Accton Technology ES4710BD User Manual

Accton 10 slots l2/l3/l4 chassis switch

Table of Contents

Quick Links

Download this manual

ES4710BD

10 Slots L2/L3/L4 Chassis Switch

User's Guide

www.edge-core.com

Table of Contents

Troubleshooting

Summary of Contents for Accton Technology ES4710BD

Page 1 ES4710BD 10 Slots L2/L3/L4 Chassis Switch User’s Guide www.edge-core.com...
Page 2 EES4710BD 10 Slots L2/L3/L4 Chassis Switch Preface ES4710BD is a high performance routing switch released by Edge-Core that can be deployed as the core layer device for campus and enterprise networks, or as an aggregation device for IP metropolitan area networks (MAN). ES4710BD provides 10 slots, with support for various types of line cards and can seamlessly support a variety of network interfaces from 100Mb, 1000Mb to 10Gb Ethernet.
Page 3: Table Of Contents
1.4.1 Chassis ...36 1.4.1.1 Board Rack... 37 1.4.1.2 Power Supply ... 38 1.4.1.3 Ventilation and Cooling System ... 38 1.4.2 Introduction to ES4710BD cards ...38 1.4.2.1 EM4710BD-AGENT ... 39 1.4.2.1.1 Front Panel... 39 1.4.2.1.2 Front Panel - Indicator ... 39 1.4.2.1.3...
Page 4 1.4.2.4 EM4700BD-2XG-XENPAK ... 44 1.4.2.4.1 Front Panel ... 44 1.4.2.4.2 Front Panel - Indicator... 45 1.4.2.4.3 Front Panel Port Description ... 45 1.4.2.4.4 Front Panel – Reset Button... 45 1.4.2.4.5 Front Panel – SWAP Button ... 46 1.4.2.5 EM-7600-ES and EM-7600-ES-2GB ... 46 1.4.2.5.1 Front Panel ...
Page 5 2.3.1.2 Rack-mounting ES4710BD ... 61 2.3.1.3 Wearing an ESD Wrist Strap ... 62 2.3.2 Switch grounding ...62 2.3.3 Card and module installation...63 2.3.3.1 Removing and Installing the Cards ... 64 2.3.3.2 Removing and installing the Dust Gauze ... 64 2.3.3.3 Removing and Installing the Fan Tray ... 64 2.3.3.4...
Page 6 4.2.1.1.3.2 VLAN Mode ... 88 4.2.1.1.3.3 DHCP Address Pool Mode... 88 4.2.1.1.3.4 Route Mode... 88 4.2.1.1.3.5 ACL Mode ... 88 4.2.1.2 Configuration Syntax ... 89 4.2.1.3 Shortcut Key Support ... 89 4.2.1.4 Help function... 90 4.2.1.5 Input verification ... 90 4.2.1.5.1 Returned Information: success...
Page 7 5.2.2.3.2 telnet ... 100 5.2.2.3.3 telnet-server enable ... 101 5.2.2.3.4 telnet-server securityip... 101 5.2.2.3.5 telnet-user ... 101 5.2.3 traceroute...102 5.2.4 show ...102 5.2.4.1 show clock... 102 5.2.4.2 show debugging ... 103 5.2.4.3 show flash ... 103 5.2.4.4 show history ... 103 5.2.4.5 show memory ...
Page 8 5.4.4.2.6 snmp-server securityip... 116 5.4.5 Typical SNMP Configuration Examples ... 116 5.4.6 SNMP Troubleshooting Help ... 117 5.4.6.1 Monitor and Debug Commands ... 117 5.4.6.1.1 show snmp ... 117 5.4.6.1.2 show snmp status ... 119 5.4.6.1.3 debug snmp packet ... 120 5.4.6.2 SNMP Troubleshooting Help ...
Page 9 5.6.2.3 Configure IP address of SNMP manager... 141 5.6.2.4 SNMP statistics ... 142 5.6.2.5 RMON and trap configuration... 142 5.6.3 Switch upgrade... 143 5.6.3.1 TFTP client configuration ... 143 5.6.3.2 TFTP server configuration... 143 5.6.3.3 FTP client configuration... 144 5.6.3.4 FTP server configuration ... 144 5.6.4 Maintenance and debug command ...
Page 10 6.4.1 Reset specific module...155 6.4.2 Show slot...155 6.4.3 Show fan...156 6.4.4 Show power...156 6.4.5 Show module in slot...156 CHAPTER 7 PORT CONFIGURATION ... 157 7.1 I ...157 NTRODUCTION TO 7.2 P ...158 ONFIGURATION 7.2.1 Network Port Configuration...158 7.2.1.1 Network Port Configuration Task Sequence... 158 7.2.1.2 Ethernet Port Configuration Commands ...
Page 11 7.2.4.1 Introduction to Port Mirroring... 170 7.2.4.2 Port Mirroring Configuration Task Sequence... 171 7.2.4.3 Port Mirroring Configuration ... 171 7.2.4.3.1 monitor session source interface ... 171 7.2.4.3.2 monitor session destination interface ... 172 7.2.4.4 Port Mirroring Examples... 172 7.2.4.5 Device Mirroring Troubleshooting Help ... 172 7.2.4.5.1 Monitor and Debug Commands...
Page 12 8.4.1.1 show mac-address-table aging-time ... 185 8.4.1.2 show mac-address-table static ... 186 8.4.1.3 show mac-address-table blackhole ... 186 8.4.2 Troubleshooting Help...186 8.5 MAC A DDRESS UNCTION 8.5.1 MAC Address Binding ...187 8.5.1.1 Introduction to MAC Address Binding... 187 8.5.1.2 MAC Address Binding Configuration ... 187 8.5.1.2.1 MAC Address Binding Configuration Task Sequence ...
Page 13 8.6.2.2.5 Clearing port MAC... 199 8.6.2.3 MAC binding attribution configuration...200 8.6.2.3.1 Maximum port security IP number configuration... 200 8.6.2.3.2 Port violation mode ... 200 8.6.2.4 MAC binding debug...201 8.6.2.4.1 Show MAC binding security address ... 201 CHAPTER 9 VLAN CONFIGURATION ... 202 9.1 I VLAN...202 NTRODUCTION TO...
Page 14 9.5.1.1 Create/remove Vlan ... 217 9.5.1.1.1 VID allocation ... 217 9.5.1.1.2 VID attribution configuration... 218 9.5.1.2 Allocate port for Vlan ... 218 9.5.1.2.1 Allocate port for Vlan ... 218 9.5.1.3 Port type configuration ... 219 9.5.1.3.1 Set port mode(trunk/access)... 219 9.5.1.4 Trunk port configuration...
Page 15 10.2.2.9 spanning-tree link-type p2p... 232 10.2.2.10 spanning-tree maxage... 232 10.2.2.11 spanning-tree max-hop ... 233 10.2.2.12 spanning-tree mcheck... 233 10.2.2.13 spanning-tree mode ... 234 10.2.2.14 spanning-tree mst configuration ... 234 10.2.2.15 spanning-tree mst cost ... 235 10.2.2.16 spanning-tree mst port-priority... 235 10.2.2.17 spanning-tree mst priority...
Page 16 10.5.4 Show MSTP setting...250 10.5.4.1 Instance information... 250 10.5.4.2 MSTP field information ... 250 CHAPTER11 IGMP SNOOPING CONFIGURATION... 251 11.1 I IGMP S NTRODUCTION TO 11.2 IGMP S NOOPING ONFIGURATION 11.2.1 IGMP Snooping Configuration Task...251 11.2.2 IGMP Snooping Configuration Command ...252 11.2.2.1 ip igmp snooping ...
Page 17 12.1.3 Access list Action and Global Default Action ...266 12.2 ACL ...267 CONFIGURATION 12.2.1 ACL Configuration Task Sequence ...267 12.2.2 ACL Configuration Commands...271 12.2.2.1 access-list(extended) ... 271 12.2.2.2 access list(standard) ... 272 12.2.2.3 firewall... 272 12.2.2.4 firewall default... 272 12.2.2.5 ip access extended ...
Page 18 13.4 P HANNEL ROUBLESHOOTING 13.4.1 Monitor and Debug Commands ...290 13.4.1.1 show port-group... 290 13.4.1.2 debug lacp... 294 13.4.2 Port Channel Troubleshooting Help ...295 13.5 WEB MANAGEMENT ...295 13.5.1 LACP port group configuration...295 13.5.2 LACP port configuration...296 CHAPTER 14 DHCP CONFIGURATION ... 297 14.1 DHCP ...297 NTRODUCTION TO...
Page 19 14.5 DHCP T ROUBLESHOOTING 14.5.1 Monitor and Debug Commands ...313 14.5.1.1 clear ip dhcp binding ... 313 14.5.1.2 clear ip dhcp conflict ... 313 14.5.1.3 clear ip dhcp server statistics ... 314 14.5.1.4 show ip dhcp binding... 314 14.5.1.5 show ip dhcp conflict... 315 14.5.1.6 show ip dhcp server statistics...
Page 20 15.3.1.1 show sntp ... 329 15.3.1.2 debug sntp... 329 15.4 WEB MANAGEMENT ...329 15.4.1 SNMP/NTP server configuration ...329 15.4.2 Request interval configuration ...330 15.4.3 Time difference ...330 15.4.4 Show SNMP...330 Chapter 16 QoS Configuration...331 16.1 I S ...331 NTRODUCTION TO 16.1.1 QoS Terms...331 16.1.2 QoS Implementation ...332 16.1.3 Basic QoS Model ...332...
Page 21 16.4.1.4 show mls qos maps ... 354 16.4.1.5 show class-map... 355 16.4.1.6 show policy-map... 355 16.4.2 QoS Troubleshooting Help...356 16.5 WEB MANAGEMENT ...356 16.5.1 Enable QoS...356 16.5.2 Class-map configuration...357 16.5.2.1 Add/Remove class-Map ...357 16.5.2.2 Class-map configuration...357 16.5.3 Policy-map priority configuration ...358 16.5.3.1 Add/Remove policy-map...358 16.5.3.2 Policy-map priority configuration ...359 16.5.3.3 Policy-map bandwidth configuration ...359...
Page 22 17.2.1 Introduction to IP Forwarding...369 17.2.2 IP Route Aggregation Configuration...369 17.2.2.1 IP Route Aggregation Configuration Task ... 369 17.2.2.2 IP Route Aggregation Configuration Command ... 370 17.2.2.2.1 ip fib optimize ... 370 17.2.3 IP Forwarding Troubleshooting Help ...370 17.2.3.1 Monitor and Debug Commands... 370 17.2.3.1.1 show ip traffic...
Page 23 18.2.3.2.1 ip route ... 380 18.2.3.2.2 show ip route ... 381 18.2.4 Configuration Scenario ...382 18.2.5 Troubleshooting Help...383 18.2.5.1 Monitor and Debug Commands... 383 18.3 RIP ...384 18.3.1 Introduction to RIP...384 18.3.2 RIP Configuration ...386 18.3.2.1 RIP Configuration Task Sequence ... 386 18.3.2.2 RIP Configuration Commands...
Page 24 18.4 OSPF ...404 18.4.1 Introduction to OSPF ...404 18.4.2 OSPF Configuration...407 18.4.2.1 Configuration Task Sequence ... 407 18.4.2.2 OSPF Configuration Commands ... 410 18.4.2.2.1 default redistribute cost ... 411 18.4.2.2.2 default redistribute interval... 412 18.4.2.2.3 default redistribute limit ... 412 18.4.2.2.4 default redistribute tag...
Page 25 18.4.2.2.34 debug ip ospf spf... 429 18.4.3 Typical OSPF Scenario ...429 18.4.4 OSPF Troubleshooting Help ...436 18.4.4.1 Monitor and Debugging Commands... 436 18.4.4.2 OSPF Troubleshooting Help... 444 18.5 WEB MANAGEMENT...445 18.5.1 Static route...445 18.5.1.1 Static route configuration ...445 18.5.2 RIP configuration ...445 18.5.2.1 RIP configuration ...446 18.5.2.1.1 Enable RIP ...446 18.5.2.1.2 Enable port to receive/transmit RIP packet ...446...
Page 26 CHAPTER 19 MULTICAST PROTOCOL CONFIGURATION ... 457 19.1 M ULTICAST ROTOCOL 19.1.1 Introduction to Multicast...457 19.1.2 Multicast Address...457 19.1.3 IP Multicast Packets Forwarding...458 19.1.4 Application of Multicast...459 19.2 C OMMON ULTICAST 19.2.1 Common Multicast Configuration Commands...459 19.2.1.1 show ip mroute ... 459 19.3 PIM-DM...461 19.3.1 Introduction to PIM-DM ...461 19.3.2 PIM-DM Configuration...462...
Page 27 19.4.4.1.2 show ip pim interface ... 475 19.4.4.1.3 show ip pim mroute sm ... 476 19.4.4.1.4 show ip pim neighbor ... 476 19.4.4.1.5 show ip pim rp... 477 19.4.4.1.6 debug ip pim... 477 19.4.4.1.7 debug ip pim bsr ... 478 19.4.4.2 PIM-SM Troubleshooting ...
Page 28 19.6.2.2.3 ip igmp query-interval ... 496 19.6.2.2.4 ip igmp query-max-response-time ... 496 19.6.2.2.5 ip igmp query-timeout ... 496 19.6.2.2.6 ip igmp static-group... 497 19.6.2.2.7 ip igmp version... 497 19.6.3 Typical IGMP Scenario ...497 19.6.4 IGMP Troubleshooting Help ...498 19.6.4.1 Monitor and Debug Commands ... 498 19.6.4.1.1 show ip igmp groups ...
Page 29 19.7.6.5 Show ip pim mroute sm...507 19.7.6.6 Show ip pim rp ...507 19.7.6.7 Show ip dvmrp mroute ...507 19.7.6.8 Show ip dvmrp neighbor ...507 19.7.6.9 Show ip dvmrp route ...507 Show ip dvmrp tunnel ...507 CHAPTER20 802.1X CONFIGURATION ... 508 20.1 I 802.1 NTRODUCTION TO...
Page 30 20.4.1.3 show aaa authenticating-user ... 524 20.4.1.4 show radius count ... 524 20.4.1.5 show dot1x... 525 20.4.1.6 debug aaa ... 526 20.4.1.7 debug dot1x ... 527 20.4.2 802.1x Troubleshooting...527 20.5 WEB MANAGEMENT ...528 20.5.1 RADIUS client configuration...528 20.5.1.1 RADIUS global configuration...528 20.5.1.2 RADIUS authentication configuration ...529 20.5.1.3 RADIUS accounting configuration ...530 20.5.2 802.1X configuration ...530...
Page 31 21.4.1 Create VRRP Number ...543 21.4.2 Configure VRRP Dummy IP ... 544 21.4.3 Configure VRRP Port... 544 21.4.4 Activate Virtual Router... 544 21.4.5 Configure Preemptive Mode For VRRP... 544 21.4.6 Configure VRRP priority... 545 21.4.7 Configure VRRP Timer interval... 545 21.4.8 Configure VRRP Interface Monitor ...
Page 32: Chapter 1 Product Overview
1.1 Product Brief Fig 1-1 ES4710BD Switch 1.1.1 Introduction Edge-Core ES4710BD is a high performance routing switch that can be deployed as a core layer device for campus and enterprise networks, or an aggregation device for IP metropolitan area networks (MAN).
Page 33: Features
To meet the strict requirements for device reliability of carrier class networks and to ensure 100% uptime of network cores, the design of ES4710BD enables redundancy for all critical parts, such as power supply, management modules and network links, all modules are also hot-swappable, and working temperatures of all parts are monitored real-time.
Page 34: Layer 3 Forwarding
Access networks. Trunk Port Trunk port of IEEE802.3ad is supported by ES4710BD. A Trunk group of 2 to 8 ports can be established for link redundancy and load balance. EES4710BD 10 Slots L2/L3/L4 Chassis Switch...
Page 35: Main Features
Broadcast Storm Control function, resulting in improved overall system performance. Port Mirroring ES4710BD supports Port Mirroring, which is used to mirror the inbound and/or outbound traffic on specific port(s) to another port to gather related statistics, which is useful in troubleshooting and traffic monitoring.
Page 36: Technical Specifications
Restart and reset to factory setting can be done both locally and remotely TFTP /FTP firmware upgrade available Can be installed into standard 19-inch chassis Technical specifications Protocols and Standards IEEE802.3 10BASE-T Ethernet □ IEEE802.3u 100BASE-TX/FX Fast Ethernet □ □ IEEE802.3x Flow control IEEE802.1x access control □...
Page 37: Physical Specifications
797(H) x 478mm(D). The chassis consists of functional block, thermal block, and power supply block. The function module block is a board rack, which is the supporting structure for ES4710BD system boards (10 boards max). Ten wiring clips are provided in the upper and lower parts of the board rack respectively, for the positioning of all kinds of cables.
Page 38: Board Rack
The board rack consists of board slots and a system board. The boards are inserted vertically into the ES4710BD 10 unit boards are provided. These include 2 management slots in the middle for management switch modules, marked specially in red as M1 and M2.
Page 39: Power Supply
(printed on the panel as Link and Act). The ES4710BD system board is an essential part of the switch, located inside the switch and providing interconnectivity between the management switch modules (short for management card) and network interface modules (line card), and for all management and control signals.
Page 40: Em4710Bd-Agent
IPv6, MPLS and firewall with 2 SFP 1000 Mb fiber ports. 1.4.2.1 EM4710BD-AGENT The EM4710BD-AGENT is switching module for the ES4710BD. System status control, switch management, user access control and administration, and network maintenances are performed here.
Page 41: Front Panel - Console Port
Master-Slave indicator Power Supply Module Status indicator: Fail POWER Assembly Status indicator: Alarm 1.4.2.1.3 Front Panel – Console Port The EM4710BD-AGENT provides a RJ-45 (receptacle) Console serial port. Users can connect to hosts via this port to perform system debugging, configuration, maintenance, administration and host software loading.
Page 42: Front Panel - Reset Button
Property Connector Connector type 1.4.2.1.5 Front Panel – Reset Button EM4710BD-AGENT provides a RESET button for resetting the board. 1.4.2.1.6 Front Panel – SWAP Button The EM4710BD-AGENT provides a SWAP button for hot swapping the module during operation. Before removing the modules, users should press SWAP button first. The module will then prepare for hot-swap and the system operation indicator (RUN) will turn yellow and blink at 8 Hz.
Page 43: Front Panel Port Description
indicator On (Green, blinks at 8 Hz) On (Yellow, blinks at 8 Hz) On (Red, blinks at 8 Hz) RJ-45 port indicator On (Green) Status Link indicator Transmission Blinking (Green) Indicator 1.4.2.2.3 Front Panel Port Description The EM4700BD-12GT-RJ45 provides 12 RJ45 copper Gb ports. Table 1.5 EM4700BD-12GT-RJ45 port description Port Type RJ-45 port...
Page 44: Front Panel - Indicator
Fig 1-5 EM4700BD-12GX-SFP Front Panel view 1.4.2.3.2 Front Panel - Indicator The following table describes the EM4700BD-12GX-SFP’s front panel indicators: Table 1.6 EM4700BD-12GX-SFP indicator descriptions Panel Symbol Power Indicator Operation indicator RJ-45 port indicator Status Link indicator Transmission Indicator 1.4.2.3.3 Front Panel Port Description The EM4700BD-12GX-SFP provides 12 SFP (Mini GBIC) Gigabyte fiber transceiver slots.
Page 45: Front Panel - Reset Button
Table 1.7 EM4700BD-12GX-SFP port description Port Type 1.4.2.3.4 Front Panel – Reset Button The EM4700BD-12GX-SFP provides a RESET button for resetting the board. 1.4.2.3.5 Front Panel – SWAP Button The EM4700BD-12GX-SFP provides a SWAP button for hot swapping the module during operation. Before removing the modules, users should first press the SWAP button.
Page 46: Front Panel - Indicator
1.4.2.4.2 Front Panel - Indicator The following table describes the front panel indicators for the EM4700BD-2XG-XENPAK: Table 1.8 Description of the EM4700BD-2XG-XENPAK indicators Panel Indicator Symbol On (green) Power Indicator On (Green, blinks at 1 Hz) On (Green, blinks at 8 Hz) Operation On (Yellow, blinks at 8 Hz) indicator...
Page 47: Front Panel - Swap Button
1.4.2.4.5 Front Panel – SWAP Button The EM4700BD-2XG-XENPAK provides a SWAP button for hot swapping the module during operation. Before removing the modules, users should first press the SWAP button. The module will then prepare for a hot-swap and the system operation indicator (RUN) will turn yellow and blink at 8 Hz.
Page 48: Front Panel - Indicator
1.4.2.5.2 Front Panel - Indicator The following table describes the front panel indicators for EM-7600-ES and EM-7600-ES-2GB: Table 1.9 Description of the EM-7600-ES and EM-7600-ES-2GB indicators Panel Symbol On (green) Power Indicator On (Green, blinking at 1 Hz) On (Green, blinking at 8 Hz) Operation On (Yellow, blinking at 8 Hz) indicator...
Page 49: Front Panel - Reset Button
The ES4710BD power module is installed in the lower section of the chassis, and connects to the power board of the switch. All the power modules attach to the chassis with 2 screws, respectively.
Page 50: Em4710Bd-Ac (Alternating Current Power Module)
Fig 1-8 EM4710BD-AC Front Panel view 1.4.4 Power Distribution Box There is a dedicated AC distribution box or DC distribution box in the lower section of ES4710BD backplane, distributing power supply for the corresponding AC or DC power module. A grounding post is provided on the chassis on both sides of the distribution box for switch grounding.
Page 51: System Backplane
1.4.7 Dust Gauze The ES4710BD’s dust gauze lies under the board rack and prevents large particles in the air from entering the switch. The dust gauze should be inserted from the front of the ES4710BD in a horizontal position.
Page 52: Rear Panel
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 1.4.8 Rear Panel The rear panel of the ES4710BD covers the switch backplane. To ensure safe operation of the switch, please do not open the rear panel. There are two reversible handles on the rear panel, they are used only for the installation and removal of the rear panel.
Page 53: System Features
Weight Physical Dimensions Relative humidity Operating Temperature Power Supplies Power Consumption Forwarding Mode The ES4710BD Switch system features are described in the table below. Table 1.12 ES4710BD System Features Property Basic Configuration Hot swap Failover design Processor EES4710BD 10 Slots L2/L3/L4 Chassis Switch...
Page 54: Chapter 2 Hardware Installation
Chapter 2 Hardware Installation Safety Information During the installation and use of the ES4710BD Switch, please follow the safety guidelines listed below: Basic Guidelines Disconnect power supplies from the chassis before disassembly or moving the switch. Install the switch in a clean area, ensuring proper temperature and humidity conditions.
Page 55 (including rings, necklaces, watches and bracelets). Metal objects will cause short circuits and damage the device when in contact with both powered items and the ground. An improper connection between the device and power sockets may be hazardous. Only trained and qualified personnel should be allowed to operate and maintain the device.
Page 56: Site Requirements
Ambient temperature: 0 ~ 40°C Humidity: 10% ~ 90%, non-condensing The ES4710BD is equipped with a fan assembly for providing the switch with an appropriate level of cooling; you can place the switch on a workbench or rack. Ensure the following: The rack or workbench should be well ventilated.
Page 57: Dust And Particles
2.1.3 Dust and Particles Dust is harmful to the safe operation of the ES4710BD. Dust can lead to electrostatic adherence, especially likely under low relative humidity, causing poor contact of metal connectors or contacts. Electrostatic adherence will result in not only reduced product lifespan, but also increased chance of communication failures.
Page 58: Preventing Electrostatic Discharge Damage
Notice If a standard 19’’ rack is not available, the ES4710BD can be placed on a clean level desktop, leave a clearance of 100mm around the switch for ventilation, and do not place anything on top of the switch.
Page 59: Power Supply Requirements
2.1.7 Power Supply Requirements The ES4710BD is designed to use modular switching power supplies, supporting 2 +1 redundant backup of power modules. The power input specification is shown below: Nominal Input Voltage AC: 90 ~ 264 VAC, 50 ~ 60Hz DC: -36 ~ -72 VDC Total power consumption: ≤700W...
Page 60: Required Tools And Utilities
A basic configuration ES4710BD should include the following: ITEM No. Part name ES4710BD Ethernet Switch Serial port cable Grounding cord Chassis hanger Hanger screw Manual CD Qualification certificate Warranty card Note: The above list is subject to change without notice, please use the packing list shipped with the switch as the checklist.
Page 61 Cards and modules installation Connecting to the Console Connecting to the Console port Connecting to the Management Port Connecting to the Ethernet port SFP transceiver installation Install the SFP transceiver in the SFP slot XENPAK transceiver installation Install the XENPAK transceiver in the XENPAK slot EES4710BD 10 Slots L2/L3/L4 Chassis Switch...
Page 62: Switch Installation
● Verify that the workbench is strong enough to support the ES4710BD’s fully configured weight ● Plan a good position for your ES4710BD that is easy to operate and has an appropriate power source and grounding point. ● Place the ES4710BD safely on the workbench, avoid obstructions on any side of the switch.
Page 63: Wearing An Esd Wrist Strap
2.3.2 Switch grounding A good grounding system is the groundwork for the smooth and safe operation of the ES4710BD, and an excellent way to prevent lightning strikes and resistance interference. Please follow the switch grounding specification instructions, verify the installation site’s grounding condition and ensure proper grounding accordingly.
Page 64: Card And Module Installation
The overall grounding requirements are the sum total of the above. Ground resistance value should be less than 1 ohm. The ES4710BD provides 2 chassis grounding posts in the lower rear chassis, marked as “GND”. Chassis protection grounding should be properly connected to the rack grounding connector...
Page 65: Removing And Installing The Cards
2.3.3.3 Removing and Installing the Fan Tray The ES4710BD has three fan trays in the upper section of the switch, and can be serviced from the front. The installation and removal of the fan tray is relatively simple. To install, just hold the fan tray in the correct direction, align with the corresponding slot and push to secure.
Page 66: Removing And Installing Power Supply Modules
Fig2-4 The installation and removal of a fan tray 2.3.3.4 Removing and Installing Power Supply Modules The ES4710BD employs a 2 +1 redundant power supply module combination, all three modules will work during normal operation. In case one module fails, it can be replaced while the system is operating without presenting an electrical hazard or damage to the system.
Page 67: Connecting To The Console
Fig 2-6 The installation and removal of the power supply module dust gauze 2.3.4 Connecting to the console The ES4710BD provides a RJ-45 port as the local console. Users can configure the switch through a character terminal (usually a PC) with RS-232 ports. The connection procedures are listed below: Step 1: Find a character terminal or a PC with a RS-232 serial port.
Page 68: Connecting To The Management Port
Step 2: Connect the router to an administrative workstation in the wide area network. 2.3.6 SFP transceiver installation In the ES4710BD, each line card with a 1000BASE fiber interface provides several SFP 1000BASE transceiver slots. The procedure for installing the SFP 1000BASE fiber transceiver is shown below:...
Page 69: Copper Cable/Fiber Cable Connection
Step 4: Tighten (clockwise) the panel fasteners in the front of XENPAK transceiver until fastened to the front panel of the 10GB line card. Note: the XENPAK 10GB fiber transceiver is hot swappable Notice Do not stare directly at the 2 fiber bore in the XENPAK 10GB fiber transceiver when the switch is in operation.
Page 70 Connection procedures for DC power supply module are described below: Step 1: Before connecting the DC power cable, ensure that the ES4710BD is properly grounded, and the air switch in the DC distribution box is off.
Page 71: Chapter 3 Setup Configuration
Setup configuration refers to the initial operation of the switch after the user purchases the switch. For first-time users of the ES4710BD, this chapter provides a very practical instruction. When using CLI (command line interface), the user can type setup under admin mode to enter the Setup configuration interface.
Page 72: Setup Submenu
入交机主机名[ES4710BD]: Note: the hostname should be less than 30 characters. If the user presses Enter without input, the hostname will be set to default “ES4710BD”. 3.1.2.2 Configuring Vlan1 Interface Select “1” in the Setup main menu and press Enter to start configuring the Vlan1 interface:...
Page 73: Telnet Server Configuration
The corresponding prompt in Chinese is: 配置 Vlan1 接口 [0]: 配置 Vlan1 接口的 IP 地址 [1]: 配置 Vlan1 接口的状 [2]: 返回上一菜序号: Select “0” in the Vlan1 interface configuration menu and press Enter, the following screen will appear: Please input interface-Vlan1 IP address (A.B.C.D): The corresponding prompt in Chinese is: 入...
Page 74 [0]: Add telnet user [1]: Config telnet server status [2]: Exit Selection number: The corresponding prompt in Chinese is: 配置 Telnet 服器 [0]: 添加 Telnet 服器用 [1]: 配置 Telnet 服器的状 [2]: 返回上一菜序号: Select “0” in the Telnet server configuration menu and press Enter, the following screen will appear: Please input the new telnet user name : The corresponding prompt in Chinese is: 入要添加的...
Page 75: Configuring Web Server
enable Telnet service. The Telnet server configuration menu will then appear. Select “2” in the Telnet server configuration menu to return to the Setup main menu. 3.1.2.4 Configuring Web Server Select “3” in the Setup main menu and press Enter to start configuration of the Web server: Configure web server [0]: Add web user [1]: Config web server status...
Page 76: Configuring Snmp
Note: valid password length is 1 to 8 characters. After configuring the username and password, the menu will return to the Web server configuration section. Select “1” in the Web server configuration menu and press Enter, the following screen appears: Enable switch web-server or no?(y/n) [y]: The corresponding prompt in Chinese is: 是否使能交...
Page 77 [2]: 配置 Traps 主机 IP 地址和体字符串 [3]: 配置交机 SNMP 状 [4]: 配置交机 Traps 状 [5]: 添加 SNMP 管理站安全 IP 地址 [6]: 返回上一菜序号: Select “0” in the SNMP configuration menu and press Enter, the following screen will appear: Please input the read-write access community string[private]: The corresponding prompt in Chinese is: 入...
Page 78: Exiting Setup Configuration Mode
Select “3” in the SNMP configuration menu and press Enter, the following screen will appear: Enable SNMP-server? (y/n) [y]: The corresponding prompt in Chinese is: 是否使能交机 SNMP? (y/n) [y]: Type “n” and press Enter to disable SNMP service. Type “y” and press Enter, or just press Enter to enable SNMP service.
Page 79: Chapter 4 Switch Management
Chapter 4 Switch Management 4.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. ES4710BD provides two management options: in-band management and out-of-band management. 4.1.1 Out-of-band Management Out-of-band management is the management through Console interface. Generally, out-of-band management is used for initial switch configuration, or when in-band management is not available.
Page 80 Step 2 Entering the HyperTerminal. Open HyperTerminal in Windows after the connection has been established. The example below is based on HyperTerminal that is included in Windows XP. 1) Click Start menu - Programs – Accessories – Communications - HyperTerminal 2) Type a name for opening HyperTerminal, such as “SWITCH”...
Page 81 4) COM1 properties appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity checksum”, “1” for “stop bits” and “none” for “flow control”; or, you can also click “Restore default” and click “OK”. 5)The HyperTerminal window appears. EES4710BD 10 Slots L2/L3/L4 Chassis Switch Fig 4-4 Opening HyperTerminal (3) Fig 4-5 Opening HyperTerminal (4)
Page 82 SWITCH# SWITCH# Step 3 Entering switch CLI interface: Power on the switch. The following appears in the HyperTerminal windows, this is the CLI configuration mode for ES4710BD. ES4710BD Management Switch Copyright (c) 2001-2004 by Edge-Core Networks Limited. All rights reserved.
Page 83: In-Band Management
3) If not 2), the Telnet client can connect to an IP address of the switch via other devices, such as a router. ES4710BD is a Layer 3 switch that can be configured with several IP addresses. The following example assumes the shipment’s default status of the switch, only VLAN1 exists in the system.
Page 84 10.1.128.251/24, then a possible host IP address is 10.1.128.252/24. Run “ping 10.1.128.251” from the host to verify the result, and check for reasons if ping failed. The IP address configuration commands for VLAN1 interface ES4710BD are listed below. Before in-band management, the switch must be configured with an IP address by out-of-band management (i.e., Console mode), The configuration commands are as follows (All switch...
Page 85 Run the Telnet client program included in Windows with the specified Telnet target. Fig 4-8 Running the Telnet client program included in Windows Step 3: Log in to the switch Log in to the Telnet configuration interface. Valid login name and password are required, otherwise the switch will reject Telnet access.
Page 86: Managing The Switch Through Ecview
The computer hosting ECview should be able to ping the associated IP address of Switch so that ECview will, upon launching, find ES4710BD to perform read/write operations. This manual does not include information about how to manage the switch with ECview, please refer to ECview User’s Guide for details.
Page 87: Cli Interface
Input verification Fuzzy match support 4.2.1.1 Configuration Modes Fig 4-10 Shell Configuration Modes for ES4710BD 4.2.1.1.1 User Mode On entering the CLI interface, the default is User Mode. The prompt shown is “Switch>”, the symbol “>” is the prompt for User Mode. When the exit command is run under Admin Mode, it will return to the User Mode.
Page 88: Admin Mode
Or, when the exit command is run under Global Mode, it will return to the Admin Mode. ES4710BD also provides the shortcut key sequence "Ctrl+z”, that allows an easy way to exit to Admin Mode from any configuration mode (except User Mode).
Page 89: Vlan Mode
under Global Mode. 4.2.1.1.3.2 VLAN Mode Using the vlan <vlan-id> command under Global Mode, you can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode. 4.2.1.1.3.3 DHCP Address Pool Mode Type the ip dhcp pool <name>...
Page 90: Configuration Syntax
4.2.1.2 Configuration Syntax ES4710BD provides various configuration commands. Although all the commands are different, they all abide by the syntax of ES4710BD configuration commands. The general command format of ES4710BD is shown below: cmdtxt <variable> { enum1 | … | enumN } [option] Conventions: cmdtxt in bold font indicates a command keyword;...
Page 91: Help Function
When a string for a command or keyword is entered, the Tab can be used to complete the command or keyword if there is no conflict. 4.2.1.4 Help function There are two ways in ES4710BD for the user to access help information: the “help” command and the “?”. Access to Help...
Page 92: Fuzzy Match Support
Syntax error: missing '"' before the end of command line! 4.2.1.6 Fuzzy match support ES4710BD Shell support fuzzy match in searching for commands and keywords. Shell will recognize commands or keywords correctly if the entered string causes no conflict. For example: For Admin configuration command “show interface ethernet 1/1”, simply typing in...
Page 93: Module Front Panel
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 4.3.2 Module Front Panel When entering username, password and passing authentication, you will see the following web management main page. On the left of the management page is the main management menu and on the right of the page system information and command parameter are displayed. Click the main menu link to browse other management links and to display configuration and statistic information.
Page 94: Chapter 5 Basic Switch Configuration
Chapter 5 Basic Switch Configuration 5.1 Basic Switch Configuration Commands This section covers the basic configuration for the switch, including all the commands for entering and exiting the Admin Mode and Interface Mode, setting and displaying switch clock and displaying system version information. 5.1.1 clock set Command: clock set <HH:MM:SS>...
Page 95: Enable Password
EES4710BD 10 Slots L2/L3/L4 Chassis Switch user password are all wrong, it remains in the User Mode. Set the Admin user password under Global Mode with the “enable password” command. Example: Switch>enable password: ***** (admin) Switch# Related command: enable password 5.1.4 enable password Command: enable password Function: Modify the password to enter Admin Mode from the User Mode, press Enter after type in...
Page 96: Exit
Default: The default value is 5 minutes. Usage Guide: To ensure security for the switch and prevent malicious operation of unauthorized users, timeout count will start after the last configuration by the Admin user. The system will automatically exit the Admin Mode upon the preset timeout threshold. If the user needs to enter Admin Mode, the Admin user password needs to be entered again.
Page 97: Hostname
Usage Guide: Sets the association between host and IP address, which can be used in commands like “ping <host>”. Example: Setting the IP address of a host with the hostname of “ES4710BD” to 200.121.1.1. Switch(Config)#ip host ES4710BD 200.121.1.1 Related commands: telnet, ping, traceroute 5.1.9 hostname...
Page 98: Setup
Command: setup Function: Enters the Setup Mode of the switch. Command mode: Admin Mode Usage Guide: ES4710BD provides a Setup Mode, in which the user can configure IP addresses, etc. 5.1.13 language Command: language {chinese|english} Function: Sets the language for displaying the help information.
Page 99: Telnet
Function: The switch sends an ICMP packet to remote devices to verify the connectivity between the switch and remote devices. Parameters: <ip-addr> is the target host IP address for ping, in decimal format. Default: Sends 5 ICMP packets of 56 bytes each, timeout is 2 seconds. Command mode: Admin Mode Usage Guide: When the user types in the ping command and press Enter, the system will provide an interactive mode for configuration, and the user can choose all the parameters for ping.
Page 100: Telnet Task Sequence
As Telnet client, ES4710BD uses telnet command under the Admin Mode to allow the user to log in to the other remote hosts. ES4710BD can only establish TCP connections to one remote host at a time. If a connection to another remote host is desired, the current connection must be dropped.
Page 101: Telnet Commands
Usage Guide: This command is used when the switch is used as a client, the user logs in to remote hosts for configuration with this command. ES4710BD can only establish TCP connection to one remote host as a Telnet client. If a connection to another remote host is desired, the current TCP connection must be dropped.
Page 102: Telnet-Server Enable
Connecting Host 20.1.1.123 Port 23... Service port is 23 Connected to 20.1.1.123login:123 password:*** router> 5.2.2.3.3 telnet-server enable Command: telnet-server enable no telnet-server enable Function: Enables the Telnet server function in the switch: the “no telnet-server enable” command disables the Telnet function in the switch. Default: Telnet server function is enabled by default.
Page 103: Traceroute
Usage Guide: This command is used when the switch is used as a server, this command is used to set authorized Telnet clients. If the Telnet function authorization has not been configured, nobody can connect via Telnet for configuration. As a Telnet server, ES4710BD allows up to 5 telnet client TCP connections.
Page 104: Show Debugging
Switch#show clock Current time is TUE AUG 22 11：00：01 2002 Related command: clock set 5.2.4.2 show debugging Command: show debugging Function: Displays the debugging switch status. Usage Guide: If a user needs to check what debugging switches have been enabled, show debugging command can be executed.
Page 105: Show Memory
enable config interface ethernet 1/3 enable show flash show ftp 5.2.4.5 show memory Command: show memory Function: Displays the contents in the memory. Command mode: Admin Mode Usage Guide: This command is used for switch debugging purposes. The command will interactively prompt the user to enter start address of the desired information in the memory and output word number.
Page 106: Show Startup-Config
Switch#show running-config 5.2.4.7 show startup-config Command: show startup-config Function: Displays the switch parameter configurations written in the Flash memory at the current operation, those are usually also the configuration files used for the next power-up. Default: If the configuration parameters read from the Flash are the same as the default operating parameter, nothing will be displayed.
Page 107: Show Tcp
5.2.4.9 show tcp Command: show tcp Function: Displays the current TCP connection status established to the switch. Command mode: Admin Mode Example: Switch#show tcp LocalAddress LocalPort ForeignAddress 0.0.0.0 0.0.0.0 Displayed information LocalAddress LocalPort ForeignAddress ForeignPort State 5.2.4.10 show udp Command: show udp Function: Displays the current UDP connection status established to the switch.
Page 108: Show Telnet User
All rights reserved. Switch# 5.2.5 debug All the protocols ES4710BD supports have their corresponding debugging commands. The users can use the information from the debugging command for troubleshooting. Debugging commands for their corresponding protocols will be introduced in the later chapters.
Page 109: Configuring Switch Ip Addresses
BootPRequest to the BootP/DHCP servers. The BootP/DHCP servers then assign the address upon receiving the request. In addition, ES4710BD can act as a DHCP server, and dynamically assign network parameters such as IP addresses, gateway addresses and DNS server addresses to DHCP clients.
Page 110: Commands For Configuring Switch Ip Addresses
3.DHCP Command ip dhcp-client enable no ip dhcp-client enable 5.3.2 Commands for Configuring Switch IP Addresses 5.3.2.1 ip address Command: ip address <ip-address> <mask> [secondary] no ip address [<ip-address> <mask>] [secondary] Function: Sets the IP address and mask for the specified VLAN interface; the “no ip address <ip address>...
Page 111: Ip Dhcp-Client Enable
Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip bootp-client enable Switch (Config-If-Vlan1)#exit Switch (Config)# Related command: ip address, ip dhcp-client enable 5.3.2.3 ip dhcp-client enable Command: ip dhcp-client enable no ip dhcp-client enable Function: Enables the switch to be a DHCP client and obtain IP address and gateway address through DHCP negotiation;...
Page 112: Introduction To Mib
SNMP protocol provide a relatively direct way of exchanging management information between two points in the network. SNMP employs a polling mechanism of message query transmitted through UDP (a connectionless transport layer protocol), and is therefore well supported by the existing computer networks. SNMP protocol works in NMS(Network Management Station)-Agent mode, thus consists of two parts: NMS and Agent.
Page 113: Introduction To Rmon
NMS obtains corresponding network management information by visiting the MIB of the SNMP Agent. ES4710BD can operate as a SNMP Agent, and supports both SNMP v1 and v2c, basic MIB-II, RMON public MIB and other related public MIBs such as BRIDGE MIB.
Page 114: Configuring Snmp
Statistics: Maintains basic utilization and error statistics for each subnet monitored by the Agent. History: Records periodical statistic samples available from Statistics. Alarm: Allows users to set any count or integer for sample intervals and alert thresholds for RMON Agent records. Event: A list of all events generated by RMON Agent.
Page 115: Snmp Configuration Commands
4. Configuring TRAP Command snmp-server enable traps no snmp-server enable traps snmp-server host <community-string> no snmp-server host <host-addr> 5. Enable/Disable RMON Command rmon enable no rmon enable 5.4.4.2 SNMP Configuration Commands 5.4.4.2.1 rmon Command: rmon enable no rmon enable Function: Enables the RMON function in the switch: the “no rmon enable” command disables the RMON function.
Page 116: Snmp-Server Enable
Parameters: <string> is the community string set; ro|rw is the specified access mode to MIB, ro for read-only and rw for read-write. Usage Guide: Up to 4 community strings are supported by the switch. Example: Adding a community string named “private” with read-write permission. Switch(Config)#snmp-server community rw private Add a community string named “public”...
Page 117: Snmp-Server Host
5.4.4.2.5 snmp-server host Command: snmp-server host <host-addr> <community-string> no snmp-server host <host-addr> Function: Sets the IP address and Trap community string of the NMS to receive SNMP trap message; the “no snmp-server host <host-addr>” command deletes the IP address of the NMS to receive SNMP Trap message.
Page 118: Snmp Troubleshooting Help
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 1. 1. 1. 9 1. 1. 1. 5 Fig 5-2 SNMP Configuration Example The IP address of NMS is 1.1.1.5; the Switch (Agent) IP address is 1.1.1.9. Scenario 1: The NMS network administrative software uses SNMP protocol to obtain data from the switch.
Page 119 Function: Displays all SNMP counter information. Command mode: Admin Mode Example: Switch#show snmp 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs...
Page 120: Show Snmp Status
bad values errors general errors response PDUs trap PDUs 5.4.6.1.2 show snmp status Command: show snmp status Function: Displays SNMP configuration information. Command mode: Admin Mode Example: Switch#show snmp status System Name: System Contact: System Location: Trap enable RMON enable Community Information: Trap manager Information: Security IP Information:...
Page 121: Debug Snmp Packet
“debug snmp packet” command to enable SNMP debugging function and view the debug output. 5.5 Switch Upgrade ES4710BD provides two ways for switch upgrade: BootROM upgrade and the TFTP/FTP upgrade under Shell. EES4710BD 10 Slots L2/L3/L4 Chassis Switch...
Page 122: Bootrom Upgrade
Step 2: Press “ctrl+b” on switch boot up until the switch enters BootROM monitor mode. The operation result is shown below: ES4710BD Management Switch Copyright (c) 2001-2004 by Edge-Core Networks Limited. All rights reserved. Reset chassis ... done.
Page 123 EES4710BD 10 Slots L2/L3/L4 Chassis Switch 219.32 BogoMIPS SST39VF040 CPU: PowerPC MPC8245MH266, Revision 14 Version: 1.4.1 Creation date: Apr 14 2005, 09:33:18 Attached TCP/IP interface to lnPci0. [Boot]: Step 3: Under BootROM mode, run “setconfig” to set the IP address and mask of the switch under BootROM mode, server IP address and mask, and select TFTP or FTP upgrade.
Page 124: Ftp/Tftp Upgrade
mirror file. [Boot]: write nos.img Programming... Program OK. [Boot]: Step 6: After successful upgrade, execute the “run” command in BootROM mode to return to CLI configuration interface. [Boot]:run（or reboot） Other commands in BootROM mode DIR command Used to list existing files in the FLASH. [Boot]: dir boot.rom boot.conf...
Page 125 IMG upgrade file. In ES4710BD, the system mirror file is allowed to save in FLASH only. ES4710BD mandates the name of system mirror file to be uploaded via FTP in Global Mode to be nos.img, other IMG system files will be rejected.
Page 126: Ftp/Tftp Configuration
Active configuration file: refers to the active configuration sequence used in the switch. In ES4710BD, the active configuration file is stored in the RAM. In the current version, the active configuration sequence running-config can be saved from the RAM to FLASH by the write command or the copy running-config startup-config command, so that the active configuration sequence becomes the start up configuration file, which is called configuration save.
Page 127 1. FTP/TFTP client configuration （1）FTP/TFTP client upload/download file Command Admin Mode copy <source-url> <destination-url> [ascii | binary] （2）For FTP client, server file list can be checked Global Mode dir <ftpServerUrl> 2. FTP server configuration （1）Start FTP server Command Global Mode ftp-server enable no ftp-server enable （2）Configure FTP login username and password...
Page 128: Ftp/Tftp Configuration Commands
3. TFTP server configuration （1）Start TFTP server Command Global Mode tftp-server enable no tftp-server enable （2）Modify TFTP server connection idle time Command Global Mode tftp-server retransmission-number < number > （3）Modify TFTP server connection retransmission time Command Global Mode tftp-server retransmission-number <...
Page 129: Dir
Special Keywords in filename keyword Source/Target IP address running-config Active configuration file startup-config Start up configuration file nos.img System file Boot.rom System boot file Command mode: Admin Mode Usage Guide: The command provides command line prompt messages. If the user enters a command like copy <filename>...
Page 130: Ftp-Server Enable
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Example: viewing the file list of the FTP server 10.1.1.1 with the username “ Switch” and password “ edgecore ”. Switch# config Switch( Config)#dir ftp:// Switch:edgecore@10.1.1.1 5.5.2.2.5 ftp-server enable Command: ftp-server enable no ftp-server enable Function: Enables FTP server, the “no ftp-server enable”...
Page 131: Ip Ftp
5.5.2.2.7 ip ftp Command:ip ftp <username> password [type{0|7}] <password> no ip ftp username <username> Function: Configures the FTP username and password; the “no ip ftp username <username>” command deletes the password as well as the username configured. Parameters: <username> is the FTP connection username, up to 16 characters are allowed; 0|7 indicates non-masked password display and masked password display;...
Page 132: Tftp-Server Enable
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Usage Guide: The command provides command line prompt messages. If the user enters a command like copy <filename> tftp:// or copy tftp:// <filename> and presses Enter, the following prompt will appear: tftp server ip address> tftp filename>...
Page 133: Tftp-Server Retransmission-Number
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 5.5.2.2.10 tftp-server retransmission-number Command: tftp-server retransmission-number <number> Function: Sets the retransmission time for TFTP server Parameters: < number> is the time to re-transfer, the valid range is 1 to 20. Default: The default value is 5 retransmission. Command mode: Global Mode Example: Modifying the retransmission time to 10 times.
Page 134 Scenario 1: The switch is used as FTP/TFTP client. The switch connects from one of its ports to a computer, which is a FTP/TFTP server with an IP address of 10.1.1.1; the switch acts as a FTP/TFTP client, the IP address of the switch management VLAN is 10.1.1.2. Download “nos.img” file in the computer to the switch.
Page 135 EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch (Config)#inter vlan 1 Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0 Switch (Config-If-Vlan1)#no shut Switch (Config-If-Vlan1)#exit Switch (Config)#ftp-server enable Switch(Config)#ip ftp Switch password 0 edgecore Computer side configuration: Log in to the switch with any FTP client software, with the username “Switch” and password “edgecore”, use the command “get nos.img 12_25_nos.img”...
Page 136 Switch#copy tftp://10.1.1.1/ Profile2 Profile2 Switch#copy tftp://10.1.1.1/ Profile3 Profile3 Scenario 5: ES4710BD acts as FTP client to view file list on the FTP server. Synchronization conditions: The switch connects to a computer by a Ethernet port, the computer is a FTP server with an IP address of 10.1.1.1; the switch acts as a FTP client, and the IP address of the...
Page 137: Ftp/Tftp Troubleshooting Help
EES4710BD 10 Slots L2/L3/L4 Chassis Switch FTP Configuration PC side: Start the FTP server software on the PC and set the username as “Switch”, and the password as “edgecore”. ES4710BD： Switch (Config)#inter vlan 1 Switch (Config-If-Vlan1)#ip address 10.1.1.2 255.255.255.0 Switch (Config-If-Vlan1)#no shut Switch (Config-If-Vlan1)#exit Switch (Config)#dir ftp://Switch:edgecore@10.1.1.1...
Page 138: Show Tftp
Example: Switch#show ftp Timeout :600 Displayed information Timeout 5.5.2.4.3 show tftp Command: show tftp Function: displays the parameter settings for the TFTP server Default: There is no display by default. Command mode: Admin Mode Example: Switch#show tftp timeout Retry Times :10 Displayed information Timeout Retry Times...
Page 139: Tftp Troubleshooting Help
send file 150 Opening ASCII mode data connection for nos.img. 226 Transfer complete. close ftp client. The following is the message displays when files are successfully received. Otherwise, please verify link connectivity and retry “copy” command again. 220 Serv-U FTP-Server v2.5 build 6 for WinSock ready... 331 User name okay, need password.
Page 140: Web Management
The following is the message displayed when files are successfully received. Otherwise, please verify link connectivity and retry the “copy” command again. begin to receive file,wait... recv 1526037 ************************ write ok transfer complete close tftp client. If the switch is upgrading system file or system start up file through TFTP, the switch must not be restarted until “close tftp client”...
Page 141: Configure Exec Timeout
Basic host configuration – configures the mapping relationship between the switch and the IP address. Please refer to the CLI command 5.1.8. Example: configure the Hostname as “London” and IP address as 200.121.1.1 and then click on the “Apply” button. This configuration will be applied to the switch. Users should click “Switch basic configuration”...
Page 142: Trap Manager Configuration
5.6.2.2 Trap manager configuration Users should click “Switch basic configuration”, “SNMP configuration”, and “TRAP manager configuration” to configure the IP address of the management station which will receive SNMP Trap messages and Trap community strings. Please refer to the CLI command 5.4.4.2.5. Trap receiver –...
Page 143: Snmp Statistics
5.6.2.4 SNMP statistics When users click “Switch basic configuration”, “SNMP configuration” and “SNMP statistics”, a variety counter information 5.4.6.1.1. 5.6.2.5 RMON and trap configuration Users should click “Switch basic configuration”, “SNMP configuration” and “RMON and TRAP configuration” to configure the RMON function of the switch. Snmp Agent state –open/close the switch to be SNMP agent server function.
Page 144: Switch Upgrade
5.6.3 Switch upgrade Users should click “Switch basic configuration” and “Switch update” to configure the upgrade Node Tree Diagram. Two categories are explained below: TFTP Upgrade, including TFTP client service – to configure TFTP client TFTP server service – to configure TFTP server FTP Upgrade, including FTP client service –...
Page 145: Ftp Client Configuration
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Server state－status of the server. (“Open” or “Close”) Please refer to the CLI command 5.5.2.2.10 TFTP Timeout－the timeout. Please refer to the CLI command 5.5.2.2.12. TFTP Retransmit times－times of retransmission. Please refer to the CLI command 5.5.2.2.11. Users should open the TFTP server, and choose “Open”...
Page 146: Maintenance And Debug Command
configuration.” Words and phrases of “user configuration” are explained in the following: FTP Server state－status of the server. (“Open” or “Close”.) Please refer to the CLI command 5.5.2.2.5. FTP Timeout－the timeout. Please refer to the CLI command 5.5.2.2.6. User name－the name of the user. Please refer to the CLI command 5.5.2.2.8. Password－the specific password.
Page 147: Debug Command
Show telnet user－to display all Telnet client messages with authenticated switch access through Telnet. Please refer to the CLI command 5.2.4.12. Show version－to display the number/version of the switch. Please refer to the CLI command 5.2.4.13. 5.6.4.1 Debug command User should click “Switch basic configuration”, “Basic configuration debug”, and “Debug command”...
Page 148: Others
5.6.4.3 Others Other parts are easier to configure. Users just click a configuration node and the relating messages will appear. Example: to display the clock: to display FLASH files: 5.6.5 Basic introduction to switch Users should click “Switch basic configuration” and “Switch basic information” to enter into the configuration page and make configuration nodes Words and phrases are explained in the following: Device type－type of device...
Page 149: Switch On-Off Information
5.6.6 Switch on-off information Users should click “Switch on-off information” to enter into the configuration page and make configuration nodes. Words and phrases are explained in the following: RIP Status－on-off switch of RIP. (“Open” or “Close”) Refer to the CLI command 18.3.2.2.17. IGMP Snooping－on-off switch of IGMP Snooping.
Page 150: Exit Current Web Configuration
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 5.6.7.2 Exit current web configuration Users should quit the web-login by clicking “Switch maintenance” and “Exit current web configuration.” 5.6.7.3 Save current running-config Users should save the current running-config by clicking “Switch maintenance”, “Save current running-config”...
Page 151: Telnet Security Ip
Telnet server State－to choose from the drop-down list. (“Open” and “Close” service) Please refer to the CLI command 5.2.2.3.3. User name－a specific name of the Telnet user Password－to configure a specific password Encrypted text－to configure whether the password is encrypted when displaying configuration information.
Page 152: Chapter 6 Device Management
ES4710BD supports dual-master mode. If 2 master control boards are present in the system, the master control board in the smaller slot number becomes the Active Master and the other board becomes the Standby Master.
Page 153: Show Fan
Example: Switch # show slot M1 ------------------Slot : M1------------------ Inserted: Module type: EM4710BD-AGENT Work mode: ACTIVE MASTER Work state: RUNNING Software version: 1.0.3.0 Hardware version: v001 Bootrom version: 1.4.1 Serial number: DC-2396882-1234 Manufacture date: 2004/04/20 Temperature: 43.2500 6.2.2.1.2 show fan Command: show fan Function: Shows whether the fan tray is in place.
Page 154: Debug Devsm
Default: Debugging information is disabled by default. Command mode: Admin Mode 6.3 Card Hot-Swap Operation ES4710BD supports hot swapping of cards. Hot swapping of non-master control boards/cards will not affect the normal operation of other line cards. 6.3.1 Card Hot-Insertion The cards are automatically powered once inserted into the slots.
Page 155: Configuration Recover Rules
If the cards need to be replaced during normal operation, the following guidelines should be followed: Display a message of processing card hot removal. The card can be removed when the RUN indicator for the card to be removed goes off and the status of the card in master control board is REMOVED.
Page 156: Reset Specific Module
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 6.4.1 Reset specific module Click “Device management”, “Reset specific module”, select a module number and click “Apply”, then that module will be hot-swapped. This function is equal to the CLI command showing in 6.2.1. Click the Reset button to confirm the selection of the module number.
Page 157: Show Fan
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 6.4.3 Show fan Click “Device management”, “Show power”. The information column displayed on the right will show the current power status and display even if the power is plugged in or not. This function is equal to CLI command 6.2.2.1.3.
Page 158: Chapter 7 Port Configuration
ES4710BD.To distinguish between ports in different line cards, the port number (in the sense of software) provided by the ES4710BD system is “ethernet X/Y”, where X stands for the slot number for the card and Y stands for the number marked in the card panel. For instance, a EM4700BD-12GX-SFP line card is inserted to slot 1, then port 3 of this card corresponds to “ethernet 1/3”.
Page 159: Port Configuration
Enables/Disables specified ports Names or cancels the name of specified ports Sets the cable type for the specified port (This command is not supported on the ES4710BD line card ports of 1000MB and above) command...
Page 160: Ethernet Port Configuration Commands
speed-duplex {auto | force10-half | force10-full | force100-half | force100-full {force1g-half force1g-full} [nonegotiate [master | slave]] } } negotiation {on|off} bandwidth control <bandwidth> [both | receive | transmit] no bandwidth control flow control no flow control loopback no loopback rate-suppression {dlf | broadcast | multicast} <packets>...
Page 161: Combo-Forced-Mode
the port. For example, a bandwidth limit of 101 M (or more) cannot be set for a 10/100M Ethernet port. But for a 10/100/1000M port working under 100M, a bandwidth limit of 101M (or more) is permitted. Example: setting the bandwidth limit of ports 1 – 8 of slot 3’s card to 40M. Switch(Config)#interface ethernet 3/1-8 Switch(Config-Port-Range)#bandwidth control 40 both 7.2.1.2.2 combo-forced-mode...
Page 162: Flow Control
ES4710BD’s ports support IEEE802.3X flow control; the ports work in half-duplex mode, supporting back-pressure flow control. If flow control results in serious HOL, the switch will automatically start HOL control (discarding some packets in the COS queue that may result in HOL) to prevent drastic degradation of network performance.
Page 163: Interface Ethernet
Function: Sets the cable types supported by the Ethernet port; the “no mdi” command sets the cable type to auto-identification. This command is not supported on ES4710BD line card ports of 1000Mbps or more, these ports have auto-identification set for cable types.
Page 164: Name
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Example: Setting the cable type support of Ethernet ports 3/5 – 8 to straight-through cable only. Switch(Config)#interface ethernet 3/5-8 Switch(Config-Port-Range)#mdi normal 7.2.1.2.7 name Command: name <string> no name Function: Sets a name for the specified port; the “no name” command cancels the setting. Parameters: <string>...
Page 165: Rate-Suppression
7.2.1.2.9 rate-suppression Command: rate-suppression {dlf | broadcast | multicast} <packets> no rate-suppression {dlf | broadcast | multicast} Function: Sets the traffic limit for broadcasts, multicasts and unknown destination unicasts on all ports in the switch; the “no rate-suppression” command disables this traffic throttle function on all ports in the switch, i.e., enables broadcasts, multicasts and unknown destination unicasts to pass through the switch at line speed.
Page 166: Speed-Duplex
7.2.1.2.11 speed-duplex Command: speed-duplex {auto | force10-half | force10-full | force100-half | force100-full | { {force1g-half | force1g-full} [nonegotiate [master | slave]] } } no speed-duplex Function: Sets the speed and duplex mode for 1000Base-TX or 100Base-TX ports; the “no speed-duplex”...
Page 167: Vlan Interface Configuration Commands
Command Global Mode interface vlan <vlan-id> no interface vlan <vlan-id> 2. Configure the IP address for VLAN interface and enables VLAN interface. Command VLAN Mode ip address <ip-address> <mask> [secondary] no ip address [<ip-address> <mask>] VLAN Mode Shutdown no shutdown 7.2.2.2 VLAN Interface Configuration Commands 7.2.2.2.1 interface vlan Command: interface vlan <vlan-id>...
Page 168: Shutdown
A VLAN interface can have one primary IP address but multiple secondary IP addresses. Both primary IP address and secondary IP addresses can be used for SNMP/Web/Telnet management. In addition, ES4710BD allows IP addresses to be obtained through BootP/DHCP. Example: Setting the IP address of VLAN1 interface to 192.168.1.10/24.
Page 169: Network Management Port Configuration Commands
Command Global Mode interface ethernet <num> 2. Configure the properties for the network management port Command Network Management Port Configuration shutdown no shutdown speed {auto| force10| force100| } duplex {auto| full| half} loopback no loopback ip address <ip-address> <mask> no ip address [<ip-address> <mask>] 7.2.3.2 Network Management Port Configuration Commands 7.2.3.2.1 duplex Command: duplex {auto| full| half }...
Page 170: Interface Ethernet
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 7.2.3.2.2 interface ethernet Command: interface ethernet <interface-name> Function: Enters network management port configuration mode from Global Mode. Parameters: <interface-name> stands for port number, the default value is 0. Command mode: Global Mode Usage Guide: Run the exit command to exit the network management Interface Mode to Global Mode.
Page 171: Shutdown
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 7.2.3.2.5 shutdown Command: shutdown no shutdown Function: Shuts down the network management port; the “no shutdown” command opens the port. Command mode: Network management port configuration Mode Default: Network management port is open by default. Usage Guide: When network management port is shut down, no data frames are sent in the port, and the port status displayed when the user typed “show interface”...
Page 172: Port Mirroring Configuration Task Sequence
ES4710BD support one mirror destination port only. The number of mirror source ports are not limited, one or more may be used. Multiple source ports can be within the same VLAN or across several VLANs.
Page 173: Monitor Session Destination Interface
Command mode: Global Mode Usage Guide: This command sets the source port for mirroring. ES4710BD does not have any limit on the number mirror source port(s). The sent and/or received traffic by the source port can be mirrored. If [rx|tx|both] keyword is not specified, it will default to both. When multiple ports are mirrored, their mirrored traffic direction can be different, but should be configured separately.
Page 174: Device Mirroring Troubleshooting Help
Function: Displays information about mirror source/destination ports. Command mode: Admin Mode Usage Guide: This command displays the mirror source port(s) and destination port currently configured. Example: Switch#show monitor 7.2.4.5.2 Device Mirroring Troubleshooting Help If a problems occurs configuring port mirroring, please check the following first for causes: Whether the mirror destination port is a member of a trunk group or not, if yes, modify the trunk group.
Page 175: Port Troubleshooting Help
No VLAN has been configured in the switches, default VLAN1 is used. Switch 4/12 4/10 The configurations are listed below: SW1： Switch1(Config)#interface ethernet 2/7 Switch1(Config-Ethernet2/7)#bandwidth control 150 both SW2： Switch2(Config)#interface ethernet 3/9 Switch2(Config- Ethernet3/9)# speed-duplex force100-full Switch2(Config- Ethernet3/9)#exit Switch2(Config)#interface ethernet 4/12 Switch2(Config-Ethernet4/12)# speed-duplex force1000-full Switch2(Config-Ethernet4/12)#exit Switch2(Config)#monitor session 1 source interface ethernet 1/8;3/9...
Page 176: Show Interface
Default: Port statistics are not cleared by default. Usage Guide: If no port is specified, then statistics of all ports will be cleared. Example: Clearing the statistics for Ethernet port 1/1. Switch#clear counters ethernet 1/1 7.4.1.2 show interface Command: show interface [{ethernet <interface-number> | vlan <vlan-id> | port-channel <port-channel-number>...
Page 177: Ethernet Port Configuration
7.5.1 Ethernet port configuration Click “Port configuration”, “Ethernet port configuration” to open the Ethernet port configuration management table to configure Ethernet port duplex, speed, bandwidth control and so on. 7.5.1.1 Physical port configuration Click “port configuration”, “Ethernet port configuration”, “Physical port configuration” to configure the following information: Port: Specifies the configuration port MDI: Sets up the connection type of the Ethernet port.
Page 178: Vlan Interface Configuration
Bandwidth control level: port bandwidth control. The unit is Mbps and the value range is 1~10000Mbps Control type: Ingress means to control port bandwidth when receiving data packet sent from outside the switch. Egress means to control port bandwidth when sending data packets to outside of the switch.
Page 179: L3 Port Ip Addr Mode Configuration
7.5.2.2 L3 port IP addr mode configuration Click “Port configuration”, “vlan interface configuration”, “L3 port IP addr mode configuration” to set up L3 port IP address mode configuration. Port: L3 port IP mode: Specifies the Ip address, meaning users need to set up L3 IP address manually. Bootp-client means to gain an IP address and gateway address through BootP.
Page 180: Port Debug And Maintenance
Configure mirroring destination port. Equals to CLI command 7.2.3.3.2. Session: Mirroring dialog value destination interface tag: Setting the vlan tag function means all mirroring packets carry vlan tags; preserve means that if the Ingress mirroring packet, carrying a vlan tag, while Ingress, then Egress mirroring packet will carry vlan tag as well.
Page 181: Chapter 8 Mac Table Configuration
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Chapter 8 MAC Table Configuration 8.1 Introduction to MAC Table MAC table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses. Static MAC addresses are manually configured by the user, have the highest priority and are permanently effective (they will not be overwritten by dynamic MAC addresses);...
Page 182: Obtaining Mac Table
MAC 00-01-22-22-22-22 MAC 00-01-11-11-11-11 The topology of the figure above: 4 PCs connected to ES4710BD, where PC1 and PC2 belong to a same physical segment (same collision domain), the physical segment connects to port 1/5 of ES4710BD; PC3 and PC4 belong to the same physical segment that connects to port 1/12 of ES4710BD.
Page 183: Forward Or Filter
The switch will forward or filter received data frames according to the MAC table. Take the above figure as an example, assuming ES4710BD has learnt the MAC address of PC1 and PC3, and the user manually configured the mapping relationship for PC2 and PC4 to ports. The MAC table of...
Page 184: Mac Table Configuration
are configured in the switch, the MAC table will be adapted accordingly to add VLAN information. In this case, the switch will not forward the received broadcast frames to all ports, but forward the frames to all ports in the same VLAN. Multicast frames: If IGMP Snooping function has not been enabled, multicast frames are processed in the same way as broadcast frames;...
Page 185: Mac-Address-Table Blackhole
no mac-address-table [{static | dynamic} [address <mac-addr>] [vlan <vlan-id>] [interface <interface-name>] ] Function: Adds or modifies static address entries, the “no mac-address-table” command deletes static address entries and dynamic address entries. Parameters: static stands for static address entry; dynamic for dynamic address entry; <mac-addr>...
Page 186: Troubleshooting Help
Scenario: Four PCs as shown in the above figure are connected to ports 1/5, 1/7, 1/9, 1/11 of ES4710BD, all the four PCs belong to the default VLAN1. As required by the network environment, dynamic learning is enabled. PC1 holds sensitive data and can not be accessed by any other PC that is in another physical segment;...
Page 187: Show Mac-Address-Table Static
8.4.1.2 show mac-address-table static Command: show mac-address-table [static] [address <mac-addr>] [vlan <vlan-id>] [interface <interface-name>] Function: Displays the content of the current MAC table in the switch. Parameters: static stands for static entries; <mac-addr> for the MAC addresses of the entries to be displayed;...
Page 188: Mac Address Function Extension
support for a solution. 8.5 MAC Address Function Extension 8.5.1 MAC Address Binding 8.5.1.1 Introduction to MAC Address Binding Most switches support MAC address learning, allowing each port to dynamically learn several MAC addresses so that forwarding data streams between known MAC addresses within the ports can be achieved.
Page 189 Lock the MAC addresses for a port Command Interface Mode switchport port-security lock no switchport port-security lock switchport port-security convert switchport port-security timeout <value> no switchport port-security timeout switchport port-security <mac-address> no switchport port-security mac-address <mac-address> Admin Mode clear port-security dynamic <mac-addr>...
Page 190: Mac Address Binding Configuration Commands
8.5.1.2.2 MAC Address Binding Configuration Commands 8.5.1.2.2.1 switchport port-security Command: switchport port-security no switchport port-security Function: Enables the MAC address binding function for the port: the “no switchport port-security” command disables the MAC address binding function for the port. Command mode: Interface Mode Default: MAC address binding is not enabled by default.
Page 191: Switchport Port-Security Timeout
Function: Locks the port. When a port is locked, the MAC address learning function for the port will be disabled: the “no switchport port-security lock” command restores the MAC address learning function for the port. Command mode: Interface Mode Default: Ports are not locked by default. Usage Guide: The port locking command can only be executed after MAC address binding function has been enabled.
Page 192: Clear Port-Security Dynamic
EES4710BD 10 Slots L2/L3/L4 Chassis Switch address can be added. Example: Adding MAC 00-03-0F-FE-2E-D3 to port1. Switch(Config)#interface Ethernet 1/1 Switch(Config-Ethernet1/1)#switchport port-security mac-address 00-03-0F-FE-2E-D3 8.5.1.2.2.6 clear port-security dynamic Command: clear port-security dynamic [address <mac-addr> | interface <interface-id> ] Function: Clears the Dynamic MAC addresses of the specified port. Command mode: Admin Mode Parameters: <mac-addr>...
Page 193: Switchport Port-Security Violation
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 8.5.1.2.2.8 switchport port-security violation Command: switchport port-security violation {protect | shutdown} no switchport port-security violation Function: Sets the violation mode for the port; the “no switchport port-security violation” command restores the violation mode to protect. Command mode: Interface Mode Parameters: “protect”...
Page 194: Show Port-Security Interface
Displayed information Security Port MaxSecurityAddr CurrentAddr Security Action Max Addresses limit per port Total Addresses in System 8.5.1.3.1.2 show port-security interface Command: show port-security interface <interface-id> Function: displays the configuration of secure port. Command mode: Admin Mode Parameters: <interface-list> stands for the port to be displayed. Default: Configuration of secure ports is not displayed by default.
Page 195: Show Port-Security Address
Port Security Port status Violation mode Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Lock Timer Mac-Learning function 8.5.1.3.1.3 show port-security address Command: show port-security address [interface <interface-id>] Function: Displays the secure MAC addresses of the port. Command mode: Admin Mode Parameters: <interface-list>...
Page 196: Mac Address Binding Troubleshooting Help
8.5.1.3.2 MAC Address Binding Troubleshooting Help Enabling MAC address binding for ports may fail on some occasions. Here are some possible causes and solutions: If MAC address binding cannot be enabled for a port, make sure the port is not executing Spanning tree, port aggregation and is not configured as a Trunk port.
Page 197: Delete Unicast Address
8.6.1.2 Delete unicast address Click “MAC address table configuration”, “MAC address table configuration”, to delete a unicast address and MAC address. Equals to CLI command 8.2.2: Delete by VID: Deletes static MAC by the specified VID. Select Delete button to confirm the action Delete by MAC: Deletes specify MAC address.
Page 198: Show Mac Address Table
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Example: Select VID 1 and select query by VID. Click Search starting query. The new page will show the query results 8.6.1.4 Show MAC address table Click “MAC address table configuration”, “MAC address table configuration”, “show mac-address-table”...
Page 199: Enable Port Mac-Binding
8.6.2.1 Enable port MAC-Binding Click “MAC address table configuration”, “MAC address binding configuration”, “Enable port Mac-binding”, to enable port MAC-binding list to set up port security function. 8.6.2.1.1 Enable port MAC-Binding Click “MAC address table configuration”, “MAC address binding configuration”, “Enable port Mac-binding”, “Enable port Mac-binding”...
Page 200: Enable Port Security Timeout
8.6.2.2.3 Enable port security timeout Click “MAC address table configuration”, “MAC address binding configuration”, “Lock port”, “Enable port security timeout” to lock port security. Equals to CLI command 8.5.1.2.2.4: Port: specifies the configuration port Timeout Value (0-300 seconds): Lock the time out value Example: Select Ethernet port 1/1 and set up Timeout value as 30 seconds, then click the Apply button.
Page 201: Mac Binding Attribution Configuration
8.6.2.3 MAC binding attribution configuration Click “MAC address table configuration”, “MAC address binding configuration”, “MAC binding attribution configuration” to enable port security configuration management lists to set up port security types. 8.6.2.3.1 Maximum port security IP number configuration Click “MAC address table configuration”, “MAC address binding configuration”, “MAC binding attribution configuration”, “Maximum port security IP number configuration”...
Page 202: Mac Binding Debug
8.6.2.4 MAC binding debug Click “MAC address table configuration”, “MAC address binding configuration”, “MAC binding debug” to open port security debug window to check port security debugging information. 8.6.2.4.1 Show MAC binding security address Click “MAC address table configuration”, “MAC address binding configuration”, “MAC binding debug”, “Show mac binding security address”...
Page 203: Vlan Configuration
This way, virtual workgroups can be formed regardless of the physical location of the devices. IEEE 802.1Q protocol was announced to direct the standardized VLAN implementation. ES4710BD VLAN implementation follows IEEE 802.1Q. VLAN technology can partition a big LAN into many separate broadcast domains dynamically to meet demands.
Page 204: Vlan Configuration
Lowered network cost Enhanced network security VLAN and GVRP (GARP VLAN Registration Protocol) are defined by IEEE 802.1Q and implemented by ES4710BD. This chapter will describe the use and configuration of VLANs and GVRP in detail. 9.2 VLAN Configuration 9.2.1 VLAN Configuration Task Sequence...
Page 205: Vlan Configuration Commands
Command VLAN Mode switchport interface <interface-list> no switchport interface <interface-list> 4. Set The Switch Port Type Command Interface Mode switchport mode {trunk|access} 5. Set Trunk port Command Interface Mode switchport trunk allowed vlan {<vlan-list>|all} no switchport trunk allowed vlan switchport trunk native vlan <vlan-id> no switchport trunk native vlan 6.
Page 206: Name
configure a VLAN name and the switch ports assigned to the VLAN. The “no vlan <vlan-id>” command deletes specified VLANs. Parameters: <vlan-id> is the VLAN ID to be created/deleted, valid range is 1 to 4094. Command mode: Global Mode Default: VLAN1 is set by default. Usage Guide: VLAN1 is the default VLAN and cannot be configured or deleted by the user.
Page 207: Switchport Interface
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch(Config-ethernet1/8)#switchport mode access Switch(Config-ethernet1/8)#switchport access vlan 100 Switch(Config-ethernet1/8)#exit 9.2.2.4 switchport interface Command: switchport interface <interface-list> no switchport interface <interface-list> Function: Assigns Ethernet ports to VLAN; the “no switchport interface <interface-list>” command deletes one or one set of ports from the specified VLAN. Parameters: <interface-list>...
Page 208: Switchport Trunk Native Vlan
Command: switchport trunk allowed vlan {<vlan-list>|all} no switchport trunk allowed vlan Function: Sets trunk port to allow VLAN traffic; the “no switchport trunk allowed vlan” command restores the default setting. Parameters: <vlan-list> is the list of VLANs allowed to pass through in the specified Trunk port; keyword “all”...
Page 209: Typical Vlan Application
Command mode: Interface Mode Default: VLAN ingress rules are enabled by default. Usage Guide: When VLAN ingress rules are enabled on the port and the system receives data, it will check the source port first, then forwards the data to the destination port if it is a VLAN member port.
Page 210 VLAN200 Trunk port Connect the Trunk ports of both switches for a Trunk link to convey the cross-switch VLAN traffic. Connect all network devices to the other ports of the corresponding VLANs. In this example, port 1 and port 12 are not assigned and so can be used as management ports or for other purposes.
Page 211: Gvrp Configuration
9.3 GVRP Configuration GARP (Generic Attribute Registration Protocol) can be used to dynamically distribute, populate and register property information between switch members within a switch network, the property can be VLAN information, Multicast MAC address of the other information. As a matter of fact, GARP protocol can convey multiple property features the switch needs to populate.
Page 212: Gvrp Commands
Command Interface Mode gvrp no gvrp Global Mode gvrp no gvrp 9.3.2 GVRP Commands 9.3.2.1 garp timer join Command: garp timer join <timer-value> no garp timer join Function: Sets the join timer for GARP; the “ no garp timer join” command restores the default timer setting.
Page 213: Garp Timer Hold
Switch(Config-Ethernet1/10)#garp timer leave 3000 9.3.2.3 garp timer hold Command: garp timer hold <timer-value> no garp timer hold Function: Sets the hold timer for GARP; the “no garp timer hold” command restores the default timer setting. Parameters: < timer-value> is the value for GARP hold timer, the valid range is 100 to 327650 ms. Command mode: Interface Mode Default: The default value for hold timer is 100 ms.
Page 214: Typical Gvrp Application
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Command mode: Interface Mode and Global Mode. Default: GVRP is disabled by default. Usage Guide: Port GVRP can only be enabled after global GVRP is enabled. When global GVRP is disabled, port GVRP configurations are also void. Note GVRP can only be enabled on Trunk ports. Example: Enabling the GVRP function globally and for Trunk port 1/10.
Page 215 EES4710BD 10 Slots L2/L3/L4 Chassis Switch Configuration Configuration description Item VLAN100 Port 2 – 6 of Switch A and C Trunk port Port 11 of Switch A and C, Port 10, 11 of Switch B Global GVRP Switch A, B, C: Port GVRP Port 11 of Switch A and C, Port 10, 11 of Switch B Connect the two workstation to the VLAN100 ports in switch A and B, connect port 11 of Switch A...
Page 216: Vlan Troubleshooting Help
Switch(Config-Ethernet1/11)#switchport mode trunk Switch(Config-Ethernet1/11)#gvrp Switch(Config-Ethernet1/11)#exit 9.4 VLAN Troubleshooting Help 9.4.1 Monitor and Debug Information 9.4.1.1 show vlan Command: show vlan [brief| summary] [id <vlan-id>] [name <vlan-name>] Function: Displays detailed information for all VLANs or a specified VLAN. Parameters: brief stands for brief information; summary for VLAN statistics; <vlan-id> for VLAN ID of the VLAN to display status information, the valid range is 1 to 4094;...
Page 217: Show Garp
Total Existing Vlans is:2 Displayed information VLAN Name Type Media Ports Universal Vlan Dynamic Vlan 9.4.1.2 show garp Command: show garp [<interface-name>] Function: Displays the global and port information for GARP. Parameters: <interface-nam> stands for the name of the Trunk port to be displayed. Command mode: Admin Mode Usage Guide: N/A.
Page 218: Vlan Troubleshooting Help
The GARP counter setting in for Trunk ports in both ends of Trunk link must be the same, otherwise GVRP will not work properly. It is recommended to avoid enabling GVRP and RSTP at the same time in ES4710BD. If GVRP is to be enabled, RSTP function for the ports must be disabled first.
Page 219: Vid Attribution Configuration
VLAN ID information window will display current VLANs of the switch: 9.5.1.1.2 VID attribution configuration Click “Vlan configuration”, “Vlan configuration”, “Create/Remove VLAN”, “VID attribution configuration” to setup VID type: VLAN ID: specified VLAN ID VLAN Name: allocate VLAN name. Equals to CLI command 9.2.2.2 VLAN Type: VLAN type Example: Set up VLAN ID as 2, VLAN Name as default and VLAN type as universal vlan and click Apply button then VLAN 2 is created.
Page 220: Port Type Configuration
Information display shows the VLAN allocation result: 9.5.1.3 Port type configuration Click “Vlan configuration”, “Vlan configuration”, ”Port type configuration” to open port type configuration list. 9.5.1.3.1 Set port mode(trunk/access) Click “Vlan configuration”, “Vlan configuration”, “Port type configuration”, “Set port mode” (Trunk/Access) to set up port mode of the switch: Port: specified port Type: port mode including access mode and trunk mode.
Page 221: Trunk Port Configuration
9.5.1.4 Trunk port configuration Click “Vlan configuration”, “Vlan configuration”, “Trunk port configuration” to open Trunk port VLAN configuration list. 9.5.1.4.1 Vlan setting for trunk port Click “Vlan configuration”, “Vlan configuration”, “Trunk port configuration”, “Vlan setting for trunk port” to set up trunk port VLAN type: Set trunk native vlan.
Page 222: Set Allow Vlan
9.5.1.5 Set allow Vlan Click “Vlan configuration”, “Vlan configuration”, “Access port configuration” to open Access port VLAN configuration list to allocate Access port VLAN. 9.5.1.5.1 Vlan setting for access port Click “Vlan configuration”, “Vlan configuration”, “Access port configuration”, “Vlan setting” to add current access ports to specified a VLAN or delete by VLAN: Port: specified port Vlan ID: Specified VLAN ID...
Page 223: Disable Vlan Ingress Rule
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Click “Vlan configuration”, “Vlan configuration”, “Enable/Disable Vlan filter rule” to open VLAN ingress configuration list to setup VLAN filter function. 9.5.1.6.1 Disable Vlan ingress rule Click “Vlan configuration”, “Vlan configuration”, to Enable/Disable Vlan ingress rule. Example: Select Ethernet port 1/1 and click the Apply button and the VLAN ingress rule of port 1/1 will be disabled.
Page 224: Vlan Debug And Maintenance
Click “Vlan configuration”, “GVRP configuration”, “GVRP configuration” to configure GVRP parameters of the switch： Port: specified port Join timer (100~327650ms): configures the value of GARP join timer. Equals to CLI command 9.3.2.1 Leave timer (100~327650ms): configures the value of GARP leave timer. Equals to CLI command 9.3.2.2 Hold timer (100~327650ms): configures the value of GARP hold timer.
Page 225: Show Garp
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 9.5.3.2 Show GARP Click “Vlan configuration”, “Vlan debug” and “maintenance”, “show garp” The information window in the right will display all related GARP information. Equals to CLI command 9.4.1.2 9.5.3.3 Show GVRP Click “Vlan configuration”, ”Vlan debug” and “maintenance”, “show gvrp”. The display window on the right will show all related GVRP information.
Page 226: Mstp Field
spanning tree instances (MSTI). It applies the fast converging properties, enabling multiple VLAN of the same topology to map to one spanning tree instance, while that spanning tree topology is independent of the other spanning tree instances. This mechanism provides an independent transmitting path for VLAN dataflow mapping to multiple spanning tree instances.
Page 227: Mst Inter-Field Operation
CIST Regional Root. The root port in the Field CIST Regional Root is Master Port to all the MSTI in the field. When MSTP initializes, it will send a BPDU announcing itself as the CIST Regional Root and setting the route code to the CIST Root and CIST Regional Root to 0. The bridge will initialize all MSTIs at the same time it can claiming itself root of all MSTIs.
Page 228: Mstp Configuration
10.2 MSTP Configuration 10.2.1 MSTP configuration task sequence 1. Enable MSTP and set the running mode 2. Configure instance parameters 3. Configure MSTP field parameter 4. Configure MSTP time parameter 5. Configure the fast migrate feature for MSTP 1. Enable MSTP and set the running mode Command Global Mode and Port Mode.
Page 229 Command Global Mode spanning-tree mst configuration no spanning-tree mst configuration MSTP field mode instance <instance-id> vlan <vlan-list> no instance <instance-id> [vlan <vlan-list>] name <name> no name revision-level <level> no revision-level abort exit 4. Configure MSTP time parameters Command Global Mode spanning-tree forward-time <time>...
Page 230: Introduction To Mstp Configuration Commands
Command Port Mode spanning-tree link-type {auto|force-true|force-false} no spanning-tree link-type spanning-tree portfast no spanning-tree portfast 10.2.2 Introduction to MSTP configuration commands 10.2.2.1 abort Command: abort Function: Discards the configuration in MSTP field and exits from MST mode to Global Mode. Command mode: MSTP Field Mode. Usage Guide: When using this command to exit MST mode, the configuration made to the MSTP field won't take effect and the previously saved MSTP field configuration remains effective.
Page 231: Name
to Instance 0. Usage Guide: This command is used to set VLAN-Instance mapping. Switches are considered to be in the same MSTP field only if they have identical mapping and other MSTP field parameters. All VLANs belong to Instance 0 when no Instance has been configured. MSTP support up to 48 MSTI (excluding CIST).
Page 232: Spanning-Tree
10.2.2.6 spanning-tree Command: spanning-tree no spanning-tree Function: Enables MSTP in Global Mode and Port Mode; the "no spanning-tree" command disables MSTP. Command mode: Global Mode and Port Mode Default: MSTP is disabled by default. Usage Guide: If MSTP is enabled in Global mode, MSTP will be enabled on all ports except those already running applications mutually exclusive to MSTP.
Page 233: Spanning-Tree Link-Type P2P
Command mode: Global Mode Default: The default Hello time is 2 seconds. Usage Guide: The interval for switch to send a BPDU is referred to as Hello time. The Hello time, forward delay time, and max age time are associated. When configuring these time parameters, the following conditions must be met, otherwise the MSTP may not work properly.
Page 234: Spanning-Tree Max-Hop
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Bridge_Max_Age >= 2 ×(Bridge_Hello_Time + 1.0 seconds) Example: Setting the maximum age time to 25 seconds in Global Mode. Switch(Config)#spanning-tree maxage 25 10.2.2.11 spanning-tree max-hop Command: spanning-tree max-hop <hop-count> no spanning-tree max-hop Function: Sets the maximum hops allowed for connecting to the port; the “no spanning-tree max-hop”...
Page 235: Spanning-Tree Mode
10.2.2.13 spanning-tree mode Command: spanning-tree mode {mstp|stp} no spanning-tree mode Function: Sets the switch to run in Spanning Tree mode; the “no spanning-tree mode” command restores the default setting. Parameters: mstp sets the switch in IEEE 802.1s MSTP mode; stp sets the switch in IEEE 802.1D STP mode.
Page 236: Spanning-Tree Mst Cost
10.2.2.15 spanning-tree mst cost Command: spanning-tree mst <instance-id> cost <cost> no spanning-tree mst <instance-id> cost Function: Sets the route cost for the current Ethernet port; “no spanning-tree mst <instance-id> cost” command restores the default value. Parameters: <instance-id> is the instance ID of the specified instance, ranging from 0 – 48; <cost> is the route cost value, ranging from 1 - 200,000,000.
Page 237: Spanning-Tree Mst Priority
priority. Example: Setting the priority for port 1/2 of instance1 to 32. Switch(Config)#interface ethernet 1/2 Switch(Config-Ethernet1/2)#spanning-tree mst 1 port-priority 32 10.2.2.17 spanning-tree mst priority Command: spanning-tree mst <instance-id> priority <bridge-priority> no spanning-tree mst <instance-id> priority Function: Sets the switch bridge priority of the specified instance; the “no spanning-tree mst” restores the default priority value for the switch on the specified instance.
Page 238: Mstp Example
10.3 MSTP Example The following is a typical MSTP application scenario: Figure 00-2 MSTP Typical Application Example As illustrated in the figure above by the lines between SW1-SW4, MSTP is running. All the switches run in MSTP mode by default, their bridge priority, port priority and port route cost are all the default values (equal).
Page 239 Port 4 Port 5 Port 6 Port 7 By default, MSTP will establish a topology (in blue lines) rooted with SW1, the ports marked with “x” are in the Discarding status, the other ports are in the Forwarding status. Configurations adjustment: Step 1: Configure port-VLAN mapping.
Page 240 EES4710BD 10 Slots L2/L3/L4 Chassis Switch SW2(Config)#spanning-tree Switch SW3: SW3(Config)#vlan 20 SW3(Config-Vlan20)#exit SW3(Config)#vlan 30 SW3(Config-Vlan30)#exit SW3(Config)#vlan 40 SW3(Config-Vlan40)#exit SW3(Config)#vlan 50 SW3(Config-Vlan50)#exit SW3(Config)#spanning-tree mst configuration SW3(Config-Mstp-Region)#name mstp SW3(Config-Mstp-Region)#instance 3 vlan 20;30 SW3(Config-Mstp-Region)#instance 4 vlan 40;50 SW3(Config-Mstp-Region)#exit SW3(Config)#interface e1/1-7 SW3(Config-Port-Range)#switchport mode trunk SW3(Config-Port-Range)#exit SW3(Config)#spanning-tree SW3(Config)#spanning-tree mst 3 priority 0...
Page 241 SW4(Config-Port-Range)#exit SW4(Config)#spanning-tree SW4(Config)#spanning-tree mst 4 priority 0 After the above configuration, all instance CIST (Instance0) of the entire network take SW1 as the root bridge, and in the MSTP fields in which SW2, SW3 and SW4 reside, the region root of Instance0 is SW2, and SW3 for Instance3, SW4 for Instance4.
Page 242: Mstp Troubleshooting Help
Figure 00-4 Instance3 topology in the MSTP field after MSTP change Figure 00-5 Instance4 topology in the MSTP field after MSTP change 10.4 MSTP Troubleshooting Help 10.4.1 Monitor and Debug Command 10.4.1.1 show spanning-tree Command: show spanning-tree [mst [<instance-id>]] [interface <interface-list>] [detail] Function: Displays MSTP and instances information.
Page 243 MSTP information can be displayed with the “show spanning-tree” command. Example: Displaying MSTP information, the displayed contents are shown below. Switch#sh spanning-tree -- MSTP Bridge Config Info -- Standard : IEEE 802.1s Bridge MAC : 00:03:0f:01:0e:30 Bridge Times : Max Age 20, Hello Time 2, Forward Delay 15 Force Version: 3 ########################### Instance 0 ########################### Self Bridge Id...
Page 244 ########################### Instance 4 ########################### Self Bridge Id : 32768.00:03:0f:01:0e:30 Region Root Id : this switch Int.RootPathCost : 0 Root Port ID Current port list in Instance 4: Ethernet1/1 Ethernet1/2 (Total 2) PortName IntRPC -------------- ------- --------- --- ---- ------------------ ------- Ethernet1/1 128.001 Ethernet1/2 128.002 Displayed information...
Page 245: Show Mst Configuration
10.4.1.2 show mst configuration Command: show spanning-tree mst config Function: Displays the effective MSTP field parameter configurations in admin mode. Command mode: Admin Mode Usage Guide: The command displays the current effective parameter of the MSTP field, such as MSTP field name, revision level, VLAN-instance mapping, etc. Example: Displaying the MSTP field configuration for the switch.
Page 246: Debug Spanning-Tree
The MSTP function, port MAC binding and 802.1x function of ES4710BD are mutually exclusive. When MAC binding and IEEE 802.1x are configured, MSTP cannot be enabled. EES4710BD 10 Slots L2/L3/L4 Chassis Switch...
Page 247: Web Management
10.5 WEB MANAGEMENT Click “MSTP control” to enter MSTP control configuration mode to manage MSTP features for the switch. 10.5.1 MSTP field operation Click “MSTP control” to enter MSTP field operation. 10.5.1.1 Instance configuration Click “MSTP control” to enter MSTP field operation, then Instance configuration. Create the Instance and configure the VLAN-Instance mapping or add VLAN table entry mapping to specified Instance.
Page 248: Mstp Port Operation
10.5.2 MSTP port operation 10.5.2.1 Edge port setting Click “MSTP control” to enter MSTP field operation, then "PortFast Config". Set the port to be an edge port Configure port 1/5 to be edge ports. 10.5.2.2 Port priority setting Click “MSTP control” to enter MSTP port operation, then "Port Priority Config". Set the priority for the current port on specified instance Set the priority for port 1/2 of instance1 to 32.
Page 249: Link Type Configuration
10.5.2.5 Link type configuration Click “MSTP control” to enter MSTP port operation, then "Link_Type Config". Set the link type of the current port. Set the link of port 1/7 to be forced point-to-point type. 10.5.2.6 MSTP port configuration Click “MSTP control” to enter MSTP port operation, then "MSTP Agreement Port Config". Run the command to enable MSTP under the switch port configuration mode.
Page 250: Set The Max Age Time For Bpdu Information In The Switch
Click “MSTP control” to enter MSTP Global control, then "Hello_time Config". Set the Hello time for the switch. Set MSTP Hello time to 5 seconds in Global Mode. 10.5.3.4 Set the max age time for BPDU information in the switch Click “MSTP control”, MSTP Global Control, then enter the switch BPDU message "Max Age Time Config".
Page 251: Show Mstp Setting
Click “MSTP control”, “MSTP Global control”, enter the "Priority Config" to set bridge priority for the switch for the specified instance. Set bridge priority of the specified instance for the switch Configure switch instance2 priority to 4096. 10.5.4 Show MSTP setting 10.5.4.1 Instance information Click MSTPL control, “show MSTP settings”, enter "Instance Information".
Page 252: Chapter11 Igmp Snooping Configuration
ES4710BD provides IGMP Snooping and is able to send a query from the switch so that the user can use ES4710BD in IP multicast.
Page 253: Igmp Snooping Configuration Command
ip igmp snooping vlan <vlan-id> no ip igmp snooping vlan <vlan-id> ip igmp snooping vlan <vlan-id> mrouter interface <interface –name> no ip igmp snooping vlan <vlan-id> mrouter igmp snooping vlan immediate-leave igmp snooping vlan immediate-leave ip igmp snooping vlan <vlan-id> static <multicast-ip-addr>...
Page 254: Ip Igmp Snooping Vlan
command disables the IGMP Snooping function. Command mode: Global Mode Default: IGMP Snooping is disabled by default. Usage Guide: Enabling IGMP Snooping allows the switch to monitor multicast traffic in the network and decide which ports will receive multicast traffic. Example: Enabling IGMP Snooping in Global Mode.
Page 255: Ip Igmp Snooping Vlan Static
11.2.2.4 ip igmp snooping vlan static Command: ip igmp snooping vlan <vlan-id> static <multicast-ip-addr> interface <interface –name> no ip igmp snooping vlan <vlan-id> static <multicast-ip-addr> Function: Enables the IGMP Snooping static multicast group membership: the “no ip igmp snooping vlan <vlan-id> static <multicast-ip-addr>” command disables the function. Parameters: <mac-id>...
Page 256: Ip Igmp Snooping Vlan Query Robustness
Parameters: <vlan-id> is the VALN number specified. Command mode: Global Mode Default: IGMP Query is disabled by default. Usage Guide: Before enabling the IGMP Query function for the specified VLAN, the switch must have a corresponding VLAN configured and IGMP Snooping enabled. It should be noted that this command cannot be used with ip igmp snooping vlan <vlan-id>...
Page 257: Igmp Snooping Example
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Parameters: <vlan-id> is the specified VLAN number; <time-value> is maximum query response time, valid range is 10 to 25. Command mode: Global Mode Default: The maximum response time is 10 seconds. Example: Setting the maximum IGMP Query response time of VLAN 100 to 12 seconds. Switch(C onfig)#ip igmp snooping vlan 100 query max-response-time 12 11.3 IGMP Snooping Example Scenario 1.
Page 258 Switch(C onfig)#ip igmp snooping Switch(C onfig)#ip igmp snooping vlan 100 Switch(C onfig)#ip igmp snooping vlan 100 mrouter interface ethernet 1/1 Multicast Configuration Suppose two programs are provided in the Multicast Server using multicast address Group1 and Group2, three of four hosts running multicast applications are connected to port 2, 6, 10 plays program1, while the host is connected to port 12 plays program 2.
Page 259: Igmp Snooping Troubleshooting Help
The configuration of Switch2 is the same as the switch in scenario 1, Switch1 takes the place of Multicast Router in scenario 1. Let’s assume VLAN 60 is configured in Switch1, including ports 1, 2, 6, 10 and 12. Port 1 connects to the multicast server, and port 2 connects to Switch2. In order to send Query at regular interval, IGMP query must enabled in Global mode and in VLAN60.
Page 260 IGMP information for VLAN 1: igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port :(null)-------------------------------- IGMP information for VLAN 2: igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port :(null) -------------------------------- IGMP information for VLAN 3: igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port :(null)
Page 261 Displayed information igmp snooping status igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port igmp snooping vlan mrouter state 2. Displaying detailed information of IGMP Snooping and Query for VLAN2. Switch#show ip igmp snooping vlan 2 IGMP information for VLAN 2: igmp snooping status igmp snooping vlan status...
Page 262: Show Mac-Address-Table Multicast
-------------------------------------------------------------------------- Ethernet1/4 MEMBERS_PRESENT -------------------------------------------------------------------------- Ethernet1/5 MEMBERS_PRESENT MEMBERS_PRESENT -------------------------------------------------------------------------- Displayed information igmp snooping status igmp snooping vlan status igmp snooping vlan query igmp snooping vlan mrouter port igmp snooping vlan mrouter state igmp snooping vlan mrouter present igmp snooping vlan query TX igmp snooping vlan query SX igmp snooping multicast mac igmp snooping multicast port...
Page 263: Igmp Snooping Troubleshooting Help
command disables this debug function. Command mode: Admin Mode Default: IGMP Snooping debug is disabled by default. Usage Guide: Use this command to enable IGMP Snooping debug, IGMP packet processing information can be displayed. Example: Enabling IGMP Snooping debug. Switch# debug ip igmp snooping 11.4.2 IGMP Snooping Troubleshooting Help IGMP Snooping function cannot be used with IGMP Query, Snooping is not available when Query is enabled.
Page 264: Igmp Snooping Configuration
11.5.2 IGMP snooping configuration Click “IGMP Snooping configuration” node to enter the IGMP Snooping configuration page. This page is divided into 3 sections: query configuration, snooping configuration and configuration display. 11.5.2.1 Query configuration The description for each parameter is as follows: VLAN ID－configures the vlan ID for query Query State－query status: enables or displays.
Page 265: Igmp Snooping Static Multicast Configuration
11.5.3 IGMP snooping static multicast configuration Click “IGMP Snooping static multicast configuration” to enter the configuration screen. The page is divided into configuration section and display section. 11.5.3.1 IGMP snooping static multicast configuration The description for each parameter is as follows: VLAN ID－configures the Vlan ID Multicast group member port Multicast address－configures the multicast address.
Page 266 EES4710BD 10 Slots L2/L3/L4 Chassis Switch...
Page 267: Chapter 12 Acl Configuration
Chapter 12 ACL Configuration 12.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguarding the security of networks. The user can lay down a set of rules according to some information specific to packets, each rule describes the action for a packet with certain information matched: “permit”...
Page 268: Acl Configuration
The following rules apply: An access list can consist of several rules. Filtering of packets compares packet conditions to the rules, from the first rule to the first matched rule; the rest of the rules will not be processed. Global default action applies only to IP packets in the incoming direction on the ports. For non- incoming IP packets and all outgoing packets, the default forward action is “permit”.
Page 269 access list <num> {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} no access list <num> (2) Configuring a numbered extensive IP access list Command Global Mode access list <num> {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr>...
Page 270 a. Create a name-based standard IP access list Command Global Mode ip access standard <name> no ip access standard <name> b. Specify multiple “permit” or “deny” rules Command Standard IP ACL Mode [no] {deny | permit} {{<sIpAddr> <sMask >} | any-source | {host-source <sIpAddr>}} c.
Page 271 [no] {deny | permit} tcp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}} [d-port <dPort>] [ack | fin | psh | rst | syn | urg] [precedence <prec>] [tos <tos>] [no] {deny | permit} udp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr>...
Page 272: Acl Configuration Commands
ip access-group <name> {in|out } no ip access-group <name> {in|out} 12.2.2 ACL Configuration Commands 12.2.2.1 access-list(extended) Command: access-list <num> {deny | permit} icmp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination | {host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>] [tos <tos>] access-list <num>...
Page 273: Access List(Standard)
Default: No IP address is configured by default. Usage Guide: When the user first specifies a specific <num>, the ACL of this number will be created, and entries can be added to that ACL. Example: Creating an extensive IP access list numbered as 110. Denying ICMP packets and allowing UDP packets destined for 192.168.0.1, port 32.
Page 274: Ip Access Extended
Command: firewall default {permit | deny} Function: sets firewall default action. Parameters: “permit” allows packets to pass through; “deny” blocks packets. Command mode: Global Mode Default: The default action is “permit”. Usage Guide: This command affects incoming IP packets on the port only, other packets are allowed to pass through the switch.
Page 275: Permit | Deny(Extended)
Command: ip access-group [<num>|<acl-name> { in|out } no ip access-group <name> { in|out } Function: Applies an access list to the incoming direction on the port; the “no ip access-group <name> {in|out}” command deletes the access list bound to the port. Parameter: <name>...
Page 276: Permit | Deny(Standard)
Switch(Config)#ip access list extended udpFlow Switch(Config-Ext-Nacl-udpFlow)#deny igmp any-source any-destination Switch(Config-Ext-Nacl-udpFlow)#permit udp any-source host-destination 192.168.0.1 d-port 32 12.2.2.9 permit | deny(standard) Command: {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} no {deny | permit} {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} Function: Creates a standard name-based IP access rule;...
Page 277: Acl Troubleshooting Help
Switch(Config-Ethernet1/10)#ip access-group 110 in Switch(Config-Ethernet1/10)#exit Switch(Config)#exit Configuration result.: Switch#show firewall Firewall Status: Enable. Firewall Default Rule: Permit. Switch#show access lists access list 110(used 1 time(s)) access list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21 Switch#show access-group interface ethernet 1/10 interface name:Ethernet1/10 the ingress acl use in firewall is 110.
Page 278: Show Access-Group
Displayed information access list 10(used 0 time(s)) access list 10 deny any-source access list 100(used 1 time(s)) access list 100 deny ip any-source any-destination access list 100 deny tcp any-source any-destination 12.4.1.2 show access-group Command: show access-group [interface <name>] Function: Displays ACL binding information for the port. Parameters: <name>...
Page 279: Acl Troubleshooting Help
Command mode: Admin Mode Usage Guide: Example: Switch#show firewall Firewall Status: Enable. Firewall Default Rule: Permit. Displayed information Firewall Status: Enable. Firewall Default Rule: Permit. 12.4.2 ACL Troubleshooting Help Checking for entries in the ACL is done in a top-down order and ends whenever an entry is matched.
Page 280: Numeric Standard Acl Configuration
12.5.1 Numeric standard ACL configuration Click “Numeric ACL Configuration”, and then “Add Standard Numeric ACL” section to enter the configuration page. Equals to its CLI command of 12.2.2.2. The explanations of each section are: ACL number – 1- 99 Rule – permit or deny Source address type –...
Page 281 There are several sub-sections in this category： ACL number (100-199) Rule － permit or deny Source address type － Specified IP address or any randomly allocated IP address Source IP address Reverse network mask Target address type － Specified IP address or any randomly allocated IP address Destination IP address Reverse network mask IP precedence...
Page 282: Configure Standard Acl Name Configuration And Delete The Standard Acl Name
12.5.4 Configure standard ACL name configuration and delete the standard ACL name configuration Click “ACL name configuration” to open up the sub-sections, next click “ACL name configuration” to enter the configuration page. The way to configure the “ACL name configuration” is the same with “Numeric ACL Configuration”.
Page 283: Configure Extended Acl Name Configuration
12.5.5 Configure extended ACL name configuration Click “ACL name configuration”, the configuration sections will then be shown. There are 6 types of extended ACL name configurations: IP extended ACL name configuration ICMP extended ACL name configuration IGMP extended ACL name configuration TCP extended ACL name configuration UDP extended ACL name configuration Other protocols extended ACL name configuration...
Page 284: Acl Port Binding
12.5.7 ACL port binding Click “Filter configuration”, and then select “ACL port binding” to enter the configuration page. Equal to CLI command: 12.2.2.7 There are five items in this section. Port – the target port to bind to ACL ACL name – the target ACL name to bind Ingress/Egress –...
Page 285: Port Channel Configuration
If a port in Port Channel fails, the other ports will undertake traffic of that port through a traffic allocation algorithm. This algorithm is carried out by the hardware. ES4710BD offers 2 methods for configuring port aggregation: manual Port Channel creation and LACP (Link Aggregation Control Protocol) dynamic Port Channel creation. Port aggregation can only be performed on ports in full-duplex mode.
Page 286: Port Channel Configuration
8 port groups and 8 ports in each port group are supported. Once ports are aggregated, they can be used as a normal port. ES4710BD has a built-in aggregation interface configuration mode, the user can perform related configuration in this mode just like in the VLAN and physical port configuration mode.
Page 287: Port Channel Configuration Commands
Command Interface Mode port-group <port-group-number> mode {active|passive|on} no port-group <port-group-number> 3. Enter port-channel configuration mode. Command Global Mode interface port-channel <port-channel-number> 13.2.2 Port Channel Configuration Commands 13.2.2.1 port-group Command: port-group <port-group-number> [load-balance { src-mac|dst-mac | dst-src-mac | src-ip| dst-ip|dst-src-ip}] no port-group <port-group-number> [load-balance] Function: Creates a port group and sets the load balance method for that group.
Page 288: Interface Port-Channel
Command: port-group <port-group-number> mode {active|passive|on} no port-group <port-group-number> Function: Adds a physical port to port channel, the “no port-group <port-group-number>” removes specified port from the port channel. Parameters: <port-group-number> is the group number of port channel, from 1 to 8; active enables LACP on the port and sets it in Active mode;...
Page 289: Port Channel Example
Fig 14-2 Configuring Port Channel in LACP Example: The switches in the description below are all ES4710BD switches and as shown in the figure, ports 1, 2, 3 of Switch 1 are access ports that belong to vlan1. Add those three port to group1 in active mode;...
Page 290 EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch2 (Config-If-Port-Channel2)# Configuration result: Shell prompts ports aggregated successfully after a while, now ports 1, 2, 3 of Switch 1 form an aggregated port named “Port-Channel1”, ports 6, 8, 9 of Switch 2 forms an aggregated port named “Port-Channel2”;...
Page 291: Port Channel Troubleshooting Help
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch2 (Config)#interface eth 1/6 Switch2 (Config-Ethernet1/6)#port-group 2 mode on Switch2 (Config-Ethernet1/6)#exit Switch2 (Config)# interface eth 1/8-9 Switch2 (Config-Port-Range)#port-group 2 mode on Switch2 (Config-Port-Range)#exit Configuration result: Add ports 1, 2, 3 of Switch 1 to port-group 1 in order, and we can see joining a group in “on” mode is completely forced action, switch in other ends won’t exchange LACP PDU to complete aggregation.
Page 292 Number of ports in group Maxports Number of port-channels Max port-channels 2. Display detailed information for port-group 1. Switch# show port-group 1 detail Sorted by the ports in the group 1: -------------------------------------------- Ethernet port 1/1 : both of the port and the agg attributes are not equal the general information of the port are as follows: portnumber: 1 actor_port_agg_id:0 partner_oper_sys:0x000000000000...
Page 293 the machine state and port state of the port are as follows: mux_state: DETCH rcvm_state: P_DIS actor_oper_port_state : L_A___F_ partner_oper_port_state: _TA___F_ Displayed information Explanation portnumber Port number actor_port_agg_id The channel number to add the port to. If the port cannot be added to the channel due to inconsistent parameters between the port and the channel, 3 will be displayed.
Page 294 port state LACP activety LACP timeout Aggregation Synchronization Collecting Distributing Defaulted Expired Partner part Administrative system 000000-000000 system priority 0x8000 0x0001 port number port priority 0x8000 port state LACP activety LACP timeout Aggregation Synchronization Collecting Distributing Defaulted Expired Selected Displayed information portnumber port priority system...
Page 295: Debug Lacp
Collecting Distributing Defaulted Expired Selected 5. Display port-channel information for port-group1. Switch# show port-group 1 port-channel Port channels in the group 1: ----------------------------------------------------------- Port-Channel: port-channel1 Number of port : 2 Standby port : NULL Port in the port-channel : Index Port ------------------------------------------------------ Ethernet1/1...
Page 296: Port Channel Troubleshooting Help
Switch# debug lacp 13.4.2 Port Channel Troubleshooting Help If problems occur when configuring port aggregation, please first check the following for causes. Ensure all ports in a port group have the same properties, i.e., whether they are in full-duplex mode, forced to the same speed, and have the same VLAN properties, etc. If inconsistency occurs, make corrections.
Page 297: Lacp Port Configuration
Apply to add the group. After finishing the group configuration, the configured port information will be shown under the configuration table. 13.5.2 LACP port configuration Click LACP port configuration to enter configuration page Equivalent to CLI command 13.2.2.2 group num Port: will be added or deleted Port mode: active, passive or on Operation type: add port to group or remove port from group...
Page 298: Chapter 14 Dhcp Configuration
DHCP client and server. ES4710BD can act as both a DHCP server and a DHCP relay. DHCP server supports not only dynamic IP address assignment, but also manual IP address binding (i.e., specify a specific IP address to a specified MAC address or specified device ID over a long period.
Page 299: Dhcp Server Configuration
obtained dynamically can be different every time; manually bound IP address will be the same all the time. 2) The lease period of IP address obtained dynamically is the same as the lease period of the address pool and is limited; the lease of manually bound IP address is theoretically endless. 3) Dynamically allocated addresses cannot be bound manually.
Page 300 dns-server [address1[address2[…address8]]] no dns-server domain-name <domain> no domain-name netbios-name-server [address1[address2[…address8]]] no netbios-name-server netbios-node-type ｛ b-node|h-node|m-node|p-node|<type-nu mber>｝ no netbios-node-type bootfile <filename> no bootfile next-server [address1[address2[…address8]]] [address1[address2[…address8]]] option <code> {ascii <string> | hex <hex> | ipaddress <ipaddress>} no option <code> lease { days [hours][minutes] | infinite } no lease Global Mode ip dhcp excluded-address <low-address>...
Page 301: Dhcp Server Configuration Commands
client-identifier <unique-identifier> no client-identifier client-name <name> no client-name 3. Enable logging for address conflicts Command Global Mode ip dhcp conflict logging no ip dhcp conflict logging Admin Mode clear ip dhcp conflict <address | all> 14.2.2 DHCP Server Configuration Commands 14.2.2.1 bootfile Command: bootfile <filename>...
Page 302: Client-Name
IP address defined in “host” command to the client. Example: Specifying the IP address 10.1.128.160 to be bound to user with the unique id of 00-10-5a-60-af-12 in manual address binding. Switch(dhcp-1-config)#client-identifier 00-10-5a-60-af-12 Switch(dhcp-1-config)#host 10.1.128.160 24 Related command: host 14.2.2.3 client-name Command: client-name <name>...
Page 303: Domain-Name
Command Mode: DHCP Address Pool Mode Usage Guide: Up to 8 DNS server addresses can be configured. The DNS server address assigned first has the highest priority, Therefore address 1 has the highest priority, and address 2 has the second, and so on. Example: Set 10.1.128.3 as the DNS server address for DHCP clients.
Page 304: Ip Dhcp Conflict Logging
Function: Specifies the IP address to be assigned to the user when binding addresses manually; the “no host” command deletes the IP address. Parameters: <address> is the IP address in decimal format; <mask> is the subnet mask in decimal format; <prefix-length> means mask is indicated by prefix. For example, mask 255.255.255.0 in prefix is “24”, and mask 255.255.255.252 in prefix is “30”.
Page 305: Ip Dhcp Pool
Function: Specifies addresses excluding from dynamic assignment; the “no ip dhcp excluded-address <low-address> [<high-address>]” command cancels the setting. Parameters: <low-address> is the starting IP address, [<high-address>] is the ending IP address. Default: Only individual address is excluded by default. Command mode: Global Mode Usage Guide: This command can be used to exclude one or several consecutive addresses in the pool from being assigned dynamically so that those addresses can be used by the administrator for other purposes.
Page 306: Netbios-Name-Server
DHCP, while too short duration results in increased network traffic and overhead. The default lease duration of ES4710BD is 1 day. Example: Setting the lease of DHCP pool “1” to 3 days 12 hours and 30 minutes.
Page 307: Network-Address
h-node that broadcasts after point-to-point communication. Example: Setting the node type for client of pool 1 to broadcasting node. Switch(dhcp-1-config)#netbios-node-type b-node 14.2.2.16 network-address Command: network-address <network-number> [<mask> | <prefix-length>] no network-address Function: Sets the scope for assignment for addresses in the pool; the “no network-address” command cancels the setting.
Page 308: Service Dhcp
Usage Guide: Both DHCP server and DHCP relay are included in the DHCP service. When DHCP services are enabled, both DHCP server and DHCP relay are enabled. ES4710BD can only assign IP address for the DHCP clients and enable DHCP relay when DHCP server function is enabled.
Page 309: Dhcp Relay Configuration Task Sequence
As shown in the above figure, the DHCP client and the DHCP server are in different networks, the DHCP client performs the four DHCP steps as usual yet DHCP relay is added to the process. 1. The client broadcasts a DHCPDISCOVER packet, and DHCP relay inserts its own IP address to the relay agent field in the DHCPDISCOVER packet on receiving the packet, and forwards the packet to the specified DHCP server (for DHCP frame format, please refer to RFC2131).
Page 310: Dhcp Relay Configuration Command
4. Disable DHCP relay from forwarding DHCP broadcast packet. Command Global Mode ip dhcp relay information policy drop no ip dhcp relay information policy drop 14.3.2 DHCP Relay Configuration Command 14.3.2.1 ip forward-protocol udp Command: ip forward-protocol udp <port> no ip forward-protocol udp <port> Function: Sets DHCP relay to forward UPD broadcast packets on the port;...
Page 311: Dhcp Configuration Example
14.4 DHCP Configuration Example Scenario 1: Too save configuration efforts of network administrators and users a company is using ES4710BD as a DHCP server. The Admin VLAN IP address is 10.16.1.2/16. The local area network for the company is divided into network A and B according to the office locations. The network configurations for location A and B are shown below.
Page 312 EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch(dhcp-A-config)#default-route 10.16.1.200 10.16.1.201 Switch(dhcp-A-config)#dns-server 10.16.1.202 Switch(dhcp-A-config)#netbios-name-server 10.16.1.209 Switch(dhcp-A-config)#netbios-node-type H-node Switch(dhcp-A-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.1.200 10.16.1.210 Switch(Config)#ip dhcp pool B Switch(dhcp-B-config)#network 10.16.2.0 24 Switch(dhcp-B-config)#lease 1 Switch(dhcp-B-config)#default-route 10.16.2.200 10.16.2.201 Switch(dhcp-B-config)#dns-server 10.16.2.202 Switch(dhcp-B-config)#option 72 ip 10.16.2.209 Switch(dhcp-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.2.200 10.16.2.210 Switch(Config)#ip dhcp pool A1 Switch(dhcp-A1-config)#host 10.16.1.210...
Page 313 Scenario 2: Fig 14-3 DHCP Relay Configuration As shown in the above figure, ES4710BD is configured as a DHCP relay. The DHCP server address is 10.1.1.10, TFTP server address is 10.1.1.20, the configuration steps are as follows: Switch(Config)# service dhcp Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 192.168.1.1 255.255.255.0...
Page 314: Dhcp Troubleshooting Help
client will be requesting the IP address in the same segment of the VLAN interface after VLAN interface forwarding, and the VLAN interface IP address is 10.16.1.2/24, therefore the IP address assigned to the client will belong to 10.16.1.0/24. If the DHCP/BootP client wants to have an address in 10.16.2.0/24, the gateway forwarding broadcast packets of the client must belong to 10.16.2.0/24.
Page 315: Clear Ip Dhcp Server Statistics
conflicting for use. The “Clear ip dhcp conflict” command can be used to delete the conflict record for an address. If "all” is specified, then all conflict records in the log will be removed. When records are removed from the log, the addresses are available for allocation by the DHCP server.
Page 316: Show Ip Dhcp Conflict
Type 14.5.1.5 show ip dhcp conflict Command: show ip dhcp conflict Function: Displays log information for addresses that have a conflict record. Command mode: Admin Mode Example: Switch# show ip dhcp conflict IP Address Detection method 10.1.1.1 Ping Displayed information IP Address Detection method Detection Time...
Page 317: Debug Ip Dhcp Server
BOOTREPLY DHCPOFFER DHCPACK DHCPNAK DHCPRELAY DHCPFORWARD Switch# Displayed information Address pools Database agents Automatic bindings Manual bindings Conflict bindings Expired bindings Malformed message Message Received BOOTREQUEST DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Message Send BOOTREPLY DHCPOFFER DHCPACK DHCPNAK DHCPRELAY DHCPFORWARD 14.5.1.7 debug ip dhcp server Command: debug ip dhcp server { events|linkage|packets } no debug ip dhcp server { events|linkage|packets }...
Page 318: Dhcp Troubleshooting Help
VLAN, such a pool should be added if not present. (This does not indicate ES4710BD cannot assign IP address for different segments, see solution 2 for details.) If in DHCP service, pools for dynamic IP allocation and manual binding are conflicting, i.e., if command “network-address”...
Page 319: Address Pool Configuration
14.6.2.1 Address pool configuration Click “DHCP configuration”, “DHCP server configuration”, “Address pool configuration” to configure the DHCP address pool function: DHCP pool name (1-32 characters) – defines a DHCP address pool in global mode. Same as CLI command 14.2.2.11 DHCP pool domain name (1-255 characters) – to configure DHCP client domain name. Same as CLI command 14.2.2.6 Address range for allocating –...
Page 320: Client's Default Gateway Configuration
14.6.2.2 Client’s default gateway configuration Click “DHCP configuration”, “DHCP server configuration”, “Client's default gateway configuration” to configure the default gateway for DHCP client. Same as CLI command 14.2.2.4: DHCP pool name – selects one DHCP address pool Gateway – default gateway, default gateway’s IP address and DHCP client’s IP address in the same segment.
Page 321: Client Wins Server Configuration
14.6.2.4 Client wins server configuration Click DHCP configuration, DHCP server configuration, Client WINS server configuration. Configure Wins server address. Same as CLI command 14.2.2.14: DHCP pool name – choose one DHCP address pool WINS server – WINS server, system maximum support configure 8 WINS server address, the headmost configured WINS server address has the higher priority, so the address1 has the highest priority, then address2, address3 in turn Choose DHCP pool name as 1, configure WINS server 1 as 10.1.128.30.
Page 322: Dhcp Network Parameter Configuration
configuration” to configure the DHCP client boot file name and client server address which is for save the boot file: DHCP pool name - Choose one DHCP address pool DHCP client bootfile name (1-128 characters) - boot file name. Same as CLI command 14.2.2.1 File server - server address where the client boot file is saved.
Page 323: Manual Address Pool Configuration
14.6.2.7 Manual address pool configuration Click “DHCP configuration”, “DHCP server configuration”, “Manual address pool configuration” to configure DHCP to manually allocate address: DHCP pool name – Choose one DHCP address pool Hardware address – assigns user hardware address. Same as CLI command 14.2.2.7 Client IP –...
Page 324: Dhcp Packet Statistics
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 14.6.2.9 DHCP packet statistics Click “DHCP configuration”, “DHCP server configuration”, “DHCP packet statistics” to display DHCP server statistics information of all kinds of DHCP data packets. Same as CLI command 14.5.1.3: 14.6.3 DHCP relay configuration Click “DHCP configuration”, “DHCP server configuration”, “DHCP packet statistics”...
Page 325: Dhcp Debugging
Click “DHCP configuration”, “DHCP relay configuration”, “DHCP relay configuration” to configure the switch’s DHCP relay function: DHCP forward UDP configuration configures DHCP relay to forward broadcast messages to a UDP port. Same as CLI command 14.3.2.1: Port - UDP port Example: Configure Port as 69, and then click Add button to apply this configuration to switch.
Page 326: Delete Conflict Log
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 14.6.4.2 Delete conflict log Click “DHCP configuration”, “DHCP debugging” to delete conflicting logs. Example: Choose Delete all conflict address as Yes. Click Apply button and all conflicting addresses in address conflict log will be removed. 14.6.4.3 Delete DHCP server statistics log Click “DHCP configuration”, “DHCP debugging”, “Delete DHCP server statistics log”.
Page 327: Chapter 15 Sntp Configuration
Level 2 server DNS server Campus users ES4710BD implements SNTPv4 and supports SNTP client unicast as described in RFC2030; SNTP client multicast and anycast are not supported, nor is the SNTP server function. EES4710BD 10 Slots L2/L3/L4 Chassis Switch GPS receiver...
Page 328: Sntp Configuration Commands
15.1 SNTP Configuration Commands 15.1.1 sntp server Command: sntp server <server_address> [version <version_no>] no sntp server <server_address> Function: Sets the SNTP/NTP server address and server version; the “no sntp server <server_address” command deletes the SNTP/NTP server address. Parameters: <server-address> is the IP unicast address of SNTP/NTP server, in decimal format; <version_no>...
Page 329: Typical Sntp Configuration Examples
All ES4710BD switches in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured. There should be reachable route between any ES4710BD and the two SNTP/NTP servers.
Page 330: Sntp Troubleshooting Help
15.3 SNTP Troubleshooting Help 15.3.1 Monitor and Debug Commands 15.3.1.1 show sntp Command: show sntp Function: Displays current SNTP client configuration and server status. Parameters: N/A. Command mode: Admin Mode Example: Displaying current SNTP configuration. Switch#show sntp SNTP server Version 2.1.0.2 15.3.1.2 debug sntp...
Page 331: Request Interval Configuration
15.4.2 Request interval configuration Click “SNTP configuration”, “Request interval configuration” to configure the sending request time interval from SNTP client to NTP/SNTP server. Same as CLI command 15.1.2. Example: Configure Interval as 128 minutes, Click Apply to set the configuration in the switch. 15.4.3 Time difference Click “SNTP configuration”, “Time difference”...
Page 332: Chapter 16 Qos Configuration
Chapter 16 QoS Configuration 16.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.
Page 333: Qos Implementation
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Robin). In Profile: Traffic within the QoS policy range (bandwidth or burst value) is called “In Profile". Out of Profile: Traffic out the QoS policy range (bandwidth or burst value) is called “Out of Profile".
Page 334 Generate DSCP value classification Sorts packet traffic Decides according to the classification traffic is in profile or out info and ACLs and converts of profile according to classification info to DSCP the packet DSCP value values and plicing policy Classification: Classifies traffic according to packet classification information and generates internal DSCP value based on the classification information.
Page 335 Star Reads ingress classification configuration info IP & non-IP packets Interior DSCP value generated according to IP Precedence value and IP-Precedence-to-DSCP mapping of the packet QoS ACLs configured at ingress? Matching permit entries? Generates DSCP value Generate default internal specified by ACLs Finish Policing and remark: Each packet in classified ingress traffic is assigned an internal DSCP value and can be policed and remarked.
Page 336 Start Read packet DSCP value Matching policing policy for this DSCP value? Check policing policy, is traffic in profile? Packet pass through Finish Fig 16-5 Policing and Remarking process Queuing and scheduling: Packets at the egress will re-map the internal DSCP value to CoS value, the queuing operation assigns packets to appropriate queues of priority according to the CoS value;...
Page 337: Qos Configuration
Start Read packet DSCP and convert it to CoS according to DSCP-to-CoS mapping Read packet CoS and Cos-to-queue mapping Read the buffer value for egress queue Queue buffer available Place packet into specified queue, and forward according to the weight priority of the queues Finish Fig 16-6 Queuing and Scheduling process...
Page 338 Set up a classification rule according to ACL, VLAN ID, IP Precedence or DSCP to classify the data stream. Different classes of data streams will be processed with different policies. 3． Configure a policy map. After data steam classification, a policy map can be created to associate with the class map created earlier and enter class mode.
Page 339 policy-map <policy-map-name> no policy-map <policy-map-name> class <class-map-name> no class <class-map-name> set {ip dscp <new-dscp> | ip precedence <new-precedence>} no set {ip dscp <new-dscp> | ip precedence <new-precedence>} police <rate-kbps> <burst-kbyte> [exceed-action {drop | policed-dscp-transmit}] police <rate-kbps> [exceed-action {drop | policed-dscp-transmit}] <aggregate-policer-name>...
Page 340 priority <cos>] no mls qos trust mls qos cos {<default-cos> } no mls qos cos service-policy {input <policy-map-name> <policy-map-name>} no service-policy {input <policy-map-name> | output <policy-map-name>} mls qos dscp-mutation <dscp-mutation-name> no mls qos dscp-mutation <dscp-mutation-name> 5. Configure queue out method and weight Command Interface Mode wrr-queue...
Page 341: Qos Configuration Commands
<dscp-mutation-name> <in-dscp> to <out-dscp> |ip-prec-dscp <dscp1...dscp8> <dscp-list> to <mark-down-dscp>} no mls qos map {cos-dscp | dscp-cos | dscp-mutation <dscp-mutation-name> ip-prec-dscp | policed-dscp} 16.2.2 QoS Configuration Commands 16.2.2.1 mls qos Command: mls qos no mls qos Function: Enables QoS in Global Mode; the “no mls qos” command disables the global QoS. Command mode: Global Mode Default: QoS is disabled by default.
Page 342: Policy-Map
Function: Configures the matching criterion in the class map; the “no match {access-group | ip dscp | ip precedence | vlan}” command deletes the specified matching criterion. Parameters: access-group <acl-index-or-name> stands for matching specified ACL, the parameter is ACL number or name; ip dscp <dscp-list> stands for matching specified DSCP value, the parameter is a DSCP value list containing up to 8 DSCP values;...
Page 343: Set
Parameters: < class-map-name> is the class map name used by the class. Default: No policy class is configured by default. Command mode: Policy map configuration Mode Usage Guide: Before setting up a policy class, a policy map should be created and the policy map mode entered.
Page 344: Mls Qos Aggregate-Policer
according to policed-dscp mapping when specified speed is exceeded. Default: There is no policy by default. Command mode: Policy class map configuration Mode Usage Guide: The ranges of <rate-kbps> and <burst-kbyte> are quite large, if the setting exceeds the actual speed of the port, the policy map applying this policy will not bind to switch ports.
Page 345: Police Aggregate
16.2.2.9 police aggregate Command: police aggregate <aggregate-policer-name> no police aggregate <aggregate-policer-name> Function: Applies policy <aggregate-policer-name>” command deletes the specified policy set. Parameters: <aggregate-policer-name> is the policy set name. Default: No policy set is configured by default. Command mode: Policy class map configuration Mode Usage Guide: The same policy set can be referred to by different policy class maps.
Page 346: Mls Qos Cos
Example: Configuring Ethernet port 1/1 to trust CoS value, i.e., classifying the packets according to CoS value, DSCP value should not be changed. Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)#mls qos trust cos pass-through-dscp 16.2.2.11 mls qos cos Command: mls qos cos {<default-cos> } no mls qos cos Function: Configures the default CoS value of the port;...
Page 347: Mls Qos Dscp-Mutation
16.2.2.13 mls qos dscp-mutation Command: mls qos dscp-mutation <dscp-mutation-name> no mls qos dscp-mutation <dscp-mutation-name> Function: Applies DSCP mutation mapping to the port; the “no mls qos dscp-mutation <dscp-mutation-name>” command restores the DSCP mutation mapping default. Parameters: <dscp-mutation-name> is the DSCP mutation mapping name. Default: There is no policy by default.
Page 348: Wrr-Queue Cos-Map
Function: Configures the queue out mode. The “no priority-queue out” command restores the default value and default queue out weights. Parameters: Default: non-priority-queue mode. Command mode: Interface Mode Usage Guide: When priority-queue out mode is used, packets are no longer sent with WRR algorithm, but sent by packets queue after queue.
Page 349: Qos Example
<dscp1...dscp8> are the 8 DSCP value corresponding to the 0 to 7 CoS value, each DSCP value is delimited with space, ranging from 0 to 63; dscp-cos <dscp-list> to <cos> defines the mapping from DSCP to CoS value, <dscp-list> is a list of DSCP value consisting of up to 8 DSCP values, <cos>...
Page 350 EES4710BD 10 Slots L2/L3/L4 Chassis Switch the port in trust CoS mode without changing DSCP value, and set the default CoS value of the port to 5. The configuration steps are listed below: SWITCH#CONFIG Switch(Config)#mls qos Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)#wrr-queue bandwidth 1 1 2 2 4 4 8 8 Switch(Config-Ethernet1/1)#mls qos trust cos pass-through dscp Switch(Config-Ethernet1/1)#mls qos cos 5 Configuration result:...
Page 351 An ACL name 1 is set to matching segment 192.168.1.0. QoS was enabled globally, a class map named c1 was created, matching ACL1 in class map; another policy map named p1 was created and refers to c1 in p1, appropriate policies were set to limit bandwidth and burst value. This policy map was applied on Ethernet port 1/2.
Page 352: Qos Troubleshooting Help
Switch(Config-ClassMap)# exit Switch(Config)#policy-map p1 Switch(Config-PolicyMap)#class c1 Switch(Config--Policy-Class)#set ip precedence 5 Switch(Config--Policy-Class)#exit Switch(Config-PolicyMap)#exit Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)#service-policy input p1 QoS configuration in Switch2: SWITCH#CONFIG Switch(Config)#mls qos Switch(Config)#interface ethernet 1/1 Switch(Config-Ethernet1/1)#mls qos trust ip-precedence pass-through-cos 16.4 QoS Troubleshooting Help 16.4.1 QoS Debug and Monitor Commands 16.4.1.1 show mls-qos Command: show mls-qos...
Page 353: Show Mls Qos Interface
Command mode: Admin Mode Usage Guide: Example: Switch #show mls qos aggregate-policer policer1 aggregate-policer policer1 80000 80 exceed-action drop Not used by any policy map Displayed information aggregate-policer policer1 exceed-action drop Not used by any policy map 16.4.1.3 show mls qos interface Command: show mls qos interface [<interface-id>] [buffers | policers | queueing | statistics] Function: Displays QoS configuration information on a port.
Page 354 0x200 0x200 0x200 0x200 0x200 0x200 0x200 0x200 Displayed information packet number of 8 queue: 0x200 0x200 0x200 0x200 0x200 0x200 0x200 0x200 Switch # show mls qos interface queueing ethernet 1/2 Switch#show mls qos int queue e 1/2 Cos-queue map: Queue 1 Queue and weight type: Port q1...
Page 355: Show Mls Qos Maps
out-profile 16.4.1.4 show mls qos maps Command: show mls qos maps [cos-dscp | dscp-cos | dscp-mutation <dscp-mutation-name> | ip-prec-dscp | policed-dscp] Function: Displays mapping configuration information for QoS. Parameters: cos-dscp CoS for CoS-DSCP; dscp-cos DSCP for DSCP-CoS, dscp-mutation <dscp-mutation-name> for DSCP-DSCP mutation, <dscp-mutation-name> is the name of mutation;...
Page 356: Show Class-Map
Policed-dscp map: d1 : d2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59...
Page 357: Qos Troubleshooting Help
Policy Map p1 Class Map name: c1 police 16000000 2000 exceed-action drop Displayed information Policy Map p1 Class map name:c1 police 16000000 8000 exceed-action drop 16.4.2 QoS Troubleshooting Help QoS is disabled on switch ports by default, 8 sending queues are set by default, queue1 forwards normal packets, other queues are used for some important control packets (such as BPDU).
Page 358: Class-Map Configuration
QoS status－Close or Open. To enable QoS, select Open, then click Apply. 16.5.2 Class-map configuration Click “Class-map configuration” to display the extension, including the following two sections: Add/Remove class-map Class-map configuration 16.5.2.1 Add/Remove class-Map Click “Add/Remove class-map” to enter configuration page. Equivalent to CLI command 16.2.2.2. Term description as follows: Class-map name Operation type－Create class table and Remove class table.
Page 359: Policy-Map Priority Configuration
Match value 1, select set to Operation type, and then click Apply. 16.5.3 Policy-map priority configuration Click “Policy-map configuration” to display the extension, which has five sections: Add/Remove policy-map Policy-map priority configuration Policy-map bandwidth configuration Add/Remove aggregate policer Apply aggregate policer 16.5.3.1 Add/Remove policy-map Click “Add/Remove policy-map”...
Page 360: Policy-Map Priority Configuration
16.5.3.2 Policy-map priority configuration Click “Policy-map priority configuration” to entry configure page. Equivalent to CLI command 16.2.2.6. Terms are described as following: Policy-map name Class-map name Priority type. DSCP value or IP precedence value Priority value Operation type. Set or Remove. Example: Select p1 to Policy-map name, input c1 to Class-map name, select IP precedence value to Priority type, input 3 to Priority value, select Set to Operation type, and then click Apply.
Page 361: Add/Remove Aggregate Policy
16.5.3.4 Add/Remove aggregate policy Click Add/Remove aggregate policer to entry configure page. It is equivalent to CLI command 16.2.2.8. Terms are described as following: Aggregate policer name Rate－average baud rate for classified bandwidth, K bit/s per unit. Burst－burst rate for classified bandwidth, K byte per unit. Exceed-action－The action for once the data rate exceeds the rate limited, includes drop and policied-dscp-transmit, the latter is by a mapping function between given DSCP and corresponding policy and mark the DSCP into the packet.
Page 362: Apply Qos To Port
Example: Apply the aggregate policer agg1 by c1 class-map, input the graphic presentation value, and then click Add. 16.5.4 Apply QoS to port Click “Apply QoS to port” to enter the configuration page, which include four sections: Port trust mode configuration Port default CoS configuration Apply policy-map to port Apply DSCP mutation mapping...
Page 363: Port Default Cos Configuration
16.5.4.2 Port default CoS configuration Click “Port default CoS configuration” to entry configure page. Equivalent to CLI command 16.2.2.11. Terms are described as following: Port Default CoS value－Startup CoS value Reset－Will set column as startup defaults. This command will not modify the configuration. Apply－Will take effort to all setting.
Page 364: Egress-Queue Configuration
Port name DSCP mutation name Operation－Set or Remove Example: Set the DSCP mutation in Ethernet port 1/1. Choose Port name as Ethernet1/1, input mu1 for DCSP mutation name, to select Set for Operation, and then click Apply. 16.5.5 Egress-queue configuration Click “Egress-queue configuration”...
Page 365: Egress-Queue Work Mode Configuration
16.5.5.2 Egress-queue Work mode configuration Click “Egress-queue work mode configuration” to enter the configuration page. Equivalent to CLI command 16.2.2.15. Terms are described as following: Port name Reset－Will set column as startup defaults. This command will not modify the configuration. Apply－Will take effort to all setting.
Page 366: Qos Mapping Configuration
16.5.6 QoS mapping configuration Click “QoS mapping configuration” to display extensions, including the following: CoS-to-DSCP mapping DSCP-to-CoS mapping DSCP mutation mapping IP-Precedence-to-DSCP mapping DSCP mark down mapping These configurations are equivalent to CLI command16.2.2.17 16.5.6.1 CoS-to-DSCP mapping Click “CoS-to-DSCP mapping” to enter the configuration page. Terms are described as following: CoS－CoS value 0-7 DSCP－Up to 8 DSCP mutations and mapping to CoS value 0～7...
Page 367: Dscp-To-Cos Mapping
16.5.6.2 DSCP-to-CoS mapping Click “DSCP-to-CoS mapping” to entry configure page. Terms are described as following: DSCP 1-8－DSCP value CoS Value－DSCP value mapping to CoS value Operation type－Add or Remove Example: To make DSCP value 20 map to CoS value 2, input the CoS value 2 and DSCP1 value 20, selecting Set for Operation type, then click Apply.
Page 368: Ip-Precedence-To-Dscp Mapping
16.5.6.4 IP-precedence-to-DSCP mapping Click “IP-Precedence-to-DSCP mapping” to enter the configuration page. Terms are described as following: IP-Precedence－IP precedence value 0～7 DSCP－IP precedence value mapping to DSCP value Operation type－Sets or Removes Example: to set the IP precedence value 2 to map to DSCP value 20, input the DSCP value 20 into the IP precedence value 2 column, selecting Set for Operation type, then click Apply.
Page 369: Chapter 17 L3 Forward Configuration
ES4710BD can forward IP packets by hardware, the forwarding chip of ES4710BD has a host route table and default route table. Host route table stores host routes to connect to the switch directly; default route table stores segment routes (after aggregation algorithm process).
Page 370: Layer 3 Interface Configuration Commands
Gateway devices can forward IP packets from one subnet to another; such forwarding uses routes to find a path. IP forwarding of ES4710BD is done with the participation of hardware and so wire speed forwarding can be achieved. In addition, flexible management is provided to adjust and monitor forwarding.
Page 371: Ip Route Aggregation Configuration Command
no ip fib optimize 17.2.2.2 IP Route Aggregation Configuration Command 17.2.2.2.1 ip fib optimize Command: ip fib optimize no ip fib optimize Function: Enables the switch to use optimized IP route aggregation algorithm; the “no ip fib optimize” disables the optimized IP route aggregation algorithm. Default: Optimized IP route aggregation algorithm is disabled by default.
Page 372 0 fragmented, 0 couldn't fragment, 0 fragment sent Sent: 0 generated, 0 forwarded 0 dropped, 0 no route ICMP statistics: Rcvd: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies Sent: 0 total 0 errors 0 time exceeded...
Page 373: Debug Ip Packet
17.3 ARP 17.3.1 Introduction to ARP ARP (Address Resolution Protocol) is mainly used in IP address to Ethernet MAC address resolution. ES4710BD supports both dynamic ARP and static configuration. Furthermore, EES4710BD 10 Slots L2/L3/L4 Chassis Switch and packets without route.
Page 374: Arp Configuration
ES4710BD supports the configuration of proxy ARP for some applications. For instance, when an ARP request is received on the port, requesting an IP address in the same IP segment of the port but not the same physical network, if the port has enabled proxy ARP, the port would reply to the ARP with its own MAC address and forward the actual packets received.
Page 375: Ip Proxy-Arp
17.3.2.2.2 ip proxy-arp Command: ip proxy-arp no ip proxy-arp Function: Enables proxy ARP for VLAN interface; the “no ip proxy-arp” command disables proxy ARP. Default: Proxy ARP is disabled by default. Command mode: VLAN Interface Mode Usage Guide: When an ARP request is received on the layer 3 interface, requesting an IP address in the same IP segment of the interface but not the same physical network, and the proxy ARP interface has been enabled, the interface will reply to the ARP with its own MAC address and forward the actual packets received.
Page 376: Clear Arp-Cache
50.1.1.9 00-00-00-00-00-09 Vlan50 150.1.1.2 00-00-58-fc-48-9f Displayed information Total arp items the matched InCompleted Address Hardware Address Interface Port Flag 17.3.3.1.2 clear arp-cache Command: clear arp-cache Function: Clears arp table. Parameters: N/A. Command mode: Admin Mode Usage Guide: Clears the content of current ARP table, but it does not clear the current static ARP table.
Page 377: Arp Troubleshooting Help
17.3.3.2 ARP Troubleshooting Help If ping from the switch to directly connected network devices fails, the following can be used to check the possible cause and create a solution. Check whether the corresponding ARP has been learned by the switch. If ARP has not learned, then enabled ARP debugging information and view sending/receiving condition of ARP packets.
Page 378: Configure Static Arp
configuration. 17.4.3.1 Configure static ARP Click “ARP configuration” to configure static ARP. Equivalent to CLI command 17.3.2.2.1: IP address: specifies the IP address of related static ARP MAC address: specifies the MAC address of related static ARP Operation type: Add means to add a static ARP item; Remove means to delete a static ARP item (selected from scroll bar menu) Vlan Port: specifies the L3 port of static AP (selected from the drop down menu) Port: Specifies the L2 port of static ARP (selected from the drop down menu)
Page 379: Chapter 18 Routing Protocol Configuration
(EGP). IGP is the protocol used to calculate the route to a destination inside an autonomous system. IGP is supported by ES4710BD and includes routing protocols like RIP and OSPF. RIP and OSRF can be configured according to the requirement. ES4710BD supports running several IGP dynamic routing protocols at the same time.
Page 380: Static Route
To avoid too large of a route table, a default route can be set. Once route table lookup fails, the default route will be chosen for forwarding packets. The table below describes the routing protocols supported by ES4710BD and the default route lookup priority values.
Page 381: Introduction To Default Route
priority according to the priority of routing protocols. At same time, static routes can be introduced (redistribute) in dynamic route, and change the priority of the static route introduced. 18.2.2 Introduction to Default Route Default route is a static route, which is used only when no matching route is found. In the route table, default route in is indicated by a destination address of 0.0.0.0 and a network mask of 0.0.0.0, too.
Page 382: Show Ip Route
Command mode: Global Mode Usage Guide: When configuring the next hop for static route, next hop IP address can be specified for routing packets. The default preference of all route type in ES4710BD is listed below: Route Type Direct route...
Page 383: Configuration Scenario
Pref 18.2.4 Configuration Scenario The figure below is a simple network consisting of three ES4710BD layer 3 switches, the network mask for all switches and PC IP addresses is 255.255.255.0. PC1 and PC3 are connected via the static route set in Swtich1 and Switch3; PC3 and PC2 are connected via the static route set in Switch 3 to Switch 2;...
Page 384: Troubleshooting Help
PC1£ º 1 0.1.1.2 vlan1£ º 10.1.1.1 SWITCH-1 Configuration steps: Configuration of layer 3 switch Switch-1 Switch#config Switch(Config)#ip route 10.1.5.0 255.255.255.0 10.1.2.2 Configuration of layer3 switch Switch-3 Switch#config ！Next hop use the partner IP address Switch(Config)#ip route 10.1.1.0 255.255.255.0 10.1.2.1 ！Next hop use the partner IP address Switch(Config)#ip route 10.1.4.0 255.255.255.0 10.1.3.1 Configuration of layer 3 switch Switch-2...
Page 385: Rip
Uses the “show ip route” command to display the information about static route in the route table: destination IP address, network mask, next hop IP address, forwarding interface, etc. For example: Switch#show ip route Codes: C - connected, S - static, R - RIP derived, O - OSPF derived A - OSPF ASE, B - BGP derived Destination Mask...
Page 386 MD5 password authentication are supported), and support variable length subnet mask. RIP-II uses some of the zero field of RIP-I and requires no zero field verification. ES4710BD layer 3 switches by default send RIP-II packets by multicast. Both RIP-I and RIP-II packets are accepted.
Page 387: Rip Configuration
Disable RIP 1. Enable RIP The basic configuration for running RIP on ES4710BD is quite simple. Usually, the user needs only enable RIP and enable sending and receiving of RIP packets, i.e., send and receive RIP packets according to default RIP configuration (ES4710BD sends RIP-II packets and receive RIP-I/RIP-II packets by default).
Page 388 (1) Configure RIP sending mechanism a. Configure regular RIP packets transmission b. Configure RIP advertisement Command RIP configuration mode [no] rip broadcast 2) Configure RIP routing parameters. a. Configure route aggregation Command RIP configuration mode auto-summary no auto-summary b. configure route introduction (default route metric, configure routes of the other protocols to be introduced in RIP) Command RIP configuration mode...
Page 389 ip rip authentication mode {text| md5 type {cisco|usual}} no ip rip authentication mode authentication <name-of-chain> no ip rip authentication key-chain 3) Configure other RIP parameters a. Configure RIP routing priority b. Configure zero field verification for RIP packets c. Configure timer for RIP update, timeout and hold-down Command RIP configuration mode rip preference <value>...
Page 390: Rip Configuration Commands
ip rip receive version {v1 | v2 | v12} no ip rip receive version [no] ip rip input [no] ip rip output 4. Disable RIP Command Global Mode no router rip RIP (Routing Information Protocol) is a dynamic interior routing protocol based on distance vector.
Page 391: Auto-Summary
show ip rip debug ip rip packet debug ip rip recv debug ip rip send 18.3.2.2.1 auto-summary Command: auto-summary no auto-summary Function: Configures route aggregation; the “no auto-summary” command disables route aggregation. Parameters: N/A. Default: Auto route aggregation is not used by default. Command mode: RIP configuration mode Usage Guide: Route aggregation reduces the amount of routing information in the route table and amount of information to be exchanged.
Page 392: Ip Rip Authentication Mode
Command: ip rip authentication key-chain <name-of-chain> no ip rip authentication key-chain Function: Specifies the key to use for RIP authentication; the “no ip rip authentication key-chain” command cancels the RIP authentication. Parameters: <name-of-chain> is a string, up to 16 characters are allowed. Default: RIP authentication is disabled by default.
Page 393: Ip Rip Metricout
18.3.2.2.6 ip rip metricout Command: ip rip metricout <value> no ip rip metricout Function: Sets the additional route weight sending RIP packets on the interface; the “no ip rip metricout” command restores the default setting. Parameters: < value> is the additional route metric, ranging from 0 to 15. Default: The default additional route metric used for RIP to send packets is 0.
Page 394: Ip Rip Send Version
Command: ip rip receive version {v1 | v2 | v12} no ip rip receive version Function: Configure the RIP version to receive on the interface. The default setting is to receive both RIP v1 and v2 packets; the “no ip rip receive version” command restores the default setting. Parameters: v1 and v2 stands for RIP version1 and RIP version 2 respectively, v12 stands for both RIP version 1 and 2.
Page 395: Redistribute
Usage Guide: Sets split horizon to prevent routing loops, i.e., prevent layer 3 switches from broadcasting the route leaned from the same interface. Example: Disabling split horizon for interface vlan1. Switch(Config)#interface vlan1 Switch(Config-If-Vlan1)#no ip split-horizon 18.3.2.2.13 redistribute Command: redistribute { static | ospf | bgp} [ metric <value> ] no redistribute { static | ospf | bgp } Function: Introduces routes of the other protocols into RIP;...
Page 396: Rip Preference
Default: Zero fields are check in RIP-I packets by default. Command mode: RIP configuration mode Usage Guide: RIP-I packet must have zero field, this command can be used to enable/disable check for RIP-I packet zero field. If non-zero zero field found in RIP-I packet, that RIP-I packet will be discarded.
Page 397: Version
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Function: Adjusts the time of RIP timers for update, expire, and hold down; the “no timer basic” command restores the default setting. Parameter <update> stands for the interval in seconds to send update packets, ranging from 1 to 2,147,483,647;...
Page 398: Show Ip Rip
Usage Guide: The user can decide whether the routing protocols configured are correct and perform routing troubleshooting according to the output of this command. Example: Switch#sh ip protocols RIP information rip is turning on default metrict 16 neighbour is:NULL preference is 100 rip version information is: interface send version...
Page 399: Debug Ip Rip Packet
default metric 16 neighbour is preference is 100 Displayed information rip is turning on default metric 16 neighbour is preference is 100 18.3.2.2.22 debug ip rip packet Command: debug ip rip packet no debug ip rip packet Function: Enables the RIP packet debugging function for sending/receiving: the “no debug IP packet”...
Page 400: Debug Ip Rip Recv
received a rip packet from rip packet cmd ： 2 version：1 18.3.2.2.23 debug ip rip recv Command: debug ip rip recv no debug ip rip recv Function: Enables the RIP packet debug function for receiving: the “no debug ip rip recv” command disables the debug function.
Page 401: Typical Rip Scenario
00：02：50： start at 170********************* send packets to 11.11.11.2 packet header： cmd： response, version： 1 dest 1： 159.226.0.0 00：02：50： start at 170********************* send packets to 159.226.255.255 packet header： cmd： response, version： 1 dest 1： 159.222.0.0 2： 11.11.11.2 18.3.3 Typical RIP Scenario vl an1: 10.
Page 402 (10.1.1.2) only, update information is not exchanged between switchA and switchC vlan2 (20.1.1.2). The configuration for SwitchA, SwitchB and SwitchC is shown below: Configuration of layer 3 switch SwitchA !Configuration of the IP address for interface vlan1 SwitchA#config SwitchA(Config)# interface vlan 1 SwitchA(Config-If-Vlan1)# ip address 10.1.1.1 255.255.255.0 SwitchA (Config-If-vlan1)#exit !Configuration of the IP address for interface vlan2...
Page 403: Rip Troubleshooting Help
SwitchC#config SwitchC(Config)# interface vlan 2 SwitchC(Config-If-vlan2)# ip address 20.1.1.2 255.255.255.0 SwitchC (c config-If-vlan2)#exit ！Enable RIP SwitchC(Config)#router rip SwitchC(Config-router-rip)#exit ！Enable vlan2 to send/receive RIP packets SwitchC(Config)#interface vlan 2 SwitchC (Config-If-vlan2)#ip rip work SwitchC (Config-If-vlan2)exit SwitchC(Config)#exit SwitchC# 18.3.4 RIP Troubleshooting Help 1. Monitor and Debug Commands 2.
Page 404 Automatic network summarization is not in effect default metric for redistribute is :16 neigbour is preference is :100 （2）show ip route The “show ip route” command can be used to display the information about RIP routes in the route table: destination IP addresses, network masks, next hop IP addresses, and forwarding interfaces, etc.
Page 405: Rip Troubleshooting
default metric for redistribute is : neigbour is: Preference RIP version information 18.3.4.2 RIP Troubleshooting In configuring and using RIP, the RIP may fail to run properly due to reasons such as physical connection failure or wrong configurations. The user should ensure the following: Good condition of the physical connection.
Page 406 • State of the connecting link Link-state information is flooded throughout the network so that all layer 3 switches can get firsthand information. Link-state layer 3 switches will not broadcast all information contained in their route tables; instead, they only send changed link-state information. Link-state layer 3 switches establish neighborhoods by sending “HELLO”...
Page 407 EES4710BD 10 Slots L2/L3/L4 Chassis Switch exchange link-state information with the other OSPF layer 3 switches to formal a link-state database describing the whole autonomous system. Each layer 3 switch builds a shortest path tree rooted in itself according to the link-state database, this tree provide the route to all nodes in an autonomous system.
Page 408: Ospf Configuration
1） Each OSPF-enabled layer 3 switch maintains a database (LS database) describing the link-state of the topology structure of the whole autonomous system. Each layer 3 switch generates a link-state advertisement according to its surrounding network topology structure (router LSA), and sends the LSA to the other layer 3 switches through link-state update (LSU) packets.
Page 409 Disable OSPF protocol. 1. Enable OSPF protocol Basic configuration of OSPF routing protocol on ES4710BD series switches is quite simple, usually only enabling OSPF and configuration of the OSPF area for the interface are required. The OSPF protocol parameters can use the default settings. If OSPF protocol parameters need to be modified, please refer to “2.
Page 410 d. Configure OSPF packet sending timer parameter (timer of broadcast interface sending HELLO packet to poll, timer of neighboring layer 3 switch invalid timeout, timer of LSA transmission delay and timer of LSA retransmission. Command Interface Mode ip ospf hello-interval <time> no ip ospf hello-interval ip ospf dead-interval <time >...
Page 411: Ospf Configuration Commands
(3) Configure other OSPF protocol parameters a. Configure OSPF routing protocol priority b. Configure cost for OSPF STUB area and default route c. Configure OSPF virtual link Command OSPF protocol configuration mode preference [ ase ] <preference > no preference [ ase ] stub cost <cost>...
Page 412: Default Redistribute Cost
ip opsf dead-interval ip ospf enable area ip ospf hello-interval ip ospf passive-interface ip ospf priority ip ospf retransmit-interval ip ospf transmit-delay network preference redistribute ospfase router id router ospf stub cost virtuallink neighborid show ip ospf show ip ospfase show ip ospf cumulative show ip ospf database show ip ospf interface...
Page 413: Default Redistribute Interval
18.4.2.2.2 default redistribute interval Command: default redistribute interval <time> no default redistribute interval Function: Sets the interval for introducing external routes; the “no default redistribute interval” command restores the default setting. Parameters: <time> is the interval for introducing exterior routes in seconds; the valid range is 1 to 65535 seconds.
Page 414: Default Redistribute Type
Switch(Config-Router-Ospf)#default redistribute tag 20000 18.4.2.2.5 default redistribute type Command: default redistribute type { 1 | 2 } no default redistribute type Function: Sets the default route type(s) for exterior routes introduction; the “no default redistribute type” command restores the default setting. Parameters: 1 and 2 stand for type1 and type2 exterior routes, respectively.
Page 415: Ip Ospf Dead-Interval
Example: Setting the OSPF route cost of interface vlan1 to 3. Switch(Config-If-Vlan1)#ip ospf cost 3 18.4.2.2.8 ip ospf dead-interval Command: ip ospf dead-interval <time > no ip ospf dead-interval Function: Specifies the interval before regarding a neighbor layer 3 switch invalid; the “no ip ospf dead-interval”...
Page 416: Ip Ospf Passive-Interface
Default: The default HELLO-packet-sending interval is 10 seconds. Command mode: Interface Mode Usage Guide: The HELLO packet is a most common packet sent to neighboring layer 3 switches regularly for discovering and maintaining the neighborhood and the election of DR and BDR. The hello-interval value set will be written to the HELLO packet and send with it.
Page 417: Ip Ospf Retransmit-Interval
Switch(Config-If-Vlan1)#ip ospf priority 0 18.4.2.2.13 ip ospf retransmit-interval Command: ip ospf retransmit-interval <time> no ip ospf retransmit-interval Function: Sets the interval for retransmission of link-state advertisement among neighbor layer 3 switches; the “no ip ospf retransmit” command restores the default setting. Parameters: <time>...
Page 418: Preference
Parameters: <network> and <mask> are the network IP address and mask in decimal format; <area_id> is the area number from 0 to 4294967295; advertise | notadvertise specifies whether or not broadcast the summary route information within the network. Default: The system has no default area configured; if configured, it assumes to broadcast summary information by default.
Page 419: Router Id
Usage Guide: OSPF use a layer 3 switch ID number as a unique identity for the layer 3 switch in an autonomous system, usually the address of an interface running OSPF. ES4710BD layer 3 switch uses the first IP layer 3 interface in the switch as the router id by default. If no IP address is configured in all interfaces of the layer 3 switch, this command must be used to specify the layer 3 switch ID number, otherwise OSPF will not work.
Page 420: Stub Cost
18.4.2.2.20 stub cost Command: stub cost <cost> area <area_id > no stub area <area_id > Function: Sets an area to STUB area; the “no stub area <area_id >” command cancels the setting. Parameters: <cost> is the default route cost for the STUB area, ranging from 1 to 65535; <area_id>...
Page 421: Show Ip Ospf Ase
Command: show ip ospf Function: Displays major OSPF information. Default: Nothing displayed by default Command mode: Admin Mode Example: Switch#show ip ospf my router ID is 11.11.4.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 0 interface count：1 80times spf has been run for this area net range：...
Page 422: Show Ip Ospf Cumulative
Destination AdvRouter NextHop Age SeqNumber 10.1.1.125 11.11.1.2 11.1.1.2 Displayed information Destination AdvRouter NextHop SeqNumber Type Cost 18.4.2.2.24 show ip ospf cumulative Command: show ip ospf cumulative Function: Displays OSPF statistics. Default: Nothing displayed by default Command mode: Admin Mode Example: Switch#show ip ospf cumulative IO cumulative type...
Page 423: Show Ip Ospf Database
DB entry count 6 LS_RTR 3 LS_NET 3 LS_SUM_NET 1 LS_SUM_ASB 0 LS_ASE 3 AS internal route 4 AS external route 0 Displayed information IO cumulative type Areaid 18.4.2.2.25 show ip ospf database Command: show ip ospf database [ {asb-summary| external | network | router | summary} ] Function: Display OSPF link-state database information.
Page 424 (Net's IP) 11.11.1.0 11.11.4.1 11.11.2.255 11.11.4.1 11.11.3.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) Area 2>>>>>>>> Area ID： 1 LS ID ADV rtr (Router ID) 11.11.2.1 11.11.2.1 14.14.14.1 14.14.14.1 11.11.4.1 11.11.4.1 Router LSA 11.11.2.1 11.11.2.1 14.14.14.1 14.14.14.1 11.11.4.1 11.11.4.1 LS ID ADV rtr (DR's IP)
Page 425: Show Ip Ospf Interface
OSPF router ID Area 1>>>>>>>> Area ID： 0 Router LSAs Network LSAs Summary Network LSAs ASBR Summary LSAs 18.4.2.2.26 show ip ospf interface Command: show ip ospf interface <interface> Function: Displays OSPF interface information. Parameters: <interface> stands for the interface name. Default: Nothing displayed by default Command mode: Admin Mode Example:...
Page 426: Show Ip Ospf Neighbor
Authentication key Timer Hell, Poll, Dea, Retrans Number of Neigbors Nubmer of Adjacencies Adjacencies 18.4.2.2.27 show ip ospf neighbor Command: show ip ospf neighbor Function: Displays OSPF neighbor node information Default: Nothing displayed by default Command mode: Admin Mode Usage Guide: OSPF neighbor information can be checked by the output of this command. Example: Switch#show ip ospf neighbor interface ip 12.1.1.1...
Page 427: Show Ip Ospf Routing
router ip addr state priority last hello last exch 18.4.2.2.28 show ip ospf routing Command: show ip ospf routing Function: Displays OSPF route table information. Default: Nothing displayed by default Command mode: Admin Mode Example: Switch#show ip ospf routing AS internal routes： Destination Area Cost...
Page 428: Show Ip Protocols
Function: Displays OSPF virtual link information. Default: Nothing displayed by default Command mode: Admin Mode Example: Switch#show ip ospf virtual-links no virtual-link 18.4.2.2.30 show ip protocols Command: show ip protocols Function: Displays the information of the routing protocols running in the switch. Command mode: Admin Mode Usage Guide: The user can decide whether the routing protocols configured are correct and perform routing troubleshooting according to the output of this command.
Page 429: Debug Ip Ospf Event
18.4.2.2.31 debug ip ospf event Command: debug ip ospf event no debug ip ospf event Function: Enables the OSPF debugging function for all events: the “no debug ip ospf event” command disables the debug function. Default: Debugging is disabled by default. Command mode: Admin Mode 18.4.2.2.32 debug ip ospf lsa Command: debug ip ospf lsa...
Page 430: Debug Ip Ospf Spf
18.4.3 Typical OSPF Scenario Scenario 1: OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five ES4710BD layer 3 switches for example, where layer 3 switch Switch1 and Switch5 make up OSPF area 0, layer 3 switch...
Page 431 EES4710BD 10 Slots L2/L3/L4 Chassis Switch ! Configuration of the IP address for interface vlan2 Switch1(Config)# interface vlan 2 Switch1(Config-if-vlan2)# ip address 100.1.1.1 255.255.255.0 Switch1 (Config-if-vlan2)#exit ！Enable OSPF protocol, configure the area number for interface vlan1 and vlan2. Switch1(Config)#router ospf Switch1(Config-router-ospf)#exit Switch1(Config)#interface vlan 1 Switch1 (Config-if-vlan1)#ip ospf enable area 0...
Page 432 EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch3#config Switch3(Config)# interface vlan 3 Switch3(Config-if-vlan1)# ip address 20.1.1.2 255.255.255.0 Switch3(Config-if-vlan3)#no shut-down Switch3(Config-if-vlan3)#exit ！Enable OSPF protocol, configure the OSPF area interfaces vlan3 resides in. Switch3(Config)#router ospf Switch3(Config-router-ospf)#exit Switch3(Config)#interface vlan 3 Switch3(Config-if-vlan3)#ip ospf enable area 1 Switch3(Config-if-vlan3)#exit Switch3(Config)#exit Switch3#...
Page 433 Switch5(Config-if-vlan3)#exit ！Enable OSPF protocol, configure the number of the area in which interface vlan2 and vlan3 reside in. Switch5(Config)#router ospf Switch5(Config-router-ospf)#exit Switch5(Config)#interface vlan 2 Switch5(Config-if-vlan2)#ip ospf enable area 0 Switch5(Config-if-vlan2)#exit Switch5(Config)#interface vlan 3 Switch5(Config-if-vlan3)#ip ospf enable area 0 Switch5(Config-if-vlan3)#exit Switch5(Config)#exit Switch5# Scenario 2: Typical OSPF protocol complex topology.
Page 434 Switch11 are edge layer 3 switches of the area, Switch5 and Switch7 are edge layer 3 switches of the autonomous system. To area1, layer 3 switches Switch1 and Switch2 are both in-area switches, area edge switches Switch3 and Switch4 are responsible for reporting distance cost to all destination outside the area, while they are also responsible for reporting the position of the AS edge layer 3 switches Switch5 and Switch7, AS exterior link-state advertisement from Switch5 and Switch7 are flooded throughout the whole autonomous system.
Page 435 EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch1(Config-If-Vlan2)#exit ！Enable OSPF protocol, configure the area number for interface vlan2. Switch1(Config)#router ospf Switch1(Config-router-ospf)#exit Switch1(Config)#interface vlan 2 Switch1(Config-If-Vlan2)#ip ospf enable area 1 !Configure simple key authentication. Switch1(Config-If-Vlan2)#ip ospf authentication simple DCS Switch1(Config-If-Vlan2)exit !Configuration of the IP address and area number for interface vlan1 Switch1(Config)# interface vlan 1 Switch1(Config-If-Vlan1)#ip address 20.1.1.1 255.255.255.0 Switch1(Config-If-Vlan1)#ip ospf enable area 1...
Page 436 EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch3(Config-If-Vlan2)#exit ！Enable OSPF protocol, configure the area number for interface vlan2. Switch3(Config)#router ospf Switch3(Config-router-ospf)#exit Switch3(Config)#interface vlan 2 Switch3(Config-If-Vlan2)#ip ospf enable area 1 !Configure simple key authentication. Switch3(Config-If-Vlan2)#ip ospf authentication simple DCS Switch3(Config-If-Vlan2)#exit !Configuration of the IP address and area number for interface vlan3 Switch3(Config)# interface vlan 3 Switch3(Config-If-Vlan3)#ip address 20.1.3.1 255.255.255.0 Switch3(Config-If-Vlan3)#ip ospf enable area 1...
Page 437: Ospf Troubleshooting Help
Switch4(Config-If-Vlan1)# ip address 10.1.6.1 255.255.255.0 Switch4(Config-If-Vlan1)#ip ospf enable area 0 !Configure MD5 key authentication. Switch4(Config-If-Vlan1)#ip ospf authentication md5 DCS Switch4(Config-If-Vlan1)exit Switch4(Config)#exit Switch4# 18.4.4 OSPF Troubleshooting Help 1. Monitor and Debugging Commands 2. OSPF Troubleshooting Help 18.4.4.1 Monitor and Debugging Commands Command Admin Mode Show interface...
Page 438 （1）show ip ospf Example: Switch#show ip ospf my router ID is 11.11.4.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 0 interface count：1 80times spf has been run for this area net range： LSRefreshTime is1800 area ID 1 interface count：1 41times spf has been run for this area net range：...
Page 439 A 5.1.2.0 255.255.255.0 A 5.1.3.0 255.255.255.0 A 5.1.4.0 255.255.255.0 A 5.1.5.0 255.255.255.0 A 5.1.6.0 255.255.255.0 A 5.1.7.0 255.255.255.0 A 5.1.8.0 255.255.255.0 A 5.1.9.0 255.255.255.0 A 5.1.10.0 255.255.255.0 A 5.1.11.0 255.255.255.0 A 5.1.12.0 255.255.255.0 A 5.1.13.0 255.255.255.0 A 5.1.14.0 255.255.255.0 A 5.1.15.0 255.255.255.0 A 5.1.16.0 255.255.255.0...
Page 440 type HELLO 1048 LS Req LS Update LS Ack ASE count checksum 0 original LSA 340 LS_RTR 179 LS_NET 1 LS_SUM_NET 160 LS_SUM_ASB 0 LS_ASE received LSA 325 Areaid 0 nbr count 1 interface count 1 spf times 120 DB entry count 6 LS_RTR 2 LS_NET 2 LS_SUM_NET 3 LS_SUM_ASB 0 LS_ASE 3 Areaid 1 nbr count 2...
Page 441 11.11.4.2 11.11.4.2 Router LSA 11.11.4.1 11.11.4.1 11.11.4.2 11.11.4.2 LS ID ADV rtr (DR's IP) 11.11.4.2 11.11.4.2 LS ID ADV rtr (Net's IP) 11.11.1.0 11.11.4.1 11.11.2.255 11.11.4.1 11.11.3.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) Area 2>>>>>>>> Area ID： 1 LS ID ADV rtr (Router ID)
Page 442 11.11.1.3 14.14.14.1 LS ID ADV rtr (Net's IP) 11.11.4.255 11.11.4.1 LS ID ADV rtr (ASBR's Rtr ID) LS ID Route type ADV rtr Age Sequence Cost Checksu (Ext Net's IP) Displayed information OSPF router ID Area 1>>>>>>>> Area ID： 0 Router LSAs Network LSAs Summary Network LSAs...
Page 443 cost State Type Priority Transit Delay Authentication key Timer： Hello, Poll, Dead, Retrans Number of Neigbors Nubmer of Adjacencies Adjacencies （7）show ip ospf neighbor The “show ip ospf neighbor” command can be used to display information about the neighbor OSPF layer 3 switches.
Page 444 area id router id router ip addr state priority last hello last exch （8）show ip ospf routing The “show ip ospf routing” command can be used to display information about the OSPF route table. For example, displayed information can be: Switch#show ip ospf routing AS internal routes：...
Page 445: Ospf Troubleshooting Help
my router ID is 100.1.1.1 preference=10 ase perference=150 export metric=1 export tag=-2147483648 area ID 1 interface count:2 7times spf has been run for this area net range: LSRefreshTime is1800 RIP information rip is shutting down Displayed information OSPF is running My router ID Preference Ase perference...
Page 446: Web Management
18.5 WEB MANAGEMENT Click “Route configuration” to open “routing protocol configuration” to configure the items as follows: Static route configuration RIP configuration OSPF configuration Show ip route 18.5.1 Static route Click “Static route configuration” to configure static route 18.5.1.1 Static route configuration Click “Static route configuration”...
Page 447: Rip Configuration
Click RIP configuration to open RIP configuration including: Enable RIP: enable RIP including Enable RIP: enable Enable port to receive/transmit RIP packet RIP parameter configuration (optional) including: Enable imported route Metricin/out configuration RIP port imported route RIP mode configuration RIP timer configuration 18.5.2.1 RIP configuration 18.5.2.1.1 Enable RIP Click “Enable RIP”...
Page 448: Metricin/Out Configuration
Redistribute imported route cost Operation type: Add or Remove Example: For protocol select OSPF, cost as 5, then select Add. Click Apply button to redistribute imported route cost 5 with OSPF routing protocol to RIP. 18.5.2.2.2 Metricin/out configuration Click “Metricin/out configuration” to enter the configuration page In: the value of metric in.
Page 449: Global Rip Configuration
18.3.2.2.3 RIP authentication type: sets up RIP authentication type. Text means text authentication; md5 means normal MD5 authentication; Cisco MD5 means Cisco MD5 authentication; cancel means back to default. Equivalent to CLI command 18.3.2.2.4. Example: 18.5.2.2.4 Global RIP configuration Click “RIP mode configuration” to enter the configuration page. Set receiving/sending RIP version for all ports: sets up receiving/sending RIP version for all port, including version1, version2 and Cancel means default.
Page 450: Set Rip Timer
18.5.2.2.5 Set RIP timer Click “RIP timer configuration” to enter the configuration page. Equivalent to CLI command 18.3.2.2.18 Update time: sending update packet time interval Invalid timer: RIP route invalid time Holddown timer: specified invalid routes existing interval in the routing table Example: 18.5.3 OSPF Click “OSPF configuration”...
Page 451: Router-Id Configuration
Click “OSPF enable” to enter the configuration page. Equivalent to CLI command 18.4.2.2.19. OSPF enable: select from OSPF enable or OSPF disable Reset: clears selection Example: Select OSPF enable and click Apply button to enable OSPF protocol 18.5.3.1.2 Router-ID configuration Click “Router-ID configuration”...
Page 452: Configure Ospf Area For Port
18.5.3.1.4 Configure OSPF area for port Click “OSPF area configuration” to enter the configuration page for port. Equivalent to CLI command 18.4.2.2.9 Vlan port: port list Area ID: area number Reset: resets each column value to default in this page and this action will not change settings Apply: valid each column value.
Page 453: Passive Interface Configuration
18.5.3.2.2 Passive interface configuration Click “Passive interface configuration” to enter the configuration page. Equivalent to CLI command 18.4.2.2.11. Port: port list Passive interface configuration: sets up to receive OSPF packets only Cancel: cancels the setting. Reset: resets to default parameters Example: Select port vlan1, select Passive interface configuration and click Apply button to configure port vlan 1 as receiving OSPF packet only.
Page 454: Ospf Imported Route Parameter Configuration
18.5.3.3 OSPF imported route parameter configuration Click “OSPF Imported route parameter configuration” to open the configuration table, includes: Imported route parameter configuration: configure imported route default parameter Import external routing information: configure other imported protocol in OSPF 18.5.3.3.1 Imported route parameter configuration Click “Imported route parameter configuration”...
Page 455: Other Parameter Configuration
Reset: resets each column value to default in this page and this action will not change settings Apply: valid each column value. This action will change settings. Default: resets to default settings. This action will change settings. 18.5.3.4 Other parameter configuration Click “Other parameter configuration”...
Page 456: Ospf Virtual Link Configuration
18.5.3.4.3 OSPF virtual link configuration Click “OSPF virtual link configuration” to enter the configuration page. Equivalent to CLI command 8.4.2.2.21 router_id: neighbor virtual lick ID transit area: transit area number hello interval: sending hello packet time interval dead interval: invalid route time interval retran interval: sending LSA retran interval transit delay: sending LSA transit delay Reset: resets each column value to default in this page and this action will not change settings...
Page 457: Display Routing Table
show ip ospf cumulative: displays OSPF statistic information. Equivalent to CLI command 18.4.2.2.24 show ip ospf database: displays OSPF link status data information. Equivalent to CLI command 18.4.2.2.25 show ip ospf interface: displays OSPF interface information. Equivalent to CLI command 18.4.2.2.26 show ip ospf neighbor: displays OSPF neighbor node information.
Page 458: Chapter 19 Multicast Protocol Configuration
Chapter 19 Multicast protocol Configuration 19.1 Multicast Protocol Overview 19.1.1 Introduction to Multicast When sending information (including data, voice and video) to a small number of users in the network, there are several ways of transmission. For example, the unicast method that establishes a separate data transmission channel for each user and the broadcast method which sends information to all users in the network regardless of whether they need the information or not.
Page 459: Ip Multicast Packets Forwarding
group at any time. A multicast group can be either a perpetual one or temporary one. Part of multicast addresses are assigned officially and referred to as the perpetual multicast group. The IP address of a perpetual multicast group remains the same, but the membership can be changed. A perpetual multicast group can have any number of members, even zero.
Page 460: Application Of Multicast
multicast group address in the destination address field of the IP packet. The multicast model differs from the unicast model in that a multicast packet must be forwarded to several external interfaces to send the packet to all receiving stations, i.e., multicast forwarding is more complex than unicast forwarding.
Page 461 Function: Displays the IP multicast packet forwarding entries. Parameters: [group_address] specifies the group address for the forwarding entry to be displayed; [source_address] specifies the source address for the forwarding entry to be displayed Default: No display by default. Command mode: Admin Mode Usage Guide: This command is used to display IP multicast forwarding entries, or the forwarding entries in the system FIB table for forwarding multicast packets.
Page 462: Pim-Dm
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 19.3 PIM-DM 19.3.1 Introduction to PIM-DM PIM-DM (Protocol Independent Multicast，Dense Mode) is a dense mode multicast protocol. It is good for use in small networks as the multicast group members are relatively concentrated in such network environments.
Page 463: Pim-Dm Configuration
19.3.2 PIM-DM Configuration 19.3.2.1 PIM-DM Configuration Task Sequence 1. Enable PIM-DM Basic configuration of PIM-DM routing protocol on ES4710BD series switches is quite simple: just enable PIM-DM in the appropriate interfaces. Command Interface Mode...
Page 464: Ip Pim Query-Interval
Command: ip pim dense-mode no ip pim dense-mode Function: Enables PIM-DM protocol on the interface; the “no ip pim dense-mode” command disables PIM-DM protocol on the interface. Parameters: N/A. Default: PIM-DM protocol is disabled by default. Command mode: Interface Mode Usage Guide: Example: Enabling PIM-DM protocol on interface vlan1.
Page 465: Pim-Dm Troubleshooting Help
SWITCHA Et her net 1/ 2 vl an1 Fig 19-1 Typical PIM-DM environment The followings are the configurations of SwitchA and SwitchB. (1) Configuration of SwitchA: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim dense-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan2 Switch(Config-If-Vlan1)# ip pim dense-mode (2) Configuration of SwitchB: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim dense-mode...
Page 466: Show Ip Pim Mroute Dm
debug ip pim 19.3.4.2 show ip pim mroute dm Command: show ip pim mroute dm Function: Displays the PIM-DM packet forwarding entry Parameters: N/A. Default: No display by default. Command mode: Admin Mode Usage Guide: This command is used to display PIM-DM multicast forwarding entries, or the forwarding entries in the system FIB table for forwarding multicast packets.
Page 467: Show Ip Pim Neighbor
Outgoing interface list Prune interface list 19.3.4.3 show ip pim neighbor Command: show ip pim neighbor [<ifname>] Function: Displays information for neighbors of the PIM interface. Parameters: <ifname> is the interface name, i.e., displays PIM neighbor information of the specified interface. Default: PIM neighbor information is displayed by default on all interfaces.
Page 468: Debug Ip Pim
2.1.1.1 Vlan1 Switch# Displayed information Explanation Interface (the former) Interface name and interface IP Owner Multicast routing protocol of the interface Corresponding virtual interface index to the interface Hello Interval The HELLO packet interval configured on the interface (in seconds) Neighbor-Address Neighbor address Interface (the latter)
Page 469: Pim-Sm
EES4710BD 10 Slots L2/L3/L4 Chassis Switch information to Edge-Core technical service center. 19.4 PIM-SM 19.4.1 Introduction to PIM-SM PIM-SM (Protocol Independent Multicast，Sparse Mode) is a sparse mode multicast protocol, the mode is protocol independent. It is mainly used in large scale networks with group members relatively scattered in large ranges.
Page 470: Pim-Sm Configuration
BSR will quickly take its place. BSR will be decided by the auto-election between C-BSRs. 19.4.2 PIM-SM Configuration 19.4.2.1 PIM-SM Configuration Task Sequence 1. Enable PIM-SM protocol Basic configuration of PIM-SM routing protocol on ES4710BD series switches is quite simple: just enable PIM-SM in the appropriate interfaces. Command Interface Mode ip pim sparse-mode no ip pim sparse-mode 2.
Page 471: Pim-Sm Configuration Commands
1) Configure a switch as the candidate BSR. Command Interface Mode ip pim bsr-candidate <ifname> [hashlength] [Priority] no ip pim bsr-candidate Configure a switch as the candidate RP. Command Interface Mode rp-candidate [group-list access-list] interval] no ip pim rp-candidate [<ifname>] 3.
Page 472: Ip Pim Bsr-Border
Command: ip pim sparse-mode no ip pim sparse-mode Function: Enables PIM-SM protocol on the interface; the “no ip pim sparse-mode” command disables PIM-SM protocol on the interface. Parameters: N/A. Default: PIM-SM protocol is disabled by default. Command mode: Interface Mode Usage Guide: Example: Enabling PIM-SM protocol on interface vlan1.
Page 473: Ip Pim Bsr-Candidate
specified period, that neighbor is considered to be lost. This time setting must be no greater than the neighbor timeout time. Example: Configuring PIM-SM HELLO interval on interface vlan1. Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip pim query-interval 20 19.4.2.2.4 ip pim bsr-candidate Command: ip pim bsr-candidate <ifname>...
Page 474: Typical Pim-Sm Scenario
this command is configured. Example: Setting the interface vlan1 as the candidate RP announcing message sending interface. Switch (Config)# ip pim rp-candidate vlan1 group-list 5 Switch (Config)# access-list 5 permit 239.255.2.0 0.0.0.255 19.4.3 Typical PIM-SM Scenario As shown in the figure below, the Ethernet interfaces of SWITCHA, SWITCHB, SWITCHC and SWITCHD are added to the appropriate vlan, and PIM-SM protocol is enabled on each vlan interface.
Page 475: Pim-Sm Troubleshooting Help
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Switch (Config)#interface vlan 2 Switch(Config-If-Vlan2)# ip pim sparse-mode Switch(Config-If-Vlan2)# exit Switch (Config)# ip pim rp-candidate vlan2 group-list 5 Switch (Config)# access-list 5 permit 239.255.2.0 0.0.0.255 (3) Configuration of SWITCHC: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-If-Vlan2)# ip pim sparse-mode...
Page 476: Show Ip Pim Interface
PIMv2 Bootstrap information BSR address: 192.4.1.3 Priority: 192, Hash mask length: 30 Expires : 00:02:13. Switch # Displayed information BSR address Priority Hash mask length Expires 19.4.4.1.2 show ip pim interface Command: show ip pim interface [<ifname>] Function: Displays information for the PIM interface. Parameters: <ifname>...
Page 477: Show Ip Pim Mroute Sm
Expires 19.4.4.1.3 show ip pim mroute sm Command: show ip pim mroute sm Function: Displays the PIM-SM packet forwarding entry Parameters: N/A. Default: No display by default. Command mode: Admin Mode Usage Guide: This command is used to display PIM-SM multicast forwarding entries, or the forwarding entries in the system FIB table for forwarding multicast packets.
Page 478: Show Ip Pim Rp
192.2.1.1 Vlan2 192.4.1.4 Vlan4 192.4.1.3 Vlan4 Switch # Displayed information Neighbor-Address Interface ifIndex Uptime Expires DR-state 19.4.4.1.5 show ip pim rp Command: show ip pim rp [mapping | group-address] Function: Displays PIM RP related information Parameters: mapping displays the group address and RP association. group-address is the group address.
Page 479: Debug Ip Pim Bsr
00:17:52: PIM: Received v2 Join/Prune on Vlan2 from 192.3.1.3 to 192.3.1.2 00:17:52: PIM: Receive Join-list: (192.1.1.1/32, 225.0.0.1/32), S-bit set 00:17:54: PIM: Received v2 Hello on Vlan4 from 192.4.1.4, holdtime 105 00:17:57: PIM: Received v2 Hello on vlan3 from 192.2.1.1, holdtime 105 00:17:57: PIM: Received v2 Hello on Vlan2 from 192.3.1.3, holdtime 105 00:17:58: PIM: Received v2 Hello on Vlan4 from 192.4.1.3, holdtime 105 00:18:21: PIM: Send v2 Hello on vlan2, holdtime 105...
Page 480: Dvmrp
correctness must be ensured. PIM-SM protocol requires the support of RP and BSR. So “show ip pim bsr-router” command should be run first for BRS information, if no BSR exists, then the unicast route to BSR should be checked. Use the “show ip pim rp” command to verify RP information is correct. If no RP information is displayed, the unicast route should be checked, too.
Page 481: Dvmrp Configuration
Configuring DVMRP route timeout time Configure DVMRP tunneling Disable DVMRP 1. Enable DVMRP Basic configuration of DVMRP routing protocol on ES4710BD series switches is quite simple: just enable DVMRP in the appropriate interfaces. EES4710BD 10 Slots L2/L3/L4 Chassis Switch...
Page 482 CISCO routers/switches. The following command makes a ES4710BD switch to decide the timeout of a neighbor by report packet intervals. Command Interface Mode...
Page 483: Dvmrp Configuration Commands
ip dvmrp report-interval <time_val> no ip dvmrp report-interval d. Configuring DVMRP route timeout time Command Global Mode ip dvmrp route-timeout <time_val> no ip dvmrp route-timeout 4. Configure DVMRP tunneling Command Interface Mode ip dvmrp tunnel <A.B.C.D> [metric <metric_val>] no ip dvmrp tunnel <A.B.C.D> 5.
Page 484: Ip Dvmrp Cisco-Compatible
19.5.2.2.1 ip dvmrp cisco-compatible Command: ip dvmrp cisco-compatible <A.B.C.D> no ip dvmrp cisco-compatible <A.B.C.D> Function: Enables connectivity with CISCO neighbor A, B, C, D; the “no ip dvmrp cisco-compatible” command disables connectivity with CISCO neighbors. Parameters: <A.B.C.D> are the Neighboring IP addresses Default: The connectivity with CISCO neighbors is disabled by default.
Page 485: Ip Dvmrp Metric
Usage Guide: If a new receiver joins that interface when an interface is in the pruned state, the interface will send a graft message to the upstream; if no graft ACK message from the upstream is received, it will keep sending graft message to the upstream at regular interval until an appropriate graft ACK is received.
Page 486: Ip Dvmrp Probe-Interval
19.5.2.2.6 ip dvmrp probe-interval Command: ip dvmrp probe-interval <time_val> no ip dvmrp probe-interval Function: Sets the interval for sending DVMRP probe messages; the “no ip dvmrp probe interval” command restores the default setting. Parameters: <time_val> is the interval for sending DVMRP probe packets, ranging from 5 to 30 seconds..
Page 487: Ip Dvmrp Tunnel
Parameters: < time_val> is the time to timeout a route, the valid range is 20 to 1400 seconds.. Default: The default timeout setting for DVMRP routes is 140 seconds. Command mode: Global Mode Usage Guide: If no updating report message for a route from the neighbor of the route is received in the specified interval, then the route is considered to be invalid.
Page 488: Dvmrp Troubleshooting Help
The followings are the configurations of SwitchA and SwitchB. (1) Configuration of SWITCHA: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip dvmrp enable (2) Configuration of SWITCHB: Switch (Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip dvmrp enable Switch(Config-If-Vlan1)#exit Switch (Config)#interface vlan 2 Switch(Config-If-Vlan2)# ip dvmrp enable 19.5.4 DVMRP Troubleshooting Help 1.
Page 489: Show Ip Dvmrp Neighbor
Outgoing interface list: (Vlan2), protos: 0x2 Upstream prune interface list: Downstream prune interface list: Displayed information (192.168.1.0, 224.1.1.1) Incoming interface Outgoing interface list Upstream prune interface list Downstream prune interface list 19.5.4.1.2 show ip dvmrp neighbor Command: show ip dvmrp neighbor [<ifname>] Function: Displays information for DVMRP neighbors.
Page 490: Show Ip Dvmrp Tunnel
Command mode: Admin Mode Usage Guide: This command is used to display DVMRP route table entries; DVMRP maintains separated unicast route tables for RPF check. Example: Displaying DVMRP routing information. Switch #show ip dvmrp route Switch # Destination/Mask Nexthop 192.168.1.0/24 192.168.1.11 Switch # Displayed information...
Page 491: Debug Ip Dvmrp Detail
19.5.4.1.5 debug ip dvmrp detail Command: debug ip dvmrp detail Function: Enables the debug function for displaying detailed DVMRP information; the “no” format of this command disables this debug function. Parameters: N/A. Default: Disabled. Command mode: Admin Mode Usage Guide: If detailed information about DVMRP packets (except prune and graft) is required, this debug command can be used.
Page 492: Dvmrp Troubleshooting
DVMRP pruning debug is on 02:22:20:26: DVMRP: Received prune on vlan2 from 105.1.1.2, len 20 02:22:20:26: DVMRP: Prune Vers: majorv 3, minorv 255 02:22:20:26: DVMRP: Prune source 192.168.1.105, group 224.1.1.1 02:22:20:40: DVMRP: Received graft on vlan1 from 105.1.1.2, len 16 02:22:20:40: DVMRP: Graft Vers: majorv 3, minorv 255 02:22:20:40: DVMRP: Graft source 192.168.1.105, group 224.1.1.1 02:22:20:40: DVMRP: Send graft-ACK on vlan1 to 105.1.1.2, len 16...
Page 493: Igmp Configuration
network segments connecting to its interfaces. As to the hosts, they only need to keep the information about the multicast groups joined. IGMP is asymmetric for hosts and switches: The hosts respond IGMP query packets sent by the multicast switches, i.e., respond with membership report packets. The switches send membership query packets in regular interval, and decide whether hosts of their subnet join some group or not;...
Page 494 (3) Configure IGMP version 3、 Disable IGMP 1. Enable IGMP There is no special command for enabling IGMP in ES4710BD layer 3 switches, the IGMP automatically enables when any multicast protocol is enabled on the respective interface. Command Interface Mode...
Page 495: Igmp Configuration Commands
ip igmp static-group <A.B.C.D > no ip igmp static -group <A.B.C.D > (2) Configure IGMP query parameters. a. Configure transmission interval of query packets in IGMP b. Configure maximum response time for IGMP queries c. Configure timeout setting for IGMP queries Command Interface Mode ip igmp query-interval <time_val>...
Page 496: Ip Igmp Access-Group
ip igmp version show ip igmp groups show ip igmp interface debug ip igmp event debug ip igmp packet 19.6.2.2.1 ip igmp access-group Command: ip igmp access-group {<acl_num | acl_name>} no ip igmp access-group Function: Sets the filter criteria for IGMP group on the interface; the “no ip igmp access-group” command cancels the filter criteria.
Page 497: Ip Igmp Query-Interval
19.6.2.2.3 ip igmp query-interval Command: ip igmp query-interval <time_val> no ip igmp query-interval Function: Sets the interval for sending IGMP query messages; the “no ip IGMP query interval” command restores the default setting. Parameters: <time_val> is the interval for sending IGMP query packets, ranging from 1 to 65535 seconds.
Page 498: Ip Igmp Static-Group
as the querier for that shared network, the other switches act as timers monitoring the status of the querier; if no query packet from the querier is received after the query timeout time, a new switch will be elected to be the new querier. Example: Configuring the interface timeout setting for IGMP queries to 100 seconds.
Page 499: Igmp Troubleshooting Help
EES4710BD 10 Slots L2/L3/L4 Chassis Switch appropriate vlan, and PIM-DM protocol is enabled on each vlan interface. SWITCHB SWITCHA Et her net 1/ 1 Et her net 1/ 2 Et her net 1/ 1 vl an1 vl an1 vl an2 Fig 19-4 IGMP network topology The followings are the configurations of SwitchA and SwitchB.
Page 500: Show Ip Igmp Interface
Switch#show ip igmp groups IGMP Connect Group Membership (1 group(s) joined) Group Address Interface 239.255.255.250 Vlan123 Switch# Displayed information Group Address Interface Uptime Expires Last Reporter 19.6.4.1.2 show ip igmp interface Command: show ip igmp interface [<ifname>] Function: Displays IGMP related information on the interface Parameters: <ifname>...
Page 501: Debug Ip Igmp Packet
command disables this debug function. Parameters: N/A. Default: Disabled Command mode: Admin Mode Usage Guide: If detailed information about IGMP events is required, this debugging command can be used. Example: Switch# debug ip igmp event igmp event debug is on 01:04:30:56: IGMP: Group 224.1.1.1 on interface vlan1 timed out Switch# 19.6.4.1.4 debug ip igmp packet...
Page 502: Web Management
19.7 WEB MANAGEMENT Click “root page” left content column “Multicast protocol configuration” to enter into multicast protocol configuration root node and make configuration for multicast protocol. Click Multicast common configuration to enter into multicast protocol public monitor mode Click PIM-DM configuration to enter into PIM-DM protocol configuration mode Click PIM-SM configuration to enter into PIM-SM protocol configuration mode Click DVMRP configuration to enter into DVMRP protocol configuration mode Click IGMP configuration to enter into IGMP protocol configuration mode...
Page 503: Pim-Sm Configuration
Query-Interval － Configures local interface PIM-DM hello message interval time Vlan Port － assigns layer 3 interface（select from scroll bar menu） Apply － runs according to configured parameter Default － restores local interface PIM-DM hello message interval time to default 19.7.3 PIM-SM configuration 19.7.3.1 Enable PIM-SM In PIM-SM protocol configuration mode, click “Enable PIM-SM”...
Page 504: Set Router As Bsr Candidate
19.7.3.4 Set router as BSR candidate Click Set router as BSR candidate for configure PIM-SM candidate BSR information ，for compete with other candidate BSR for BSR router. This is the same as CLI command 19.4.2.2.4 Set router as BSR candidate － yes means configure the switch as PIM-SM domain candidate BSR；no means cancel switch to configure as candidate BSR Port －...
Page 505: Cisco-Compatible Configuration
Vlan Port － assigns layer 3 interface（select from scroll bar menu） Apply － runs according to configured parameter Default － disables DVMRP protocol 19.7.4.2 Cisco-compatible configuration Click “Cisco-compatible configuration” to startup the connection with CISCO neighbor. This is the sameas CLI command 19.5.2.2.1 Cisco neighbor’s IP address －...
Page 506: Dvmrp Tunnel Configuration
same as CLI command 19.5.2.2.3 Interval of sending probe packet － Configures the interval of sending probe packet. This is the same as CLI command 19.5.2.2.6 Interval of sending report packet － Configures the interval of sending report packet. This is the same as CLI command 19.5.2.2.7 DVMRP route timeout －configures DVMRP route timeout.
Page 507: Igmp Version Configuration
IGMP query timeout － Configures IGMP query timeout. This is the same as CLI command 19.6.2.2.5 Vlan Port － assigns layer 3 interface（select from scroll bar menu） Apply － runs according to configured parameter restores the interface configuration parameter to default Default －...
Page 508: Show Ip Pim Bsr-Router
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Click “Show ip pim neighbor” to display PIM interface neighbor information. This is the same as CLI command 19.3.4.3 19.7.6.4 Show ip pim bsr-router Click “Show ip pim bsr-router” to display the running PIM-SM protocol BSR information. This is the same as CLI command 19.4.4.1.1 19.7.6.5 Show ip pim mroute sm Click “Show ip pim mroute sm”...
Page 509: Chapter20 802.1X Configuration
Chapter20 802.1x Configuration 20.1 Introduction to 802.1x IEEE 802.1x is a port-based network access management method, which authenticates and manages the accessing devices on the physical access level of the LAN device. The physical access level here are the ports of the switch. If the users’ devices connected to such ports can be authenticated, access to resources in the LAN is allowed;...
Page 510: Configuration
In the IEEE 802.1x application environment, ES4710BD is used as the access management unit, and the user connection device is the device with 802.1x client software. An authenticating server usually reside in the Carrier’s AAA center and usually is a Radius server.
Page 511 Command Global Mode aaa enable no aaa enable aaa-accounting enable no aaa-accounting enable dot1x enable no dot1x enable dot1x privateclient enable no dot1x privateclient enable 2. Access management unit property configuration 1) Configure port authentication status Command Port Mode dot1x port-control {auto|force-authorized|force-u nauthorized } no dot1x port-control...
Page 512 3) Configure expanded 802.1x function: for the switch. Command Global Mode dot1x macfilter enable no dot1x macfilter enable dot1x accept-mac <mac-address> [interface <interface-name>] no dot1x accept-mac <mac-address> [interface <interface-name>] dot1x eapor enable no dot1x eapor enable 3. Supplicant related property configuration Command Global Mode dot1x max-req <count>...
Page 513: Configuration Commands
Global Mode radius-server key <string> no radius-server key 2) Configuring RADIUS Server Command Global Mode radius-server authentication host <IPaddress> [[port {<portNum>}] [primary]] no radius-server authentication host <IPaddress> radius-server accounting host <IPaddress> [[port {<portNum>}] [primary]] no radius-server accounting host <IPaddress> 3) Configure RADIUS Service parameters. Command Global Mode radius-server dead-time...
Page 514: Aaa-Accounting Enable
Usage Guide: The AAA authentication for the switch must be enabled first to enable IEEE 802.1x authentication for the switch. Example: Enabling AAA function for the switch. Switch(Config)#aaa enable 20.2.2.2 aaa-accounting enable Command: aaa-accounting enable no aaa-accounting enable Function: Enables the AAA accounting function in the switch: the "no aaa-accounting enable" command disables the AAA accounting function.
Page 515: Dot1X Eapor Enable
20.2.2.4 dot1x eapor enable Command: dot1x eapor enable no dot1x eapor enable Function: Enables the EAP relay authentication function in the switch; the “no dot1x eapor enable” command sets EAP local end authentication. Command mode: Global Mode Default: EAP relay authentication is used by default. Usage Guide: The switch and RADIUS may be connected via Ethernet or PPP.
Page 516: Dot1X Macfilter Enable
authentication packets support must be enabled in the switch, otherwise many application would not be available. For detailed information, please refer to the introduction of Edge-Core Overall Solution, Standard 802.1x client would not be authenticated if Edge-Core proprietary 802.1x authentication packet format is enforced for client software by the switch.
Page 517: Dot1X Port-Control
Default: The default maximum user allowed is 1. Usage Guide: This command is available for ports using MAC-based access management, if MAC address authenticated exceeds the number of allowed user, additional users will not be able to access the network. Example: Setting port 1/3 to allow 5 users.
Page 518: Dot1X Re-Authentication
specified port. Parameters: <interface-nam> stands for port number, omitting the parameter for all ports. Command mode: Admin Mode Usage Guide: This command is an Admin Mode command. It makes the switch to re-authenticate the client at once without waiting for re-authentication timer timeout. This command is no longer valid after authentication.
Page 519: Dot1X Timeout Tx-Period
Parameters: <seconds> is the interval for re-authentication, in seconds, the valid range is 1 to 65535. Command mode: Global Mode Default: The default value is 3600 seconds. Usage Guide: dot1x re-authentication must be enabled first before supplicant re-authentication interval can be modified. If authentication is not enabled for the switch, the supplicant re-authentication interval set will not take effect.
Page 520: Radius-Server Authentication Host
servers, and all the accounting servers can be backup servers for each other. If primary is specified, then the specified RADIUS server will be the primary server. Example: Sets the RADIUS accounting server of IP address to 100.100.100.60 as the primary server, with the accounting port number as 3000.
Page 521: Radius-Server Key
20.2.2.20 radius-server key Command: radius-server key <string> no radius-server key Function: Specifies the key for the RADIUS server (authentication and accounting); the “no radius-server key” command deletes the key for RADIUS server. Parameters: <string> is a key string for RADIUS server, up to 16 characters are allowed. Command mode: Global Mode Usage Guide: The key is used in the encrypted communication between the switch and the specified RADIUS server.
Page 522: Application Example
time, the switch resends the request packet or sets the server as invalid according to the current conditions. Example: Setting the RADIUS authentication timeout timer value to 30 seconds. Switch(Config)# radius-server timeout 30 20.3 802.1x Application Example 1 0 . 1 . 1 . 1 Fig 20-2 IEEE 802.1x Configuration Example Topology The PC is connecting to port 1/2 of the switch;...
Page 523: Troubleshooting
Switch(Config-Ethernet1/2)#exit 20.4 802.1x Troubleshooting 2o.4.1 802.1x Debug and Monitor Commands 20.4.1.1 show aaa config Command: show aaa config Function: Displays the configured commands for the switch as a RADIUS client. Command mode: Admin Mode Usage Guide: Displays whether AAA authentication, accounting are enabled and information for key, authentication and accounting server specified.
Page 524: Show Aaa Authenticated-User
Time Out = 3 Retransmit = 3 Dead Time = 5 Account Time Interval = 0 Displayed information Is AAA Enabled Is Account Enabled MD5 Server Key authentication server sum authentication server[X].Host IP accounting server sum accounting server[X].Host IP Time Out Retransmit Dead Time Account Time Interval...
Page 525: Show Aaa Authenticating-User
Usage Guide: Usually the administrator is concerned only with the online user information, the other information displayed is used for troubleshooting by technical support. Example: Switch#show aaa authenticated-user ------------------------- authenticated users ------------------------------- UserName Retry RadID Port EapID ChapID OnTime ----------------------------------------------------------------------------- --------------- total: 0 --------------- 20.4.1.3 show aaa authenticating-user...
Page 526: Show Dot1X
The total user num is: 2. Display the statistics for RADIUS authenticated users and others. Switch #sho radius authencating-user count --------------------- Radius user statistic--------------------- The authencating user num is: The stopping user num is: The stopped user num is: The total user num is: 20.4.1.5 show dot1x Command: show dot1x [interface <interface-list>]...
Page 527: Debug Aaa
Supplicant 00-03-0F-FE-2E-D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Displayed information Global 802.1x Parameters reauth-enabled reauth-period quiet-period tx-period max-req authenticator mode Mac Filter MacAccessList dot1x-EAPoR 802.1x is enabled on ethernet 1 Authentication Method: Status Port-control Supplicant...
Page 528: Debug Dot1X
process and is helpful in troubleshooting. Example: Enabling AAA debugging information. Switch#debug aaa 20.4.1.7 debug dot1x Command: debug dot1x no debug dot1x Function: Enables dot1x debugging information; the “ no debug dot1x” command disables the dot1x debugging information. Command mode: Admin Mode Parameters: N/A.
Page 529: Web Management
20.5 WEB MANAGEMENT Click “Authentication configuration”, to open authentication configuration management list.Users may configure switch 802.1x authentication function. 20.5.1 RADIUS client configuration Click “Authentication configuration”, “RADIUS client configuration”, to open Radius client configuration management list Users may the configure switch Radius client. 20.5.1.1 RADIUS global configuration Click “Authentication configuration”, “RADIUS client configuration”, “RADIUS global configuration”...
Page 530: Radius Authentication Configuration
20.5.1.2 RADIUS authentication configuration Click “Authentication configuration”, “RADIUS client configuration”, “RADIUS authentication configuration” to configure the RADIUS authentication server IP address and monitor port ID. Equivalent to CLI command 20.2.2.17. Authentication server IP – Server IP address. Authentication server port (optional) - Is the server monitor port ID, with range: 0~65535, where “0”...
Page 531: Radius Accounting Configuration
20.5.1.3 RADIUS accounting configuration Click “Authentication configuration”, “RADIUS client configuration”, “RADIUS accounting configuration” to configure the RADIUS accounting server’s IP address and monitor port ID. Equivalent to CLI command 20.2.2.16. Accounting server IP - server IP address. Accounting server port(optional) – is the accounting server port ID, with range: 0~65535, where “0”...
Page 532: Port Authentication Configuration
suppliant. Equivalent to CLI command 20.2.2.12. Holddown time for authentication failure(1-65535 second) - Configures suppliant quiet-period status time after authentication failure. Same as CLI command 20.2.2.13. Re-authenticate client interval(1-65535 second) - Configures time interval of switch re-authentication client. Equivalent to CLI command 20.2.2.14. Resending EAP-request/identity interval(1-65535 second) - Configures time interval of switch retransfer EAP-request/identity frame to suppliant.
Page 533: Port Mac Configuration
Authentication mode – Configures the access control method for a specific port. Mac-based is access control method which is based on MAC address; port-based access control method which is based on port. Same as CLI command 20.2.2.10. Port maximum user(1-254) - Configures the permission maximum user for specific port. Same as CLI command 20.2.2.8.
Page 534 port 802.1x configuration information, and make re-authentication for the specific port. Same as CLI command 1.2.2.11. Port – assign port 802.1x status – port 802.1x status Authentication type – Authentication type Authentication status – Authentication status Authentication mode – Authentication mode Example: Choose Ethernet port 1/1, then Click Reauthenticate button, the user in Ethernet port 1/1 will be force to make re-authentication.
Page 535: Chapter21 Vrrp Configuration
Chapter21 VRRP Configuration 21.1 Introduction to VRRP VRRP (Virtual Router Redundancy Protocol) is a fault tolerant protocol designed to enhance connection reliability between routes (or L3 Ethernet switches) and external devices. It is developed by the IETF for local area networks (LAN) with multicast/broadcast capability (Ethernet is a typical example) and has wide applications.
Page 536 2) Configure VRRP priority 3) Configure VRRP Timer intervals 4) Configure VRRP interface monitor 1. Create/Remove the Virtual Router Command Global Mode [no] router vrrp <vrid> 2. Configure VRRP Dummy IP Address and Interface Command VRRP protocol configuration mode virtual-ip <ip> {master| backup} no virtual-ip interface{IFNAME | Vlan <ID>} no interface...
Page 537: Vrrp Configuration Commands
(1) Configure the preemptive mode for VRRP Command VRRP protocol configuration mode preempt-mode {true| false} (2) Configure VRRP priority Command VRRP protocol configuration mode priority < priority > (3) Configure VRRP Timer intervals Command VRRP protocol configuration mode advertisement-interval <time> (4) Configure VRRP interface monitor Command VRRP protocol configuration mode...
Page 538: Interface
Commands: virtual-ip <A.B.C.D> {master| backup} no virtual-ip Function: Configures the VRRP dummy IP address Parameters: <A.B.C.D> is the IP address in decimal format. Default: Not configured by default. Command mode: VRRP protocol configuration mode Usage Guide: This command adds a dummy IP address to an existing Standby cluster. The "no virtual-ip"...
Page 539: Disable
must be configured first before starting Virtual Router. Example: Activating the Virtual Router of number 10 Switch(config)# router vrrp 10 Switch(Config-Router-Vrrp)# enable 21.1.2.5 disable Commands: disable Function: Deactivates VRRP Parameters: N/A. Default: Not configured by default. Command mode: VRRP protocol configuration mode Usage Guide: Deactivates a Virtual Router.
Page 540: Preempt
Parameters: <string> stands for the VRRP authentication string. Default: There is no authentication string by default. Command mode: Interface Mode Usage Guide: This command keeps the VRRP standby cluster from the disturbance of unauthorized members, all switches in the same standby cluster should have the same authentication string if Simple String mode applies.
Page 541: Advertisement-Interval
Switch(Config-Router-Vrrp)# priority 150 21.1.2.10 advertisement-interval Commands: advertisement-interval <adver_interval> no advertisement-interval Function: Sets the vrrp timer values; the “no advertisement-interval” command restores the default setting. Parameters: <adver_interva> is the interval for sending VRRP packets in seconds, ranging from 1 to 10. Default: The default <adver_interva>...
Page 542: Typical Vrrp Scenario
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Backup cannot changes its status due to lower priority than the Master when the Master fails. Example: Configuring vrrp monitor interface to vlan 2 and decreasing amount of priority to 10. Switch(Config-Router-Vrrp)# circuit-failover vlan 2 10 21.2 Typical VRRP Scenario As shown in the figure below, SWITCHA and SWITCHB are Layer 3 Ethernet Switches in the same group and provide redundancy for each other;...
Page 543: Monitor And Debug Commands
21.3.1 Monitor and Debug Commands 21.3.1.1 show vrrp Commands: show vrrp [<vrid>] Function: Displays status and configuration information for the VRRP standby cluster. Command mode: All Modes Example: Switch# show vrrp VrId <1> State is Initialize Virtual IP is 10.1.20.10 (Not IP owner) Interface is Vlan2 Priority is 100 Advertisement interval is 1 sec...
Page 544: Vrrp Troubleshooting Help
Default: Debugging information is disabled by default. Command mode: Admin Mode Example: Switch# debug vrrp VRRP SEND[Hello]: Advertisement sent for vrid=[10], virtual-ip=[10.1.10.1] VRRP SEND[Hello]: Advertisement sent for vrid=[10], virtual-ip=[10.1.10.1] VRRP SEND[Hello]: Advertisement sent for vrid=[10], virtual-ip=[10.1.10.1] VRRP SEND[Hello]: Advertisement sent for vrid=[10], virtual-ip=[10.1.10.1] 21.3.2 VRRP Troubleshooting Help In configuring and using VRRP protocol, the VRRP protocol may fail to run properly due to reasons such as physical connection failure or wrong configurations.
Page 545: Configure Vrrp Dummy Ip
EES4710BD 10 Slots L2/L3/L4 Chassis Switch 21.4.2 Configure VRRP Dummy IP Click “VRRP control” to configure VRRP and enter "VRRP Dummy IP Config". Example: Enter the created Virtual Router number 1, VRRP Dummy IP address 192.168.2.100 and select the VRRP number type to be Master. Click Apply to add the Dummy IP address to Virtual Router number 1 of Master type.
Page 546: Configure Vrrp Priority
EES4710BD 10 Slots L2/L3/L4 Chassis Switch to configure the preemptive mode for virtual router number 1 to "True". 21.4.6 Configure VRRP priority Click “VRRP control” to configure VRRP and enter "VRRP Priority". Example: Enter the created Virtual Router number "1" and priority. Click Enable to set the priority of virtual router number 1 to "255".
Page 547: Configure Authentication String For Vrrp
EES4710BD 10 Slots L2/L3/L4 Chassis Switch Example: Choose created "Vlan1" for Port and "yes" for AuthenMode. Click Apply to finish Port Vlan1 authentication mode configuration. 21.4.10 Configure Authentication String For VRRP Click “VRRP control” to enter "VRRP AuthenString" and configure VRRP authentication string. Example: Choose created "Vlan1"...

Accton Technology ES4710BD User Manual

Chapter 1 Product Overview

Chapter 2 Hardware Installation

Chapter 3 Setup Configuration

Chapter 4 Switch Management

Chapter 5 Basic Switch Configuration

Chapter 6 Device Management

Chapter 7 Port Configuration

Quick Links

Troubleshooting

Related Manuals for Accton Technology ES4710BD

Summary of Contents for Accton Technology ES4710BD