse-mode Function: Enable PIM-SM protocol on the interface; the “no ip pim sparse-mode” command disables PIM-SM protocol on the interface. Parameter: N/A. Default: PIM-SM protocol is disabled by default. Command mode: Interface Mode Example: Enable PIM-SM protocol on interface vlan1.
  • Page 464 Parameter: <hello-interval-second> is the interval for sending PIM HELLO packets, ranging from 1 to 18724s. Parameter: The default interval for sending PIM HELLO is 30s. Command mode: Interface Mode Usage Guide: The HELLO message enables PIM-DM switches to locate each other and establish the neighborhood.

  • Page 465: Typical Pim-Sm Scenario

    command cancels the RP configuration. Parameter: <ifname> is the name of specified interface; access-list is the number of group range list can be used as the RP in the switch, ranging from 1 to 99, if this parameter is omitted, the router can work as the RP for all multicast groups;...
  • Page 466 The followings are the configurations of SWITCHA, SWITCHB, SWITCHC, and SWITCHD. (1) Configuration of SWITCHA: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-If-Vlan2)# ip pim sparse-mode (2) Configuration of SWITCHB: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2...

  • Page 467: Pim-Sm Troubleshooting Help

    16.4.4 PIM-SM Troubleshooting Help 16.4.4.1 Monitor and Debug Commands 16.4.4.1.1 show ip pim bsr-router Command: show ip pim bsr-router Function: Display pim bsr-router information. Parameter: N/A. Default: No display by default. Command mode: Admin Mode Example: Display pim bsr-router information. Switch #show ip pim bsr-router Switch # PIMv2 Bootstrap information...

  • Page 468: Show Ip Pim Mroute Sm

    Switch #show ip pim interface vlan2 Switch # Interface Vlan2 : 192.3.1.2 owner is pimsm, Vif is 1, Hello Interval is 30, pim sm jp interval is (60) Neighbor-Address Interface 192.3.1.3 Vlan2 Switch # Displayed information Interface (the former) owner Hello Interval jp interval Neighbor-Address...
  • Page 469 Outgoing interface list: (Vlan2), protos: 0x2, UpTime: 00: 10: 18, Exp: 00: 03: 18 Switch # Displayed information (192.1.1.1, 225.0.0.1) Incoming interface Outgoing interface list 16.4.4.1.4 show ip pim neighbor Command: show ip pim neighbor [<ifname>] Function: Display information for neighbors of the PIM interface. Parameter: <ifname>...

  • Page 470: Show Ip Pim Rp

    16.4.4.1.5 show ip pim rp Command: show ip pim rp [mapping | group-address] Function: Display PIM RP related information Parameter: mapping displays the group address and RP association. group-address is the group address. Default: No display by default. Command mode: Admin Mode Function: Display the RP information for PIM area 226.1.1.1.

  • Page 471: Debug Ip Pim Bsr

    16.4.4.1.7 debug ip pim bsr Command: debug ip pim bsr Function: Enable the PIM candidate RP/BSR informaiton debug function; the “no” format of the command disables this debug function. Parameter: N/A. Default: Disabled. Command mode: Admin Mode Usage Guide: If detailed information about PIM candidate RP/BSR packets, etc. is required, this debug command can be used.

  • Page 472: Dvmrp

    16.5 DVMRP 16.5.1 Introduction to DVMRP Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast routing protocol. It employs a RIP like route exchange mechanism to establish a forwarding broadcast tree for each source, then a truncated broadcast tree (short path tree to the source) will be created by dynamic pruning/grafting.

  • Page 473: Dvmrp Configuration

    way like the RIP. That is to say, route advertisements are sent between DVMRP neighbors periodically (every 60 seconds by default). The routing information in the DVMRP route selection table is used to establish the source distribution tree, which can be used to determine which neighbor can reach the source sending multicast information.
  • Page 474 [no] ip dvmrp 2. Configure connectivity with CISCO routers/switches CISCO does not really implemented DVMRP, but provides connectivity with DVMRP. As CISCO routers/switches send report packet but not probe packets, neighbor timeout issue should be addressed in establish connectivity with CISCO routers/switches. The following command makes a DSRS-5950 switch to decide the timeout of a neighbor by report packet intervals.

  • Page 475: Dvmrp Configuration Commands

    dvmrp report-interval <time_val> no ip dvmrp report-interval d. Configuring DVMRP route timeout time Command Global Mode ip dvmrp route-timeout <time_val> no ip dvmrp route-timeout 4. Configure DVMRP tunneling Command Interface Mode dvmrp tunnel <A.B.C.D> [metric <metric_val>] no ip dvmrp tunnel <A.B.C.D> 5.
  • Page 476 16.5.2.2.1 ip dvmrp cisco-compatible Command: ip dvmrp cisco-compatible <A.B.C.D> no ip dvmrp cisco-compatible <A.B.C.D> Function: Enable connectivity with CISCO neighbor A, B, C, D; the “no ip dvmrp cisco-compatible” command disables connectivity with CISCO neighbors. Parameter: <A.B.C.D> are the Neighboring IP addresses Default: The connectivity with CISCO neighbors is disabled by default.

  • Page 477: Ip Dvmrp Metric

    graft-interval” command restores the default setting. Parameter: <time_val> is the interval for sending DVMRP graft packets, ranging from 5 to 3600s. Parameter: The default interval for sending DVMRP graft messages is 5s. Command mode: Global Mode Usage Guide: If a new receiver joins that interface when an interface is in the pruned state, the interface will send a graft message to the upstream;...
  • Page 478 Usage Guide: When neighborhood established in DVMRP, a neighbor is considered nonsexist if no probe message from that neighbor is received in the neighbor timeout interval, and the neighborhood is terminated. Neighbor timeout interval must be greater than the interval for sending probe messages.

  • Page 479: Ip Dvmrp Tunnel

    received in the specified interval, then the route is considered to be invalid. This interval configured must be no greater than the timeout interval for the route. Example: Set the interval for sending DVMRP route report messages to 100s. Switch (Config)#ip dvmrp report-interval 100 16.5.2.2.8 ip dvmrp route-timeout Command: ip dvmrp route-timeout <time_val>...

  • Page 480: Typical Dvmrp Scenario

    as common physical interfaces. Example: Configure a DVMRP tunnel on Ethernet interface vlan1 to the remote neighbor 1.1.1.1. Switch(Config-If-Vlan1)#ip dvmrp tunnel 1.1.1.1 metric 10 16.5.3 Typical DVMRP Scenario As shown in the figure below, the Ethernet interfaces of SwitchA and SwitchB are added to the appropriate vlan, and DVMRP protocol is enabled on each vlan interface.

  • Page 481: Show Ip Dvmrp Mroute

    16.5.4.1 Monitor and Debug Commands 16.5.4.1.1 show ip dvmrp mroute Command: show ip dvmrp mroute Function: Display the DVMRP packet forwarding entries.. Parameter: N/A. Default: Not displayed. Command mode: Admin Mode Usage Guide: This command is used to display DVMRP multicast forwarding entries, or the forwarding entries in the system FIB table for forwarding multicast packets.

  • Page 482: Show Ip Dvmrp Route

    Parameter: <ifname> is the interface name, i.e. display neighbor information of the specified interface. Default: Not displayed. Command mode: Admin Mode Example: Display neighbor information of Ethernet interface vlan1. Switch #show ip dvmrp neighbor vlan1 Switch # Neighbor-Address Interface 192.168.1.22 Vlan1 Switch # Displayed information...

  • Page 483: Show Ip Dvmrp Tunnel

    Nexthop Interface Gateway Metric state 16.5.4.1.4 show ip dvmrp tunnel Command: show ip dvmrp tunnel [<ifname>] Function: Display information for a DVMRP tunnel. Parameter: <ifname> is the interface name, i.e. display the tunnel information of the specified interface. Default: Not displayed. Command mode: Admin Mode Example: Display tunneling configuration information of Ethernet interface vlan1.

  • Page 484: Debug Ip Dvmrp Pruning

    Command mode: Admin Mode Usage Guide: If detailed information about DVMRP packets (except prune and graft) is required, this debug command can be used. Example: Switch#debug ip dvmrp detail DVMRP detail debug is on Switch#01: 18: 09: 35: DVMRP: Received probe on vlan1 from 192.168.1.22 01: 18: 09: 35: DVMRP: probe Vers: majorv 3, minorv 255 01: 18: 09: 35: DVMRP: probe flags: PG 01: 18: 09: 35: DVMRP: probe genid: 0x48...

  • Page 485: Igmp

    02: 22: 20: 40: DVMRP: Send graft-ACK on vlan1 to 105.1.1.2, len 16 02: 22: 20: 40: DVMRP: Graft-Ack Vers: majorv 3, minorv 255 02: 22: 20: 40: DVMRP: Graft-ACK source 192.168.1.105, group 224.1.1.1 16.5.4.2 DVMRP Troubleshooting Help In configuring and using DVMRP protocol, the DVMRP protocol may fail to run properly due to reasons such as physical connection failure or wrong configurations.

  • Page 486: Igmp Configuration

    by the multicast switches, i.e., respond with membership report packets. The switches send membership query packets in regular interval, and decide whether hosts of their subnet join some group or not; on receiving quit group reports from the hosts, they send query of associated group (IGMP v2) to determine whether there are members in a certain group.
  • Page 487 a. Configure transmission interval of query packets in IGMP b. Configure maximum response time for IGMP queries c. Configure timeout setting for IGMP queries (3) Configure IGMP version 2、 Disable IGMP Enable IGMP There is no special command for enabling IGMP in layer3 switches, the IGMP automatically enables when any multicast protocol is enabled on the respective interface.

  • Page 488: Igmp Configuration Commands

    Interface Mode ip igmp query-interval <time_val> no ip igmp query-interval ip igmp query-max-response-time <time_val> query-max-response-time igmrp query-timeout <time_val> no ip igmp query-timeout (3) Configure IGMP version Command Interface Mode ip igmp version <version> no ip igmp version Disable IGMP Command Interface Mode dvmrp dense-mode...
  • Page 489 16.6.2.2.1 ip igmp access-group Command: ip igmp access-group {<acl_num | acl_name>} no ip igmp access-group Function: Set the filter criteria for IGMP group on the interface; the “no ip igmp access-group” command cancels the filter criteria. Parameter: {<acl_num | acl_name>} is the sequence number of name of the access list, where the range of acl_num is 1 to 99.
  • Page 490 Command: ip igmp query-interval <time_val> no ip igmp query-interval Function: Set the interval for sending IGMP query messages; the “no ip IGMP query interval” command restores the default setting. Parameter: <time_val> is the interval for sending IGMP query packets, ranging from 1 to 65535s.

  • Page 491: Ip Igmp Version

    300s. Default: The default value is 265 seconds. Command mode: Interface Mode Usage Guide: In a shared network with several routers running IGMP, one switch will be selected as the querier for that shared network, the other switches act as timers monitoring the status of the querier;...

  • Page 492: Typical Igmp Scenario

    Usage Guide: This command is used to provide forward compatibility between different versions. It should be noted that v1 and v2 are not interconnectable, and the same version of IGMP must be ensured for the same network. Example: Configure the IGMP running on the interface to version 1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip igmp version 1 16.6.3...

  • Page 493: Show Ip Igmp Groups

    2.IGMP Troubleshooting Help 16.6.4.1 Monitor and Debug Commands 16.6.4.1.1 show ip igmp groups Command: show ip igmp groups [{<ifname | group_addr>}] Function: Display IGMP group information. Parameter: <ifname> is the interface name, i.e. display group information of the specified interface; <group_addr> is the group address, i.e., view group information. Default: Not displayed.

  • Page 494: Debug Ip Igmp Event

    Vlan1 is up, line protocol is up Internet address is 192.168.1.11, subnet mask is 255.255.255.0 IGMP is enabled, I am querier IGMP current version is V2 IGMP query interval is 125s IGMP querier timeout is 265s IGMP max query response time is 10s Inboud IGMP access group is not set Multicast routing is enable on interface Multicast TTL threshold is 1...

  • Page 495: Web Management

    used. Example: Switch# debug ip igmp packet igmp packet debug is on Switch #02: 17: 38: 58: IGMP: Send membership query on dvmrp2 for 0.0.0.0 02: 17: 38: 58: IGMP: Received membership query on dvmrp2 from 192.168.1.11 for 0.0.0.0 02: 17: 39: 26: IGMP: Send membership query on vlan1 for 0.0.0.0 02: 17: 39: 26: IGMP: Received membership query on dvmrp2 from 192.168.1.11 for 0.0.0.0 16.6.4.2 IGMP Troubleshooting Help...

  • Page 496: Pim-Dm Configuration

    configure the parameters. For the detailed explanation of the displayed information, see chapter 16.2.1.1.1 16.7.2 PIM-DM configuration In PIM-DM configuration mode, users can enable PIM-DM or disable PIM-DM protocol on the port. See the equivalent CLI command at 16.3.2.3: Enable PIM-DM – “yes” is used to enable PIM-DM protocol; “no” is used to disable PIM-DM protocol.
  • Page 497 Vlan Port - Specify the layer 3 port Apply – Apply the configuration Default – Disable PIM-SM on the layer 3 interface Click PIM-SM parameter configuration. Users can configure PIM-SM parameters on the layer 3 port. See the equivalent CLI command at 16.4.2.2.3: Hello-Interval –...

  • Page 498: Dvmrp Configuration

    Click Set router as RP candidate. Users can configure candidate RP for PIM-SM. See the equivalent CLI command at 16.4.2.2.5: Set router as RP candidate – “yes” is used to set the switch as RP candidate; “yes” is used to cancel the switch as RP candidate Port –...
  • Page 499 Click DVMRP parameter configuration. Users can configure DVMRP interface parameters: See the equivalent CLI command at 16.5.2.2.4 and 16.5.2.2.5: Vlan Port - Specify the layer 3 port DVMRP report metric configuration – Configure DVMRP report metric for the port. See the equivalent CLI command at 16.5.2.2.4 DVMRP neighbor timeout configuration –...

  • Page 500: Igmp Configuration

    Click DVMRP tunnel configuration. Users can create and delete DVMRP tunnel. See the equivalent CLI command at 16.5.2.2.9: Neighbor ip address – Specify neighbor ip address Metric – Specify metric to neighbor Vlan Port –Specify the layer 3 port Apply – Create DVMRP tunnel to neighbor Delete tunnel - Delete DVMRP tunnel to neighbor 16.7.5 IGMP configuration...

  • Page 501: Multicast Inspect And Debug

    Vlan Port –Specify the layer 3 port Apply – Apply the configuration Default – Restore the default settings (including ACL for IGMP group, IGMP query interval, Max-response IGMP request time and IGMP query timeout. If users have configured static group and join group, the static group and the join group on the port are deleted.) Note: This page is related to six CLI commands.
  • Page 502 Click Show ip dvmrp route. See the equivalent CLI command at 16.5.4.1.3 Click Show ip dvmrp tunnel. See the equivalent CLI command at 16.5.4.1.4...

  • Page 503: Chapter 17 Vrrp Configuration

    Chapter 17 VRRP Configuration 17.1 Introduction to VRRP VRRP (Virtual Router Redundancy Protocol) is a redundancy protocol. It uses a backup mechanism to increase reliability of the router (or the layer 3 switch) to connect the outside network. It is designed for the local area network which supports multicast or broadcast, such as Ethernet.

  • Page 504: Vrrp Configuration

    17.2 VRRP Configuration 17.2.1 VRRP Configuration Task Sequence 1. Create/Delete virtual router (required) 2. Configure VRRP virtual IP address and VRRP interface (required) 3. Enable/disable virtual router (required) 4. Configure VRRP authentication (optional) 5. Configure VRRP accessorial parameters (optional) (1)Configure VRRP preempt mode (2)Configure VRRP priority (3)Configure VRRP timer (4)Configure VRRP monitored interface...

  • Page 505: Vrrp Configuration Commands

    ip vrrp authentication mode text no ip vrrp authentication mode ip vrrp authentication string <string> no ip vrrp authentication string 5. Configure VRRP accessorial parameters (1)Configure VRRP preempt mode Command VRRP Mode preempt-mode {true| false} (2)Configure VRRP priority Command VRRP Mode priority <...
  • Page 506 Usage Guide: This command is used to create or delete the virtual router. The virtual router is identified by the sequence numbers. Users have to create the virtual router before they configure the virtual router parameters. Example: Configure the virtual router with sequence number 10. Switch(config)# router vrrp 10 17.2.2.2 virtual-ip Command: virtual-ip <A.B.C.D>...

  • Page 507: Vrrp Authentication Mode

    17.2.2.4 enable Command: enable Function: Enable the VRRP Command mode: VRRP Mode Usage Guide: Enable the virtual router. Users have to configure the VRRP virtual IP address and the VRRP interface before they enable the VRRP. After this configuration, the interface is added to the standby group. Example: Enable the virtual router with the sequence number 10.

  • Page 508: Vrrp Authentication String

    mode. Example: Set the VRRP authentication mode to plain text mode. Switch(config)#interface vlan 1 Switch(Config-If-Vlan1)# ip vrrp authentication mode text 17.2.2.7 vrrp authentication string Command: ip vrrp authentication string <string> no ip vrrp authentication string Function: Set the authentication string of the VRRP packets sent on the interface; the “no ip vrrp authentication string”...
  • Page 509 no priority Function: Configure VRRP priority; the “no priority” command restores to its default value 100. IP Owner’s VRRP priority is always 255. Parameter: <value> is the VRRP priority, valid range is 1 to 255. Command mode: VRRP Mode Default: The VRRP priority for the backup routers (or the layer 3 switches) is 100 by default, whereas the VRRP priority for the master router (or the layer 3 switch) is 255 by default.

  • Page 510: Typical Vrrp Application

    Example: Set VRRP timer to 3 seconds Switch(Config-Router-Vrrp)# advertisement-interval 3 17.2.2.11 circuit-failover Command: circuit-failover <ifname> <value_reduced> no circuit-failover Function: Configure the VRRP monitored interface. Parameter: < ifname > is the name of the monitored interface <value_reduced> is reduced value of the VRRP priority, valid range is 1 to 253.

  • Page 511: Vrrp Troubleshooting Help

    Fig 17-1 Typical VRRP Application Topology SWITCHA and SWITCHB are layer 3 LAN switches in the same standby group. Set SWITCHA to master switch. The configuration steps are listed below: SWITCHA: SwitchA(config)#interface vlan 1 SwitchA (Config-If-Vlan1)# ip address 10.1.1.5 255.255.255.0 SwitchA (Config-If-Vlan1)#exit SwitchA (config)#router vrrp 1 SwitchA(Config-Router-Vrrp)# virtual-ip 10.1.1.5 master...

  • Page 512: Debug Vrrp

    Priority is 100 Advertisement interval is 1 sec Preempt mode is TRUE VrId <10> State is Initialize Virtual IP is 10.1.10.1 (IP owner) Interface is Vlan1 Configured priority is 255, Current priority is 255 Advertisement interval is 1 sec Preempt mode is TRUE Circuit failover interface Vlan1, Priority Delta 10, Status UP Item State...
  • Page 513 17.2.4.2 VRRP Troubleshooting Help VRRP may not work properly due to bad physical connection or wrong configuration. Users can troubleshoot the problems by following the guide below: Make sure the physical connection is good Use “show interfaces status” command to make sure the interface and link protocol are up Make sure VRRP is enabled on the interface Examine the routers (or layer 3 switches) in the same standby group are configured...

  • Page 514: Chapter 18 Cluster Network Management

    Chapter 18 Cluster Network Management 18.1 Introduction to cluster network management Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch).

  • Page 515: Basic Cluster Network Management Configuration

    18.2 Basic Cluster Network Management Configuration 18.2.1 Cluster Network Management Configuration Sequence Enable or disable cluster function Create cluster Create or delete cluster Configure private IP address pool for member switches of the cluster Add or remove a member switch Configure attributes of the cluster in the commander switch Enable or disable joining the cluster automatically Set holdtime of heartbeat of the cluster...
  • Page 516 Command Global Mode cluster commander <cluster-name> [vlan<vlan-id>] no cluster commander cluster ip-pool<commander-ip> no cluster ip-pool cluster member {candidate-sn <cand-sn> | mac-address [<mem-id>] }[password <pass>] no cluster member < mem-id > 3.Configure attributes of the cluster in the commander switch Command Global Mode cluster auto-add enable no cluster auto-add enable...

  • Page 517: Cluster Configuration Commands

    Command Admin Mode rcommand member <mem-id> rcommand commander cluster reset member<mem-id> cluster update member <mem-id> <src-url> <dst-url> [ascii | binary] 18.2.2 Cluster Configuration Commands 18.2.2.1 cluster run Command: cluster run no cluster run Function: Enable cluster function; the “no cluster run” command disables cluster function.

  • Page 518: Cluster Commander

    timer” command restores the default setting. Parameter: <timer-value> is interval of sending cluster registration packet in seconds, valid range is 30 to 65535. Command mode: Global Mode Default: Cluster register timer is 60 seconds by default. Example: Set the interval of sending cluster registration packet to 80 seconds. Switch(Config)#cluster register timer 80 18.2.2.3 cluster ip-pool Command: cluster ip-pool <commander-ip>...

  • Page 519: Cluster Member

    device which the cluster belongs to. If it is omitted, the cluster belongs to VLAN1. Command mode: Global Mode Default: There is no cluster by default. Usage Guide: This command sets the switch as a commander switch and creates a cluster.

  • Page 520: Rcommand Member

    18.2.2.6 cluster auto-add Command: cluster auto-add enable no cluster auto-add enable Function: When this command is executed in the commander switch, the newly discovered candidate switches will be added to the cluster as a member switch automatically; the “no cluster auto-add enable” command disables this function. Command mode: Global Mode Default: This function is disabled by default.

  • Page 521: Cluster Reset Member

    have to telnet the commander switch by passing the authentication. The command “exit” is used to quit the configuration interface of the commander switch. If this command is executed in the commander switch, an error will be displayed. Example: In the member switch, enter the configuration interface of the commander switch.

  • Page 522: Cluster Holdtime

    Keyword Source address or destination address Startup configuration file startup-config System file nos.img System startup file boot.rom Command mode: Admin Mode Usage Guide: The commander switch sends the remote upgrade command to the member switch. The member switch is upgraded and reset. If this command is executed in a non-commander switch, an error will be displayed.
  • Page 523 no cluster heartbeat Function: In the commander switch, set interval of sending heartbeat packets among the switches of the cluster; the “no cluster heartbeat” command restores the default setting. Parameter: <interval> is the interval of heartbeat of the cluster, valid range is 1 to 65535. Command mode: The interval of heartbeat is 8 seconds by default.

This manual is also suitable for:

Es4650

Table of Contents