Preface ES4626/ES4650 is a routing switch that can be deployed as the core layer device for campus and enterprise networks, or as an aggregation device for IP metropolitan area networks (MAN). The ES4626 provides 24 fixed 1000MB port (4 of which are fixed 1000MB Combo fiber cable port/copper cable ports) and 2 10GB XFP ports.
Chapter 1 1.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. ES4626/ES4650 provides two management options: in-band management and out-of-band management. 1.1.1 Out-of-band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
Page 13
Serial port cable One end attach to the RS-232 serial port, the other end to the Console port. ES4626/ES4650 Functional Console port required. Step 2 Entering the HyperTerminal Open the HyperTerminal included in Windows after the connection established. The example below is based on the HyperTerminal included in Windows XP.
Page 14
Fig 1-4 Opening HyperTerminal (3) 4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity checksum”, “1” for stop bit and “none” for traffic control; or, you can also click “Revert to default” and click “OK”. Fig 1-5 Opening HyperTerminal (4) Step 3 Entering switch CLI interface:...
3) If not 2), Telnet client can connect to an IP address of the switch via other devices, such as a router. ES4626/ES4650 is a Layer 3 switch that can be configured with several IP addresses. The following example assumes the shipment status of the switch where only VLAN1 exists in the system.
Page 17
configuration prompts are assumed to be “switch” hereafter if not otherwise specified): Switch> Switch>en Switch#config Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.0 Switch(Config-If-Vlan1)#no shutdown Step 2: Run Telnet Client program. Run Telnet client program included in Windows with the specified Telnet target. Fig 1-7 Run telnet client program included in Windows Step 3: Login to the switch Login to the Telnet configuration interface.
Telnet CLI interface after login is the same as in that in the Console interface. Fig 1-8 Telnet Configuration Interface 1.1.2.2 Management via HTTP To manage the switch via HTTP, the following conditions should be met: 1) Switch has an IP address configured 2) The host IP address (HTTP client) and the switch’s VLAN interface IP address are in the same network segment;...
Page 19
Step 2: Run HTTP protocol on the host. Open the Web browser on the host and type the IP address of the switch. Or run directly the HTTP protocol on the Windows. For example, the IP address of the switch is “10.1.128.251”.
Page 20
Fig 1-10 Web Login Interface Input the right username and password, and then the main Web configuration interface is shown as below.
Fig 1-11 Main Web Configuration Interface 1.2 Management Interface 1.2.1 CLI Interface CLI interface is familiar to most users. As aforementioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands.
Fuzzy match support 1.2.1.1 Configuration Modes Fig 1-12 Shell Configuration Modes 1.2.1.1.1 User Mode On entering the CLI interface, entering user entry system first. If as common user, it is defaulted to User Mode. The prompt shown is “Switch>”, the symbol “>” is the prompt for User Mode.
Interface Mode for configuration of all the interfaces. 1.2.1.1.3.1 Interface Mode Use the interface command under Global Mode can enter the interface mode specified. ES4626/ES4650 provides three interface type: VLAN interface, Ethernet port and port-channel, and accordingly the three interface configuration modes. Interface Type Entry...
Page 24
port-channel <port-channel-nu mber> command under Global Mode. 1.2.1.1.3.2 VLAN Mode Using the vlan <vlan-id> command under Global Mode can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode. 1.2.1.1.3.3 DHCP Address Pool Mode Type the ip dhcp pool <name>...
1.2.1.2 Configuration Syntax ES4626/ES4650 provides various configuration commands. Although all the commands are different, they all abide by the syntax for ES4626/ES4650 configuration commands. The general command format of ES4626/ES4650 is shown below: cmdtxt <variable> { enum1 | … | enumN } [option] Conventions: cmdtxt in bold font indicates a command keyword;...
1.2.1.4 Help function There are two ways in ES4626/ES4650 for the user to access help information: the “help” command and the “?”. Access to Help Usage and function Help Under any command line prompt, type in “help”...
“?” 1. Under any command line prompt, enter “?” to get a command list of the current mode and related brief description. 2. Enter a “?” after the command keyword with a embedded space. If the position should be a parameter, a description of that parameter type, scope, etc, will be returned;...
Therefore, Shell will only recognize the command if “sh ru” is entered. 1.2.2 WEB Interface ES4626/ES4650 has HTTP Web management function. Users can configure and examine the switch through a Web browser. By conducting the following configurations, users can realize the Web management.
Page 29
1.2.2.2 Interface Panel On the top of the management page, the switch interface shows the current status of the ports. Click the ports which are in the state of “Link Up”, the port statistics are shown on the right.
Chapter 2 Basic Switch Configuration 2.1 Basic Switch Configuration Commands The basic configuration for the switch including all the commands for entering and exiting the Admin Mode and Interface Mode, setting and displaying switch clock and displaying system version information. 2.1.1 calendar set Command: calendar set <HH>...
2.1.3 enable Command: enable Function: Enter Admin Mode from User Mode. Parameter: 0 and 15 are user access levels. 0 is normal user level. In this level, users can enter Admin Mode and conduct major commands such as show, ping and traceroute etc. But users can‘t enter Global Mode.
Function: Modify the password to enter Admin Mode from the User Mode, press Enter after type in this command displays <Current password> and <New password> parameter for the users to configure. Parameter: 0 is normal user access level, users can enter Admin Mode and conduct major commands such as show, ping and trace route etc.
Example: Set timeout value for the switch to exit Admin Mode to 6 minutes. Switch(Config)#exec timeout 6 2.1.7 exit Command: exit Function: Exit the current mode to the previous mode. Under Global Mode, this command will return the user to Admin Mode, and in Admin Mode to User Mode, etc. Command mode: All configuration modes.
Parameter <hostname> is the string for the prompt, up to 30 characters are allowed. Command mode: Global Mode Default: The default prompt is ES4626/ES4650. Usage Guide: With this command, the user can set the command line prompt of the switch according to their own requirements.
Switch(Config)#username admin password 0 admin Switch(Config)# Related Command: username nopassword、username access-level、show users 2.1.12 username nopassword Command: username <user_name> nopassword Function: Set the username for logging on the switch and set the password as null. Parameter: <user_name> is the username. It can’t exceed 16 characters. Command mode: Global Mode Usage Guide: This command is used to set the username for logging on the switch and set the password as null.
2.1.16 setup Command: setup Function: Enter the Setup Mode of the switch. Command mode: Admin Mode Usage Guide: ES4626/ES4650 provides a Setup Mode, in which the user can configure IP addresses, etc. 2.1.17 language Command: language {chinese|english} Function: Set the language for displaying the help information.
ES4626/ES4650 provides various debug commands including ping, telnet, show and debug, etc. to help the users to check system configuration, operating status and locate problem causes.
Telnet employs the Client-Server mode, the local system is the Telnet client and the remote host is the Telnet server. ES4626/ES4650 can be either the Telnet Server or the Telnet client.
must be dropped. 2.2.2.2 Telnet Task Sequence 1. Configuring Telnet Server 2. Telnet to a remote host from the switch. 1. Configuring Telnet Server Command Global Mode ip telnet server no ip telnet server telnet-server securityip <ip-addr> no telnet-server securityip <ip-addr> Admin Mode monitor no monitor...
Usage Guide: This command is used when the switch is used as a client, the user logs in to remote hosts for configuration with this command. ES4626/ES4650 can only establish TCP connection to one remote host as the Telnet client. If a connection to another remote host is desired, the current TCP connection must be dropped.
no ip telnet server Function: Enable the Telnet server function in the switch: the “no telnet-server enable” command disables the Telnet function in the switch. Default: Telnet server function is enabled by default. Command mode: Global Mode Usage Guide: This command is available in Console only. The administrator can use this command to enable or disable the Telnet client to login to the switch.
requirements of SSH2.0. It supports SSH2.0 client software such as SSH Secure Client and putty. Users can run the above software to manage the switch remotely. The switch presently supports RSA authentication, 3DES cryptography protocol and SSH user password authentication etc. 2.2.3.2 SSH Server Configuration Sequence SSH Server Configuration Command...
Page 43
2.2.3.3.1 ssh-server enable Command: ssh-server enable no ssh-server enable Function: Enable SSH function on the switch; the “no ssh-server enable” command disables SSH function. Command mode: Global Mode Default: SSH function is disabled by default. Usage Guide: In order that the SSH client can log on the switch, the users need to configure the SSH user and enable SSH function on the switch.
Page 44
Command mode: Global Mode Default: SSH authentication timeout is 180 seconds by default. Example: Set SSH authentication timeout to 240 seconds. Switch(Config)#ssh-server timeout 240 2.2.3.3.4 ssh-server authentication-retries Command: ssh-server authentication-retries < authentication-retries > no ssh-server authentication-retries Function: Configure the number of times for retrying SSH authentication; the “no ssh-server authentication-retries”...
Page 45
2.2.3.3.6 monitor Command: monitor no monitor Function: Display SSH debug information on the SSH client side and stop displaying SSH debug information on the Console; the “no monitor” command stops displaying SSH debug information on the SSH client side and enables to display SSH debug information on the Console.
2.2.3.5.1 show ssh-user Command: show ssh-user Function: Display the configured SSH usernames. Parameter: Admin Mode Example: Switch#show ssh-user test Related command: ssh-user 2.2.3.5.2 show ssh-server Command: show ssh-server Function: Display SSH state and users which log on currently. Command mode: Admin Mode Example: Switch#show ssh-server ssh-server is enabled...
Parameter: <ip-addr> is the target host IP address in dot decimal format. <hostname> is the hostname for the remote host. <hops> is the maximum gateway number allowed by Traceroute command. <timeout> Is the timeout value for test packets in milliseconds, between 100 –...
Example: Check for currently enabled debug switch. Switch#show debugging STP: Stp input packet debugging is on Stp output packet debugging is on Stp basic debugging is on Switch# Related command: debug 2.2.5.3 dir Command: dir Function: Display the files and their sizes in the Flash memory. Command mode: Admin Mode Example: Check for files and their sizes in the Flash memory.
2.2.5.5 show memory Command: show memory Function: Display the contents in the memory. Command mode: Admin Mode Usage Guide: This command is used for switch debug purposes. The command will interactively prompt the user to enter start address of the desired information in the memory and output word number.
2.2.5.7 show startup-config Command: show startup-config Function: Display the switch parameter configurations written into the Flash memory at the current operation, those are usually also the configuration files used for the next power-up. Default: If the configuration parameters read from the Flash are the same as the default operating parameter, nothing will be displayed.
Port VID : 1 Trunk allowed Vlan : ALL 2.2.5.9 show tcp Command: show tcp Function: Display the current TCP connection status established to the switch. Command mode: Admin Mode Example: Switch#show tcp LocalAddress LocalPort ForeignAddress 0.0.0.0 0.0.0.0 0.0.0.0 Displayed information LocalAddress LocalPort ForeignAddress...
Usage Guide: Use this command to view the version information for the switch, including hardware version and software version. 。 Example: Switch#show vers ES4626 Device, Apr 14 2005 11: 19: 29 HardWare version is 2.0, SoftWare version packet is ES4626_1.1.0.0, BootRom version is ES4626_1.0.4 Copyright (C) 2001-2006 by Accton Technology Corporation..
In BootP/DHCP mode, the switch operates as a BootP/DHCP client, send broadcast packets of BootPRequest to the BootP/DHCP servers, and the BootP/DHCP servers assign the address on receiving the request. In addition, ES4626/ES4650 can act as a DHCP server, and dynamically assign network parameters such as IP addresses, gateway addresses and DNS server addresses to DHCP clients DHCP Server configuration is detailed in later chapters.
no ip address <ip_address> <mask> [secondary] 2. BootP configuration Command ip address bootp no ip address bootp 3.DHCP Command ip address dhcp no ip address dhcp 2.3.2 Commands for Configuring Switch IP Addresses 2.3.2.1 ip address Command: ip address <ip-address> <mask> [secondary] no ip address [<ip-address>...
Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.1 255.255.255.0 Switch(Config-If-Vlan1)#exit Switch(Config)# Related command: ip address bootp、ip address dhcp 2.3.2.2 ip address bootp Command: ip address bootpno ip address bootp Function: Enable the switch to be a BootP client and obtain IP address and gateway address through BootP negotiation;...
Switch (Config-If-Vlan1)# ip address dhcp Switch (Config-If-Vlan1)#exit Switch (Config)# Related command: ip address, ip address bootp 2.4 SNMP 2.4.1 Introduction to SNMP SNMP (Simple Network Management Protocol) is a standard network management protocol widely used in computer network management. SNMP is an evolving protocol. SNMP v1 [RFC1157] is the first version of SNMP which is adapted by vast numbers of manufacturers for its simplicity and easy implementation;...
device ports are on Up/Down status or the network topology changes, Agents can send Trap messages to NMS to inform the abnormal events. Besides, NMS can also be set to alert to some abnormal events by enabling RMON function. When alert events are triggered, Agents will send Trap messages or log the event according to the settings.
In this figure, the OID of the object A is 1.2.1.1. NMS can locate this object through this unique OID and gets the standard variables of the object. MIB defines a set of standard variables for monitored network devices by following this structure. If the variable information of Agent MIB needs to be browsed, the MIB browse software needs to be run on the NMS.
Statistics: Maintain basic usage and error statistics for each subnet monitored by the Agent. History: Record periodical statistic samples available from Statistics. Alarm: Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON Agent records. Event: A list of all events generated by RMON Agent.
Page 60
3. Configure IP address of SNMP management base Command snmp-server securityip <ip-address> no snmp-server securityip <ip-address> snmp-server SecurityIP enable snmp-server SecurityIP disable 4. Configure engine ID Command snmp-server engineid < engine-string > no snmp-server engineid < engine-string > 5. Configure user Command snmp-server user...
Page 62
2.4.4.2.2 snmp-server community Command: snmp-server community <string> {ro|rw} nmp-server community <string> Function: Configure the community string for the switch; the “no snmp-server community <string>” command deletes the configured community string. Parameter: <string> is the community string set; ro|rw is the specified access mode to MIB, ro for read-only and rw for read-write.
Page 63
no snmp-server engineid Function: Configure the engine ID; the “no snmp-server engineid < engine-string >” command restores the default engine ID. Parameter: <engine-string> is the engine ID which is 1-32 hexadecimal characters. Command mode: Global Mode Default: The engine ID is manufacturer number + local MAC address by default. Example 1: Set the engine ID to A66688999F.
Page 64
snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv} Function: Configure a new SNMP server group; the “no snmp-server group <group-string> {NoauthNopriv|AuthNopriv|AuthPriv}” command deletes the group. Parameter: <group-string > is the group name; NoauthNopriv means no encryption and no authentication; AuthNopriv means authentication and no encryption; AuthPriv means authentication and encryption;...
Page 65
Command: snmp-server host <host-address> {v1|v2c|{v3 {NoauthNopriv|AuthNopriv|AuthPriv}}} <user-string> no snmp-server host <host-address> {v1|v2c|{v3 {NoauthNopriv|AuthNopriv |AuthPriv}}} <user-string> Function: This command functions differently for different versions of SNMP. For SNMP v1/v2, this command is used to configure Trap community string and the IP address of the NMS which receives SNMP Trap messages.
Example 1: Set the secure IP address to 1.1.1.5 Switch(config)#snmp-server securityip 1.1.1.5 Example 2: Delete the secure IP address Switch(config)#no snmp-server securityip 1.1.1.5 2.4.4.2.10 snmp-server SecurityIP enable Command: snmp-server SecurityIP enable snmp-server SecurityIP disable Function: Enable or disable secure IP address check function on the NMS. Command mode: Global Mode Default: Secure IP address check function is enabled by default.
Switch(Config)#snmp-server community private rw Switch(Config)#snmp-server community public ro Switch(Config)#snmp-server securityip 1.1.1.5 The NMS can use “private” as the community string to access the switch with read-write permission, or use “public” as the community string to access the switch with read-only permission.
Page 68
Command mode: Admin Mode Example: Switch#show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs...
snmp packets output too big errors maximum packet size no such name errors bad values errors general errors response PDUs trap PDUs 2.4.6.1.2 show snmp status Command: show snmp status Function: Display SNMP configuration information. Command mode: Admin Mode Example: Switch#show snmp status Trap enable RMON enable...
Example: Switch#show snmp group Group Name: initial Read View: one Write View: <no writeview specified> Notify View: one Displayed information Group Name Security level Read View Write View Notify View <no writeview specified> 2.4.6.1.6 show snmp view Command: show snmp view Function: Display view information.
SNMP debug function and verify debug information. If users still can’t solve the SNMP problems, Please contact our technical and service center. 2.5 Switch Upgrade ES4626/ES4650 provides two ways for switch upgrade: BootROM upgrade and the TFTP/FTP upgrade under Shell. 2.5.1 BootROM Upgrade...
Page 73
Step 2: Press “ctrl+b” on switch boot up until the switch enters BootROM monitor mode. The operation result is shown below: ES4626 Management Switch Copyright (c) 2001-2004 by Accton Technology Corporation. All rights reserved. Reset chassis ... done. Testing RAM...
Page 74
BootRom version: 1.0.4 Creation date: Jun 9 2006, 14: 54: 12 Attached TCP/IP interface to lnPci0. [Boot]: Step 3: Under BootROM mode, run “setconfig” to set the IP address and mask of the switch under BootROM mode, server IP address and mask, and select TFTP or FTP upgrade. Suppose the switch address is 192.168.1.2/24, and PC address is 192.168.1.66/24, and select TFTP upgrade, the configuration should like: [Boot]: setconfig...
Step 6: After successful upgrade, execute “run” command in BootROM mode to return to CLI configuration interface. [Boot]: run(or reboot) Other commands in BootROM mode DIR command Used to list existing files in the FLASH. [Boot]: dir boot.rom boot.conf nos.img startup-config temp.img CONFIG RUN command...
Page 76
FTP in Global Mode to be nos.img, other IMG system files will be rejected. Boot file: refers to the file initializes the switch, also referred to as the ROM upgrade file (Large size file can be compressed as IMG file). In ES4626/ES4650, the boot file is...
Page 77
Active configuration file: refers to the active configuration sequence use in the switch. In ES4626/ES4650, the active configuration file stores in the RAM. In the current version, the active configuration sequence running-config can be saved from the RAM to FLASH by...
Page 78
acknowledgement (4) Shut down TFTP server 1. FTP/TFTP client configuration (1)FTP/TFTP client upload/download file Command Admin Mode copy <source-url> <destination-url> [ascii | binary] (2)For FTP client, server file list can be checked. Global Mode dir <ftpServerUrl> 2. FTP server configuration (1)Start FTP server Command Global Mode...
Page 79
Command Global Mode tftp-server retransmission-number number > (3)Modify TFTP server connection retransmission time Command Global Mode tftp-server retransmission-number number > 2.5.2.2.2 FTP/TFTP Configuration Commands 2.5.2.2.3 copy(FTP) Command: copy <source-url> <destination-url> [ascii | binary] Function: FTP client upload/download file Parameter: <source-url> is the source file or directory location to be copied; <destination-url>...
Page 80
enters a command like copy <filename> ftp: // or copy ftp: // <filename> and press Enter, the following prompt will appear: ftp server ip address [x.x.x.x] : ftp username> ftp password> ftp filename> This prompts for the FTP server address, username, password and file name. Example: (1)Save the mirror in FLASH to FTP server 10.1.1.1, the login username for the FTP server is “Switch”, and the password is “Accton”.
Page 81
no ftp-server enable Function: Start FTP server, the “no ftp-server enable” command shuts down FTP server and prevents FTP user from logging in. Default: FTP server is not started by default. Command mode: Global Mode Usage Guide: When FTP server function is enabled, the switch can still perform ftp client functions.
Page 82
keyword Source/Target IP address running-config Active configuration file startup-config Start up configuration file nos.img System file boot.rom System boot file Command mode: Admin Mode Usage Guide: The command provides command line prompt messages. If the user enters a command like copy <filename> tftp: // or copy tftp: // <filename> and press Enter, the following prompt will appear: tftp server ip address>...
Page 83
Related command: tftp-server timeout 2.5.2.2.9 tftp-server retransmission-number Command: tftp-server retransmission-number <number> Function: Set the retransmission time for TFTP server Parameter: < number> is the time to re-transfer, the valid range is 1 to 20. Default: The default value is 5 retransmission. Command mode: Global Mode Example: Modify the retransmission to 10 times.
Page 84
ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; the switch acts as a FTP/TFTP client, the IP address of the switch management VLAN is 10.1.1.2. Download “nos.img” file in the computer to the switch. FTP Configuration Computer side configuration: Start the FTP server software on the computer and set the username “Switch”, and the...
Page 85
Switch (Config-If-Vlan1)#no shut Switch (Config-If-Vlan1)#exit Switch (Config)#ftp-server enable Switch(Config)# username Switch password 0 Admin Computer side configuration: Login to the switch with any FTP client software, with the username “Admin” and password “switch”, use the command “get nos.img 12_25_nos.img” to download “nos.img” file from the switch to the computer.
Page 86
Switch#copy tftp: //10.1.1.1/ Profile2 Profile2 Switch#copy tftp: //10.1.1.1/ Profile3 Profile3 Scenario 5: ES4626/ES4650 acts as FTP client to view file list on the FTP server. Synchronization conditions: The switch connects to a computer by a Ethernet port, the computer is a FTP server with an IP address of 10.1.1.1; the switch acts as a FTP client, and the IP address of the switch management VLAN1 interface is 10.1.1.2.
Command mode: Admin Mode Example: Switch#show tftp timeout : 60 Retry Times : 10 Displayed information Timeout Retry Times 2.5.2.4.2 FTP Troubleshooting Help When upload/download system file with FTP protocol, the connectivity of the link must be ensured, i.e., use the “Ping” command to verify the connectivity between the FTP client and server before running the FTP program.
226 Transfer complete. If the switch is upgrading system file or system start up file through FTP, the switch must not be restarted until “close ftp client” or “226 Transfer complete.” is displayed, indicating upgrade is successful, otherwise the switch may be rendered unable to start.
2.6 WEB Management Click Switch Basic Configuration. Users can deploy the switch basic configuration such as enter or quit privileged mode, enter or quit interface mode, show switch clock and show switch system version etc. 2.6.1 Switch Basic Configuration Click Switch Basic Configuration, Switch Basic Configuration. Users can configure switch clock, CLI prompt message and timeout value for exiting Admin Mode etc.
2.6.2.3 Configure ip address of snmp manager Click Switch Basic Configuration, SNMP Configuration. Users can configure the secure IP address for NMS allowed to access the switch. See the equivalent CLI command at 2.4.4.2.6 Security ip address - NMS secure IP address State - Valid means to set;...
configuration. Users can configure switch RMON: Snmp Agent state - Enable/disable the switch as SNMP agent. See the equivalent CLI command at 2.4.4.2.3 RMON state - Enable/disable RMON on the switch. See the equivalent CLI command at 2.4.4.2.1 Trap state - Enable the switch to send Trap messages. See the equivalent CLI command at 2.4.4.2.4 For example: Set Snmp Agent state to Enabled, set RMON state to Enabled, set Trap state to Enabled, and then click Apply.
file in binary format For example: Get system file nos.img from TFTP server 10.1.1.1. Input the information as below, and then click Apply 2.6.3.2 TFTP server configuration Click TFTP server service. The configuration page is shown. See the equivalent CLI command at 2.2.2.2 The explanation of each field is as below: Server state - Server status, enable or disable.
Server file name - Server file name Operation type – Upload means to upload file, Download means to download file. Transmission type-ascii means to transmit file in ASCII format, binary means to transmit file in binary format 2.6.3.4 FTP server configuration Click FTP server service.
Debug command - Debug command Show clock - Show clock. See the equivalent CLI command at 2.2.4.1 Show flash - Show flash file information. See the equivalent CLI command at 2.2.4.3 Show history - Show recent user input history. See the equivalent CLI command at 2.2.4.4 Show running-config - Show the current effective switch configuration.
Click show switchport interface. The configuration page is shown. See the equivalent CLI command at 2.2.4.8 The explanation of each field is as below: Port - Port list Select port1/1, and then click Apply. The port Vlan information is shown. 2.6.4.3 Other Other parts are quite straight forward.
2.6.6 Switch on-off configuration Click Switch on-off information node. The configuration page is shown. The explanation of each field is as below: RIP Status - Enable or disable RIP. See the equivalent CLI command at 15.3.2.2.17 IGMP Snooping – Enable or disable IGMP Snooping. See the equivalent CLI command at 7.2.2.1 Switch GVRP Status –...
2.6.8 Telnet service configuration On the mainpage, click Talent server configuration on the left column Users can configure telnet service. Click Telnet server user configuration to configure telnet service. See the equivalent CLI command at 2.2.2.3.3: Telnet server State – Enable or disable telnet server. See the equivalent CLI command at 2.2.2.3.3 Click Telnet security IP to configure secure IP address which can configure telnet service.
2.6.10 Basic host configuration Basic host configuration - Set the mapping relationship between the host and IP address. See the equivalent CLI command at 2.1.8 Set Hostname to London, set IP address to 200.121.1.1,and then click Apply. The configuration is applied on the switch.
Chapter 3 Port Configuration 3.1 Introduction to Port The front panel of ES4626 provide 4 Combo ports (these Combo ports can be configured as either 1000MB copper ports or 1000MB SFP fiber ports, but only one type can be selected), 20 1000MB copper ports and 2 XFP 10GB fiber port.
Page 102
Command Interface Mode interface ethernet <interface-list> 2. Configure the properties for the Ethernet ports Command Interface Mode combo-forced-mode { copper-forced | copper-preferred-auto | sfp-forced | sfp-preferred-auto } no combo-forced-mode shutdown no shutdown description<string> no description mdi { auto | across | normal } no mdi speed-duplex {auto | force10-half | force10-full...
3.2.1.2 Ethernet Port Configuration Commands 3.2.1.2.1 Rate-limit Command: rate-limit {input|output} <level> no rate-limit {input|output} Function: Enable the bandwidth control function for the port: the “no bandwidth control” command disables the bandwidth control function for the port. Parameter: <level>is the bandwidth limit in Mbps, the valid value ranges from 1 to 10000 M;...
Page 104
Command mode: Interface Mode Default: The default setting for combo mode of combo ports is fiber cable port first. Usage Guide: The combo mode of combo ports and the port connection condition determines the active port of the combo ports. A combo port consists of one fiber port and a copper cable port.
The ports of ES4626/ES4650 support 802.3X fallback flow control ; the ports work in half duplex mode, supporting fallback flow control. If the...
Page 106
Function: Sets the cable types supported by the Ethernet port; the “no mdi” command sets cable type auto-identification. This command is not supported on the ES4626/ES4650 ports of 1000MB and above, these ports have auto-identification set for cable types. Parameter: auto indicates auto identification of cable types; across indicates crossover cable support only;...
Page 107
Command mode: Interface Mode Default: No name is set by default. Usage Guide: This command facilitates the management of the switch. The user can name the ports according to their usage, for example, 1/1-2 ports used by the financial department, and they can be named "financial”; 2/9 port is used by the engineering department, and can be named “engineering”;...
Page 108
to pass through the switch at line speed. Parameter: use dlf to limit unicast traffic for unknown destination; multicast to limit multicast traffic; broadcast to limit broadcast traffic. <packets> stands for the number of packets allowed to pass through per second for non-10Gb ports; for 10 Gb ports, this is the number of packets allowed to pass through multiplies 1,040.
Command: speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | { {force1g-half | force1g-full} [nonegotiate [master | slave]] } } no speed-duplex Function: Set the speed and duplex mode for 1000Base-TX or 100Base-TX ports; the “no speed-duplex” command restores the default speed and duplex mode setting, i.e. auto speed negotiation and duplex.
Configure the IP address for VLAN interface and enables VLAN interface. 1. Enter VLAN Mode Command Global Mode address {<ip-address> [secondary] | bootp | dhcp} no ip address [<ip-address> <mask>] 2. Configure the IP address for VLAN interface and enables VLAN interface. Command VLAN Mode ip address <ip-address>...
Page 111
VLAN interface. A VLAN interface can have only one primary IP address but multiple secondary IP address. Both primary IP address and secondary IP address can be used for SNMP/Web/Telnet management. In addition, ES4626/ES4650allows IP address to be obtained through BootP/DHCP.
ES4626/ES4650 support one mirror destination port only. The number of mirror source port is not limited, one or more ports can be used. Multiple source ports can be within the same VLAN or across several VLANs.
3.2.3.3 Port Mirroring Configuration 3.2.3.3.1 port monitor Command: port monitor <interface-list> [rx| tx| both] no port monitor <interface-list> Parameter: <interface-list> is the list of the monitored source interfaces; rx is the inbound traffic of the monitored source interface; tx is the outbound traffic of the monitored source interface;...
3.2.3.5.2 Device Mirroring Troubleshooting Help If problems occur configuring port mirroring, please check the following first for causes: Whether the mirror destination port is a member of a trunk group or not, if yes, modify the trunk group. If the throughput of mirror destination port is smaller than the total throughput of mirror source port(s), the destination port will not be able to duplicate all source port traffic;...
sent/received. Usage Guide: If no port is specified, then information for all ports will be displayed. Example: Display information about port 4/1. Switch#show interfaces status ethernet 4/1 3.4.2 Port Troubleshooting Help Here are some situation frequently occurs in port configuration and the advised solutions: Two connected fiber interfaces won’t link up if one interface is set to auto negotiation but the other to forced speed/duplex.
support. See the equivalent CLI command at 3.2.1.2.6 Admin Status – Enable or disable port. See the equivalent CLI command at 3.2.1.2.9 speed/duplex status – Set port duplex. The supported types include: 1000M/Half and 1000M/Full. See the equivalent CLI command at 3.2.1.2.2 and 3.2.1.2.10 port flow control status –...
configure port bandwidth control. See the equivalent CLI command at 3.2.1.2.1 Port – Specify the port Bandwidth control level – Port bandwidth control; valid ranges is 1 to 10000 in Mbps. Control type –input and output means that bandwidth control is applied to the inbound and outbound traffic;...
page is shown. Users can configure port Layer 3 information such as IP address and network mask etc. 3.5.2.1 Allocate IP address for L3 port Click Port configuration, Vlan interface configuration, Allocate IP address for L3 port. Users can configure port Layer 3 IP address. See the equivalent CLI command at 3.2.2.2.2: Port –...
3.5.3 Port mirroring configuration Click Port configuration, Port mirroring configuration. Users can configure port mirroring. 3.5.3.1 Mirror configuration Click Port configuration, Port mirroring configuration, Mirror configuration. Users can configure port mirroring for source interface and destination interface. Source Interface configuration. See the equivalent CLI command at 3.2.3.3.1: session –...
3.5.4.1 Show port information Click Port configuration, Port debug and maintenance, Show port information. The port statistics information is shown. See the equivalent CLI command at 3.4.1.2 For example: Select to display Ethernet1/1, and then click Refresh. The statistics information of port Ethernet 1/1 is shown.
Chapter 4 MAC Table Configuration 4.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses. Static MAC addresses are manually configured by the user, have the highest priority and are permanently effective (will not be overwritten by dynamic MAC addresses);...
Page 124
The topology of the figure above: 4 PCs connected to ES4626/ES4650, where PC1 and PC2 belongs to a same physical segment (same collision domain), the physical segment connects to port 1/5 of ES4626/ES4650; PC3 and PC4 belongs to the same physical segment that connects to port 1/12 of ES4626/ES4650.
The switch will forward or filter received data frames according to the MAC table. Take the above figure as an example, assuming ES4626/ES4650 has learnt the MAC address of PC1 and PC3, and the user manually configured the mapping relationship for PC2 and PC4 to ports.
table, the switch will broadcast the unicast frame. When VLANs are configured, the switch will forward unicast frame within the same VLAN. If the destination MAC address is found in the MAC table but belonging to different VLANs, the switch can only broadcast the unicast frame in the VLAN it belongs to.
Function: Add or modify static address entry , the “no mac-address-table” command delete static address entries and dynamic address entries. Parameter: static stands for static address entry; dynamic for dynamic address entry; <mac-addr> for MAC address to add or delete; <interface-name> for port name to forward the MAC frame;...
Typical Configuration Examples MAC:00-01-22-22-22-22 MAC:00-01-11-11-11-11 Fig 4-2 MAC Table typical configuration example Scenario: Four PCs as shown in the above figure connect to port 1/5, 1/7, 1/9, 1/11 of switch, all the four PCs belong to the default VLAN1. As required by the network environment, dynamic learning is enabled.
Command: show mac-address-table <mac-addr>] Function: Show the current MAC table Parameter: static static entry; aging-time address aging time; discardiia filter entry; <mac-addr> entry’s MAC address; <vlan-id> entry’s VLAN number; <interface-name> entry’s interface name Command mode: Admin mode Default: MAC address table is not displayed by default. Usage guide: This command can display various sorts of MAC address entries.
However, in some cases, security or management policy may require MAC addresses to be bound with the ports, only data stream from the binding MAC are allowed to be forwarded in the ports. That is to say, after a MAC address is bound to a port, only the data stream destined for that MAC address can flow in from the binding port, data stream destined for the other MAC addresses that not bound to the port will not be allowed to pass through the port.
Page 132
port enabling MAC address binding must not be a Trunk port. Example: Enable MAC address binding function for port 1and and lock the port. When a port is locked, the MAC address learning function for the port will be disabled. Switch(Config)#interface Ethernet 1/1 Switch(Config-Ethernet1/1)#port security 4.5.1.2.2.2...
Page 133
4.5.1.2.2.4 switchport port-security mac-address Command: switchport port-security mac-address <mac-address> no switchport port-security mac-address <mac-address> Function: Add static secure MAC address; the “no switchport port-security mac-address” command deletes static secure MAC address. Command mode: Interface Mode Parameter: <mac-address> stands for the MAC address to be added/deleted. Usage Guide: The MAC address binding function must be enabled before static secure MAC address can be added.
Parameter: < value> is the up limit for static secure MAC address, the valid range is 1 to 128. Default: The default maximum port secure MAC address number is 1. Usage Guide: The MAC address binding function must be enabled before maximum secure MAC address number can be set.
Page 135
4.5.1.3.1.1 show port-security Command: show port-security Function: display the global configuration of secure ports. Command mode: Admin Mode Default: Configuration of secure ports is not displayed by default. Usage Guide: This command displays the information for ports that are currently configured as secure ports.
Page 136
secure port. Example: Switch# show port-security interface ethernet 1/1 Ethernet1/1 Port Security : Enabled Port status : Security Up Violation mode : Protect Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Lock Timer is ShutDown Mac-Learning function is : Closed Displayed information Port Security :...
Vlan Mac Address 0000.0000.1111 -------------------------------------------------------------------------------------------------- Total Addresses : 1 Displayed information Vlan Mac Address Type Ports Total Addresses 4.5.1.3.2 MAC Address Binding Troubleshooting Help Enabling MAC address binding for ports may fail in some occasions. Here are some possible causes and solutions: If MAC address binding cannot be enabled for a port, make sure the port is not executing Spanning tree, port aggregation and is not configured as a Trunk port.
4.6.1.1 Unicast address configuration Click MAC address table configuration, MAC address table configuration, Unicast address configuration. Users can add and delete MAC address. See the equivalent CLI command at 4.2.2: MAC address – Specify MAC address VID – Vlan number of the MAC address Configuration type –...
Page 139
and then click Apply. All the static MAC addresses on the interface Ethernet 1/1 are deleted. 4.6.1.3 Static MAC query Click MAC address table configuration, MAC address table configuration, Static MAC query. Users can query MAC address. See the equivalent CLI command at 4.4.1.1: Query by VID –...
CLI command at 4.4.1.1: 4.6.2 MAC address table configuration Click MAC address table configuration, MAC address binding configuration. Users can configure secure port features. 4.6.2.1 Enbale port Mac-binding Click MAC address table configuration, MAC address binding configuration, Enbale port Mac-binding. Users can configure secure port features. 4.6.2.1.1 Enbale port Mac-binding Click MAC address table configuration, MAC address binding configuration, Enable...
Port – Specify port For example: Select port Ethernet1/1, and then click Apply. The port Ethernet1/1 is locked. Click Remove to disable port MAC address binding. 4.6.2.2.2 Dynamic MAC converting Click MAC address table configuration, MAC address binding configuration, Lock port, Dynamic MAC converting.
Port – Specify the port Port security MAC –Port security MAC address Operation type – add static security address; Remove static security address For example: Select port Ethernet1/1; set MAC address to 00-11-11-11-11-11; Select add static security address, and then click Apply. The configuration is applied on the switch.
Port – Specify the port Max security MAC number (1-128) – Maximum MAC number For example: Select port Ethernet1/1; set Max security MAC number to 30, and then click Apply. The configuration is applied on the switch. Click Remove to restore the default setting.
Page 144
specified port. See the equivalent CLI command at 4.5.1.3.1.3 Show all port-security – Show secure port configuration. See the equivalent CLI command at 8.5.1.3.1.1 Show all port-security address – Show secure port MAC address. See the equivalent CLI command at 4.5.1.3.1.3 Click Show Port Configuration.
IEEE announced IEEE 802.1Q protocol to direct the standardized VLAN implementation, and the VLAN function of ES4626/ES4650 is implemented following IEEE 802.1Q. The characteristics of VLAN technology is a big LAN can be partitioned into many separate broadcast domains dynamically to meet the demands.
VLAN and GVRP (GARP VLAN Registration Protocol) defined by 802.1Q are implemented in ES4626/ES4650. The chapter will describe the use and configuration of VLAN and GVRP in details. VLAN Configuration 5.2.1 VLAN Configuration Task Sequence Creating or deleting VLAN Specifying or deleting VLAN name...
Page 147
4. Set Trunk port Command Interface Mode Switchport allowedvlan remove <vlan-list>} no switchport allowed vlan switchport native vlan <vlan-id> no switchport native vlan 5. Set Access port Command Interface Mode switchport allowed add vlan <vlan-id> no switchport access vlan 6. Disable/Enable VLAN Ingress Rules Command Global Mode switchport ingress-filteringno switchport...
5.2.2 VLAN Configuration Commands 5.2.2.1 vlan Command: vlan <vlan-id>[name <vlan-name>] no vlan <vlan-id>[name] Function: Create a VLAN and enter VLAN configuration mode, and can set VLAN name. In VLAN Mode, the user can assign the switch port to the VLAN. The “no vlan <vlan-id>”...
Switch(Config-ethernet1/8)#switchport mode access Switch(Config-ethernet1/8)#switchport access vlan 100 Switch(Config-ethernet1/8)#exit 5.2.2.3 switchport interface Command: switchport interface <interface-list> no switchport interface <interface-list> Function: Specify Ethernet port to VLAN; the “no switchport interface <interface-list>” command deletes one or one set of ports from the specified VLAN. <interface-list>...
Switch(Config-ethernet1/8)#exit 5.2.2.5 switchport trunk allowed vlan Command: switchport trunk allowed vlan {<vlan-list>|all} no switchport trunk allowed vlan Function: Set trunk port to allow VLAN traffic; the “no switchport trunk allowed vlan” command restores the default setting. Parameter: <vlan-list> is the list of VLANs allowed to pass through in the specified Trunk port;...
Page 151
Switch(Config-ethernet1/5)#exit 5.2.2.7 switchport ingress-filtering Command: switchport ingress-filtering no switchport ingress-filtering Function: Enable the VLAN ingress rule for a port; the “no vlan ingress disable” command disable the ingress rule. Command mode: Interface Mode Default: VLAN ingress rules are enabled by default. Usage Guide: When VLAN ingress rules are enabled on the port, when the system receives data it will check source port first, and forwards the data to the destination port if it is a VLAN member port.
Primary VLAN; set VLAN200 to Isolated VLAN; set VLAN300 to Community VLAN. 5.2.2.9 private-vlan association Command: private-vlan association no private-vlan association Function: Set Private VLAN association; the “no private-vlan association” command cancels Private VLAN association. Parameter: <secondary-vlan-list> Sets Secondary VLAN list which is associated to Primary VLAN.
Page 153
Fig 5-2 Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requirements. The three VLANs are VLAN2, VLAN100 and VLAN200. Those three VLANs must cross location A and B. One switch is placed in each site, and cross-location requirement can be met if VLAN traffic can be transferred between the two switches.
can receive VLAN dynamic register information from the other switches, and update local VLAN register information according the information received. GVRP enabled switch can also populate their won VLAN register information to the other switches. The VLAN register information populated includes local static information manually configured and dynamic information learnt from the other switches.
5.3.2 GVRP Commands 5.3.2.1 garp timer join Command: garp timer join <timer-value> no garp timer join Function: Set the join timer for GARP; the “ no garp timer join” command restores the default timer setting. Parameter: < timer-value> is the value for join timer, the valid range is 100 to 327650 Command mode: Interface Mode Default: The default value for join timer is 200 ms.
5.3.2.3 garp timer hold Command: garp timer hold <timer-value> no garp timer hold Function: Set the hold timer for GARP; the “ no garp timer hold” command restores the default timer setting. Parameter: < timer-value> is the value for GARP hold timer, the valid range is 100 to 327650 ms.
no bridge-ext gvrp Function: Enable the GVRP function for the switch or the current Trunk port; the “no gvrp” command disables the GVRP function globally or for the port. Command mode: Interface Mode and Global Mode. Default: GVRP is disabled by default. Usage Guide: Port GVRP can only be enabled after global GVRP is enabled.
Page 159
protocol is to be configured in the switch. Configure GVRP in Switch A, B and C, enable Switch B to learn VLAN100 dynamically so that the two workstation connected to VLAN100 in Switch A and C can communicate with each other through Switch B without static VLAN100 entries.
Universal Vlan: Total Existing Vlans is: 2 Displayed information VLAN Name Type Media Ports Universal Vlan Dynamic Vlan 5.4.1.2 show garp timer Command: show garp timer [<interface-name>] Function: Display the global and port information for GARP. Parameter: <interface-nam> stands for the name of the Trunk port to be displayed. Command mode: Admin Mode Usage Guide: N/A.
GVRP will not work properly. It is recommended to avoid enabling GVRP and RSTP at the same time in ES4626/ES4650. If GVRP is to be enabled, RSTP function for the ports must be disabled first. 5.5 WEB Management Click Vlan configuration.
remove vlan. 5.5.1.1.1 VID allocation Click Vlan configuration, Vlan configuration, Create/Remove VLAN, VID allocation. Users can add or remove vlan. See the equivalent CLI command at 5.2.2.1: Operation type – Add new VID: Add a new vlan; Remove: Remove a vlan VID –...
5.5.1.2 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Allocate ports for VLAN. Users can configure the vlan information on the switch. 5.5.1.2.1 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Allocate ports for VLAN, Allocate port for Vlan.
Type – Specify port type: access, trunk. See the equivalent CLI command at 5.2.2.5 Vlan ingress rules – Enable or disable vlan ingress rule. See the equivalent CLI command at 5.2.2.8 For example: Select port Ethernet1/1; select Type to Trunk; select Enable Vlan ingress rules, and then click Apply.
Set trunk native vlan: Set the native vlan of the port. See the equivalent CLI command at 5.2.2.7: Port – Specify the port Trunk native vlan – Specify native vlan id Operation type – Set native vlan: Add new VLAN; Remove native vlan: Leave the native vlan For example: Select port Ethernet1/8;...
Page 167
from the specified VLAN: Port – Specify the port Vlan ID – Specify VLAN ID For example: Select port Ethernet1/1; select Vlan ID 1, and then click Apply. The port Ethernet 1/1 is added to VLAN 1. The results are shown in Information Display window: 5.5.1.6 Allocate port for Vlan Click Vlan configuration, Vlan configuration, Enable/Disable Vlan ingress rule.
5.5.2 GVRP configuration Click Vlan configuration, GVRP configuration. Users can configure GVRP. 5.5.2.1 Enable global GVRP Click Vlan configuration, GVRP configuration, Enable global GVRP. Users can enable or disable GVRP globally. See the equivalent CLI command at 5.3.2.5. For example: Select Enable GVRP, and then click Apply. The GVRP is enabled globally on the switch.
5.5.3 VLAN debug and maintenance Click Vlan configuration, Vlan debug and maintenance. Users can view Vlan information on the switch. 5.5.3.1 show Vlan Click Vlan configuration, VLan debug and maintenance, show Vlan. The Vlan information is shown on Information display window. See the equivalent CLI command at 5.4.1.1 5.5.3.2 show garp Click Vlan configuration, VLan debug and maintenance, show garp.
5.5.3.3 show gvrp Click Vlan configuration, VLan debug and maintenance, show gvrp. The GVRP information is shown on Information display window. See the equivalent CLI command at 5.4.1.3...
Chapter 6 MSTP Configuration MSTP Introduction The MSTP (Multiple STP) is a new spanning-tree protocol which is based on the STP and the RSTP. It runs on all the bridges of a bridged-LAN. It calculates a common and internal spanning tree (CIST) for the bridge-LAN which consists of the bridges running the MSTP, the RSTP and the STP.
Figure 6-1 Example of CIST and MST Region In the above network, if the bridges are running the STP other the RSTP, one port between Bridge M and Bridge B should be blocked. But if the bridges in the yellow range run the MSTP and are configured in the same MST region, MSTP will treat this region as a bridge.
The MSTI is only valid within its MST region. An MSTI has nothing to do with MSTIs in other MST regions. The bridges in a MST region receive the MST BPDU of other regions through Boundary Ports. They only process CIST related information and abandon MSTI information.
Page 174
spanning-tree no spanning-tree Global Mode spanning-tree mode {mstp|stp} no spanning-tree mode Interface Mode spanning-tree mcheck 2. Configure instance parameters Command Global Mode spanning-tree <instance-id> priority <bridge-priority> no spanning-tree mst <instance-id> priority Interface Mode spanning-tree mst <instance-id> cost <cost> no spanning-tree mst <instance-id> cost spanning-tree <instance-id>...
Page 175
Command Global Mode spanning-tree mst configuration no spanning-tree mst configuration MSTP region mode instance <instance-id> vlan <vlan-list> instance <instance-id> <vlan-list>] name <name> no name revision-level <level> no revision-level abort exit 4. Configure MSTP time parameters Command Global Mode spanning-tree forward-time <time> no spanning-tree forward-time spanning-tree hello-time <time>...
Command Interface Mode spanning-tree link-type {auto|force-true|force-false} no spanning-tree link-type spanning-tree portfast no spanning-tree portfast 6.2.2 MSTP Configuration Command 6.2.2.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode. Command mode: MSTP Region Mode Usage Guide: This command is to quit MSTP region mode without saving the current configuration.
Page 177
no instance <instance-id> [vlan <vlan-list>] Function: In MSTP region mode, create the instance and set the mappings between VLANs and instances; The command “no instance <instance-id> [vlan <vlan-list>]” removes the specified instance and the specified mappings between the VLANs and instances.
Page 178
Command: revision-level <level> no revision-level Function: In MSTP region mode, this command is to set revision level for MSTP configuration; The command “no revision-level” restores the default setting to 0. Parameter: <level> is revision level. The valid range is from 0 to 65535. Command mode: MSTP Region Mode Default: The default revision level is 0.
Page 179
working with hello time and max age. The parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly. 2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds) Example: In global mode, set MSTP forward delay time to 20 seconds. Switch(Config)#spanning-tree forward-time 20 6.2.2.8 spanning-tree hello-time Command: spanning-tree hello-time <time>...
Page 180
6.2.2.10 spanning-tree maxage Command: spanning-tree maxage <time> no spanning-tree maxage Function: Set the max aging time for BPDU; The command “no spanning-tree maxage” restores the default setting. Parameter: <time> is max aging time in seconds. The valid range is from 6 to 40. Command mode: Global Mode Default: The max age is 20 seconds by default.
Page 181
Command mode: Interface Mode Default: The port is in the MSTP mode by default. Usage Guide: If a network which is attached to the current port is running IEEE 802.1D STP, the port converts itself to run in STP mode. The command is used to force the port to run in the MSTP mode.
Page 182
Name MAC address of the bridge Revision Usage Guide: Whether the switch is in the MSTP region mode or not, users can enter the MSTP mode, configure the attributes, and save the configuration. When the switch is running in the MSTP mode, the system will generate the MST configuration identifier according to the MSTP configuration.
Page 183
6.2.2.16 spanning-tree mst port-priority Command: spanning-tree mst <instance-id> port-priority <port-priority> no spanning-tree mst <instance-id> port-priority Function: Set the current port priority for the specified instance; The command “no spanning-tree mst <instance-id> port-priority” restores the default setting. Parameter: <instance-id> sets the instance ID. The valid range is from 0 to 48; <port-priority>...
portfast” sets the current port as non-boundary port. Command mode: Interface Mode Default: All the ports are non-boundary ports by default when enabling MSTP. Usage Guide: When a port is set to be a boundary port, the port converts its status from discarding to forwarding without bearing forward delay.
Page 185
Address Bridge Priority 32768 Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 1 200000 Port 2 200000 Port 3 Port 4 Port 5 Port 6 Port 7 By default, the MSTP establishes a tree topology (in blue lines) rooted with SW1. The ports marked with “x”...
Figure 6-5 The Topology Of the Instance 4 after the MSTP Calculation MSTP 6.4 MSTP Troubleshooting 6.4.1 Monitoring And Debugging Command 6.4.1.1 show spanning-tree Command: show spanning-tree [mst [<instance-id>]] [interface <interface-list>] [detail] Function: Display the MSTP Information. Parameter: <instance-id> sets the instance ID. The valid range is from 0 to 48; <interface-list>...
Page 190
########################### Instance 0 ########################### Self Bridge Id : 32768 - 00: 03: 0f: 01: 0e: 30 Root Id : 16384.00: 03: 0f: 01: 0f: 52 Ext.RootPathCost : 200000 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID : 128.1 Current port list in Instance 0: Ethernet1/1 Ethernet1/2 (Total 2)
-------------- ------- --------- --- ---- ------------------ ------- Ethernet1/1 128.001 Ethernet1/2 128.002 Displayed Information Bridge Information Standard STP version Bridge MAC Bridge MAC address Bridge Times Max Age, Hello Time and Forward Delay of the bridge Force Version Version of STP Instance Information Self Bridge Id The priority and the MAC address of the current bridge for the...
Page 192
Command mode: Privileged Mode Usage Guide: In the privileged mode, this command can show the parameters of the MSTP configuration such as MSTP name, revision, VLAN and instance mapping. Example: Display the configuration of the MSTP on the switch. Switch#show spanning-tree mst config Name switch Revision...
6.4.1.4 debug spanning-tree Command: debug spanning-tree no debug spanning-tree Function: Enable the MSTP debugging information; The command “no debug spanning-tree” disables the MSTP debugging information Command mode: Privileged Mode Usage Guide: This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, then they can use this command to display the relevant debugging information.
query max-response-time 7.2.2 IGMP Snooping Configuration Command 7.2.2.1 ip igmp snooping Command: ip igmp snooping no ip igmp snooping Function: Enable the IGMP Snooping function in the switch: the “no ip igmp snooping” command disables the IGMP Snooping function. Command mode: Global Mode Default: IGMP Snooping is disabled by default.
vlan <vlan-id> mrouter” command deletes multicast router port. Parameter: <vlan-id> is the specified VLAN number; <interface –name> is the specified multicast router port number. Command mode: Global Mode Default: No M-Router port is set in the default VLAN. Usage Guide: M-Router port must be set in a VLAN enabled IGMP Snooping, or the IGMP packet will be discarded so that IGMP Snooping cannot be performed in the specified VLAN.
leave function. Parameter: <vlan-id> is the VLAN number specified. Command mode: Global Mode Default: This function is disabled by default. Usage Guide: Enabling IGMP fast leave function speeds up the process for port to leave multicast group. This command is valid only in Snooping, and is not applicable to Query.
robustness; parameter means better network conditions. The user can set the robustness parameter according to their network conditions. Example: Set the robustness parameter for the IGMP Query of VLAN 100 to 3. Switch(C onfig)#ip igmp snooping vlan 100 query robustness 3 7.2.2.8 ip igmp snooping vlan query interval Command: ip igmp snooping vlan <vlan-id>...
Page 200
Fig 7-1 Enabling IGMP Snooping function As shown in the above figure, a VLAN 100 is configured in the switch, including port 1, 2, 6, 10 and 12 on slot 1. Four hosts are connected to port 2, 6, 10, 12 respectively and the multicast router is connected to port 1.
Page 201
traffic of program 2 and port 12 will not receive traffic of program 1. Scenario2IGMPQuery Fig 7-2 The switches as IGMP Queriers The configuration of Switch2 is the same as the switch in scenario 1, Switch1 takes the place of Multicast Router in scenario 1. Let’s assume VLAN 60 is configured in Switch1, including port 1, 2, 6, 10 and 12.
Multicast Configuration The same as scenario 1. IGMP Snooping listening result: Similar to scenario 1. IGMP Snooping Troubleshooting Help 7.4.1 Monitor and Debug Commands 7.4.1.1 show ip igmp snooping Command: show ip igmp snooping [vlan <vlan-id>] Parameter: <vlan-id> is id of VLAN to display the IGMP Snooping information. Command mode: Admin Mode Usage Guide: If VLAN id is not specified, then summary information for IGMP Snooping and Query in all VLAN will be displayed.
Page 203
igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port : (null) -------------------------------- IGMP information for VLAN 4: igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port : (null) -------------------------------- IGMP information for VLAN 511: igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port : (null)
Page 204
igmp snooping status igmp snooping vlan status igmp snooping vlan mrouter port igmp snooping vlan mrouter state igmp snooping vlan mrouter present igmp snooping vlan immediate leave igmp snooping vlan query igmp snooping vlan robustness igmp snooping vlan query interval igmp snooping vlan query max response time igmp snooping vlan query TX igmp snooping vlan query SX...
port igmp snooping vlan mrouter state igmp snooping vlan mrouter present igmp snooping vlan query TX igmp snooping vlan query SX igmp snooping multicast mac igmp snooping multicast port 7.4.1.2 show mac-address-table multicast Command: show mac-address-table multicast [vlan <vlan-id>] Function: Display information for the multicast MAC address table. Parameter: <vlan-id>...
Example: Enable IGMP Snooping debug. Switch# debug ip igmp snooping 7.4.2 IGMP Snooping Troubleshooting Help IGMP Snooping function cannot be used with IGMP Query, Snooping is not available when Query is enabled. The user must make sure whether IGMP Snooping or IGMP Query is to be enabled.
VLAN ID – Configure query vlan ID Query State – query state: open or close. See the equivalent CLI command at 7.2.2.6 Robustness – Robustness. See the equivalent CLI command at 7.2.2.7 Query Interval – Query interval. See the equivalent CLI command at 7.2.2.8 Max Response –...
7.5.3 IGMP Snooping static multicast configuration Click IGMP Snooping static multicast configuration. Users can configure IGMP Snooping static multicast. 7.5.3.1 IGMP Snooping static multicast configuration The explanation of each field is as below: VLAN ID – Configure Vlan ID Multicast group member port – Configure multicast group member port Multicast address –...
Chapter 8 802.1X CONFIGURATION 8.1 802.1X Introduction IEEE 802.1X is a kind of port-based network access control technology. The access equipment is authenticated and controlled at the physical access level of LAN equipment. The physical access level used here means the ports of switch equipment. If the user equipment connected to such kind of ports pass the authentication, then the resources of LAN is available to be visited;...
access control unit (access switch); EAP protocol is also adopted between access control unit and authentication server. Authentication data is sealed in EAP messages, which are included in other high-layer protocol messages, such as RADIUS, so as to reach authentication server through complex network. The port-based network access control classifies the ports where equipment end provide services to customer end into two virtual ports: controlled port and uncontrolled port.
Page 212
2) Configure port access control method: base on MAC address or base on port 3) Configure switch 802.1x extend function 3. The configuration of something about user access equipment(not required) 4. The configuration of something about RADIUS server 1) Configure RADIUS authentication key 2) Configure RADIUS server 3) Configure RADIUS service parameter 1.Enable switch 802.1x function...
Page 213
Command port configuration mode dot1x port-control {auto|force-authorized|force-una uthorized } no dot1x port-control port configuration mode dot1x port-control {auto|force-authorized|force-una uthorized } no dot1x port-control 2) Configure port access control method Command port configuration mode dot1x port-method {macbased | portbased} no dot1x port-method dot1x max-user <number>...
Page 214
Command Global configuration mode dot1x macfilter enable no dot1x macfilter enable dot1x accept-mac <mac-address> [interface <interface-name>] dot1x accept-mac <mac-address> [interface <interface-name>] dot1x eapor enable no dot1x eapor enable 3. Some interrelated configuration about Supplicant Command Global configuration mode dot1x max-req <count> no dot1x max-req dot1x re-authentication no dot1x re-authentication...
Page 215
dot1x timeout tx-period <seconds> no dot1x timeout tx-period privileged configuration mode dot1x re-authenticate [interface <interface-name>] 4. Some interrelated configuration about Authentication Server(RADIUS server) 1) Configure RADIUS authentication key Command Global configuration mode radius-server key <string> no radius-server key 2) Configure RADIUS Server Command Global configuration mode radius-server...
Example: Enable the switch AAA accounting function. Switch(Config)#aaa-accounting enable 8.2.2.3 dot1x accept-mac Command: dot1x accept-mac <mac-address> [interface <interface-name>] no dot1x accept-mac <mac-address> [interface <interface-name>] Function: adds one MAC address list to dot1x address filter table. If specify port, the add list only be suitable for specific port;...
8.2.2.5 dot1x enable Command: dot1x enable no dot1x enable Function: Enable switch global and port 802.1x function; use the “no” command to disable 802.1x function . Command mode: global configuration mode and port configuration mode Default: switch without enable 802.1x function in global mode; if switch enables 802.1x function in global, then the port default without enable 802.1x function.
Page 219
Command: dot1x macfilter enable no dot1x macfilter enable Function: Enable switch dot1x address filter function; use the “no” command to disable dot1x address filter function. Command mode: global configuration mode Default: switch disable dot1x address filter function. Instructions: While enable switch dot1x address filter function, switch will filter authentication MAC address, only the authentication requirement which from dot1x address filter list will be accepted.
Page 220
Switch(Config-Ethernet1/3)#dot1x max-user 5 8.2.2.10 dot1x port-control Command: dot1x port-control {auto|force-authorized|force-unauthorized } no dot1x port-control Function: Configure port 802.1x authorize status; use the “no” command to restore default. Parameter: auto is used to enable 802.1x authentication, confirm the port is in authorized status or unauthorized status according to the authentication information between switch and suppliant;...
Page 221
Command: dot1x re-authenticate [interface <interface-name>] Function: Configure the 802.1x re-authenticate to all port or some specific port in time, not need to wait for time to expire. Parameter: <interface-name>is port ID, if there’s no parameter, it means all port. Command mode: privilege configuration mode Instructions: This command which belong to privilege mode, after configured this command, switch re-authenticate to client at once, not need to wait re-authenticate clock expire.
Page 222
8.2.2.15 dot1x timeout re-authperiod Command: dot1x timeout re-authperiod <seconds> no dot1x timeout re-authperiod Function: Configure switch re-authenticate time interval to supplicant; use the “no” command to restore default. Parameter: <seconds>re-authenticate time interval, unit is second, The range: 1~65535. Command mode: global configuration mode Default: Default is 3600 seconds.
Page 223
according to configuration gradation; if configure primary, will use this RADIUS server first. Command mode: global configuration mode Default: system without configure RADIUS accounting server. Instructions: This command for specify accounting RADIUS server IP address and port ID which connect with switch, may configure many command. The parameter<port-number>for specify accounting port ID, this port ID must be the same as the accounting port ID which in specific RADIUS server, default is 1813, if configure the port ID as 0, accounting port will random produce, may cause configuration invalid.
Page 224
8.2.2.19 radius-server dead-time Command: radius-server dead-time <minutes> no radius-server dead-time Function: Configure the recover time after RADIUS server dead; use the “no” command to restore default configuration. Parameter: <minutes>is the recover time after RADIUS server dead in minutes, The range: 1~255. Command mode: global configuration mode Default: Default is 5 minutes.
Page 225
Function: Configure RADIUS authentication message retransmit times; use the “no” command to restore default configuration. Parameter: <retries>is RADIUS server retransmit times, The range: 0~100. Command mode: global configuration mode Default: Default is 3 times. Instructions: After this command specify switch sending data packet to RADIUS server, the times which need to retransmit this data packet when it cannot receive RADIUS server response.
8.3 802.1X Apply Example 1 0 . 1 . 1 . 2 1 0 . 1 . 1 . 1 Ra d i u s Se r v e r 1 0 . 1 . 1 . 3 Figure 8-2 IEEE802.1x configuration example topology figure Computer connect to switch port 1/2, IEEE802.1x authentication function in port 1/2 is enabled, the access method adopt default method is based on MAC address authentication.
8.4 802.1X Trouble Shooting 8.4.1 802.1X Debug and Monitor Command 8.4.1.1 show aaa config Command: show aaa config Function: Displays the existing configuration commands while the switch works as RADIUS client. Command mode: privilege mode Instructions: Display switch whether is enable aaa authentication, accounting function, and authentication key, authentication, accounting server information, etc.
Page 228
accounting server[1].Host IP = 192.168.1.208 Time Out = 3 Retransmit = 3 Dead Time = 5 Account Time Interval = 0 Display Content Is Aaa Enabled Is Account Enabled MD5 Server Key authentication server sum authentication server[X].Host IP .Udp Port Is Primary Is Server Dead .Socket No...
8.4.1.2 show aaa authenticated-user Command: show aaa authenticated-user Function: Displays the online authenticated users. Command mode: privilege mode Instructions: Other online user information is typically used for technical support engineers for diagnosis and troubleshooting. Example: Switch#show aaa authenticated-user ------------------------- authenticated users ------------------------------- User-name Retry-time WaitingNum...
Example: 1. Show radius authenticated-user statistics information. Switch #show radius authenticated-user count --------------------- Radius user statistic--------------------- The authenticated online user num is: The total user num is: 2. Show radius authenticating-user statistics information and others Switch #sho radius authencating-user count --------------------- Radius user statistic--------------------- The authenticating user num is: The stopping user num is:...
Page 231
Authentication Method: Port based Status Authorized Port-control Auto Supplicant 00-03-0F-FE-2E-D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Display Content Global 802.1x Parameters reauthenabled reauth-period quiet-period tx-period max-req authenticator mode Mac Filter MacAccessList : dot1x-EAPoR 802.1x enabled...
Backend State Machine Backend state machine status Reauthentication State Reauthentication state machine status Machine 8.4.1.6 debug aaa Command: debug aaa no debug aaa Function: Enable aaa debug information; use the “no” command to close aaa debug information. Command mode: privilege configuration mode Parameter: None Instructions: Enables aaa debug information, may check the negotiation process of Radius protocol, it’s conduce to debug trouble when have troubles.
port. For enabling the 802.1x authentication function, it is necessary to disable the trunk functions of the port. If the switch is configured correctly and the authentication is still not passed, it is recommended to examine whether links are established between the switch and RADIUS server, the switch and 802.1x;...
authentication and accounting)It is equivalent to CLI command 8.2.2.19. System recovery time (1-255 minute) - Configure the recover time after RADIUS server dead. It is equivalent to 8.2.2.18. RADIUS Retransmit times(0-100) - Configure RADIUS authentication message retransmit times. It is equivalent to CLI command 8.2.2.20. RADIUS server timeout (1-1000 second) - Configure RADIUS server timeout timer.
8.5.1.3 RADIUS accounting configuration Click Authentication configuration, RADIUS client configuration, RADIUS accounting configuration. Configure RADIUS accounting server IP address and monitor port ID. It is equivalent to CLI command 8.2.2.16. Accounting server IP - server IP address. Accounting server port (optional) – is the accounting server port ID, The range: 0~65535, the “0”...
Page 236
configuration management list, user may configure switch 802.1x function. 8.5.2.1 802.1X Configuration Click Authentication configuration, 802.1X configuration, 802.1X configuration. Configure 802.1x global configuration: 802.1x status – Enable, disable switch 802.1x function. It is equivalent to CLI command 8.2.2.5. Maximum retransmission times of EAP-request/identiry (1-10 second) - Configure sending EAP-request/MD5 frame maximum times before switch did not receive suppliant response and restart authentication.
8.5.2.2 802.1X port authentication configuration Click Authentication configuration, 802.1X configuration, 802.1X port authentication configuration. Configure port 802.1xFunction: Port – assign port 802.1x status – port 802.1x status, Enable, 802.1x function is enable; Close, 802.1x function is close, the same as CLI command 8.2.2.5. Authentication type - Configure port 802.1x authentication status.
Add a MAC address table to dot1x address filter. It is equivalent to CLI command 8.2.2.3. Port –If specify port, the added list only suitable for specific port, specify All Ports, the added list suitable for all port. Mac – added MAC address Operation type –...
Chapter 9 ACL Configuration 9.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguards the security of networks. The user can lay down a set of rules according to some information specific to the packet, each rule describes the action for a packet with certain information matched: “permit”...
9.1.3 Access list Action and Global Default Action There are two access list action and default action: “permit” or “deny”. The following rules apply: An access list can consist of several rules. Filtering of packets is to compare packet conditions to the rules, from the first rule to the first matched rule; the rest of the rules will not be processed.
Page 241
1. Configuring access list (1) Configuring a numbered standard IP access list Command Global Mode access list <num> {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} no access list <num> (2) Configuring a numbered extensive IP access list Command Global Mode access...
Page 242
access list <num> {deny | permit} {eigrp | gre | igrp | ipinip | ip | <int>} {{<sIpAddr> <sMask>} | any-source {host-source {{<dIpAddr> <dMask>} {host-destination <dIpAddr>}} <prec>] [tos <tos>] no access list <num> (3)Configuring a standard IP access list basing on nomenclature a.
firewall disable (2) Configure default action. Command Global Mode firewall default permit firewall default deny Bind access-list to a specific direction of the specified port. Command Physical Interface Mode ip access-group <name> {in|out } access-group {in|out} 9.2.2 ACL Configuration Commands 9.2.2.1 access-list(extended) Command: access-list <num>...
Page 245
[tos <tos>] no access-list <num> Function: Create a numbered extended IP access rule for specific IP protocol or all IP protocols; if the numbered extended access list of specified number does not exist, then an access list will be created using this number. The “no” form command deletes a numbered extended IP access list.
Example: Create a standard IP access list numbered 20, allowing packets from 10.1.1.0/24 and deny packets from 10.1.1.0/16. Switch(Config)#access list 20 permit 10.1.1.0 0.0.0.255 Switch(Config)#access list 20 deny 10.1.1.0 0.0.255.255 9.2.2.3 firewall Command: firewall { enable | disable} Function: Enable or disable firewall. Parameter: Enable for allow firewall function;...
Page 247
<name>” command delete the name-based extended IP access list Parameter: <name> is the name for access list, the character string length is 1 – 8, pure digit sequence is not allowed. Command mode: Global Mode Default: No IP address is configured by default. Usage Guide: When this command is run for the first time, only an empty access list with no entry will be created.
Page 248
Example: Bind access list “aaa” to the incoming direction of the port. Switch(Config-Ethernet1/1)#ip access-group aaa in 9.2.2.8 permit | deny(extended) Command: [no] {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>] [no] {deny | permit} igmp {{<sIpAddr>...
9.2.2.9 permit | deny(standard) Command: {deny | permit} {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} no {deny | permit} {{<sIpAddr> <sMask>} | any | {host <sIpAddr>}} Function: Create a standard name-based IP access rule; the “no” form command deletes the name-based standard IP access rule Parameter: Parameter: <sIpAddr>...
access list 10 deny any-source access list 100(used 1 time(s)) access list 100 deny ip any-source any-destination access list deny any-source any-destination 9.4.1.2 show access-group Command: show access-group [interface <name>] Function: display ACL binding information for the port. Parameter: <name> is the port name. Default: N/A.
Usage Guide: Example: Switch#show firewall Firewall Status: Enable. Firewall Default Rule: Permit. Displayed information Firewall Status: Enable. Firewall Default Rule: Permit. 9.4.2 ACL Troubleshooting Help The check for entries in the ACL is in a top-down order, and ends whenever an entry is matched.
extended ACL Filter configuration - Enable filter globally. ACL filter is binded to the port by default. 9.5.1 Add standard numeric IP ACL configuration Click Numeric ACL configuration, Add standard numeric. Users can configure ACL. See the equivalent CLI command at 9.2.2.2 The explanation of each field is as below: ACL number - ACL number (1 –...
Page 254
Users can configure the following types of numeric ACL: Add ICMP numeric extended ACL - Add ICMP numeric extended ACL Add IGMP numeric extended ACL - Add IGMP numeric extended ACL Add TCP numeric extended ACL - Add TCP numeric extended ACL Add UDP numeric extended ACL - Add UDP numeric extended ACL Add numeric extended ACL for other protocols - numeric extended ACL for other protocols Click the node.
For other protocols, the following fields need to be configured: Matched protocol – Specify the matched protocol: IP, EIGRP, OSPF, IPINIP and Input protocol manually. When “Input protocol manually, users can imput protocol number. For example: Configure an extended ACL numbered 110 which denies the TCP packets with the source address as 10.0.0.0/24 and target port as 21.
Source IP address – Specify source IP address Reverse network mask – Specify reverse network mask Operation type – Add; Remove For example: Add a stanard name ACL. Set ACL name to ac1; configure other fields; set Operation type to Add, and then click Apply. 9.5.5 Extended ACL name configuration Click ACL name configuration.
to pass; “refuse” is used to deny packets to pass. See the equivalent CLI command at 9.2.2.4 For example: Set Packet filtering to Enable; set Firewall default action to accept, and then click Apply. 9.5.7 ACL port binding configuration Click Filter configuration. The configuration page is shown.. See the equivalent CLI command at 9.2.2.7 The explanation of each field is as below: Port –...
Channel fails, the other ports will undertake traffic of that port through traffic allocation algorithm. Traffic allocation algorithm is determined by the hardware. ES4626/ES4650 offers 2 methods for configuring port aggregation: manual Port Channel creation, and LACP (Link Aggregation Control Protocol) dynamic Port Channel creation.
8 port groups and 8 ports in each port group are supported. Once ports are aggregated, they can be used as a normal port. ES4626/ES4650 has built-in aggregation interface configuration mode, the user can perform related configuration in this mode just like in the VLAN and physical port configuration mode.
Command Interface Mode port-group <port-group-number> mode {active|passive|on} no port-group <port-group-number> 3. Enter port-channel configuration mode. Command Global Mode interface <port-channel-number> 10.2.2 Port Channel Configuration Commands 10.2.2.1 port-group Command: port-group <port-group-number> [load-balance { src-mac|dst-mac | dst-src-mac | src-ip| dst-ip|dst-src-ip}] no port-group <port-group-number> [load-balance] Function: Create a port group and set the load balance method for that group.
Page 261
Delete a port group. Switch(C onfig)#no port-group 1 10.2.2.2 port-group mode Command: port-group <port-group-number> mode {active|passive|on} no port-group <port-group-number> Function: Add the physical port to the port channel; The command “no port-group <port-group-number>” removes the port from the port channel. Parameter: <port-group-number>...
Scenario 1: Configuring Port Channel in LACP. Fig 10-2 Configuring Port Channel in LACP The switches in the description below are all ES4626/ES4650 switches. As shown in the figure, port 1, 2, 3 of Switch1 are access ports that belong to vlan1, add those three port to group1 in active mode;...
Page 263
Switch2 (Config)#port-group 2 Switch2 (Config)#interface eth 1/6 Switch2 (Config-Ethernet1/6)#port-group 2 mode passive Switch2 (Config-Ethernet1/6)#exit Switch2 (Config)# interface eth 1/8-9 Switch2 (Config-Port-Range)#port-group 2 mode passive Switch2 (Config-Port-Range)#exit Switch2 (Config)#interface port-channel 2 Switch2 (Config-If-Port-Channel2)# Configuration result: Shell prompts ports aggregated successfully after a while, now port 1, 2, 3 of Switch1 forms a aggregated port named “Port-Channel1”, port 6, 8, 9 of Switch2 forms an aggregated port named “Port-Channel2”;...
Switch1 (Config-Ethernet1/2)#exit Switch1 (Config)#interface eth 1/3 Switch1 (Config-Ethernet1/3)# port-group 1 mode on Switch1 (Config-Ethernet1/3)#exit Switch2#config Switch2 (Config)#port-group 2 Switch2 (Config)#interface eth 1/6 Switch2 (Config-Ethernet1/6)#port-group 2 mode on Switch2 (Config-Ethernet1/6)#exit Switch2 (Config)# interface eth 1/8-9 Switch2 (Config-Port-Range)#port-group 2 mode on Switch2 (Config-Port-Range)#exit Configuration result: Add port 1, 2, 3 of Switch1 to port-group1 in order, and we can see joining a group in “on”...
Page 265
Command mode: Admin Mode Usage Guide: If “port-group-number” is not specified, then information for all port groups will be displayed. Example: Add port 1/1 and 1/2 to port-group1. 1. Display summary information for port-group1. Switch# show port-group 1 brief Port-group number : 1 Number of ports in porg-group : 2 Number of port-channels : 0 Displayed information...
Page 266
port Ethernet1/2 : both of the port and the agg attributes are not equal the general information of the port are as follows: portnumber: 2 partner_oper_key: 0x0002 actor_oper_port_key: 0x0102 mode of the port: ACTIVE lacp_aware: enable begin: FALSE port_enabled: FALSE the attributes of the port are as follows: mac_type: ETH_TYPE speed_type: ETH_SPEED_100M duplex_type: FULL...
Page 267
Switch# show port-group 1 port Sorted by the ports in the group 1 : -------------------------------------------- the portnum is 1 port Ethernet1/1 related information: Actor part Administrative port number port priority 0x8000 aggregator id port key 0x0100 port state LACP activety LACP timeout Aggregation Synchronization...
Page 268
Selected Displayed information Explanation portnumber Port number port priority Port Priority system system ID system priority System Priority LACP activety Whether port is added to the group in “active” mode, 1 for yes. LACP timeout Port timeout mode, 1 for short timeout. Aggregation Whether aggregation is possible for the port, 0 for independent port that do not allow aggregation.
Number of port Port number in the port-channel. Standby port Port that is in “standby” status, which means the port is qualified to join the channel but cannot join the channel due to the maximum port limit, thus the port status is “standby” instead of “selected”.
LACP cannot be used on port enabled Security and 802.1x, therefore it cannot be enabled if those two protocols are present on the port. Port Channel Configuration 10.5 Web Management Click Port Channel configuration. LACP port group configuration node and LACP port configuration node are shown.
10.5.2 LACP port configuration Click LACP port configuration. The configuration page is shown. See the equivalent CLI command at 10.2.2.2 The explanation of each field is as below: group num - Group number Port - Specify the port Port mode - Configure port mode: active, passive or on Operation type - Add port to group or Remove port from group For example: Set group num to 1;...
Chapter 11 DHCP Configuration 11.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway, DNS server, default route and host image file position within the network.
DHCP packets so that the DHCP packets exchange can be completed between the DHCP client and server. ES4626/ES4650 can act as both a DHCP server and a DHCP relay. DHCP server supports not only dynamic IP address assignment, but also manual IP address binding (i.e.
Page 274
Command DHCP Address Pool Mode network-address <network-number> [mask | prefix-length] no network-address default-router [address1[address2[…address8]]] no default-router dns-server [address1[address2[…address8]]] no dns-server domain-name <domain> no domain-name netbios-name-server [address1[address2[…address8]]] no netbios-name-server netbios-node-type {b-node|h-node|m-node|p-node|<typ e-number>} no netbios-node-type bootfile <filename> no bootfile next-server [address1[address2[…address8]]] next-server [address1[address2[…address8]]] option <code>...
Command DHCP Address Pool Mode hardware-address <hardware-address> [{Ethernet | IEEE802|<type-number>}] no hardware-address host <address> <prefix-length> ] no host client-identifier <unique-identifier> no client-identifier client-name <name> no client-name 3. Enable logging for address conflicts Command Global Mode ip dhcp conflict logging no ip dhcp conflict logging Admin Mode clear ip dhcp conflict <address | all>...
Page 276
Example: The path and filename for the file to be imported is “c: \temp\nos.img”. Switch(dhcp-1-config)#bootfile c: \temp\nos.img Related command: next-server 11.2.2.2 client-identifier Command: client-identifier <unique-identifier> no client-identifier Function: Specify the unique ID of the user when binding address manually; the “no client-identifier”...
Page 277
Command: default-router <address1>[<address2>[…<address8>]] no default-router Function: Configure default gateway(s) for DHCP clients; the “no default-router” command deletes the default gateway. Parameter: address1…address8 are IP addresses, in dotted decimal format. Default: No default gateway is configured for DHCP clients by default. Command Mode: DHCP Address Pool Mode Usage Guide: The IP address of default gateway(s) should be in the same subnet as the DHCP client IP, the switch supports up to 8 gateway addresses.
Page 278
Switch(dhcp-1-config)#domain-name company.com.cn 11.2.2.7 hardware-address Command: hardware-address IEEE802|<type-number>}] no hardware-address Function: Specify the hardware address of the user when binding address manually; the “no hardware-address” command deletes the setting. Parameter: <hardware-address> is the hardware address in Hex; Ethernet | IEEE802 is the Ethernet protocol type, <type-number>...
This command is used with “hardware address” command or “client identifier” command when binding address manually. If the identifier or hardware address of the requesting client matches the specified identifier or hardware address, the DHCP server assigns the IP address defined in “host”...
Usage Guide: This command can be used to exclude one or several consecutive addresses in the pool from being assigned dynamically so that those addresses can be used by the administrator for other purposes. Example: Reserve addresses from 10.1.128.1 to 10.1.128.10 from dynamic assignment. Switch(Config)#ip dhcp excluded-address 10.1.128.1 10.1.128.10 11.2.2.11 ip dhcp pool Command: ip dhcp pool <name>...
Page 281
DHCP, while too short duration results in increased network traffic and overhead. The default lease duration of ES4626/ES4650 is 1 day. Example: Set the lease of DHCP pool “1” to 3 days 12 hours and 30 minutes.
Page 282
cancels the setting. Parameter: b-node stands for broadcasting node, h-node for hybrid node that broadcasts after point-to-point communication; m-node for hybrid node communicates in point-to-point after broadcast; p-node for point-to-point node; <type-number> is the node type in Hex from 0 to FF. Default: No client node type is specified by default.
Command: next-server <address1>[<address2>[…<address8>]] no next-server Function: Set the server address for storing the client import file; the “no next-server” command cancels the setting. Parameter: address1…address8 are IP addresses, in the dotted decimal format. Command Mode: DHCP Address Pool Mode Usage Guide: This command configures the address for the server hosting client import file.
Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP service enables, both DHCP server and DHCP relay are enabled. ES4626/ES4650 can only assign IP address for the DHCP clients and enable DHCP relay when DHCP server function is enabled.
but can also send other specified UDP broadcast packet to specified servers. 11.3.1 DHCP Relay Configuration Task Sequence 1. Enable DHCP relay. 2. Configure DHCP relay to forward DHCP broadcast packet. 3. Configure DHCP relay to forward other UDP broadcast packet. 4.
Page 286
11.3.2.1 ip forward-protocol udp Command: ip forward-protocol udp <port> no ip forward-protocol udp <port> Function: Set DHCP relay to forward UPD broadcast packets on the port; the “no ip forward-protocol udp <port>” command cancels the service. Default: DHCP relay forwards DHCP broadcast packet by default (UDP port 67). Command mode: Global Mode Usage Guide: The forwarding destination address is set in the “ip helper-address”...
Too save configuration efforts of network administrators and users, a company is using ES4626/ES4650 as a DHCP server. The Admin VLAN IP address is 10.16.1.2/16. The local area network for the company is divided into network A and B according to the office locations.
11.5.1.1 clear ip dhcp binding Command: clear ip dhcp binding {<address> | all } Function: Delete the specified IP address-hardware address binding record or all IP address-hardware address binding records. Parameter: <address> is the IP address that has a binding record, in dotted decimal format.
Related command: ip dhcp conflict logging,show ip dhcp conflict 11.5.1.3 clear ip dhcp server statistics Command: clear ip dhcp server statistics Function: Delete the statistics for DHCP server, clear the DHCP server count. Command mode: Admin Mode Usage Guide: DHCP count statistics can be viewed with “show ip dhcp server statistics”...
11.5.1.5 show ip dhcp conflict Command: show ip dhcp conflict Function: Display log information for address that has conflict record. Command mode: Admin Mode Example: Switch# show ip dhcp conflict IP Address Detection method 10.1.1.1 Ping Displayed information IP Address Detection method Detection Time 11.5.1.6 show ip dhcp server statistics...
In such case, DHCP server should be examined for an address pool that is in the same segment of the switch VLAN, such a pool should be added if not present, (This does not indicate ES4626/ES4650 cannot assign IP address for different segments, see solution 2 for details.) In DHCP service, pools for dynamic IP allocation and manual binding are conflicting, i.e., if...
11.6.1.1 Enable DHCP Click DHCP configuration, DHCP server configuration, Enable DHCP. Users can enable or disable DHCP server, and configure logging server: DHCP server status – Enable or disable DHCP server. See the equivalent CLI command at 11.2.2.19 Conflict logging status – Enable or disable conflict logging. See the equivalent CLI command at 11.2.2.9 Logging server(optional) –...
Network mask to 255.255.255.0; set DHCP client node type to broadcast node; set Address lease timeout to 3 day 12 hour 30 minute, and then click Apply. The configuration is applied on the switch. 11.6.1.3 Client's default gateway configuration Click DHCP configuration, DHCP server configuration, Client's default gateway configuration.
configuration. Users can configure DHCP client DNS server. See the equivalent CLI command at 11.2.2.5: DHCP pool name – Select DHCP pool DNS server - Configure DNS server. Users can configure maximum eight DNS servers. DNS server 1 has the highest priority and DNS server 8 has the lowest priority. For example: Select DHCP pool name to 1;...
11.6.1.6 DHCP file server address configuration Click DHCP configuration, DHCP server configuration, DHCP file server address configuration. Users can configure DHCP client bootfile name and file server: DHCP pool name – Select DHCP pool name DHCP client bootfile name (1-128 character) – Specify bootfile name. See the equivalent CLI command at 11.2.2.1 File server –...
11.6.1.7 DHCP network parameter configuration Click DHCP configuration, DHCP server configuration, DHCP network parameter configuration. Users can specify DHCP network parameters. See the equivalent CLI command at 11.2.2.18: DHCP pool name – Select DHCP pool name Code(0-254) – Specify network code Network parameter value type –...
11.6.1.9 Excluded address Click DHCP configuration, DHCP server configuration, Manual address pool configuration.Users can configure the exclusive addresses on the DCHP pool. See the equivalent CLI command at 11.2.2.10: Starting address – Specify starting address Ending address - Specify ending address Operation type –...
IP address – Specify server IP address L3 Interface – Specify layer 2 interface For example: Set IP address to 192.168.1.5; set L3 Interface to Vlan1, and then click Add. The configuration is applied on the switch. Configure the relay policy to non-forward: Click Apply, DHCP relay is disabled on the switch;...
11.6.3.3 Delete DHCP server statistics log Click DHCP configuration, DHCP debugging, Delete DHCP server statistics log. Users can delete DHCP server statistics and restore the counter to zero. For example: Click Apply. All the DHCP statistics are deleted. 11.6.3.4 Show IP-MAC binding Click DHCP configuration, DHCP debugging, Show IP-MAC binding.
NTP hosts through the Internet, and use those hosts to provide time synchronization service for other clients in LAN. ES4626/ES4650 has SNTPv4 client implemented and support SNTP client unicast described in RFC2030; SNTP client multicast and anycast are not supported, nor is SNTP server function.
Command: sntp poll <interval> no sntp poll Function: Set the interval for SNTP client to send request to NTP/SNTP; the “no sntp polltime” command cancels polltime set and restores the default setting. Parameter: < interval> is the interval value from 16 to 16284. Default: The default poll is 64 seconds.
Switch3 Fig 12-1 Typical SNTP Configuration All ES4626/ES4650 switches in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured. There should be reachable route between any ES4626/ES4650 and the two SNTP/NTP servers.
command at 12.1.2 For example: Set Interval to 128, and then click Apply. The configuration is applied on the switch. 12.4.3 12.4.3 Time difference Click SNTP configuration, Time difference. Users can configure SNTP client time difference. See the equivalent CLI command at 12.1.3 Time zone –...
Chapter 13 QoS Configuration 13.1 QoS 13.1.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.
packet header, occupying 6 bits, in the range of 0 to 63, and is downward compatible with IP Precedence. Classification: The entry action of QoS, classifying packet traffic according to the classification information carried in the packet and ACLs. Policing: Ingress action of QoS that lays down the policing policy and manages the classified packets.
If devices of each hop in a network support differentiated service, an end-to-end QoS solution can be created. QoS configuration is flexible, the complexity or simplicity depends on the network topology and devices and analysis to incoming/outgoing traffic. 13.1.1.3 Basic QoS Model The basic QoS consists of five parts: Classification, Policing, Remark, Queuing and Scheduling, where classification, policing and remark are sequential ingress actions, and Queuing and Scheduling are QoS egress actions.
Page 312
different policies. 3. Configure a policy map. After data steam classification, a policy map can be created to associate with the class map created earlier and enter class mode. Then different policies (such as bandwidth limit, priority degrading, assigning new DSCP value) can be applied to different data streams.
Page 313
Global Mode policy-map <policy-map-name> no policy-map <policy-map-name> class <class-map-name> no class <class-map-name> set {ip dscp <new-dscp> | ip precedence <new-precedence>} dscp <new-dscp> precedence <new-precedence>} police <rate-kbps> [exceed-action {drop policed-dscp-transmit}] police <rate-kbps> [exceed-action {drop policed-dscp-transmit}] aggregate-policer <aggregate-policer-name> <burst-kbyte> exceed-action |policed-dscp-transmit} aggregate-policer <aggregate-policer-name>...
Page 314
no mls qos trust mls qos cos {<default-cos> } no mls qos cos service-policy {input <policy-map-name> | output <policy-map-name>} service-policy {input output <policy-map-name>} mls qos dscp-mutation <dscp-mutation-name> no mls qos dscp-mutation <dscp-mutation-name> 5. Configure queue out method and weight Command Interface Mode queue bandwidth...
Page 316
Switch(Config)#no class-map c1 13.1.2.2.3 match Command: match {access-group <acl-index-or-name> | ip dscp <dscp-list>| ip precedence <ip-precedence-list>| vlan <vlan-list>} no match {access-group | ip dscp | ip precedence | vlan } Function: Configure the matching criterion in the class map: the “no match {access-group | ip dscp | ip precedence | vlan }”...
Page 317
Example: Create and delete a policy map named “p1”. Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#exit Switch(Config)#no policy-map p1 13.1.2.2.5 class Command: class <class-map-name> no class <class-map-name> Function: Associate a class to a policy map and enter the policy class map mode; the “no class <class-map-name>”...
Page 318
Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#set ip precedence 3 Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit 13.1.2.2.7 police Command: police <rate-kbps> policed-dscp-transmit}] police <rate-kbps> policed-dscp-transmit}] Function: Configure a policy to a classified traffic; the “no police <rate-kbps> <burst-kbyte> [exceed-action {drop | policed-dscp-transmit}]” command deletes the specified policy. Parameter: <rate-kbps> is the average baud rate (in kb/s) of classified traffic, range from 1,000 to 10,000,000;...
no mls qos aggregate-policer <aggregate-policer-name> Function: Define a policy set that can be used in one policy map by several classes; the “no mls qos aggregate-policer <aggregate-policer-name>” command deletes the specified policy set. Parameter: <aggregate-policer-name> is the name of the policy set; <rate-kbps> is the average baud rate (in kb/s) of classified traffic, range from 1,000 to 10,000,000;...
13.1.2.2.10 mls qos trust Command: mls qos trust [cos [pass-through-dscp]|dscp [pass-through-cos]| ip-precedence [pass-through-cos] |port priority <cos>] [no] mls qos trust Function: Configure port trust; the “no mls qos trust” command disables the current trust status of the port. Parameter: cos configures the port to trust CoS value; cos pass-through-dscp configures the port to trust CoS value but does not change packet DSCP value;...
Page 321
Command mode: Interface Mode Example: Set the default CoS value of port ethernet 1/1 to 5, i.e., packets coming in through this port will be assigned a default CoS value of 5 if no CoS value present. Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)#mls qos cos 5 13.1.2.2.12 service-policy...
Command mode: Interface Mode Usage Guide: For configuration of DSCP mutation mapping on the port to take effect, the trust status of that port must be “trust DSCP”. Applying DSCP mutation mapping allows DSCP value specified directly convert to new DSCP value without class and policy process.
queue mode wrr Function: Queue mode strict configure the queue out. Configure the queue to the output queue queue mode wrr restores wrr queue out Default: non-queue mode. Command mode: Interface Mode Usage Guide: When queue queue out mode is used, packets are no longer sent with WRR weighted algorithm, but send packets queue after queue.
Page 324
precedence to DSCP and policed DSCP mapping; the “no mls qos map {cos-dscp dscp-cos ip-prec-dscp | policed-dscp}” command restores the default mapping. Parameter: cos-dscp <dscp1...dscp8> defines the mapping from CoS value to DSCP, <dscp1...dscp8> are the 8 DSCP value corresponding to the 0 to 7 CoS value, each DSCP value is delimited with space, ranging from 0 to 63;...
1 2 3 4 5 6 7. Switch(Config)#mls qos map cos-dscp 0 1 2 3 4 5 6 7 13.1.3 QoS Example Scenario 1: Enable QoS function, change the queue out weight of port ethernet 1/1 to 1: 1: 2: 2: 4: 4: 8: 8, and set the port in trust CoS mode without changing DSCP value, and set the default CoS value of the port to 5.
Page 326
Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#police 10000 4000 exceed-action drop Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit Switch(Config)#interface ethernet 1/2 Switch(Config-Ethernet1/2)#service-policy input p1 Configuration result: An ACL name 1 is set to matching segment 192.168.1.0. Enable QoS globally, create a class map named c1, matching ACL1 in class map; create another policy map named p1 and refer to c1 in p1, set appropriate policies to limit bandwidth and burst value.
precedence. Thus inside the QoS domain, packets of different priority will go to different queues and get different bandwidth. The configuration steps are listed below: QoS configuration in Switch1: Switch#config Switch(Config)#access-list 1 permit 192.168.1.0 0.0.0.255 Switch(Config)#mls qos Switch(Config)#class-map c1 Switch(Config-ClassMap)#match access-group 1 Switch(Config-ClassMap)# exit Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#class c1...
Example: Switch #show mls-qos Qos is enabled Displayed information Qos is enabled 13.1.4.1.2 show mls qos aggregate-policer Command: show mls qos aggregate-policer [<aggregate-policer-name>] Function: Display policy set configuration information for QoS. Parameter: <aggregate-policer-name> is the policy set name. Default: N/A. Command mode: Admin Mode Example: Switch #show mls qos aggregate-policer policer1...
Page 329
Example: Switch #show mls qos interface ethernet 1/2 Ethernet1/2 default cos: 0 DSCP Mutation Map: Default DSCP Mutation Map Attached policy-map for Ingress: p1 Displayed information Ethernet1/2 default cos: 0 DSCP Mutation Map: Mutation Map Attached policy-map for Ingress: p1 Switch # show mls qos interface buffers ethernet 1/2 Ethernet1/2 packet number of 8 queue:...
If the policy is too complex to be configured due to hardware resource limit, error massages will be provided. 13.1.5 Web Management Select QoS configuration and it consist of six sections as following: Enable QoS Class-map configuration Policy-map configuration Apply QoS to port Egress-queue configuration QoS mapping configuration 13.1.5.1 Enable QoS...
Page 334
13.1.5.2.1 Add/Remove Class-map Click Add/Remove class-map then entry the configure page. It is equivalent to CLI command 13.1.2.2.2. All sections describe as following: Class - map name Operation type-Create class table and Remove class table. Adding class-map name, specify the class-map name, select Create class table, then click Apply.
Page 335
13.1.5.3 Policy-map Configuration Click Policy-map configuration to display the extension, including five sections: Add/Remove policy-map Policy-map priority configuration Policy-map bandwidth configuration Add/Remove aggregate policer Apply aggregate policer 13.1.5.3.1 Add/Remove Policy-map Click Add/Remove policy-map then entry the configure page. It is equivalent to CLI command 13.1.2.2.4.
Page 336
13.1.5.3.2 Policy-map Priority Configuration Click Policy-map priority configuration to entry configure page. It is equivalent to CLI command 13.1.2.2.6. All sections describe as following: Policy-map name Class-map name Priority type. DSCP value or IP precedence value Priority value Operation type. Set or Remove. To configure Policy-map priority, select p1 to Policy-map name, input c1 to Class-map name, select IP precedence value to Priority type, input 3 to Priority value, select Set to Operation type, then click Apply.
Page 337
drop and policied-dscp-transmit, the latter is by a mapping function between given DSCP and corresponding policy and mark the DSCP into the packet. Operation type-Set or Remove. To configure Policy-map bandwidth configuration, select p1 to Policy-map name, input c1 to Class-map name, all sections choose as default setting, select Set to Operation type, then click Apply.
Click Apply aggregate policer to entry the configure page. It is equivalent to CLI command 13.1.2.2.9. All sections describe as following: Aggregate policer name Policy-map name Class-map name To apply the aggregate policer agg1 by c1 class-map, input the graphic presentation value, then click Add.
Default-Will back to startup setting. This command will modify the configuration. The parameter will take effect alternative port trust status and port priority. To configure the port Ethernet 1/1 with trust mode, should set the packet by COS value classification first and keep it without changing DSCP value. Choosing the Ethernet1/1 port and select the cos and pass-through-dcsp for Port trust status, then click Apply.
Operation-Set or Remove Reset-Will set column as startup defaults. This command will not modify the configuration. Apply-Will take effort to all setting. This command will modify the configuration. If would like to set the policy-map in port Ethernet 1/1. Choosing Ethernet1/1 for port and p1 for policy-map;...
Click Egress-queue WRR weight configuration to entry the configure page. equivalent to CLI command 13.1.2.2.14. All sections describe as following: Port nameWeight for queue 0-7 Operation-Set or Remove Reset-Will set column as startup defaults. This command will not modify the configuration.
Click Mapping CoS values to egress queue to entry the configure page. It is equivalent to CLI command 13.1.2.2.16. All sections describe as following: Queue-ID CoS value-Mapping CoS values to Egress queue. Up to 8 queue to be supported. Reset-Will set column as startup defaults. This command will not modify the configuration.
Operation-Set or Remove If would like applying CoS value 2 to map DSCP value 20, it should input the DSCP value 20 in CoS value 2 column, selecting Set for Operation type, then click Apply. 13.1.5.6.2 DSCP-to-CoS Mapping Click DSCP-to-CoS mapping to entry configure page. All sections describe as following: DSCP 1-8-DSCP value CoS Value-DSCP value mapping to CoS value...
Set for Operation type, then click Apply. 13.1.5.6.4 IP-Precedence-to-DSCP Mapping Click IP-Precedence-to-DSCP mapping to entry the configure page. All sections describe as following: IP-Precedence-IP precedence value 0~7 DSCP-IP precedence value mapping to DSCP value Operation type-Set or Remove If would like to set the IP precedence value 2 mapping to DSCP value 20, it should input the DSCP value 20 in IP precedence value 2 column, selecting Set for Operation type, then click Apply.
click Apply. 13.2 PBR This chapter describes how to configure the PBR through the examples. 13.2.1 PBR Introduction The PBR (Policy-Based Routing) allows modifying the next hop of the packets according to IP source address, IP destination address, IP precedence, ToS, IP protocol, source port number and destination port number etc.
13.2.2.2 PBR Command 13.2.2.2.1 mls qos Commands: mls qos no mls qos Function: Enable the QoS globally, and the PBR is enabled automatically; The command “no mls qos” disables the QoS and the PBR globally. Command mode: Global Mode Default: The PBR is disabled. Usage Guide: When the QoS is enabled, the PBR is enabled automatically.
Page 347
Parameter: access-group <acl-index-or-name> specifies the ACL. The attribute is the ACL number or name. Default: By default, there is no match. Command mode: Class-map Mode Usage Guide: Only one match can be set in one class-map. When the ACL applies to the PBR, the actions of permit and deny are to specify the next hop or not to specify the next hop when IP messages meet the match.
Page 348
Command mode: Policy-map Mode Usage Guide: Before create a policy-map class, users must create a policy-map and enter the policy mode; Inside a policy-map, users can set the next hop according to the traffic. The priority of the classes is decided by the sequence of configuration. For example, if class c1 is configured before class c2, c1 has high priority than c2.
Parameter: input <policy-map-name> applies the specified policy-map to the current port for the inbound traffic; output <policy-map-name> applies the specified policy-map to the current port for the outbound traffic. Default: By default, there is no bound policy-map. Command mode: Interface Mode Usage Guide: The port trust and applied port policy-map are mutually exclusive.
Page 350
Configuration Result: Set the ACL a1 which includes 2 policies. The first policy allows the traffic which has the source IP address as 192.168.1.0/24. The second policy denies the traffic which has the source IP address as 192.168.1.0/24 and has the destination IP address as 192.168.0.0/16.
ES4626/ES4650 can forward IP packets by hardware, the forwarding chip of ES4626/ES4650 has a host route table and default route table. Host route table stores host route connect to the switch directly, default route table stores segment routes (after aggregation algorithm process).
Gateway devices can forward IP packets from one subnet to another; such forwarding uses the route to find a path. IP forwarding of ES4626/ES4650 is done with the participation of hardware and wire speed forwarding can be achieved. In addition, flexible management is provided to adjust and monitor forwarding.
Usage Guide: This command is used to optimize the aggregation algorithm: if the route table contains no default route, the next hop most frequently referred to will be used to construct a virtual default route to simplify the aggregation result. This method has the benefit of more effectively simplifying the aggregation result.
Furthermore, ES4626/ES4650 supports the configuration of proxy ARP for some applications. For instance, when an ARP request is received on the port, requesting an IP address in the same IP segment of the port but not the same physical network, if the port enabled proxy ARP, the port would reply to the ARP its own MAC address and forward the actual packets received.
Command mode: VLAN Interface Mode Usage Guide: Static ARP entries can be configured in the switch. Example: Configure static ARP for interface VLAN1. Switch(Config-If-Vlan1)#arp 1.1.1.1 00-03-0f-f0-12-34 eth 1/2 14.3.2.2.2 ip proxy-arp Command: ip proxy-arp no ip proxy-arp Function: Enable proxy ARP for VLAN interface; the “no ip proxy-arp” command disables proxy ARP.
Page 359
“static” for static ARP entry; “dynamic” for dynamic ARP entry; “count” displays number of ARP entries. Command mode: Admin Mode Usage Guide: Displays the content of current ARP table such as IP address, MAC address, hardware type and interface name, etc. Example: Switch#sh arp Total arp items: 3, matched: 3, Incomplete: 0...
14.3.3.1.3 debug arp Command: debug arp no debug arp Function: Enable the ARP debug function: the “no debug arp” command disables this debug function. Default: ARP debug is disabled by default. Command mode: Admin Mode Usage Guide: Display contents for ARP packets received/sent, including type, source and destination address, etc.
CPU. For this reason, although both routers and switches can perform route selection, layer3 switches have a great advantage over routers in data forwarding. ES4626/ES4650 is a layer3 switch.. The following describes basic theory and methods used in layer3 switch route selection.
To avoid too large route table, a default route can be set. Once route table lookup fails, the default route will be chosen for forwarding packets. The table below describes the routing protocols supported by ES4626/ES4650 and the default route lookup priority value.
convenient for load balance and route backup. However, it also has its own defects. Static route, as its name indicates, is static. It won’t modify the route automatically on network failure, and manual configuration is required on such occasions, therefore it is not suitable for mid and large-scale networks.
Command mode: Global Mode Usage Guide: When configuring the next hop for static route, next hop IP address can be specified for routing packets. The default preference of all route type in ES4626/ES4650 is listed below: Route Type Direct route...
15.2.3.2.2 show ip route Command: show ip route [dest <destination>] [mask <destMask>] [nextHop <nextHopValue>] [protocol {connected | static | rip| ospf | ospf_ase | bgp | dvmrp}] [<vlan-id>] [preference <pref>] [count] Function: Display the route table. Parameter: <destination> is the destination network address; <destMask> is the mask for destination network;...
15.2.4 Configuration Scenario The figure below is a simple network consisting of three ES4626/ES4650 layer3 switches, the network mask for all switches and PC IP addresses is 255.255.255.0. PC1 and PC3 are connected via the static route set in Swtich1 and Switch3; PC3 and PC2 are connected via the static route set in Swtich3 to Switch2;...
Switch(Config)#ip route 10.1.4.0 255.255.255.0 10.1.3.1 Configuration of layer3 switch Switch-2 Switch#config Switch(Config)#ip route 0.0.0.0 0.0.0.0 10.1.3.2 This way, ping connectivity can be established between PC1 and PC3, and PC2 and PC3 15.2.5 Troubleshooting Help 15.2.5.1 Monitor and Debug Commands Command Admin Mode show ip route Use the “show ip route”...
Page 368
RIP is first introduced in ARPANET, this is a protocol dedicated to small, simple networks. RIP is a distance vector routing protocol based on the Bellman-Ford algorithm. Network devices running vector routing protocol send 2 kind of information to the neighboring devices regularly: •...
224.0.0.9). Subnet mask field and RIP authentication filed (simple plaintext password and MD5 password authentication are supported), and support variable length subnet mask. RIP-II used some of the zero field of RIP-I and require no zero field verification. layer3 switches send RIP-II packets in multicast by default, both RIP-I and RIP-II packets will be accepted.
Page 370
Disable RIP 1. Enable RIP The basic configuration for running RIP on ES4626/ES4650 is quite simple, usually, the user need only enable RIP and enable sending and receiving RIP packets, i.e., send and receive RIP packets according to default RIP configuration (ES4626/ES4650 send RIP-II packets and receive RIP-I/RIP-II packets by default).
Page 371
[no] rip broadcast 2) Configure RIP routing parameters. a. Configure route aggregation Command RIP configuration mode auto-summary no auto-summary b. configure route introduction (default route metric, configure routes of the other protocols to be introduced in RIP) Command RIP configuration mode default-metric <value>...
Page 372
authentication <name-of-chain> no ip rip authentication key 3) Configure other RIP parameters a. Configure RIP routing priority b. Configure zero field verification for RIP packets c. Configure timer for RIP update, timeout and hold-down Command RIP configuration mode rip preference <value> no rip preference [no] rip checkzero timer...
ip rip receive version {1 | 2 | 1 2} no ip rip receive version ip rip receive version none ip rip send version none 4. Disable RIP Command Global Mode no router rip RIP (Routing Information Protocol) is a dynamic interior routing protocol based on distance vector.
Page 374
router rip timer basic version show ip protocols show ip rip debug ip rip packet debug ip rip recv debug ip rip send 15.3.2.2.1 auto-summary Command: auto-summary no auto-summary Function: Configure route aggregation; the “no auto-summary” command disables route aggregation. Parameter: N/A.
command to introduce routes of the other protocols without specifying detailed route metric, the default route metric set by “default-metric” command applies. Example: Set the default route metric for introducing routes of the other protocols into RIP to 3. Switch(Config-router-rip)#default-metric 3 Related command: redistribute 15.3.2.2.3 ip rip authentication key...
Related command: ip rip authentication key 15.3.2.2.5 ip rip metricin Command: ip rip metricin <value> no ip rip metricin Function: Set the additional route metric receiving RIP packets on the interface; the “no ip rip metricin” command restores the default setting. Parameter: <...
Related command: no ip rip send version 15.3.2.2.8 ip rip send version none Command: ip rip send version none Function: Disable sending RIP packets on the interface Default: Sending RIP packet is enabled by default. Command mode: Interface Mode Usage Guide: This command is used with the other two commands “ip rip output” and “ip rip work”, “ip rip work”...
interface. 15.3.2.2.11 ip rip work Command: ip rip work no ip rip work Function: Configure the interface to run RIP or not; the “no ip rip work” command disables RIP packet sending/receiving on the interface. Default: After enabling RIP, RIP is enabled on the ports by default. Command mode: Interface Mode Usage Guide: This command is equal to “no ip rip send version &...
protocols are introduced without metric value, the default metric value is used. Command mode: RIP configuration Mode Usage Guide: Use this command to introduce routes of the other routing protocols as RIP route to improve RIP performance. Example: Set on the route metric of OSPF route to 5, and static route metric to 8. Switch(Config-Router-Rip)#redistribute ospf metric 5 Switch(Config-Router-Rip)#redistribute static metric 8 15.3.2.2.14...
default setting. Parameter: < value> is the priority value, ranging from 0 to 255. Default: The default RIP priority is 120. Command mode: RIP configuration mode Usage Guide: Each routing protocol has its own priority, the value of which is decided by the specific routing policy.
Usage Guide: The system advertises RIP update packets every 30 seconds by default. If no update packet form a route is received after 180 seconds, this route is considered to be invalid. However, the route will be kept in the route table for another 120 seconds, and will be deleted after that.
Example: Switch#sh ip protocols RIP information rip is turning on default metrict 16 neighbour is: NULL preference is 100 rip version information is: interface send version vlan2 V2BC vlan3 V2BC vlan4 V2BC Displayed information RIP is turning on default metric neighbour is: Preference rip version information...
rip is turning on default metric 16 neighbour is preference is 100 Displayed information rip is turning on default metric 16 neighbour is preference is 100 15.3.2.2.22 debug ip rip packet Command: debug ip rip packet no debug ip rip packet Function: Enable the RIP packet debug function for sending/receiving: the “no debug IP packet”...
00: 04: 20: start at 260********************* received a rip packet from rip packet cmd : 2 version: 1 15.3.2.2.23 debug ip rip recv Command: debug ip rip recv no debug ip rip recv Function: Enable the RIP packet debug function for receiving: the “no debug ip rip recv” command disables the debug function.
command disables the debug function. Default: Debug is disabled by default. Command mode: Admin Mode Example: Switch#debug ip rip send 00: 02: 50: start at 170********************* send packets to 11.11.11.2 packet header: cmd: response, version: 1 dest 159.226.0.0 00: 02: 50: start at 170********************* send packets to 159.226.255.255 packet header: cmd: response, version: 1...
Page 386
Configuration of layer3 switch SwitchA !Configuration of the IP address for interface vlan1 SwitchA#config SwitchA(Config)# interface vlan 1 SwitchA(Config-If-Vlan1)# ip address 10.1.1.1 255.255.255.0 SwitchA (Config-If-vlan1)#exit !Configuration of the IP address for interface vlan2 SwitchA(Config)# interface vlan 2 SwitchA(Config-If-vlan2)# ip address 20.1.1.1 255.255.255.0 !Enable RIP SwitchA(Config)#router rip SwitchA(Config-router-rip)#exit...
SwitchC(Config-If-vlan2)# ip address 20.1.1.2 255.255.255.0 SwitchC (c config-If-vlan2)#exit !Enable RIP SwitchC(Config)#router rip SwitchC(Config-router-rip)#exit !Enable vlan2 to send/receive RIP packets SwitchC(Config)#interface vlan 2 SwitchC (Config-If-vlan2)#ip rip work SwitchC (Config-If-vlan2)exit SwitchC(Config)#exit SwitchC# 15.3.4 RIP Troubleshooting Help 1. Monitor and Debug Commands 2. RIP Troubleshooting Help 15.3.4.1 Monitor and Debug Commands Command Admin Mode...
Page 388
Explanation to displayed information: Displayed information Automatic network summarization is not in effect default metric for redistribute is : 16 neigbour is preference is : 100 (2)show ip route The “show ip route” command can be used to display the information about RIP routes in the route table: destination IP addresses, network masks, next hop IP addresses, and forwarding interfaces, etc.
Displayed information Automatic network summarization is not in effect default metric for redistribute is : neigbour is: Preference RIP version information 15.3.4.2 RIP Troubleshooting Help In configuring and using RIP, the RIP may fail to run properly due to reasons such as physical connection failure or wrong configurations.
Page 390
algorithm to generate a route table based on that database. Autonomous system (AS) is a self-managed interconnected network. In large networks, such as the Internet, a giant interconnected network is broken down to autonomous systems. Big enterprise networks connecting to the Internet are independent AS, since the other host on the Internet are not managed by those AS and they don’t share interior routing information with the layer3 switches on the Internet.
Page 391
autonomous system, they can be grouped as internal switches, edge switches, AS edge switches and backbone switches). OSPF supports load balance and multiple routes to the same destination of equal costs. OSPF supports 4 level routing mechanisms (process routing according to the order of route inside an area, route between areas, first category exterior route and second category exterior route).
to be configured as STUB areas to reduce the topology database size. Type4 LSA (ASBR summary LSA) and type5 LSA (AS exterior LSA) are not allowed to flood into/through STUB areas. STUB areas must use the default routes, the layer3 switches on STUB area edge advertise the default routes to STUB areas by summary LSA, those default routes flood inside STUB only and will not get out of STUB area.
Page 393
a. Configure OSPF packet verification b. Set the OSPF interface to receive only c. Configure the cost for sending packets from the interface d. Configure OSPF packet sending timer parameter (timer of broadcast interface sending HELLO packet to poll, timer of neighboring layer3 switch invalid timeout, timer of LSA transmission delay and timer of LSA retransmission.
Page 394
ip ospf enable area <area_id> no ip ospf enable area 2. Configure OSPF sub-parameters (1) Configure OSPF packet sending mechanism parameters a. Configure OSPF packet verification b. Set the OSPF interface to receive only c. Configure the cost for sending packets from the interface Command Interface Mode ip ospf authentication { simple...
Page 395
default redistribute tag <tag> no default redistribute tag default redistribute cost <cost> no default redistribute cost default redistribute <time> no default redistribute interval default redistribute limit <routes> no default redistribute limit b. Configure the routes of the other protocols to introduce to OSPF. Command OSPF protocol configuration mode redistribute...
virtuallink neighborid transitarea <area_id> <time> deadinterval [ retransmit <time> ] [ transitdelay <time> ] no virtuallink neighborid <router_id> transitarea <area_id> d. Configure the priority of the interface when electing designated layer3 switch (DR). Command Interface Mode ip ospf priority <priority> no ip ospf priority 3.
router ospf stub cost virtuallink neighborid show ip ospf show ip ospfase show ip ospf cumulative show ip ospf database show ip ospf interface show ip ospf neighbor show ip ospf routing show ip ospf virtual-links show ip protocols debug ip ospf event debug ip ospf lsa debug ip ospf packet debug ip ospf spf...
Command Mode: OSPF protocol configuration mode Usage Guide: OSPF introduces exterior routing information regularly and advertise the information throughout the autonomous system. This command is used to modify the interval for introducing exterior routing information. Example: Set the interval in OSPF for introducing exterior routes to 3 second. Switch(Config-Router-Ospf)#default redistribute interval 3 15.4.2.2.3 default redistribute limit...
15.4.2.2.5 default redistribute type Command: default redistribute type { 1 | 2 } no default redistribute type Function: Set the default route type(s) for exterior routes introduction; the “no default redistribute type” command restores the default setting. Parameter: 1 and 2 stand for type1 and type2 exterior routes, respectively. Default: The system assumes to introduce Type2 exterior routes by default.
Function: Set the cost for running OSPF on the interface; the “no ip ospf cost” command restores the default setting. Parameter: < cost> is the OSPF cost, ranging from 1 to 65535. Default: The default cost for OSPF protocol is 1. Command mode: Interface Mode Example: Set the OSPF route cost of interface vlan1 to 3.
Page 401
Example: Specify interface vlan1 to area 1. Switch(Config-If-Vlan1)#ip ospf enable area 1 15.4.2.2.10 ip ospf hello-interval Command: ip ospf hello-interval <time> no ip ospf hello-interval Function: Configure the interval for sending HELLO packets from the interface; the “no ip ospf hello-interval” command restores the default setting. Parameter: <time>...
15.4.2.2.12 ip ospf priority Command: ip ospf priority <priority> no ip ospf priority Function: Set the priority of the interface in “designated layer3 switch” (DR) election; the “no ip ospf priority” command restores the default setting. Parameter: < priority> is the priority value, ranging from 0 to 255. Defaulted: The priority of the interface when electing designated layer3 switch is 1.
Page 403
Command: ip ospf tranmsit-delay <time> no ip ospf transmit-delay Function: Set the delay time before sending link-state advertisement (LSA); the “no ip ospf transmit-delay” command restores the default setting. Parameter: <time> is the delay time for the link-state advertisement transmission in seconds, ranging from 1 to 65535.
default setting. Parameter: ase means the priority is used when introducing exterior routes outside the AS; <preference > is the priority value ranging from 1 to 255. Default: The default priority of OSPF protocol is 110; the default priority to introduce exterior route is 150.
OSPF is selected to be the layer3 switch ID number ES4626/ES4650 layer3 switch used the first UP layer3 interface in the switch as the router id by default. If no IP address is configured in all interfaces of the layer3 switch, this command must be used to specify the layer3 switch ID number, otherwise OSPF would not work.
Usage Guide: An area can be configured to a STUB area if the area has only one egress point (connect to one layer3 switch only), or need not select egress point for each exterior destination. Type4 LSA (ASBR summary LSA) and type5 LSA (AS exterior LSA) are not allowed to flood into/through STUB areas, this saves the resource for processing exterior routing information for layer3 switches inside the area.
Example: Switch#show ip ospf my router ID is 11.11.4.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 0 interface count: 1 80times spf has been run for this area net range: LSRefreshTime is1800 area ID 1 interface count: 1 41times spf has been run for this area net range: netid11.11.3.255...
Displayed information Destination AdvRouter NextHop SeqNumber Type Cost 15.4.2.2.24 show ip ospf cumulative Command: show ip ospf cumulative Function: Display OSPF statistics. Default: Not displayed. Command mode: Admin Mode Example: Switch#show ip ospf cumulative IO cumulative type HELLO 1048 LS Req LS Update LS Ack ASE count...
AS internal route 4 AS external route 0 Displayed information IO cumulative type Areaid 15.4.2.2.25 show ip ospf database Command: show ip ospf database [ {asb-summary| external | network | router | summary} ] Function: Display OSPF link-state database information. Default: Not displayed.
Page 410
LS ID ADV rtr (Net's IP) 11.11.1.0 11.11.4.1 11.11.2.255 11.11.4.1 11.11.3.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) Area 2>>>>>>>> Area ID: 1 LS ID ADV rtr (Router ID) 11.11.2.1 11.11.2.1 14.14.14.1 14.14.14.1 11.11.4.1 11.11.4.1 Router LSA 11.11.2.1 11.11.2.1 14.14.14.1 14.14.14.1 11.11.4.1...
(Ext Net's IP) Displayed information OSPF router ID Area 1>>>>>>>> Area ID: 0 Router LSAs Network LSAs Summary Network LSAs ASBR Summary LSAs 15.4.2.2.26 show ip ospf interface Command: show ip ospf interface <interface> Function: Display OSPF interface information. Parameter: <interface> stands for the interface name. Default: Not displayed.
Type Priority Transit Delay Authentication key Timer: Hello、Poll、Dead、Retrans Number of Neigbors Nubmer of Adjacencies Adjacencies 15.4.2.2.27 show ip ospf neighbor Command: show ip ospf neighbor Function: Display OSPF neighbor node information. Default: Not displayed. Command mode: Admin Mode Usage Guide: OSPF neighbor information can be checked by the output of this command.
interface ip 52.1.1.1 area id 0 interface ip 100.1.1.1 area id 0 interface ip 110.1.1.1 area id 0 interface ip 150.1.1.1 area id 0 router id 12.2.0.0 router ip addr 150.1.1.2 state NFULL priority 0 DR 150.1.1.1 BDR 0.0.0.0 last hello 59011 last exch 49607 Displayed information interface ip...
Page 414
Destination Cost Dest Type Displayed information AS internal routes AS external routes Destination Area Cost Dest Type Next Hop ADV rtr 15.4.2.2.29 show ip ospf virtual-links Command: show ip ospf virtual-links Function: Display OSPF virtual link information. Default: Not displayed. Command mode: Admin Mode Example: Switch#show ip ospf virtual-links...
7times spf has been run for this area net range: LSRefreshTime is1800 RIP information rip is shutting down Displayed information OSPF is running My router ID Preference Ase perference Export metric Export tag Area ID Interface count N times spf has been run for this area Net range LSRefreshTime 15.4.2.2.31...
Command mode: Admin Mode 15.4.2.2.33 debug ip ospf packet Command: debug ip ospf packet no debug ip ospf packet Function: Enable the OSPF packet debug function; the “no debug ip ospf packet” command disables this debug function. Default: Debug is disabled by default. Command mode: Admin Mode Example: Switch#debug ip ospf packet...
Typical OSPF Scenario Scenario 1: OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five ES4626/ES4650 layer3 switches for example, where layer3 switch Switch1 and Switch5 make up OSPF area 0, layer3 switch Switch2 and Switch3 form OSPF area 1 (assume vlan1 interface of layer3 switch Switch1 belongs to area 0), layer3 switch Switch4 forms OSPF area2 (assume vlan2 interface of layer3 Switch5 belongs to area 0).
Page 418
Switch1(Config)#interface vlan2 Switch1 (Config-if-vlan2)#ip ospf enable area 0 Switch1 (Config-if-vlan2)#exit Switch1(Config)#exit Switch1# Layer3 switch Switch2: !Configure the IP address for interface vlan1 and vlan2. Switch2#config Switch2(Config)# interface vlan 1 Switch2(Config-if-vlan1)# ip address 10.1.1.2 255.255.255.0 Switch2(Config-if-vlan1)#no shut-down Switch2(Config-if-vlan1)#exit Switch2(Config)# interface vlan 3 Switch2(Config-if-vlan3)# ip address 20.1.1.1 255.255.255.0 Switch2(Config-if-vlan3)#no shut-down Switch2(Config-if-vlan3)#exit...
Page 419
Switch3(Config-if-vlan3)#exit Switch3(Config)#exit Switch3# Layer3 switch Switch4: !Configuration of the IP address for interface vlan3 Switch4#config Switch4(Config)# interface vlan 3 Switch4(Config-if-vlan3)# ip address30.1.1.2 255.255.255.0 Switch4(Config-if-vlan3)#no shut-down Switch4(Config-if-vlan3)#exit !Enable OSPF protocol, configure the OSPF area interfaces vlan3 resides in. Switch4(Config)#router ospf Switch4(Config-router-ospf)#exit Switch4(Config)#interface vlan 3 Switch4(Config-if-vlan3)#ip ospf enable area 0 Switch4(Config-if-vlan3)#exit...
Page 420
Switch5(Config)#exit Switch5# Scenario 2: Typical OSPF protocol complex topology. SW I TCH1 SW I TCH2 Dom ai n 1 SW I TCH9 SW I TCH12 Dom ai n 3 Fig 15-4 Typical complex OSPF autonomous system. The figure is a typical complex OSPF autonomous system network topology. Area1 include network N1-N4 and layer3 switch Switch1-Switch4, area2 include network N5-N7 and layer3 switch Switch7, Switch8, Switch10 and Switch11, area3 include N8-N10, host H1 and layer3 switch Switch9, Switch11 and Switch12, and network N8-N10 share a...
Page 421
network N11 and N15. In addition, layer3 switch Switch3 and Switch4 must summary the topology of area 1 to the backbone area (area 0, all non-0 areas must be connected via area 0, direct connections are not allowed), and advertise the networks in area 1 (N1-N4) and the costs from Switch3 and Switch4 to those networks.
Page 422
Switch1(Config-If-Vlan2)exit !Configuration of the IP address and area number for interface vlan1 Switch1(Config)# interface vlan 1 Switch1(Config-If-Vlan1)#ip address 20.1.1.1 255.255.255.0 Switch1(Config-If-Vlan1)#ip ospf enable area 1 Switch1(Config-If-Vlan1)#exit 2)Switch2: !Configuration of the IP address for interface vlan2 Switch2#config Switch2(Config)# interface vlan 2 Switch2(Config-If-Vlan2)# ip address 10.1.1.2 255.255.255.0 Switch2(Config-If-Vlan2)#exit !Enable OSPF protocol, configure the area number for interface vlan2.
Page 423
Switch3(Config-If-Vlan2)#exit !Configuration of the IP address and area number for interface vlan3 Switch3(Config)# interface vlan 3 Switch3(Config-If-Vlan3)#ip address 20.1.3.1 255.255.255.0 Switch3(Config-If-Vlan3)#ip ospf enable area 1 Switch3(Config-If-Vlan3)#exit !Configuration of the IP address and area number for interface vlan1 Switch3(Config)# interface vlan 1 Switch3(Config-If-Vlan1)#ip address 10.1.5.1 255.255.255.0 Switch3(Config-If-Vlan1)#ip ospf enable area 0 !Configure MD5 key authentication.
15.4.4 OSPF Troubleshooting Help 1. Monitor and Debugging Commands 2. OSPF Troubleshooting Help 15.4.4.1 Monitor and Debugging Commands Command Admin Mode Show interface status Show ip ospf Show ip route Show ip ospf ase Show ip ospf cumulative Show ip ospf database Show ip ospf interface Show ip ospf neighbor Show ip ospf routing...
Page 425
(1)show ip ospf Example: Switch#show ip ospf my router ID is 11.11.4.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 0 interface count: 1 80times spf has been run for this area net range: LSRefreshTime is1800 area ID 1 interface count: 1 41times spf has been run for this area net range:...
Page 426
A 5.1.2.0 255.255.255.0 A 5.1.3.0 255.255.255.0 A 5.1.4.0 255.255.255.0 A 5.1.5.0 255.255.255.0 A 5.1.6.0 255.255.255.0 A 5.1.7.0 255.255.255.0 A 5.1.8.0 255.255.255.0 A 5.1.9.0 255.255.255.0 A 5.1.10.0 255.255.255.0 A 5.1.11.0 255.255.255.0 A 5.1.12.0 255.255.255.0 A 5.1.13.0 255.255.255.0 A 5.1.14.0 255.255.255.0 A 5.1.15.0 255.255.255.0 A 5.1.16.0 255.255.255.0...
Page 427
IO cumulative type HELLO 1048 LS Req LS Update LS Ack ASE count checksum 0 original LSA 340 LS_RTR 179 LS_ASE 0 received LSA 325 Areaid 0 nbr count 1 interface count 1 spf times 120 DB entry count 6 LS_RTR 2 LS_NET 2 LS_SUM_NET 3 LS_SUM_ASB 0 LS_ASE 3 Areaid 1 nbr count 2...
Page 428
11.11.4.1 11.11.4.1 11.11.4.2 11.11.4.2 Router LSA 11.11.4.1 11.11.4.1 11.11.4.2 11.11.4.2 LS ID ADV rtr (DR's IP) 11.11.4.2 11.11.4.2 LS ID ADV rtr (Net's IP) 11.11.1.0 11.11.4.1 11.11.2.255 11.11.4.1 11.11.3.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) Area 2>>>>>>>> Area ID: 1 LS ID ADV rtr (Router ID)
Page 429
11.11.1.1 11.11.4.1 11.11.1.3 14.14.14.1 LS ID ADV rtr (Net's IP) 11.11.4.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) LS ID Route type ADV rtr Age Sequence Cost Checksu (Ext Net's IP) Displayed information OSPF router ID Area 1>>>>>>>> Area ID: 0 Router LSAs Network LSAs Summary Network LSAs...
Page 430
Area Net type cost State Type Priority Transit Delay Authentication key Timer: Hello、Poll、Dead、Retrans Number of Neigbors Nubmer of Adjacencies Adjacencies (7)show ip ospf neighbor The “show ip ospf neighbor” command can be used to display information about the neighbor OSPF layer3 switches. For example, displayed information can be: Switch#show ip ospf neighbor interface ip 12.1.1.1...
Page 431
state NFULL priority 0 DR 150.1.1.1 BDR 0.0.0.0 last hello 66289 last exch 49607 Displayed information interface ip area id router id router ip addr state priority last hello last exch (8)show ip ospf routing The “show ip ospf routing” command can be used to display information about the OSPF route table.
Page 432
For example, displayed information can be: Switch#show ip ospf virtual-links no virtual-link (10)show ip protocols “show ip protocols” command can be used to display the information of the routing protocols running in the switch. For example, displayed information can be: Switch#sh ip protocols OSPF is running.
All interface and link protocols are in the UP state (use “show interface status” command). Then IP addresses of different network segment should be configured in all interfaces. Enable OSPF(use “router rip” command) first, then configure OSPF areas for appropriate interfaces to reside in. Next, note the nature of OSPF –...
15.5.2 Click RIP configuration. Users can configure RIP: Enable RIP – Enable RIP, including: Enable RIP – Enable RIP Enable port to receive/transmit RIP packet – Configure the port to receive/transmit RIP packet RIP parameter configuration – Configure RIP parameters, including: Enable imported route –...
Page 435
the equivalent CLI command at 15.3.2.2.11 The explanation of each field is as below: Port – Port name Enable port to receive/transmit RIP packet – set; cancel For example: Disable to receive/transmit RIP packet on vlan2. Select vlan1; select vlan1; select cancel, and then click Apply.
Page 436
15.5.2.5 RIP port configuration Click RIP port imported route. The configuration page is shown. The explanation of each field is as below: Port – Specify the port Receiving RIP version – Configure receiving RIP version on the port: version 1, version 2 and version 1 and 2.
Page 437
15.5.2.6 Global RIP mode configuration Click RIP mode configuration. The configuration page is shown. The explanation of each field is as below: Set receiving/sending RIP version for all ports – Configure receiving/sending RIP version for all ports: version1, version2 and Cancel (default version). See the equivalent CLI command at 15.3.2.2.19 Auto-summary –...
15.5.2.7 RIP timer configuration Click RIP timer configuration. The configuration page is shown. See the equivalent CLI command at 15.3.2.2.18 The explanation of each field is as below: Update timer – Update packet timer Invalid timer – RIP route invalid timer Holddown timer –...
15.5.3.1.1 Enable/disable OSPF Click OSPF enable. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.19 The explanation of each field is as below: OSPF enable - OSPF enable; OSPF disable Reset – Clear the selection For example: Enable OSPF protocol. Select OSPF enable, and then click Apply. 15.5.3.1.2 OSFP Router-ID configuration Click Router-ID configuration.
15.5.3.1.4 Configure OSPF area for port Click OSPF area configuration for port. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.9 The explanation of each field is as below: Vlan port – Vlan port list Area ID – Area ID Reset –...
Page 441
For example: Set OSFP port Vlan1 to use MD5 authentication with the password of 123abc and with KeyID of 1. Select Vlan Port to Vlan1; set Authentication mode to MD5; set Authentication key to 123abc; set KeyID to 1, and then click Apply. 15.5.3.2.2 OSPF passive interface configuration Click Passive interface configuration.
15.5.3.3.2 Import configuration Click Import external routing information. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.17. The explanation of each field is as below: Imported type – Configure imported route type: Static, RIP, connected,BGP Type – Specify - Set default imported route type. 1 and 2 stand for Type 1 external route and Type 2 external route.
Priority – set priority value 15.5.3.4.2 OSPF STUB area and default route cost configuration Click OSPF STUB area and default route cost. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.20 The explanation of each field is as below: Cost –...
15.5.3.4.4 Port DR priority configuration Click Port DR priority configuration. The configuration page is shown. See the equivalent CLI command at 15.4.2.2.12 The explanation of each field is as below: Vlan Port – Specify Vlan port Priority – Specify priority 15.5.3.5 OSPF debug Click OSPF debug.
Chapter 16 Multicast Protocol Configuration 16.1 Multicast Protocol Overview 16.1.1 Introduction to Multicast When sending information (including data, voice and video) to a small number of users in the network, there are several ways of transmission, for instance, the unicast method that establish a separate data transmission channel for each user or the broadcast method sending information to all users in the network regardless of whether they need the information or not.
16.1.2 Multicast Address The multicast packets uses Class D IP address as their destination addresses, ranging from 224.0.0.0 to 239.255.255.255. Class D addresses cannot be used in the source IP address field of an IP packet. In unicast, the path a packet travels is from the source address to the destination address, and the packet is transfer in the network hop-by-hop.
224.0.0.18 VRRP When transferring unicast IP packets on Ethernet, the destination MAC address is the MAC of the receiver. However, in transferring multicast packets, as the destination is no longer one specific recipient but a group with unknown members, the destination address used Is the multicast MAC address.
multicast feature can be conveniently used to provide some new value-added services, including online live broadcast, network TV, remote education, remote medical service, network radio, realtime video/audio meeting that can be summarized in the following three fields: Multimedia and stream application. Data warehouse and financial (like stocks) application.
239.255.0.1 1.1.1.100 Switch # Displayed information Explanation Name The interface list used by the multicast protocol and basic information for the interfaces. Index Index number for the interface Group Multicast forwarding entry group address Origin Multicast forwarding entry source address Multicast forwarding entry ingress interface Wrong The number of multicast packets (to this forwarding entry) from...
upstream nodes to inform the upstream node that no more forwarding for that multicast group is necessary. The upstream nodes will delete the corresponding interface, multicast forwarding entry(S,G), from the outgoing interface list. Hence a shortest path tree (SPT) rooted by source S is established. The prune process is initiated by leaf routers first. The above procedures are referred to as the Flooding-Prune process.
Page 453
Command Interface Mode ip pim dense-mode no ip pim dense-mode 2. Configure PIM-DM sub-parameters Configure PIM-DM interface parameters a. Configure PIM-DM HELLO packet interval Command Interface Mode ip pim hello-interval <hello-interval-seconds> no ip pim hello-interval 3. Disable PIM-DM protocol Command Interface Mode no ip pim dense-mode 16.3.2.2 PIM-DM Configuration Commands...
Parameter: N/A. Default: PIM-DM protocol is disabled by default. Command mode: Interface Mode Usage Guide: Example: Enable PIM-DM protocol on interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip pim dense-mode 16.3.2.4 ip pim hello-interval Command: ip pim hello-interval <hello-interval-seconds> no ip pim hello-interval Function: Set interval for sending PIM-DM HELLO packets in the interface;...
SWITCHA Et her net 1/ 2 vl an1 Fig 16-1 Typical PIM-DM environment The followings are the configurations of SwitchA and SwitchB. (1) Configuration of SwitchA: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim dense-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan2 Switch(Config-If-Vlan1)# ip pim dense-mode (2) Configuration of SwitchB: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim dense-mode...
show ip pim interface debug ip pim 16.3.4.1.1 show ip pim mroute dm Command: show ip pim mroute dm Function: Display the PIM-DM packet forwarding entry Parameter: N/A. Default: No display by default. Command mode: Admin Mode Usage Guide: This command is used to display PIM-DM multicast forwarding entries, or the forwarding entries in the system FIB table for forwarding multicast packets.
Displayed information (5.1.1.100, 225.0.0.1) Incoming interface Outgoing interface list Prune interface list 16.3.4.1.2 show ip pim neighbor Command: show ip pim neighbor [<ifname>] Function: Display information for neighbors of the PIM interface. Parameter: <ifname> is the interface name, i.e. display PIM neighbor information of the specified interface.
Parameter: <ifname> is the interface name, i.e. display PIM information of the specified interface. Default: PIM information is displayed by default on all interfaces. Command mode: Admin Mode Example: Display PIM information of interface vlan 1. Switch#sh ip pim interface vlan 1 Interface Vlan1 : 2.1.1.2 owner is pimdm, Vif is 1, Hello Interval is 30 Neighbor-Address Interface...
16.3.4.2 PIM-DM Troubleshooting Help In configuring and using PIM-DM protocol, the PIM-DM protocol may fail to run properly due to reasons such as physical connection failure or wrong configurations. The user should ensure the following: Good condition of the physical connection. All interface and link protocols are in the UP state (use “show interfaces status”...
leaf router and the RP will created a (*, G) entry in their forwarding table, indicating packets sent by any source to multicast group G applies to this entry. When RP receives a packet sending to multicast group G, the packet will move along the established route to reach the leaf router and the host.
Page 461
1) Configure PIM-SM HELLO packet interval 2) Configure a interface as the PIM-SM area border (2) Configure PIM-SM global parameters Configure a switch as the candidate BSR. Configure a switch as the candidate RP. 3. Disable PIM-SM protocol 1. Enable PIM-SM protocol Basic configuration of PIM-SM routing protocol on Route switch is quite simple: just enable PIM-SM in the appropriate interfaces.
Page 462
ip pim bsr-candidate <ifname> [hashlength] [Priority] no ip pim bsr-candidate Configure a switch as the candidate RP. Command Interface Mode ip pim rp-candidate <ifname> [group-list access-list] [interval interval] no ip pim rp-candidate [<ifname>] 3. Disable PIM-SM protocol Command Interface Mode no ip pim sparse-mode 16.4.2.2 PIM-SM Configuration Commands ip pim sparse-mode...
Page 463
16.4.2.2.1 ip pim sparse-mode Command: ip pim sparse-mode no ip pim sparse-mode Function: Enable PIM-SM protocol on the interface; the “no ip pim sparse-mode” command disables PIM-SM protocol on the interface. Parameter: N/A. Default: PIM-SM protocol is disabled by default. Command mode: Interface Mode Example: Enable PIM-SM protocol on interface vlan1.
Page 464
Parameter: <hello-interval-second> is the interval for sending PIM HELLO packets, ranging from 1 to 18724s. Parameter: The default interval for sending PIM HELLO is 30s. Command mode: Interface Mode Usage Guide: The HELLO message enables PIM-DM switches to locate each other and establish the neighborhood.
command cancels the RP configuration. Parameter: <ifname> is the name of specified interface; access-list is the number of group range list can be used as the RP in the switch, ranging from 1 to 99, if this parameter is omitted, the router can work as the RP for all multicast groups;...
Page 466
The followings are the configurations of SWITCHA, SWITCHB, SWITCHC, and SWITCHD. (1) Configuration of SWITCHA: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-If-Vlan2)# ip pim sparse-mode (2) Configuration of SWITCHB: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2...
Switch #show ip pim interface vlan2 Switch # Interface Vlan2 : 192.3.1.2 owner is pimsm, Vif is 1, Hello Interval is 30, pim sm jp interval is (60) Neighbor-Address Interface 192.3.1.3 Vlan2 Switch # Displayed information Interface (the former) owner Hello Interval jp interval Neighbor-Address...
Page 469
Outgoing interface list: (Vlan2), protos: 0x2, UpTime: 00: 10: 18, Exp: 00: 03: 18 Switch # Displayed information (192.1.1.1, 225.0.0.1) Incoming interface Outgoing interface list 16.4.4.1.4 show ip pim neighbor Command: show ip pim neighbor [<ifname>] Function: Display information for neighbors of the PIM interface. Parameter: <ifname>...
16.4.4.1.5 show ip pim rp Command: show ip pim rp [mapping | group-address] Function: Display PIM RP related information Parameter: mapping displays the group address and RP association. group-address is the group address. Default: No display by default. Command mode: Admin Mode Function: Display the RP information for PIM area 226.1.1.1.
16.4.4.1.7 debug ip pim bsr Command: debug ip pim bsr Function: Enable the PIM candidate RP/BSR informaiton debug function; the “no” format of the command disables this debug function. Parameter: N/A. Default: Disabled. Command mode: Admin Mode Usage Guide: If detailed information about PIM candidate RP/BSR packets, etc. is required, this debug command can be used.
16.5 DVMRP 16.5.1 Introduction to DVMRP Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast routing protocol. It employs a RIP like route exchange mechanism to establish a forwarding broadcast tree for each source, then a truncated broadcast tree (short path tree to the source) will be created by dynamic pruning/grafting.
way like the RIP. That is to say, route advertisements are sent between DVMRP neighbors periodically (every 60 seconds by default). The routing information in the DVMRP route selection table is used to establish the source distribution tree, which can be used to determine which neighbor can reach the source sending multicast information.
Page 474
[no] ip dvmrp 2. Configure connectivity with CISCO routers/switches CISCO does not really implemented DVMRP, but provides connectivity with DVMRP. As CISCO routers/switches send report packet but not probe packets, neighbor timeout issue should be addressed in establish connectivity with CISCO routers/switches. The following command makes a DSRS-5950 switch to decide the timeout of a neighbor by report packet intervals.
dvmrp report-interval <time_val> no ip dvmrp report-interval d. Configuring DVMRP route timeout time Command Global Mode ip dvmrp route-timeout <time_val> no ip dvmrp route-timeout 4. Configure DVMRP tunneling Command Interface Mode dvmrp tunnel <A.B.C.D> [metric <metric_val>] no ip dvmrp tunnel <A.B.C.D> 5.
Page 476
16.5.2.2.1 ip dvmrp cisco-compatible Command: ip dvmrp cisco-compatible <A.B.C.D> no ip dvmrp cisco-compatible <A.B.C.D> Function: Enable connectivity with CISCO neighbor A, B, C, D; the “no ip dvmrp cisco-compatible” command disables connectivity with CISCO neighbors. Parameter: <A.B.C.D> are the Neighboring IP addresses Default: The connectivity with CISCO neighbors is disabled by default.
graft-interval” command restores the default setting. Parameter: <time_val> is the interval for sending DVMRP graft packets, ranging from 5 to 3600s. Parameter: The default interval for sending DVMRP graft messages is 5s. Command mode: Global Mode Usage Guide: If a new receiver joins that interface when an interface is in the pruned state, the interface will send a graft message to the upstream;...
Page 478
Usage Guide: When neighborhood established in DVMRP, a neighbor is considered nonsexist if no probe message from that neighbor is received in the neighbor timeout interval, and the neighborhood is terminated. Neighbor timeout interval must be greater than the interval for sending probe messages.
received in the specified interval, then the route is considered to be invalid. This interval configured must be no greater than the timeout interval for the route. Example: Set the interval for sending DVMRP route report messages to 100s. Switch (Config)#ip dvmrp report-interval 100 16.5.2.2.8 ip dvmrp route-timeout Command: ip dvmrp route-timeout <time_val>...
as common physical interfaces. Example: Configure a DVMRP tunnel on Ethernet interface vlan1 to the remote neighbor 1.1.1.1. Switch(Config-If-Vlan1)#ip dvmrp tunnel 1.1.1.1 metric 10 16.5.3 Typical DVMRP Scenario As shown in the figure below, the Ethernet interfaces of SwitchA and SwitchB are added to the appropriate vlan, and DVMRP protocol is enabled on each vlan interface.
16.5.4.1 Monitor and Debug Commands 16.5.4.1.1 show ip dvmrp mroute Command: show ip dvmrp mroute Function: Display the DVMRP packet forwarding entries.. Parameter: N/A. Default: Not displayed. Command mode: Admin Mode Usage Guide: This command is used to display DVMRP multicast forwarding entries, or the forwarding entries in the system FIB table for forwarding multicast packets.
Parameter: <ifname> is the interface name, i.e. display neighbor information of the specified interface. Default: Not displayed. Command mode: Admin Mode Example: Display neighbor information of Ethernet interface vlan1. Switch #show ip dvmrp neighbor vlan1 Switch # Neighbor-Address Interface 192.168.1.22 Vlan1 Switch # Displayed information...
Nexthop Interface Gateway Metric state 16.5.4.1.4 show ip dvmrp tunnel Command: show ip dvmrp tunnel [<ifname>] Function: Display information for a DVMRP tunnel. Parameter: <ifname> is the interface name, i.e. display the tunnel information of the specified interface. Default: Not displayed. Command mode: Admin Mode Example: Display tunneling configuration information of Ethernet interface vlan1.
02: 22: 20: 40: DVMRP: Send graft-ACK on vlan1 to 105.1.1.2, len 16 02: 22: 20: 40: DVMRP: Graft-Ack Vers: majorv 3, minorv 255 02: 22: 20: 40: DVMRP: Graft-ACK source 192.168.1.105, group 224.1.1.1 16.5.4.2 DVMRP Troubleshooting Help In configuring and using DVMRP protocol, the DVMRP protocol may fail to run properly due to reasons such as physical connection failure or wrong configurations.
by the multicast switches, i.e., respond with membership report packets. The switches send membership query packets in regular interval, and decide whether hosts of their subnet join some group or not; on receiving quit group reports from the hosts, they send query of associated group (IGMP v2) to determine whether there are members in a certain group.
Page 487
a. Configure transmission interval of query packets in IGMP b. Configure maximum response time for IGMP queries c. Configure timeout setting for IGMP queries (3) Configure IGMP version 2、 Disable IGMP Enable IGMP There is no special command for enabling IGMP in layer3 switches, the IGMP automatically enables when any multicast protocol is enabled on the respective interface.
Interface Mode ip igmp query-interval <time_val> no ip igmp query-interval ip igmp query-max-response-time <time_val> query-max-response-time igmrp query-timeout <time_val> no ip igmp query-timeout (3) Configure IGMP version Command Interface Mode ip igmp version <version> no ip igmp version Disable IGMP Command Interface Mode dvmrp dense-mode...
Page 489
16.6.2.2.1 ip igmp access-group Command: ip igmp access-group {<acl_num | acl_name>} no ip igmp access-group Function: Set the filter criteria for IGMP group on the interface; the “no ip igmp access-group” command cancels the filter criteria. Parameter: {<acl_num | acl_name>} is the sequence number of name of the access list, where the range of acl_num is 1 to 99.
Page 490
Command: ip igmp query-interval <time_val> no ip igmp query-interval Function: Set the interval for sending IGMP query messages; the “no ip IGMP query interval” command restores the default setting. Parameter: <time_val> is the interval for sending IGMP query packets, ranging from 1 to 65535s.
300s. Default: The default value is 265 seconds. Command mode: Interface Mode Usage Guide: In a shared network with several routers running IGMP, one switch will be selected as the querier for that shared network, the other switches act as timers monitoring the status of the querier;...
Usage Guide: This command is used to provide forward compatibility between different versions. It should be noted that v1 and v2 are not interconnectable, and the same version of IGMP must be ensured for the same network. Example: Configure the IGMP running on the interface to version 1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip igmp version 1 16.6.3...
2.IGMP Troubleshooting Help 16.6.4.1 Monitor and Debug Commands 16.6.4.1.1 show ip igmp groups Command: show ip igmp groups [{<ifname | group_addr>}] Function: Display IGMP group information. Parameter: <ifname> is the interface name, i.e. display group information of the specified interface; <group_addr> is the group address, i.e., view group information. Default: Not displayed.
Vlan1 is up, line protocol is up Internet address is 192.168.1.11, subnet mask is 255.255.255.0 IGMP is enabled, I am querier IGMP current version is V2 IGMP query interval is 125s IGMP querier timeout is 265s IGMP max query response time is 10s Inboud IGMP access group is not set Multicast routing is enable on interface Multicast TTL threshold is 1...
used. Example: Switch# debug ip igmp packet igmp packet debug is on Switch #02: 17: 38: 58: IGMP: Send membership query on dvmrp2 for 0.0.0.0 02: 17: 38: 58: IGMP: Received membership query on dvmrp2 from 192.168.1.11 for 0.0.0.0 02: 17: 39: 26: IGMP: Send membership query on vlan1 for 0.0.0.0 02: 17: 39: 26: IGMP: Received membership query on dvmrp2 from 192.168.1.11 for 0.0.0.0 16.6.4.2 IGMP Troubleshooting Help...
configure the parameters. For the detailed explanation of the displayed information, see chapter 16.2.1.1.1 16.7.2 PIM-DM configuration In PIM-DM configuration mode, users can enable PIM-DM or disable PIM-DM protocol on the port. See the equivalent CLI command at 16.3.2.3: Enable PIM-DM – “yes” is used to enable PIM-DM protocol; “no” is used to disable PIM-DM protocol.
Page 497
Vlan Port - Specify the layer 3 port Apply – Apply the configuration Default – Disable PIM-SM on the layer 3 interface Click PIM-SM parameter configuration. Users can configure PIM-SM parameters on the layer 3 port. See the equivalent CLI command at 16.4.2.2.3: Hello-Interval –...
Click Set router as RP candidate. Users can configure candidate RP for PIM-SM. See the equivalent CLI command at 16.4.2.2.5: Set router as RP candidate – “yes” is used to set the switch as RP candidate; “yes” is used to cancel the switch as RP candidate Port –...
Page 499
Click DVMRP parameter configuration. Users can configure DVMRP interface parameters: See the equivalent CLI command at 16.5.2.2.4 and 16.5.2.2.5: Vlan Port - Specify the layer 3 port DVMRP report metric configuration – Configure DVMRP report metric for the port. See the equivalent CLI command at 16.5.2.2.4 DVMRP neighbor timeout configuration –...
Click DVMRP tunnel configuration. Users can create and delete DVMRP tunnel. See the equivalent CLI command at 16.5.2.2.9: Neighbor ip address – Specify neighbor ip address Metric – Specify metric to neighbor Vlan Port –Specify the layer 3 port Apply – Create DVMRP tunnel to neighbor Delete tunnel - Delete DVMRP tunnel to neighbor 16.7.5 IGMP configuration...
Vlan Port –Specify the layer 3 port Apply – Apply the configuration Default – Restore the default settings (including ACL for IGMP group, IGMP query interval, Max-response IGMP request time and IGMP query timeout. If users have configured static group and join group, the static group and the join group on the port are deleted.) Note: This page is related to six CLI commands.
Page 502
Click Show ip dvmrp route. See the equivalent CLI command at 16.5.4.1.3 Click Show ip dvmrp tunnel. See the equivalent CLI command at 16.5.4.1.4...
Chapter 17 VRRP Configuration 17.1 Introduction to VRRP VRRP (Virtual Router Redundancy Protocol) is a redundancy protocol. It uses a backup mechanism to increase reliability of the router (or the layer 3 switch) to connect the outside network. It is designed for the local area network which supports multicast or broadcast, such as Ethernet.
ip vrrp authentication mode text no ip vrrp authentication mode ip vrrp authentication string <string> no ip vrrp authentication string 5. Configure VRRP accessorial parameters (1)Configure VRRP preempt mode Command VRRP Mode preempt-mode {true| false} (2)Configure VRRP priority Command VRRP Mode priority <...
Page 506
Usage Guide: This command is used to create or delete the virtual router. The virtual router is identified by the sequence numbers. Users have to create the virtual router before they configure the virtual router parameters. Example: Configure the virtual router with sequence number 10. Switch(config)# router vrrp 10 17.2.2.2 virtual-ip Command: virtual-ip <A.B.C.D>...
17.2.2.4 enable Command: enable Function: Enable the VRRP Command mode: VRRP Mode Usage Guide: Enable the virtual router. Users have to configure the VRRP virtual IP address and the VRRP interface before they enable the VRRP. After this configuration, the interface is added to the standby group. Example: Enable the virtual router with the sequence number 10.
mode. Example: Set the VRRP authentication mode to plain text mode. Switch(config)#interface vlan 1 Switch(Config-If-Vlan1)# ip vrrp authentication mode text 17.2.2.7 vrrp authentication string Command: ip vrrp authentication string <string> no ip vrrp authentication string Function: Set the authentication string of the VRRP packets sent on the interface; the “no ip vrrp authentication string”...
Page 509
no priority Function: Configure VRRP priority; the “no priority” command restores to its default value 100. IP Owner’s VRRP priority is always 255. Parameter: <value> is the VRRP priority, valid range is 1 to 255. Command mode: VRRP Mode Default: The VRRP priority for the backup routers (or the layer 3 switches) is 100 by default, whereas the VRRP priority for the master router (or the layer 3 switch) is 255 by default.
Example: Set VRRP timer to 3 seconds Switch(Config-Router-Vrrp)# advertisement-interval 3 17.2.2.11 circuit-failover Command: circuit-failover <ifname> <value_reduced> no circuit-failover Function: Configure the VRRP monitored interface. Parameter: < ifname > is the name of the monitored interface <value_reduced> is reduced value of the VRRP priority, valid range is 1 to 253.
Fig 17-1 Typical VRRP Application Topology SWITCHA and SWITCHB are layer 3 LAN switches in the same standby group. Set SWITCHA to master switch. The configuration steps are listed below: SWITCHA: SwitchA(config)#interface vlan 1 SwitchA (Config-If-Vlan1)# ip address 10.1.1.5 255.255.255.0 SwitchA (Config-If-Vlan1)#exit SwitchA (config)#router vrrp 1 SwitchA(Config-Router-Vrrp)# virtual-ip 10.1.1.5 master...
Priority is 100 Advertisement interval is 1 sec Preempt mode is TRUE VrId <10> State is Initialize Virtual IP is 10.1.10.1 (IP owner) Interface is Vlan1 Configured priority is 255, Current priority is 255 Advertisement interval is 1 sec Preempt mode is TRUE Circuit failover interface Vlan1, Priority Delta 10, Status UP Item State...
Page 513
17.2.4.2 VRRP Troubleshooting Help VRRP may not work properly due to bad physical connection or wrong configuration. Users can troubleshoot the problems by following the guide below: Make sure the physical connection is good Use “show interfaces status” command to make sure the interface and link protocol are up Make sure VRRP is enabled on the interface Examine the routers (or layer 3 switches) in the same standby group are configured...
Chapter 18 Cluster Network Management 18.1 Introduction to cluster network management Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch).
18.2 Basic Cluster Network Management Configuration 18.2.1 Cluster Network Management Configuration Sequence Enable or disable cluster function Create cluster Create or delete cluster Configure private IP address pool for member switches of the cluster Add or remove a member switch Configure attributes of the cluster in the commander switch Enable or disable joining the cluster automatically Set holdtime of heartbeat of the cluster...
Page 516
Command Global Mode cluster commander <cluster-name> [vlan<vlan-id>] no cluster commander cluster ip-pool<commander-ip> no cluster ip-pool cluster member {candidate-sn <cand-sn> | mac-address [<mem-id>] }[password <pass>] no cluster member < mem-id > 3.Configure attributes of the cluster in the commander switch Command Global Mode cluster auto-add enable no cluster auto-add enable...
timer” command restores the default setting. Parameter: <timer-value> is interval of sending cluster registration packet in seconds, valid range is 30 to 65535. Command mode: Global Mode Default: Cluster register timer is 60 seconds by default. Example: Set the interval of sending cluster registration packet to 80 seconds. Switch(Config)#cluster register timer 80 18.2.2.3 cluster ip-pool Command: cluster ip-pool <commander-ip>...
device which the cluster belongs to. If it is omitted, the cluster belongs to VLAN1. Command mode: Global Mode Default: There is no cluster by default. Usage Guide: This command sets the switch as a commander switch and creates a cluster.
18.2.2.6 cluster auto-add Command: cluster auto-add enable no cluster auto-add enable Function: When this command is executed in the commander switch, the newly discovered candidate switches will be added to the cluster as a member switch automatically; the “no cluster auto-add enable” command disables this function. Command mode: Global Mode Default: This function is disabled by default.
have to telnet the commander switch by passing the authentication. The command “exit” is used to quit the configuration interface of the commander switch. If this command is executed in the commander switch, an error will be displayed. Example: In the member switch, enter the configuration interface of the commander switch.
Keyword Source address or destination address Startup configuration file startup-config System file nos.img System startup file boot.rom Command mode: Admin Mode Usage Guide: The commander switch sends the remote upgrade command to the member switch. The member switch is upgraded and reset. If this command is executed in a non-commander switch, an error will be displayed.
Page 523
no cluster heartbeat Function: In the commander switch, set interval of sending heartbeat packets among the switches of the cluster; the “no cluster heartbeat” command restores the default setting. Parameter: <interval> is the interval of heartbeat of the cluster, valid range is 1 to 65535. Command mode: The interval of heartbeat is 8 seconds by default.