Raisecom ISCOM2110G PWR (B) network switch Configuration Guide

Raisecom ISCOM2110G PWR (B) network switch Configuration Guide
Add to My manuals

Below you will find brief information for network switch ISCOM2110G PWR (B). The ISCOM2110G PWR (B) is a network switch designed for small and medium-sized businesses. It provides a range of features, including Gigabit Ethernet connectivity, PoE support, and VLAN support. This guide will help you configure and manage your ISCOM2110G PWR (B) network switch.

advertisement

Assistant Bot

Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.

Raisecom ISCOM2110G PWR (B) Configuration Guide | Manualzz

www.raisecom.com

ISCOM2110G-PWR (B)

Configuration Guide

(Rel_01)

Raisecom Technology Co., Ltd. provides customers with comprehensive technical support and services. For any assistance, please contact our local office or company headquarters.

Website: http://www.raisecom.com

Tel: 8610-82883305

Fax: 8610-82883056

Email: [email protected]

Address: Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian District, Beijing,

P.R.China

Postal code: 100094

-----------------------------------------------------------------------------------------------------------------------------------------

Notice

Copyright © 2013

Raisecom

All rights reserved.

No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom

Technology Co., Ltd.

is the trademark of Raisecom Technology Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Preface

Preface

Objectives

This document describes features supported by the ISCOM2110G-PWR, and related configurations, including basic principles and configuration procedure of Ethernet, route, reliability, OAM, security, and QoS, and related configuration examples.

The appendix lists terms, acronyms, and abbreviations involved in this document.

By reading this document, you can master principles and configurations of the ISCOM2110G-

PWR, and how to network with the ISCOM2110G-PWR.

Versions

The following table lists the product versions related to this document.

Product name

ISCOM2110G-PWR

Hardware version

B

Software version

ROS_4.14

Conventions

Symbol conventions

The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates a hazard with a medium or low level of risk which, if not avoided, could result in minor or moderate injury.

Indicates a potentially hazardous situation that, if not avoided, could cause equipment damage, data loss, and performance degradation, or unexpected results.

Provides additional information to emphasize or supplement important points of the main text.

Raisecom Technology Co., Ltd. i

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Symbol

Preface

Description

Indicates a tip that may help you solve a problem or save time.

General conventions

Convention

Times New Roman

Arial

Boldface

Description

Normal paragraphs are in Times New Roman.

Paragraphs in Warning, Caution, Notes, and Tip are in Arial.

Names of files, directories, folders, and users are in boldface.

For example, log in as user root.

Italic

Book titles are in italics.

Lucida Console

Terminal display is in Lucida Console.

Command conventions

Convention

Boldface

Italic

[]

{ x | y | ... }

[ x | y | ... ]

{ x | y | ... } *

[ x | y | ... ] *

Description

The keywords of a command line are in boldface.

Command arguments are in italics.

Items (keywords or arguments) in square brackets [ ] are optional.

Alternative items are grouped in braces and separated by vertical bars. Only one is selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.

Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. A minimum of none or a maximum of all can be selected.

Keyboard operation

Format

Key

Description

Press the key. For example, press Enter and press Tab. ii Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Format

Key 1+Key 2

Preface

Description

Press the keys concurrently. For example, pressing Ctrl+C means the two keys should be pressed concurrently.

Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means the two keys should be pressed in turn.

Change history

Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions.

Issue 01 (2013-08-02)

Initial commercial release

Raisecom Technology Co., Ltd. iii

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

Contents

1 Basic configurations ..................................................................................................................... 1

1.1 Accessing device .............................................................................................................................................. 1

1.1.1 Introduction ............................................................................................................................................. 1

1.1.2 Accessing through Console interface ...................................................................................................... 2

1.1.3 Accessing through Telnet ........................................................................................................................ 3

1.1.4 Accessing through SSHv2 ....................................................................................................................... 5

1.1.5 Checking configurations ......................................................................................................................... 6

1.2 CLI ................................................................................................................................................................... 7

1.2.1 Introduction ............................................................................................................................................. 7

1.2.2 Levels ...................................................................................................................................................... 7

1.2.3 Modes ...................................................................................................................................................... 7

1.2.4 Command line shortcuts .......................................................................................................................... 9

1.2.5 Acquiring help ....................................................................................................................................... 10

1.2.6 Display information .............................................................................................................................. 13

1.2.7 Command history .................................................................................................................................. 14

1.2.8 Restoring default value of command line ............................................................................................. 14

1.3 Managing users .............................................................................................................................................. 15

1.3.1 Introduction ........................................................................................................................................... 15

1.3.2 Configuring user management .............................................................................................................. 15

1.3.3 Checking configurations ....................................................................................................................... 15

1.4 Managing files ................................................................................................................................................ 16

1.4.1 Managing BootROM files ..................................................................................................................... 16

1.4.2 Managing system files .......................................................................................................................... 16

1.4.3 Managing configuration files ................................................................................................................ 17

1.4.4 Checking configurations ....................................................................................................................... 18

1.5 Configuring time management ....................................................................................................................... 18

1.5.1 Configuring time and time zone ............................................................................................................ 18

1.5.2 Configuring DST .................................................................................................................................. 19

1.5.3 Configuring NTP .................................................................................................................................. 20

1.5.4 Configuring SNTP ................................................................................................................................ 21

1.5.5 Checking configurations ....................................................................................................................... 22

1.6 Configuring interface management ................................................................................................................ 22

iv Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

1.6.1 Default configurations of interfaces ...................................................................................................... 22

1.6.2 Configuring basic attributes of interfaces ............................................................................................. 22

1.6.3 Configuring flow control on interfaces ................................................................................................. 23

1.6.4 Configuring interface statistics ............................................................................................................. 23

1.6.5 Enabling/Disabling interface ................................................................................................................. 24

1.6.6 Checking configurations ....................................................................................................................... 24

1.7 Configuring basic information ....................................................................................................................... 24

1.8 Task scheduling .............................................................................................................................................. 25

1.9 Watchdog ........................................................................................................................................................ 26

1.10 Load and upgrade ......................................................................................................................................... 27

1.10.1 Introduction ......................................................................................................................................... 27

1.10.2 Configuring TFTP auto-loading mode ................................................................................................ 27

1.10.3 Upgrading system software through BootROM .................................................................................. 28

1.10.4 Upgrading system software through CLI ............................................................................................ 29

1.10.5 Checking configurations ..................................................................................................................... 30

1.10.6 Exampe for configuring TFTP auto-loading ....................................................................................... 30

2 Ethernet ......................................................................................................................................... 33

2.1 MAC address table ......................................................................................................................................... 33

2.1.1 Introduction ........................................................................................................................................... 33

2.1.2 Preparing for configurations ................................................................................................................. 35

2.1.3 Default configurations of MAC address table ....................................................................................... 35

2.1.4 Configuring static MAC address ........................................................................................................... 35

2.1.5 Configuring multicast filtering mode for MAC address table ............................................................... 36

2.1.6 Configuring MAC address learning ...................................................................................................... 36

2.1.7 Configuring MAC address limit............................................................................................................ 37

2.1.8 Configuring aging time of MAC addresses ........................................................................................... 37

2.1.9 Checking configurations ....................................................................................................................... 37

2.1.10 Maintenance ........................................................................................................................................ 38

2.1.11 Example for configuring MAC address table ...................................................................................... 38

2.2 VLAN ............................................................................................................................................................. 39

2.2.1 Introduction ........................................................................................................................................... 39

2.2.2 Preparing for configurations ................................................................................................................. 41

2.2.3 Default configurations of VLAN .......................................................................................................... 41

2.2.4 Configuring VLAN attributes ............................................................................................................... 42

2.2.5 Configuring interface mode .................................................................................................................. 42

2.2.6 Configuring VLAN on Access interface ............................................................................................... 43

2.2.7 Configuring VLAN on Trunk interface ................................................................................................. 43

2.2.8 Checking configurations ....................................................................................................................... 44

2.3 QinQ ............................................................................................................................................................... 45

2.3.1 Introduction ........................................................................................................................................... 45

2.3.2 Preparing for configurations ................................................................................................................. 46

v Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

2.3.3 Default configurations of QinQ ............................................................................................................ 46

2.3.4 Configuring basic QinQ ........................................................................................................................ 46

2.3.5 Configuring selective QinQ .................................................................................................................. 46

2.3.6 Configuring egress interface toTrunk mode .......................................................................................... 47

2.3.7 Checking configurations ....................................................................................................................... 47

2.3.8 Maintenance .......................................................................................................................................... 47

2.3.9 Example for configuring basic QinQ .................................................................................................... 48

2.3.10 Example for configuring selective QinQ ............................................................................................ 50

2.4 VLAN mapping .............................................................................................................................................. 53

2.4.1 Introduction ........................................................................................................................................... 53

2.4.2 Preparing for configurations ................................................................................................................. 54

2.4.3 Configuring 1:1 VLAN mapping .......................................................................................................... 54

2.4.4 Checking configurations ....................................................................................................................... 54

2.4.5 Example for configuring VLAN mapping ............................................................................................ 55

2.5 Interface protection ........................................................................................................................................ 56

2.5.1 Introduction ........................................................................................................................................... 56

2.5.2 Preparing for configurations ................................................................................................................. 57

2.5.3 Default configurations of interface protection ...................................................................................... 57

2.5.4 Configuring interface protection ........................................................................................................... 57

2.5.5 Checking configurations ....................................................................................................................... 57

2.5.6 Example for configuring interface protection ....................................................................................... 58

2.6 Port mirroring ................................................................................................................................................. 61

2.6.1 Introduction ........................................................................................................................................... 61

2.6.2 Preparing for configurations ................................................................................................................. 61

2.6.3 Default configurations of port mirroring ............................................................................................... 62

2.6.4 Configuring port mirroring on local port .............................................................................................. 62

2.6.5 Checking configurations ....................................................................................................................... 63

2.6.6 Example for configuring port mirroring ................................................................................................ 63

2.7 Layer 2 protocol transparent transmission ..................................................................................................... 64

2.7.1 Introduction ........................................................................................................................................... 64

2.7.2 Preparing for configurations ................................................................................................................. 65

2.7.3 Default configurations of Layer 2 protocol transparent transmission ................................................... 65

2.7.4 Configuring transparent transmission parameters ................................................................................. 65

2.7.5 Checking configurations ....................................................................................................................... 66

2.7.6 Maintenance .......................................................................................................................................... 66

2.7.7 Example for configuring Layer 2 protocol transparent transmission .................................................... 66

3 IP services ..................................................................................................................................... 70

3.1 ARP ................................................................................................................................................................ 70

3.1.1 Introduction ........................................................................................................................................... 70

3.1.2 Preparing for configurations ................................................................................................................. 71

3.1.3 Default configurations of ARP .............................................................................................................. 71

vi Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

3.1.4 Configuring static ARP entries .............................................................................................................. 71

3.1.5 Configuring aging time of dynamic ARP entries .................................................................................. 72

3.1.6 Configuring dynamic ARP entry learning mode ................................................................................... 72

3.1.7 Checking configurations ....................................................................................................................... 72

3.1.8 Maintenance .......................................................................................................................................... 72

3.1.9 Configuring ARP .................................................................................................................................. 73

3.2 Layer 3 interface ............................................................................................................................................ 74

3.2.1 Introduction ........................................................................................................................................... 74

3.2.2 Preparing for configurations ................................................................................................................. 74

3.2.3 Configuring Layer 3 interface ............................................................................................................... 74

3.2.4 Checking configurations ....................................................................................................................... 75

3.2.5 Example for configuring Layer 3 interface to interconnect with host ................................................... 75

3.3 Default gateway ............................................................................................................................................. 77

3.3.1 Introduction ........................................................................................................................................... 77

3.3.2 Preparing for configurations ................................................................................................................. 77

3.3.3 Configuring default gateway ................................................................................................................. 77

3.3.4 Configuring static route ........................................................................................................................ 78

3.3.5 Checking configurations ....................................................................................................................... 78

3.4 DHCP Client .................................................................................................................................................. 78

3.4.1 Introduction ........................................................................................................................................... 78

3.4.2 Preparing for configurations ................................................................................................................. 81

3.4.3 Default configurations of DHCP Client ................................................................................................ 81

3.4.4 Applying for IP address through DHCP ................................................................................................ 81

3.4.5 (Optional) configuring DHCP Client .................................................................................................... 82

3.4.6 (Optional) renewing or releasing IP address ......................................................................................... 82

3.4.7 Checking configurations ....................................................................................................................... 83

3.4.8 Example for configuring DHCP Client ................................................................................................. 83

3.5 DHCP Relay ................................................................................................................................................... 84

3.5.1 Introduction ........................................................................................................................................... 84

3.5.2 Preparing for configurations ................................................................................................................. 85

3.5.3 Default configurations of DHCP Relay ................................................................................................. 85

3.5.4 Configuring global DHCP Relay .......................................................................................................... 85

3.5.5 Configuring interface DHCP Relay ...................................................................................................... 85

3.5.6 Configuring destination IP address for forwarding packets .................................................................. 86

3.5.7 (Optional) configuring DHCP Relay to support Option 82 ................................................................... 86

3.5.8 Checking configurations ....................................................................................................................... 86

3.6 DHCP Snooping ............................................................................................................................................. 87

3.6.1 Introduction ........................................................................................................................................... 87

3.6.2 Preparing for configurations ................................................................................................................. 88

3.6.3 Default configurations of DHCP Snooping ........................................................................................... 88

3.6.4 Configuring DHCP Snooping ............................................................................................................... 88

3.6.5 Checking configurations ....................................................................................................................... 89

vii Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

3.6.6 Example for configuring DHCP Snooping............................................................................................ 89

3.7 DHCP Options ................................................................................................................................................ 91

3.7.1 Introduction ........................................................................................................................................... 91

3.7.2 Preparing for configurations ................................................................................................................. 92

3.7.3 Default configurations of DHCP Option ............................................................................................... 92

3.7.4 Configuring DHCP Option field ........................................................................................................... 93

3.7.5 Checking configurations ....................................................................................................................... 93

4 PoE.................................................................................................................................................. 94

4.1 Introduction .................................................................................................................................................... 94

4.1.1 PoE principle ......................................................................................................................................... 94

4.1.2 PoE modules ......................................................................................................................................... 94

4.1.3 PoE advantages ..................................................................................................................................... 95

4.1.4 PoE concepts ......................................................................................................................................... 95

4.2 Configuring PoE ............................................................................................................................................. 96

4.2.1 Preparing for configurations ................................................................................................................. 96

4.2.2 Default configurations of PoE ............................................................................................................... 96

4.2.3 Enabling interface PoE .......................................................................................................................... 96

4.2.4 Configuring maximum output power of interface power supply .......................................................... 97

4.2.5 Configuring priority of interface power supply .................................................................................... 97

4.2.6 Configuring PSE power utilization ratio threshold ............................................................................... 97

4.2.7 Enabling non-standard PD identification .............................................................................................. 97

4.2.8 Enabling forcible power supply on interface ........................................................................................ 98

4.2.9 Enabling overtemperature protection .................................................................................................... 98

4.2.10 Enabling global Trap ........................................................................................................................... 98

4.2.11 Checking configurations ..................................................................................................................... 99

4.3 Example for configuring PoE switch power supply ....................................................................................... 99

5 QoS ............................................................................................................................................... 102

5.1 Introduction .................................................................................................................................................. 102

5.1.1 Service model...................................................................................................................................... 102

5.1.2 Priority trust ........................................................................................................................................ 103

5.1.3 Traffic classification ............................................................................................................................ 103

5.1.4 Traffic policy ....................................................................................................................................... 105

5.1.5 Priority mapping ................................................................................................................................. 106

5.1.6 Congestion management ..................................................................................................................... 106

5.1.7 Rate limiting based on interface and VLAN ....................................................................................... 107

5.2 Configuring basic QoS ................................................................................................................................. 108

5.2.1 Preparing for configurations ............................................................................................................... 108

5.2.2 Default configurations of basic QoS ................................................................................................... 108

5.2.3 Enabling global QoS ........................................................................................................................... 108

5.2.4 Checking configurations ..................................................................................................................... 108

5.3 Configuring traffic classification and traffic policy ..................................................................................... 109

viii Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

5.3.1 Preparing for configurations ............................................................................................................... 109

5.3.2 Default configurations of traffic classification and traffic policy ....................................................... 109

5.3.3 Creating traffic classification .............................................................................................................. 109

5.3.4 Configuring traffic classification rules ................................................................................................ 109

5.3.5 Creating token bucket and rate limiting rules ..................................................................................... 110

5.3.6 Creating traffic policy ......................................................................................................................... 111

5.3.7 Defining traffic policy mapping .......................................................................................................... 111

5.3.8 Defining traffic policy operation ......................................................................................................... 111

5.3.9 Applying traffic policy to interface ..................................................................................................... 112

5.3.10 Checking configurations ................................................................................................................... 113

5.3.11 Maintenance ...................................................................................................................................... 113

5.4 Configuring priority mapping ...................................................................................................................... 113

5.4.1 Preparing for configurations ............................................................................................................... 113

5.4.2 Default configurations of basic QoS ................................................................................................... 114

5.4.3 Configuring interface trust priority type ............................................................................................. 114

5.4.4 Configuring mapping from CoS to local priority ................................................................................ 115

5.4.5 Configuring mapping from DSCP to local priority ............................................................................. 115

5.4.6 Configuring mapping from local priority to DSCP ............................................................................. 115

5.4.7 Configuring all-traffic modification on interface ................................................................................ 116

5.4.8 Configuring specific-traffic modification ........................................................................................... 116

5.4.9 Configuring CoS copying ................................................................................................................... 116

5.4.10 Checking configurations ................................................................................................................... 117

5.5 Configuring congestion management ........................................................................................................... 117

5.5.1 Preparing for configurations ............................................................................................................... 117

5.5.2 Default configurations of congestion management ............................................................................. 118

5.5.3 Configuring SP queue scheduling ....................................................................................................... 118

5.5.4 Configuring WRR or SP+WRR queue scheduling ............................................................................. 118

5.5.5 Configuring queue transmission rate .................................................................................................. 118

5.5.6 Checking configurations ..................................................................................................................... 119

5.6 Configuring rate limiting based on interface and VLAN ............................................................................. 119

5.6.1 Preparing for configurations ............................................................................................................... 119

5.6.2 Configuring rate limiting based on interface ....................................................................................... 119

5.6.3 Configuring rate limiting based on VLAN.......................................................................................... 119

5.6.4 Configuring rate limiting based on QinQ ............................................................................................ 120

5.6.5 Checking configurations ..................................................................................................................... 120

5.6.6 Maintenance ........................................................................................................................................ 120

5.7 Configuring examples .................................................................................................................................. 121

5.7.1 Example for configuring congestion management .............................................................................. 121

5.7.2 Example for configuring rate limiting based on interface ................................................................... 123

6 Multicast ..................................................................................................................................... 125

6.1 Overview ...................................................................................................................................................... 125

ix Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

6.1.2 IGMP Snooping .................................................................................................................................. 127

6.1.3 MVR ................................................................................................................................................... 128

6.1.4 MVR Proxy ......................................................................................................................................... 128

6.1.5 IGMP filtering ..................................................................................................................................... 129

6.2 Configuring IGMP Snooping ....................................................................................................................... 130

6.2.1 Preparing for configurations ............................................................................................................... 130

6.2.2 Default configurations of IGMP Snooping ......................................................................................... 130

6.2.3 Enabling global IGMP Snooping ........................................................................................................ 131

6.2.4 (Optional) enabling IGMP Snooping on VLANs ................................................................................ 131

6.2.5 Configuring multicast router interface ................................................................................................ 132

6.2.6 (Optional) configuring aging time of IGMP Snooping ....................................................................... 132

6.2.7 (Optional) configuring immediate leaving .......................................................................................... 133

6.2.8 (Optional) configuring static multicast table ....................................................................................... 133

6.2.9 Checking configurations ..................................................................................................................... 134

6.3 Configuring MVR ........................................................................................................................................ 134

6.3.1 Preparing for configurations ............................................................................................................... 134

6.3.2 Default configurations of MVR .......................................................................................................... 134

6.3.3 Configuring MVR basic information .................................................................................................. 135

6.3.4 Configuring MVR interface information ............................................................................................ 135

6.3.5 Checking configurations ..................................................................................................................... 136

6.4 Configuring MVR Proxy .............................................................................................................................. 137

6.4.1 Preparing for configurations ............................................................................................................... 137

6.4.2 Default configurations of IGMP Proxy ............................................................................................... 137

6.4.3 Configuring IGMP Proxy .................................................................................................................... 137

6.4.4 Checking configurations ..................................................................................................................... 138

6.5 Configuring IGMP filtering .......................................................................................................................... 139

6.5.1 Preparing for configurations ............................................................................................................... 139

6.5.2 Default configurations of IGMP filtering ............................................................................................ 139

6.5.3 Enabling global IGMP filtering ........................................................................................................... 139

6.5.4 Configuring IGMP filtering rules ........................................................................................................ 140

6.5.5 Applying IGMP filtering rules ............................................................................................................ 140

6.5.6 Configuring maximum number of multicast groups ........................................................................... 140

6.5.7 Checking configurations ..................................................................................................................... 141

6.6 Maintenance ................................................................................................................................................. 142

6.7 Configuration examples ............................................................................................................................... 142

6.7.1 Example for configuring IGMP Snooping .......................................................................................... 142

6.7.2 Example for configuring MVR and MVR Proxy ................................................................................ 143

6.7.3 Example for applying IGMP filtering and maximum number of multicast groups to interface .......... 146

6.7.4 Example for applying IGMP filtering and maximum number of multicast groups to VLAN ............. 148

7 Security........................................................................................................................................ 151

7.1 ACL .............................................................................................................................................................. 151

x Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

7.1.1 Introduction ......................................................................................................................................... 151

7.1.2 Preparing for configurations ............................................................................................................... 152

7.1.3 Default configurations of ACL............................................................................................................ 152

7.1.4 Configuring IP ACL ............................................................................................................................ 153

7.1.5 Configuring MAC ACL ...................................................................................................................... 153

7.1.6 Configuring MAP ACL ....................................................................................................................... 153

7.1.7 Applying ACL ..................................................................................................................................... 156

7.1.8 Checking configurations ..................................................................................................................... 158

7.1.9 Maintenance ........................................................................................................................................ 158

7.2 Secure MAC address .................................................................................................................................... 158

7.2.1 Introduction ......................................................................................................................................... 158

7.2.2 Preparing for configurations ............................................................................................................... 160

7.2.3 Default configurations of secure MAC address .................................................................................. 160

7.2.4 Configuring basic functions of secure MAC address .......................................................................... 160

7.2.5 Configuring static secure MAC address .............................................................................................. 161

7.2.6 Configuring dynamic secure MAC address ........................................................................................ 162

7.2.7 Configuring Sticky secure MAC address ............................................................................................ 162

7.2.8 Checking configurations ..................................................................................................................... 163

7.2.9 Maintenance ........................................................................................................................................ 163

7.2.10 Example for configuring secure MAC address ................................................................................. 163

7.3 Dynamic ARP inspection ............................................................................................................................. 165

7.3.1 Introduction ......................................................................................................................................... 165

7.3.2 Preparing for configurations ............................................................................................................... 166

7.3.3 Default configurations of dynamic ARP inspection ............................................................................ 167

7.3.4 Configuring trusted interfaces of dynamic ARP inspection ................................................................ 167

7.3.5 Configuring static binding of dynamic ARP inspection ...................................................................... 167

7.3.6 Configuring dynamic binding of dynamic ARP inspection ................................................................. 168

7.3.7 Configuring protection VLAN of dynamic ARP inspection ............................................................... 168

7.3.8 Configuring rate limiting on ARP packets on interface ...................................................................... 168

7.3.9 Configuring auto-recovery time for rate limiting on ARP packets ...................................................... 169

7.3.10 Checking configurations ................................................................................................................... 169

7.3.11 Example for configuring dynamic ARP inspection ........................................................................... 169

7.4 RADIUS ....................................................................................................................................................... 172

7.4.1 Introduction ......................................................................................................................................... 172

7.4.2 Preparing for configurations ............................................................................................................... 172

7.4.3 Default configurations of RADIUS .................................................................................................... 172

7.4.4 Configuring RADIUS authentication .................................................................................................. 173

7.4.5 Configuring RADIUS accounting ....................................................................................................... 173

7.4.6 Checking configurations ..................................................................................................................... 174

7.4.7 Example for configuring RADIUS ..................................................................................................... 175

7.5 TACACS+ .................................................................................................................................................... 176

7.5.1 Introduction ......................................................................................................................................... 176

xi Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

7.5.2 Preparing for configurations ............................................................................................................... 176

7.5.3 Default configurations of TACACS+ .................................................................................................. 177

7.5.4 Configuring TACACS+ authentication ............................................................................................... 177

7.5.5 Configuring TACACS+ accounting .................................................................................................... 178

7.5.6 Configuring TACACS+ authorization................................................................................................. 178

7.5.7 Checking configurations ..................................................................................................................... 178

7.5.8 Maintenance ........................................................................................................................................ 179

7.5.9 Example for configuring TACACS+ ................................................................................................... 179

7.6 Storm control ................................................................................................................................................ 180

7.6.1 Preparing for configurations ............................................................................................................... 180

7.6.2 Default configurations of storm control .............................................................................................. 181

7.6.3 Configuring storm control ................................................................................................................... 181

7.6.4 Configuring DLF packet forwarding .................................................................................................. 181

7.6.5 Checking configurations ..................................................................................................................... 182

7.6.6 Example for configuring storm control ............................................................................................... 182

7.7 802.1x ........................................................................................................................................................... 183

7.7.1 Introduction ......................................................................................................................................... 183

7.7.2 Preparing for configruations ............................................................................................................... 185

7.7.3 Default configurations of 802.1x ........................................................................................................ 185

7.7.4 Configuring basic functions of 802.1x ................................................................................................ 186

7.7.5 Configuring 802.1x re-authentication ................................................................................................. 187

7.7.6 Configuring 802.1x timers .................................................................................................................. 187

7.7.7 Checking configurations ..................................................................................................................... 187

7.7.8 Maintenance ........................................................................................................................................ 188

7.7.9 Example for configuring 802.1x ......................................................................................................... 188

7.8 IP Source Guard ........................................................................................................................................... 190

7.8.1 Introduction ......................................................................................................................................... 190

7.8.2 Preparing for configurations ............................................................................................................... 191

7.8.3 Default configurations of IP Source Guard ......................................................................................... 191

7.8.4 Configuring interface trust status of IP Source Guard ........................................................................ 192

7.8.5 Configuring IP Source Guide binding ................................................................................................. 192

7.8.6 Checking configurations ..................................................................................................................... 193

7.8.7 Example for configuring IP Source Guard .......................................................................................... 193

7.9 PPPoE+ ........................................................................................................................................................ 195

7.9.1 Introduction ......................................................................................................................................... 195

7.9.2 Preparing for configurations ............................................................................................................... 196

7.9.3 Default configurations of PPPoE+ ...................................................................................................... 196

7.9.4 Configuring basic functions of PPPoE+.............................................................................................. 197

7.9.5 Configuring PPPoE+ packet information ............................................................................................ 198

7.9.6 Checking configurations ..................................................................................................................... 200

7.9.7 Maintenance ........................................................................................................................................ 200

7.9.8 Example for configuring PPPoE+ ....................................................................................................... 200

xii Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

7.10 Loopback detection .................................................................................................................................... 202

7.10.1 Introduction ....................................................................................................................................... 202

7.10.2 Preparing for configurations ............................................................................................................. 203

7.10.3 Default configurations of loopback detection ................................................................................... 204

7.10.4 Configuring loopback detection ........................................................................................................ 204

7.10.5 Checking configurations ................................................................................................................... 205

7.10.6 Maintenance ...................................................................................................................................... 205

7.10.7 Example for configuring loopback detection .................................................................................... 205

7.11 Line detection ............................................................................................................................................. 207

7.11.1 Introduction ....................................................................................................................................... 207

7.11.2 Preparing for configurations .............................................................................................................. 207

7.11.3 Configuring line detection ................................................................................................................. 207

7.11.4 Checking configurations ................................................................................................................... 207

7.11.5 Example for configuring line detection ............................................................................................. 208

8 Reliability ................................................................................................................................... 210

8.1 Link aggregation .......................................................................................................................................... 210

8.1.1 Introduction ......................................................................................................................................... 210

8.1.2 Preparing for configurations ............................................................................................................... 211

8.1.3 Default configurations of link aggregation ......................................................................................... 211

8.1.4 Configuring manual link aggregation ................................................................................................. 212

8.1.5 Configuring static LACP link aggregation .......................................................................................... 212

8.1.6 Checking configurations ..................................................................................................................... 213

8.1.7 Example for configuring manual link aggregation .............................................................................. 214

8.1.8 Example for configuring static LACP link aggregation ...................................................................... 216

8.2 Interface backup ........................................................................................................................................... 217

8.2.1 Introduction ......................................................................................................................................... 217

8.2.2 Preparing for configurations ............................................................................................................... 219

8.2.3 Default configurations of interface backup ......................................................................................... 219

8.2.4 Configuring basic functions of interface backup ................................................................................ 220

8.2.5 (Optional) configuring FS on interfaces.............................................................................................. 221

8.2.6 Checking configurations ..................................................................................................................... 221

8.2.7 Example for configuring interface backup .......................................................................................... 221

8.3 Failover ........................................................................................................................................................ 223

8.3.1 Introduction ......................................................................................................................................... 223

8.3.2 Preparing for configurations ............................................................................................................... 224

8.3.3 Default configurations of failover ....................................................................................................... 224

8.3.4 Configuring failover ............................................................................................................................ 224

8.3.5 Checking configurations ..................................................................................................................... 225

8.3.6 Example for configuring failover ........................................................................................................ 225

8.4 STP ............................................................................................................................................................... 227

8.4.1 Introduction ......................................................................................................................................... 227

xiii Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

8.4.2 Preparation for configuration .............................................................................................................. 230

8.4.3 Default configurations of STP ............................................................................................................ 230

8.4.4 Enabling STP ...................................................................................................................................... 231

8.4.5 Configuring STP parameters ............................................................................................................... 231

8.4.6 Checking configurations ..................................................................................................................... 232

8.4.7 Example for configuring STP ............................................................................................................. 232

8.5 MSTP ........................................................................................................................................................... 235

8.5.1 Introduction ......................................................................................................................................... 235

8.5.2 Preparation for configuration .............................................................................................................. 238

8.5.3 Default configurations of MSTP ......................................................................................................... 238

8.5.4 Enable MSTP ...................................................................................................................................... 239

8.5.5 Configuring MST domain and its maximum number of hops............................................................. 239

8.5.6 Configuring root bridge/backup bridge ............................................................................................... 240

8.5.7 Configuring device interface and system priority ............................................................................... 241

8.5.8 Configuring network diameter for switch network ............................................................................. 242

8.5.9 Configuring inner path coast for interfaces ......................................................................................... 242

8.5.10 Configuring external path cost on interface ...................................................................................... 243

8.5.11 Configuring maximum transmission rate on interface ...................................................................... 243

8.5.12 Configuring MSTP timer .................................................................................................................. 243

8.5.13 Configuring edge interface ................................................................................................................ 244

8.5.14 Configuring STP/MSTP mode switching .......................................................................................... 245

8.5.15 Configuring link type ........................................................................................................................ 245

8.5.16 Configuring root interface protection ................................................................................................ 245

8.5.17 Configuring interface loopguard ....................................................................................................... 246

8.5.18 Executing mcheck operation ............................................................................................................. 246

8.5.19 Checking configurations ................................................................................................................... 247

8.5.20 Maintenance ...................................................................................................................................... 247

8.5.21 Example for configuring MSTP ........................................................................................................ 247

8.6 RRPS ............................................................................................................................................................ 253

8.6.1 Introduction ......................................................................................................................................... 253

8.6.2 Preparing for configurations ............................................................................................................... 255

8.6.3 Default configurations of RRPS .......................................................................................................... 256

8.6.4 Creating RRPS .................................................................................................................................... 256

8.6.5 Configuring basic functions of RRPS ................................................................................................. 256

8.6.6 Checking configurations ..................................................................................................................... 258

8.6.7 Maintenance ........................................................................................................................................ 258

8.6.8 Example for configuring Ethernet ring ............................................................................................... 258

9 OAM ............................................................................................................................................ 261

9.1 EFM ............................................................................................................................................................. 261

9.1.1 Introduction ......................................................................................................................................... 261

9.1.2 Preparing for configurations ............................................................................................................... 262

xiv Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

9.1.3 Default configurations of EFM ........................................................................................................... 263

9.1.4 Configuring basic functions of EFM ................................................................................................... 263

9.1.5 Configuring active functions of EFM ................................................................................................. 264

9.1.6 Configuring passive functions of EFM ............................................................................................... 265

9.1.7 Checking configurations ..................................................................................................................... 267

9.1.8 Maintenance ........................................................................................................................................ 268

9.1.9 Example for configuring EFM ............................................................................................................ 268

9.2 CFM ............................................................................................................................................................. 269

9.2.1 Introduction ......................................................................................................................................... 270

9.2.2 Preparing for configurations ............................................................................................................... 271

9.2.3 Default configurations of CFM ........................................................................................................... 272

9.2.4 Enabling CFM ..................................................................................................................................... 273

9.2.5 Configuring basic functions of CFM .................................................................................................. 273

9.2.6 Configuring fault detection ................................................................................................................. 274

9.2.7 Configuring fault acknowledgement ................................................................................................... 276

9.2.8 Configuring fault location ................................................................................................................... 277

9.2.9 Checking configurations ..................................................................................................................... 278

9.2.10 Maintenance ...................................................................................................................................... 278

9.2.11 Example for configuring CFM .......................................................................................................... 279

9.3 SLA .............................................................................................................................................................. 282

9.3.1 Introduction ......................................................................................................................................... 282

9.3.2 Preparing for configurations ............................................................................................................... 282

9.3.3 Default configurations of SLA ............................................................................................................ 283

9.3.4 Creating SLA operations ..................................................................................................................... 283

9.3.5 Configuring SLA scheduling .............................................................................................................. 283

9.3.6 Checking configurations ..................................................................................................................... 284

9.3.7 Example for configuring SLA ............................................................................................................. 284

10 System management ............................................................................................................... 286

10.1 SNMP ......................................................................................................................................................... 286

10.1.1 Introduction ....................................................................................................................................... 286

10.1.2 Preparing for configurations ............................................................................................................. 288

10.1.3 Default configurations of SNMP ...................................................................................................... 288

10.1.4 Configuring basic functions of SNMP v1/v2c .................................................................................. 289

10.1.5 Configuring basic functions of SNMP v3 ......................................................................................... 290

10.1.6 Configuring other information of SNMP .......................................................................................... 292

10.1.7 Configuring Trap ............................................................................................................................... 292

10.1.8 Checking configurations ................................................................................................................... 293

10.1.9 Example for configuring SNMP v1/v2c and Trap ............................................................................. 294

10.1.10 Example for configuring SNMP v3 and Trap .................................................................................. 296

10.2 KeepAlive .................................................................................................................................................. 298

10.2.1 Introduction ....................................................................................................................................... 298

xv Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

10.2.2 Preparing for configurations ............................................................................................................. 298

10.2.3 Default configurations of KeepAlive ................................................................................................ 299

10.2.4 Configuring KeepAlive ..................................................................................................................... 299

10.2.5 Checking configurations ................................................................................................................... 299

10.2.6 Example for configuring KeepAlive ................................................................................................. 300

10.3 RMON ........................................................................................................................................................ 301

10.3.1 Introduction ....................................................................................................................................... 301

10.3.2 Preparing for configurations ............................................................................................................. 302

10.3.3 Default configurations of RMON ..................................................................................................... 302

10.3.4 Configuring RMON statistics ........................................................................................................... 302

10.3.5 Configuring RMON historical statistics ............................................................................................ 303

10.3.6 Configuring RMON alarm group ...................................................................................................... 303

10.3.7 Configuring RMON event group ...................................................................................................... 304

10.3.8 Checking configurations ................................................................................................................... 304

10.3.9 Maintenance ...................................................................................................................................... 305

10.3.10 Example for configuring RMON alarm group ................................................................................ 305

10.4 Cluster management ................................................................................................................................... 306

10.4.1 Introduction ....................................................................................................................................... 306

10.4.2 Preparation for configuration ............................................................................................................ 308

10.4.3 Default configurations of cluster management ................................................................................. 308

10.4.4 (Optional) configuring RNDP ........................................................................................................... 309

10.4.5 Configuring RTDP ............................................................................................................................ 309

10.4.6 Configuring cluster management on commander devices ................................................................. 310

10.4.7 (Optional) configuring auto-activation for candidate devices ........................................................... 311

10.4.8 Checking configurations ................................................................................................................... 312

10.4.9 Example for providing remote access through cluster management ................................................. 312

10.5 LLDP .......................................................................................................................................................... 315

10.5.1 Introduction ....................................................................................................................................... 315

10.5.2 Preparing for configurations ............................................................................................................. 317

10.5.3 Default configurations of LLDP ....................................................................................................... 317

10.5.4 Enabling global LLDP ...................................................................................................................... 318

10.5.5 Enabling interface LLDP .................................................................................................................. 318

10.5.6 Configuring basic functions of LLDP ............................................................................................... 318

10.5.7 Configuring LLDP alarm .................................................................................................................. 319

10.5.8 Checking configurations ................................................................................................................... 319

10.5.9 Maintenance ...................................................................................................................................... 320

10.5.10 Example for configuring basic functions of LLDP ......................................................................... 320

10.6 Extended OAM .......................................................................................................................................... 323

10.6.1 Introduction ....................................................................................................................................... 323

10.6.2 Preparation for configuration ............................................................................................................ 324

10.6.3 Default configurations of extended OAM ......................................................................................... 324

10.6.4 Establishing OAM link ..................................................................................................................... 325

xvi Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

10.6.5 Configure extended OAM protocols ................................................................................................. 325

10.6.6 Entering remote configuration mode................................................................................................. 325

10.6.7 (Optional) showing remote extended OAM capacity ........................................................................ 326

10.6.8 Configuring remote host name .......................................................................................................... 326

10.6.9 Configuring MTU for remote device ................................................................................................ 327

10.6.10 Configuring IP address of remote device ........................................................................................ 327

10.6.11 Configuring interface parameters on remote device ........................................................................ 328

10.6.12 Uploading and downloading files on remote device ....................................................................... 330

10.6.13 Configuring remote network management ...................................................................................... 333

10.6.14 Configuring remote VLAN ............................................................................................................. 334

10.6.15 Configuring remote QinQ ............................................................................................................... 335

10.6.16 Managing remote configuration files .............................................................................................. 336

10.6.17 Rebooting remote device................................................................................................................. 336

10.6.18 Checking configurations ................................................................................................................. 337

10.6.19 Maintenance .................................................................................................................................... 337

10.6.20 Example for configuring extended OAM to manage remote device ............................................... 338

10.7 Optical module DDM ................................................................................................................................. 339

10.7.1 Introduction ....................................................................................................................................... 339

10.7.2 Preparing for configurations ............................................................................................................. 340

10.7.3 Default configurations of optical module DDM ............................................................................... 340

10.7.4 Enabling optical module DDM ......................................................................................................... 340

10.7.5 Enabling optical module DDM to send Trap .................................................................................... 340

10.7.6 Checking configurations ................................................................................................................... 340

10.8 System log .................................................................................................................................................. 341

10.8.1 Introduction ....................................................................................................................................... 341

10.8.2 Preparing for configurations ............................................................................................................. 342

10.8.3 Default configurations of system log ................................................................................................ 343

10.8.4 Configuring basic information of system log .................................................................................... 343

10.8.5 Configuring system log output .......................................................................................................... 343

10.8.6 Checking configurations ................................................................................................................... 344

10.8.7 Example for outputting system logs to log server ............................................................................. 344

10.9 CPU monitoring ......................................................................................................................................... 345

10.9.1 Introduction ....................................................................................................................................... 345

10.9.2 Preparing for configurations ............................................................................................................. 346

10.9.3 Default configurations of CPU monitoring ....................................................................................... 346

10.9.4 Showing CPU monitoring information ............................................................................................. 346

10.9.5 Configuring CPU monitoring alarm .................................................................................................. 347

10.9.6 Checking configurations ................................................................................................................... 347

10.10 Ping .......................................................................................................................................................... 347

10.11 Traceroute ................................................................................................................................................. 348

11 Appendix .................................................................................................................................. 349

xvii Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Contents

11.1 Terms .......................................................................................................................................................... 349

11.2 Acronyms and abbreviations ...................................................................................................................... 354

Raisecom Technology Co., Ltd. xviii

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Figures

Figures

Figure 1-1 Accessing device through PC connected with Console interface ......................................................... 2

Figure 1-2 Configuring communication parameters in Hyper Terminal ................................................................ 3

Figure 1-3 Networking with device as Telnet server .............................................................................................. 4

Figure 1-4 Networking with device as Telnet client ............................................................................................... 4

Figure 1-5 Configuring auto-loading ................................................................................................................... 31

Figure 2-1 MAC networking ................................................................................................................................ 38

Figure 2-2 Partitioning VLANs ............................................................................................................................ 40

Figure 2-3 Typical networking with basic QinQ .................................................................................................. 45

Figure 2-4 Basic QinQ networking ...................................................................................................................... 48

Figure 2-5 Selective QinQ networking ................................................................................................................ 51

Figure 2-6 Principle of VLAN mapping .............................................................................................................. 53

Figure 2-7 VLAN mapping networking ............................................................................................................... 55

Figure 2-8 Interface protection networking .......................................................................................................... 58

Figure 2-9 Principle of port mirroring .................................................................................................................. 61

Figure 2-10 Port mirroring networking ................................................................................................................ 63

Figure 2-11 Layer 2 protocol transparent transmission networking ..................................................................... 67

Figure 3-1 Configuring ARP networking ............................................................................................................. 73

Figure 3-2 Layer 3 interface configuration networking ....................................................................................... 76

Figure 3-3 DHCP typical networking ................................................................................................................... 79

Figure 3-4 Structure of DHCP packets ................................................................................................................. 79

Figure 3-5 DHCP Client networking .................................................................................................................... 81

Figure 3-6 DHCP client networking ..................................................................................................................... 83

Figure 3-7 Principle of DHCP Relay .................................................................................................................... 84

Figure 3-8 DHCP Snooping networking .............................................................................................................. 87

Figure 3-9 DHCP Snooping networking .............................................................................................................. 90

Figure 4-1 PoE networking .................................................................................................................................. 94

xix Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Figures

Figure 4-2 PoE switch power supply networking .............................................................................................. 100

Figure 5-1 Principle of traffic classification ....................................................................................................... 104

Figure 5-2 Structure of IP packet head ............................................................................................................... 104

Figure 5-3 Structure of packets with IP priority and DSCP priority .................................................................. 104

Figure 5-4 Structure of VLAN packets .............................................................................................................. 104

Figure 5-5 Structure of packets with CoS priority ............................................................................................. 105

Figure 5-6 SP scheduling ................................................................................................................................... 107

Figure 5-7 WRR scheduling ............................................................................................................................... 107

Figure 5-8 Queue scheduling networking .......................................................................................................... 121

Figure 5-9 Rate limiting based on interface ....................................................................................................... 123

Figure 6-1 Mapping relation between IPv4 multicast address and multicast MAC address .............................. 127

Figure 6-2 IGMP Snooping networking ............................................................................................................. 142

Figure 6-3 MVR networking .............................................................................................................................. 144

Figure 6-4 Applying IGMP filtering on the interface ......................................................................................... 147

Figure 6-5 Applying IGMP filtering in the VLAN ............................................................................................. 149

Figure 7-1 Configuring secure MAC address .................................................................................................... 164

Figure 7-2 Principle of dynamic ARP inspection ............................................................................................... 166

Figure 7-3 Configuring dynamic ARP inspection .............................................................................................. 170

Figure 7-4 Configuring RADIUS ....................................................................................................................... 175

Figure 7-5 Configuring TACACS+ .................................................................................................................... 179

Figure 7-6 Storm control networking ................................................................................................................. 182

Figure 7-7 802.1x structure ................................................................................................................................ 183

Figure 7-8 Configuring 802.1x ........................................................................................................................... 188

Figure 7-9 Principle of IP Source Guard ............................................................................................................ 191

Figure 7-10 Configuring IP Source Guard ......................................................................................................... 194

Figure 7-11 Accessing the network through PPPoE authentication ................................................................... 196

Figure 7-12 Configuring PPPoE+ ...................................................................................................................... 201

Figure 7-13 Loopback detection networking ..................................................................................................... 203

Figure 7-14 Loopback detection networking ..................................................................................................... 206

Figure 7-15 Line detection networking .............................................................................................................. 208

Figure 8-1 Configuring manual link aggregation ............................................................................................... 214

Figure 8-2 Configuring static LACP link aggregation ....................................................................................... 216

Figure 8-3 Principles of interface backup .......................................................................................................... 218

xx Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Figures

Figure 8-4 Application of interface backup in different VLANs ........................................................................ 219

Figure 8-5 Configuring interface backup ........................................................................................................... 222

Figure 8-6 Configuring failover ......................................................................................................................... 226

Figure 8-7 Network storm due to loopback ........................................................................................................ 228

Figure 8-8 Loop networking with STP............................................................................................................... 229

Figure 8-9 VLAN packet forward failure due to RSTP ..................................................................................... 230

Figure 8-10 STP networking .............................................................................................................................. 232

Figure 8-11 Basic concepts of the MSTI network .............................................................................................. 236

Figure 8-12 MSTI concepts................................................................................................................................ 237

Figure 8-13 Networking of multiple spanning trees instances in MST domain ................................................. 238

Figure 8-14 MSTP networking ........................................................................................................................... 248

Figure 8-15 RRPS in normal status .................................................................................................................... 254

Figure 8-16 RRPS in switching status ................................................................................................................ 255

Figure 8-17 RRPS networking ........................................................................................................................... 259

Figure 9-1 OAM classification ........................................................................................................................... 262

Figure 9-2 Configuring EFM ............................................................................................................................. 268

Figure 9-3 Different MD Levels ........................................................................................................................ 270

Figure 9-4 Network Sketch Map of MEP and MIP ............................................................................................ 271

Figure 9-5 CFM networking .............................................................................................................................. 279

Figure 9-6 SLA networking................................................................................................................................ 285

Figure 10-1 Principle of SNMP ......................................................................................................................... 287

Figure 10-2 SNMP v3 authentication mechanism .............................................................................................. 291

Figure 10-3 Configuring SNMP v1/v2c and Trap .............................................................................................. 294

Figure 10-4 Configuring SNMP v3 and Trap ..................................................................................................... 296

Figure 10-5 Configuring KeepAlive .................................................................................................................. 300

Figure 10-6 RMON ............................................................................................................................................ 301

Figure 10-7 Configuring RMON alarm group ................................................................................................... 305

Figure 10-8 Cluster management ....................................................................................................................... 307

Figure 10-9 Providing remote access through cluster management ................................................................... 313

Figure 10-10 LLDPDU structure ....................................................................................................................... 316

Figure 10-11 Basic TLV structure ...................................................................................................................... 316

Figure 10-12 Configuring basic functions of LLDP .......................................................................................... 320

Figure 10-13 Extended OAM networking .......................................................................................................... 323

xxi Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Figures

Figure 10-14 Configuring extended OAM to manage the remote device .......................................................... 338

Figure 10-15 Outputting system logs to log servers ........................................................................................... 344

Raisecom Technology Co., Ltd. xxii

Raisecom

ISCOM2110G-PWR (B) Configuration Guide Tables

Tables

Table 1-1 Keystrokes about display features ........................................................................................................ 13

Table 2-1 Interface mode and packet processing.................................................................................................. 40

Table 3-1 Fields of DHCP packets ....................................................................................................................... 79

Table 3-2 Common DHCP options ....................................................................................................................... 91

Table 5-1 Default mapping of local priority, DSCP priority, and CoS priority .................................................. 106

Table 5-2 Mapping between local priority and queue ........................................................................................ 106

Table 5-3 Default CoS to local priority and color mapping ............................................................................... 114

Table 5-4 Default DSCP to local priority and color mapping ............................................................................ 114

Table 10-1 TLV types ......................................................................................................................................... 316

Table 10-2 Log levels ......................................................................................................................................... 342

Raisecom Technology Co., Ltd. xxiii

1 Basic configurations

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1

Basic configurations

This chapter describes the basic configuration and configuration process about the

ISCOM2110G-PWR and provides the related configuration examples, including the following sections:

Accessing device

CLI

Managing users

Managing files

Configuring time management

Configuring interface management

Configuring basic information

Task scheduling

Watchdog

Load and upgrade

1.1 Accessing device

1.1.1 Introduction

The ISCOM2110G-PWR can be configured and managed in Command Line Interface (CLI) mode or NView NNM network management mode.

The ISCOM2110G-PWR CLI mode has a variety of configuration modes:

Console mode: it must be used for the first configuration. The ISCOM2110G-PWR supports the Console interface of RJ-45 type.

Telnet mode: log in through the Console mode, open Telnet service on the

ISCOM2110G-PWR, configure the IP address of the Layer 3 interface, set the user name and password, and then conduct remote Telnet configuration.

SSHv2 mode: before accessing the ISCOM2110G-PWR through SSHv2, you need to log in to the ISCOM2110G-PWR and start the SSHv2 service through the Console interface.

When configuring the ISCOM2110G-PWR in network management mode, you must first configure the IP address of the Layer 3 interface in CLI, and then configure the

ISCOM2110G-PWR through the NView NNM system.

1 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 1 Basic configurations

The configuration steps in this manual are in command line mode.

1.1.2 Accessing through Console interface

The Console interface is an interface which is commonly used for a network device to connect to a PC with terminal emulation program. You can use this interface to configure and manage the local device. This management method can communicate directly without a network, so it is called out-of-band management. You can also perform configuration and management on the ISCOM2110G-PWR through the Console interface when the network fails.

In the following two conditions, you can only log in to the ISCOM2110G-PWR and configure it through the Console interface:

The ISCOM2110G-PWR is powered on to start for the first time.

You cannot access the ISCOM2110G-PWR through Telnet.

When logging in to the ISCOM2110G-PWR through the Console interface, use the

CBL-RS232-DB9F/RJ45-2m cable delivered with the ISCOM2110G-PWR. If you need to make the Console cable, see ISCOM2110G-PWR Hardware Description.

If you wish to access the ISCOM2110G-PWR on a PC through the Console interface, connect the Console interface on the ISCOM2110G-PWR to the RS-232 serial interface on the PC, as

shown in Figure 1-1; then run the terminal emulation program such as Windows XP Hyper

Terminal program on the PC to configure communication parameters as shown in Figure 1-2,

and then log in to the ISCOM2110G-PWR.

Figure 1-1 Accessing device through PC connected with Console interface

Raisecom Technology Co., Ltd. 2

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 1 Basic configurations

Figure 1-2 Configuring communication parameters in Hyper Terminal

Hyper Terminal is unavailable since Windows Vista system. For Windows Vista or

Windows 7, download Hyper Terminal program from internet. It is free to download

HyperTerminal program.

1.1.3 Accessing through Telnet

Use a PC to log in to the ISCOM2110G-PWR remotely through Telnet, log in to an

ISCOM2110G-PWR from the PC at first, and then Telnet other ISCOM2110G-PWR devices on the network. Thus, you do not need to connect a PC to each ISCOM2110G-PWR.

Telnet services provided by the ISCOM2110G-PWR are as below.

Telnet Server: run the Telnet client program on a PC to log in to the ISCOM2110G-PWR,

and take configuration and management. As shown in Figure 1-3, the ISCOM2110G-

PWR is providing Telnet Server service in this case.

Raisecom Technology Co., Ltd. 3

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 1 Basic configurations

Figure 1-3 Networking with device as Telnet server

Before accessing the ISCOM2110G-PWR through Telnet, you need to log in to the

ISCOM2110G-PWR through the Console interface and start the Telnet service. Configure the

ISCOM2110G-PWR as below.

Step

1

2

3

4

5

6

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface ip if-number

Enter Layer 3 interface configuration mode.

Raisecom(config-ip)#ip address ip-address [ ipmask ] [ vlan-id ]

Raisecom(config-ip)#quit

Configure the IP address for the

ISCOM2110G-PWR and bind the

VLAN of specified ID. The interface on which the Telnet service is started belongs to this VLAN.

Raisecom(config)#telnetserver accept port-list

{ all | port-list

}

Raisecom(config)#telnetserver close terminal-telnet session-number

Raisecom(config)#telnetserver max-session sessionnumber

(Optional) configure the interface in support of Telnet function.

(Optional) release the specified Telnet connection.

(Optional) configure the maximum number of Telnet sessions supported by the ISCOM2110G-PWR.

Telnet Client: after you connect a PC to the ISCOM2110G-PWR through the terminal emulation program or Telnet client program, telnet another device through the

ISCOM2110G-PWR, and configure/manage it. As shown in Figure 1-4, Switch A not

only acts as the Telnet server but also provides Telnet client service.

Figure 1-4 Networking with device as Telnet client

Configure the Telnet client as below.

Raisecom Technology Co., Ltd. 4

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#telnet ip-address

[ port port-id

]

1 Basic configurations

Description

Log in to another device through Telnet.

1.1.4 Accessing through SSHv2

Telnet is lack of security authentication and it transports packets by Transmission Control

Protocol (TCP) which exists with big potential security hazard. Telnet service may cause hostile attacks, such as Deny of Service (DoS), host IP deceiving, and routing deceiving.

The traditional Telnet and File Transfer Protocol (FTP) transmit password and data in plaintext, which cannot satisfy users' security demands. SSHv2 is a network security protocol, which can effectively prevent the disclosure of information in remote management through data encryption, and provides greater security for remote login and other network services in network environment.

SSHv2 allows data to be exchanged through TCP and it builds up a secure channel over TCP.

Besides, SSHv2 supports other service interfaces besides standard port 22, avoiding illegal attacks from the network.

Before accessing the ISCOM2110G-PWR through SSHv2, you must log in to the

ISCOM2110G-PWR through Console interface and starts SSHv2 service.

Default configurations of accessing through SSHv2 are as below.

Function

SSHv2 Server status

Local SSHv2 key pair length

SSHv2 authentication method

SSHv2 authentication timeout

Allowable failure times for SSHv2 authentication

SSHv2 snooping port number

SSHv2 session status

Default value

Disable

512 bits

Password

600s

20

22

Enable

Configure SSHv2 service for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#gene rate ssh-key

[ length ]

Raisecom(config)#ssh2 server

Generate local SSHv2 key pair and designate its length.

(Optional) start the SSHv2 server.

Use the no ssh2 server command to shut down the

SSHv2 server.

5 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

5

Command

Raisecom(config)#ssh2 server authentication

{ password | rsakey }

Raisecom(config)#ssh2 server authentication public-key

6

7

8

1 Basic configurations

Description

(Optional) configure SSHv2 authentication mode.

(Optional) type the public key of clients to the

ISCOM2110G-PWR in rsa-key authentication mode.

Raisecom(config)#ssh2 server authenticationtimeout period

(Optional) configure SSHv2 authentication timeout. The ISCOM2110G-PWR refuses to authenticate and then closes the connection when the client authentication time exceeds this threshold.

Raisecom(config)#ssh2 server authenticationretries times

(Optional) configure the allowable failure times for SSHv2 authentication. The ISCOM2110G-

PWR refuses to authenticate and then closes the connection when client authentication failure numbers exceeds this threshold.

Raisecom(config)#ssh2 server port port-id

(Optional) configure SSHv2 snooping port number.

9

Raisecom(config)#ssh2 server session session-list enable

When you configure SSHv2 snooping port number, the input parameter cannot take effect until SSHv2 is restarted.

(Optional) enable SSHv2 session on the

ISCOM2110G-PWR.

1.1.5 Checking configurations

Use the following commands to check the configuration results.

No.

1

Command

Raisecom#show telnet-server

2

3

Raisecom#show ssh2 public-key

[ authentication | rsa ]

Raisecom#show ssh2 { server | session }

Description

Show configurations of the Telnet server.

Show the public key used for SSHv2 authentication on the ISCOM2110G-

PWR and client.

Show SSHv2 server or session information.

Raisecom Technology Co., Ltd. 6

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1.2 CLI

1 Basic configurations

1.2.1 Introduction

The CLI is a medium for you communicating with the ISCOM2110G-PWR. You can configure, monitor, and manage the ISCOM2110G-PWR through the CLI.

You can log in to the ISCOM2110G-PWR through a terminal or a PC that runs terminal emulation program. Enter commands at the system prompt.

The CLI supports following features:

Configure the ISCOM2110G-PWR locally through the Console interface.

Configure the ISCOM2110G-PWR locally or remotely through Telnet/Secure Shell v2

(SSHv2).

Commands are classified into different levels. You can execute the commands that correspond to your level only.

The commands available to you depend on which mode you are currently in.

Keystrokes can be used to execute commands.

Check or execute a historical command by checking command history. The last 20 historical commands can be saved on the ISCOM2110G-PWR.

Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.

The ISCOM2110G-PWR supports multiple intelligent analysis methods, such as fuzzy match and context association.

1.2.2 Levels

The ISCOM2110G-PWR uses hierarchy protection methods to divide command line into 16 levels from low to high.

0–4: visitor. Users can execute the ping, clear, and history commands, etc. in this level.

5–10: monitor. Users can execute the show command, etc.

11–14: operator. Users can execute commands for different services like Virtual Local

Area Network (VLAN), Internet Protocol (IP), etc.

15: administrator. Users can execute basic command for operating the system.

1.2.3 Modes

Command line mode is the CLI environment. All system commands are registered in one (or some) command line mode. A command can be run in the corresponding mode only.

Establish a connection with the ISCOM2110G-PWR. If the ISCOM2110G-PWR is in default configuration, it will enter user EXEC mode, and the screen will display:

Raisecom>

Input the enable command and correct password, and then enter privileged EXEC mode. The default password is raisecom.

7 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom>enable

Password:

Raisecom#

1 Basic configurations

In privileged EXEC mode, input the config terminal command to enter global configuration mode.

Raisecom#config terminal

Raisecom(config)#

The CLI prompts Raisecom is a default host name. You can modify it by executing the hostname string command in privileged EXEC mode.

Commands executed in global configuration mode can also be executed in other modes. The functions vary with command modes.

You can enter the exit or quit command to return to upper command mode.

However, in privileged EXEC mode, you need to execute the disable command to return to user EXEC mode.

You can execute the end command to return to privileged EXEC mode from any modes but user EXEC mode and privileged EXEC mode.

The ISCOM2110G-PWR supports the following command line modes.

Mode

User EXEC

Privileged EXEC

Global configuration

Physical layer interface configuration

Layer 3 interface configuration

VLAN configuration

Traffic classification configuration

Enter method

Log in to the ISCOM2110G-

PWR, input correct username and password

Description

Raisecom>

In user EXEC mode, input the

enable command and correct password.

Raisecom#

In privileged EXEC mode, input the config terminal command.

Raisecom(config)#

In global configuration mode, input the interface port port-id command.

Raisecom(configport)#

In global configuration mode, input the interface ip if-number command.

In global configuration mode, input the class-map class-map-

name command.

Raisecom(config-ip)#

In global configuration mode, input the vlan vlan-id command.

Raisecom(configvlan)#

Raisecom(configcmap)#

Raisecom Technology Co., Ltd. 8

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Mode

Traffic policy configuration

Traffic policy configuration binding with traffic classification

Access control list configuration

Service instance configuration

MST region configuration

Profile configuration

Cluster configuration

1 Basic configurations

Enter method

In global configuration mode, input the policy-map policy-

map-name command.

Description

Raisecom(configpmap)#

In traffic policy configuration mode, input the class-map class-

map-name command.

Raisecom(configpmap-c)#

In global configuration mode, input the access-list-map acl-

number { deny | permit } command.

Raisecom(configaclmap)#

In global configuration mode, input the service cisid level level command.

Raisecom(configservice)#

In global configuration mode, input the spanning-tree region-

configuration command.

Raisecom(configregion)#

In global configuration mode, input the igmp filter profile

profile-number command.

Raisecom(configigmp-profile)#

In global configuration mode, input the cluster command.

Raisecom(configcluster)#

1.2.4 Command line shortcuts

The ISCOM2110G-PWR supports the following command line shortcuts:

Shortcut

Up cursor key (↑)

Down cursor key (↓)

Left cursor key (←)

Right cursor key (→)

Backspace

Description

The previous command is displayed. If the current command is already the first command, nothing changes on the screen.

The next command is displayed. If the current command is already the last command, nothing changes on the screen.

Move the cursor back one character. If the cursor is already at the beginning of a command line, nothing changes on the screen.

Move the cursor forward one character. If the cursor is already at the end of a command line, nothing changes on the screen.

Erase the character to the left of the cursor. If the cursor is already at the beginning of a command line, nothing changes on the screen.

9 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Shortcut

Tab

Ctrl+A

Ctrl+C

Ctrl+D or Delete

Ctrl+E

Ctrl+K

Ctrl+X

Ctrl+Z

1 Basic configurations

Description

When you press it after entering a complete keyword, the cursor moves forward a space. When you press it again, the keywords matching the complete keyword are displayed.

When you press it after entering an incomplete keyword, the system automatically executes some commands:

 If the incomplete keyword matches a unique complete keyword, the unique complete keyword replaces the incomplete keyword, with the cursor forward a space from the unique complete keyword.

If the incomplete keyword matches no or more complete keywords, the prefix is displayed. You can press the Tab key to alternate the matched complete keywords, with the cursor at the end of the matched complete keyword. Then, press the Space bar to enter the next keyword.

 If the incomplete keyword is wrong, you can press the Tab key to wrap, and then error information is displayed.

However, the input incomplete keyword remains.

Move the cursor to the beginning of the command line.

The ongoing command will be interrupted, such as ping, and

traceroute.

Delete the character at the cursor.

Move the cursor to the end of the command line.

Delete all characters from the cursor to the end of the command line.

Delete all characters before the cursor (except cursor location).

Return to privileged EXEC mode from the current mode

(excluding user EXEC mode).

Scroll down one screen.

Scroll down one line.

Space or Y

Enter

1.2.5 Acquiring help

Complete help

You can acquire complete help under following three conditions:

You can enter a question mark (?) at the system prompt to display a list of commands and brief descriptions available for each command mode.

Raisecom>?

10 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

The command output is displayed as below.

1 Basic configurations clear Clear screen enable Turn on privileged mode command exit Exit current mode and down to previous mode help Message about help history Most recent historical command language Language of help message list List command quit Exit current mode and down to previous mode terminal Configure terminal test Test command .

After you enter a keyword, press Space and enter a question mark (?), all correlated commands and their brief descriptions are displayed if the question mark (?) matches another keyword

Raisecom(config)#ntp ?

The command output is displayed as below. peer Configure NTP peer refclock-master Set local clock as reference clock server Configure NTP server

After you enter a keyword, press Space and enter a question mark (?), the value range and descriptions are displayed if the question mark (?) matches a parameter.

Raisecom(config)#interface ip ?

The command output is displayed as below.

<0-14> IP interface number

Incomplete help

You can acquire incomplete help under following three conditions:

After you enter part of a particular character string and a question mark (?), a list of commands that begin with a particular character string is displayed.

Raisecom(config)#c?

Raisecom Technology Co., Ltd. 11

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

The command output is displayed as below.

1 Basic configurations class-map Set class map clear Clear screen cluster Cluster configuration mode cluster-autoactive Cluster autoactive function console-cli Console CLI cpu Configure cpu parameters create Create static VLAN

After you enter a command, press Space, and enter a particular character string and a question mark (?), a list of commands that begin with a particular character string is displayed.

Raisecom(config)#show li?

The command output is displayed as below. link-admin-status link administrator status link-state-tracking Link state tracking

After you enter a partial command name and press Tab, the full form of the keyword is displayed if there is a unique match command. Otherwise, press Tab continuously to display different keywords and then you can select the required one.

Error prompt message

The ISCOM2110G-PWR prints out the following error prompt according to error type when you input incorrect commands.

Shortcut

% " * " Incomplete command..

% Invalid input at '^' marked.

Description

The input command is incomplete.

It is illegal to enter commands at the position marked by "^"

The keyword marked with "^" is unclear. % Ambiguous input at '^' marked, follow keywords match it.

% Unconfirmed command.

% Unknown command.

% You Need higher priority!

The command line input by the user is not unique.

The command line input by the user does not exist.

The user does not have enough privilege to execute the command line.

Raisecom Technology Co., Ltd. 12

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 1 Basic configurations

If there is error prompt message mentioned above, please use the command line help message to solve the problem.

1.2.6 Display information

Display features

The CLI provides the following display features:

The help information and prompt messages displayed at the CLI are in English.

When messages are displayed at more than one screen, you can suspend displaying them

with one of the following operations, as listed in Table 1-1.

Table 1-1 Keystrokes about display features

Keystroke

Press the Space or Y.

Description

Scroll down one screen.

Press the Enter key.

Press any key (except Y).

Scroll down one line.

Stop displaying and executing commands.

Filtering display information

The ISCOM2110G-PWR provides a series of commands which begin with show to show configuration, running status, or diagnostic message of the device. You can add filtering rules to remove unwanted information.

The show command supports 3 filtering modes:

| begin string: show all commands which start from matched specific character string.

| exclude string: show all commands which do not match specific character string.

| include string: show all commands which only match specific character string.

Page-break

Page-break is used to suspend displaying messages when they are displayed at more than one

screen. After page-break is enabled, you can use keystrokes listed in Table 1-1. If page-break

is disabled, all messages are displayed when they are displayed at more than one screen.

By default, page-break is enabled.

Configure page-break for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#terminal pagebreak enable

Description

Enable page-break.

Raisecom Technology Co., Ltd. 13

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1.2.7 Command history

1 Basic configurations

The historical commands can be automatically saved at the CLI. You can use the up arrow (↑) or down arrow (↓) to schedule a historical command. By default, the last 20 historical commands are saved. You can set the number of commands to be saved at the CLI.

Configure command history for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

Command

Raisecom>terminal history number

Description

(Optional) configure the number of system stored historical command.

Raisecom>terminal time-out period

(Optional) configure the Console terminal timeout period.

Raisecom>enable

Enter privileged EXEC mode.

Raisecom#history

Show historical input commands.

Raisecom#show terminal

Show terminal configurations.

1.2.8 Restoring default value of command line

The default value of command line can be restored by no option or enable | disable option.

To restore the default value of a commands, use the no/enable | disable form of the command.

no form of a command: be provided in front of a command and used to restore the default value. It is used to disable some feature or delete a configuration. It is used to perform an operation that is opposite to the command. Therefore, the command with a

no form is also called a reverse command.

enable | disable form of a command: be provided behind a command or in the middle of a command. The enable parameter is used to enable some feature or function while the

disable parameter is used to disable some feature or function.

For example:

In physical layer configuration mode, the description text command is used to modify descriptions about an interface while the no description command is used to delete descriptions about the interface.

Use the shutdown command in physical layer interface mode to disable an interface; use the no shutdown command to enable an interface.

Use the terminal page-break enable command in global configuration mode to enable page-break; use the terminal page-break disable command to disable page-break.

Most configuration commands have default values, which often are restored by no option.

Raisecom Technology Co., Ltd. 14

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1.3 Managing users

1 Basic configurations

1.3.1 Introduction

When you start the ISCOM2110G-PWR for the first time, connect the PC through the

Console interface to the ISCOM2110G-PWR, input the initial user name and password in

HyperTerminal to log in and configure the ISCOM2110G-PWR.

Initially, both the user name and password are raisecom

If there is not any privilege restriction, any remote user can log in to the ISCOM2110G-PWR through Telnet or access network by building Point to Point Protocol (PPP) connection when the Simple Network Management Protocol (SNMP) interface or other service interface of the

ISCOM2110G-PWR are configured with IP address. This is unsafe to the ISCOM2110G-

PWR and network. Creating user for the ISCOM2110G-PWR and setting password and privilege help manage the login users and ensures network and device security.

1.3.2 Configuring user management

Configure user management for the ISCOM2110G-PWR of as below.

Step

1

2

3

Command

Raisecom#user name user-name password password

Raisecom#user name user-name

privilege privilege-level

Raisecom#user username

{ allow-exec | disallow-exec } first-keyword

[ second-keyword

]

Description

Create or modify the user name and password.

Configure login user privilege. The initial user privilege is 15, which is the highest privilege.

Configure the priority rule for login user to perform the command line.

The allow-exec parameter allows you to perform commands higher than the current priority.

The disallow-exec parameter allows you to perform commands lower than the current priority only.

1.3.3 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show user [ detail ]

Description

Show information about the login users

Raisecom Technology Co., Ltd. 15

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1.4 Managing files

1 Basic configurations

1.4.1 Managing BootROM files

The BootROM file is used to boot the ISCOM2110G-PWR and finish device initialization.

You can upgrade the BootROM file through File Transfer Protocol (FTP) FTP or Trivial File

Transfer Protocol (TFTP). By default, the name of the BootROM file is bootrom or bootromfull.

After being powered on, the ISCOM2110G-PWR runs the BootROM file. When the system prompts "Press space into Bootrom menu", press Space to enter the Bootrom menu. begin... ram size: 64M DDR testing...done

File System Version:1.0

Init flash ...Done

Bootstrap_3.1.5.ISCOM2110G-PWR.1.20111012, Raisecom Compiled Oct 12 2011,

12:46:56

Base Ethernet MAC address: 00:0e:5e:13:d2:66

Press space into Bootstrap menu...

4

In Boot mode, you can do the following operations.

R

T

V

E h u

N

? b

Operation Description

List all executable operations.

Quick execution for system bootrom software.

Format the memory of the ISCOM2110G-PWR.

List all executable operations.

Download the system startup file through the XMODEM.

Set Medium Access Control (MAC) address.

Reboot the ISCOM2110G-PWR.

Download the system startup software through TFTP and replace it.

Show device BootROM version.

1.4.2 Managing system files

System files are the files needed for system operation (like system startup software and configuration file). These files are usually saved in the memory. The ISCOM2110G-PWR

16 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 1 Basic configurations manages them by a file system to facilitate user managing the memory. The file system can create, delete, and modify the file and directory.

In addition, the ISCOM2110G-PWR supports dual-system. There are 2 sets of system software saved at the memory. These 2 sets of system software are independent. When the

ISCOM2110G-PWR fails to work due to upgrade failure, you can use another set to boot the

ISCOM2110G-PWR.

Manage system files for the ISCOM2110G-PWR as below.

All the following steps are optional and in any sequence.

1

Step

2

3

4

Command

Raisecom#download bootstrap { ftp ip-address user-name password filename

| tftp ip-address file-name

}

Raisecom#download system-boot { ftp ip-address user-name password filename

| tftp ip-address file-name

}

Raisecom#upload system-boot { ftp

[ ip-address user-name password file-name

] | tftp [ ip-address file-name

] }

Raisecom#erase [ file-name ]

Description

(Optional) download the

BootROM file through FTP or

TFTP.

(Optional) download the system startup file through

FTP or TFTP.

(Optional) upload the system startup file through FTP or

TFTP.

(Optional) delete files saved in the memory.

1.4.3 Managing configuration files

Configuration files are loaded after starting the system; different files are used in different scenarios to achieve different service functions. After starting the system, you can configure the ISCOM2110G-PWR and save the configuration files. New configurations will take effect in next boot.

The configuration file has a suffix ".cfg", and can be opened by the text book program in

Windows system. The contents are in the following format:

Be saved as Mode+Command format.

Just keep the non-default parameters to save space (see the command reference manual for default values of configuration parameters).

Use the command mode for basic frame to organize commands. Put parameters of one mode together to form a section, and the sections are separated by the exclamation mark

(!).

The ISCOM2110G-PWR starts initialization by reading configuration files from the memory after being powered on. Thus, the configurations in configuration files are called the default configurations. If there is no configuration file in the memory, the ISCOM2110G-PWR uses the default parameters for initialization.

The configuration that is currently used by the ISCOM2110G-PWR is called the running configuration.

17 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 1 Basic configurations

You can modify the running configuration of ISCOM2110G-PWR through CLI. The running configuration can be used as initial configuration upon next power-on. You must use the

write command to save running configurations in the memory and form a configuration file.

Manage configuration files for the ISCOM2110G-PWR as below.

1

Step

2

3

4

Command

Raisecom#download startup-config

{ ftp [ ip-address user-name password file-name

]

[ reservedevcfg ] | tftp [ ipaddress file-name

]

[ reservedevcfg ] }

Raisecom#erase [ file-name ]

(Optional) download the startup configuration file through FTP or

TFTP.

Description

Raisecom#upload startup-config

{ ftp [ ip-address user-name password file-name ] | tftp [ ipaddress file-name ] }

Raisecom#write

(Optional) delete files saved in the memory.

(Optional) upload the startup configuration file through FTP or

TFTP.

(Optional) save the running configuration file into the memory.

1.4.4 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show startup-config

[ file-name

]

Description

Show configurations loaded upon device startup.

Raisecom#show running-config

[ interface port [ port-id

] ]

Show the running configurations.

1.5 Configuring time management

1.5.1 Configuring time and time zone

To ensure the ISCOM2110G-PWR to work well with other devices, you must configure system time and belonged time zone accurately.

The ISCOM2110G-PWR supports 3 system time modes, which are time stamp mode, auxiliary time mode, and default mode from high to low according to timing unit accuracy.

You need to select the most suitable system time mode manually in accordance with actual application environment.

Default configurations of time and time zone are as below.

Raisecom Technology Co., Ltd. 18

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

System time

System clock mode

System belonged time zone

Time zone offset

DST status

1 Basic configurations

Default value

2000-01-01 08:00:00.000

Default

UTC+8

+08:00

Disable

Configure time and time zone for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#clock set hour minute second year month day

Raisecom#clock timezone { + | -

} hour minute timezone-name

Raisecom#clock mode { auxiliary

| default | timestamp }

Description

Configure system time.

Configure system belonged time zone.

Configure system clock mode.

1.5.2 Configuring DST

Daylight Saving Time (DST) is a kind of artificial regulation local time system for saving energy. At present, there are nearly 110 countries operating DST every summer around the world, but different countries have different stipulations for DST. Thus, you should consider the local conditions when configuring DST.

Configure DST for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#clock summer-time enable

Description

Enable DST.

Use the clock summer-time

disable command to disable this function.

Raisecom#clock summer-time recurring { week | last } { fri | mon | sat | sun | thu | tue | wed } month hour minute { week | last }

{ fri | mon | sat |sun | thu | tue

| wed } month hour minute offset-mm

Configure calculation period for system DST.

When you set system time manually, if the system uses DST, such as DST from 2 a.m. on the second Sunday, April to 2 a.m. on the second Sunday, September every year, you have to advance the clock one hour faster during this period, set time offset as 60 minutes and from 2 a.m. to 3 a.m. on the second Sunday, April

19 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1 Basic configurations each year is an inexistent time. The time setting by manual operation during this period shows failure.

The summer time in southern hemisphere is opposite to northern hemisphere, which is from September to April of next year. If user configures start time later than ending time, system will suppose it is in the Southern Hemisphere. That is to say, the summer time is the start time this year to the ending time of next year.

1.5.3 Configuring NTP

Network Time Protocol (NTP) is a time synchronization protocol defined by RFC1305, used to synchronize time between distributed time servers and clients. NTP transmits data based on

UDP, using UDP port 123.

The purpose of NTP is to synchronize all clocks in a network quickly and then the

ISCOM2110G-PWR can provide different applications over a unified time. Meanwhile, NTP can ensure very high accuracy, with accuracy of 10ms around.

The ISCOM2110G-PWR in support of NTP cannot only accept synchronization from other clock source, but also synchronize other devices as a clock source.

The ISCOM2110G-PWR adopts multiple NTP working modes for time synchronization:

Server/Client mode

In this mode, the client sends clock synchronization message to different servers. The servers work in server mode automatically after receiving the synchronization message and send response messages. The client receives response messages, performs clock filtering and selection, and is synchronized to the preferred server.

In this mode, the client can be synchronized to the server but the server cannot be synchronized to the client.

Symmetric peer mode

In this mode, the active equity sends a clock synchronization message to the passive equity.

The passive equity works in passive mode automatically after receiving the message and sends the answering message back. By exchanging messages, the two equities build up the symmetric peer mode. The active and passive equities in this mode can synchronize each other.

Default configurations of NTP are as below.

Function

Whether the ISCOM2110G-PWR is NTP master clock

Global NTP server

Global NTP equity

Reference clock source

Default value

No

Inexistent

Inexistent

0.0.0.0

Configure NTP for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

20 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

Command

Raisecom(config)#ntp server ip-address

[ version [ v1 | v2 | v3 ] ]

3

4

Raisecom(config)#ntp peer ip-address

[ version [ v1 | v2 | v3 ] ]

Raisecom(config)#ntp refclock-master [

ipaddress

] [

stratum

]

1 Basic configurations

Description

(Optional) configure NTP server address for the client working in server/client mode.

(Optional) configure NTP equity address for the ISCOM2110G-PWR working in symmetric peer mode.

Configure clock of the ISCOM2110G-

PWR as NTP reference clock source for the ISCOM2110G-PWR.

If the ISCOM2110G-PWR is configured as the NTP reference clock source, it cannot be configured as the NTP server or NTP symmetric peer; vice versa.

1.5.4 Configuring SNTP

Simple Network Time Protocol (SNTP) is used to synchronize the system time of the

ISCOM21xx with the time of the SNTP device on the network. The time synchronized by

SNTP protocol is Greenwich Mean Time (GMT), which can be translated into the local time according to system settings of time zone.

Default configurations of SNTP are as below.

Function

IP address of the SNTP server Inexistent

Default value

Configure SNTP for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#snt p server ip-address

Description

Enter global configuration mode.

(Optional) configure the IP address of the SNTP server for the client device working in server/client mode.

After you configure the IP address of the SNTP server, the ISCOM2110G-PWR will try to obtain clock information from the SNTP server every 3s. The maximum timeout for clock information is 10s.

Raisecom Technology Co., Ltd. 21

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1.5.5 Checking configurations

Use the following commands to check configuration results.

2

3

No.

1

Command

Raisecom#show clock

[ summer-time-recurring ]

Raisecom#show sntp

Raisecom#show ntp status

4

Raisecom#show ntp associations [ detail ]

1 Basic configurations

Description

Show configurations of the system time, time zone, and DST.

Show SNTP configurations.

Show NTP configurations.

Show NTP connection information.

1.6 Configuring interface management

1.6.1 Default configurations of interfaces

Default configurations of physical layer interface are as below.

Function

Maximum forwarding frame length of interface

Duplex mode of interface

Interface speed

Interface flow control status

Optical/Electrical mode of the Combo interface

Flow control of the Combo interface

Time interval of interface dynamic statistics

Interface status

Default value

9712 Bytes

Auto-negotiation

Auto-negotiation

Disable

Automatical

Disable

2s

Enable

1.6.2 Configuring basic attributes of interfaces

The interconnected devices cannot communicate normally if their interface attributes (such as

MTU, duplex mode, and rate) are inconsistent, and then you have to adjust the interface attribute to make the devices at both ends match each other.

Configure basic attributes of interface of the ISCOM2110G-PWR.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 22

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

4

5

Command

Raisecom(config)#interf ace port

port-id

1 Basic configurations

Description

Enter physical layer interface configuration mode.

Raisecom(configport)#flowcontrol { off

| on }

Raisecom(configport)#duplex { full | half }

Raisecom(configport)#speed { auto | 10

| 100 | 1000 }

Enable/Disable flow control over 802.3x packets on the interface.

Configure the duplex mode of the interface.

Configure the interface rate.

For optical interfaces, the interface rate depends on specifications of the optical module.

6

Raisecom(configport)#mdi { across | auto | normal }

Configure the crossover mode of line order on the electrical interface.

1.6.3 Configuring flow control on interfaces

IEEE 802.3x is a flow control method for full duplex on the Ethernet data layer. When the client sends request to the server, it will send the PAUSE frame to the server if there is system or network jam. Then, it delays data transmission from the server to the client.

Configure flow control on interfaces for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port

port-id

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable/Disable flow control over

802.3x packet on the interface.

3

Raisecom(configport)#flowcontrol { send| receive }{ off | on }

1.6.4 Configuring interface statistics

Configure interface statistics for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Raisecom(config)#dynamic statistics time period

3

Raisecom(config)#clear interface port port-id statistics

Description

Enter global configuration mode.

Configure period for interface dynamic statistics.

By default, it is 2s.

Clear interface statistics saved on the

ISCOM2110G-PWR.

23 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1.6.5 Enabling/Disabling interface

Enable/Disable an interface for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

3

Raisecom(configport)#shutdown

1 Basic configurations

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Disable the current interface.

Use the no shutdown command to reenable the disabled interface.

1.6.6 Checking configurations

Use the following commands to check configuration results.

4

5

No.

1

2

3

Command

Raisecom#show interface port [

portid

]

Raisecom#show interface port

port-id statistics dynamic [ detail ]

Raisecom#show interface port [ portid ] flowcontrol

Raisecom#show system mtu

Raisecom#show interface port [ portid ] description

Description

Show interface status.

Show interface statistics.

Show flow control on the interface.

Show system MTU.

Show information about the

Combo interface.

1.7 Configuring basic information

Configure basic information for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#host name name

Description

(Optional) configure device name.

By default, the device name is Raisecom.

The system supports changing device name to make users distinguish different devices on the network. Device name become effective immediately, which can be seen in terminal prompt.

Raisecom Technology Co., Ltd. 24

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

Command

Raisecom#lang uage

{ chinese | english }

1 Basic configurations

Description

(Optional) configure language mode.

By default, the language is English.

The system supports displaying help and prompt information in both English and Chinese.

Raisecom#writ e

Save configuration.

Save configurations to the ISCOM2110G-PWR after configuration, and the new saved configurations will cover the original configurations.

Without saving, the new configurations will lose after rebooting, and the ISCOM2110G-PWR will continue working with the original configuration.

4

5

Raisecom#rebo ot [ now ]

Use the erase file-name command to delete the configuration file. This operation cannot be rolled back, so use this command with care.

(Optional) configure reboot options.

When the ISCOM2110G-PWR fails, reboot it to try to solve the problem according to actual condition.

Raisecom#eras e [ filename ]

(Optional) delete files saved in the memory.

1.8 Task scheduling

When you need to use some commands periodically or at a specified time, configure task scheduling.

The ISCOM21xx supports realizing task scheduling by combining the program list to command lines. You just need to specify the start time of the task, period, and end time in the program list, and then bind the program list to command lines to realize the periodic execution of command lines.

Configure task scheduling for the ISCOM2110G-PWR as below.

Step

1

Raisecom#config

Command Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 25

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

Command

Raisecom(config)#schedule-list listnumber start { date-time month

day

year hour

: minute

: second

[ every { day | week | period hour

: minute

: second

} ] stop monthday-year hour

: minute

: second

| up-time period hour

: minute

: second

[ every period hour

: minute

: second

] [ stop period hour

: minute

: second

] }

Raisecom(config)# command-string schedulelist list-number

1 Basic configurations

Description

Create a schedule list, and configure it.

Bind the command line which needs periodic execution and supports schedule list to the schedule list.

4

Raisecom#show schedule-list [ listnumber

]

Show configurations of the schedule list.

1.9 Watchdog

External electromagnetic field interferes with the working of single chip microcomputer, and causes program fleet and dead circulation so that the system cannot work normally.

Considering the real-time monitoring of the running state of single chip microcomputer, a program is specially used to monitor the running status of switch hardware, which is commonly known as the Watchdog.

The ISCOM21xx will be rebooted when it fails due to task suspension or dead circulation, and without feeding the dog within a feeding dog cycle.

The Watchdog function can prevent the system program from dead circulation due to uncertain fault, thus improving stability of the system.

Configure Watchdog for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#watchdog enable

Raisecom#show watchdog

Description

Enable Watchdog.

Show Watchdog status.

Raisecom Technology Co., Ltd. 26

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1.10 Load and upgrade

1.10.1 Introduction

Load

1 Basic configurations

Traditionally, configuration files are loaded through the serial interface, which takes a long time due to low rate and unavailable remote loading. FTP and TFTP loading modes can solve those problems and make operation more convenient.

The ISCOM2110G-PWR supports TFTP auto-loading mode.

TFTP auto-loading refers that you can obtain the configuration files from a server and then configure the ISCOM2110G-PWR. Auto-loading allows configuration files to contain loading related commands for multiple configurations loading to meet file auto-loading requirements in complex network environment.

The ISCOM2110G-PWR provides several methods to confirm configuration file name in the

TFTP server, such as manually inputting, obtaining through DHCP, and using default name of the configuration file. Besides, you can assign certain naming conventions for configuration files, and then the ISCOM2110G-PWR confirms the name according to naming conventions and its attributes (device type, MAC address, software version, and so on).

Upgrade

The ISCOM2110G-PWR needs to be upgraded if you wish to add new features, optimize functions or solve current software version bugs.

The ISCOM2110G-PWR supports the following two upgrade modes:

Upgrade by BootROM

Upgrade by command line

1.10.2 Configuring TFTP auto-loading mode

You need to build a TFTP environment before configuring TFTP auto-loading mode to interconnect the ISCOM2110G-PWR with the TFTP server.

When you perform configuration auto-loading, the priority of the IP address configured by the command is higher than the one obtained through DHCP.

When you perform configuration auto-loading, the priorities of modes for obtaining configuration file names are: file name confirmed by naming convention > file name configured by command > file name obtained through DHCP Client.

Configure TFTP auto-loading for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#service config tftp-server ipaddress

Description

Enter global configuration mode.

Configure the IP address of the TFTP server.

By default, this address is unconfigured.

27 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

4

5

6

7

8

Command

Raisecom(config)#service config filename rule

[ rule-number

]

1 Basic configurations

Description

Set naming convention rule for file names. By default, there is no naming convention, and the system uses the default file name startup_config.conf.

Raisecom(config)#service config filename

filename

Raisecom(config)#service config version { systemboot | bootstrap | startup-config }

version

Raisecom(config)#service config overwrite enable

Specify the name of the configuration file to be loaded.

(Optional) configure file version No.

(Optional) enable overwriting local configuration file.

Raisecom(config)#service config

Raisecom(config)#service config trap enable

Enable configuration auto-loading.

Enable Trap function.

1.10.3 Upgrading system software through BootROM

You need to upgrade system software through BootROM in the following conditions:

The device is started for the first time.

A system file is damaged.

The card is started improperly.

Before upgrading system software through BootROM, you should build a FTP environment, and use the PC as the FTP server and the ISCOM2110G-PWR as the client. Basic requirements are as below.

The ISCOM2110G-PWR is connected to the FTP server through the service interface.

Configure the FTP server. Ensure that the server is available.

Configure the IP address of the TFTP server; keep it in the same network segment with

IP address of the ISCOM2110G-PWR.

Upgrade system software through BootROM for the ISCOM2110G-PWR as below.

Step

1

Operation

Log in to the ISCOM2110G-PWR through the serial interface as the administrator and enter Privileged EXEC mode, reboot the ISCOM2110G-PWR by the reboot command.

Raisecom#reboot

Please input 'yes' to confirm:yes

Rebooting ...

28 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

Operation

1 Basic configurations

Click Space key to enter interface of raisecom when the display shows "Press space into Bootstrap menu...", then input "?" to display command list:

[Raisecom]:?

? - List all available commands

h - List all available commands

V - Show bootstrap version

b - Boot an executable image

E - Format both DOS file systems

T - Download system program

u - XMODEM download system boot image

N - set ethernet address

R - Reboot

3

The input letters are case sensitive.

Input "T" to download system boot file through TFTP. The system displays the following information.

[Raisecom]:T dev name:et unit num:1 file name: system_boot.Z ROS_4.14.1781.ISCOM2110G-

PWR.167.20120813 local ip: 192.168.1.1 192.168.18.250 server ip: 192.168.1.2 192.168.18.16 user:wrs 1 password:wrs 123456

Loading... Done

Saving file to flash...

4

Ensure the input file name here is correct, the file name should not be longer than 80 characters.

Input "b" to quick execute bootstrap file. The ISCOM2110G-PWR will reboot and load the downloaded system boot file.

1.10.4 Upgrading system software through CLI

Before upgrading system software through CLI, you should build a FTP environment, and use a PC as the FTP server and the ISCOM2110G-PWR as the client. Basic requirements are as below.

The ISCOM2110G-PWR connects to the FTP/TFTP server.

29 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1 Basic configurations

Configure the FTP/TFTP server. Ensure that the FTP/TFTP server is available.

Configure the IP address of the FTP/TFTP server to ensure that ISCOM2110G-PWR can access the server.

Upgrade system software through CLI for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#download system-boot

{ ftp [ ip-address user-name password file-name

] | tftp

[ ip-address file-name

] }

Raisecom#write

Description

Download system boot file through

FTP/TFTP.

3

Raisecom#reboot [ now ]

Write the configuration file into the memory.

Reboot the ISCOM2110G-PWR, and it will automatically load the downloaded system boot file.

1.10.5 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show service config

2

Raisecom#show service config filename rule rule-number

Description

Show auto-loading information.

Show naming convention for configuration files.

3

Raisecom#show version

Show system version.

1.10.6 Exampe for configuring TFTP auto-loading

Networking requirements

As shown in Figure 1-5, connect the TFTP server with the switch, and configure auto-loading

on the switch to make the switch automatically load configuration file from the TFTP server.

Wherein, the IP address of the TFTP server is 192.168.1.1, the subnet mask is 255.255.255.0, and the naming convention for configuration file name meets the following conditions:

The device model is included in the name of the configuration file.

The complete MAC address is included in the name of the configuration file.

First 2 digits of software version are included in the name of the configuration file.

No extension rules are supported.

30 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 1 Basic configurations

Figure 1-5 Configuring auto-loading

Configuration steps

Step 1 Configure the IP address of the TFTP server.

Raisecom#config

Raisecom(config)#service config tftp-server 192.168.1.1

Step 2 Configure naming convention rules.

Raisecom(config)#service config filename rule 81650

Step 3 Configure file name.

Raisecom(config)#service config filename ABC

Step 4 Enable overwriting local configuration file.

Raisecom(config)#service config overwrite enable

Step 5 Enable configuration auto-loading.

Raisecom(config)#service config

Checking results

Use the show service config command to show auto-loading configurations.

Raisecom#show service config

Auto upgrade : enable

Config server IP address: 192.168.1.1

Config filename rule: 81650

Raisecom Technology Co., Ltd. 31

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Config file name: ABC

System boot file version: 1107290

Bootstrap flie version : :48:050

Startup-config file version: 0000000

Overwrite local configuration file: enable

Send Completion trap: disable

Current File Type: none

Operation states: done

Result: none

1 Basic configurations

Raisecom Technology Co., Ltd. 32

2 Ethernet

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2

Ethernet

This chapter describes basic principles and configurations of Ethernet, and provides related configuration examples, including the following sections:

MAC address table

VLAN

QinQ

VLAN mapping

Interface protection

Port mirroring

Layer 2 protocol transparent transmission

2.1 MAC address table

2.1.1 Introduction

The MAC address table records mappings between MAC addresses and interfaces. It is the basis for an Ethernet device to forward packets. When the Ethernet device forwards packets on Layer 2, it searches for the forwarding interface according to the MAC address table, implements fast forwarding of packets, and reduces broadcast traffic.

The MAC address table contains the following information:

Destination MAC address

Destination MAC address related interface ID

Interface belonged VLAN ID

Flag bits

The ISCOM2110G-PWR supports showing MAC address information by device, interface, or

VLAN.

MAC address forwarding modes

When forwarding packets, based on the information about MAC addresses, the

ISCOM2110G-PWR adopts following modes:

Raisecom Technology Co., Ltd. 33

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2 Ethernet

Unicast: when a MAC address entry, related to the destination MAC address of a packet, is listed in the MAC address table, the ISCOM2110G-PWR will directly forward the packet to the receiving port through the egress port of the MAC address entry. If the entry is not listed, the ISCOM2110G-PWR broadcasts the packet to other devices.

Multicast: when the ISCOM2110G-PWR receives a packet of which the destination

MAC address is a multicast address, and multicast is enabled, the ISCOM2110G-PWR sends the packet to the specified Report interface. If an entry corresponding to the destination address of the packet is listed in the MAC address table, the ISCOM2110G-

PWR transmits the packet from the egress port of the entry. If the corresponding entry is not listed, the ISCOM2110G-PWR broadcasts the packet to other interfaces except the receiving interface.

Broadcast: when the ISCOM2110G-PWR receives a packet with an all-F destination address, or its MAC address is not listed in the MAC address table, the ISCOM2110G-

PWR forwards the packet to all ports except the port that receives this packet.

Classification of MAC addresses

MAC address table is divided into static address entry and dynamic address entry.

Static MAC address entry: also called "permanent address", added and removed by the user manually, does not age with time. For a network with small device change, adding static address entry manually can reduce the network broadcast flow, improve the security of the interface, and prevent entries from losing after the system is reset.

Dynamic MAC address entry: the Switch can add dynamic MAC address entry through

MAC address learning mechanism. The entries age according to the configured aging time, and will be empty after the system is reset.

The ISCOM2110G-PWR supports the maximum 32K dynamic MAC addresses, and each interface supports 1024 static MAC addresses.

Aging time of MAC addresses

There is limit on the capacity of the MAC address table on the ISCOM2110G-PWR. To maximize the use of the MAC address table, the ISCOM2110G-PWR uses the aging mechanism to update the MAC address table. For example, when the ISCOM2110G-PWR creates a dynamic entry, it starts the aging timer. If it does not receive packets from the MAC address in the entry during the aging time, the ISCOM2110G-PWR will delete the entry.

The ISCOM2110G-PWR supports automatical aging of MAC addresses. The aging time ranges from 10s to 1000000s and can be 0. The value 0 indicates no aging.

The aging mechanism takes effect on dynamic MAC addresses only.

Policies of forwarding MAC addresses

The MAC address table has two forwarding policies:

When receiving packets on an interface, the ISCOM2110G-PWR searches the MAC address table for the interface related to the destination MAC address of packets.

If successful, it forwards packets on the related interface, records the source MAC addresses of packets, interface number of ingress packets, and VLAN ID in the MAC

34 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide address table. If packets from other interface are sent to the MAC address, the

ISCOM2110G-PWR can send them to the related interface.

2 Ethernet

If failed, it broadcasts packets to all interfaces except the source interface, and records the source MAC address in the MAC address table.

MAC address limit

MAC address limit is to limit the number of MAC addresses, avoid extending the searching time of forwarding entry caused by too large MAC address table and degrading the forwarding performance of the Ethernet switch, and it is effective to manage the MAC address table.

MAC address limit improves the speed of forwarding packets.

2.1.2 Preparing for configurations

Scenario

Configure the static MAC address table in the following situations:

The static MAC address can be configured for a fixed server, special persons (manager, financial staff, etc.), fixed and important hosts to ensure that all data flow forwarding to these MAC addresses are forwarded from static MAC address related interface in priority.

For the interface with fixed static MAC address, you can disable MAC address learning to avoid other hosts visiting LAN data from the interface.

Configure the aging time of dynamic MAC addresses to avoid saving excessive MAC address entries in the MAC address table and running out of MAC address table resources, and to achieve aging of dynamic MAC addresses.

Prerequisite

N/A

2.1.3 Default configurations of MAC address table

Default configurations of the MAC address table are as below.

Function

MAC address learning status

MAC address aging time

MAC address limit

Default value

Enable

300s

Unlimited

2.1.4 Configuring static MAC address

Configure static MAC address as below.

1

Step Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 35

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

Command

Raisecom(config)#mac-addresstable static unicast mac-address vlan vlan-id

port

port-id

Raisecom(config)#mac-addresstable static multicast macaddress vlan vlan-id port-list port-list

Raisecom(config)#mac-addresstable blackhole { destination | source } mac-address vlan vlanid

Description

2 Ethernet

Configure static unicast MAC addresses.

Configure static multicast MAC addresses.

Configure blackhole MAC addresses.

The MAC address of the source device, multicast MAC address, FFFF.FFFF.FFFF, and 0000.0000.0000 cannot be configured as static unicast MAC address.

The maximum number of static unicast MAC addresses supported by the

ISCOM2110G-PWR is 1024.

2.1.5 Configuring multicast filtering mode for MAC address table

Configure multicast filtering mode for the MAC address table for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Raisecom(config)#mac-addresstable multicast filter-mode

{ filter-all | forward-all | filter-vlan vlan-list

}

Description

Enter global configuration mode.

Configure multicast filtering mode of MAC address table.

2.1.6 Configuring MAC address learning

Configure MAC address learning for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Raisecom(config)#mac-addresstable learning { enable | disable } port-list { all | port-list }

Description

Enter global configuration mode.

Enable/Disable MAC address learning.

Raisecom Technology Co., Ltd. 36

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.1.7 Configuring MAC address limit

2 Ethernet

Configuring interface-based MAC address limit

Configure the interface-based MAC address limit for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Description

Raisecom(config-port)#macaddress-table threshold threshold-value

Enter global configuration mode.

Raisecom(config)#interface interface-type interface-number

Enter physical layer interface configuration mode.

Configure interface-based MAC address limit.

2.1.8 Configuring aging time of MAC addresses

Configure the aging time of MAC addresses for ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#mac-addresstable aging-time { 0 | period }

Configure the aging time of MAC addresses. The aging time ranges from

10s to 1000000s, and can be 0 which indicates no aging.

2.1.9 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show mac-address-table static [ port

port-id

| vlan vlanid

]

Raisecom#show mac-address-table multicast [ vlan vlan-id

]

[ count ]

3

4

5

Raisecom#show mac-address-table l2-address [ count ] [ vlan vlanid

| port

port-id

]

Raisecom#show mac-address-table threshold [ port-list port-list

]

Raisecom#show mac aging-time

Description

Show static unicast MAC addresses.

Show all Layer 2 multicast addresses and the current multicast

MAC address number.

Show all Layer 2 unicast MAC addresses and the current unicast

MAC address number.

Show dynamic MAC address limit.

Show the aging time of dynamic

MAC addresses.

Raisecom Technology Co., Ltd. 37

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.1.10 Maintenance

Maintain the ISCOM2110G-PWR as below.

2 Ethernet

Command

Raisecom#search mac-address mac-address

Description

Raisecom(config)#clear mac-address-table { all | blackhole | dynamic | static } [ vlan vlan-id ]

Clear MAC address.

Search MAC address.

2.1.11 Example for configuring MAC address table

Networking requirements

Configure static unicast MAC address for Port 2 on Switch A, and configure the aging time for dynamic MAC addresses (it takes effect only after dynamic MAC address learning is enabled).

As shown in Figure 2-1, configure Switch A as below:

Create VLAN 10, and activate it.

Configure a static unicast MAC address 0001.0203.0105 on Port 2, and set its VLAN to

VLAN 10.

Set the aging time to 500s.

Figure 2-1 MAC networking

Configuration steps

Step 1 Create VLAN 10 and active it, and add Port 2 into VLAN 10.

Raisecom Technology Co., Ltd. 38

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#config

Raisecom(config)#create vlan 10 active

Raisecom(config)#interface port 2

Raisecom(config-port)#switchport mode access

Raisecom(config-port)#exit

Step 2 Configure a static unicast MAC address on Port 2, and set its VLAN to VLAN 10.

2 Ethernet

Raisecom(config)#mac-address-table static unicast 0001.0203.0405 vlan 10 port 2

Step 3 Set the aging time to 500s.

Raisecom(config)#mac-address-table aging-time 500

Checking results

Use the show mac-address-table l2-address port port-id command to show configurations of MAC addresses.

Raisecom#show mac-address-table l2-address port 2

Aging time: 500 seconds

Mac Address Port Vlan Flags

-------------------------------------------------------

0001.0203.0405 2 10 Static

2.2 VLAN

2.2.1 Introduction

Overview

Virtual Local Area Network (VLAN) is a protocol to solve Ethernet broadcast and security problems. It is a Layer 2 isolation technique that divides a LAN into different broadcast domains logically rather than physically, and then the different broadcast domains can work as virtual groups without any influence from one another. As for the function, VLAN has the same features as LAN, but members in one VLAN can access one another without restriction by physical location.

Raisecom Technology Co., Ltd. 39

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

Figure 2-2 Partitioning VLANs

VLAN technique can partition a physical LAN into different broadcast domains logically.

Hosts without intercommunication requirements can be isolated by VLAN, so VLAN partitioning improves network security, and reduces broadcast flow and broadcast storm.

The ISCOM2110G-PWR supports interface-based VLAN partitioning.

The ISCOM2110G-PWR complies with IEEE 802.1Q standard VLAN and supports 4094 concurrent VLANs.

Interface mode and packet processing

The interface modes of the ISCOM2110G-PWR include Access mode and Trunk mode. Table

2-1 lists interfaces types and modes for processing packets.

Interface type

Access

Trunk

Table 2-1 Interface mode and packet processing

Processing ingress packets

Untag packets

Add Access VLAN

Tag for packet.

Add Native VLAN

Tag.

Tag packets

 VLAN ID = Access VLAN ID, receive the packet

VLAN ID ≠ Access VLAN ID, discard the packet.

Receive the packet if the packet

VLAN ID is included in the permit passing VLAN ID list.

 Discard the packet if the packet

VLAN ID is not included in the permit passing VLAN ID list.

Processing egress packets

 VLAN ID = Access VLAN

ID, remove Tag and transmit the packet.

The VLAN ID list does not include the VLAN ID of the packet, discard the packet.

VLAN ID = Native VLAN

ID, permit passing from interface, remove Tag and transmit the packet.

 VLAN ID ≠ Native VLAN

ID, permit passing from interface, transmit the packet with Tag.

Raisecom Technology Co., Ltd. 40

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

By default, the default VLAN on the ISCOM2110G-PWR is VLAN 1.

By default, the Access VLAN of the Access interface is VLAN 1, and the Native

VLAN of the Trunk interface is VLAN 1.

By default, VLAN 1 is in the list permitted by all interfaces. Use the switchport

access egress-allowed vlan { { all | vlan-list } [ confirm ] | { add | remove } vlan-

list } command to modify the VLAN list allowed to pass by the Access interface.

Use the switchport trunk allowed vlan { { all | vlan-list } [ confirm ] | { add |

remove } vlan-list } command to modify the VLAN list allowed to pass by the

Trunk interface.

2.2.2 Preparing for configurations

Scenario

The main function of VLAN is to partition logic network segments. There are 2 typical application modes:

One kind is that in a small LAN several VLANs are created on a device, the hosts that connect to the device are divided by VLAN. So hosts in the same VLAN can communicate, but hosts between different VLANs cannot communicate. For example, the financial department needs to be separated from other departments and they cannot access each other. Generally, the interface to connect host is in Access mode.

The other kind is that in bigger LAN or enterprise network multiple devices connect to multiple hosts and the devices are cascaded, and data packets carry VLAN Tag for forwarding. The interfaces in the same VLAN on multiple devices can communicate, but the interfaces in different VLANs cannot communicate. This mode is used in enterprise that has many employees and needs a large number of hosts, in the same department but different position, the hosts in one department can access one another, so users have to partition VLANs on multiple devices. Layer 3 devices like router are required if users want to communicate among different VLAN. The cascaded interfaces among devices are set in Trunk mode.

When configuring the IP address for VLAN, you can associate a Layer 3 interface for it. Each

Layer 3 interface corresponds to one IP address and one VLAN.

Prerequisite

N/A

2.2.3 Default configurations of VLAN

Default configurations of VLAN are as below.

Function

Create VLAN

Active status of static VLAN

Interface mode

Access VLAN of the Access interface

Default value

VLAN 1 suspend

Access

VLAN 1

Raisecom Technology Co., Ltd. 41

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

Native VLAN of the Trunk interface

Allowed VLAN in Trunk mode

Allowed Untag VLAN in Trunk mode

2 Ethernet

2.2.4 Configuring VLAN attributes

Configure VLAN attributes for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

Command

Raisecom#config

Raisecom(config)#create vlan vlanlist

{ active | suspend }

Description

Enter global configuration mode.

Create VLAN.

The command can also be used to create VLAN in batches.

Raisecom(config)#vlan v lan-id Enter VLAN configuration mode.

Raisecom(config-vlan)#name vlan-name

(Optional) configure VLAN name.

Raisecom(config-vlan)#state { active

| suspend }

Configure VLAN in active or suspend status.

Default value

VLAN 1

All VLANs

VLAN 1

The VLAN created by the vlan vlan-id command is in suspend status, you need to use the state active command to activate VLAN if they want to make it effective in system.

By default, there is VLAN 1, the default VLAN (VLAN 1). All interfaces in Access mode belong to the default VLAN. VLAN 1 cannot be created and deleted.

By default, the default VLAN (VLAN 1) is called Default; cluster VLAN Other VLAN is named as "VLAN + 4-digit VLAN ID". For example, VLAN 10 is named VLAN

0010 by default, and VLAN4094 is named as "VLAN 4094" by default.

All configurations of VLAN are not effective until the VLAN is activated. When

VLAN status is Suspend, you can configure the VLAN, such as delete/add interface, set VLAN name, etc. The system will keep the configurations, once the

VLAN is activated, the configurations will take effect in the system.

2.2.5 Configuring interface mode

Configure interface mode for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

42 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

Command

Raisecom(config)#interface port port-id

Description

2 Ethernet

Enter physical layer interface configuration mode.

Raisecom(config-port)#switchport mode { access | trunk }

Set the interface to Access or Trunk mode.

2.2.6 Configuring VLAN on Access interface

Configure VLAN on the Access interface for the ISCOM2110G-PWR as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#switchport mode access

Raisecom(config-port)#switchport access vlan vlan-id

Raisecom(config-port)#switchport access egress-allowed vlan

{ { all | vlan-list

} [ confirm ]

| { add | remove } vlan-list

}

Configure interface in Access mode and add Access interface into

VLAN.

(Optional) configure Access interface permitted VLAN.

The interface allows Access VLAN packets to pass regardless of configuration for

VLAN permitted by the Access interface, the forwarded packets do not carry

VLAN Tag.

When setting the Access VLAN, the system creates and activates a VLAN automatically if you have not created and activated a VLAN in advance.

If you delete or suspend the Access VLAN manually, the system will automatically set the interface Access VLAN as default VLAN.

If the configured Access VLAN is not default VLAN and there is no default VLAN in the allowed VLAN list of the Access interface, the interface does not allow default VLAN packets to pass.

The allowed VLAN list of the Access interface is only effective to static VLANs, and ineffective to cluster VLAN, GVRP dynamic VLAN, etc.

2.2.7 Configuring VLAN on Trunk interface

Configure VLAN on Trunk interface for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 43

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

Command

Raisecom(config)#interface port port-id

3

Raisecom(config-port)#switchport mode trunk

4

5

6

Raisecom(config-port)#switchport trunk native vlan vlan-id

Raisecom(config-port)#switchport trunk allowed vlan { { all | vlanlist } [ confirm ] | { add | remove } vlan-list }

Raisecom(config-port)#switchport trunk untagged vlan { { all | vlanlist } [ confirm ] | { add | remove } vlan-list }

2 Ethernet

Description

Enter physical layer interface configuration mode.

Configure interface in Trunk mode.

Configure interface Native

VLAN.

(Optional) configure VLANs allowed to pass by the Trunk interface.

(Optional) configure Untag

VLANs allowed to pass by the

Trunk interface.

The interface allows Native VLAN packets to pass regardless of configuration in the VLAN list and Untagged VLAN list allowed by the Trunk interface and, the forwarded packets do not carry VLAN Tag.

The system will create and activate the VLAN if no VLAN is created and activated in advance when setting the Native VLAN.

The system set the interface Trunk Native VLAN as default VLAN if you have deleted or blocked Native VLAN manually.

The interface allows incoming and outgoing VLAN packet allowed by the Trunk interface. If the VLAN is Trunk Untagged VLAN, the VLAN Tag is removed from the packets at the egress interface; otherwise the packets are not modified.

If the configured Native VLAN is not default VLAN, and there is no default VLAN in

Trunk interface allowed VLAN list, the interface will not allow default VLAN packets to pass.

When setting Trunk Untagged VLAN list, the system automatically adds all

Untagged VLAN into the VLAN allowed by the Trunk interface.

The VLAN list and Untagged VLAN list allowed by the Trunk interface are only effective to static VLAN, and ineffective for cluster VLAN, GVRP dynamic VLAN, etc.

2.2.8 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show vlan [ vlan-list

| static | dynamic ]

Raisecom#show interface port

[

port-id

] switchport

Description

Show VLAN configuration.

Show interface VLAN configuration.

Raisecom Technology Co., Ltd. 44

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.3 QinQ

2 Ethernet

2.3.1 Introduction

QinQ (also known as Stacked VLAN or Double VLAN) technique is an extension for 802.1Q defined in IEEE 802.1ad standard.

Basic QinQ is a simple Layer 2 VPN tunnel technique, which encapsulate outer VLAN Tag for user private network packet at the carrier access end, then the packet takes double VLAN

Tag to transmit through backbone network (public network) of carrier. In public network, packet just be transmitted in accordance with outer VLAN Tag (namely the public network

VLAN Tag), the user private network VLAN Tag is transmitted as data in packet.

This technique can save public network VLAN ID resource. You can mark out private network VLAN ID to avoid conflict with public network VLAN ID.

Basic QinQ

Figure 2-3 shows typical networking with basic QinQ, with the ISCOM2110G-PWR as the

Provider Edge (PE).

Figure 2-3 Typical networking with basic QinQ

The packet transmitted to the switch from user device, and the VLAN ID of packet tag is 100.

The packet will be added with outer tag with VLAN 200 when passing the user side interface on the PE device and then enter the PE network.

The VLAN 200 packet is transmitted to the PE on the other end of the carrier, and then the other Switch will remove the outer tag VLAN 200 and send it to the user device. So the packet returns to the status that it carries VLAN 100 Tag only.

Selective QinQ

Selective QinQ is an enhancement to basic QinQ, which classifies flow according to user data features, then encapsulates different types flow into different outer VLAN Tags. This technique is realized by combination of interface and VLAN. Selective QinQ can perform different actions on different VLAN Tags received by one interface and add different outer

VLAN IDs for different inner VLAN IDs. According to configured mapping rules for inner and outer Tags, you can encapsulate different outer Tags for different inner Tag packets.

Selective QinQ makes structure of the carrier network more flexible. You can classify different terminal users on the access device interface by VLAN Tag and then, encapsulate different outer Tags for users in different classes. On the public network, you can configure

Raisecom Technology Co., Ltd. 45

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

QoS policy according to outer Tag and configure data transmission priority flexibly to make users in different classes receive corresponding services.

2.3.2 Preparing for configurations

Scenario

With application of basic QinQ, you can add outer VLAN Tag to plan Private VLAN ID freely to make the user device data at both ends of carrier network take transparent transmission without conflicting with VLAN ID in service provider network.

Prerequisite

Connect the interface and configure interface physical parameters to make the physical status Up.

Create VLANs.

2.3.3 Default configurations of QinQ

Default configurations of QinQ are as below.

Outer Tag TPID

Basic QinQ status

Function

0x8100

Default value

Disable

2.3.4 Configuring basic QinQ

Configure basic QinQ on the ingress interface as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#mls double-tagging tpid tpid

Raisecom(config)#interface port

portid

(Optional) configure TPID.

Enter physical layer interface configuration mode.

Raisecom(config-port)#switchport qinq dot1q-tunnel

Enable basic QinQ on the interface.

2.3.5 Configuring selective QinQ

Configure selective QinQ on the ingress interface as below.

Raisecom Technology Co., Ltd. 46

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2 Ethernet

Description

Enter global configuration mode.

(Optional) configure TPID. 2

3

4

Raisecom(config)#mls double-tagging tpid tpid

Raisecom(config)#interface port portid

Raisecom(config-port)#switchport vlan-mapping vlan-list add-outer vlan-id [ cos cos-value ]

Enter physical layer interface configuration mode.

Configure selective QinQ rules on the interface.

2.3.6 Configuring egress interface toTrunk mode

Configure basic QinQ or selective QinQ on the network side interface as below.

Step

1

2

3

Command

Raisecom#config

Description

Raisecom(configport)#switchport mode trunk

Enter global configuration mode.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Configure interface trunk mode, allowing double Tag packet to pass.

2.3.7 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show switchport qinq

2

Raisecom#show interface interface-type interface-number

vlan-mapping add-outer

Description

Show configurations of basic QinQ.

Show configurations of selective QinQ.

2.3.8 Maintenance

Use the following commands to check configuration results.

Command

Raisecom(config)#clear double-tagging-vlan statistics outer { vlan

id

| any } inner

{ vlan

id

| any }

Description

Clear statistics of double

VLAN Tag packets.

47 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.3.9 Example for configuring basic QinQ

2 Ethernet

Networking requirements

As shown in Figure 2-4, Switch A and Switch B are connected to VLAN 100 and VLAN 200

respectively. Department C and department E need to communicate through the carrier network. Department D and Department F need to communicate, too. Thus, you need to set the outer Tag to VLAN 1000. Set Port 2 and Port 3 to dot1q-tunnel mode on Switch A and

Switch B, and connect these two interfaces two different VLANs. Port 1 is the uplink port connected to the ISP, and it is set to the Trunk mode to allow double Tag packets to pass. The carrier TPID is 9100.

Figure 2-4 Basic QinQ networking

Configuration steps

Step 1 Create VLAN 100, VLAN 200, and VLAN 1000 and activate them. TPID is 9100.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#mls double-tagging tpid 9100

SwitchA(config)#create vlan 100,200,1000 active

Raisecom Technology Co., Ltd. 48

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configure Switch B.

Step 2 Set Port 2 and Port 3 to dot1q mode.

Configure Switch A.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#mls double-tagging tpid 9100

SwitchB(config)#create vlan 100,200,1000 active

SwitchA(config)#interface port 2

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport trunk native vlan 1000

SwitchA(config-port)#switchport qinq dot1q-tunnel

SwitchA(config-port)#exit

SwitchA(config)#interface port 3

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport trunk native vlan 1000

SwitchA(config-port)#switchport qinq dot1q-tunnel

SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 2

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#switchport trunk native vlan 1000

SwitchB(config-port)#switchport qinq dot1q-tunnel

SwitchB(config-port)#exit

SwitchB(config)#interface port 3

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#switchport trunk native vlan 1000

SwitchB(config-port)#switchport qinq dot1q-tunnel

SwitchB(config-port)#exit

Step 3 Set Port 1 to allow double Tag packets to pass.

Configure Switch A.

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport trunk allowed vlan 1000 confirm

Configure Switch B.

2 Ethernet

49 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

SwitchB(config)#interface port 1

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#switchport trunk allowed vlan 1000 confirm

2 Ethernet

Checking results

Use the show switchport qinq command to show QinQ configurations.

Take Switch A for example.

SwitchA#show switchport qinq

Outer TPID: 0x9100

Interface QinQ Status

----------------------------

1 --

2 Dot1q-tunnel

3 Dot1q-tunnel

2.3.10 Example for configuring selective QinQ

Networking requirements

As shown in Figure 2-5, the carrier network contains common PC Internet service and IP

phone service. PC Internet service is assigned to VLAN 1000, and IP phone service is assigned to VLAN 2000.

Configure Switch A and Switch B as below to make client and server communicate through carrier network:

Add outer Tag VLAN 1000 to the VLANs 100–150 assigned to PC Internet service.

Add outer Tag 2000 for VLANs 300–400 for IP phone service.

The carrier TPID is 9100.

Raisecom Technology Co., Ltd. 50

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

Figure 2-5 Selective QinQ networking

Configuration steps

Step 1 Create and activate VLAN 100, VLAN 200, and VLAN 1000. The TPID is 9100.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#mls double-tagging tpid 9100

SwitchA(config)#create vlan 100-150,300-400,1000,2000 active

Configure Switch B.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#mls double-tagging tpid 9100

SwitchB(config)#create vlan 100-150,300-400,1000,2000 active

Step 2 Set Port 2 and Port 3 to dot1q mode.

Configure Switch A.

Raisecom Technology Co., Ltd. 51

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

SwitchA(config)#interface port 2

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport vlan-mapping 100-150 add-outer 1000

SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm

SwitchA(config-port)#exit

SwitchA(config)#interface port 3

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport vlan-mapping 300-400 add-outer 2000

SwitchA(config-port)#switchport trunk untagged vlan 1000,2000 confirm

SwitchA(config-port)#exit

Configure Switch B.

Step 3 Set Port 1 to allow double Tag packets to pass.

Configure Switch A.

SwitchB(config)#interface port 2

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#switchport vlan-mapping cvlan 100-150 add-outer 1000

SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm

SwitchB(config-port)#exit

SwitchB(config)#interface port 3

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#switchport vlan-mapping cvlan 300-400 add-outer 2000

SwitchB(config-port)#switchport trunk untagged vlan 1000,2000 confirm

SwitchB(config-port)#exit

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport mode trunk

Configure Switch B.

SwitchB(config)#interface port 1

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#switchport trunk allowed vlan 1000,2000 confirm

Checking results

Use the show interface port port-id vlan-mapping add-outer command to show QinQ configurations.

Take Switch A for example.

Raisecom Technology Co., Ltd. 52

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

SwitchA#show interface port 2 vlan-mapping add-outer

Based inner VLAN QinQ mapping rule:

Port Original Inner VLAN List Add-outer VLAN Hw Status Hw-ID

---------------------------------------------------------------------

2 100-150 1000 Enable 1

SwitchA#show interface port 3 vlan-mapping add-outer

Based inner VLAN QinQ mapping rule:

Port Original Inner VLAN List Add-outer VLAN Hw Status Hw-ID

---------------------------------------------------------------------

3 300-400 2000 Enable 2

2.4 VLAN mapping

2.4.1 Introduction

VLAN Mapping is used to replace the private VLAN Tag of Ethernet packets with ISP's

VLAN Tag, making packets transmitted according to ISP's VLAN forwarding rules. When packets are sent to the peer private network from the ISP network, the VLAN Tag is restored to the original private VLAN Tag according to the same VLAN forwarding rules. Therefore packets are correctly sent to the destination.

Figure 2-6 shows the principle of VLAN mapping.

Figure 2-6 Principle of VLAN mapping

After receiving a VLAN Tag contained in a user private network packet, the ISCOM2110G-

PWR matches the packet according to configured VLAN mapping rules. If it matches successfully, it maps the packet according to configured VLAN mapping rules. The

ISCOM2110G-PWR supports 1:1 VLAN mapping; namely, the ISCOM2110G-PWR replaces the VLAN Tag carried by a packet from a specified VLAN to the new VLAN Tag.

Different from QinQ, VLAN mapping does not encapsulate packets with multiple layers of

VLAN Tags, but needs to modify VLAN Tag so that packets are transmitted according to the carrier's VLAN forwarding rules.

Raisecom Technology Co., Ltd. 53

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.4.2 Preparing for configurations

Scenario

2 Ethernet

Different from QinQ, VLAN mapping is to change the VLAN Tag without encapsulating multilayer VLAN Tag so that packets are transmitted according to the carrier's VLAN mapping rules. VLAN mapping does not increase the frame length of the original packet. It can be used in the following scenarios:

A user service needs to be mapped to a carrier's VLAN ID.

Multiple user services need to be mapped to a carrier's VLAN ID.

Prerequisite

Connect the interface and configure its physical parameters to make it Up.

Create a VLAN.

2.4.3 Configuring 1:1 VLAN mapping

Configure 1:1 VLAN mapping for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Description

Raisecom(configport)#switchport vlanmapping [ egress | ingress ] cvlan-list translate vlan-id

Enter global configuration mode.

Raisecom(config)#interface port

port-id

Enter physical layer interface configuration mode.

Configure interface-based 1:1 VLAN mapping rules in the ingress or egress direction.

2.4.4 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show interface port [

portid

] vlan-mapping { egress | ingress } translate

Raisecom#show interface port [ portid

] vlan-mapping both translate

3

Raisecom#show interface port [ portid

] vlan-mapping both untag

Description

Show configurations of 1:1

VLAN mapping.

Show configurations of N:1

VLAN mapping on the interface.

Show configurations of selective

QinQ and double Tag rules on the interface.

Raisecom Technology Co., Ltd. 54

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.4.5 Example for configuring VLAN mapping

2 Ethernet

Networking requirements

As shown in Figure 2-7, Port 2 and Port 3 on Switch A are connected to Department E in

VLAN 100 and Department F in VLAN 200, Port 2 and Port 3 on Switch B are connected to

Department C in VLAN 100 and Department D in VLAN 200. The ISP assigns VLAN 1000 to transmit packets of Department E and Department C, and VLAN 2008 to transmit packets of Department F and Department D.

Configure 1:1 VLAN mapping on the Switch A and Switch B to implement normal communication between PC or terminal users and servers.

Figure 2-7 VLAN mapping networking

Configuration steps

Configurations of Switch A and Switch B are the same. Take Switch A for example.

Step 1 Create VLANs and activate them.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#create vlan 100,200,1000,2008 active

SwitchA(config)#vlan-mapping enable

Raisecom Technology Co., Ltd. 55

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

Step 2 Set Port 1 to Trunk mode, allowing packets of VLAN 1000 and VLAN 2008 to pass.

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport trunk allowed vlan 1000,2008 confirm

SwitchA(config-port)#exit

Step 3 Set Port 2 to Trunk mode, allowing packets of VLAN 100 to pass. Enable VLAN mapping.

SwitchA(config)#interface port 2

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport trunk allowed vlan 100 confirm

SwitchA(config-port)#switchport vlan-mapping ingress 100 translate 1000

SwitchA(config-port)#switchport vlan-mapping egress 1000 translate 100

SwitchA(config-port)#exit

Step 4 Set Port 3 to Trunk mode, allowing packets of VLAN 200 to pass. Enable VLAN mapping.

SwitchA(config)#interface port 3

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport trunk allowed vlan 200 confirm

SwitchA(config-port)#switchport vlan-mapping ingress 200 translate 2008

SwitchA(config-port)#switchport vlan-mapping egress 2008 translate 200

Checking results

Use the show interface port port-id vlan-mapping { ingress | egress } translate command to show configurations of 1:1 VLAN mapping.

SwitchA#show interface port 2 vlan-mapping ingress translate

Direction: Ingress

Original Original Outer-tag New Inner-tag New

Interface Inner VLANs Outer VLANs Mode Outer-VID Mode Inner-VID

Hw-ID

-------------------------------------------------------------------------

2 n/a 100 Translate 1000 -- --

2.5 Interface protection

2.5.1 Introduction

With interface protection, you can add an interface, which needs to be controlled, to an interface protection group, isolating Layer 2/Layer 3 data in the interface protection group.

56 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

This can provide physical isolation between interfaces, enhance network security, and provide flexible networking scheme for users.

After being configured with interface protection, interfaces in an interface protection group cannot transmit packets to each other. Interfaces in and out of the interface protection group can communicate with each other. So do interfaces out of the interface protection group.

2.5.2 Preparing for configurations

Scenario

To isolate Layer 2 data from the interfaces in the same VLAN, like physical isolation, you need to configure interface protection.

The interface protection function can realize mutual isolation of the interfaces in the same

VLAN, enhance network security and provide flexible networking solutions for you.

Prerequisite

N/A

2.5.3 Default configurations of interface protection

Default configurations for interface protection are as below.

Function

Interface protection status of each interface

Default value

Disable

2.5.4 Configuring interface protection

Configure interface protection for the ISCOM2110G-PWR as below.

1

2

Step Command

Raisecom#config

Raisecom(config)#interface port port-id

3

Raisecom(configport)#switchport protect

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable interface protection.

2.5.5 Checking configurations

Use the following commands to check configuration results.

1

No. Command

Raisecom#show switchport protect

Description

Show interface protection configuration.

Raisecom Technology Co., Ltd. 57

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.5.6 Example for configuring interface protection

2 Ethernet

Networking requirements

As shown in Figure 2-7, PC 1, PC 2, and PC 5 belong to VLAN 10, and PC 3 and PC 4

belong to VLAN 20. The interfaces connecting two devices are in Trunk mode, but do not allow VLAN 20 packets to pass. As a result, PC 3 and PC 4 fail to communicate with each other. Enable interface protection on the interfaces of PC 1 and PC 2 which are connected to

Switch B. As a result, PC 1 and PC 2 fail to communicate with each other, but they can communicate with PC 5 respectively.

Figure 2-8 Interface protection networking

Configuration steps

Step 1 Create VLAN 10 and VLAN 20 on both Switch A and Switch B, and activate them.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#create vlan 10,20 active

Configure Switch B.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#create vlan 10,20 active

Raisecom Technology Co., Ltd. 58

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

Step 2 Add Port 2 and Port 3 on Switch B to VLAN 10 in Access mode, add Port 4 to VLAN 20 in

Access mode, and set Port 1 in Trunk mode to allow VLAN 10 packets to pass.

SwitchB(config)#interface port 2

SwitchB(config-port)#switchport mode access

SwitchB(config-port)#switchport access vlan 10

SwitchB(config-port)#exit

SwitchB(config)#interface port 3

SwitchB(config-port)#switchport mode access

SwitchB(config-port)#switchport access vlan 10

SwitchB(config-port)#exit

SwitchB(config)#interface port 4

SwitchB(config-port)#switchport mode access

SwitchB(config-port)#switchport access vlan 20

SwitchB(config-port)#exit

SwitchB(config)#interface port 1

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#switchport trunk allowed vlan 10 confirm

SwitchB(config-port)#exit

Step 3 Add Port 2 on Switch A to VLAN 10 in Access mode, add Port 3 to VLAN 20 in Trunk mode, and set Port 1 in Trunk mode to allow VLAN 10 packets to pass.

SwitchA(config)#interface port 2

SwitchA(config-port)#switchport mode access

SwitchA(config-port)#switchport access vlan 10

SwitchA(config-port)#exit

SwitchA(config)#interface port 3

SwitchA(config-port)#switchport mode access

SwitchA(config-port)#switchport access vlan 20

SwitchA(config-port)#exit

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#switchport trunk allowed vlan 10 confirm

Step 4 Enable interface protection on Port 2 and Port 3 on Switch B.

SwitchB(config)#interface port 2

SwitchB(config-port)#switchport protect

SwitchB(config-port)#exit

SwitchB(config)#interface port 3

SwitchB(config-port)#switchport protect

Checking results

Use the show vlan command to show VLAN configurations.

Raisecom Technology Co., Ltd. 59

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Take Switch B for example.

2 Ethernet

SwitchB#show vlan

VLAN Name State Status Port Untag-Port Priority Create-Time

-------------------------------------------------------------------------

1 Default active static 1-10 1-10 -- 0:0:7

10 VLAN0010 active static 1-3 2,3 -- 0:1:1

20 VLAN0020 active static 4 4 -- 0:1:1

Use the show interface port port-id switchport command to show configurations of interface VLAN.

Take Switch B for example.

SwitchB#show interface port 2 switchport

Port:2

Administrative Mode: access

Operational Mode: access

Access Mode VLAN: 10

Administrative Access Egress VLANs: 1

Operational Access Egress VLANs: 1,10

Trunk Native Mode VLAN: 1

Administrative Trunk Allowed VLANs: 1-4094

Operational Trunk Allowed VLANs: 1,10,20

Administrative Trunk Untagged VLANs: 1

Operational Trunk Untagged VLANs: 1

Use the show switchport protect command to show configurations of interface protection.

SwitchB#show switchport protect

Port Protected State

--------------------------

1 disable

2 enable

3 enable

Check whether PC 1 can ping PC 5, PC 2 can ping PC 5, and PC 3 can ping PC 4 successfully.

Check whether the VLAN allowed to pass on the Trunk interface is correct.

If PC 1 can ping PC 5 successfully, VLAN 10 communicates properly.

If PC 2 can ping PC 5 successfully, VLAN 10 communicates properly.

If PC 3 fails ping PC 4, VLAN 20 fails to communicate.

By pinging PC 2 through PC 1, check whether interface protection is correctly configured.

PC 1 fails to ping PC 3, so interface protection has taken effect.

60 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.6 Port mirroring

2 Ethernet

2.6.1 Introduction

Port mirroring refers to assigning some packets mirrored from the source interface to the destination interface, such as from the monitor port without affecting the normal packet forwarding. You can monitor sending and receiving status for packets on an interface through this function and analyze the relevant network conditions.

Figure 2-9 Principle of port mirroring

The basic principle of port mirroring is shown in Figure 2-9. PC 1 connects to the external

network through the Port 1; PC 3 is the monitor PC, connecting the external network through

Port 4.

When monitoring packets from the PC 1, you needs to assign Port 1 to connect to PC 1 as the mirroring source port, enable port mirroring on the ingress port, and assign Port 4 as the monitor port to mirror packets to the destination port.

When service packets from PC 1 enter the switch, the switch will forward and copy them to monitor port (Port 4). The monitor device connected to mirror the monitor port can receive and analyze these mirrored packets.

The ISCOM2110G-PWR supports data stream mirroring on the ingress port and egress port.

The packets on ingress/egress mirroring port will be copied to the monitor port after the switch is enabled with port mirroring. The monitor port and mirroring port cannot be the same one.

2.6.2 Preparing for configurations

Scenario

Port mirroring is used to monitor network data type and flow regularly for network administrator.

Raisecom Technology Co., Ltd. 61

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

Port mirroring copies the interface flow monitored to a monitor port or CPU to obtain the ingress/egress interface failure or abnormal flow of data for analysis, discovers the root cause, and solves them timely.

Prerequisite

N/A

2.6.3 Default configurations of port mirroring

Default configurations of port mirroring are as below.

Function

Port mirroring status

Mirroring the source interface

Monitor interface

Default value

Disable

N/A

Port 1

When you configure the ISCOM2110G-PWR to mirror packets to the CPU, the monitor port receives no packets.

2.6.4 Configuring port mirroring on local port

There can be multiple source mirroring ports but only one monitor port.

The ingress/egress mirroring port packet will be copied to the monitor port after port mirroring takes effect. The monitor port cannot be set to the mirroring port again.

Configure port mirroring on the local port for the ISCOM2110G-PWR as below.

Step

1

2

3

4

Configure

Raisecom#config

Description

Raisecom(config)#mirror enable

Enter global configuration mode.

Raisecom(config)#mirror monitor-port port-id

Configure mirroring packets to

CPU or specified monitor port.

Raisecom(config)#mirror source-portlist { both port-list | egress portlist | ingress port-list [ egress port-list ] }

Configure the mirror source port of port mirroring, and designate the mirroring rule for port mirroring.

Enable port mirroring.

Raisecom Technology Co., Ltd. 62

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.6.5 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show mirror

Description

Show configurations of port mirroring.

2 Ethernet

2.6.6 Example for configuring port mirroring

Networking requirements

As shown in Figure 2-10, the network administrator wishes to monitor user network 1 through

the monitor device, to catch the fault or abnormal data flow for analyzing and discovering problem, and then to solve it.

The ISCOM2110G-PWR is disabled with storm control and automatic packets sending. User network 1 accesses the ISCOM2110G-PWR through Port 2, user network 2 accesses the

ISCOM2110G-PWR through Port 1, and the data monitor device is connected to Port 3.

Figure 2-10 Port mirroring networking

Configuration steps

Enable port mirroring on the switch.

Raisecom#config

Raisecom(config)#mirror monitor-port 3

Raisecom(config)#mirror source-port-list both 1

Raisecom(config)#mirror enable

Raisecom Technology Co., Ltd. 63

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Checking results

Use the show mirror command to show configurations of port mirroring.

Raisecom#show mirror

Mirror: Enable

Monitor port: 3

-----------the ingress mirror rule-----------

Mirrored ports: 1

-----------the egress mirror rule-----------

Mirrored ports: 1

2 Ethernet

2.7 Layer 2 protocol transparent transmission

2.7.1 Introduction

Transparent transmission is one of the main Ethernet device functions, and usually the edge network devices of carrier conduct Layer 2 protocol packet transparent transmission.

Transparent transmission is enabled on the interface that connects edge network devices of carrier and user network. The interface is in Access mode, connecting to Trunk interface on user device. The layer 2 protocol packet of the user network is send from transparent transmission interface, encapsulated by the edge network device (ingress end of packets), and then send to the carrier network. The packet is transmitted through the carrier network to reach the edge device (egress end of packet) at the other end or carrier network. The edged device decapsulates outer layer 2 protocol packet and transparent transmits it to the user network.

The transparent transmission function includes packet encapsulation and decapsulation function, the basic implementing principle as below.

Packet encapsulation: at the packet ingress end, the ISCOM2110G-PWR modifies the destination MAC address from user network layer 2 protocol packets to special multicast

MAC address (it is 010E.5E00.0003 by default). On the carrier network, the modified packet is forwarded as data in user VLAN.

Packet decapsulation: at the packet egress end, the ISCOM2110G-PWR senses packet with special multicast MAC address (it is 010E.5E00.0003 by default), reverts the destination MAC address to DMAC of Layer 2 protocol packets, then sends the packet to assigned user network.

Layer 2 protocol transparent transmission can be enabled at the same time with QinQ or enabled independently. In actual networking, after modifying the MAC address of protocol packets, you need to add outer Tag for packets to send them through the carrier network.

The ISCOM2110G-PWR supports transparent transmission of BPDU packet, DOT1X packet,

LACP packet, CDP packet, PVST packet, PAGP packet, STP packet, UDLD packet, and VTP packet.

Raisecom Technology Co., Ltd. 64

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2.7.2 Preparing for configurations

Scenario

2 Ethernet

This function enables layer 2 protocol packets of one user network traverse the carrier network to make one user networks in different regions uniformly running the same Layer 2 protocol. You can configure rate limiting on transparent transmission packets to prevent packet loss.

Prerequisite

Configure physical parameters for the interface to set it in Up status.

2.7.3 Default configurations of Layer 2 protocol transparent transmission

Default configurations of Layer 2 protocol transparent transmission are as below.

Function

Layer 2 protocol transparent transmission status

Egress interface and belonged VLAN of Layer 2 protocol packet

TAG CoS value of transparent transmission packet

Destination MAC address of transparent transmission packet

Discarding threshold and disabling threshold of transparent transmission packet

Default value

Disable

N/A

5

010E.5E00.0003

N/A

2.7.4 Configuring transparent transmission parameters

Configure transparent transmission parameter for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

Command

Raisecom#config

Description

Raisecom(config-port)#relay port

port-id

Enter global configuration mode.

Raisecom(config)#relay destination-address mac-address

(Optional) configure destination MAC for transparent transmission packets.

The default value is 010E.5E00.0003.

Raisecom(config)#relay cos cosvalue

(Optional) configure CoS value for transparent transmission packets.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode or LAG configuration mode.

Configure specified egress interface for transparent transmission packets.

Raisecom Technology Co., Ltd. 65

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

6

Command

Raisecom(config-port)#relay vlan vlan-id

7

Raisecom(config-port)#relay

{ all | cdp | dot1x | lacp | pagp | pvst | stp | udld | vtp }

2.7.5 Checking configurations

Use the following commands to check configuration results.

2 Ethernet

Description

Configure specified VLAN for transparent transmission packets.

This configuration enables packets to be forwarded according to the specified VLAN instead of the ingress interface.

Configure the type of transparent transmission packets on the interface.

No.

1

Command

Raisecom#show relay [ port-list

portlist

]

2

Raisecom#show relay statistics

[ port-list

port-list

]

Description

Show configurations and status of transparent transmission.

Show statistics of transparent transmission packets.

2.7.6 Maintenance

Maintain the ISCOM2110G-PWR as below.

Commands

Raisecom(config)#clear relay statistics

[ port-list port-list

]

Raisecom(config-port)#no relay shutdown

Description

Clear statistics of transparent transmission packets.

Enable the interface again.

2.7.7 Example for configuring Layer 2 protocol transparent transmission

Networking requirements

As shown in Figure 2-11, Switch A and Switch B connect to two user networks VLAN 100

and VLAN 200 respectively. You need to configure Layer 2 protocol transparent transmission on Switch A and Switch B to make the same user network in different regions run STP entirely.

66 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

Figure 2-11 Layer 2 protocol transparent transmission networking

Configuration steps

Step 1 Create VLANs 100 and 200, and activate them.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#create vlan 100,200 active

Configure Switch B.

Raisecom#hostname SwitchB

SwitchA#config

SwitchA(config)#create vlan 100,200 active

Step 2 Set the switching mode of Port 2 to Access mode, set the Access VLAN to 100, and enable

STP transparent transmission.

Configure Switch A.

SwitchA(config)#interface port 2

SwitchA(config-port)#switchport mode access

SwitchA(config-port)#switchport access vlan 100

SwitchA(config-port)#relay stp

SwitchA(config-port)#relay port 1

SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 2

SwitchB(config-port)#switchport mode access

Raisecom Technology Co., Ltd. 67

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

SwitchB(config-port)#switchport access vlan 100

SwitchB(config-port)#relay stp

SwitchB(config-port)#relay port 1

SwitchB(config-port)#exit

2 Ethernet

Step 3 Set the switching mode of Port 3 to Access mode, set the Access VLAN to 200, and enable

STP transparent transmission.

Configure Switch A.

SwitchA(config)#interface port 3

SwitchA(config-port)#switchport mode access

SwitchA(config-port)#switchport access vlan 200

SwitchA(config-port)#relay stp

SwitchA(config-port)#relay port 1

SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 3

SwitchB(config-port)#switchport mode access

SwitchB(config-port)#switchport access vlan 200

SwitchB(config-port)#relay stp

SwitchB(config-port)#relay port 1

SwitchB(config-port)#exit

Step 4 Set Port 1 to Trunk mode.

Configure Switch A.

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport mode trunk

Configure Switch B.

SwitchB(config)#interface port 1

SwitchB(config-port)#switchport mode trunk

Checking results

Use the show relay command to show configurations of Layer 2 protocol transparent transmission.

Take Switch A for example.

Raisecom Technology Co., Ltd. 68

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 2 Ethernet

SwitchA#show relay port-list 1-3

COS for Encapsulated Packets: 5

Destination MAC Address for Encapsulated Packets: 010E.5E00.0003

Port vlan Egress-Port Protocol Drop-Threshold Shutdown-Threshold

-------------------------------------------------------------------------

1(up) -- -- stp -- --

dot1x -- --

lacp -- --

cdp -- --

vtp -- --

pvst --

udld --- ---

pagp ---

2(up) -- 1 stp(enable) -- --

dot1x -- --

lacp -- --

cdp -- --

vtp -- --

pvst --

udld --- ---

pagp ---

3(up) -- 1 stp(enable) -- --

dot1x -- --

lacp -- --

cdp -- --

vtp -- --

pvst --

Raisecom Technology Co., Ltd. 69

3 IP services

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

3

IP services

This chapter describes basic principle and configuration of routing features, and provides the related configuration examples, including the following sections:

ARP

Layer 3 interface

Default gateway

DHCP Client

DHCP Relay

DHCP Snooping

DHCP Options

3.1 ARP

3.1.1 Introduction

In TCP/IP network environment, each host is assigned with a 32-bit IP address that is a logical address used to identify hosts between networks. To transmit packets in physical link, you must know the physical address of the destination host, which requires mapping the IP address to the physical address. In Ethernet environment, the physical address is 48-bit MAC address. The system has to transfer the 32-bit IP address of the destination host to the 48-bit

Ethernet address for transmitting packet to the destination host correctly. Then Address

Resolution Protocol (ARP) is applied to resolve IP address to MAC address and set mapping between IP address and MAC address.

ARP address mapping table includes the following two types:

Static entry: bind IP address and MAC address to avoid ARP dynamic learning cheating.

− Static ARP address entry needs to be added/deleted manually.

No aging to static ARP address.

Dynamic entry: MAC address automatically learned through ARP.

− This dynamic entry is automatically generated by switch. You can adjust partial parameters of it manually.

− The dynamic ARP address entry will be aged after the aging time if not used.

Raisecom Technology Co., Ltd. 70

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 3 IP services

The ISCOM2110G-PWR supports the following two modes of dynamically learning ARP address entries:

Learn-all: in this mode, the ISCOM2110G-PWR learns both ARP request packets and response packets. When device A sends its ARP request, it writes mapping between its IP address and physical address in ARP request packets. When device B receives ARP request packets from device A, it learns the mapping in its address table. In this way, device B will no longer send ARP request when sending packets to device A.

Learn-reply-only mode: in this mode, the ISCOM2110G-PWR learns ARP response packets only. For ARP request packets from other devices, it responds with ARP response packets only rather than learning ARP address mapping entry. In this way, network load is heavier but some network attacks based on ARP request packets can be prevented.

3.1.2 Preparing for configurations

Scenario

The mapping of IP address and MAC address is saved in the ARP address mapping table.

Generally, ARP address mapping table is dynamically maintained by the ISCOM2110G-PWR.

The ISCOM2110G-PWR searches for the mapping between IP address and MAC address automatically according to ARP. You just need to configure the ISCOM2110G-PWR manually for preventing ARP dynamic learning from cheating and adding static ARP address entries.

Prerequisite

N/A

3.1.3 Default configurations of ARP

Default configurations of ARP are as below.

Function

Static ARP entry

Dynamic ARP entry learning mode

3.1.4 Configuring static ARP entries

Default value

N/A

Learn-reply-only

The IP address in static ARP entry must belong to the IP network segment of

Layer 3 interface on the switch.

The static ARP entry needs to be added and deleted manually.

Configure static ARP entries for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 71

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

Command

Raisecom(config)#arp ipaddress mac-address

Description

Configure static ARP entry.

3 IP services

3.1.5 Configuring aging time of dynamic ARP entries

Configure the aging time of dynamic ARP entries for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#arp aging-time

period

Description

Enter global configuration mode.

(Optional) configure dynamic ARP entry learning mode. The value 0 indicates no aging.

3.1.6 Configuring dynamic ARP entry learning mode

Configure dynamic ARP entry learning mode for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#arp mode

{ learn-all | learn-replyonly }

Description

Enter global configuration mode.

(Optional) configure dynamic ARP entry learning mode.

3.1.7 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show arp

2

Raisecom#show arp ipaddress

3

4

Raisecom#show arp ip ifnumber

Raisecom#show arp static

Description

Show information about ARP address table.

Show ARP table information related to specified IP address.

Show ARP table information related to Layer

3 interface.

Show ARP statistics.

3.1.8 Maintenance

Maintain the ISCOM2110G-PWR as below.

72 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Command

Raisecom(config)#clear arp

3 IP services

Description

Clear all entries in the ARP address mapping table.

3.1.9 Configuring ARP

Networking requirements

As shown in Figure 3-1, the ISCOM2110G-PWR connects to the host, and connects to the

upstream router by Port 1. For the Router, the IP address is 192.168.1.10/24, the subnet mask is 255.255.255.0, and the MAC address is 0050-8d4b-fd1e.

To improve communication security between the Switch and Router, configure related static

ARP entry on the ISCOM2110G-PWR.

Figure 3-1 Configuring ARP networking

Configuration steps

Step 1 Create an ARP static entry.

Raisecom#config

Raisecom(config)#arp 192.168.1.10 0050.8d4b.fd1e

Checking results

Use the show arp command to show configurations of the ARP address mapping table.

Raisecom#show arp

Raisecom Technology Co., Ltd. 73

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

ARP table aging-time: 1200 seconds(default: 1200s)

ARP mode: Learn reply only

Ip Address Mac Address Type Interface ip

---------------------------------------------------------

192.168.1.10 0050.8d4b.fd1e static --

192.168.100.1 000F.E212.5CA0 dynamic 1

Total: 2

Static: 1

Dynamic: 1

3 IP services

3.2 Layer 3 interface

3.2.1 Introduction

The Layer 3 interface refers to the IP interface, and it is the virtual interface based on VLAN.

Configuring Layer 3 interface is generally used for network management or routing link connection of multiple devices. Associating a Layer 3 interface to VLAN requires configuring

IP address; each Layer 3 interface will correspond to an IP address and associate with at least one VLAN.

If only one IP address is configured on Layer 3 interface of the ISCOM2110G-PWR, only part of hosts can communicate with external networks through the switch. To enable all hosts to communicate with external networks, configure the secondary IP address of the interface. To enable hosts in two network segments to interconnect with each other, set the switch as the gateway for all hosts.

3.2.2 Preparing for configurations

Scenario

You can connect a Layer 3 interface for VLAN when configuring its IP address. Each Layer 3 interface will correspond to an IP address and connects to a VLAN.

Prerequisite

Configure VLAN associated with interface and activate it.

3.2.3 Configuring Layer 3 interface

Configure the Layer 3 interface for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface ip if-number

Enter Layer 3 interface configuration mode.

Raisecom(config-ip)#description string

Configure description of the Layer 3 interface.

Raisecom Technology Co., Ltd. 74

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

Command

Raisecom(config-ip)#ip address ip-address

[ ip-mask

] [ vlanlist

]

5

Raisecom(config-ip)#ip vlan vlan-list

3 IP services

Description

Configure the IP address of the Layer

3 interface, and associate the Layer 3 interface with a VLAN.

(Optional) configure the mapping between the Layer 3 interface and

VLAN.

Configure the VLAN associated with the Layer 3 interface, and the VLAN must be activated. Use the state { active | suspend } command to activate and then configure the suspended VLAN. When you configure the mapping between a

Layer 3 interface and a VLAN which does not exist or is deactivated, the configuration can be successful but does not take effect.

Up to 15 IP interfaces can be configured, and their numbers range from 0 to 14.

3.2.4 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show interface ip

2

3

Raisecom#show interface ip description

Raisecom#show interface ip statistics

Description

Show IP address configuration of the

Layer 3 interface.

Show mapping between Layer 3 interface and VLAN.

Show management VLAN configurations.

3.2.5 Example for configuring Layer 3 interface to interconnect with host

Networking requirements

As shown in Figure 3-2, configure the Layer 3 interface to the switch so that the PC and the

ISCOM2110G-PWR can Ping through each other.

Raisecom Technology Co., Ltd. 75

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 3 IP services

Figure 3-2 Layer 3 interface configuration networking

Configuration steps

Step 1 Create a VLAN and add the interface into the VLAN.

Step 2 Configure Layer 3 interface on the ISCOM2110G-PWR, and configure the IP address, and associate the IP address with the VLAN.

Raisecom#config

Raisecom(config)#create vlan 10 active

Raisecom(config)#interface port 2

Raisecom(config-port)#switchport access vlan 10

Raisecom(config)#interface ip 10

Raisecom(config-ip)#ip address 192.168.1.2 255.255.255.0 10

Checking results

Use the show vlan command to show mapping between the physical interface and VLAN.

Raisecom#show vlan 10

VLAN Name State Status Port Untag-Port Priority Create-Time

-------------------------------------------------------------------------

10 VLAN0010 active static 2 2 -- 1:16:49

Use the show interface ip command to show configurations of the Layer 3 interface, and the mapping between the Layer 3 interface and VLAN.

Raisecom#show interface ip

Index Ip Address NetMask Vid Status Mtu

-------------------------------------------------------------------------

0 192.168.27.63 255.255.255.0 1 active 1500

10 192.168.1.2 255.255.255.0 10 active 1500

Raisecom Technology Co., Ltd. 76

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 3 IP services

Use the ping command to check whether the ISCOM2110G-PWR and PC can ping each other.

Raisecom#ping 192.168.1.3

Type CTRL+C to abort

Sending 5, 8-byte ICMP Echos to 192.168.1.3, timeout is 3 seconds:

Reply from 192.168.1.3: time<1ms

Reply from 192.168.1.3: time<1ms

Reply from 192.168.1.3: time<1ms

Reply from 192.168.1.3: time<1ms

Reply from 192.168.1.3: time<1ms

---- PING Statistics----

5 packets transmitted, 5 packets received,

Success rate is 100 percent(5/5), round-trip (ms) min/avg/max = 0/0/0.

3.3 Default gateway

3.3.1 Introduction

When the packet to be forwarded is not configured with a route, you can configure the default gateway to enable a device to send the packet to the default gateway. The IP address of the default gateway should be in the same network segment with the local IP address of the device.

3.3.2 Preparing for configurations

Scenario

When the packet to be forwarded is not configured with a route, you can configure the default gateway to enable a device to send the packet to the default gateway.

Prerequisite

Configure the IP address of the switch in advance; otherwise, configuring the default gateway will fail.

3.3.3 Configuring default gateway

The IP address of the default gateway should be in the same network segment of any local IP interface.

Configure the default gateway for the ISCOM2110G-PWR as below.

Raisecom Technology Co., Ltd. 77

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2

Raisecom(config)#ip defaultgateway ip-address

3 IP services

Description

Enter global configuration mode.

Configure the IP address of the default gateway.

3.3.4 Configuring static route

Configure static route for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Raisecom(config)#ip forwarding

3

Raisecom(config)#ip route ipaddress ip-mask next-hop-ipaddress

3.3.5 Checking configurations

Use the following command to check configuration result.

Description

Enter global configuration mode.

Enable software IP forwarding on the ISCOM2110G-PWR.

Create a static route.

1

No. Command

Raisecom#show ip route

Description

Show routing table information.

3.4 DHCP Client

3.4.1 Introduction

Dynamic Host Configuration Protocol (DHCP) refers to assign IP address configurations dynamically for users in TCP/IP network. It is based on BOOTP (Bootstrap Protocol) protocol, and automatically adds the specified available network address, network address re-use, and other extended configuration options over BOOTP protocol.

With enlargement of network scale and development of network complexity, the number of

PCs on a network usually exceeds the maximum number of distributable IP addresses.

Meanwhile, the widely use of notebooks and wireless networks lead to frequent change of PC positions and also related IP addresses must be updated frequently. As a result, network configurations become more and more complex. DHCP is developed to solve these problems.

DHCP adopts client/server communication mode. A client applies configuration to the server

(including IP address, Subnet mask, and default gateway), and the server replies with IP address for the client and other related configurations to implement dynamic configurations of

IP address, etc.

78 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 3 IP services

Typical applications of DHCP usually include a set of DHCP server and multiple clients (for

example PC or Notebook), as shown in Figure 3-3.

Figure 3-3 DHCP typical networking

DHCP technology ensures rational allocation, avoid waste and improve the utilization rate of

IP addresses on the entire network.

Figure 3-4 shows the structure of DHCP packets. The DHCP packet is encapsulated in a UDP

data packet.

Figure 3-4 Structure of DHCP packets

Table 3-1 describes fields of DHCP packets.

Table 3-1 Fields of DHCP packets

Field Length

OP

Hardware type

1

1

Description

Packet type

 1: a request packet

 2: a reply packet

Hardware address type of a DHCP client.

Hardware length 1 Hardware address size of a DHCP client.

Raisecom Technology Co., Ltd. 79

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Field Length

Hops

Transaction ID

Seconds

Flags

1

4

2

2

3 IP services

Description

Number of DHCP hops passed by the DHCP packet.

It increases by 1 every time when the DHCP request packet passes a DHCP hop.

The client chooses a number at random when starting a request, used to mark process of address request.

Passing time for the DHCP client after starting DHCP request. It is unused now, fixed as 0.

Bit 1 is the broadcast reply flag, used to mark whether the DHCP server replies packets in unicast or broadcast mode.

 0: unicast

 1: broadcast

Other bits are reserved.

Client IP address 4 DHCP client IP address, only filled when the client is in bound, updated or re-bind status, used to reply ARP request.

IP address of the client distributed by the DHCP server Your (client) IP address

Server IP address

Relay agent IP address

Client hardware address

4

4

4

16

Server host name 64

File 128

Options

IP address of the DHCP server

IP address of the first DHCP hop after the DHCP client sends request packets.

Hardware address of the DHCP client

Name of the DHCP server

Name of the startup configuration file of the DHCP client and path assigned by the DHCP server

Modifiable A modifiable option field, including packet type, available leased period, Domain Name System (DNS) server IP address, Windows Internet Name Server

(WINS) IP address, etc. information.

The ISCOM2110G-PWR can be used as a DHCP client to obtain the IP address from the

DHCP server for future management, as shown in Figure 3-5.

80 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 3 IP services

Figure 3-5 DHCP Client networking

3.4.2 Preparing for configurations

Scenario

As a DHCP client, the ISCOM2110G-PWR obtains its IP address from the DHCP server.

The IP address assigned by the DHCP client is limited with a certain lease period when adopting dynamic assignment of IP addresses. The DHCP server will take back the IP address when it is expired. The DHCP client has to relet IP address for continuous use. The DHCP client can release the IP address if it does not want to use the IP address before expiration.

We recommend setting the number of DHCP relay devices smaller than 4 if the DHCP client needs to obtain IP address from the DHCP server through multiple DHCP relay devices.

Prerequisite

Create VLAN and add Layer 3 interface to it.

Both DHCP snooping and DHCP Relay are disabled.

3.4.3 Default configurations of DHCP Client

Default configurations of DHCP Client are as below.

Function

hostname class-id client-id

Default value

raisecom raisecom-ROS raisecom-SYSMAC-IF0

3.4.4 Applying for IP address through DHCP

Apply for IP address through DHCP for the ISCOM2110G-PWR as below.

Raisecom Technology Co., Ltd. 81

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface ip ifnumber

3

Raisecom(config-ip)#ip address dhcp vlan-list [ server-ip ipaddress ]

3 IP services

Description

Enter global configuration mode.

Enter Layer 3 interface configuration mode.

Apply for the IP address through

DHCP.

If the ISCOM2110G-PWR obtains IP address from the DHCP server through DHCP previously, it will restart the application process for IP address if you use the ip

address dhcp command to modify the IP address of the DHCP server.

3.4.5 (Optional) configuring DHCP Client

Configure DHCP Client for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#interface ip ifnumber

Raisecom(config)#ip dhcp client

{ class-id class-id | client-id client-id | hostname hostname }

Description

Enter global configuration mode.

Enter Layer 3 interface configuration mode.

Configure information about the

DHCP client, including type ID, client ID, and host name.

3.4.6 (Optional) renewing or releasing IP address

Renew or release the IP address for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#interf ace ip if-number

Raisecom(config)#ip dhcp client renew

Description

Enter global configuration mode.

Enter Layer 3 interface configuration mode.

4

Raisecom(config)#no ip address dhcp

Renew the IP address.

If the ISCOM2110G-PWR has obtained the IP address through DHCP, it will automatically renew the IP address upon the IP address expires.

Release the IP address.

Raisecom Technology Co., Ltd. 82

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

3.4.7 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show ip dhcp client

3 IP services

Description

Show DHCP client configuration.

3.4.8 Example for configuring DHCP Client

Networking requirements

As shown in Figure 3-6, the Switch is used as the DHCP client, and the host name is raisecom.

The DHCP server should assign IP address to the SNMP interface of the Switch and make

NMS platform manage the Switch.

Figure 3-6 DHCP client networking

Configuration steps

Step 1 Configure DHCP client information.

Raisecom#config

Raisecom(config)#interface ip 0

Raisecom(config-ip)#ip dhcp client hostname raisecom

Step 2 Configure applying for IP address through DHCP.

Raisecom(config-ip)#ip address dhcp 1 server-ip 192.168.1.1

Raisecom Technology Co., Ltd. 83

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Checking results

Use the show ip dhcp client command to show configurations of DHCP Client.

3 IP services

Raisecom#show ip dhcp client

Hostname: raisecom

Class-ID: raisecomFTTH-ROS_4.14.1727

Client-ID: raisecomFTTH-000e5e123456-IF0

DHCP Client is requesting for a lease.

3.5 DHCP Relay

3.5.1 Introduction

At the beginning, DHCP requires the DHCP server and clients to be in the same network segment, instead of different network segments. As a result, a DHCP server is configured for all network segments for dynamic host configuration, which is not economic.

DHCP Relay is introduced to solve this problem. It can provide relay service between DHCP clients and DHCP server that are in different network segments. It relays packets across network segments to the DHCP server or clients.

Figure 3-7 shows the principle of DHCP Relay.

Figure 3-7 Principle of DHCP Relay

Step 1 The DHCP client sends a request packet to the DHCP server.

Step 2 After receiving the packet, the DHCP relay device process the packet in a certain way, and then sends it to the DHCP server on the specified network segment.

Step 3 The DHCP server sends acknowledgement packet to the DHCP client through the DHCP relay device according to the information contained in the request packet. In this way, the configuration of the DHCP client is dynamically configured.

Raisecom Technology Co., Ltd. 84

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

3.5.2 Preparing for configurations

Scenario

3 IP services

When DHCP Client and DHCP Server are not in the same network segment, you can use

DHCP Relay function to make DHCP Client and DHCP Server in different network segments carry relay service, and relay DHCP protocol packets across network segment to destination

DHCP server, so that DHCP Client in different network segments can share the same DHCP server.

Prerequisite

DHCP Relay is exclusive to DHCP Client, or DHCP Snooping. Namely, you cannot configure

DHCP Relay on the device configured with DHCP Client, or DHCP Snooping.

3.5.3 Default configurations of DHCP Relay

Default configurations of DHCP Relay are as below.

Function

Global DHCP Relay

Interface DHCP Relay

DHCP Relay supporting Option 82

Policy for DHCP Relay to process Option 82 request packets

Interface DHCP Relay trust

Default value

Disable

Enable

Disable

Replace

Untrust

3.5.4 Configuring global DHCP Relay

Configure global DHCP Relay for the ISCOM2110G-PWR as below.

1

2

Step Command

Raisecom#config

Raisecom(config)#ip dhcp relay

Description

Enter global configuration mode.

Enable global DHCP Relay.

3.5.5 Configuring interface DHCP Relay

Configure interface DHCP Relay for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface ip if-number

Description

Enter global configuration mode.

Enter Layer 3 interface configuration mode.

Raisecom Technology Co., Ltd. 85

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

Command

Raisecom(config-ip)#ip dhcp relay

3 IP services

Description

Enable DHCP Relay on the IP interface.

3.5.6 Configuring destination IP address for forwarding packets

Configure the destination IP address for forwarding packets for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

3

Raisecom(config)#ip dhcp relay ip-list { all | ip-interfacelist

} target-ip ip-address

Raisecom(config)#interface ip if-number

Description

Enter global configuration mode.

Configuring the destination IP address for DHCP Relay on the IP interface.

Enter Layer 3 interface configuration mode.

4

Raisecom(config-ip)#ip dhcp realy target-ip

ip-address

Configure the destination IP address for

Layer 3 interface to forward packets.

3.5.7 (Optional) configuring DHCP Relay to support Option 82

Configure DHCP Relay to support Option 82 for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#ip dhcp relay information option

3

4

Description

Enter global configuration mode.

Configure DHCP Relay to support

Option 82.

Raisecom(config)#ip dhcp relay information policy { drop | keep | replace }

Raisecom(config)#ip dhcp relay information trusted port-list port-list

Raisecom(config)#interface port port-id

Raisecom(config-port)ip dhcp relay information trusted

Configure the policy for DHCP Relay to process Option 82 request packets

Configure global Option 82 trusted interface list.

Set the specified interface to the Option

82 trusted interface.

3.5.8 Checking configurations

Use the following commands to check configuration results.

86 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

No.

1

3 IP services

Command Description

Raisecom#show ip dhcp relay

[ information | statistics ]

Show configurations or statistics of DHCP

Relay.

3.6 DHCP Snooping

3.6.1 Introduction

DHCP Snooping is a security feature of DHCP with the following functions:

Make the DHCP client obtain the IP address from a legal DHCP server.

If a false DHCP server exists on the network, the DHCP client may obtain incorrect IP address

and network configuration parameters, but cannot communicate normally. As shown in Figure

3-8, to make DHCP client obtain the IP address from ta legal DHCP server, the DHCP

Snooping security system permits to set an interface as the trusted interface or untrusted interface: the trusted interface forwards DHCP packets normally; the untrusted interface discards the reply packets from the DHCP server.

Figure 3-8 DHCP Snooping networking

Record mapping between DHCP client IP address and MAC address.

DHCP Snooping records entries through monitor request and reply packets received by the trusted interface, including client MAC address, obtained IP address, DHCP client connected interface and VLAN of the interface, etc. Then implement following by the record information:

ARP detection: judge legality of a user that sends ARP packet and avoid ARP attack from illegal users.

IP Source Guard: filter packets forwarded by interfaces by dynamically getting

DHCP Snooping entries to avoid illegal packets to pass the interface.

Raisecom Technology Co., Ltd. 87

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

3 IP services

VLAN mapping: modify mapped VLAN of packets sent to users to original VLAN by searching IP address, MAC address, and original VLAN information in DHCP

Snooping entry corresponding to the mapped VLAN.

The Option field in DHCP packet records position information of DHCP clients. The

Administrator can use this Option filed to locate DHCP clients and control client security and accounting.

If the ISCOM2110G-PWR configures DHCP Snooping to support Option function:

When the ISCOM2110G-PWR receives a DHCP request packet, it processes packets according to Option field included or not and filling mode as well as processing policy configured by user, then forwards the processed packet to DHCP server.

When the ISCOM2110G-PWR receives a DHCP reply packet, it deletes the field and forward to DHCP client if the packet does not contain Option field; it then forwards packets directly if the packet does not contain Option field.

3.6.2 Preparing for configurations

Scenario

DHCP Snooping is a security feature of DHCP, used to make DHCP client obtain its IP address from a legal DHCP server and record mapping between IP address and MAC address of a DHCP client.

The Option field of a DHCP packet records location of a DHCP client. The administrator can locate a DHCP client through the Option field and control client security and accounting. The device configured with DHCP Snooping and Option can perform related process according to

Option field status in the packet.

Prerequisite

DHCP Snooping is exclusive to DHCP Client, or DHCP Replay. Namely, you cannot configure DHCP Relay on the device configured with DHCP Client, or DHCP Snooping.

3.6.3 Default configurations of DHCP Snooping

Default configurations of DHCP Snooping are as below.

Function

Global DHCP Snooping status

Interface DHCP Snooping status

Interface trust/untrust status

DHCP Snooping in support of Option 82

Default value

Disable

Enable

Untrust

Disable

3.6.4 Configuring DHCP Snooping

Generally, ensure that the ISCOM2110G-PWR interface connected to DHCP server is in trust state, while the interface connected to user is in distrust state.

Raisecom Technology Co., Ltd. 88

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 3 IP services

If enabling DHCP Snooping without configuring DHCP Snooping supporting Option function, the ISCOM2110G-PWR will do nothing to Option fields in the packets. For packets without

Option fields, the ISCOM2110G-PWR still does not do insertion operation.

By default, DHCP Snooping of all interfaces is enabled, but only when global DHCP

Snooping is enabled, interface DHCP Snooping can take effect.

Configure DHCP Snooping for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

6

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#ip dhcp snooping

Enable global DHCP Snooping.

By default, global IPv4-based DHCP

Snooping is not configured.

Raisecom(config)#ip dhcp snooping port-list { all | port-list }

(Optional) enable interface DHCP

Snooping.

By default, it is enabled.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#ip dhcp snooping trust

Configure trust interface of DHCP

Snooping.

By default, the ISCOM2110G-PWR does not trust DHCP packets received on the interface.

Raisecom(config-port)#exit

Raisecom(config)#ip dhcp snooping information option

(Optional) configure DHCP Snooping to support Option 82 function.

3.6.5 Checking configurations

Use the following commands to check configuration results.

Step

1

2

Command

Raisecom#show ip dhcp snooping

Raisecom#show ip dhcp snooping binding

Description

Show configurations of DHCP Snooping.

Show configurations of the DHCP

Snooping binding table.

3.6.6 Example for configuring DHCP Snooping

Networking requirements

As shown in Figure 3-9, the Switch is used as the DHCP Snooping device. The network

requires DHCP clients to obtain the IP address from a legal DHCP server and support Option

Raisecom Technology Co., Ltd. 89

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 3 IP services

82 field to facilitate client management; you can configure circuit ID sub-option information on Port 3 as raisecom, and remote ID sub-option as user01.

Figure 3-9 DHCP Snooping networking

Configuration steps

Step 1 Configure global DHCP Snooping.

Raisecom#config

Raisecom(config)#ip dhcp snooping

Step 2 Configure the trusted interface.

Raisecom(config)#interface port 1

Raisecom(config-port)#ip dhcp snooping trust

Raisecom(config-port)#quit

Step 3 Configure DHCP Snooping to support Option 82 field and configure the Option 82 field.

Raisecom(config)#ip dhcp snooping information option

Raisecom(config)#ip dhcp information option remote-id string user01

Raisecom(config)#interface port 3

Raisecom(config-port)#ip dhcp information option circuit-id raisecom

Checking results

Use the show ip dhcp snooping option command to show configurations of DHCP Snooping.

90 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#show ip dhcp information option

DHCP Option Config Information

Attach-string: raisecom

Remote-ID Mode: string

Remote-ID String: user01

Port: 3 Circuit ID: raisecom

3 IP services

3.7 DHCP Options

3.7.1 Introduction

DHCP transmits control information and network configuration parameters through Option field in packet to realize address dynamical distribution to provide abundant network configurations for client. DHCP protocol has 255 kinds of options, the final option is 255.

Table 3-2 lists frequently used DHCP options.

Table 3-2 Common DHCP options

Options

3

Description

Router option, to assign gateway for DHCP clients

6

DNS server option, to assign DNS server address distributed by the DHCP client

18

51

DHCP client flag option, to assign interface information for DHCP client

IP address lease option

53

55

DHCP packet type, to mark type for DHCP packets

Request parameter list option. Client uses this optical to indicate network configuration parameters need to obtain from server. The content of this option is values corresponding to client requested parameters.

60

61

66

67

82

150

Vendor ID option. The client and DHCP server can distinguish the vendor of the client by this option. The DHCP server can assign IP addresses in a specified range to clients.

DHCP client flag option, to assign device information for DHCP clients.

TFTP server name, to assign domain name for TFTP server distributed by

DHCP clients.

Startup file name, to assign startup file name distributed by DHCP clients.

DHCP client flag option, user-defined, mainly used to mark position of DHCP clients.

TFTP server address, to assign TFTP server address distributed by DHCP clients.

Raisecom Technology Co., Ltd. 91

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Options

184

3 IP services

Description

DHCP reserved option, at present Option184 is used to carry information required by voice calling. Through Option184 it can distribute IP address for

DHCP client with voice function and meanwhile provide voice calling related information.

255 Complete option

Options 18, 61, and 82 in DHCP Option are relay information options in DHCP packets.

When request packets from DHCP clients arrive the DHCP server, DHCP Relay or DHCP

Snooping added Option field into request packets if request packets pass the DHCP relay device or DHCP snooping device is required.

Options 18, 61, and 82 implement record DHCP client information on the DHCP server. By cooperating with other software, it can implement functions such as limit on IP address distribution and accounting. For example, by cooperating with IP Source Guard, Options 18,

61, 82 can defend deceiving through IP address+MAC address.

Option 82 can include at most 255 sub-options. If defined field Option 82, at least one suboption must be defined. The ISCOM2110G-PWR supports the following two sub-options:

Sub-Option 1 (Circuit ID): it contains interface number, interface VLAN, and the additional information about DHCP client request packet.

Sub-Option 2 (Remote ID): it contains interface MAC address (DHCP Relay), or bridge

MAC address (DHCP snooping device) of the ISCOM2110G-PWR, or user-defined string of DHCP client request packets.

3.7.2 Preparing for configurations

Scenario

Options 18, 61, and 82 in DHCP Option are relay information options in DHCP packets.

When request packets from DHCP clients reach the DHCP server, DHCP Relay or DHCP

Snooping added Option field into request packets if request packets pass the DHCP relay device or DHCP snooping device is required.

Options 18, 61, and 82 implement record DHCP client information on the DHCP server. By cooperating with other software, it can implement functions such as limit on IP address distribution and accounting.

Prerequisite

N/A

3.7.3 Default configurations of DHCP Option

Default configurations of DHCP Option are as below.

Function

attach-string in global configuration mode remote-id in global configuration mode

Default value

N/A switch-mac

Raisecom Technology Co., Ltd. 92

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

circuit-id in interface configuration mode

3 IP services

N/A

Default value

3.7.4 Configuring DHCP Option field

Configure DHCP Option field for the ISCOM2110G-PWR as below.

All the following steps are optional and in any sequence.

Step

1

2

3

4

Command Description

Raisecom#config

Enter global configuration mode.

Raisecom(config)#ip dhcp information option attach-string attach-string

(Optional) configure additional information for Option 82 field.

Raisecom(config)#interface port port-id

Raisecom(config-port)#ip dhcp information option circuit-id circuit-id

(Optional) configure circuit ID sub-option information for Option

82 field on the interface.

Raisecom(config-port)#exit

Raisecom(config)#ip dhcp information option remote-id { client-mac | client-mac-string

| hostname | switch-mac | switch-mac-string

| string string }

(Optional) configure remote ID sub-option information for Option

82 field.

3.7.5 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show ip dhcp information option

Description

Show configurations of DHCP Option fields.

Raisecom Technology Co., Ltd. 93

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

4

PoE

This chapter describes basic principles and configuration procedures of PoE, and provides related configuration examples, including the following sections:

Introduction

Configuring PoE

Example for configuring PoE switch power supply

4.1 Introduction

4.1.1 PoE principle

Power over Ethernet (PoE) refers that the Power Sourcing Equipment (PSE) both supplies power and transmits data to the remote Power Device (PD) through the Ethernet cable and

Ethernet electrical interface.

Figure 4-1 shows PoE networking.

4 PoE

Figure 4-1 PoE networking

4.1.2 PoE modules

The PoE system is composed of the following modules:

Raisecom Technology Co., Ltd. 94

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

4 PoE

PSE: composed of the power module and PSE functional module. The PSE can detect

PDs, obtain PD power information, remotely supply power, monitor power supply, and power off devices.

PD: supplied with power by the PSE. There are standard PDs and non-standard PDs.

Standard PDs must comply with IEEE 802.3af, such as IP phone and web camera.

Power Interface (PI): the interface between the PSE/PD and the Ethernet cable, namely,

RJ45 interface

4.1.3 PoE advantages

PoE has the following advantages:

Reliability: a centralized PSE supplies power with convenient backup, uniform management of power modules, and high security.

Easy connection: the network terminal does not need an external power; instead, it needs only an Ethernet cable connected to the PoE interface.

Standardization: PoE complies with IEEE 802.3at and uses globally uniform power interface.

Wide applications: applicable to IP phones, wireless Access Point (AP), portable device charger, credit card reader, web camera, and data collection system.

4.1.4 PoE concepts

Maximum output power of interface power supply

It is the maximum output power output by the interface to the connected PD.

Priority of interface power supply

There are three levels of priorities for power supply: critical, high, and low. Firstly, power on the interface connected PD with critical priority, then the PD with high priority, and finally the

PD with low priority.

Switch overtemperature protection

When the current temperature exceeds the overtemperature threshold, overtemperature alarms occur and the system sends Trap to the Network Management System (NMS).

Global Trap

When the current temperature exceeds the overtemperature threshold, the PSE power utilization ratio exceeds the threshold, or the status of PoE interface power supply changes, the ISCOM2110G-PWR sends Trap to the NMS.

PSE power utilization ratio threshold

When the PSE power utilization ratio exceeds the threshold for the first time, the system sends Trap.

95 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

4.2 Configuring PoE

4.2.1 Preparing for configurations

Scenario

4 PoE

When the remotely connected PE is inconvenient to take power, it needs to take power from the Ethernet electrical interface, to concurrently transmit power and data.

Prerequisite

N/A

4.2.2 Default configurations of PoE

Default configurations of PoE are as below.

Function

Power supply interface PoE status

Non-standard PD identification

Maximum output power of interface power supply

Power supply management mode

Power supply priority

Switch overtemperature protection status

Power supply global Trap switch status

PSE power utilization threshold

Enable

Default value

Disable

30000 mW

Auto

Low

Enable

Enable

99%

4.2.3 Enabling interface PoE

Enable interface PoE for the ISCOM2110G-PWR as below:

1

Step

2

3

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(config-port)#poe enable

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable interface PoE.

Raisecom Technology Co., Ltd. 96

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

4.2.4 Configuring maximum output power of interface power supply

4 PoE

Configure maximum output power of interface power supply for the ISCOM2110G-PWR as below:

1

Step

2

3

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(config-port)#poe maxpower max-power-value

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure maximum output power of interface power supply.

4.2.5 Configuring priority of interface power supply

Configure priority of interface power supply for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Raisecom(config)#interface port port-id

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure priority of interface power supply.

3

Raisecom(config-port)#poe priority { critical | high | low }

4.2.6 Configuring PSE power utilization ratio threshold

Configure the PSE power utilization ratio threshold for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Raisecom(config)#poe pse powerthredshold percent

Description

Enter global configuration mode.

Configure the PSE power utilization ratio threshold.

4.2.7 Enabling non-standard PD identification

To use a non-standard PD, confirm its power consumption, voltage, and current in advance to properly set the maximum output power on the PSE and to avoid damaging the PD due to over high power.

Raisecom Technology Co., Ltd. 97

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Enable non-standard PD identification for the ISCOM2110G-PWR as below.

1

2

Step Command

Raisecom#config

Raisecom(config)#poe legacy enable

Description

Enter global configuration mode.

Enable non-standard PD identification.

4 PoE

4.2.8 Enabling forcible power supply on interface

When supplying power for a remote PD by the ISCOM2110G-PWR, use a standard

PD, pre-standard PD, or Cisco-primate standard PD. To use other non-standard PD, confirm its power consumption, voltage, and current in advance to properly set the maximum output power on the PSE and to avoid damaging the PD due to over high power.

Enable forcible power supply on interfaces for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

3

Raisecom(config-port)#poe forcepower

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable forcible PoE power supply on the interface.

4.2.9 Enabling overtemperature protection

Enable overtemperature protection for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#poe temperatureprotection enable

Description

Enter global configuration mode.

Enable overtemperature protection.

4.2.10 Enabling global Trap

Enable global Trap for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 98

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

Command

Raisecom(config)#poe pse trap enable

Description

Enable global Trap function.

4.2.11 Checking configurations

Use the following commands to check configuration results.

4 PoE

No.

1

2

Command

Raisecom#show poe port-list port-list

[ detail ]

Raisecom#show poe pse

[ detail ]

Description

Show power supply status on specified interfaces.

Show PSE configurations and realtime operating information.

4.3 Example for configuring PoE switch power supply

Networking requirements

As shown in Figure 4-2, Switch A is connected to the upper layer WAN through Switch B and

Switch C. It is used to supply power to an IP phone and a web camera. It is required to supply power to the web camera in precedence when it runs in full load.

Configure parameters according to user requirements as below:

Set the maximum output power of Port 1 and Port 2 to 30000 mW.

Enable overtemperature protection on the switch.

Enable Trap function for power supply on the switch.

Set the priorities of Port 2 and Port 1 to high and low respectively.

Raisecom Technology Co., Ltd. 99

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 4 PoE

Figure 4-2 PoE switch power supply networking

Configuration steps

Step 1 Enable PoE on Port 1 and Port 2.

Raisecom#config

Raisecom(config)#interface port 1

Raisecom(config-port)#poe enable

Raisecom(config-port)#exit

Raisecom(config)#interface port 2

Raisecom(config-port)#poe enable

Raisecom(config-port)#exit

Step 2 Set the maximum output power of Port 1 and Port 2 to 30000 mW.

Raisecom(config)#interface port 1

Raisecom(config-port)#poe max-power 30000

Raisecom(config-port)#exit

Raisecom(config)#interface port 2

Raisecom(config-port)#poe max-power 30000

Raisecom(config-port)#exit

Step 3 Enable overtemperature protection.

Raisecom(config)#poe temperature-protection enable

Raisecom Technology Co., Ltd. 100

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step 4 Enable global Trap.

Raisecom(config)#poe pse trap enable

Step 5 Set priorities of Port 2 and Port 1 to high and low respectively.

Raisecom(config)#interface port 2

Raisecom(config-port)#poe priority high

Raisecom(config-port)#exit

Raisecom(config)#interface port 1

Raisecom(config-port)#poe priority low

4 PoE

Checking results

Use the show poe port-list 1,2 detail command to show PoE configurations on Port 1 and

Port 2.

Raisecom#show poe port-list 1,2 detail

Port: 1

-------------------------------------------------

POE administrator status: Enable

POE operation status: Enable

Power detection status:Searching

POE Power Pairs mode:Signal

PD power classification:Class0

POE power Priority:Low

POE power max:30000 (mW)

POE power output:0 (mW)

POE power average:0 (mW)

POE power peak:0 (mW)

POE current output:0 (mA)

POE voltage output:0 (V)

Port: 2

-------------------------------------------------

POE administrator status: Enable

POE operation status: Enable

Power detection status:Searching

POE Power Pairs mode:Signal

PD power classification:Class0

POE power Priority:High

POE power max:30000 (mW)

POE power output:0 (mW)

POE power average:0 (mW)

POE power peak:0 (mW)

POE current output:0 (mA)

POE voltage output:0 (V)

Raisecom Technology Co., Ltd. 101

5 QoS

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5

QoS

This chapter describes basic principle and configuration of QoS and provides related configuration examples, including the following sections:

Introduction

Configuring basic QoS

Configuring traffic classification and traffic policy

Configuring priority mapping

Configuring congestion management

Configuring rate limiting based on interface and VLAN

Configuring examples

5.1 Introduction

Users bring forward different service quality demands for network applications, then the network should distribute and schedule resources for different network applications according to user demands. Quality of Service (QoS) can ensure service in real time and integrity when network is overloaded or congested and guarantee that the whole network runs efficiently.

QoS is composed of a group of flow management technologies:

Service model

Priority trust

Traffic classification

Traffic policy

Priority mapping

Congestion management

5.1.1 Service model

QoS technical service models:

Best-effort Service

Differentiated Services (DiffServ)

Raisecom Technology Co., Ltd. 102

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Best-effort

5 QoS

Best-effort service is the most basic and simplest service model on the Internet (IPv4 standard) based on storing and forwarding mechanism. In Best-effort service model, the application can send a number of packets at any time without being allowed in advance and notifying the network. For Best-effort service, the network will send packets as possible as it can, but cannot guarantee the delay and reliability.

Best-effort is the default Internet service model now, applying to most network applications, such as FTP and E-mail, which is implemented by First In First Out (FIFO) queue.

DiffServ

DiffServ model is a multi-service model, which can satisfy different QoS requirements.

DiffServ model does not need to maintain state for each flow. It provides differentiated services according to the QoS classification of each packet. Many different methods can be used for classifying QoS packets, such as IP packet priority (IP precedence), the packet source address or destination address.

Generally, DiffServ is used to provide end-to-end QoS services for a number of important applications, which is implemented through the following techniques:

Committed Access Rate (CAR): CAR refers to classifying the packets according to the pre-set packets matching rules, such as IP packets priority, the packet source address or destination address. The system continues to send the packets if the flow complies with the rules of token bucket; otherwise, it discards the packets or remarks IP precedence,

DSCP, EXP, etc. CAR can not only control the flows, but also mark and remark the packets.

Queue technology: the queue technologies of SP, WRR, SP+WRR cache and schedule the congestion packets to implement congestion management.

5.1.2 Priority trust

Priority trust refers that the ISCOM2110G-PWR uses priority of packets for classification and performs QoS management.

The ISCOM2110G-PWR supports packet priority trust based on interface, including:

Differentiated Services Code Point (DSCP) priority

Class of Service (CoS) priority

Interface priority

5.1.3 Traffic classification

Traffic classification refers to recognizing packets of certain types according to configured rules, conducting different QoS policies for packets matching with different rules. It is the prerequisite of differentiated services.

The ISCOM2110G-PWR supports traffic classification by IP priority, DSCP priority, and CoS priority over IP packets, as well as traffic classification by Access Control List (ACL) rule and

VLAN ID. Figure 5-1 shows the principle of traffic classification.

Raisecom Technology Co., Ltd. 103

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 5 QoS

Figure 5-1 Principle of traffic classification

IP priority and DSCP priority

Figure 5-2 shows the structure of the IP packet head. The head contains an 8-bit ToS field.

Defined by RFC 1122, IP priority (IP Precedence) uses the highest 3 bits (0–3) with value range of 0–7; RFC2474 defines ToS field again, and applies the first 6 bits (0–5) to DSCP

priority with value range 0–63, the last 2 bits (bit-6 and bit-7) are reserved. Figure 5-3 shows

the structure of two priority types.

Figure 5-2 Structure of IP packet head

Figure 5-3 Structure of packets with IP priority and DSCP priority

CoS priority

The format of Ethernet packets is modified to make VLAN packets based on IEEE 802.1Q.

IEEE 802.1Q adds 4-Byte 802.1Q tag between the source address field and protocol type field,

as shown in Figure 5-4. The tag includes a field of 2-Byte TPID (Tag Protocol Identifier,

value being 0x8100) and a field of 2-Byte Tag Control Information (TCI).

Figure 5-4 Structure of VLAN packets

Raisecom Technology Co., Ltd. 104

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 5 QoS

CoS priority is included in the first 3 bits of the TCI field, ranging from 0 to 7, as shown in

Figure 5-5. It is used when QoS needs to be guaranteed on the Layer 2 network.

Figure 5-5 Structure of packets with CoS priority

5.1.4 Traffic policy

After classifying packets, the ISCOM2110G-PWR needs to take different actions for different packets. The binding of traffic classification and an action forms a traffic policy.

Rate limiting

Rate limiting refers to controlling network traffic, monitoring the rate of traffic entering the network, and discarding overflow part, so it controls ingress traffic in a reasonable range, thus protecting network resources and carrier interests.

The ISCOM2110G-PWR supports rate limiting based on traffic policy in the ingress direction on the interface.

The ISCOM2110G-PWR supports using token bucket for rate limiting, including single-token bucket and dual-token bucket.

Re-direction

Re-direction refers to re-directing packets to a specified interface, instead of forwarding packets according to the mapping between the original destination address and interface, thus implementing policy routing.

The ISCOM2110G-PWR supports re-directing packets to the specified interface for forwarding in the ingress direction of an interface.

Re-mark

Re-mark refers to setting some priority fields in packet again and then classifying packets by user-defined standard. Besides, downstream nodes on the network can provide differentiated

QoS service according to re-mark information.

The ISCOM2110G-PWR supports re-marking packets by the following priority fields:

IP priority of IP packets

DSCP priority

CoS priority

Traffic statistics

Traffic statistics is used to take statistics of data packets of a specified service flow, namely, the number of packets and Bytes matching traffic classification that pass the network or are discarded.

Raisecom Technology Co., Ltd. 105

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 5 QoS

Traffic statistics is not a QoS control measure, but can be used in combination with other QoS actions to improve network supervision.

5.1.5 Priority mapping

Priority mapping refers when the ISCOM2110G-PWR receives packets, it sends them in queues with different local priorities in accordance with mapping from external priority to local priority, thus scheduling packets in the egress direction of packets.

The ISCOM2110G-PWR supports priority mapping based on DSCP priority or CoS priority.

Table 5-1 lists the default mapping of local priority, DSCP, and CoS.

Table 5-1 Default mapping of local priority, DSCP priority, and CoS priority

Local priority

0 1 2 3 4 5

DSCP

0–7 8–15 16–23 24–31 32–39 40–47

6

48–55

7

56–63

CoS

0 1 2 3 4 5 6 7

Local priority refers to a kind of packet priority with internal function assigned by the

ISCOM2110G-PWR, namely, the priority corresponding to queue in QoS queue scheduling.

Local priority ranges from 0 to 7. Each interface of the ISCOM2110G-PWR supports 8 queues. Local priority and interface queue is in one-to-one mapping. The packet can be sent to the assigned queue according to the mapping between local priority and queue, as shown in

Table 5-2.

Table 5-2 Mapping between local priority and queue

Local priority

0 1 2 3

Queue

1 2 3 4

4

5

5

6

6

7

7

8

5.1.6 Congestion management

Queue scheduling is necessary when there is intermittent congestion on the network or delay sensitive services require higher QoS service than non-sensitive services.

Queue scheduling adopts different schedule algorithms to transmit packets in queues. The

ISCOM2110G-PWR supports Strict Priority (SP), Weight Round Robin (WRR), and

SP+WRR algorithm. Each algorithm solves specific network traffic problems, and has different influences on distribution, delay, and jitter of bandwidth resource.

SP: schedule packets strictly according to queue priority order. Queues with low priority cannot be scheduled until queues with higher priority finishes schedule, as shown in

Figure 5-6.

Raisecom Technology Co., Ltd. 106

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 5 QoS

Figure 5-6 SP scheduling

WRR: on the basis of circular scheduling each queue according to queue priority, schedule packets in various queues according to weight of each queue, as shown in

Figure 5-7.

Figure 5-7 WRR scheduling

SP+WRR: dividing queues on interface into two groups, you can assign some queues perform SP schedule and other queues perform WRR schedule.

5.1.7 Rate limiting based on interface and VLAN

The ISCOM2110G-PWR supports rate limiting on both based on traffic policy and based on interface or VLAN ID. Similar to rate limiting based on traffic policy, the ISCOM2110G-

PWR discards the exceeding traffic.

Raisecom Technology Co., Ltd. 107

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5.2 Configuring basic QoS

5.2.1 Preparing for configurations

Scenario

5 QoS

QoS enables the carrier to provide different service quality for different applications, and assign and schedule different network resources.

Prerequisite

N/A

5.2.2 Default configurations of basic QoS

Default configurations of basic QoS are as below.

Function

Global QoS status Enable

Default value

5.2.3 Enabling global QoS

Enable global QoS for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#mls qos enable

Description

Enter global configuration mode.

Enable global QoS.

5.2.4 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show mls qos

Description

Show global QoS status.

Raisecom Technology Co., Ltd. 108

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5.3 Configuring traffic classification and traffic policy

5.3.1 Preparing for configurations

Scenario

5 QoS

Traffic classification is the basis of QoS. You can classify packets from an upstream device by priorities or ACL rule.

A traffic classification rule will not take effect until it is bound to a traffic policy. Apply traffic policy according to current network loading conditions and period. Usually, the

ISCOM2110G-PWR limits the rate of transmitting packets according to configured rate when packets enter the network, and re-marks priority according to service feature of packets.

Prerequisite

Enable global QoS.

5.3.2 Default configurations of traffic classification and traffic policy

Default configurations of traffic classification and traffic policy are as below.

Function

Traffic policy statistics status

Default value

Disable

5.3.3 Creating traffic classification

Create traffic classification for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#class-map class-map-name

[ match-all | match-any ]

Description

Enter global configuration mode.

Create traffic classification and enter traffic classification cmap configuration mode.

(Optional) describe traffic classification. 3

Raisecom(configcmap)#description string

5.3.4 Configuring traffic classification rules

Configure traffic classification rules for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 109

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

Command

Raisecom(config)#class-map class-map-name

[ match-all | match-any ]

3

4

Raisecom(config-cmap)#match

{ access-list-map | ipaccess-list | mac-accesslist } acl-number

Raisecom(config-cmap)#match class-map class-map-name

5

6

7

Raisecom(config-cmap)#match ip dscp dscp-value

Raisecom(config-cmap)#match ip precedence precedencevalue

Raisecom(config-cmap)#match vlan vlan-list

[ doubletagging inner ]

5 QoS

Description

Create traffic classification and enter traffic classification cmap configuration mode.

(Optional) configure traffic classification over ACL rule. The ACL rule must be defined firstly and the type must be

permit.

(Optional) configure traffic classification over traffic classification rule. The pursuant traffic classification must be created and the matched type must be identical with the traffic classification type.

(Optional) configure traffic classification over DSCP rules.

(Optional) configure traffic classification over IP priority.

(Optional) configure traffic classification over VLAN ID rule of VLAN packets.

When the matched type of a traffic classification is match-all, the matched information may have conflict and the configuration may fail.

Traffic classification rules must be created for traffic classification; namely, the

match parameter must be configured.

For traffic classification quoted by traffic policy, do not modify traffic classification rule; namely, do not modify the match parameter of traffic classification.

5.3.5 Creating token bucket and rate limiting rules

Create token bucket and rate limiting rules for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#mls qos { aggregatepolicer | class-policer | singlepolicer } policer-name rate-value burst-value [ exceed-action { drop | policed-dscp-transmit dscp-value ]

Create token bucket and configure rate limiting rules.

Raisecom Technology Co., Ltd. 110

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5.3.6 Creating traffic policy

Create traffic policy for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#policy-map policy-map-name

3

Raisecom(configpmap)#description string

5 QoS

Description

Enter global configuration mode.

Create traffic policy and enter traffic policy pmap configuration mode.

(Optional) configure traffic policy information.

5.3.7 Defining traffic policy mapping

Define one or more defined traffic classifications to one traffic policy.

Define traffic policy mapping for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#policymap policy-map-name

Description

Enter global configuration mode.

3

Raisecom(configpmap)#class-map classmap-name

Create traffic policy and enter traffic policy pmap configuration mode.

Bind traffic classification into traffic policy; only apply traffic policy to packets matching with traffic classification.

5.3.8 Defining traffic policy operation

At least one rule is necessary for traffic classification to bind traffic policy; otherwise the binding will fail.

Define different operations to different flows in policy.

Define a traffic policy operation for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 111

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

Command

Raisecom(config)#poli cy-map policy-mapname

Raisecom(configpmap)#class-map class-map-name

Description

Create traffic policy and enter traffic policy pmap configuration mode.

5 QoS

Bind traffic classification into traffic policy; only apply traffic policy to packets matching with traffic classification.

4

Raisecom(config-pmapc)#police policername

At least one rule is required for traffic classification to bind traffic policy, otherwise the binding will fail.

(Optional) apply token bucket on traffic policy and take rate limiting and shaping.

5

6

7

8

5.3.9 Applying traffic policy to interface

Apply traffic policy to the interface for the ISCOM2110G-PWR as below.

Step

1

Raisecom#config

Command

2

Raisecom(config)#service-policy policyname

ingress port-id

Description

Enter global configuration mode.

Bind the configured traffic policy with the interface.

Raisecom(config-pmapc)#redirect-to port port-id

The token bucket needs to be created in advance and be configured with rate limiting and shaping rule; otherwise, the operation will fail.

(Optional) configure re-direct rule under traffic classification, forwarding classified packets from assigned interface.

Raisecom(config-pmapc)#set { cos cosvalue

| ip precedence precedence-value

| ip dscp ip-dscp-value

| vlan vlan-id

}

Raisecom(config-pmapc)#copy-to-mirror

(Optional) configure re-mark rule under traffic classification, modify packet CoS priority, DSCP priority, IP priority, and VLAN ID.

(Optional) configure flow mirror to monitor interface.

Raisecom(config-pmapc)#statistics enable

(Optional) configure flow statistic rule under traffic classification, statistic packets for matched traffic classification.

Raisecom Technology Co., Ltd. 112

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5.3.10 Checking configurations

Use the following commands to check configuration results.

5 QoS

No.

1

2

3

4

5

6

7

8

Command

Raisecom#show service-policy statistics [ port

port-id

]

Description

Show traffic policy status and the statistics of the applied policy.

Raisecom#show class-map [ classmap-name ]

Show information about traffic classification.

Raisecom#show policy-map [ policymap-name ]

Raisecom#show policy-map [ policymap-name ] [ class class-map-name ]

Show traffic policy information.

Show information about traffic classification in traffic policy.

Raisecom#show mls qos policer

[ policer-name ]

Show information about the assigned token bucket (rate limiting and shaping).

Raisecom#show mls qos policer

[ aggregate-policer | class-policer

| single-policer ]

Show information about the assigned type token bucket (rate limiting and shaping).

Raisecom#show policy-map port

[ port-id ]

Show application information on about traffic policy the interface.

Raisecom#show mls qos queue-rate

[ port-list port-list ]

Show rate limiting on the interface.

5.3.11 Maintenance

Command

Raisecom(config)#clear service-policy statistics

[ egress port-id

[ class-map class-map-name

] | ingress port-id

[ class-map class-map-name

] | port port-id

]

Description

Clear statistics of QoS packets.

5.4 Configuring priority mapping

5.4.1 Preparing for configurations

Scenario

You can choose priority for trusted packets from upstream device, untrusted priority packets are processed by traffic classification and traffic policy. After configuring priority trust mode, the ISCOM2110G-PWR operates packets according to their priorities and provides related service.

Raisecom Technology Co., Ltd. 113

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 5 QoS

To specify local priority for packets is the prerequisite for queue scheduling. For packets from the upstream device, you cannot only map the external priority carried by packets to different local priority, but also configure local priority for packets based on interface, then the

ISCOM2110G-PWR will take queue scheduling according to local priority of packets.

Generally speaking, IP packets need to configure mapping between IP priority/DSCP priority and local priority; while VLAN packets need to configure mapping between CoS priority and local priority.

Prerequisite

N/A

5.4.2 Default configurations of basic QoS

Default configurations of basic QoS are as below.

Function

Interface trust priority type

Mapping from CoS to local priority

Mapping from DSCP to local priority

Interface priority

Default value

Trust CoS priority

See Table 5-3.

See Table 5-4.

0

Table 5-3 Default CoS to local priority and color mapping

CoS

0 1 2 3 4

Local

0 1 2 3 4

5

5

6

6

7

7

Table 5-4 Default DSCP to local priority and color mapping

DSCP 0–7

8–15 16–23 24–31 32–39 40–47 48–55 56–63

Local 0

1 2 3 4 5 6 7

5.4.3 Configuring interface trust priority type

Configure interface trust priority type for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Raisecom Technology Co., Ltd. 114

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

Command

Raisecom(config-port)#mls qos port-priority priority

4

Raisecom(config-port)#mls qos trust { cos | dscp | portpriority }

5 QoS

Description

Configure default priority on the interface.

Configure priority type of interface trust.

5.4.4 Configuring mapping from CoS to local priority

Configure mapping from CoS to local priority for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#mls qos mapping cos

cos-value

to localpriority priority

Description

Enter global configuration mode.

Create mapping from CoS to local priority.

5.4.5 Configuring mapping from DSCP to local priority

Configure mapping from DSCP to local priority for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#mls qos mapping dscp dscp-value to local-priority priority

Description

Enter global configuration mode.

Create mapping from DSCP to local priority.

5.4.6 Configuring mapping from local priority to DSCP

Configure mapping from local priority to DSCP for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#policy-map policy-map-name

3

Raisecom(config-pmap)#classmap class-map-name

4

Raisecom(config-pmap-c)#set local-priority priority

Raisecom(config-pmap-c)#exit

Raisecom(config-pmap)#exit

Description

Enter global configuration mode.

Create traffic policy and enter traffic policy pmap configuration mode.

Bind traffic classification with traffic policy, and apply traffic policy to those packets that match traffic classification.

Configure local priority in pcmp-c mode, and return to global configuration mode.

115 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

5

Command

Raisecom(config)#mls qos mapping local-priority priority

to dscp dscp-value

5 QoS

Description

Create mapping from local priority to

DSCP.

5.4.7 Configuring all-traffic modification on interface

Configure all-traffic modification on interface for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#mls qos mapping local-priority to dscp enable

Raisecom(config)#mls qos nonmodify port port-list

Enable mapping from local priority to

DSCP.

Configure the port list for disabling alltraffic modification.

5.4.8 Configuring specific-traffic modification

Configure specific-traffic modification for the ISCOM2110G-PWR as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#policy-map policy-map-name

Create traffic policy and enter traffic policy pmap configuration mode.

Raisecom(config-pmap)#classmap class-map-name

Bind traffic classification with traffic policy, and apply traffic policy to those packets that match traffic classification.

Raisecom(config-pmap-c)#modify enable

Enable specific-traffic modification.

5.4.9 Configuring CoS copying

Configure CoS copying for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

3

Raisecom(configport)#switchport qinq dot1qtunnel

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

(Optional) enable basic QinQ functions.

116 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

5

Command

Raisecom(configport)#switchport vlan-mapping vlan-id

add-outer vlan-id

Raisecom(configport)#switchport vlan-mapping ingress vlan-id translate vlan-id

Description

(Optional) enable selective QinQ functions.

(Optional) enable VLAN mapping.

5.4.10 Checking configurations

Use the following commands to check configuration results.

5 QoS

No.

1

Command

Raisecom#show mls qos

2

Raisecom#show mls qos port

[ port-id

]

3

4

5

Raisecom#show mls qos mapping cos

Raisecom#show mls qos mapping dscp

Raisecom#show mls qos mapping localpriority

Description

Show global QoS status.

Show interface QoS priority, and trust mode information.

Show information about mapping from

CoS to local priority.

Show information about mapping from

DSCP to local priority.

Show information about mapping from local priority to queue.

5.5 Configuring congestion management

5.5.1 Preparing for configurations

Scenario

When a network is congested, you need to balance delay and delay jitter of various packets.

Packets of key services (such as video and voice) can be preferentially processed while packets of common services (such as E-mail) with identical priority can be fairly processed.

Packets with different priorities can be processed according to its weight value. You can configure queue scheduling in this situation. Choose a schedule algorithm according to service condition and customer requirements.

Prerequisite

Enable global QoS.

Raisecom Technology Co., Ltd. 117

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5.5.2 Default configurations of congestion management

Default configurations of congestion management are as below.

Function

Queue scheduling mode SP

Queue weight

Default value

WRR weight for scheduling 8 queues is 1.

5 QoS

5.5.3 Configuring SP queue scheduling

Configure SP queue scheduling for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Raisecom(config)#mls qos queue scheduler sp

Description

Enter global configuration mode.

Configure interface queue scheduling mode as SP.

5.5.4 Configuring WRR or SP+WRR queue scheduling

Configure WRR or SP+WRR for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#mls qos queue scheduler wrr

3

Description

Enter global configuration mode.

Configure interface queue scheduling mode as WRR.

Raisecom(config-port)#mls qos queue wrr weigh1 weight2 weight3…weight8

Configure weight for each queue.

Conduct SP scheduling when the priority of a queue is 0.

5.5.5 Configuring queue transmission rate

Configure queue transmission rate for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port

port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#mls qos queue-rate [ queue-list queue-list

] min rate-limit max rate-limit

Configure interface-based queue transmission rate.

118 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5.5.6 Checking configurations

Use the following commands to check configuration results.

5 QoS

No.

1

2

3

Command

Raisecom#show mls qos port

[ port-id

]

Description

Show QoS priority and trust mode on the interface.

Raisecom#show mls qos queue

Show queue weight information.

Raisecom#show mls qos queue-rate [ port-list port-list ]

Show interface-based queue transmission rate.

5.6 Configuring rate limiting based on interface and VLAN

5.6.1 Preparing for configurations

Scenario

When the network is congested, you wish to restrict burst flow on some interface or some

VLAN to make packets transmitted in a well-proportioned rate to remove network congestion.

You need to configure rate limiting based on interface or VLAN.

Prerequisite

Create VLANs.

5.6.2 Configuring rate limiting based on interface

Configure rate limiting based on interface for the ISCOM2110G-PWR as below.

Step

1

2

Command Description

Raisecom#config

Enter global configuration mode.

Raisecom(config)#rate-limit port-list { all

|

port-list

} { egress | ingress } ratevalue

[ burst-value

]

Raisecom(config)#rate-limit port-list { all

|

port-list

} both rate-value

Configure rate limiting based on interface.

5.6.3 Configuring rate limiting based on VLAN

Configure rate limiting based on VLAN for the ISCOM2110G-PWR as below.

Raisecom Technology Co., Ltd. 119

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2

Raisecom(config)#rate-limit vlan vlan-id rate-value burst-value

[ statistics ]

Description

Enter global configuration mode.

(Optional) configure rate limiting based on VLAN.

5.6.4 Configuring rate limiting based on QinQ

Configure rate limiting based on QinQ for the ISCOM2110G-PWR as below.

5 QoS

Step

1

Command

Raisecom#config

2

Raisecom(config)#rate-limit doubletagging-vlan outer { outer-vlan-id

| any } inner { inner-vlan-id

| any } rate-value burst-value

[ statistics ]

5.6.5 Checking configurations

Use the following commands to check configuration results.

Description

Enter global configuration mode.

(Optional) configure rate limiting based on QinQ.

No.

1

2

Command

Raisecom#show rate-limit port-list

[ port-list ]

Description

Show configurations of rate limiting on specified interfaces.

Raisecom#show rate-limit vlan

Show configurations of rate limiting based on VLAN.

5.6.6 Maintenance

Maintain the ISCOM2110G-PWR as below.

Command

Raisecom(config)#clear rate-limit statistics vlan [ vlan-id ]

Description

Clear statistics of packet lost due to rate limiting based on VLAN.

120 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5.7 Configuring examples

5.7.1 Example for configuring congestion management

5 QoS

Networking requirements

As shown in Figure 5-8, the user uses voice, video and data services.

CoS priority of voice service is 5, CoS priority of video service is 4, and CoS priority of data service is 2. The local priorities for these three types of services are mapping 6, 5, and 2 respectively.

Congestion occurs easily on Switch A. To reduce network congestion; make the following rules according to different services types:

For voice service, perform SP schedule to ensure this part of flow passes through in prior;

For video service, perform WRR schedule, with weight value 50;

For data service, perform WRR schedule, with weight value 20;

Figure 5-8 Queue scheduling networking

Configuration steps

Step 1 Configure interface priority trust mode.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#mls qos enable

SwitchA(config)#interface port 2

SwitchA(config-port)#mls qos trust cos

SwitchA(config-port)#quit

Step 2 Configure mapping profile between CoS priority and local priority.

SwitchA(config)#mls qos mapping cos 5 to local-priority 6

SwitchA(config)#mls qos mapping cos 4 to local-priority 5

SwitchA(config)#mls qos mapping cos 2 to local-priority 2

Raisecom Technology Co., Ltd. 121

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step 3 Conduct SP+WRR queue scheduling in Port 1 egress direction.

SwitchA(config)#mls qos queue wrr 1 1 20 1 1 50 0 0

5 QoS

Checking results

Use the following command to show interface priority trust mode.

SwitchA#show mls qos port 2

Port Priority Trust Flow Modify

-----------------------------------------------------------

2 0 Cos Enable

Use the following command to show mapping between Cos priority and local priority.

SwitchA#show mls qos mapping cos

CoS-LocalPriority Mapping:

CoS: 0 1 2 3 4 5 6 7

----------------------------------------------

LocalPriority: 0 1 2 3 5 6 6 7

SwitchA#show mls qos mapping localpriority

LocalPriority-Queue Mapping:

LocalPriority: 0 1 2 3 4 5 6 7

----------------------------------------------------

Queue: 1 2 3 4 5 6 7 8

Use the following command to show configurations of queue scheduling on the interface.

SwitchA#show mls qos queue

Queue Weight(WRR)

-------------------------

1 1

2 1

3 20

4 1

5 1

6 50

7 0

8 0

Raisecom Technology Co., Ltd. 122

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

5.7.2 Example for configuring rate limiting based on interface

5 QoS

Networking requirements

As shown in Figure 5-9, User A, User B, and User C are respectively connected to Switch A,

Switch B, Switch C and ISCOM2110G-PWR.

User A requires voice and video services, User B requires voice, video and data services, and

User C requires video and data services.

According to service requirements, make rules as below.

For User A, provide 25 Mbit/s assured bandwidth, permitting burst flow 100 KB and discarding redundant flow.

For User B, provide 35 Mbit/s assured bandwidth, permitting burst flow 100 KB and discarding redundant flow.

For User C, provide 30 Mbit/s assured bandwidth, permitting burst flow 100 KB and discarding redundant flow.

Figure 5-9 Rate limiting based on interface

Configuration steps

Step 1 Configure rate limiting based on interface.

Raisecom#config

Raisecom(config)#rate-limit port-list 2 ingress 25000 100

Raisecom(config)#rate-limit port-list 3 ingress 35000 100

Raisecom(config)#rate-limit port-list 4 ingress 30000 100

Raisecom Technology Co., Ltd. 123

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Checking results

5 QoS

Use the show rate-limit interface-type interface-number command to show configurations of rate limiting based on interface.

Raisecom#show rate-limit port-list 2-4

I-Rate: Ingress Rate

I-Burst: Ingress Burst

E-Rate: Egress Rate

E-Burst: Egress Burst

Port I-Rate(kbps) I-Burst(kB) E-Rate(kbps) E-Burst(kB)

----------------------------------------------------------------

2 24992 100 0 0

3 34976 100 0 0

4 29984 100 0 0

Raisecom Technology Co., Ltd. 124

6 Multicast

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

6

Multicast

This chapter describes basic principle and configuration of multicast and provides related configuration examples, including the following sections:

Overview

Configuring IGMP Snooping

Configuring MVR

Configuring MVR Proxy

Configuring IGMP filtering

Maintenance

Configuration examples

6.1 Overview

With the continuous development of Internet, more and more various interactive data, voice, and video emerge on the network. On the other hand, the emerging e-commerce, online meetings, online auctions, video on demand, remote learning, and other services also rise gradually. These services come up with higher requirements for network bandwidth, information security, and paid feature. Traditional unicast and broadcast cannot meet these requirements well, while multicast has met them timely.

Multicast is a point-to-multipoint data transmission method. The method can effectively solve the single point sending and multipoint receiving problems. During transmission of packets on the network, multicast can save network resources and improve information security.

Basic concepts in multicast

Multicast group

A multicast group refers to the recipient set using the same IP multicast address identification.

Any user host (or other receiving device) will become a member of the group after joining the multicast group. They can identify and receive multicast data with the destination address as

IP multicast address.

Multicast group members

Raisecom Technology Co., Ltd. 125

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

Each host joining a multicast group will become a member of the multicast group. Multicast group members are dynamic, and hosts can join or leave multicast group at any time. Group members may be widely distributed in any part of the network.

Multicast source

A multicast source refers to a server which regards multicast group address as the destination address to send IP packet. A multicast source can send data to multiple multicast groups; multiple multicast sources can send to a multicast group.

Multicast router

A multicast router is a router that supports Layer 3 multicast. The multicast router can achieve multicast routing and guide multicast packet forwarding, and provide multicast group member management to distal network segment connecting with users.

Router interface

A router interface refers to the interface toward multicast router between a multicast router and a host. The ISCOM2110G-PWR receives multicast packets from this interface.

Member interface

Known as the receiving interface, a member interface is the interface towards the host between multicast router and the host. The ISCOM2110G-PWR sends multicast packets from this interface.

Multicast address

To make multicast source and multicast group members communicate across the Internet, you need to provide network layer multicast address and link layer multicast address, namely, the

IP multicast address and multicast MAC address.

The multicast address is the destination address instead of the source address.

IP multicast address

Internet Assigned Numbers Authority (IANA) assigns Class D address space to IPv4 multicast; the IPv4 multicast address ranges from 224.0.0.0 to 239.255.255.255.

Multicast MAC address

When the Ethernet transmits unicast IP packets, it uses the MAC address of the receiver as the destination MAC address. However, when multicast packets are transmitted, the destination is no longer a specific receiver, but a group with an uncertain number of members, so the

Ethernet needs to use the multicast MAC address.

The multicast MAC address identifies receivers of the same multicast group on the link layer.

According to IANA, high bit 24 of the multicast MAC address are 0x01005E, bit 25 is fixed to 0, and the low bit 23 corresponds to low bit 23 of the IPv4 multicast address.

Figure 6-1 shows mapping between the IPv4 multicast address and MAC address.

Raisecom Technology Co., Ltd. 126

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

Figure 6-1 Mapping relation between IPv4 multicast address and multicast MAC address

The first 4 bits of IP multicast address are 1110, indicating multicast identification. In the last

28 bits, only 23 bits are mapped to the multicast MAC address, and the missing of 5 bits makes 32 IP multicast addresses mapped to the same multicast MAC address. Therefore, in

Layer 2, the ISCOM2110G-PWR may receive extra data besides IPv4 multicast group, and these extra multicast data needs to be filtered by the upper layer on the ISCOM2110G-PWR.

Supported multicast features

The ISCOM2110G-PWR supports the following multicast features:

Internet Group Management Protocol Snooping (IGMP) Snooping

Multicast VLAN Registration (MVR)

MVR Proxy

IGMP filtering

MVR Proxy is usually used with MVR.

IGMP filtering can be used with IGMP Snooping or MVR.

6.1.2 IGMP Snooping

IGMP Snooping is a multicast constraining mechanism running on Layer 2 devices, used for managing and controlling multicast groups, and implementing Layer 2 multicast.

IGMP Snooping allows the ISCOM2110G-PWR to monitor IGMP session between the host and multicast router. When monitoring a group of IGMP Report from host, the

ISCOM2110G-PWR will add host-related interface to the forwarding entry of this group.

Similarly, when a forwarding entry reaches the aging time, the ISCOM2110G-PWR will delete host-related interface from forwarding entry.

IGMP Snooping forwards multicast data through Layer 2 multicast forwarding entry. When receiving multicast data, the ISCOM2110G-PWR will forward them directly according to the corresponding receiving interface of the multicast forwarding entry, instead of flooding them to all interfaces, to save bandwidth of the ISCOM2110G-PWR effectively.

IGMP Snooping establishes a Layer 2 multicast forwarding table, of which entries can be learnt dynamically or configured manually.

Raisecom Technology Co., Ltd. 127

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

6.1.3 MVR

Currently, the ISCOM2110G-PWR supports up to 1024 Layer 2 multicast entries.

Multicast VLAN Registration (MVR) is multicast constraining mechanism running on Layer

2 devices, used for multicast group management and control and achieve Layer 2 multicast.

MVR adds member interfaces belonging to different user VLANs on the Layer device to multicast VLAN by configuring multicast VLAN and makes different VLAN user uses one common multicast VLAN, then the multicast data will be transmitted only in one multicast

VLAN without copying one for each user VLAN, thus saving bandwidth. At the same time, multicast VLAN and user VLAN are completely isolated which also increases the security.

Both MVR and IGMP Snooping can achieve Layer 2 multicast, but the difference is: multicast VLAN in IGMP Snooping is the same with user VLAN, while multicast VLAN in

MVR can be different with user VLAN.

One switch can be configured with up to 10 multicast VLAN, at least one multicast

VLAN and group addresses. It supports up to 1024 multicast groups.

6.1.4 MVR Proxy

MVR Proxy is an MVR protocol proxy mechanism. It runs on Layer 2 devices to assist in managing and controlling multicast groups. MVR Proxy will terminate IGMP packets. It can proxy host function and also proxy multicast router functions for the next agent. The Layer 2 network device enabled with MVR Proxy has two roles:

On the user side, it is a query builder and undertakes the role of Server, sending Query packets and periodically checking user information, and dealing with the Report and

Leave packets from user.

On the network routing side, it is a host and undertakes the role of Client, responding the multicast router Query packet and sending Report and Leave packets. It sends the user information to the network when they are in need.

The proxy mechanism can control and access user information effectively, at the same time, reducing the network side protocol packet and network load.

MVR Proxy establishes the multicast forwarding table by blocking IGMP packets between users and the multicast router.

MVR Proxy is usually used with MVR.

The following concepts are related to MVR Proxy.

IGMP packet suppression

IGMP packet suppression refers that the Layer 2 device filters identical Report packets. When receiving Report packets from a multicast group member in a query interval, the Layer 2 device sends the first Report packet to the multicast router only rather than other identical

Report packets, to reduce packet quantity on the network.

128 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

When MVR is enabled, IGMP packet suppression can be enabled or disabled respectively.

IGMP Querier

If a Layer 2 device is enabled with this function, it can actively send IGMP query packets to query information about multicast members on the interface. If it is disabled with this function, it only forwards IGMP query packets from routers.

When IGMP Snooping is enabled, IGMP Querier can be enabled or disabled respectively.

Source IP address of query packets sent by IGMP Querier

IGMP querier sends the source IP address of query packets. By default, the IP address of IP interface 0 is used. If the IP address is not configured, 0.0.0.0 is used. When receiving query packets with IP address of 0.0.0.0, some hosts take it illegal and do not respond. Thus, specifying the IP address for the query packet is recommended.

Query interval

It is the query interval for common groups. The query message of common group is periodically sent by the Layer 2 device in multicast mode to all hosts in the shared network segment, to query which multicast groups have members.

Maximum response time for query packets

The maximum response time for query packets is used to control the deadline for reporting member relations by a host. When the host receives query packets, it starts a timer for each added multicast group. The value of the timer is between 0 and maximum response time.

When the timer expires, the host sends the Report packet to the multicast group.

Interval for last member to send query packets

It is also called the specified group query interval. It is the interval for the Layer 2 device continues to send query packets for the specified group when receiving IGMP Leave packet for a specified group by a host.

The query packet for the specified multicast group is sent to query whether the group has members on the interface. If yes, the members must send Report packets within the maximum response time; after the Layer 2 device receives Report packets in a specie period, it continues to maintain multicast forwarding entries of the group; If the members fail to send Report packets within the maximum response time, the switch judges that the last member of the multicast group has left and thus deletes multicast forwarding entries.

6.1.5 IGMP filtering

To control user access, you can set IGMP filtering. IGMP filtering contains the range of accessible multicast groups passing filtering rules and the maximum number of groups.

IGMP filtering rules

To ensure information security, the administrator needs to limit the multicast users, such as what multicast data are allowed to receive and what are not.

Raisecom Technology Co., Ltd. 129

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

Configure IGMP Profile filtering rules to control the interface. One IGMP Profile can be set one or more multicast group access control restrictions and access the multicast group according to the restriction rules (permit and deny). If a rejected IGMP Profile filter profile is applied to the interface, the interface will discard the IGMP report packet from this group directly once receiving it and does not allow receiving this group of multicast data.

IGMP filtering rules can be configured on an interface or VLAN.

IGMP Profile only applies to dynamic multicast groups, but not static ones.

Limit to the maximum number of multicast groups

The maximum allowed adding number of multicast groups and the maximum group limitation rule can be set on an interface or interface+VLAN.

The maximum group limitation rule sets the actions for reaching the maximum number of multicast group users added, which can be no longer allowing user adding groups, or covering the original adding group.

IGMP filtering is usually used with MVR.

6.2 Configuring IGMP Snooping

6.2.1 Preparing for configurations

Scenario

Multiple hosts belonging to the same VLAN receive data from the multicast source. Enable

IGMP Snooping on the Layer 2 device that connects the multicast router and hosts. By listening IGMP packets transmitted between the multicast router and hosts, creating and maintaining the multicast forwarding table, you can implement Layer 2 multicast.

Prerequisite

Create a VLAN, and add related interfaces to the VLAN.

6.2.2 Default configurations of IGMP Snooping

Default configurations of IGMP Snooping are as below.

Function

Global IGMP Snooping status

VLAN IGMP Snooping status

Aging time of router interface and multicast forwarding entry in IGMP Snooping

Disable

Disable

300s

Default value

Raisecom Technology Co., Ltd. 130

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

6.2.3 Enabling global IGMP Snooping

Enable global IGMP Snooping for the ISCOM2110G-PWR as below.

6 Multicast

1

2

Step Function

Raisecom#config

Raisecom(config)#ip igmp snooping

Default value

Enter global configuration mode.

Enable global IGMP Snooping.

6.2.4 (Optional) enabling IGMP Snooping on VLANs

When global IGMP Snooping is enabled, IGMP Snooping is enabled on all VLANs by default.

In this situation, you can disable or re-enable IGMP Snooping on a VLAN in VLAN configuration mode.

When global IGMP Snooping is disabled, IGMP Snooping is disabled on all VLANs by default. In this situation, you cannot enable IGMP Snooping on a VLAN.

Configuring IGMP Snooping in VLAN configuration mode

In VLAN configuration mode, you can enable IGMP Snooping on only one VLAN at a time.

Configure IGMP Snooping in VLAN configuration mode for the ISCOM2110G-PWR as below.

Step

1

2

Function

Raisecom#config

Raisecom(config)#vlan vlan-id

3

Raisecom(config-vlan)#ip igmp snooping

Default value

Enter global configuration mode.

Enable VLAN configuration mode.

Enable IGMP Snooping on a

VLAN.

Configuring IGMP Snooping in global configuration mode

In VLAN configuration mode, you can enable IGMP Snooping on multiple VLANs at a time.

Configure IGMP Snooping in global configuration mode for the ISCOM2110G-PWR as below.

Step

1

2

Function

Raisecom#config

Raisecom(config)#ip igmp snooping vlan-list vlan-list

Default value

Enter global configuration mode.

Enable IGMP Snooping on

VLANs.

Raisecom Technology Co., Ltd. 131

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

6.2.5 Configuring multicast router interface

Configure the multicast router interface for the ISCOM2110G-PWR as below.

6 Multicast

Step

1

2

Function

Raisecom#config

Raisecom(config)#ip igmp snooping mrouter vlan vlan-id port-list port-list

Default value

Enter global configuration mode.

Configure the multicast router interface of the specified VLAN.

IGMP Snooping can dynamically learn router interfaces (on the condition that the multicast router is enabled with multicast route protocol, and through IGMP query packets), or you can manually configure dynamic learning so that downstream multicast report and leaving packets can be forwarded to the router interface.

There is aging time for the router interface dynamically learnt and no aging time for manually configured router interface.

6.2.6 (Optional) configuring aging time of IGMP Snooping

For IGMP Snooping, each dynamically learnt router interface initiates a timer, of which the expiration time is the aging time of IGMP Snooping. When the timer expires, the route interface will no longer be a router interface if it has not received IGMP Query packet, or it updates the aging time if it receives IGMP Query packet.

Each multicast forwarding entry initiates a timer which contains the aging time of a multicast member. The expiration time of the timer is the aging time of IGMP Snooping. When the timer expires, the multicast member will be deleted if it has not received IGMP Report packet, or it updates the aging time if it receives IGMP Report packet.

Configure aging time of IGMP Snooping for the ISCOM2110G-PWR as below.

Step

1

2

Function

Raisecom#config

Default value

Enter global configuration mode.

Raisecom(config)#ip igmp snooping timeout { period | infinite }

Configure the aging time of router interface and multicast forwarding entry of

IGMP Snooping.

The aging time of IGMP Snooping configured by the previous command takes effects on all dynamically learnt router interfaces and multicast forwarding entries on the

ISCOM2110G-PWR.

Raisecom Technology Co., Ltd. 132

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

6.2.7 (Optional) configuring immediate leaving

6 Multicast

For IGMP Snooping, when a user sends a Leave packet, the ISCOM2110G-PWR does not instantly delete the corresponding multicast forwarding entry, but deletes it until the aging time of the entry expires. When downstream users are in a large number, and they join or leave the network frequently, you can configure this function to immediately delete corresponding multicast forwarding entries.

Configuring immediate leaving in VLAN configuration mode

In VLAN configuration mode, you can enable immediate leaving on only one VLAN at a time.

Configure immediate leaving in VLAN configuration mode for the ISCOM2110G-PWR as below.

Step

1

2

Function

Raisecom#config

Raisecom(config)#vlan vlan-id

3

Raisecom(config-vlan)#ip igmp snooping immediate-leave

Default value

Enter global configuration mode.

Enable VLAN configuration mode.

Configure immediate leaving on the VLAN.

Configuring IGMP Snooping in global configuration mode

In VLAN configuration mode, you can configure immediate leaving on multiple VLANs at a time.

Configure IGMP Snooping in global configuration mode for the ISCOM2110G-PWR as below.

Step

1

2

Function

Raisecom#config

Raisecom(config)#ip igmp snooping vlan-list vlan-list

immediateleave

Default value

Enter global configuration mode.

Configure immediate leaving on

VLANs.

6.2.8 (Optional) configuring static multicast table

An interface is added to the multicast group through the IGMP Report packet sent by a host.

Or you can manually add an interface to a multicast group.

Configure the static multicast table for the ISCOM2110G-PWR as below.

Step

1

Function

Raisecom#config

Default value

Enter global configuration mode.

Raisecom Technology Co., Ltd. 133

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

Function

Raisecom(config)#mac-address-table static multicast mac-address

vlan vlan-id

port-list

port-list

6.2.9 Checking configurations

Use the following commands to check configuration results.

6 Multicast

Default value

Add interfaces to the static multicast group.

No.

1

2

3

Command

Raisecom#show ip igmp snooping

[ vlan vlan

id

]

Description

Show configurations of IGMP

Snooping.

Raisecom#show ip igmp snooping mrouter [ vlan vlan

id

]

Show information about multicast router interface of IGMP Snooping.

Raisecom#show mac-address-table multicast [ vlan vlan-id

]

[ count ]

Show information about Layer 2 multicast MAC address table.

6.3 Configuring MVR

6.3.1 Preparing for configurations

Scenario

Multiple hosts receive data from the multicast sources. These hosts and the multicast router belong to different VLANs. Enable MVR on Switch A, and configure multicast VLAN. In this way, users in different VLANs can share a multicast VLAN to receive the same multicast data, and bandwidth waste is reduced.

Prerequisite

Create VLANs and add related interfaces to VLANs.

6.3.2 Default configurations of MVR

Default configurations of MVR are as below.

Global MVR status

Interface MVR status

Function

Multicast VLAN and group address set

MVR multicast entity aging time

MVR operation mode

Disable

Disable

N/A

600s

Dynamic

Default value

Raisecom Technology Co., Ltd. 134

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

MVR interface immediate leaving status Disable

Default value

6 Multicast

6.3.3 Configuring MVR basic information

Configure MVR basic information for ISCOM2110G-PWR as below.

1

Step

2

3

4

5

6

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#mvr enable

Raisecom(config)#mvr timeout period

Enable global MVR.

(Optional) configure the aging time of MVR multicast entities.

Raisecom(config)#mvr vlan vlan-id

Raisecom(config)#mvr vlan vlan-id group ip-address [ count ]

Configure MVR multicast VLAN.

Configure group address set for multicast VLAN.

The mvr vlan vlan-id group ip-address

[ count ] command is used to configure group address set for multicast VLAN.

If the received IGMP Report packet does not belong to group address set of any VLAN, it is not processed and the user cannot make multicast traffic on demand.

Raisecom(config)#mvr mode { compatible | dynamic }

(Optional) configure MVR operation mode.

Wherein, the dynamic mode allows source interfaces to dynamically join the multicast group; the compatible mode does not allow source interfaces to dynamically join the multicast group.

Only when the receiving interface has a member which joins the multicast group, the source interface can join the multicast group.

6.3.4 Configuring MVR interface information

On an aggregation device, configuring immediate leaving is not commended on the receiving interface. If multiple users are connected to the receiving interface configured with immediate leaving through another device, the aggregating device will delete the receiving interface. As a result, other users that are still connected to the receiving interface fail to receive multicast traffic.

Raisecom Technology Co., Ltd. 135

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2

3

4

5

6

Description

Enter global configuration mode.

6 Multicast

Raisecom(config)#mv r enable

Raisecom(config)#in terface interfacetype interfacenumber

Raisecom(configport)#mvr

Raisecom(configport)#mvr type

{ receiver | source }

Enable global MVR.

Enter physical layer interface configuration mode.

(Optional) enable interface MVR.

Configure the type of interface MVR. By default, the type is non-MVR.

To configure it, set the uplink interface to the source interface to receive multicast data. Users cannot be directly connected to the source interface; all source interfaces must be in the multicast VLAN; set the interface directly connected to the user to the receiving interface and it cannot belong to the multicast VLAN.

Raisecom(configport)#mvr immediate

(Optional) configure immediate leaving on the MVR interface.

This function can be applied to the receiving interface directly connected to the user.

After global MVR is enabled, interface MVR is enabled as well.

6.3.5 Checking configurations

Use the following commands to check configuration results.

1

No.

2

3

Command

Raisecom#show mvr

Raisecom#show mvr vlan group

[ vlan vlan -6.3

id ]

Raisecom#show mvr vlan vlan id member

Description

Show configurations of MVR.

Show MVR multicast VLAN and group address set.

Show information about MVR multicast member.

Raisecom Technology Co., Ltd. 136

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

6.4 Configuring MVR Proxy

6.4.1 Preparing for configurations

Scenario

6 Multicast

In a network with multicast routing protocol widely applied, there are multiple hosts and client subnet receiving multicast information. Enable IGMP Proxy on the Layer 2 device that connects the multicast router and hosts, to block IGMP packets between hosts and the multicast router and relieve the network load.

Configure IGMP Proxy to relive configuration and management of client subnet for the multicast router and to implement multicast connection with the client subnet.

Prerequisite

Enable MVR.

Configure multicast VLAN and group address set.

Configure the source interface and the receiving interface, and add related interfaces to the corresponding VLANs.

6.4.2 Default configurations of IGMP Proxy

Default configurations of IGMP Proxy are as below.

Function

IGMP Proxy status

IGMP packet suppression status

IGMP Querier status

Source IP address for IGMP Querier and IGMP

Proxy to send packets

IGMP query interval

Maximum response time to send Query packets

Interval for the last member to send Query packets

Default value

Disable

Disable

Disable

Use the IP address of IP interface

0. If IP interface 0 is not configured, use 0.0.0.0.

60s

10s

1s

6.4.3 Configuring IGMP Proxy

Configure IGMP Proxy for the ISCOM2110G-PWR as below.

1

Step Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 137

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2

Step Command

Raisecom(config)#mvr proxy

Description

Enable IGMP Proxy.

3

4

5

6

7

8

6 Multicast

Raisecom(config)#mvr proxy suppression

Raisecom(config)#ip igmp querier enable

After global MVR Proxy is enabled, MVR packet suppression and IGMP querier are enabled as well.

Enable IGMP packet suppression.

IGMP packet suppression can be enabled or disabled when MVR is enabled.

(Optional) enable IGMP querier.

IGMP querier can be enabled or disabled when

IGMP Snooping or MVR is enabled.

(Optional) configure the source IP address for the

IGMP querier to send query packets.

Raisecom(config)#mvr proxy source-ip ipaddress

Raisecom(config)#ip igmp querier queryinterval period

Raisecom(config)#mvr proxy query-maxresponse-time period

Raisecom(config)#mvr proxy last-memberquery period

(Optional) configure the IGMP query interval.

(Optional) configure the maximum response time to send query packets.

(Optional) configure the interval for the last member to send query packets.

When IGMP Proxy is disabled, the following parameters of MVR Proxy can be configured: source IP address, query interval, maximum response time to send

Query packets, and interval for the last member to send Query packets. After IGMP

Proxy is enabled, these configurations will take effect immediately.

6.4.4 Checking configurations

Use the following commands to check configuration results.

1

No.

2

Command

Raisecom#show mvr proxy

Raisecom#show ip igmp querier vlan

Description

Show configurations of IGMP Proxy.

Show user VLAN information to be queried.

Raisecom Technology Co., Ltd. 138

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

6.5 Configuring IGMP filtering

6.5.1 Preparing for configurations

Scenario

6 Multicast

Different users in the same multicast group receive different multicast requirements and permissions, and allow configuring filtering rules on the switch which connects multicast router and user host to restrict multicast users. The maximum number of multicast groups allowed for users to join can be set.

Prerequisite

Enable MVR.

Configure multicast VLAN and group address set.

Configure the source interface and receiving interfaces, and add the related interfaces to the responding VLANs.

6.5.2 Default configurations of IGMP filtering

Default configurations of IGMP filtering are as below.

Function

Global IGMP filtering

IGMP filter profile Profile

IGMP filter profile action

IGMP filtering under interface

IGMP filtering under interface+VLAN

Default value

Disable

N/A

Refuse

No maximum group limit. The largest group action is drop, and no application filter profile.

No maximum group limit. The largest group action is drop, and no application filter profile.

6.5.3 Enabling global IGMP filtering

Enable global IGMP filtering for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Raisecom(config)#igmp filter

Description

Enter global configuration mode

Enable global IGMP filtering

Before configuring IGMP filter profile or the maximum number of IGMP groups, use the igmp filter command to enable global IGMP filtering.

139 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

6.5.4 Configuring IGMP filtering rules

Configure the IGMP filter profile for the ISCOM2110G-PWR as below.

6 Multicast

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode

Raisecom(config)#ip igmp profile profile-number

Create an IGMP profile, and enter profile configuration mode.

Raisecom(config-igmpprofile)#{ permit | deny }

Raisecom(config-igmpprofile)#range start-ipaddress

[ end-ip-address

]

Configure IGMP profile action.

Configure the IP multicast address or range to be controlled for access.

6.5.5 Applying IGMP filtering rules

Apply the IGMP filter profile for the ISCOM2110G-PWR as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#ip igmp filter profile-number

(Optional) applying IGMP profile filtering rules on the interface.

An IGMP profile can be applied to multiple interfaces, but each interface can be configured with only one IGMP profile.

Raisecom(config-port)#exit

Raisecom(config)#ip igmp filter profile-number

vlan vlan-id

(Optional) applying IGMP profile filtering rules in the VLAN.

6.5.6 Configuring maximum number of multicast groups

You can add the maximum number of multicast groups applied to interface or interface+VLAN.

Configuring maximum number of multicast groups on interface

Configure the maximum number of multicast groups on the interface for the ISCOM2110G-

PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode

Raisecom Technology Co., Ltd. 140

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

4

Command

Raisecom(config)#interface interface-type interfacenumber

Raisecom(config-port)#ip igmp max-groups groupnumber

Raisecom(config-port)#ip igmp max-groups action

{ deny | replace }

Enter physical layer interface configuration mode.

Description

6 Multicast

Configure the maximum number of multicast groups allowed on the interface.

(Optional) configure the action when the number of groups exceeds the maximum number of multicast groups allowed on the interface.

Configuring maximum number of multicast groups in VLAN

Configure the maximum number of multicast groups in the VLAN for the ISCOM2110G-

PWR as below.

Step

1

Command

Raisecom#config

2

3

Raisecom(config)#ip igmp max-group max-group vlan vlan-id

Raisecom(config)#ip igmp max-group action { deny | replace } vlan vlan-id

Description

Enter global configuration mode

Configure the maximum number of multicast groups allowed in the VLAN.

(Optional) configure the action when the number of groups exceeds the maximum number of multicast groups allowed in the

VLAN.

By default, there is no limit on the multicast group number. The action for the maximum multicast group is deny.

6.5.7 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show ip igmp filter

[ interface-type interface-number | vlan [ vlan id ] ]

Raisecom#show ip igmp profile

[

profile-number

]

Description

Show application information about IGMP filtering.

Show configurations of IGMP profile filtering rules.

Raisecom Technology Co., Ltd. 141

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

6.6 Maintenance

Maintain the ISCOM2110G-PWR as below.

Command

Raisecom(config)#clear mvr interfacetype [ interface-number ] statistics

Description

Clear MVR statistics on the interface.

6 Multicast

6.7 Configuration examples

6.7.1 Example for configuring IGMP Snooping

Networking requirements

As shown in Figure 6-2, Port 1 on the switch is connected with the multicast router; Port 2

and Port 3 connect users. All multicast users belong to the same VLAN 10; you need to configure IGMP Snooping on the switch to receive multicast data with the address 234.5.6.7.

Figure 6-2 IGMP Snooping networking

Configuration steps

Step 1 Create a VLAN and add interfaces to it.

Raisecom#config

Raisecom(config)#create vlan 10 active

Raisecom(config)#interface port 1

Raisecom Technology Co., Ltd. 142

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 10

Raisecom(config-port)#exit

Raisecom(config)#interface port 2

Raisecom(config-port)#switchport access vlan 10

Raisecom(config-port)#exit

Raisecom(config)#interface port 3

Raisecom(config-port)#switchport access vlan 10

Raisecom(config-port)#exit

Step 2 Enable IGMP Snooping.

Raisecom(config)#igmp snooping

Raisecom(config)#igmp snooping vlan-list 10

Step 3 Configure the multicast router interface.

Raisecom(config)#ip igmp snooping mrouter vlan 1 port 1

6 Multicast

Checking results

Use the following command to show configurations of IGMP Snooping.

Raisecom#show ip igmp snooping

IGMP snooping: Enable

IGMP querier: Disable

IGMP snooping aging time: 300s

IGMP snooping active VLAN: 1-4094

IGMP snooping immediate-leave active VLAN: --

6.7.2 Example for configuring MVR and MVR Proxy

Networking requirements

As shown in Figure 6-3, Port 1 of the switch connects with the multicast router, and Port 2

and Port 3 connect with users in different VLANs to receive data from multicast 234.5.6.7 and

225.1.1.1.

Configure MVR on the Switch to designate VLAN 3 as a multicast VLAN, and then the multicast data can only be copied one time in the multicast VLAN instead of copying for each user VLAN, thus saving bandwidth.

Enabling MVR Proxy on the Switch reduces communication between hosts and the multicast router without implementing multicast functions.

Raisecom Technology Co., Ltd. 143

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

When the PC and set-top box are added into the same multicast group, the Switch receives two IGMP Report packets and only sends one of them to the multicast router. The IGMP

Query packet sent by multicast will no longer be forwarded downstream, but the switch transmits IGMP Query packet periodically.

Figure 6-3 MVR networking

Configuration steps

Step 1 Create VLANs on Switch A and add interfaces to it.

Raisecom(config)#config

Raisecom(config)#creat vlan 3,12,13 active

Raisecom(config)#interface port 1

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 3

Raisecom(config-port)#switchport trunk untagged vlan 12,13

Raisecom(config-port)#exit

Raisecom(config)#interface port 2

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 12

Raisecom(config-port)#switchport trunk untagged vlan 3

Raisecom(config-port)#exit

Raisecom(config)#interface port 3

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 13

Raisecom(config-port)#switchport trunk untagged vlan 3

Step 2 Configure MVR on Switch A.

Raisecom(config)#mvr enable

Raisecom(config)#interface port 2

Raisecom(config-port)#mvr

Raisecom Technology Co., Ltd. 144

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom(config-port)#exit

Raisecom(config)#interface port 3

Raisecom(config-port)#mvr

Step 3 Specify the multicast VLAN and group address set.

Raisecom(config)#mvr vlan 3

Raisecom(config)#mvr vlan 3 group 234.5.6.7

Raisecom(config)#mvr vlan 3 group 225.1.1.1

Step 4 Enable MVR Proxy.

Step 5 Configure source interface information.

Raisecom(config)#mvr proxy

Raisecom(config)#mvr proxy suppression

Raisecom(config)#ip igmp querier enable

Raisecom(config)#mvr proxy source-ip 192.168.1.2

Raisecom(config)#interface port 1

Raisecom(config-port)#mvr type source

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 3

Raisecom(config-port)#switchport trunk untagged vlan 12,13

Step 6 Configure receiving interface information.

Raisecom(config)#interface port 2

Raisecom(config-port)#mvr type receiver

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 12

Raisecom(config-port)#switchport trunk untagged vlan 3

Raisecom(config-port)#exit

Raisecom(config)#interface port 3

Raisecom(config-port)#mvr type receiver

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 13

Raisecom(config-port)#switchport trunk untagged vlan 3

Checking results

Use the following command to show MVR configurations on the switch.

Raisecom Technology Co., Ltd.

6 Multicast

145

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#show mvr

MVR Running: Enable

MVR Multicast VLAN(ref):3(2)

MVR Max Multicast Groups: 3840

MVR Current Multicast Groups: 2

MVR Timeout: 600 (second)

MVR Mode: Dynamic

Mvr general query translate vlan: 0

6 Multicast

Use the following command to show information about the multicast VLAN and group address.

Raisecom#show mvr vlan group

Vlan Group Address

-----------------------------

3 225.1.1.1

3 234.5.6.7

Group address entries for all Vlans: 2

Use the following command to show configurations of IGMP Proxy.

Raisecom#show mvr proxy

Mvr Proxy Suppression Status: Enable

Ip Igmp Querier Status: Enable

Mvr Proxy Source Ip: 192.168.1.2

Mvr Proxy Version: V2

Ip Igmp Query Interval(s): 60

Query Response Interval(s): 10

Last Member Query Interval(s): 1

Next IGMP General Query(s): 60

6.7.3 Example for applying IGMP filtering and maximum number of multicast groups to interface

Networking requirements

Enable IGMP filtering on the switch. Add filtering rules on the interface to filter multicast users.

As shown in Figure 6-4,

Create an IGMP filtering rule Profile 1, set the action to pass for the multicast group ranging from 234.5.6.7 to 234.5.6.10.

Apply filtering IGMP filtering rule Profile 1 on Port 2, allow the set top box to join the

234.5.6.7 multicast group, forbid it to join the 234.5.6.11 multicast group.

Apply no filtering rule on Port 3, and allow PCs to join the 234.5.6.11 multicast group.

Raisecom Technology Co., Ltd. 146

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

Configure the maximum number of multicast groups on Port 2. After the set top box is added to the 234.5.6.7 multicast group, add it to the 234.5.6.8 multicast group. Then, it quits the

234.5.6.7 multicast group.

Figure 6-4 Applying IGMP filtering on the interface

Configuration steps

Step 1 Create a VLAN, and create IGMP filtering rules.

Raisecom#config

Raisecom(config)#creat vlan 3,12,13 active

Raisecom(config)#ip igmp profile 1

Raisecom(config-igmp-profile)#range 234.5.6.7 234.5.6.10

Raisecom(config-igmp-profile)#permit

Step 2 Enable MVR and IGMP filtering.

Raisecom(config)#mvr enable

Raisecom(config)#mvr vlan 3

Raisecom(config)#mvr vlan 3 group 234.5.6.7 5

Raisecom(config)#ip igmp filter

Step 3 Configure the source interface.

Raisecom(config)#interface port 1

Raisecom(config-port)#mvr type source

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 3

Raisecom(config-port)#switchport trunk untagged vlan 12,13

Raisecom Technology Co., Ltd. 147

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

Step 4 Configure the receiving interface on the set top box, and apply IGMP filtering rule and set the maximum number of multicast groups.

Raisecom(config)#interface port 2

Raisecom(config-port)#mvr type receiver

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 12

Raisecom(config-port)#switchport trunk untagged vlan 3

Raisecom(config-port)#ip igmp filter 1

Raisecom(config-port)#ip igmp max-groups 1

Raisecom(config-port)#ip igmp max-groups action replace

Step 5 Configure the receiving interface on the PC.

Raisecom(config)#interface port 3

Raisecom(config-port)#mvr type receiver

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 13

Raisecom(config-port)#switchport trunk untagged vlan 3

Checking results

Use the following command to show configurations of IGMP filtering on the interface.

Raisecom#show ip igmp filter port 2

IGMP Filter: 1

Max Groups: 1

Current groups: 0

Action: Replace

6.7.4 Example for applying IGMP filtering and maximum number of multicast groups to VLAN

Networking requirements

Enable IGMP filtering on the switch. Add filtering rules in the VLAN to filter multicast users.

As shown in Figure 6-5,

Create an IGMP filtering rule Profile 1, set the action to pass, and set the IP address to range from 234.5.6.7 to 234.5.6.10.

Apply filtering IGMP filtering rule Profile 1 on VLAN 12, allow the set top box to join the 234.5.6.7 multicast group, forbid it to join the 234.5.6.11 multicast group.

Apply no filtering rule on VLAN 3, and allow PCs to join the 234.5.6.11 multicast group.

Raisecom Technology Co., Ltd. 148

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

Configure the maximum number of multicast groups in VLAN 12. After the set top box is added to the 234.5.6.7 multicast group, add it to the 234.5.6.8 multicast group. Then, it quits the 234.5.6.7 multicast group.

Figure 6-5 Applying IGMP filtering in the VLAN

Configuration steps

Step 1 Create a VLAN, and create IGMP filtering rules.

Raisecom#config

Raisecom(config)#creat vlan 3,12,13 active

Raisecom(config)#ip igmp profile 1

Raisecom(config-igmp-profile)#range 234.5.6.7 234.5.6.10

Raisecom(config-igmp-profile)#permit

Step 2 Enable MVR and IGMP filtering.

Raisecom(config)#mvr enable

Raisecom(config)#mvr vlan 3

Raisecom(config)#mvr vlan 3 group 234.5.6.7 5

Raisecom(config)#ip igmp filter

Step 3 Configure the source interface.

Raisecom(config)#ip igmp filter 1 vlan 12

Raisecom(config)#ip igmp max-group 1 vlan 12

Raisecom(config)#ip igmp max-group action replace vlan 12

Raisecom Technology Co., Ltd. 149

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 6 Multicast

Step 4 Configure the receiving interface on the set top box, and apply IGMP filtering rule and set the maximum number of multicast groups.

Raisecom(config)#interface port 1

Raisecom(config-port)#mvr type source

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 3

Raisecom(config-port)#switchport trunk untagged vlan 12,13

Step 5 Configure the receiving interface on the PC.

Raisecom(config)#interface port 2

Raisecom(config-port)#mvr type receiver

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 12

Raisecom(config-port)#switchport trunk untagged vlan 3

Raisecom(config-port)#exit

Raisecom(config)#interface port 3

Raisecom(config-port)#mvr type receiver

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk native vlan 13

Raisecom(config-port)#switchport trunk untagged vlan 3

Checking results

Check whether IGMP filtering is correctly configured in the VLAN.

Raisecom#show ip igmp filter vlan 12

VLAN Filter Max Groups Current Groups Action

---------------------------------------------------------------------

Raisecom Technology Co., Ltd. 150

7 Security

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7

Security

This chapter describes basic principle and configuration of security and provides related configuration examples, including the following sections:

ACL

Secure MAC address

Dynamic ARP inspection

RADIUS

TACACS+

Storm control

802.1x

IP Source Guard

PPPoE+

Loopback detection

Line detection

7.1 ACL

7.1.1 Introduction

Access Control List (ACL) is a set of ordered rules, which can control the ISCOM2110G-

PWR to receive or refuse some data packets.

You need to configure rules on the network to prevent illegal packets from influencing network performance and determine the packets allowed to pass. These rules are defined by

ACL.

ACL is a series of rule composed of permit | deny sentences. The rules are described according to source address, destination address, and port ID of data packets. The

ISCOM2110G-PWR judges receiving or rejecting packets according to the rules.

Raisecom Technology Co., Ltd. 151

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.1.2 Preparing for configurations

Scenario

7 Security

ACL can help network device to recognize filter objects. The device recognizes special objects and then permits/denies packets passing according to the configured policy.

ACL includes the below types:

IP ACL: make classifications rule according to source or destination address taken by packets IP head, port ID used by TCP or UDP, and other attributes of packets.

MAC ACL: make classification rule according to source MAC address, destination MAC address, Layer 2 protocol type taken by packets Layer 2 frame head, etc. attributes.

MAP ACL: MAP ACL can define more protocols and more detailed protocol fields than

IP ACL and MAC ACL, also can match any bytes of the first 64 bytes according to user's definition.

There are 3 kinds of ACL application according to difference of application environment:

ACL based on the whole device, based on interface, and based on VLAN.

Prerequisite

N/A

7.1.3 Default configurations of ACL

Default configurations of ACL are as below.

Function

Filter effectiveness status

Non-fragmenting packet message type

ICMP packet message type

Filter function effective status

MAC address matching rules

CoS value matching rules

Ethernet frame type matching rules

ARP type matching rules

ARP packet and MAC/IP address matching rules

IP packet address, DSCP, priority, and matching rule between priority and ToS

Matching rule between port ID and protocol tag bit of TCP packets

Port ID matching rules of UDP packets

IGMP packet message type matching rules

Default value

Disable

Mismatch

Mismatch

Take effect

Mismatch

Mismatch

Mismatch

Mismatch

Mismatch

Mismatch

Mismatch

Mismatch

Mismatch

Raisecom Technology Co., Ltd. 152

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

IPv6 packet matching rules

Function

7 Security

Default value

Mismatch

7.1.4 Configuring IP ACL

Configure IP ACL for the ISCOM2110G-PWR as below.

Step

1

2

3

Command Description

Raisecom#config

Enter global configuration mode.

Raisecom(config)#ip-access-list acl-id

{ deny | permit } { protocol-id

| icmp | igmp | ip }

{ source-address mask

| any} { destination-address mask

| any }

Raisecom(config)#ip-access-list acl-number

{ deny

| permit } { tcp | udp } { source-ip-address ip

mask

| any } [ source-protocol-port

]

{ destination-ip-address ip

mask

| any }

[ destination-protocol-port

]

Raisecom(config)#interface ip if-number

Raisecom(config-ip)#ip ip-access-list { listnumber

| all } [ port-list

port-list

]

Configure IP

ACL.

Apply ACL on the

ISCOM2110G-

PWR.

7.1.5 Configuring MAC ACL

Configure MAC ACL for the ISCOM2110G-PWR as below.

Step

1

Raisecom#config

2

Command Description

Enter global configuration mode.

Raisecom(config)#mac-access-list acl-id

{ deny | permit} [ protocol-id

| arp | ip | rarp | any ]

{ source-mac-address

[ src-mask src-mask

] | any } { destination-mac-address

[ dst-mask dstmask

] | any }

Configure MAC

ACL.

7.1.6 Configuring MAP ACL

Configure MAP ACL for the ISCOM2110G-PWR as below.

153 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2

Raisecom(config)#access-listmap acl-id { deny | permit }

3

4

5

6

7

Description

7 Security

Enter global configuration mode.

Create MAP ACL list and enter

ACLMAP configuration mode.

Raisecom(config-aclmap)#match mac { destination | source } mac-address

Raisecom(config-aclmap)#match cos cos-value

(Optional) define matching rule for the source or destination MAC address.

(Optional) define matching rule for CoS value.

Raisecom(config-aclmap)#match ethertype ethertype

[ ethertype-mask ]

Raisecom(config-aclmap)#match

{ arp | eapol | flowcontrol | ip | ipv6 | loopback | mpls | mpls-mcast | pppoe | pppoedisc

| x25 | x75 }

Raisecom(config-aclmap)#match arp opcode { reply| request }

(Optional) define matching rule for

Ethernet frame type.

(Optional) define matching rule for upper layer protocol type carried by

Layer 2 packet head.

(Optional) define matching rule for ARP type (reply packet/request packet).

8

9

10

11

12

13

14

Raisecom(config-aclmap)#match arp { sender-mac | targetmac } mac-address

Raisecom(config-aclmap)#match arp { sender-ip | target-ip } ip-address [ ip-address-mask ]

Raisecom(config-aclmap)#match ip { destination-address | source-address } ip-address

[ ip-address-mask ]

Raisecom(config-aclmap)#match ip precedence { precedencevalue

| critical | flash | flash-override | immediate| internet | network | priority

| routine }

Raisecom(config-aclmap)#match ip tos { tos-value

| maxreliability | max-throughput | min-delay | min-monetary-cost

| normal }

Raisecom(config-aclmap)#match ip dscp { dscp-value | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41| af42 |af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7| default | ef }

Raisecom(config-aclmap)#match ip protocol protocol-id

(Optional) define matching rule for the

MAC address of ARP packets.

(Optional) define matching rule for the

IP address of ARP packets.

(Optional) define matching rule for the source or destination IP address.

(Optional) define matching rule for IP packet priority.

(Optional) define matching rule for ToS value of IP packet priority.

(Optional) define matching rule for

DSCP value of IP packets.

(Optional) define matching rule for protocol value of IP packets.

154 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step Command

15

16

17

18

19

7 Security

Description

Raisecom(config-aclmap)#match ip tcp { destination-port | source-port } { port-id

| bgp

| domain | echo | exec | finger | ftp | ftp-data | gopher | hostname | ident | irc | klogin | kshell | login

| lpd | nntp | pim-auto-rp | pop2 | pop3 | smtp | sunrpc | syslog | tacacs | talk | telnet | time | uucp | whois | www }

Raisecom(config-aclmap)#match ip tcp { ack | fin | psh | rst

| syn | urg }

Raisecom(config-aclmap)#match ip udp { destination-port | source-port } { port-id | biff

| bootpc | bootps | domain | echo | mobile-ip | netbios-dgm

| netbios-ns | netbios-ss | ntp | pim-auto-rp | rip | snmp

| snmptrap | sunrpc | syslog | tacacs | talk | tftp | time | who }

Raisecom(config-aclmap)#match ip icmp icmp-type-id

[ icmpcode

]

Raisecom(config-aclmap)#match ip no-fragments

(Optional) define matching rule for port

ID of TCP packets.

(Optional) define matching rule for TCP protocol Tag.

(Optional) Define matching rule for port

ID of UDP packets.

(Optional) define matching rule for message type of ICMP packets.

(Optional) define matching rules for message type of non-fragment packets.

20

Raisecom(config-aclmap)#match ip igmp { igmp-type-id

| dvmrp

| leave-v2| pim-v1 | query | report-v1 | report-v2 |reportv3 }

(Optional) define matching rule for message type of IGMP packets.

Raisecom Technology Co., Ltd. 155

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

21

Command

Raisecom(config-aclmap)#match user-define rule-string rulemask offset

7 Security

Description

(Optional) configure matching rule for user-defined field, that is, two parameters of rule mask and offset take any byte from bytes 23 to 63 of the first

64 bytes, then comparing with userdefined rule to filter out matched data frame for processing.

For example, if you wish to filter all

TCP packets, you can define:

Rule: "06"

Rule mask: "FF"

Offset: "27"

The rule mask and offset value work together to filter out content of TCP protocol ID field, then comparing with rule and match with all TCP packets.

7.1.7 Applying ACL

Configure ACL for the ISCOM2110G-PWR as below.

The rule number must be a hex digital. Offset includes field 802.1q

VLAN Tag, even though the

ISCOM2110G-PWR receives

Untag packets.

ACL cannot take effect until ACL is added into a filter. Multiple ACL matching rules can be added into a filter to form multiple filter rules. When you configure the filter, the order to add ACL matching rule decides priority of the rule. The later the rules are added, the higher the priority is. If multiple rules are conflicted in matching calculation, take the higher priority rule as standard. Pay attention to the order of rules when setting the commands to filter packets correctly.

Applying ACL based on whole device

Apply ACL based on the whole device as below.

Step

1

2

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#filter { ipaccess-list | mac-access-list

| access-list-map } { acllist

| all } [ statistics ]

Configure the filter for the device. If the

statistics parameter is configured, the system will take statistics according to filter rules.

156 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

Command

Raisecom(config)#filter enable

7 Security

Description

Enable filter to make rules take effect.

Enabling the filter not only activates the filter rules, but also makes the filter rules set later take effect.

Applying ACL based on physical interface

Apply ACL based on the physical interface as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#filter

{ access-list-map | ip-accesslist | mac-access-list } { all | acl-list

} ingress interfacetype interface-list

[ statistics ]

Raisecom(config)#filter accesslist-mac { all | acl-list

} ingress interface-type interface-list valid

Configure filter on the interface. If the statistics parameter is configured, the system will take statistics according to filtering rules.

(Optional) enable the filter based on interface.

Use the filter { access-list-map | ip-

access-list | mac-access-list } { all |

acl-list } ingress interface-type

interface-list invalid command to disable this function.

Raisecom(config)#filter enable

Enable filter to make rules take effect. Enabling the filter not only activates the filter rules, but also makes the filter rules set later take effect.

Applying ACL based on VLAN

Apply ACL based on the VLAN as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#filter{ ipaccess-list| mac-access-list | access-list-map } { acl-list | all } vlan vlan-id [ doubletagging inner ] [ statistics ]

Description

Enter global configuration mode.

Configure ACL on the interface. If the statistics parameter is configured, the system will take statistics according to filtering rules.

Raisecom Technology Co., Ltd. 157

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

Command

Raisecom(config)#filter enable

7 Security

Description

Enable filter to make rules take effect. Enabling the filter not only activates the filter rules, but also makes the filter rules set later take effect.

7.1.8 Checking configurations

Use the following commands to check configuration results.

1

No.

2

3

4

5

Command

Raisecom#show ip-access-list

[ list-number

]

Raisecom#show mac-access-list

[ list-number

]

Raisecom#show access-list-map

[ list-number

]

Raisecom#show filter [ filternumber-list ]

Raisecom#show interface ip ipaccess-list

Description

Show configurations of IP ACL.

Show configurations of MAC ACL.

Show configurations MAP ACL.

Show filter configuration.

Show configurations of the filter on the Layer 3 interface.

7.1.9 Maintenance

Maintain the ISCOM2110G-PWR as below.

Command

Raisecom(config)#clear filter statistics

Description

Clear filter statistics.

7.2 Secure MAC address

7.2.1 Introduction

Port security MAC is mainly used for the switch on the edge of the network user side, which can ensure the security of access data on some interfaces, control the input packets according to source MAC address.

You can enable port security MAC to limit and distinguish which users can access the network through secure port. Only packets from the secure MAC addresses can access the network, and unsecure MAC addresses will be dealt with as configured interface access violation mode.

Raisecom Technology Co., Ltd. 158

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Secure MAC address classification

7 Security

Secure MAC addresses supported by the device are divided into the following three categories:

Static secure MAC address

Static secure MAC address is configured by user on secure interface manually; this MAC address will take effect when port security MAC is enabled. Static secure MAC address does not age and supports loading configuration.

Dynamic secure MAC address

The dynamic secure MAC address is learnt by the device. You can set the learnt MAC address to secure MAC address in the range of the maximum number of learnt MAC address. The dynamic secure MAC addresses ages and does not support configuration load.

Dynamic secure MAC address can be converted to Sticky secure MAC address if needed, so as not to be aged and support configuration load.

Sticky secure MAC address

Sticky secure MAC address is generated from the manual configuration of users in secure interface or converted from dynamic secure MAC address. Different from static secure MAC address, Sticky secure MAC address needs to be used in conjunction with Sticky learning:

When Sticky learning is enabled, Sticky secure MAC address will take effect and this address will not be aged and support loading configurations.

When Sticky learning is disabled, Sticky secure MAC address will lose effectiveness and be saved only in the system.

When Sticky learning is enabled, all dynamic secure MAC addresses learnt from an interface will be converted to Sticky secure MAC addresses.

When Sticky learning is disabled, all Sticky secure MAC addresses on an interface will be converted to dynamic secure MAC addresses.

Processing mode for violating secure MAC address

When the number of secure MAC addresses has already reached the maximum number, the strange source MAC address packets inputting will be regarded as violation operation. For the illegal user access, there are different processing modes to configure the switch according to secure MAC violation policy:

Protect mode: for illegal access users, the secure interface will discard the user's packets directly.

Restrict mode: for illegal access users, the secure interface will discard the user's packets, and the console will print Syslog information and send alarm to the network management system.

Shutdown mode: for illegal access users, the secure interface will discard the user's packets, and the console will print Syslog information and send alarm to the network management system and then shut down the secure interface.

Raisecom Technology Co., Ltd. 159

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 7 Security

When the MAC address is in drift, that is, the secure interface A receives one user access corresponding a secure MAC address on secure interface B, secure interface

A will take it as violation processing.

7.2.2 Preparing for configurations

Scenario

To ensure the security of data accessed by the interface of the switch, you can control the input packets according to source MAC address. With secure MAC address, you can configure permitting specified users to access the interface, or permitting specified number of users to access from this interface only. However, when the number of users exceeds the limit, the accessed packets will be processed in accordance with secure MAC address violation policies.

Prerequisite

N/A

7.2.3 Default configurations of secure MAC address

Default configurations of port security MAC are as below.

Function

Interface secure MAC

Aging time of dynamic secure MAC address

Dynamic secure MAC Sticky learning

Port secure MAC Trap

Port secure MAC violation processing mode

Maximum number of port security MAC

Default value

Disable

300s

Disable

Disable

Protect

1

7.2.4 Configuring basic functions of secure MAC address

We do not recommend enabling port security MAC on member interfaces of the

LAG.

We do not recommend using MAC address management function to configure static MAC addresses when port security MAC is enabled.

Port security MAC and 802.1x are mutually exclusive. We do not suggest configuring them concurrently.

Port security MAC and interface-based MAC address limit are mutually exclusive.

We do not recommend configuring them concurrently.

Raisecom Technology Co., Ltd. 160

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7 Security

Port security MAC and MAC address number limit based on interface+VLAN are mutually exclusive. We do not recommend configuring them concurrently.

Configure basic functions of secure MAC address for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

6

Command

Raisecom#config

Raisecom(config)#interfac e port port-id

Raisecom(configport)#switchport portsecurity

Raisecom(configport)#switchport portsecurity maximum maximum

Raisecom(configport)#switchport portsecurity violation

{ protect | restrict | shutdown }

Raisecom(config-port)#no port-security shutdown

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable port security MAC.

(Optional) configure the maximum number of secure MAC addresses.

(Optional) configure secure MAC violation mode.

(Optional) re-enable the interface which is shut down due to violating the secure

MAC address.

When secure MAC violation policy is in Shutdown mode, you can use this command to re-enable this interface which is shut down due to violating secure MAC address.

When the interface is Up, the configured secure MAC violation mode will continue to be valid.

7.2.5 Configuring static secure MAC address

Configure static secure MAC address for the ISCOM2110G-PWR as below.

Step

1

2

3

4

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(configport)#switchport portsecurity mac-address macaddress vlan vlan-id

Raisecom(configport)#switchport portsecurity

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable static port security MAC.

Configure secure MAC address.

Raisecom Technology Co., Ltd. 161

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.2.6 Configuring dynamic secure MAC address

Configure dynamic secure MAC address for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

7 Security

Command

Raisecom#config

Raisecom(config)#portsecurity aging-time period

Raisecom(config)#inter face port port-id

Raisecom(configport)#switchport portsecurity

Raisecom(configport)#switchport portsecurity trap enable

Description

Enter global configuration mode.

(Optional) configure the aging time of dynamic secure MAC address.

Enter physical layer interface configuration mode.

Enable dynamic secure MAC learning.

(Optional) enable port security MAC Trap.

The switchport port-security command can enable port security MAC and dynamic secure MAC learning at the same time.

7.2.7 Configuring Sticky secure MAC address

Configure Sticky secure MAC address for the ISCOM2110G-PWR as below.

1

Step

2

3

4

5

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#switchport port-security

(Optional) enable port security

MAC.

Raisecom(config-port)#switchport port-security mac-address sticky mac-address vlan vlan-id

Raisecom(config-port)#switchport port-security mac-address sticky

Manually configure Sticky secure

MAC learning.

(Optional) manually configure

Sticky secure MAC addresses.

Raisecom Technology Co., Ltd.

After Sticky port secure MAC learning is enabled, dynamic security port AMC is translated into the Sticky MAC address. Manually configured

Sticky security MAC address takes effect.

162

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.2.8 Checking configurations

Use the following commands to check configuration results.

1

No.

2

7 Security

Command

Raisecom#show port-security

[ port-list port-list

]

Raisecom#show port-security mac-address [ port-list port-list ]

Description

Show configurations of port security

MAC on the interface.

Show configurations of secure MAC address and secure MAC address learning.

7.2.9 Maintenance

Maintain the ISCOM2110G-PWR as below.

Command

Raisecom(config-port)#clear portsecurity { all | configured | dynamic | sticky }

Description

Clear a specified secure MAC address type on a specified interface.

7.2.10 Example for configuring secure MAC address

Networking requirements

As shown Figure 7-1, the switch connects 3 user networks. To ensure the security of switch

interface access data, the configuration is as below.

Port 1 permits 3 users to access network at most. The MAC address of one user is specified to 0000.0000.0001. The other 2 users dynamically learn the MAC addresses; the NView NNM system will receive Trap information once the user learns a MAC address. Violation mode is set to Protect and the aging time of the two learned MAC addresses is set 10min.

Port 2 permits 2 users to access network at most. The 2 user MAC addresses are confirmed through learning; once they are confirmed, they will not be aged. Violation mode is set to Restrict mode.

Port 3 permits 1 user to access network at most. The specified user MAC address is

0000.0000.0002. Whether to age user MAC addresses can be controlled. Violation mode adopts Shutdown mode.

Raisecom Technology Co., Ltd. 163

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 7 Security

Figure 7-1 Configuring secure MAC address

Configuration steps

Step 1 Configure the secure MAC address of Port 1.

Raisecom#config

Raisecom(config)#interface port 1

Raisecom(config-port)#switchport port-security

Raisecom(config-port)#switchport port-security maximum 3

Raisecom(config-port)#switchport port-security mac-address 0000.0000.0001 vlan 1

Raisecom(config-port)#switchport port-security violation protect

Raisecom(config-port)#switchport port-security trap enable

Raisecom(config-port)#exit

Raisecom(config)#port-security aging-time 10

Step 2 Configure the secure MAC address of Port 2.

Step 3 Configure the secure MAC address of Port 3.

Raisecom(config)#interface port 2

Raisecom(config-port)#switchport port-security

Raisecom(config-port)#switchport port-security maximum 2

Raisecom(config-port)#switchport port-security mac-address sticky

Raisecom(config-port)#switchport port-security violation restrict

Raisecom(config-port)#exit

Raisecom(config)#interface port 3

Raisecom(config-port)#switchport port-security

Raisecom(config-port)#switchport port-security maximum 1

Raisecom(config-port)#switchport port-security mac-address sticky

0000.0000.0002 vlan 1

Raisecom(config-port)#switchport port-security mac-address sticky

Raisecom Technology Co., Ltd. 164

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom(config-port)#switchport port-security violation shutdown

7 Security

Checking results

Use the show port-security [ port-list port-list ] command to show configurations of port security MAC.

Raisecom#show port-security port-list 1-3

Port security aging time:10 (mins) port status Max-Num Cur-Num His-Num vio-Count vio-action Dynamic-Trap

-------------------------------------------------------------------------

1 Enable 3 1 0 0 protect Enable

2 Enable 2 0 0 0 restrict Disable

3 Enable 1 1 0 0 shutdown Disable

Use the show port-security mac-address command to show secure MAC address and configurations of secure MAC address learning on an interface.

Raisecom#show port-security mac-address

VLAN Security-MAC-Address Flag Port Age(min)

-------------------------------------------------

2 0000.0000.0001 static 1 --

2 0000.0000.0002 sticky 3 --

7.3 Dynamic ARP inspection

7.3.1 Introduction

Dynamic ARP inspection is used for ARP protection of unsecure interface and prevents from responding ARP packets which do not meet the requirements, thus preventing ARP spoofing attack on the network.

There are 2 modes for dynamic ARP inspection:

Static binding mode: set the binding manually.

Dynamic binding mode: in cooperation with the DHCP snooping to generate dynamic binding. When DHCP Snooping entry is changed, the dynamic ARP inspection will also update dynamic binding entry synchronously.

The ARP inspection table, which is used for preventing ARP attacks, consists of DHCP snooping entries and statically configured ARP inspection rules, including IP address, MAC address, and VLAN binding information. In addition, the ARP inspection table associates this information with specific interfaces. The dynamic ARP inspection binding table supports the combination of following entries:

Interface+IP

165 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Interface+IP+MAC

Interface+IP+VLAN

Interface+IP+MAC+VLAN

7 Security

Dynamic ARP inspection interfaces are divided into the following two types according to trust status:

Trusted interface: the interface will stop ARP inspection, which conducts no ARP protection on the interface. All ARP packets are allowed to pass.

Untrusted interface: the interface takes ARP protection. Only ARP packets that match the binding table rules are allowed to pass. Otherwise, they are discarded.

Figure 7-2 Principle of dynamic ARP inspection

Figure 7-2 shows the principle of dynamic ARP inspection. When the ISCOM2110G-PWR

receives an ARP packet, it compares the source IP address, source MAC address, interface ID, and VLAN information of the ARP packet with the DHCP Snooping entry information. If matched, it indicates that it is a legal user and the ARP packets are permitted to pass.

Otherwise, it is an ARP attack and the ARP packet is discarded.

Dynamic ARP inspection also provides rate limiting on ARP packets to prevent unauthorized users from attacking the ISCOM2110G-PWR by sending a large number of ARP packets to the ISCOM2110G-PWR.

When the number of ARP packets received by an interface every second exceeds the threshold, the system will regard that the interface receives an ARP attack, and then discard all received ARP packets to avoid the attack.

The system provides auto-recovery and supports configuring the recovery time. The interfaces, where the number of received ARP packets is greater than the threshold, will recover to normal Rx/Tx status automatically after the recovery time expires.

Dynamic ARP inspection can also protect the specified VLAN. After the protection VLAN is configured, the ARP packets in specified VLAN on an untrusted interface will be protected.

Only the ARP packets, which meet binding table rules, are permitted to pass. Other packets are discarded.

7.3.2 Preparing for configurations

Scenario

Dynamic ARP inspection is used to prevent the common ARP spoofing attacks on the network, which isolates the ARP packets with unsafe sources. Trust status of an interface depends on

Raisecom Technology Co., Ltd. 166

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 7 Security whether it trusts ARP packets. However, the binding table decides whether the ARP packets meet requirement.

Prerequisite

Enable DHCP Snooping if there is a DHCP user.

7.3.3 Default configurations of dynamic ARP inspection

Default configurations of dynamic ARP inspection are as below.

Function

Dynamic ARP inspection interface trust status

Dynamic ARP inspection static binding

Binding status of dynamic ARP inspection and dynamic DHCP

Snooping

Default value

Untrusted

Disable

Disable

Binding status of dynamic ARP inspection and dynamic DHCP Relay Disable

Dynamic ARP inspection static binding table N/A

Dynamic ARP inspection protection VLAN

Interface rate limiting status for ARP packets

All VLANs

Disable

Interface rate limiting on ARP packets

Auto-recovery rate limiting on ARP packets

Auto-recovery time for rate limiting on ARP packets

100 pps

Disable

30s

7.3.4 Configuring trusted interfaces of dynamic ARP inspection

Configure trusted interfaces of dynamic ARP inspection for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Raisecom(config)#interface port port-id

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Set the interface to a trusted interface. 3

Raisecom(config-port)#ip arpinspection trust

7.3.5 Configuring static binding of dynamic ARP inspection

Configure static binding of dynamic ARP inspection for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 167

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

Command

Raisecom(config)#ip arpinspection static-config

Raisecom(config)#ip arpinspection binding ip-address

[ mac-address ] [ vlan vlanid ] port port-id

Description

Enable global static ARP binding.

Configure the static binding.

7 Security

7.3.6 Configuring dynamic binding of dynamic ARP inspection

Before enabling dynamic binding of dynamic ARP inspection, you need to use the ip

dhcp snooping command to enable DHCP Snooping.

Configure dynamic binding of dynamic ARP inspection for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Description

Enter global configuration mode.

Enable global dynamic ARP binding.

Raisecom(config)#ip arpinspection { dhcp-snooping | dhcp-relay }

7.3.7 Configuring protection VLAN of dynamic ARP inspection

Configure protection VLAN of dynamic ARP inspection for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Description

Enter global configuration mode.

Enable global dynamic ARP binding.

Raisecom(config)#ip arpinspection { dhcp-snooping | dhcp-relay }

7.3.8 Configuring rate limiting on ARP packets on interface

Configure rate limiting on ARP packets on the interface for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(config-port)#ip arprate-limit enable

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable interface ARP packet rate limiting.

168 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

Command

Raisecom(config-port)#ip arprate-limit rate rate-value

7 Security

Description

Configure rate limiting on ARP packets on the interface.

7.3.9 Configuring auto-recovery time for rate limiting on ARP packets

Configure the auto-recovery time for rate limiting on ARP packets for the ISCOM2110G-

PWR as below.

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#ip arp-ratelimit recover enable

Raisecom(config)#ip arp-ratelimit recover time time

Description

Enter global configuration mode.

Enable auto-recovery for rate limiting on ARP packets.

Configure the auto-recovery time for rate limiting on ARP packets.

7.3.10 Checking configurations

Use the following commands to check configuration results.

1

No.

2

3

Command

Raisecom#show ip arpinspection

Raisecom#show ip arpinspection binding [ port port-id ]

Raisecom#show ip arp-ratelimit

Description

Show configurations of dynamic ARP inspection.

Show information about the dynamic

ARP inspection binding table.

Show configurations of rate limiting on

ARP packets.

7.3.11 Example for configuring dynamic ARP inspection

Networking requirements

To prevent ARP attacks, configure dynamic ARP inspection function on Switch A, as shown

in Figure 7-3.

Uplink Port 3 permits all ARP packets to pass.

Downlink Port 1 permits ARP packets with specified IP address 10.10.10.1 to pass.

Other interfaces permit ARP packets complying with dynamic binding learnt by DHCP snooping to pass.

169 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7 Security

Downlink Port 2 configures rate limiting on ARP packets. The rate threshold is set to 20 pps and recovery time for rate limiting is set to 15s.

Figure 7-3 Configuring dynamic ARP inspection

Configuration steps

Step 1 Set Port 3 to the trusted interface.

Raisecom#config

Raisecom(config)#interface port 3

Raisecom(config-port)#ip arp-inspection trust

Raisecom(config-port)#exit

Step 2 Configure static binding.

Step 3 Enable binding between dynamic ARP inspection and dynamic DHCP Snooping.

Raisecom(config)#ip arp-inspection static-config

Raisecom(config)#ip arp-inspection binding 10.10.10.1 port 1

Step 4 Configure ARP packet rate limiting on the interface.

Raisecom(config)#ip dhcp snooping

Raisecom(config)#ip arp-inspection dhcp-snooping

Raisecom(config)#interface port 2

Raisecom(config-port)#ip arp-rate-limit rate 20

Raisecom(config-port)#ip arp-rate-limit enable

Raisecom(config-port)#exit

Raisecom Technology Co., Ltd. 170

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step 5 Configure auto-recovery for rate limiting on ARP packets.

Raisecom(config)#ip arp-rate-limit recover time 15

Raisecom(config)#ip arp-rate-limit recover enable

7 Security

Checking results

Use the show ip arp-inspection command to show configurations of interface trust status static/dynamic ARP binding.

Raisecom#show ip arp-inspection

Static Config ARP Inspection: Enable

DHCP Snooping ARP Inspection: Enable

DHCP Relay ARP Inspection: Disable

ARP Inspection Protect Vlan : 1-4094

Bind Rule Num : 1

Vlan Acl Num : 0

Remained Acl Num : 512

Port Trust

-------------

1 no

2 no

3 yes

4 no

Use the show ip arp-inspection binding command to show information about the dynamic

ARP binding table.

Raisecom#show ip arp-inspection binding

Ip Address Mac Address VLAN Port Type Inhw

---------------------------------------------------------------------

10.10.10.1 -- -- 1 static yes

Current Rules Num: 1

History Max Rules Num: 1

Use the show ip arp-rate-limit command to show configurations of rate limiting on the interface and auto-recovery time for rate limiting.

Raisecom#show ip arp-rate-limit arp rate limit auto recover: enable arp rate limit auto recover time: 15 second

Port Enable-Status Rate(Num/Sec) Overload

--------------------------------------------------

1 Disabled 100 No

Raisecom Technology Co., Ltd. 171

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2 Enabled 20 No

3 Disabled 100 No

4 Disabled 100 No

7 Security

7.4 RADIUS

7.4.1 Introduction

Remote Authentication Dial In User Service (RADIUS) is a standard communication protocol that authenticates remote access users intensively. RADIUS uses UDP as the transmission protocol (port 1812 and port 1813) which has a good instantaneity; at the same time, RADIUS supports retransmission mechanism and standby server mechanism which has a good reliability.

RADIUS authentication

RADIUS adopts client/server mode, network access device is used as client of RADIUS server. RADIUS server receives user connecting requests and authenticates users, then reply configurations to all clients for providing services. Control user access device and network and improve network security.

Communication between client and RADIUS server is authenticated by sharing key, which will not be transmitted on network. Besides, all user directions need to be encrypted when transmitting between client device and RADIUS server to ensure security.

RADIUS accounting

RADIUS accounting is used to authenticate users through RADIUS. When logging in, a user sends a starting account packet to the RADIUS accounting server, according to the accounting policy to send update packet to the RADIUS server. When logging off, the user sends a stopping account packet to the RADIUS accounting server, and the packet includes user online time. The RADIUS accounting server can record the access time and operations for each user through packets.

7.4.2 Preparing for configurations

Scenario

You can deploy RADIUS server on the network to take authentication and accounting to control user access to device and network. This device can be used as agent of RADIUS server, which authorizes user accessing according to feedback from RADIUS.

Prerequisite

N/A

7.4.3 Default configurations of RADIUS

Default configurations of RADIUS are as below.

Raisecom Technology Co., Ltd. 172

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

RADIUS accounting

IP address of RADIUS server

IP address of RADIUS accounting server

7 Security

Default value

Disable

0.0.0.0

0.0.0.0

Port ID of RADIUS authentication server

Port ID of RADIUS accounting server

1812

1813

Shared key used for communication with RADIUS accounting server N/A

Accounting failure processing policy

Period for sending update packet

Online

0

7.4.4 Configuring RADIUS authentication

Configure RADIUS authentication for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

6

7

8

Command

Raisecom#config

Description

Raisecom(config)#interface ip if-number

Enter Layer 3 interface configuration mode.

Raisecom(config-ip)#ip address ip-address [ ipmask ] [ vlan-list ]

Raisecom(config-ip)#end

Enter global configuration mode.

Configure an IPv4 address.

Return to privileged EXEC mode.

Raisecom#radius [ backup ] ip-address

[ auth-port portnumber

]

Assign the IP address and port ID for

RADIUS authentication server.

Configure the backup parameter to assign the backup RADIUS authentication server.

Raisecom#radius-key string

Configure the shared key for RADIUS authentication.

Raisecom#user login { localradius | local-user | radiuslocal [ server-no-response ]

| radius-user }

Raisecom#enable login

{ local-radius | local-user | radius-local [ server-noresponse ] | radius-user }

Configure users to perform login authentication through RADIUS.

Set the authentication mode for users to enter privileged EXEC mode to

RADIUS.

7.4.5 Configuring RADIUS accounting

Configure RADIUS accounting for the ISCOM2110G-PWR as below.

Raisecom Technology Co., Ltd. 173

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface ip if-number

3

Raisecom(config-ip)#ip address ip-address [ sub ]

[ ip-mask ] [ vlan-list ]

Raisecom(config-ip)#end

4

5

6

7

Raisecom#aaa accounting login enable

Raisecom#radius [ backup ] accounting-server ipaddress

[ account-port

]

Raisecom#radius accountingserver key string

7 Security

Description

Enter global configuration mode.

Enter Layer 3 interface configuration mode.

Configure an IPv4 address.

Return to privileged EXEC mode.

Enable RADIUS accounting.

8

9

Raisecom#aaa accounting fail { offline | online }

Raisecom#aaa accounting update period

Assign IP address and UDP port ID for the

RADIUS accounting server.

Configure the shared key to communicate with the RADIUS accounting server. The shared key must be identical to the one configured on the RADIUS accounting server. Otherwise, accounting will fail.

Configure the processing policy for accounting failure.

Configure the period for sending accounting update packets. If it is configured as 0, no accounting update packet is sent.

The RADIUS accounting server can record access time and operation for each user through accounting starting packets, update packets and accounting end packets.

7.4.6 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show radiusserver

Raisecom#show aaa accounting

Description

Show configurations of the RADIUS server.

Show configurations of global accounting.

Raisecom Technology Co., Ltd. 174

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.4.7 Example for configuring RADIUS

7 Security

Networking requirements

As shown in Figure 7-4, configure RADIUS authentication and accounting on Switch A to

authenticate login users and record their operations. The period for sending update packets is

2 set to minutes. The user will be offline if accounting fails.

Figure 7-4 Configuring RADIUS

Configuration steps

Step 1 Authenticate login users through RADIUS.

Raisecom#radius 192.168.1.1

Raisecom#radius-key raisecom

Raisecom#user login radius-user

Raisecom#enable login local-radius

Step 2 Account login users through RADIUS.

Raisecom#aaa accounting login enable

Raisecom#radius accounting-server 192.168.1.1

Raisecom#radius accounting-server key raisecom

Raisecom#aaa accounting fail offline

Raisecom#aaa accounting update 2

Checking results

Use the show radius-server command to show configurations of the RADIUS server.

Raisecom Technology Co., Ltd. 175

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#show radius-server

Authentication server IP: 192.168.1.1 port:1812

Backup authentication server IP:0.0.0.0 port:1812

Authentication server key: raisecom

Accounting server IP: 192.168.1.1 port:1813

Backup accounting server IP: 0.0.0.0 port:1813

Accounting server key: raisecom

7 Security

Use the show aaa accounting command to show configurations of RADIUS accounting.

Raisecom#show aaa accounting

Accounting login: enable

Accounting update interval: 2

Accounting fail policy: offline

7.5 TACACS+

7.5.1 Introduction

Terminal Access Controller Access Control System (TACACS+) is a kind of network access authentication protocol similar to RADIUS. The differences between them are:

TACACS+ uses TCP port 49, which has higher transmission reliability compared with

UPD port used by RADIUS.

TACACS+ encrypts the holistic of packets except the standard head of TACACS+, and there is a field to show whether the data packets are encrypted in the head of packet.

Compared to RADIUS user password encryption, the TACACS+ is much safer.

TACACS+ authentication function is separated from authorization and accounting functions; it is more flexible in deployment.

In a word, TACACS+ is safer and more reliable than RADIUS. However, as an open protocol,

RADIUS is more widely used.

7.5.2 Preparing for configurations

Scenario

To control users accessing to the ISCOM2110G-PWR and the network, you can authenticate and account users by deploying the TACACS+ server on the network. Compared with

RADIUS, TACACS+ is safer and more reliable. The ISCOM2110G-PWR can be used as the agent of the TACACS+ server, controlling users according to feedback result from the

TACACS+ server.

Prerequisite

N/A

Raisecom Technology Co., Ltd. 176

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.5.3 Default configurations of TACACS+

Default configurations of TACACS+ are as below.

7 Security

Function

TACACS+ function

Login mode

IP address of TACACS+ authentication server

IP address of TACACS+ accounting server

Shared key used for communication with TACACS+ accounting server

Accounting failure processing policy

Period for sending update packet

Default value

Disable

Local-user

0.0.0.0, shown as "--"

0.0.0.0, shown as "--"

N/A

Online

0

7.5.4 Configuring TACACS+ authentication

Configure TACACS+ authentication for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

6

7

8

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface ip if-number

Raisecom(config-ip)#ip address ip-address

[ ipmask

] [ vlan-list

]

Raisecom(config-ip)#end

Enter Layer 3 interface configuration mode.

Configure an IPv4 address.

Return to privileged EXEC mode.

Raisecom#tacacs-server

[ backup ] ip-address

Raisecom#user login

{ local-tacacs | localuser | tacacs-local

[ server-no-response ] | tacacs-user }

Raisecom#enable login

{ local-tacacs | localuser | tacacs-local

[ server-no-response ] | tacacs-user }

Assign the IP address and port ID for the

TACACS+ authentication server. Configure the backup parameter to assign the backup

TACACS+ authentication server.

Raisecom#tacacs-server key string

Configure the shared key for TACACS+ authentication.

Configure users to perform login authentication through TACACS+.

Set the authentication mode for users to enter privileged EXEC mode to TACACS+.

177 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.5.5 Configuring TACACS+ accounting

Configure TACACS+ accounting for the ISCOM2110G-PWR as below.

7 Security

Step

1

2

3

4

5

6

7

8

9

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface ip if-number

Raisecom(config-ip)#ip address ip-address

[ ipmask

] [ vlan-list

]

Raisecom(config-ip)#end

Enter Layer 3 interface configuration mode.

Configure an IPv4 address.

Return to privileged EXEC mode.

Raisecom#aaa accounting login enable

Raisecom#tacacs [ backup ] accounting-server ipaddress

Raisecom#tacacs-server key string

Enable TACACS+ accounting.

Assign IP address and UDP port ID for the

TACACS+ accounting server.

Configure the shared key to communicate with the TACACS+ accounting server.

Raisecom#aaa accounting fail { offline | online }

Configure the processing policy for accounting failure.

Raisecom#aaa accounting update period

Configure the period for sending accounting update packets. If configured as 0, no accounting update packet is sent.

7.5.6 Configuring TACACS+ authorization

Configure TACACS+ authorization for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#tacacs authorization enable

Description

Enable the TACACS+ authorization server.

7.5.7 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show tacacs-server

Description

Show configurations of the TACACS+ authentication server.

178 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

No.

2

Command

Raisecom#show radius-server

Description

7 Security

Show configurations on the TACACS+ accounting server.

Use the show radius-server command to show configurations of TACACS+ and RADIUS accounting.

By default, the results are configurations of RADIUS authentication.

7.5.8 Maintenance

Maintain the ISCOM2110G-PWR as below.

Command

Raisecom#clear tacacs statistics

Description

Clear TACACS+ statistics.

7.5.9 Example for configuring TACACS+

Networking requirements

As shown in Figure 7-5, configure TACACS+ authentication on Switch A to authenticate

users who log in to the ISCOM2110G-PWR.

Figure 7-5 Configuring TACACS+

Configuration steps

Authenticate login users through TACACS+.

Raisecom Technology Co., Ltd. 179

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#tacacs-server 192.168.1.1

Raisecom#tacacs-server key raisecom

Raisecom#user login tacacs-user

Raisecom#enable login local-tacacs

Checking results

Use the show tacacs-server command to show TACACS+ configurations.

Raisecom#show tacacs-server

Server Address: 192.168.1.1

Backup Server Address: --

Sever Shared Key: raisecom

Total Packet Sent: 0

Total Packet Recv: 0

Accounting server Address: --

Backup Accounting server Address: --

7 Security

7.6 Storm control

In most Layer 2 network, the unicast traffic is much heavier than the broadcast traffic. If the rate for broadcast traffic is not limited, when a broadcast storm is generated, much bandwidth will be occupied. Therefore, network performance will be reduced and unicast packet cannot be forwarded. In addition, the communication between devices may be interrupted.

Configuring storm control on Layer 2 devices can prevent broadcast storm from occurring when broadcast packets increase sharply on the network. In this case, the unicast packets can be properly forwarded.

Storm control allows an interface to filter broadcast packets received by the interface. After storm control is enabled, when the number of received broadcast packets reaches the preconfigured threshold, the interface will automatically discard the received packets. If storm control is disabled or if the number of received broadcast packets does not reach the preconfigured threshold, the broadcast packets are broadcasted to other interfaces of the switch properly.

7.6.1 Preparing for configurations

Scenario

Configuring storm control on Layer 2 devices can prevent broadcast storm from occurring when broadcast packets increase sharply on the network. In this case, the unicast packets can be properly forwarded.

Broadcast traffic may exist in following forms, so you need to limit the bandwidth for them on Layer 2 devices.

Unknown unicast traffic: the unicast traffic whose MAC destination address is not in

MAC address table. It is broadcasted by Layer 2 devices.

180 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7 Security

Unknown multicast traffic: the multicast traffic whose MAC destination address is not in

MAC address table. Generally, it is broadcasted by Layer 2 devices.

Broadcast traffic: the traffic whose MAC destination address is a broadcast MAC address. It is broadcasted by Layer 2 devices.

Prerequisite

Connect the interface properly, and configure it to make it physically Up.

7.6.2 Default configurations of storm control

Default configurations of storm control are as below.

Function

Broadcast storm control status

Multicast and unknown unicast storm control status

Allowed Bytes per second

DLF packet forwarding

Default value

Enable

Disable

64 Kbit/s

Enable

7.6.3 Configuring storm control

Configure storm control for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#stormcontrol { all | broadcast

| dlf | multicast } enable port-list port

list

Raisecom(config)#stormcontrol pps value

Enable storm control over broadcast traffic, multicast traffic, and unknown unicast traffic.

(Optional) configure the number of bytes that are allowed to pass every second.

7.6.4 Configuring DLF packet forwarding

Configure DLF packet forwarding for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Raisecom(config)#dlfforwarding enable

Description

Enter global configuration mode.

Enable DLF packet forwarding on the interface.

Raisecom Technology Co., Ltd. 181

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.6.5 Checking configurations

Use the following commands to check configuration results.

1

No.

2

Command

Raisecom#show storm-control

[ interface-type interfacenumber

]

Raisecom#show dlf-forwarding

Description

Show configurations of storm control.

7 Security

Show DLF packet forwarding status.

7.6.6 Example for configuring storm control

Networking requirements

As shown in Figure 7-6, to restrict influence on Switch A caused by broadcast storm, you

need to configure storm control on Switch A to control broadcast packets and unknown unicast packets. The control threshold is set to 640 Kbit/s, and the burst is set to 80 KBytes.

Figure 7-6 Storm control networking

Configuration steps

Step 1 Configure storm control on Switch A.

Raisecom#config

Raisecom(config)#storm-control broadcast enable port 1-2

Raisecom(config)#storm-control dlf enable port 1-2

Raisecom(config)#storm-control pps 1025

Checking results

Use the show storm-control command to show configurations of storm control.

Raisecom Technology Co., Ltd. 182

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#show storm-control

Threshold: 1025 pps

Port Broadcast Multicast DLF_Unicast

-------------------------------------------------------

1 Enable Disable Enable

2 Enable Disable Enable

3 Enable Disable Disable

4 Enable Disable Disable

5 Enable Disable Disable

6 Enable Disable Disable

7 Enable Disable Disable

8 Enable Disable Disable

9 Enable Disable Disable

10 Enable Disable Disable

7 Security

7.7 802.1x

7.7.1 Introduction

802.1x, based on IEEE 802.1x, is a VLAN-based network access control technology. It is used to solve authentication and security problems for LAN users.

It is used to authenticate and control access devices at the physical later of the network device.

It defines a point-to-point connection mode between the device interface and user devices.

User devices, connected to the interface, can access resources in the LAN if they are authenticated. Otherwise, they cannot access resources in the LAN through the switch.

802.1x structure

As shown in Figure 7-7, 802.1x authentication uses C/S mode, including the following 3 parts:

Supplicant: a user-side device installed with the 802.1x client software (such as Windows

XP 802.1x client), such as a PC

Authenticator: an access control device supporting 802.1x authentication, such as a switch

Authentication Server: a device used for authenticating, authorizing, and accounting users. Generally, the RADIUS server is taken as the 802.1x authentication server.

Figure 7-7 802.1x structure

Raisecom Technology Co., Ltd. 183

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Interface access control modes

7 Security

The authenticator uses the authentication server to authenticate clients that need to access the

LAN and controls interface authorized/ unauthorized status through the authentication results.

You can control the access status of an interface by configuring access control modes on the interface. 802.1x authentication supports the following 3 interface access control modes:

Protocol authorized mode (auto): the protocol state machine decides the authorization and authentication results. Before clients are successfully authenticated, only EAPoL packets are allowed to be received and sent. Users are disallowed to access network resources and services provided by the switch. If clients are authorized, the interface is switched to the authorized state, allowing users to access network resources and services provided by the switch.

Force interface authorized mode (authorized-force): the interface is in authorized state, allowing users to access network resources and services provided by the switch without being authorized and authenticated.

Force interface unauthorized mode (unauthorized-force): the interface is in unauthorized mode. Users are disallowed to access network resources and services provided by the switch, that is, users are disallowed to be authenticated.

802.1x authentication procedure

The supplicant and the authentication server exchange information through the Extensible

Authentication Protocol (EAP) packet while the supplicant and the authenticator exchange information through the EAP over LAN (EAPoL) packet. The EAP packet is encapsulated with authentication data. This authentication data will be encapsulated into the RADIUS protocol packet to be transmitted to the authentication server through a complex network.

Both the authenticator and the suppliant can initiate the 802.1x authentication procedure. This document takes the suppliant for an example, as shown below:

Step 1 The user enters the user name and password. The supplicant sends an EAPoL-Start packet to the authenticator to start the 802.1x authentication.

Step 2 The authenticator sends an EAP-Request/Identity to the suppliant, asking the user name of the suppliant.

Step 3 The suppliant replies an EAP-Response/Identity packet to the authenticator, which includes the user name.

Step 4 The authenticator encapsulates the EAP-Response/Identity packet to the RADIUS protocol packet and sends the RADIUS protocol packet to the authentication server.

Step 5 The authentication server compares with received encrypted password with the one generated by itself.

Step 6 If identical, the authenticator modifies the interface state to authorized state, allowing users to access the network through the interface and sends an EAP-Success packet to the suppliant.

Otherwise, the interface is in unauthorized state and sends an EAP-Failure packet to the suppliant.

802.1x timers

During 802.1x authentication, the following 5 timers are involved:

Reauth-period: re-authorization t timer. After the period is exceeded, the ISCOM2110G-

PWR re-initiates authorization.

Raisecom Technology Co., Ltd. 184

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7 Security

Quiet-period: quiet timer. When user authorization fails, the ISCOM2110G-PWR needs to keep quiet for a period. After the period is exceeded, the ISCOM2110G-PWR reinitiates authorization. During the quiet time, the ISCOM2110G-PWR does not process authorization packets.

Tx-period: transmission timeout timer. When the ISCOM2110G-PWR sends a

Request/Identity packet to users, the ISCOM2110G-PWR will initiate the timer. If users do not send an authorization response packet during the tx-period, the ISCOM2110G-

PWR will re-send an authorization request packet. The ISCOM2110G-PWR sends this packet three times in total.

Supp-timeout: Supplicant authorization timeout timer. When the ISCOM2110G-PWR sends a Request/Challenge packet to users, the ISCOM2110G-PWR will initiate supptimeout timer. If users do not send an authorization response packet during the supptimeout, the ISCOM2110G-PWR will re-send the Request/Challenge packet. The

ISCOM2110G-PWR sends this packet twice in total.

Server-timeout: Authentication server timeout timer. The timer defines the total timeout period of sessions between authorizer and the RADIUS server. When the configured time is exceeded, the authenticator will end the session with RADIUS server and start a new authorization process.

7.7.2 Preparing for configruations

Scenario

To realize access authentication on LAN users and ensure access user security, you need to configure 802.1x authentication on the ISCOM2110G-PWR.

If users are authenticated, they are allowed to access network resources. Otherwise, they cannot access network resources. By performing authentication control on user access interface, you can manage the users.

Prerequisite

If RADIUS authentication server is used, you need to perform following operations before configuring 802.1x authentication:

Configure the IP address of the RADIUS server and the RADIUS shared key.

The ISCOM2110G-PWR can ping through the RADIUS server successfully.

7.7.3 Default configurations of 802.1x

Default configurations of 802.1x are as below.

Function

Global 802.1x

Interface 802.1x

Interface access control mode

802.1x authentication method

Interface access control mode of 802.1x authentication

RADIUS server timout timer time

Default value

Disable

Disable

Auto chap portbase

100s

Raisecom Technology Co., Ltd. 185

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

802.1x re-authentication

802.1x re-authentication timer

802.1x quiet timer time

Request packet retransmission timer timeout

Supplicant authorization timer timout

7.7.4 Configuring basic functions of 802.1x

7 Security

Default value

Disable

3600s

60s

30s

30s

802.1x and STP are exclusive on the same interface. You cannot enable them concurrently.

Only one user authentication request is processed on an interface at a time.

Configure basic functions of 802.1x for the ISCOM2110G-PWR as below.

2

3

Step

1

4

5

6

7

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#dot1x enable

Enable global 802.1x.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#dot1x authentication-method { chap | eap | pap }

Raisecom(config-port)#dot1x enable

Raisecom(config-port)#dot1x auth-control { auto | authorized-force | unauthorized-force }

Raisecom(config-port)#dot1x auth-method { macbased | portbased }

Configure 802.1x protocol authentication mode.

Enable interface 802.1x.

Configure access control mode on the interface.

Configure access control mode of

802.1x authentication on the interface.

To configure EAP relay authentication mode, ensure that the RADIUS server supports EAP attributes.

If 802.1x is disabled in global/interface configuration mode, the interface access control mode of 802.1x is set to force interface authorized mode.

Raisecom Technology Co., Ltd. 186

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.7.5 Configuring 802.1x re-authentication

Configure 802.1x re-authentication for the ISCOM2110G-PWR as below.

7 Security

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(config-port)#dot1x reauthentication enable

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable 802.1x re-authentication.

Re-authentication is initiated for authorized users. Before enabling re-authentication, you must ensure that global/interface 802.1x is enabled. Authorized interfaces are still in this mode during re-authentication. If re-authentication fails, the interfaces are in unauthorized state.

7.7.6 Configuring 802.1x timers

Configure 802.1x timers for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

2

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

3

4

Raisecom(config-port)#dot1x timer reauth-period reauthperiod

Raisecom(config-port)#dot1x timer quiet-period quiet-period

Configure the time of the reauthentication timer.

Configure the time of the quiet timer.

5

Raisecom(config-port)#dot1x timer tx-period tx-period

Configure the time of the transmission timeout timer.

6

Raisecom(config-port)#dot1x timer supp-timeout supp-timeout

Configure the time of the supplicant authorization timeout timer.

7

Raisecom(config-port)#dot1x timer server-timeout servertimeout

Configure the time of the

Authentication server timeout timer.

7.7.7 Checking configurations

Use the following commands to check configuration results.

Raisecom Technology Co., Ltd. 187

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1

2

3

No. Command

Raisecom#show dot1x port-list port-list

7 Security

Description

Show 802.1x configurations on the interface.

Raisecom#show dot1x port-list port-list statistics

Raisecom#show dot1x port-list port-list user

Show 802.1x statistics on the interface.

Show user information of 802.1x authentication on the interface.

7.7.8 Maintenance

Maintain the ISCOM2110G-PWR as below.

Command

Raisecom(config)#clear dot1x port-list port-list

statistics

7.7.9 Example for configuring 802.1x

Description

Clear interface 802.1x statistics.

Networking requirements

To make users access external network, you need to configure 802.1x authentication on the

switch, as shown in Figure 7-8.

Configure the switch.

− IP address: 10.10.0.1

Subnet mask: 255.255.0.0

Default gateway address: 10.10.0.2

Perform authorization and authentication through the RADIUS server.

− IP address of the RADIUS server: 192.168.0.1

− Password of the RADIUS server: raisecom

Set the interface access control mode to protocol authorized mode.

After authorized successfully, the user can initiate re-authentication in 600 seconds.

Figure 7-8 Configuring 802.1x

Raisecom Technology Co., Ltd. 188

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configuration steps

Step 1 Configure the IP addresses of the Switch and RADIUS server.

Raisecom#config

Raisecom(config)#interface ip 0

Raisecom(config-ip)#ip address 10.10.0.1 255.255.0.0 1

Raisecom(config-ip)#exit

Raisecom(config)#ip default-gateway 10.10.0.2

Raisecom(config)#exit

Raisecom#radius 192.168.0.1

Raisecom#radius-key raisecom

Step 2 Enable global 802.1x and interface 802.1x.

Raisecom#config

Raisecom(config)#dot1x enable

Raisecom(config)#interface port 1

Raisecom(config-port)#dot1x enable

Step 3 Set the authorization mote to protocol authorization mode.

Raisecom(config-port)#dot1x auth-control auto

Step 4 Enable re-authentication and set the re-authentication time to 600s.

Raisecom(config-port)#dot1x reauthentication enable

Raisecom(config-port)#dot1x timer reauth-period 600

Checking results

Use the show dot1x port-list port-list command to show 802.1x configurations.

Raisecom#show dot1x port-list 1

802.1x Global Admin State: Enable

802.1x Authentication Method: Chap

Port 1

--------------------------------------------------------

802.1X Port Admin State: Enable

PAE: Authenticator

PortMethod: Portbased

PortControl: Auto

PortStatus: Authorized

7 Security

Raisecom Technology Co., Ltd. 189

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Authenticator PAE State: Initialize

Backend Authenticator State: Initialize

ReAuthentication: Disable

QuietPeriod: 60(s)

ServerTimeout: 100(s)

SuppTimeout: 30(s)

ReAuthPeriod: 3600(s)

TxPeriod: 30(s)

7 Security

7.8 IP Source Guard

7.8.1 Introduction

IP Source Guard uses a binding table to defend against IP Source spoofing and solve IP address embezzlement without identity authentication. IP Source Guard can cooperate with

DHCP Snooping to generate dynamic binding. In addition, you can configure static binding manually. DHCP Snooping filters untrusted DHCP packets by establishing and maintaining the DHCP binding database.

IP Source Guard binding entry

IP Source Guard is used to match packet characteristics, including source IP address, source

MAC address, and VLAN tags, and can support the interface to combine with the following characteristics (hereinafter referred to as binding entries):

Interface+IP

Interface+IP+MAC

Interface+IP+VLAN

Interface+IP+MAC+VLAN

According to the generation mode of binding entries, IP Source Guard can be divided into static binding and dynamic binding:

Static binding: configure binding information manually and generate binding entry to complete the interface control, which fits for the case where the number of hosts is small or where you need to perform separate binding on a single host.

Dynamic binding: obtain binding information automatically from DHCP Snooping to complete the interface control, which fits for the case where there are many hosts and you need to adopt DHCP to perform dynamic host configurations. Dynamic binding can effectively prevent IP address conflict and embezzlement.

Principle of IP Source Guard

The principle of IP Source Guard is to build an IP source binding table within the

ISCOM2110G-PWR. The IP source binding table is taken as the basis for each interface to

test received data packets. Figure 7-9 shows the principle of IP Source Guard.

If the received IP packets meet the relationship of Port/IP/MAC/VLAN binding entries in IP source binding table, forward these packets.

If the received IP packets are DHCP data packets, forward these packets.

Raisecom Technology Co., Ltd. 190

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Otherwise, discard these packets.

7 Security

Figure 7-9 Principle of IP Source Guard

Before forwarding IP packets, the ISCOM2110G-PWR compares the source IP address, source MAC address, interface ID, and VLAN ID of the IP packets with binding table information. If the information matches, it indicates that the user is legal and the packets are permitted to forward normally. Otherwise, the user is an attacker and the IP packets are discarded.

7.8.2 Preparing for configurations

Scenario

There are often some IP source spoofing attacks on the network. For example, the attacker forges legal users to send IP packets to the server, or the attacker forges the source IP address of another user to communicate. This makes the legitimate users cannot get network services normally.

With IP Source Guard binding, you can filter and control packets forwarded by the interface, prevent the illegal packets passing through the interface, thus to restrict the illegal use of network resources and improve the interface security.

Prerequisite

Enable DHCP Snooping before if there is a DHCP user.

7.8.3 Default configurations of IP Source Guard

Default configurations of IP Source Guard are as below.

Function

IP Source Guide static binding

IP Source Guide dynamic binding

Interface trust status

Disable

Disable

Untrusted

Default value

Raisecom Technology Co., Ltd. 191

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.8.4 Configuring interface trust status of IP Source Guard

7 Security

Configure interface trust status of IP Source Guard for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#inter face port port-id

3

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Raisecom(configport)#ip verify source trust

Configure the interface to a trusted interface.

7.8.5 Configuring IP Source Guide binding

Configuring static IP Source Guide binding

Configure IP Source Guide static binding for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

3

Raisecom(config)#ip verify source

Raisecom(config)#ip source binding ip-address [ mac-address ] [ vlan vlan-id ] port port-id

Description

Enter global configuration mode.

Enable static IP Source Guide binding.

Configure static binding.

The configured static binding does not take effect when global static binding is disabled. Only when global static binding is enabled, the static binding takes effect.

For an identical IP address, the manually-configured static binding will cover the dynamic binding. However, it cannot cover the existing static binding. When the static binding is deleted, the system will recover the covered dynamic binding automatically.

Configuring dynamic IP Source Guide binding

Configure IP Source Guide dynamic binding for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#ip verify source { dhcp-snooping | dhcprelay }

Description

Enter global configuration mode.

Enable IP Source Guide dynamic binding.

Raisecom Technology Co., Ltd. 192

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 7 Security

The dynamic binding learnt through DHCP Snooping does not take effect when global dynamic binding is disabled. Only when global dynamic binding is enabled can the dynamic binding take effect.

If an IP address exists in the static binding table, the dynamic binding does not take effect. In addition, it cannot cover the existing static binding.

Configuring binding translation

Configure binding translation for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

3

4

Raisecom(config)#ip verify source { dhcpsnooping | dhcp-relay }

Raisecom(config)#ip source binding { dhcpsnooping | dhcp-relay } static

Raisecom(config)#ip source binding autoupdate

Description

Enter global configuration mode.

Enable IP Source Guide dynamic binding.

Translate the dynamic binding to the static binding.

(Optional) enable auto-translation. After it is enabled, dynamic binding entries learned through DHCP Snooping are directly translated into static binding entries.

7.8.6 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show ip verify source

Description

Show global binding status and interface trusted status.

Raisecom#show ip source binding [ port port-id ]

Show configurations of IP Source Guard binding, interface trusted status, and binding table.

7.8.7 Example for configuring IP Source Guard

Networking requirements

As shown in Figure 7-10, to prevent IP address embezzlement, you need to configure IP

Source Guard on the switch.

The Switch permits all IP packets on Port 1 to pass.

Raisecom Technology Co., Ltd. 193

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7 Security

Port 2 permits IP packets with specified the IP address 10.10.10.1 and subnet mask

255.255.255.0 and the IP packets meeting DHCP Snooping learnt dynamic binding to pass.

Other interfaces only permit the packets meeting DHCP Snooping learnt dynamic binding to pass.

Figure 7-10 Configuring IP Source Guard

Configuration steps

Step 1 Set Port 1 to a trusted interface.

Raisecom#config

Raisecom(config)#interface port 1

Raisecom(config-port)#ip verify source trust

Raisecom(config-port)#exit

Step 2 Configure static binding.

Raisecom(config)#ip verify source

Raisecom(config)#ip source binding 10.10.10.1 port 2

Step 3 Enable global dynamic IP Source Guard binding.

Raisecom(config)#ip verify source dhcp-snooping

Raisecom Technology Co., Ltd. 194

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Checking results

7 Security

Use the show ip source binding command to show configurations of the static binding table.

Raisecom#show ip source binding

History Max Entry Num: 1

Current Entry Num: 1

Ip Address Mac Address VLAN Port Type Inhw

----------------------------------------------------------------------

10.10.10.1 -- -- 2 static yes

Use the show ip verify source command to show interface trusted status and configurations of IP Source Guard static/dynamic binding.

Raisecom#show ip verify source

Static Bind: Enable

Dhcp-Snooping Bind: Enable

Dhcp-Relay Bind: Disable

Port Trust

--------------------

1 yes

2 no

3 no

7.9 PPPoE+

7.9.1 Introduction

PPPoE Intermediate Agent (PPPoE+) is used to process authentication packets. PPPoE+ adds device information into the authentication packet to bind account and access device so that the account is not shared and stolen, and the carrier's and users' interests are protected. This provides the server with enough information to identify users, avoiding account sharing and theft and ensuring the network security.

With PPPoE dial-up mode, you can access the network through various interfaces of the device only when one authentication is successfully. However, the server cannot accurately differentiate users just by the authentication information, which contains the user name and password. With PPPoE+, besides the user name and the password, other information, such as the interface ID, is included in the authentication packet for authentication. If the interface ID identified by the authentication server cannot match with the configured one, authentication will fail. This helps prevent illegal users from stealing accounts of other legal users for accessing the network.

The PPPoE protocol adopts C/S mode, as shown in Figure 7-11. The Switch acts as a relay

agent. Users access the network through PPPoE authentication. If the PPPoE server needs to locate users, more information should be contained in the authentication packet.

195 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 7 Security

Figure 7-11 Accessing the network through PPPoE authentication

To access the network through PPPoE authentication, you need to pass through the following

2 stages: discovery stage (authentication stage) and session stage. PPPoE+ is used to process packets at the discovery stage. The following steps show the whole discovery stage.

Step 1 To access the network through PPPoE authentication, the client sends a broadcast packet

PPPoE Active Discovery Initiation (PADI). This packet is used to query the authentications server.

Step 2 After receiving the PADI packet, the authentication server replies a unicast packet PPPoE

Active Discovery Offer (PADO).

Step 3 If multiple authentication servers reply PADO packets, the client selects one from them and then sends a unicast PPPoE Active Discovery Request (PADR) to the authentication server.

Step 4 After receiving the PADR packet, if the authentication server believes that the user is legal, it sends a unicast packet PPPoE Active Discovery Session-confirmation (PADS) to the client.

PPPoE is used to add user identification information in to PADI and PADR. Therefore, the server can identify whether the user identification information is identical to the user account for assigning resources.

7.9.2 Preparing for configurations

Scenario

To prevent illegal client access during PPPoE authentication, you need to configure PPPoE+ to add additional user identification information in PPPoE packet for network security.

Because the added user identification information is related to the specified switch and interface, the authentication server can bind the user with the switch and interface to effectively prevent account sharing and theft. In addition, this helps users enhance network security.

Prerequisite

N/A

7.9.3 Default configurations of PPPoE+

Default configurations of I PPPoE+ are as below.

Raisecom Technology Co., Ltd. 196

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

Global PPPoE

Interface PPPoE

Padding mode of Circuit ID

Disable

Disable

Switch

Default value

Circuit ID information

Attached string of Circuit ID

Interface ID/VLAN ID/attached string hostname

Padded MAC address of Remote ID MAC address of the switch

Padding mode of Remote ID Binary

Interface trusted status

Tag overriding

Untrusted

Disable

7 Security

By default, PPPoE packet is forwarded without being attached any information.

7.9.4 Configuring basic functions of PPPoE+

PPPoE+ is used to process PADI and PADR packets. It is designed for the PPPoE client. Generally, PPPoE+ is only enabled on interfaces that are connected to the

PPPoE client. Trusted interfaces are interfaces through which the switch is connected to the PPPoE server. PPPoE+ and trusted interface are exclusive. An interface is either enabled with PPPoE+ or is a trusted interface.

Enabling PPPoE+

After interface PPPoE+ is enabled, PPPoE authentication packets sent to the interface will be attached with user information and then are forwarded to the trusted interface.

Enable PPPoE+ for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port port-id

Raisecom(configport)#pppoeagent enable

Enter physical layer interface configuration mode.

Enable interface PPPoE+.

Raisecom Technology Co., Ltd. 197

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configuring PPPoE trusted interface

7 Security

The PPPoE trusted interface can be used to prevent PPPoE server from being cheated and avoid security problems because PPPoE packets are forwarded to other non-service interfaces.

Generally, the interface connected to the PPPoE server is set to the trusted interface. PPPoE packets from the PPPoE client to the PPPoE server are forwarded by the trusted interface only.

In addition, only PPPoE received from the trusted interface can be forwarded to the PPPoE client.

Configure the PPPoE trusted interface for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(configport)#pppoeagent trust

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure the PPPoE trusted interface.

Because PPPoE+ is designed for the PPPoE client instead of the PPPoE server, downlink interfaces of the device cannot receive the PADO and PADS packets. It means that interfaces, where PPPoE+ is enabled, should not receive PADO and

PADS packet. If there interfaces receive these packets, it indicates that there are error packets and the packets should be discarded. However, these interfaces can forward PADO and PADS packets of trusted packet. In addition, PADI and PADR packets are forwarded to the trusted interface only.

7.9.5 Configuring PPPoE+ packet information

PPPoE is used to process a specified Tag in the PPPoE packet. This Tag contains Circuit ID and Remote ID.

Circuit ID: is padded with the VLAN ID, interface ID, and host name of request packets at the RX client.

Remote ID: is padded with the MAC address of the client or the switch.

Configuring Circuit ID

The Circuit ID has 2 padding modes: Switch mode and ONU mode. By default, Switch mode is adopted. In ONU mode, the Circuit ID has a fixed format. The following commands are used to configure the padding contents of the Circuit ID in Switch mode.

In switch mode, the Circuit ID supports 2 padding modes:

Default mode: when customized Circuit ID is not configured, the padding content is the

VLAN ID, interface ID, or the attached string. If the attached string is not defined, it is set to hostname by default.

Customized mode: when customized Circuit ID is configured, the padding content is the

Circuit IS string.

Configure the Circuit ID for the ISCOM2110G-PWR as below.

Raisecom Technology Co., Ltd. 198

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

2

3

7 Security

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#pppoeagent circuit-id mode { onu | switch }

Raisecom(config)#interface port port-id

Configure the padding mode of the Circuit

ID.

Enter physical layer interface configuration mode.

4

Raisecom(configport)#pppoeagent circuitid string

(Optional) set the Circuit ID to the customized string.

In default mode, the Circuit ID contains an attached string. By default, the attached string is set to the hostname of the switch. You can set it to a customized string.

Configure the attached string of the Circuit ID for the ISCOM2110G-PWR as below.

Description

Enter global configuration mode.

(Optional) configure the attached string of the Circuit ID.

If the Circuit ID is in default mode, attached string configured by this command will be added to the Circuit

ID.

Step

1

Command

Raisecom#config

2

Raisecom(config)

#pppoeagent circuit-id attach-string string

Configuring Remote ID

The Remote ID is padded with a MAC address of the switch or a client. In addition, you can specify the form (binary/ASCII) of the MAC address.

Configure the Remote ID for the ISCOM2110G-PWR as below.

Step

1

2

3

4

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(configport)#pppoeagent remote-id

{ client-mac | switch-mac }

Raisecom(configport)#pppoeagent remote-id format { ascii | binary }

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

(Optional) configure PPPoE+ Remote ID to be padded with the MAC address.

(Optional) configure the padding modes of the PPPoE+ Remote ID.

Raisecom Technology Co., Ltd. 199

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configuring Tag overriding

7 Security

Tags of some fields may be forged by the client because of some reasons. The client overrides the original Tags. After Tag overriding is enabled, if the PPPoE packets contain Tags, these

Tags are overridden. If not, add Tags to these PPPoE packets.

Configure Tag overriding for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#pppoeagent vendor-specific-tag overwrite enable

Enable Tag overriding.

7.9.6 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show pppoeagent [ port-list port-list ]

Raisecom#show pppoeagent statistic

[ port-list port-list ]

7.9.7 Maintenance

Maintain the ISCOM2110G-PWR as below.

Description

Show PPPoE+ configurations.

Show PPPoE+ statistics.

Command

Raisecom(config)#clear pppoeagent statistic

[ port-list port-list ]

Description

Clear PPPoE+ statistics.

7.9.8 Example for configuring PPPoE+

Networking requirements

As shown in Figure 7-12, to prevent illegal access during PPPoE authentication and to control

and monitor users, you need to configure PPPoE+ on the Switch.

Port 1 and Port 2 are connected to Client 1 and Client 2 respectively. Port 3 is connected to the PPPoE server.

Enable global PPPoE+ and enable PPPoE+ on Port 1 and Port 2. Set Port 3 to the trusted interface.

200 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7 Security

Set the attached string of the Circuit ID to raisecom. Set the padding content of the

Circuit ID on Port 1 to user01. Set the padding content of the Remote ID on Port 2 to the

MAC address of the client. The padding contents are in ASCII mode.

Enable Tag overriding on Port 1 and Port 2.

Figure 7-12 Configuring PPPoE+

Configuration steps

Step 1 Set Port 3 to the trusted interface.

Raisecom#config

Raisecom(config)#interface port 3

Raisecom(config-port)#pppoenagent trust

Raisecom(config-port)#exit

Step 2 Configure packet information about Port 1 and Port 2.

Raisecom(config)#pppoeagent circuit-id attach-string raisecom

Raisecom(config)#interface port 1

Raisecom(config-port)#pppoeagent circuit-id user01

Raisecom(config-port)#exit

Raisecom(config-port)#interface port 2

Raisecom(config-port)#pppoeagent remote-id client-mac

Raisecom(config-port)#pppoeagent remote-id format ascii

Raisecom(config-port)#exit

Step 3 Enable Tag overriding on Port 1 and Port 2.

Raisecom(config)#interface port 1

Raisecom(config-port)#pppoeagent vendor-specific-tag overwrite enable

Raisecom(config-port)#exit

Raisecom(config)#interface port 2

Raisecom(config-port)#pppoeagent vendor-specific-tag overwrite enable

Raisecom(config-port)#exit

Raisecom Technology Co., Ltd. 201

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step 4 Enable PPPoE+ on Port 1 and Port 2.

Raisecom(config)#interface port 1

Raisecom(config-port)#pppoeagent enable

Raisecom(config-port)#exit

Raisecom(config)#interface port 2

Raisecom(config-port)#pppoeagent enable

7 Security

Checking results

Use the show pppoeagent [ port-list port-list ] command to show PPPoE+ configurations.

Raisecom#show pppoeagent port-list 1-3

Attach-string: raisecom

Circuit ID padding mode: switch

Port Enable Trust-port Overwrite Remote-ID Format-rules Circuit-ID

----------------------------------------------------------------

1 enable no enable switch-mac binary user01

2 enable no enable client-mac ascii %default%

3 disable yes disable switch-mac binary %default%

**In switch mode, Circuit-ID's default string is: Port\Vlan\Attach-string.

**In onu mode, Circuit-ID's default string is: 0 0/0/0:0.0

0/0/0/0/0/0/MAC 0/0/Port:eth/4096.CVLAN LN.

**Attach-string's default string is the hostname.

7.10 Loopback detection

7.10.1 Introduction

Loopback detection can address the influence on network caused by a loopback, providing the self-detection, fault-tolerance and robustness.

Procedures for the loopback detection are shown as below:

All interfaces on the ISCOM2110G-PWR send the LoopBack-Detection packet periodically (the interval can be configured. By default, the interval is 4 seconds).

The ISCOM2110G-PWR checks the source MAC field of the received packet. If the

MAC address of the ISCOM2110G-PWR is saved in the source MAC field, it is believed that a loopback is detected on some interface of the ISCOM2110G-PWR. Otherwise, the packet is discarded.

If the Tx interface number and Rx interface number of a packet are identical, the interface will be shut down.

If the Tx interface number and Rx interface number of a packet are different, the interface with a bigger interface number will be shut down and the interface with a smaller interface number is in UP status.

Common loop types are self-loop, internal loop and external loop.

Raisecom Technology Co., Ltd. 202

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

As shown in Figure 7-13, Switch B and Switch C connect the user network.

7 Security

Self-loop: user loop on the same Ethernet interface of the same device. User network B has a loop, which forms self-loop.

Internal loop: the loop forming on different Ethernet interfaces of the same device.

Fastethernet 1/3/1 and Fastethernet 1/3/3 on Switch C forms an internal loop with the user network A.

External loop: the loop forming on the Ethernet interface of different devices. Switch A,

Switch B, and Switch C form external loop with user network C.

Figure 7-13 Loopback detection networking

In Figure 7-13, assume that both Switch B and Switch connect user network interfaces enable

loop detection function. The loop detection processing mechanism for the three loop types are as below:

Self-loop: the Rx/Tx packets interface numbers of Switch B are the same, shutdown interface 2 and remove self-loop.

Internal loop: Switch C will receive the loop detection packets issued by it and the Rx/Tx packets interface numbers are different, then shutdown interface 3 with bigger interface number to remove internal loop.

External loop: Switch B and Switch C will receive the loop detection packets from each other; generally, loop detection does not deal with external loop, Switch B and Switch C only send Trap alarm without blocking. But you can block one of the interfaces manually, such as blocking the device interface with bigger MAC address to remove external loop.

7.10.2 Preparing for configurations

Scenario

On the network, hosts or Layer 2 devices connected to access devices may form a loopback intentionally or involuntarily. Enable loopback detection on downlink interfaces of all access devices to avoid the network congestion generated by unlimited copies of data traffic. Once a loopback is detected on an interface, the interface will be blocked.

Prerequisite

Configure interface physical parameters to make it Up before configuring loopback detection.

Raisecom Technology Co., Ltd. 203

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.10.3 Default configurations of loopback detection

Default configurations of loopback detection are as below.

7 Security

Function

Interface loopback detection status

Automatic recovery time for the blocked interface

Loop process mode of loopback detection

Loopback detection period

Default value

Disable

No automatic recovery

Trap-only

4s

Loopback detection mode VLAN

Time for recovering the block interface due to loopback detection Infinite

Loopback detection VLAN VLAN 1

7.10.4 Configuring loopback detection

Loopback detection function and STP are exclusive, only one can be enabled at one time.

The directly connected device cannot be enabled with loopback detection at both ends simultaneously; otherwise the interfaces at both ends will be blocked.

Configure loopback detection for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

3

Raisecom(config)#loopbackdetection { enable | disable } port-list

port-list

Raisecom(config)#loopbackdetectiondestination-address mac-address

Enter global configuration mode.

Enable loopback detection on the interface.

Description

(Optional) configure the destination

MAC address of loopback detection packets.

4

5

Raisecom(config)#loopbackdetection vlan vlan-id

Raisecom(config)#loopbackdetection hello-time period

Loopback detection in the entire topology must be configured the same; otherwise, loopback detection may fail.

(Optional) configure loopback detection VLAN.

Configure the period for sending loopback detection packets.

Raisecom Technology Co., Ltd. 204

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

6

7

8

Command

Raisecom(config)#loopbackdetection error-device

{ discarding | trap-only } portlist port

list

7 Security

Description

(Optional) configure process mode when the interface receives loopback detection message from other devices.

Raisecom(config)#loopbackdetection down-time { time-value

| trap-only | infinite }

(Optional) configure the time for automatically recover the blocked interface due to loopback detection.

Raisecom(config)#interface port port-id

Raisecom(config-port)#no loopback-detection discarding

Enable the interface blocked due to loopback detection.

7.10.5 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show loopback-detection port-list port-list

2

Raisecom#show loopback-detection statistics port-list port list

Description

Show interface loopback detection configuration.

Show statistics of loopback detection.

7.10.6 Maintenance

Maintain the ISCOM2110G-PWR by below commands.

Command

Raisecom(config-port)#clear loopbackdetection statistic

Description

Clear loopback detection statistics.

7.10.7 Example for configuring loopback detection

Networking requirements

As shown in Figure 7-14, Port 1 on Switch A is connected to the core network; Port 2 and Port

3 on Switch A are connected to the user network. There is loop in user network. There is a loop on the user network. Enable loopback detection on Switch A to detect the loop on user network, and then block the related port.

Raisecom Technology Co., Ltd. 205

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 7 Security

Figure 7-14 Loopback detection networking

Configuration steps

Step 1 Create VLAN 3, and add Port 2 and Port 3 into VLAN 3.

Raisecom#config

Raisecom(config)#create vlan 3 active

Raisecom(config)#interface port 2

Raisecom(config-port)#switchport access vlan 3

Raisecom(config-port)#exit

Raisecom(config)#interface port 3

Raisecom(config-port)#switchport access vlan 3

Raisecom(config-port)#exit

Step 2 Enable loopback detection on the specified interface.

Raisecom(config)#loopback-detection enable port-list 2-3

Raisecom(config)#loopback-detection vlan 3

Raisecom(config)#loopback-detection hello-time 3

Checking configurations

Use the show loopback-detection command to show loopback detection status.

Raisecom#show loopback-detection port-list 2-3

Destination address: FFFF.FFFF.FFFF

VLAN:3

Raisecom Technology Co., Ltd. 206

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 7 Security

Period of loopback-detection:3s

Restore time:infinite

Port State Status exloop-act Last Last-Occur Open-Time vlan

Loop-with (ago) (ago)

-------------------------------------------------------------------------

2 Ena no trap-only -- -- -- --

3 Ena no trap-only -- -- -- --

7.11 Line detection

7.11.1 Introduction

Line detection is a module to detect physical lines and provides you with status query function, so it can help you analyze fault source and maintain the network.

7.11.2 Preparing for configurations

Scenario

With this function, you can query status of physical lines between devices, analyze faults, and thus maintain the network.

Prerequisite

N/A

7.11.3 Configuring line detection

Configure line detection for the ISCOM2110G-PWR as below.

1

Step Command

Raisecom#test cable-diagnostics portlist { all | port-list

}

7.11.4 Checking configurations

Use the following command to check configuration result.

Description

Detect physical link status.

1

No. Command

Raisecom#show cable-diagnostics port-list { all | port-list }

Description

Show information about line detection.

Raisecom Technology Co., Ltd. 207

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

7.11.5 Example for configuring line detection

7 Security

Networking requirements

As shown in Figure 7-15, to help you analyze fault source, conduct line detection on the

Switch.

No line detection is done before.

Figure 7-15 Line detection networking

Configuration steps

Conduct line detection on Ports 1–3 on the ISCOM2110G-PWR.

Raisecom#test cable-diagnostics port-list 1-3

Checking results

Use the show cable-diagnostics port-list [ all | port-list ] command to show configurations of line detection on the interface.

Raisecom#show cable-diagnostics port-list 1-2

Port Attribute Time RX Stat RX Len(m) TX Stat TX Len(m) ----

-------------------------------------------------------------------

1 Issued 01/09/2011 08:13:03 Normal 0 Normal 0

2 Issued 01/09/2011 08:13:03 Normal 0 Normal 0

Remove the line that connects PC 1 and the ISCOM2110G-PWR from the PC 1, and conduct line detection again. Use the show cable-diagnostics port-list [ all | port-list ] command again to show configurations of line detection on the interface.

Raisecom Technology Co., Ltd. 208

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 7 Security

Raisecom#show cable-diagnostics port-list 1-2

Port Attribute Time RX Stat RX Len(m) TX Stat TX Len(m)

-----------------------------------------------------------------------

1 Issued 01/09/2011 08:18:09 Open 3 Open 3

2 Issued 01/09/2011 08:18:09 Normal 0 Normal 0

Raisecom Technology Co., Ltd. 209

8 Reliability

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8

Reliability

This chapter describes basic principle and configuration of reliability and provides related configuration examples.

Link aggregation

Interface backup

Failover

STP

MSTP

RRPS

8.1 Link aggregation

8.1.1 Introduction

With link aggregation, multiple physical Ethernet interfaces are combined to form a Logical

Aggregation Group (LAG). Multiple physical links in one LAG are taken as a logical link.

The link aggregation helps share traffics among members in an LAG. Besides effectively improving reliability on links between devices, link aggregation helps gain higher bandwidth without upgrading hardware.

Generally, the link aggregation consists of manual link aggregation, static Link Aggregation

Control Protocol (LACP) link aggregation, and dynamic LACP link aggregation.

Manual link aggregation

Manual link aggregation refers to a process that multiple physical interfaces are aggregated to a logical interface. Links under a logical interface share loads.

Static LACP link aggregation

Link Aggregation Control Protocol (LACP) is a protocol based on IEEE802.3ad. LACP communicates with the peer through the Link Aggregation Control Protocol Data Unit

(LACPDU). In addition, you should manually configure the LAG. After LACP is enabled on an interface, the interface sends a LACPDU to inform the peer of its system LACP protocol priority, system MAC address, interface LACP priority, interface ID, and operation Key.

Raisecom Technology Co., Ltd. 210

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

After receiving the LACPDU, the peer compares its information with the one received by other interfaces to select a selected interface. Therefore, the interface and the peer are in the same Selected state. The operation key is a configuration combination automatically generated based on configurations of the interface, such as the speed, duplex mode, and

Up/Down status. In a LAG, interfaces in the Selected state share the identical operation key.

Dynamic LACP link aggregation

In dynamic LACP link aggregation, the system automatically creates and deletes the LAG and member interfaces through LACP. Interfaces cannot be automatically aggregated into a group unless their basic configurations, speeds, duplex modes, connected devices, and the peer interfaces are identical.

In manual aggregation mode, all member interfaces are in forwarding state, sharing loads. In static/dynamic LACP mode, there are backup links.

Link aggregation is the most widely used and simplest Ethernet reliability technology.

The ISCOM2110G-PWR supports manual and static link aggregation only.

8.1.2 Preparing for configurations

Scenario

To provide higher bandwidth and reliability for a link between two devices, configure link aggregation.

With link aggregation, multiple physical Ethernet interface are added into a LAG and are aggregated to a logical link. Link aggregation helps share uplink and downlink traffic among members in one LAG. Therefore, the link aggregation helps obtain higher bandwidth and helps members in one LAG back up data for each other, which improves reliability of

Ethernet connection.

Prerequisite

Configure physical parameters on an interface and make the physical layer Up.

8.1.3 Default configurations of link aggregation

Default configurations of link aggregation are as below.

LAG

Function

Link aggregation

Load balancing mode

LACP system priority

LACP interface priority

Default value

Enable

Sxordmac

Existing, in manual mode

32768

LACP priority without specifying interface

Interface dynamic LACP link aggregation Disable

Raisecom Technology Co., Ltd. 211

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.1.4 Configuring manual link aggregation

Configure manual link aggregation for the ISCOM2110G-PWR as below.

8 Reliability

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#trunk group group-id port port-list

Raisecom(config)#trunk enable

Raisecom(config)#trunk loading-sharing mode { dip | dmac | sip |smac | sxordip | sxordmac }

Configure LAG.

Enable LAG.

(Optional) configure load sharing mode for link aggregation.

In the same LAG, member interfaces that share loads must be identically configured.

These configurations include QoS, QinQ, VLAN, interface properties, and MAC address learning.

QoS: traffic policing, rate limit, SP queue, WRR queue scheduling, interface

 priority and interface trust mode

QinQ: QinQ enabling/disabling status on the interface, added outer VLAN tag, policies for adding outer VLAN Tags for different inner VLAN IDs

VLAN: the allowed VLAN, default VLAN and the link type (Trunk or Access) on the interface, subnet VLAN configurations, protocol VLAN configurations, and whether VLAN packets carry Tag

Port properties: whether the interface is added to the isolation group, interface rate, duplex mode, and link Up/Down status

MAC address learning: whether enabling the MAC address learning, and whether the MAC address limit is configured on the interface

8.1.5 Configuring static LACP link aggregation

Configure static LACP link aggregation for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#lacp system-priority system-priority

(Optional) configure system LACP priority. The higher priority end is active end. LACP chooses active and backup interfaces according to the active end configuration. The smaller the number is, the higher the priority is. The smaller system

MAC address device will be chosen as active end if devices system LACP priorities are identical.

Raisecom(config)#lacp timeout { fast | slow }

Configure LACP timeout mode.

Raisecom Technology Co., Ltd. 212

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

5

Command

Raisecom(config)#trun k group group-id port port-list

[ lacpstatic ]

Raisecom(config)#inte rface port port-id

Description

Create a static LACP LAG.

8 Reliability

(Optional) enter physical layer interface configuration mode.

6

7

8

9

10

11

Raisecom(configport)#lacp portpriority portpriority

(Optional) configure LACP priority on the interface. It affects electing the default interface of LACP. The smaller the value is, the higher the priority is.

Raisecom(configport)#lacp mode

{ active | passive }

(Optional) configure LACP mode for member interfaces. If both two ends of a link are in passive mode, LACP connection cannot be established.

Raisecom(configport)#exit

Raisecom(config)#trun k enable

Raisecom(config)#trun k loading-sharing mode { dip | dmac | sip |smac | sxordip | sxordmac }

Raisecom(config)#trun k group group-id

minactive links threshold

Return to global configuration mode.

Enable LAG.

(Optional) configure load sharing mode for the aggregation link.

(Optional) configure the minimum number of active links in LACP LAG.

The interface in static LACP LAG can be in active or standby status. Both the active interface and standby interface can receive/send LACP packets, but the standby interface cannot send client packets.

The system chooses default interface in the order of neighbor discovery, interface maximum speed, interface highest LACP priority, and interface minimum ID. The interface is in active status by default, the interface with identical speed, identical peer and identical device operation key is also in active status; other interfaces are in standby status.

8.1.6 Checking configurations

Use the following commands to check configuration results.

1

No. Command

Raisecom#show lacp internal

Description

Show local LACP interface status, tag, interface priority, administration key, operation key, and interface status machine status.

Raisecom Technology Co., Ltd. 213

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

2

No. Command

Raisecom#show lacp neighbor

3

4

Raisecom#show lacp statistics

Raisecom#show lacp sys-id

8 Reliability

Description

Show the peer LACP information, including tag, interface priority, device ID, Age, operation key value, interface

ID, and interface status machine status.

Show interface LACP statistics, including total number of received/sent LACP packets, the number of received/sent

Marker packets, the number of received/sent Marker

Response packets, the number of errored Marker

Response packets,

Show global LACP enabling status of the local system, device ID, including system LACP priority and system

MAC address.

Show configurations of all LAGs. 5

Raisecom#show trunk

8.1.7 Example for configuring manual link aggregation

Networking requirements

As shown in Figure 8-1, to improve link reliability between Switch A and Switch B, you need

to configure manual link aggregation for the two devices. Add Port 1 and Port 2 into the LAG to build up a unique logical interface. The LAG conducts load sharing according to the source

MAC address.

Figure 8-1 Configuring manual link aggregation

Configuration steps

Step 1 Create a manual LAG.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#trunk group 1 port 1-2

Raisecom Technology Co., Ltd. 214

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configure Switch B.

Step 2 Configure the load sharing mode for aggregated links.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#trunk group 1 port 1-2

Configure Switch A.

SwitchA(config)#trunk loading-sharing mode smac

Configure Switch B.

SwitchB(config)#trunk loading-sharing mode g smac

Step 3 Enable link aggregation.

Configure Switch A.

SwitchA(config)#trunk enable

Configure Switch B.

SwitchB(config)#trunk enable

8 Reliability

Checking results

Use the show trunk command to show global configurations of manual link aggregation.

SwitchA#show trunk

Trunk: Enable

Loading sharing mode: SMAC

Trunk Group Mode Member Ports Efficient Ports

-----------------------------------------------------------

1 manual 1,2 1,2

Raisecom Technology Co., Ltd. 215

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.1.8 Example for configuring static LACP link aggregation

8 Reliability

Networking requirements

As shown in Figure 8-2, to improve link reliability between Switch A and Switch B, you can

configure a static LACP link aggregation between these 2 devices. Add Port 1 and Port 2 into one LAG, where Port 1 is used as the current link and Port 2 is the protection link.

Figure 8-2 Configuring static LACP link aggregation

Configuration steps

Step 1 Configure the static LACP LAG on Switch A and set Switch A to the active end.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#truck group 1 port 1-2 lacp-static

SwitchA(config)#lacp system-priority 1000

SwitchA(config)#trunk group 1 min-active links 1

SwitchA(config)#interface port 1

SwitchA(config-port)#lacp port-priority 1000

SwitchA(config-port)#exit

SwitchA(config)#trunk enable

Step 2 Configure the static LACP LAG on Switch B.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#truck group 1 port 1-2 lacp-static

SwitchB(config)#lacp system-priority 1000

SwitchB(config)#trunk enable

Raisecom Technology Co., Ltd. 216

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Checking results

8 Reliability

Use the show trunk command to show global configurations of static LACP link aggregation on Switch A.

SwitchA#show trunk

Trunk: Enable

Loading sharing mode: SMAC

Trunk Group Mode Member Ports Efficient Ports

-----------------------------------------------------------

1 static 1,2 --

Use the show lacp internal command to show local system LACP interface state, flag, interface priority, administration key, operation key, and interface state machine state on

Switch A.

SwitchA#show lacp internal

Flags:

S - Device is requesting Slow LACPDUs

F - Device is requesting Fast LACPDUs

A - Device is in Active mode

P - Device is in Passive mode

Port State Flags Port-Pri Admin-key Oper-key Port-State

---------------------------------------------------------------------

1 down FA 1000 0x1 0x1 0xF

2 down FA 32768 0x1 0x1 0xF

Use the show lacp neighbor command to show peer system LACP interface state, flag, interface priority, administration key, operation key, and interface state machine state on

Switch A.

8.2 Interface backup

8.2.1 Introduction

In dual uplink networking, Spanning Tree Protocol (STP) is used to block the redundancy link and implements backup. Though STP can meet users' backup requirements, but it fails to meet switching requirements. Though Rapid Spanning Tree Protocol (RSTP) is used, the convergence is second level only. This is not a satisfying performance parameter for high-end

Ethernet switch which is applied to the Carrier-grade network core.

Interface backup, targeted for dual uplink networking, implements redundancy backup and quick switching through working and protection links. It ensures performance and simplifies configurations.

Raisecom Technology Co., Ltd. 217

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Interface backup is another solution of STP. When STP is disabled, you can realize basic link redundancy by manually configuring interfaces. If the switch is enabled with STP, you should disable interface backup because STP has provided similar functions.

Principle

Interface backup is realized by configuring the interface backup group. Each interface backup group contains a primary interface and a backup interface. The link, where the primary interface is, is called a primary link while the link, where the backup interface is, is called the backup interface. Member interfaces in the interface backup group supports physical interfaces and LAGs. However, they do not support Layer 3 interfaces.

In the interface backup group, when an interface is in Up status, the other interface is in

Standby statue. At any time, only one interface is in Up status. When the Up interface fails, the Standby interface is switched to the Up status.

Figure 8-3 Principles of interface backup

As shown in Figure 8-3, Port 1 and Port 2 on Switch A are connected to their uplink devices

respectively. The interface forwarding states are shown as below:

Under normal conditions, Port 1 is the primary interface while Port 2 is the backup interface. Port 1 and the uplink device forward packet while Port 2 and the uplink device do not forward packets.

When the link between Port 1 and its uplink device fails, the backup Port 2 and its uplink device forward packets.

When Port 1 restores normally and keeps Up for a period (restore-delay), Port 1 restores to forward packets and Port 2 restores standby status.

When a switching between the primary interface and the backup interface occurs, the switch sends a Trap to the NView NNM system.

Application of interface backup in different VLANs

By applying interface backup to different VLANs, you can enable two interfaces to share

service load in different VLANs, as shown in Figure 8-4.

Raisecom Technology Co., Ltd. 218

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-4 Application of interface backup in different VLANs

In different VLANs, the forwarding status is shown as below:

Under normal conditions, configure Switch A in VLANs 100–150.

In VLANs 100–150, Port 1 is the primary interface and Port 2 is the backup interface.

In VLANs 151–200, Port 2 is the primary interface and Port 1 is the backup interface.

Port 1 forwards traffic of VLANs 100–150, and Port 2 forwards traffic of VLANs 151–

200.

When Port 1 fails, Port 2 forwards traffic of VLANs 100–200.

When Port 1 restores normally and keeps Up for a period (restore-delay), Port 1 forwards traffic of VLANs 100–150, and Port 2 forwards VLANs 151–200.

Interface backup is used share service load in different VLANs without depending on configurations of uplink switches, thus facilitating users' operation.

8.2.2 Preparing for configurations

Scenario

When STP is disabled, by configuring interface backup, you can realize redundancy backup and fast switching of primary/backup link, and load sharing between different interfaces.

Compared with STP, interface backup not only ensures millisecond level fast switching, also simplifies configurations.

Prerequisite

Create VLANs.

Add interfaces to VLANs.

Disable STP.

8.2.3 Default configurations of interface backup

Default configurations of interface backup are as below.

Raisecom Technology Co., Ltd. 219

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

Interface backup group

Restore-delay

Restoration mode

8 Reliability

Default value

N/A

15s

Interface connection mode (port-up)

8.2.4 Configuring basic functions of interface backup

Configure basic functions of interface backup for the ISCOM2110G-PWR as below.

Interface backup and STP, loopback detection, Ethernet ring, or ELPS, and ERPS may interfere with each other. Configuring both of them on an interface is not recommended.

Step Command Description

1

Raisecom#config

Enter global configuration mode.

2

3

4

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(configport)#switchport backup port port-id

[ vlanlist vlan-list

]

Raisecom(config-port)#exit

Configure the interface backup group.

Return to global configuration mode.

5

Raisecom(config)#switchport backup restore-delay period

(Optional) configure the restore-delay period.

6

Raisecom(config)#switchport backup restore-mode { disable | neighbor-discover | port-up }

(Optional) configure restoration mode.

In an interface backup group, an interface is either a primary interface or a backup interface.

In a VLAN, an interface or a LAG cannot be a member of two interface backup groups simultaneously.

 If you set a LAG as a member of interface backup group, you need to set the member with the minimum interface ID in the LAG as the member. When the member is in Up status, this indicates that the LAG has a Up interface. When the member is in Down status, this indicates that all interfaces in the LAG are Down.

Raisecom Technology Co., Ltd. 220

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.2.5 (Optional) configuring FS on interfaces

8 Reliability

 After FS is successfully configured, the primary/backup link will be switched; namely, the current link is switched to the backup link (without considering Up/Down status of the primary/backup interface). For example, when both the primary interface and backup interface are in Up status, the primary link transmits data. In this situation, if you perform forcible switchover, the working link changes from the primary link to the backup link.

In the FS command, the backup interface number is optional. If the primary interface is configured with multiple interface backup groups, you should input the backup interface ID.

Configure FS on interfaces for the ISCOM2110G-PWR as below.

1

2

Step

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(configport)#switchport backup

[ port port-id ] force-switch

Configure FS on the interface.

8.2.6 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show switchport backup

Description

Show related status information of interface backup, including restoration delay time, restoration mode, and interface backup groups.

8.2.7 Example for configuring interface backup

Networking requirements

When only link aggregation is configured, all VLAN data comes from only one interface, where packet discarding occurs and services are impacted. In this situation, you can configure two LAGs to sharing VLAN data to two interfaces so that load balancing can work and the protection feature of LAGs can be inherited.

As shown in Figure 8-5, the PC accesses the server through switches. To realize a reliable

remote access from the PC to the server, configure an interface backup group on Switch A and specify the VLAN list so that the two interfaces concurrently forward services in different

VLANs and share load. Configure Switch A as below:

Raisecom Technology Co., Ltd. 221

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8 Reliability

Switch A is in VLANs 100–150. Port 1 is the primary interface and Port 2 is the backup interface.

Switch A is in VLANs 151–200. Port 2 is the primary interface and Port 1 is the backup interface.

When Port 1 or its link fails, the system switches to the backup Port 2 to resume the link.

Switch A should support interface backup while Switch B, Switch C, and Switch D do not need to support interface backup.

Figure 8-5 Configuring interface backup

Configuration steps

Step 1 Create VLANs 100–200 and add Port 1 and Port 2 to VLANs 100–200.

Raisecom#config

Raisecom(config)#create vlan 100-200 active

Raisecom(config)#interface port 1

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm

Raisecom(config-port)#exit

Raisecom(config)#interface port 2

Raisecom(config-port)#switchport mode trunk

Raisecom(config-port)#switchport trunk allowed vlan 100-200 confirm

Raisecom(config-port)#exit

Step 2 Set Port 1 to the primary interface and set Port 2 to the backup interface in VLANs 100–150.

Raisecom(config)#interface port 1

Raisecom(config-port)#switchport backup port 2 vlanlist 100-150

Raisecom(config-port)#exit

Raisecom Technology Co., Ltd. 222

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Step 3 Set Port 2 to the primary interface and set Port 1 to the backup interface in VLANs 151–200.

Raisecom(config)#interface port 2

Raisecom(config-port)#switchport backup port 1 vlanlist 151-200

Checking results

Use the show switchport backup command to view status of interface backup under normal or faulty conditions.

When both Port 1 and Port 2 are Up, Port 1 forwards traffic of VLANs 100–150, and Port 2 forwards traffic of VLANs 151–200.

Raisecom#show switchport backup

Restore delay: 15s.

Restore mode: port-up.

Active Port(State) Backup Port(State) Vlanlist

---------------------------------------------------------

1 (Up) 2 (Standby) 100-150

2 (Up) 1 (Standby) 151-200

Manually disconnect the link between Switch A and Switch B to emulate a fault. Then, Port 1 becomes Down, and Port 2 forwards traffic of VLANs 100–200.

Raisecom#show switchport backup

Restore delay: 15s

Restore mode: port-up

Active Port(State) Backup Port(State) Vlanlist

-----------------------------------------------------------------

1 (Down) 2 (Up) 100-150

2 (Up) 1 (Down) 151-200

When Port 1 resumes and keeps Up for 15s (restore-delay), it forwards traffic of VLANs 100–

150 while Port 2 forwards traffic of VLANs 151–200.

8.3 Failover

8.3.1 Introduction

Failover is used to provide port linkage scheme for specific application and it can extend range of link backup. By monitoring uplinks and synchronizing downlinks, add uplink and downlink interfaces to a failover group. Therefore, faults of uplink devices can be informed to the downlink devices to trigger switching. Failover can be used to prevent traffic loss due to uplink failure.

223 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Once all uplink interfaces fail, down link interfaces are in Down status. When at least one uplink interface recovers, downlink interface recovers to Up status. Therefore, faults of uplink devices can be informed to the downlink devices immediately. Uplink interfaces are not influenced when downlink interfaces fail.

8.3.2 Preparing for configurations

Scenario

When uplink fails, traffic cannot switch to the standby link if it cannot notify downlink devices in time, and then traffic will be broken.

Failover can be used to add downlink interfaces and uplink interfaces of the middle device to a failover group and monitor uplink interfaces. When all uplink interfaces fails, faults of uplink devices can be informed to the downlink devices to trigger switching.

Prerequisite

Connect interfaces.

Configure physical parameters to make interfaces Up at the physical layer.

8.3.3 Default configurations of failover

Default configurations of failover are as below.

Function Default value

Failover group N/A

8.3.4 Configuring failover

Configure failover for the ISCOM2110G-PWR as below.

1

Step

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#lin k-state-tracking group group-number

{ upstream cfm-mepid mep-id }

Raisecom(config)#int erface port port-id

Raisecom(configport)#link-statetracking group group-number

{ downstream | upstream }

Create the failover group and enable failover.

Enter physical layer interface configuration mode.

Configure the failover group of the interface and interface type. One interface can only belong to one failover group and can be either the uplink interface or downlink interface.

When the failover group is configured with CFM network or G.8031 network in uplink, the interface can be set to downlink interface only.

Raisecom Technology Co., Ltd. 224

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

One failover group can contain several uplink interfaces. Failover will not be performed when at least one uplink interface is Up. Only when all uplink interfaces are Down, failover occurs.

In global configuration mode, use the no link-state-tracking group group-number command to disable failover. The failover group will be deleted if there is no interface in it.

Use the no link-state-tracking group command to delete an interface from the failover group in physical layer interface configuration mode. If there is no other interface and failover is disabled, the failover group will be deleted when the interface is deleted.

8.3.5 Checking configurations

Use the following commands to check configuration results.

1

Step

2

Command

Raisecom#show link-statetracking group group-number

Raisecom#show link-adminstatus port port-list

Description

Show configurations and status of the failover group.

Show interface Up/Down status configured on each functional module on the interface.

8.3.6 Example for configuring failover

Networking requirements

As shown in Figure 8-6, to improve network reliability, Link 1 and Link 2 of Switch B are

connected to Switch A and Switch C respectively. Link 1 is the primary link and Link 2 is the standby link. Link 2 will not be used to forward data until Link 1 is fault.

Switch A and Switch C are connected to the uplink network in link aggregation mode. When all uplink interfaces on Switch A and Switch C fails, Switch B needs to sense fault in time switches traffic to the standby link. Therefore, you should deploy failover on Switch A and

Switch C.

Raisecom Technology Co., Ltd. 225

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-6 Configuring failover

Configuration steps

Step 1 Configure failover on Switch A.

Create the failover group.

Raisecom#config

Raisecom(config)#link-state-tracking group 1

Add uplink interfaces to the failover group.

Raisecom(config)#interface port 1

Raisecom(config-port)#link-state-tracking group 1 upstream

Raisecom(config-port)#exit

Raisecom(config)#interface port 2

Raisecom(config-port)#link-state-tracking group 1 upstream

Raisecom(config-port)#exit

Add downlink interfaces to the failover group.

Raisecom(config)#interface port 3

Raisecom(config-port)#link-state-tracking group 1 downstream

Raisecom Technology Co., Ltd. 226

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step 2 Configure failover on Switch C.

Configurations are identical to the ones on Switch A.

8 Reliability

Checking results

Take configurations on Switch A for example.

Use the show link-state-tracking group command to show configurations of the failover group.

SwitchA#show link-state-tracking group 1

Link State Tracking Group: 1 (Enable)

Status: Normal

Fault type: None

Upsteam Mep: --

Upstream Interfaces:

Port 1(Up) Port 2(Up)

Downstream Interfaces:

Port 3(Up)

Use the show link-state-tracking group command to show configurations of the failover group after all uplinks of Switch A fails. In this case, you can learn that downlink Port 3 is disabled.

SwitchA#show link-state-tracking group 1

Link State Tracking Group: 1 (Enable)

Status: Failover

Fault type: Port-down

Upstream Mep: --

Upstream Interfaces:

Port 1(Down) Port 2(Down)

Downstream Interfaces:

Port 3(Disable)

8.4 STP

8.4.1 Introduction

STP

With the increasing complexity of network structure and growing number of switches on the network, the Ethernet network loops become the most prominent problem. Because of the packet broadcast mechanism, a loop causes the network to generate storms, exhaust network resources, and have serious impact to forwarding normal data. The network storm caused by

the loop is shown in Figure 8-7.

Raisecom Technology Co., Ltd. 227

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-7 Network storm due to loopback

Spanning Tree Protocol (STP) is compliant to IEEE 802.1d standard and used to remove data physical loop in data link layer in LAN.

The ISCOM2110G-PWR running STP can process Bridge Protocol Data Unit (BPDU) packet with each other for the election of root switch and selection of root port and designated port. It also can block loop interface on the ISCOM2110G-PWR logically according to the selection results, and finally trims the loop network structure to tree network structure without loop which takes a ISCOM2110G-PWR as root. This prevents the continuous proliferation and limitless circulation of packet on the loop network from causing broadcast storms and avoids declining packet processing capacity caused by receiving the same packets repeatedly.

Figure 8-8 shows loop networking running STP.

Raisecom Technology Co., Ltd. 228

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

RSTP

Figure 8-8 Loop networking with STP

Although STP can eliminate loop network and prevent broadcast storm well, its shortcomings are still gradually exposed with thorough application and development of network technology.

The major disadvantage of STP is the slow convergence speed.

For improving the slow convergent speed of STP, IEEE 802.1w establishes Rapid Spanning

Tree Protocol (RSTP), which increases the mechanism to change interface blocking state to forwarding state, speed up the topology convergence rate.

The purpose of STP/RSTP is to simplify a bridge connection LAN to a unitary spanning tree in logical topology and to avoid broadcast storm.

The disadvantages of STP/RSTP are exposed with the rapid development of VLAN technology. The unitary spanning tree simplified from STP/RSTP leads the below problems:

The whole switching network has only one spanning tree, which will lead to longer convergence time on a larger network.

Waste of bandwidth since a link does not carry any flow after it is blocked.

Packet of partial VLAN cannot be forwarded when network structure is unsymmetrical.

As shown in Figure 8-9, Switch B is the root switch; RSTP blocks the link between

Switch A and Switch C logically and makes that the VLAN 100 packet cannot be transmitted and Switch A and Switch C cannot communicate.

Raisecom Technology Co., Ltd. 229

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-9 VLAN packet forward failure due to RSTP

8.4.2 Preparation for configuration

Networking situation

In a big LAN, multiple devices are concatenated for accessing each other among hosts. They need to be enabled with STP to avoid loop among them, MAC address learning fault, and broadcast storm and network down caused by quick copy and transmission of data frame. STP calculation can block one interface in a broken loop and ensure that there is only one path from data flow to the destination host, which is also the best path.

Preconditions

Configure interface physical parameters to make it Up.

8.4.3 Default configurations of STP

Default configurations of STP are as below.

Function

Global STP status

Interface STP status

STP priority of device

STP priority of interface

Interface path cost max-age timer

Disable

Enable

32768

128

0

20s

Default value

Raisecom Technology Co., Ltd. 230

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

hello-time timer forward-delay timer

2s

15s

8 Reliability

Default value

8.4.4 Enabling STP

Configure STP for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#spanning-tree enable

Description

Enter global configuration mode.

Enable STP.

8.4.5 Configuring STP parameters

Configure STP parameters for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#spanning-tree priority priority-value

3

Raisecom(config)#spanning-tree root { primary | secondary }

4

5

6

7

8

9

Raisecom(config)#interface port port-id

Raisecom(config-port)#spanningtree priority priority-value

Raisecom(config-port)#spanningtree inter-path-cost cost-value

Raisecom(config-port)#exit

Raisecom(config)#spanning-tree hello-time value

Raisecom(config)#spanning-tree transit-limit value

Raisecom(config)#spanning-tree forward-delay value

Raisecom(config)#spanning-tree max-age value

Description

Enter global configuration mode.

(Optional) configure device priority.

(Optional) configure the

ISCOM2110G-PWR as the root or backup device.

(Optional) configure device interface priority.

(Optional) configure interface path cost.

(Optional) configure Hello Time.

(Optional) configure maximum transmission rate of interface.

(Optional) configure forward delay.

(Optional) configure maximum age.

231 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.4.6 Checking configurations

Use the following commands to check configuration results.

1

No.

2

Command

Raisecom#show spanning-tree

[ detail ]

Raisecom#show spanning-tree portlist port-list [ detail ]

8 Reliability

Description

Show basic configurations of STP.

Show STP configuration on the interface.

8.4.7 Example for configuring STP

Networking requirements

As shown in Figure 8-10, Switch A, Switch B, and Switch C forms a ring network, so the

loopback problem must be solved in the situation of a physical ring. Enable STP on them, set the priority of Switch A to 0, and path cost from Switch B to Switch A to 10.

Figure 8-10 STP networking

Configuration steps

Step 1 Enable STP on Switch A, Switch B, and Switch C.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#spanning-tree enable

SwitchA(config)#spanning-tree mode stp

Configure Switch B.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#spanning-tree enable

Raisecom Technology Co., Ltd. 232

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

SwitchB(config)#spanning-tree mode stp

Configure Switch C.

Step 2 Configure interface mode on three switches.

Configure Switch A.

Raisecom#hostname SwitchC

SwitchC#config

SwitchC(config)#spanning-tree enable

SwitchC(config)#spanning-tree mode stp

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#exit

SwitchA(config)#interface port 2

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 1

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#exit

SwitchB(config)#interface port 2

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#exit

Configure Switch C.

Step 3 Configure priority of spanning tree and interface path cost.

Configure Switch A.

SwitchC(config)#interface port 1

SwitchC(config-port)#switchport mode trunk

SwitchC(config-port)#exit

SwitchC(config)#interface port 2

SwitchC(config-port)#switchport mode trunk

SwitchC(config-port)#exit

SwitchA(config)#spanning-tree priority 0

Raisecom Technology Co., Ltd.

8 Reliability

233

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

SwitchA(config)#interface port 2

SwitchA(config-port)#spanning-tree inter-path-cost 10

Configure Switch B.

SwitchB(config)#interface port 1

SwitchB(config-port)#spanning-tree inter-path-cost 10

8 Reliability

Checking results

Use the show spanning-tree command to show bridge status.

Take Switch A for example.

SwitchA#show spanning-tree

Spanning-tree Admin State: enable

Spanning-tree protocol Mode: STP

BridgeId: Mac 000E.5E7B.C557 Priority 0

Root: Mac 000E.5E7B.C557 Priority 0 RootCost 0

Operational: HelloTime 2, ForwardDelay 15, MaxAge 20

Configured: HelloTime 2, ForwardDelay 15, MaxAge 20 TransmitLimit 3

Use the show spanning-tree port-list port-list command to show interface status.

Take Switch A for example.

SwitchA#show spanning-tree port-list 1,2

Port1

PortEnable: admin: enable oper: enable

Rootguard: disable

Loopguard: disable

ExternPathCost:10

EdgedPort: admin: auto oper: no BPDU Filter: disable

LinkType: admin: auto oper: point-to-point

Partner STP Mode: stp

Bpdus send: 279 (TCN<0> Config<279> RST<0> MST<0>)

Bpdus received:13 (TCN<13> Config<0> RST<0> MST<0>)

Instance PortState PortRole PortCost(admin/oper) PortPriority

-----------------------------------------------------------------

0 discarding disabled 200000/200000 0

Port2

PortEnable: admin: enable oper: enable

Rootguard: disable

Loopguard: disable

ExternPathCost:200000

EdgedPort: admin: auto oper: no BPDU Filter: disable

Raisecom Technology Co., Ltd. 234

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

LinkType: admin: auto oper: point-to-point

Partner STP Mode: stp

Bpdus send: 279 (TCN<0> Config<279> RST<0> MST<0>)

Bpdus received:6 (TCN<6> Config<0> RST<0> MST<0>)

Instance PortState PortRole PortCost(admin/oper) PortPriority

-----------------------------------------------------------------

0 discarding disabled 10/10 0

8.5 MSTP

8.5.1 Introduction

Multiple Spanning Tree Protocol (MSTP) is defined by IEEE 802.1s. Recovering the disadvantages of STP and RSTP, the MSTP realizes fast convergence and distributes different

VLAN flow following its own path to provide an excellent load sharing mechanism.

MSTP divides a switch network into multiple domains, called MST domain. Each MST domain contains several spanning trees but the trees are independent from each other. Each spanning tree is called a Multiple Spanning Tree Instance (MSTI).

MSTP protocol introduces Common Spanning Tree (CST) and Internal Spanning Tree (IST) concepts. CST refers to taking MST domain as a whole to calculate and generating a spanning tree. IST refers to generating spanning tree in internal MST domain.

Compared with STP and RSTP, MSTP also introduces total root (CIST Root) and domain root

(MST Region Root) concepts. The total root is a global concept; all switches running

STP/RSTP/MSTP can have only one total root, which is the CIST Root. The domain root is a

local concept, which is relative to an instance in a domain. As shown in Figure 8-11, all

connected devices only have one total root, and the number of domain root contained in each domain is associated with the number of instances.

Raisecom Technology Co., Ltd. 235

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-11 Basic concepts of the MSTI network

There can be different MST instance in each MST domain, which associates VLAN and

MSTI by setting VLAN mapping table (relationship table of VLAN and MSTI). The concept sketch map of MSTI is shown as below.

Raisecom Technology Co., Ltd. 236

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-12 MSTI concepts

Each VLAN can map to one MSTI; that is to say, data of one VLAN can only be transmitted in one MSTI while one MSTI may correspond to several VLAN.

Compared with the previous STP and RSTP, MSTP has obvious advantages, including cognitive ability of VLAN, load balance sharing ability, similar RSTP port status switching ability as well as binding multiple VLAN to one MST instance to reduce resource occupancy rate. In addition, MSTP running devices on the network are also compatible with the devices running STP and RSTP.

Raisecom Technology Co., Ltd. 237

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-13 Networking of multiple spanning trees instances in MST domain

Applying MSTP in the network as Figure 3-10 above, after calculation, there are two spanning trees generated at last (two MST instances):

MSTI1 takes Switch B as the root switch, forwarding packet of VLAN100.

MSTI2 takes Switch F as the root switch, forwarding packet of VLAN200.

In this way, all VLANs can communicate at internal, different VLAN packets are forwarded in different paths to share loading.

8.5.2 Preparation for configuration

Scenario

In big LAN or residential region aggregation, the aggregation devices will make up a ring for link backup, at the same time avoid loop and realize service load sharing. MSTP can select different and unique forwarding path for each one or a group of VLAN.

Prerequisite

Configure interface physical parameters to make it Up before configuring MSTP.

8.5.3 Default configurations of MSTP

Default configurations of MSTP are as below.

Raisecom Technology Co., Ltd. 238

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

Global MSTP status

Interface MSTP status

Maximum number of hops for MST domain

MSTP priority of device

MSTP priority of interface

Path cost of interface

Maximum number of packets sent within each Hello time

Max Age timer

Hello Time timer

Forward Delay timer

Revision level of MST domain

8 Reliability

20s

2s

15s

0

Default value

Disable

Enable

20

0

3

32768

128

8.5.4 Enable MSTP

Configure MSTP for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#spanning-tree enable

Description

Enter global configuration mode.

Enable global STP.

8.5.5 Configuring MST domain and its maximum number of hops

You can set domain information for the ISCOM2110G-PWR when it is running in MSTP mode. The device MST domain is decided by domain name, VLAN mapping table and configuration of MSTP revision level. You can set current device in a specific MST domain through following configuration.

MST domain scale is restricted by the maximum number of hops. Starting from the root bridge of spanning tree in the domain, the configuration message (BPDU) reduces 1 hop count once it is forwarded passing a device; the ISCOM2110G-PWR discards the configuration message whose number of hops is 0. The device exceeding the maximum number of hops cannot join spanning tree calculation and then restrict MST domain scale.

Configure MSTP domain and its maximum number of hops for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

239 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

Command

Raisecom(config)#spanning-tree region-configuration

3

4

5

6

Raisecom(config-region)#name name

Raisecom(configregion)#revision-level levelvalue

Raisecom(configregion)#instance instance-id vlan vlan-list

Raisecom(config-region)#exit

Raisecom(config)#spanning-tree max-hops hops-value

Description

8 Reliability

Enter MST domain configuration mode.

Configure MST domain name.

Set revision level for MST domain.

Set mapping from MST domain VLAN to instance.

Configure the maximum number of hops for MST domain.

Only when the configured device is the domain root can the configured maximum number of hops be used as the maximum number of hops for MST domain; other non-domain root cannot be configured this item.

8.5.6 Configuring root bridge/backup bridge

Two methods for MSTP root selection are as below:

To configure device priority and calculated by STP to confirm STP root bridge or backup bridge.

To assign MSTP root directly by a command.

When the root bridge has a fault or powered off, the backup bridge can replace of the root bridge of related instance. In this case, if a new root bridge is assigned, the backup bridge will not become the root bridge. If several backup bridges for a spanning tree are configured, once the root bridge stops working, MSTP will choose the backup root with the smallest MAC address as the new root bridge.

We recommend not modifying the priority of any device on the network if you directly assign the root bridge; otherwise, the assigned root bridge or backup bridge may be invalid.

Configure root bridge or backup bridge for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#spanning-tree

[ instance instance-id

] root

{ primary | secondary }

Description

Enter global configuration mode.

Set the ISCOM2110G-PWR as root bridge or backup bridge for a

STP instance.

Raisecom Technology Co., Ltd. 240

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

You can confirm the effective instance of the root bridge or backup bridge through the parameter instance instance-id. The current device will be assigned as the root bridge or backup bridge of CIST if instance-id is 0 or parameter instance

instance-id is omitted.

The roots in device instances are independent mutually, that is to say, they cannot only be the root bridge or backup bridge of one instance, but also the root bridge or backup bridge of other spanning tree instances. However, in the same spanning tree instance, the same device cannot be used as the root bridge and backup bridge at the same time.

You cannot assign two or more root bridges for one spanning tree instance, but can assign several backup bridges for one spanning tree. Generally speaking, you had better assign one root bridge and several backup bridges for a spanning tree.

8.5.7 Configuring device interface and system priority

Whether the interface is selected as the root interface depends on interface priority. Under the identical condition, the interface with smaller priority will be selected as the root interface. An interface may have different priorities and play different roles in different instances.

The Bridge ID decides whether the ISCOM2110G-PWR can be selected as the root of the spanning tree. Configuring smaller priority helps obtain smaller Bridge ID and designate the

ISCOM2110G-PWR as the root. If priorities of two ISCOM2110G-PWR devices are identical, the ISCOM2110G-PWR with smaller MAC address will be selected as the root.

Similar to configuring root and backup root, priority is mutually independent in different instances. You can confirm priority instance through the instance instance-id parameter.

Configure bridge priority for CIST if instance-id is 0 or the instance instance-id parameter is omitted.

Configure interface priority and system priority for the ISCOM2110G-PWR as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#spanning-tree

[ instance instance-id

] priority priority-value

Raisecom(config-port)#exit

Raisecom(config)#spanning-tree

[ instance instance-id

] priority priority-value

Set interface priority for a STP instance.

Set system priority for a STP instance.

The value of priority must be multiples of 4096, like 0, 4096, 8192, etc. It is 32768 by default.

Raisecom Technology Co., Ltd. 241

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.5.8 Configuring network diameter for switch network

8 Reliability

The network diameter indicates the number of nodes on the path that has the most devices on a switching network. In MSTP, the network diameter is valid only to CIST, and invalid to

MSTI instance. No matter how many nodes in a path in one domain, it is considered as just one node. Actually, network diameter should be defined as the domain number in the path crossing the most domains. The network diameter is 1 if there is only one domain in the whole network.

The maximum number of hops of MST domain is used to measure the domain scale, while network diameter is a parameter to measure the whole network scale. The bigger the network diameter is, the bigger the network scale is.

Similar to the maximum number of hops of MST domain, only when the ISCOM2110G-PWR is configured as the CIST root device can this configuration take effect. MSTP will automatically set the Hello Time, Forward Delay and Max Age parameters to a privileged value through calculation when configuring the network diameter.

Configure the network diameter for the switching network as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#spanning-tree bridge-diameter bridge-diametervalue

Description

Enter global configuration mode.

Configure the network diameter for the switching network.

8.5.9 Configuring inner path coast for interfaces

When selecting the root interface and designated interface, the smaller the interface path cost is, the easier it is to be selected as the root interface or designated interface. Inner path costs of interface are independently mutually in different instances. You can configure inner path cost for instance through the instance instance-id parameter. Configure inner path cost of interface for CIST if instance-id is 0 or the instance instance-id parameter is omitted.

By default, interface cost often depends on the physical features:

10 Mbit/s: 2000000

100 Mbit/s: 200000

1000 Mbit/s: 20000

10 Gbit/s: 2000

Configure the inner path cost for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

3

Raisecom(config-port)#spanningtree [ instance instance-id ] inter-path-cost cost-value

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure the inner path cost on the interface.

242 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.5.10 Configuring external path cost on interface

8 Reliability

The external path cost is the cost from the device to the CIST root, which is equal in the same domain.

Configure the external path cost for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(config-port)#spanningtree extern-path-cost costvalue

Configure the external path cost on interface.

8.5.11 Configuring maximum transmission rate on interface

The maximum transmission rate on an interface means the maximum number of transmitted

BPDUs allowed by MSTP in each Hello Time. This parameter is a relative value and of no unit. The greater the parameter is configured, the more packets are allowed to be transmitted in a Hello Time, the more device resources it takes up. Similar with the time parameter, only the configurations on the root device can take effect.

Configure maximum transmission rate on the interface for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Raisecom(config)#spanning-tree transit-limit value

Description

Enter global configuration mode.

Configure interface maximum transmission rate.

8.5.12 Configuring MSTP timer

Hello Time: the ISCOM2110G-PWR sends the interval of bridge configurations (BPDU) regularly to check whether there is failure in detection link of the ISCOM2110G-PWR.

The ISCOM2110G-PWR sends hello packets to other devices around in Hello Time to check if there is fault in the link. The default value is 2s. You can adjust the interval value according to network condition. Reduce the interval when network link changes frequently to enhance the stability of STP. However, increasing the interval reduces CPU utilization rate for STP.

Forward Delay: the time parameter to ensure the safe transit of device status. Link fault causes the network to recalculate spanning tree, but the new configuration message recalculated cannot be transmitted to the whole network immediately. There may be temporary loop if the new root interface and designated interface start transmitting data at once. This protocol adopts status remove system: before the root interface and designated interface starts forwarding data, it needs a medium status (learning status); after delay for the interval of Forward Delay, it enters forwarding status. The delay guarantees the new configuration message to be transmitted through whole network. You

243 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability can adjust the delay according to actual condition; namely, reduce it when network topology changes infrequently and increase it under opposite conditions.

Max Age: the bridge configurations used by STP have a life time that is used to judge whether the configurations are outdated. The ISCOM2110G-PWR will discard outdated configurations and STP will recalculate spanning tree. The default value is 20s. Over short age may cause frequent recalculation of the spanning tree, while over greater age value will make STP not adapt to network topology change timely.

All devices in the whole switching network adopt the three time parameters on CIST root device, so only the root device configuration is valid.

Configure the MSTP timer for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

2

3

4

Raisecom(config)#spanning-tree hello-time value

Raisecom(config)#spanning-tree forward-delay value

Raisecom(config)#spanning-tree max-age value

8.5.13 Configuring edge interface

Set Hello Time.

Set Forward Delay.

Set Max Age.

The edge interface indicates the interface neither directly connects to any devices nor indirectly connects to any device via network.

The edge interface can change the interface status to forward quickly without any waiting time. You had better set the Ethernet interface connected to user client as edge interface to make it quick to change to forward status.

The edge interface attribute depends on actual condition when it is in auto-detection mode; the real port will change to false edge interface after receiving BPDU when it is in force-true mode; when the interface is in force-false mode, whether it is true or false edge interface in real operation, it will maintain the force-false mode until the configuration is changed.

By default, all interfaces on the ISCOM2110G-PWR are set in auto-detection attribute.

Configure the edge interface for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

3

Raisecom(config-port)#spanning-tree edged-port { auto | force-true | force-false }

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure attributes of the RSTP edge interface.

244 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.5.14 Configuring STP/MSTP mode switching

8 Reliability

When STP is enabled, three spanning tree modes are supported as below:

STP compatible mode: the ISCOM2110G-PWR does not implement fast switching from the replacement interface to the root interface and fast forwarding by a specified interface; instead it sends STP configuration BPDU and STP Topology Change

Notification (TCN) BPDU. After receiving MST BPDU, it discards unidentifiable part.

MSTP mode: the ISCOM2110G-PWR sends MST BPDU. If the peer device runs STP, the local interface is switched to STP compatible mode. If the peer device runs MSTP, the local interface remains in RSTP mode, and process packets as external information of domain.

Configure the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Raisecom(config)#spanning-tree mode { stp | mstp }

Description

Enter global configuration mode.

Configure spanning tree mode.

8.5.15 Configuring link type

Two interfaces connected by a point-to-point link can quickly transit to forward status by transmitting synchronization packets. By default, MSTP configures the link type of interfaces according to duplex mode. The full duplex interface is considered as the point-to-point link, and the half duplex interface is considered as the shared link.

You can manually configure the current Ethernet interface to connect to a a point-to-point link, but the system will fail if the link is not point to point. Generally, we recommend configure this item in auto status and the system will automatically detect whether the interface is connected to a point-to-point link.

Configure link type for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

3

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Raisecom(config-port)#spanning-tree link-type { auto | point-to-point | shared }

Configure link type for interface.

8.5.16 Configuring root interface protection

The network will select a bridge again when it receives a packet with higher priority, which influents network connectivity and also consumes CPU resource. For the MSTP network, if someone sends BPDU packets with higher priority, the network may become unstable for the continuous election. Generally, priority of each bridge has already been configured in network planning phase. The nearer a bridge is to the edge, the lower the bridge priority is. So the

245 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability downlink interface cannot receive the packets higher than bridge priority unless under someone attacks. For these interfaces, you can enable rootguard to refuse to process packets with priority higher than bridge priority and block the interface for a period to prevent other attacks from attacking sources and damaging the upper layer link.

Configure root interface protection for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Raisecom(config)#interface port port-id

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure root interface protection. 3

Raisecom(config-port)#spanningtree rootguard { enable | disable }

8.5.17 Configuring interface loopguard

The spanning tree has two functions: loopguard and link backup. Loopguard requires carving up the network topology into tree structure. There must be redundant link in the topology if link backup is required. Spanning tree can avoid loop by blocking the redundant link and enable link backup function by opening redundant link when the link breaks down.

The spanning tree module exchanges packets periodically, and the link has failed if it has not received packet in a period. Then select a new link and enable backup interface. In actual networking, the cause to failure in receiving packets may not link fault. In this case, enabling the backup interface may lead to loop.

Loopguard is used to to keep the original interface status when it cannot receive packet in a period.

Loopguard and link backup are mutually exclusive; namely, loopguard is implemented on the cost of disabling link backup.

Configure interface loop protection for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(config-port)#spanningtree loopguard { enable | disable }

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure interface loopguard attributes.

8.5.18 Executing mcheck operation

Interface on MSTP device has two working modes: STP compatible mode and MSTP mode.

Suppose the interface of MSTP device in a switch network is connected to the ISCOM2110G-

246 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

PWR running STP, the interface will change to work in STP compatible mode automatically.

But the interface cannot change to work in MSTP mode if the ISCOM2110G-PWR running

STP is removed, i.e. the interface still works in STP compatible mode. You can execute the

mcheck command to force the interface working in MSTP mode. If the interface receives new

STP packet again, it will return to STP compatible mode.

Execute mcheck operation for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

3

Raisecom(config-port)#spanningtree mcheck

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Execute mcheck operation, force to remove interface to MSTP mode.

8.5.19 Checking configurations

Use the following commands to check configuration results.

No.

1

Command

Raisecom#show spanning-tree

2

3

Raisecom#show spanning-tree

[ instance instance-id ] portlist port-list [ detail ]

Raisecom#show spanning-tree region-operation

Description

Show basic configurations of STP.

Show configurations of spanning tree on the interface.

Show operation information about the

MST domain.

4

Raisecom(config-region)#show spanning-tree regionconfiguration

Show configurations of MST domain.

8.5.20 Maintenance

Maintain the ISCOM2110G-PWR as below.

No.

1

Command

Raisecom(config-port)#spanningtree clear statistics

Description

Clear statistics of spanning tree on the interface.

8.5.21 Example for configuring MSTP

Networking requirements

As shown in Figure 8-14, three ISCOM2110G-PWR devices are connected to form a ring

network through MSTP, with the domain name aaa. Switch B, connected with a PC, belongs

247 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability to VLAN 3. Switch C, connected with another PC, belongs to VLAN 4. Instant 3 is related to

VLAN 3. Instant 4 is related to VLAN 4. Configure the path cost of instance 3 on Switch B so that packets of VLAN 3 and VLAN 4 are forwarded respectively in two paths, which eliminates loopback and implements load sharing.

Raisecom Technology Co., Ltd.

Figure 8-14 MSTP networking

Configuration steps

Step 1 Create VLAN 3 and VLAN 4 on Switch A, Switch B, and switch C respectively, and activate them.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#create vlan 3-4 active

Configure Switch B.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#create vlan 3-4 active

Configure Switch C.

Raisecom#hostname SwitchC

SwitchC#config

SwitchC(config)#create vlan 3-4 active

248

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Step 2 Configure Port 1 and Port 2 on Switch A to allow all VLAN packets to pass in Trunk mode.

Configure Port 1 and Port 2 on Switch B to allow all VLAN packets to pass in Trunk mode.

Configure Port 1 and Port 2 on Switch C to allow all VLAN packets to pass in Trunk mode.

Configure Port 3 and Port 4 on Switch B and Switch C to allow packets of VLAN 3 and

VLAN 4 to pass in Access mode.

Configure Switch A.

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#exit

SwitchA(config)#interface port 2

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#exit

Configure Switch B.

SwitchB(config)#interface port 1

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#exit

SwitchB(config)#interface port 2

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#exit

SwitchB(config)#interface port 3

SwitchB(config-port)#switchport access vlan 3

SwitchB(config-port)#exit

SwitchB(config)#interface port 4

SwitchB(config-port)#switchport access vlan 4

SwitchB(config-port)#exit

Configure Switch C.

SwitchC(config)#interface port 1

SwitchC(config-port)#switchport mode trunk

SwitchC(config-port)#exit

SwitchC(config)#interface port 2

SwitchC(config-port)#switchport mode trunk

SwitchC(config-port)#exit

SwitchC(config)#interface port 3

SwitchC(config-port)#switchport access vlan 3

SwitchC(config-port)#exit

SwitchC(config)#interface port 4

SwitchC(config-port)#switchport access vlan 4

SwitchC(config-port)#exit

Step 3 Set spanning tree mode of Switch A, Switch B, and Switch C to MSTP, and enable STP.

Enter MSTP configuration mode, and set the domain name to aaa, revised version to 0. Map instance 3 to VLAN 3, and instance 4 to VLAN 4. Exist from MST configuration mode.

249 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configure Switch A.

SwitchA(config)#spanning-tree mode mstp

SwitchA(config)#spanning-tree enable

SwitchA(config)#spanning-tree region-configuration

SwitchA(config-region)#name aaa

SwitchA(config-region)#revision-level 0

SwitchA(config-region)#instance 3 vlan 3

SwitchA(config-region)#instance 4 vlan 4

Configure Switch B.

8 Reliability

SwitchB(config)#spanning-tree mode mstp

SwitchB(config)#spanning-tree enable

SwitchB(config)#spanning-tree region-configuration

SwitchB(config-region)#name aaa

SwitchB(config-region)#revision-level 0

SwitchB(config-region)#instance 3 vlan 3

SwitchB(config-region)#instance 4 vlan 4

SwitchB(config-region)#exit

Configure Switch C.

SwitchC(config)#spanning-tree mode mstp

SwitchC(config)#spanning-tree enable

SwitchC(config)#spanning-tree region-configuration

SwitchC(config-region)#name aaa

SwitchC(config-region)#revision-level 0

SwitchC(config-region)#instance 3 vlan 3

SwitchC(config-region)#instance 4 vlan 4

Step 4 Set the inner path coast of Port 2 of spanning tree instance 3 to 500000 on Switch B.

SwitchB(config)#interface port 1

SwitchB(config-port)#spanning-tree instance 3 inter-path-cost 500000

Checking results

Use the show spanning-tree region-operation command to show configurations of the MST domain.

Raisecom#show spanning-tree region-operation

Operational Information:

Raisecom Technology Co., Ltd. 250

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

-----------------------------------------------

Name: aaa

Revision level: 0

Instances running: 3

Digest: 0X7D28E66FDC1C693C1CC1F6B61C1431C4

Instance Vlans Mapped

-------- ----------------------

0 1,2,5-4094

3 3

4 4

8 Reliability

Use the show spanning-tree instance 3 command to check whether basic information about spanning tree instance 3 is correct.

Switch A

SwitchA#show spanning-tree instance 3

Spanning-tree admin state: enable

Spanning-tree protocol mode: MSTP

MST ID: 3

-----------------------------------------------------------

BridgeId: Mac 0000.0000.0001 Priority 32768

RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost 0

PortId PortState PortRole PathCost PortPriority LinkType TrunkPort

-------------------------------------------------------------------------

1 forwarding designated 200000 128 point-to-point no

2 forwarding designated 200000 128 point-to-point no

Switch B

SwitchB#show spanning-tree instance 3

Spanning-tree admin state: enable

Spanning-tree protocol mode: MSTP

MST ID: 3

-----------------------------------------------------------

BridgeId: Mac 0000.0000.0002 Priority 32768

RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost

500000

PortId PortState PortRole PathCost PortPriority LinkType TrunkPort

-------------------------------------------------------------------------

1 discarding alternate 500000 128 point-to-point no

3 forwarding root 200000 128 point-to-point no

Switch C

SwitchC#show spanning-tree instance 3

Spanning-tree admin state: enable

251 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Spanning-tree protocol mode: MSTP

MST ID: 3

-----------------------------------------------------------

BridgeId: Mac 0000.0000.0003 Priority 32768

RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost

200000

PortId PortState PortRole PathCost PortPriority LinkType TrunkPort

-------------------------------------------------------------------------

2 forwarding root 200000 128 point-to-point no

3 forwarding designated 200000 128 point-to-point no

Use the show spanning-tree instance 4 command to check whether basic information about spanning tree instance 4 is correct.

Switch A

SwitchA#show spanning-tree instance 4

Spanning-tree admin state: enable

Spanning-tree protocol mode: MSTP

MST ID: 4

-----------------------------------------------------------

BridgeId: Mac 000E.5E00.0000 Priority 32768

RegionalRoot: Mac 000E.5E00.0000 Priority 32768 InternalRootCost 0

Port PortState PortRole PathCost PortPriority LinkType TrunkPort

-------------------------------------------------------------------------

1 discarding disabled 200000 128 point-to-point yes

2 disabled disabled 200000 128 point-to-point yes

Switch B

SwitchB#show spanning-tree instance 4

Spanning-tree admin state: enable

Spanning-tree protocol mode: MSTP

MST ID: 4

-----------------------------------------------------------

BridgeId: Mac 0000.0000.0002 Priority 32768

RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost

200000

PortId PortState PortRole PathCost PortPriority LinkType TrunkPort

-------------------------------------------------------------------------

1 forwarding root 200000 128 point-to-point no

3 forwarding designated 200000 128 point-to-point no

Switch C

252 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

SwitchC#show spanning-tree instance 4

Spanning-tree admin state: enable

Spanning-tree protocol mode: MSTP

MST ID: 4

-----------------------------------------------------------

BridgeId: Mac 0000.0000.0003 Priority 32768

RegionalRoot: Mac 0000.0000.0001 Priority 32768 InternalRootCost

200000

PortId PortState PortRole PathCost PortPriority LinkType TrunkPort

-------------------------------------------------------------------------

2 forwarding root 200000 128 point-to-point no

3 discarding alternate 200000 128 point-to-point no

8.6 RRPS

8.6.1 Introduction

With the development of Ethernet to the MAN, voice, video and multicast services have come up with higher requirements to the Ethernet redundancy protection and fault recovery time.

The fault recovery convergence time of original STP mechanism is in the second level, which is far from meeting the fault recovery time requirements of MAN.

Raisecom Ring Protection Switching (RRPS) technology is RAISECOM independent research and development protocol, which can ensure that there is data loop in Ethernet by blocking some interface on the ring. RRPS solves the problems of weak protection to traditional data network and long time to fault recovery, which, in theory, can provide 50ms rapid protection features.

As shown in Figure 8-15, the blocked interface node is the master node, other nodes are

transmission nodes. The master node is generated by election. Each node can specify one loop interface as the first interface, the other as the second interface. The master node usually sends

Hello packets periodically from the first interface and receives Hello packet sent by itself in the second interface under the circumstance of complete Ethernet ring. Then the master node will block the first interface immediately to ensure there is no loop when the ring network is in a complete state. For the other nodes on the RRPS, the first interface number and the second interface number play the same role basically.

RRPS generates the master node by election, so each node needs to collect device information on RRPS, only the right collection leads to correct election. Topology collection is completed by Hello packets, which contain all nodes information collected from the other interface. The

normal state of RRPS is shown in Figure 8-15.

Raisecom Technology Co., Ltd. 253

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-15 RRPS in normal status

According to the interface state of node ring, the ring node state can be divided into three types:

Down: At least one of the two RRPS node interfaces is Down, then the node is Down.

Block: At least one of the two RRPS node interfaces is Block, then the node is Block.

Two-Forwarding: Both RRPS node interfaces are Forwarding, then the node is Two-

Forwarding.

The election rules of master node are as below:

In all nodes on the ring, node with Down state is prior for master node, followed by

Block and Two-Forward.

If the nodes are in the same state, the node with high-priority Bridge is master node.

If the nodes have the same state and priority, the node with large MAC address is master node.

Interface Block rules:

All Link Down interfaces are Block.

If the node is not master node, all Link Up ring interfaces are Forwarding.

If the node is master node, then one of two interfaces is Block, the other is Forwarding.

Rules are as below:

Both interfaces are Up, the Block is the first interface;

If one interface is Down, then Block this interface.

The RRPS link failure is shown in Figure 8-16.

Raisecom Technology Co., Ltd. 254

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-16 RRPS in switching status

Once there is link failure (such as link break), the node or interface adjacent to the failure will check the fault immediately, and send link failure packets to the master node. The master node will enable the first interface once receiving the packets; in the meantime, it sends packets to notify other transmission nodes of the link failure and inform them of changing transmission direction. Traffic will be switched to a normal link after the transmission nodes updates forwarding entry.

When the failed link is restored, the failed node does not enable the blocked port immediately until the new topology collection is stable. The original node will find itself the master node; after some time delay, it will block the first interface, and send Change packets to notify the failed node of enabling the blocked interface.

8.6.2 Preparing for configurations

Scenario

As a Metro Ethernet technology, the Ethernet ring solves the problems of weak protection to traditional data network and long time to fault recovery, which, in theory, can provide 50ms rapid protection features and is compatible with traditional Ethernet protocol, is an important technology options and solutions to metro broadband access network optimization transformation.

RRPS technology is Raisecom independent research and development protocol, which through simple configuration implements the elimination of ring loop, fault protection switching, and automatic fault restoration and makes the fault APS time less than 50ms.

RRPS technology supports both single ring and tangent ring networking modes, instead of intersecting ring networking. The tangent ring is actually two separate single rings, which has same configurations with those of a common single ring.

Preconditions

Configure interface physical parameters to make interface physical layer state Up.

Raisecom Technology Co., Ltd. 255

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.6.3 Default configurations of RRPS

Default configurations of RRPS are as below.

Function

RRPS status

Hello packets transmitting time

Fault recovery delay time

RRPS description

Bridge priority

Ring interface aging time

Ring protocol packets VLAN

8.6.4 Creating RRPS

Create a RRPS as below.

8 Reliability

Default value

Disable

1s

5s

Ethernet ring X; X indicates RRPS ID.

1

15s

2

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port port-id

3

Raisecom(configport)#ethernet ring ring-id secondary-interface-number

4

Raisecom(config-port)#exit

Raisecom(config)#ethernet ring ring-id

enable

8.6.5 Configuring basic functions of RRPS

Description

Enter global configuration mode.

Enter physical layer interface configuration mode. This interface is the first interface on the ring node.

Create a ring and configure corresponding ring interface. This interface is the second interface of ring node.

Enable Ethernet ring.

For all devices in the same ring, we recommend configuring the fault recovery time and Hello packets interval, ring protocol VLAN, and aging time of ring interface separately for the same value.

The aging time of an interface must be greater than twice of Hello time.

Configure basic functions of RRPS for the ISCOM2110G-PWR as below.

Raisecom Technology Co., Ltd. 256

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2

3

Raisecom(config)#ethernet ring ring-id hello-time hello-time

Raisecom(config)#ethernet ring ring-id restore-delay delay-time

Description

Enter global configuration mode.

8 Reliability

(Optional) configure the transmitting time for Hello packets in RRPS.

(Optional) configure fault restoration delay time for RRPS. The link can be restored to the original current link until the restoration delay time expires.

4

5

6

7

8

Raisecom(config)#ethernet ring ring-id priority priority

Raisecom(config)#ethernet ring ring-id description string

Raisecom(config)#ethernet ring ring-id

hold-time hold-time

(Optional) configure the bridge priority for

RRPS.

(Optional) configure ring description. It should be within 32 characters.

(Optional) configure the aging time of the interface for RRPS. If a RRPS interface has not received Hello packets in the aging time, the system ages this interface and considers that the link circuit on link ring is fault. If the node interface is in Block state, it will enable the blocked interface temporarily to ensure the normal communication of all nodes on

RRPS.

Raisecom(config)#ethernet ring ring-id

protocol-vlan vlan-id

Raisecom(config)#ethernet ring upstream-group grouplist

(Optional) configure RRPS VLANs.

(Optional) configure RRPS uplink interface group.

The uplink interface group must be used with failover. It supports dual homing topology.

The uplink interface group corresponds to the failover group in one-to-one relationship.

Master node election: at the beginning, all nodes consider themselves the master node, and one of two interfaces on a node is blocked; so no data loop forms on the ring. When two interfaces on a ring node receive the same Hello packets for many times, the node considers that the ring topology is stable and can elect the master node. Other nodes will release the blocked interface. Usually there is only one master node, which ensures only one blocked interface, and ensures the connectivity of the nodes in the ring.

Raisecom Technology Co., Ltd. 257

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

8.6.6 Checking configurations

Use the following commands to check configuration results.

8 Reliability

No.

1

2

3

Command

Raisecom#show ethernet ring [ ring-id

]

Raisecom#show ethernet ring port

Raisecom#show ethernet ring port statistic

8.6.7 Maintenance

Maintain the ISCOM2110G-PWR as below.

Description

Show RRPS information.

Show RRPS interface information.

Show statistics of RRPS interface packets.

Command

Raisecom(config)#clear ethernet ring ring-id statistics

Description

Clear RRPS interface statistics, including RRPS

ID, ring interface ID, Hello packet, Change packet, and Flush packet.

8.6.8 Example for configuring Ethernet ring

Networking requirements

As shown in Figure 8-17, to improve the reliability of Ethernet, Switch A, Switch B, Switch C,

Switch D form an Ethernet single ring Ring 1.

The four switches are added to Ring 1 through interfaces. MAC addresses are as below:

Switch A: 000E.5E00.000A

Switch B: 000E.5E00.000B

Switch C: 000E.5E00.000C

Switch D: 000E.5E00.000D

The status and priority of four switches are the same. The MAC address of Switch D is biggest, so Switch D is the master node of RRPS.

Raisecom Technology Co., Ltd. 258

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 8 Reliability

Figure 8-17 RRPS networking

Configuration steps

Step 1 Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#interface port 1

SwitchA(config-port)#ethernet ring 1 port 2

SwitchA(config-port)#exit

SwitchA(config)#ethernet ring 1 enable

Step 2 Configure Switch B, Switch C, and Switch D. Their configurations are the same as configurations of Switch A.

Checking results

Use the show ethernet ring command to show RRPS configurations.

Take Switch D for example. When the loop is normal, the first ring interface of the master node Switch D is Port 1, and data loop is cleared.

SwitchD#show ethernet ring

Ethernet Ring Upstream-Group:--

Ethernet Ring 1:

Ring Admin: Enable

Ring State: Enclosed

Bridge State: Block

Ring state duration: 0 days, 3 hours, 30 minutes, 15 seconds

Bridge Priority: 1

Bridge MAC: 000E.5E00.000D

Ring DB State: Block

Ring DB Priority: 1

Ring DB: 000E.5E00.000D

Hello Time: 1

Restore delay: 5

Raisecom Technology Co., Ltd. 259

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Hold Time: 15

Protocol Vlan: 2

8 Reliability

Disconnect the link to emulate a fault between Switch A and Switch B manually, so Port 1 on

Switch D will change its status from Block to Forwarding, Port 1 on Switch B will change its status from Forwarding to Block. Check RRPS status again.

SwitchD#show ethernet ring

Ethernet Ring Upstream-Group:1

Ethernet Ring 1:

Ring Admin: Enable

Ring State: Unenclosed

Bridge State: Two-Forward

Ring state duration: 0 days, 3 hours, 30 minutes, 15 seconds

Bridge Priority: 1

Bridge MAC: 000E.5E00.000D

Ring DB State: Forwarding

Ring DB Priority: 1

Ring DB: 000E.5E00.000D

Hello Time: 1

Restore delay: 15

Hold Time: 15

Protocol Vlan: 2

Raisecom Technology Co., Ltd. 260

9 OAM

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

9

OAM

This chapter describes basic principles and configuration procedures of OAM, including the following sections:

EFM

CFM

SLA

9.1 EFM

9.1.1 Introduction

Initially, Ethernet is designed for LAN. Operation, Administration, and Maintenance (OAM) is weak for its small scale and a NE-level administrative system. With continuous development of Ethernet technology, the application scale of Ethernet in telecom network becomes wider and wider. Compared with LAN, the link length and network scale for telecom network is bigger and bigger. The lack of effective management and maintenance mechanism has seriously obstructed Ethernet technology to be applied to the telecom network.

To confirm connectivity of Ethernet virtual connection, effectively detect, confirm and locate faults on Ethernet layer, balance network utilization, measure network performance, and provide service according Service Level Agreement (SLA), implementing OAM on Ethernet has becoming an inevitable developing trend.

Ethernet OAM is realized in different levels, as show in Figure 9-1, and there are two levels:

Link-level Ethernet OAM: it is applied in Ethernet physical link (that is the first mile) between Provider Edge (PE) and Customer Edge (CE), which is used to monitor link state between the user network and carrier network, and the typical protocol is Ethernet in the First Mile (EFM) OAM protocol.

Business-level Ethernet OAM: it is applied in access aggregation layer of network, which is used to monitor connectivity of the whole network, locate connectivity fault of network, monitor and control performance of link, and the typical protocol is

Connectivity Fault Management (CFM) OAM protocol.

Raisecom Technology Co., Ltd. 261

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 9 OAM

Figure 9-1 OAM classification

Complied with IEEE 802.3ah protocol, Ethernet in the First Mile (EFM) is a link-level

Ethernet OAM technology. It provides the link connectivity detection, link fault monitor, and remote fault notification, etc. for a link between two directly connected devices.

"The first mile" in EFM is the connection between local device of telecom operator and client device. The target is that Ethernet technology will be extended to access network market of telecom users, to improve network performance, and reduce cost of device and running. EFM is mainly used in Ethernet link of user access network edge.

The ISCOM2110G-PWR provides EFM with IEEE 802.3ah standard.

9.1.2 Preparing for configurations

Scenario

To improve the management and maintenance capability of Ethernet links and ensure network running smoothly, deploying EFM between directly connected devices.

Prerequisite

Connect interfaces.

Raisecom Technology Co., Ltd. 262

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configure physical parameters to make interfaces Up at the physical layer.

9.1.3 Default configurations of EFM

Default configurations of EFM are as below.

9 OAM

Function

EFM working mode

Sending interval of messages

Timeout of links

OAM

Remote OAM event alarm function

EFM remote loopback state

Monitor window of errored frame event

Monitor threshold of errored event

Monitor window of errored frame period event

Monitor threshold of errored frame period event

Default value

Passive mode

10 × 100ms

5s

Disable

Disable

Not response

1s

1 errored frame

1000ms

1 errored frame

Monitor window of link errored frame second statistics event 60s

Monitor threshold of link errored frame second statistics event 1s

Monitor window of link errored coding statistics event

Monitor threshold of errored coding statistic event

100ms

1s

Fault indication

Local OAM event alarm

Enable

Disable

9.1.4 Configuring basic functions of EFM

Configure basic functions of EFM for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#oa m { active | passive }

Description

Enter global configuration mode.

Configure work mode for EFM.

 Active: the device actively initiates OAM peer discovery process. In addition, the device supports responding to remote loopback command and variable obtaining request.

 Passive: the device does not initiate OAM peer discovery process. In addition the device does not support sending remote loopback command and variable obtaining request.

263 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

Command

Raisecom(config)#oa m send-period period-number

4

Raisecom(config)#oa m timeout periodnumber

9 OAM

Description

(Optional) OAM link connection is created by sending INFO message. Use this command to set the interval for sending messages and control communication period of link. The unit is 100ms.

(Optional) Set OAM link timeout.

When both ends of OAM link do not receive OAM message in the interval and the interval is longer than the timeout, the OAM link breaks down. The unit is second.

Enter physical layer interface configuration mode. 5

6

Raisecom(config)#in terface port portid

Raisecom(configport)#oam enable

Enable EFM OAM on an interface.

9.1.5 Configuring active functions of EFM

Configure active functions of EFM for the ISCOM2110G-PWR as below.

The active EFM must be configured when the ISCOM2110G-PWR is in active mode.

(Optional) configuring device to initiate EFM remote loopback

Configure the ISCOM2110G-PWR to initiate EFM remote loopback as below.

Step

1

Command

Raisecom#config

2

3

Raisecom(config)#inter face port port-id

Raisecom(configport)#oam remoteloopback

4

Raisecom(configport)#no oam remoteloopback

Description

Enter global configuration mode.

Enter physical interface configuration mode.

Configure initiating EFM remote loopback on an interface.

The remote loopback can be initiated only when

EFM is connected and configured working in active mode.

(Optional) disable remote loopback. After detection, disable remote loopback immediately.

You can discover network faults in time by periodically detecting loopbacks. By detecting loopbacks in segments, you can locate exact areas where faults occur and you can troubleshoot these faults.

264 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 9 OAM

When a link is in loopback status, the ISCOM2110G-PWR detects all packets but

OAM packets received by the link. Therefore, disable this function immediately when no detection is needed.

(Optional) configuring peer OAM event alarm

Configure peer OAM event alarm for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

3

Raisecom(config)#in terface port portid

Raisecom(configport)#oam peer event trap enable

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable peer OAM event trap and then link monitoring event can be reported to NMS center in time. By default, device does not report trap to NMS center through SNMP TRAP when receiving peer link monitoring event.

(Optional) showing current variable information about peer device

Show current variable information about the peer device for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#show oam peer

[ link-statistic | oam-info ]

[ port-list port-list ]

Description

Obtain OAM information or variable values about the peer device.

By obtaining the current variable of the peer, you can learn status of current link.

IEEE802.3 Clause 30 defines and explains supported variable and its denotation obtained by OAM in details. The variable takes object as the maximum unit. Each object contains Package and Attribute. A package contains several attributes.

Attribute is the minimum unit of a variable. When getting an OAM variable, it defines object, package, branch and leaf description of attributes by Clause 30 to describe requesting object, and the branch and leaf are followed by variable to denote object responds variable request. The ISCOM2110G-PWR supports obtaining OAM information and interface statistics.

Peer variable cannot be obtained until EFM is connected.

9.1.6 Configuring passive functions of EFM

Configure passive functions of EFM for the ISCOM2110G-PWR as below.

Raisecom Technology Co., Ltd. 265

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 9 OAM

(Optional) configuring device to respond to EFM remote loopback

Configure the ISCOM2110G-PWR to respond to EFM remote loopback as below.

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#inte rface port port-id

Raisecom(configport)#oam loopback

{ ignore | process }

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure the ISCOM2110G-PWR responding to/ignoring EFM remote loopback.

By default, the ISCOM2110G-PWR responds to OAM remote loopback.

The passive EFM can be configured regardless the ISCOM2110G-PWR is in active or passive mode.

The peer EFM remote loopback will not take effect until the remote loopback response is configured on the local device.

(Optional) configuring OAM link monitoring

Configure OAM link monitoring for the ISCOM2110G-PWR as below.

1

Step

2

3

4

5

6

Command

Raisecom#config

Raisecom(config)#interface port port-id

Raisecom(config-port)#oam errored-frame window window threshold threshold

Raisecom(config-port)#oam errored-frame-period window window threshold threshold

Raisecom(config-port)#oam errored-frame-seconds window window threshold threshold

Raisecom(config-port)#oam errored-symbol-period window window

threshold threshold

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure the monitor window and threshold for an errored frame event.

Configure the monitor window and threshold for an errored frame period event.

Configure the monitor window and threshold for an errored frame seconds event.

Configure the monitor window and threshold for an errored symbol period event.

266 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 9 OAM

(Optional) configuring OAM fault indication

Configure OAM fault indication for the ISCOM2110G-PWR as below.

1

2

Step

3

Command

Raisecom#config

Raisecom(config)#interf ace port port-id

Raisecom(configport)#oam notify

{ critical-event | dyinggasp

| errored-frame

| errored-frame-period

| errored-frame-seconds | errored-symbol-period }

{ disable | enable }

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Configure OAM fault indication, which is used to inform the peer when the local fails.

Faults that can be notified to the peer contain link-fault, dying-gasp, and critical-event. By default, OAM fault indication is enabled.

When a fault occurs, the local device notifies the peer through OAM. The link-fault fault must be notified to the peer while the dyinggasp and critical-event faults can be disabled by this command.

The OAM link monitoring is used to detect and report link errors in different conditions.

When detecting a fault on a link, the ISCOM2110G-PWR provides the peer with the generated time, window and threshold setting, etc. by OAM event notification packets.

The peer receives event notification and reports it to the NMS center through SNMP

Trap. Besides, the local device can directly report events to the NMS center through

SNMP Trap.

By default, the system sets default value for error generated time, window and threshold setting.

(Optional) configuring local OAM event alarm

Configure local OAM event alarm for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Raisecom(config)#inter face port port-id

Raisecom(configport)#oam event trap enable

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable local OAM event alarm and then link monitoring event can be reported to NMS center in time.

9.1.7 Checking configurations

Use the following commands to check configuration results.

Raisecom Technology Co., Ltd. 267

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

2

Command

Raisecom#show oam [ port-list port-list

]

Raisecom#show oam loopback

[ port-list port-list ]

Description

Show EFM basic information.

9 OAM

Show configurations of EFM remote loopback.

3

Raisecom#show oam notify

[ port-list port-list ]

Show configurations of OAM link monitoring and fault indication.

4

5

Raisecom#show oam statistics

[ port-list port-list ]

Raisecom#show oam trap

[ port-list port-list ]

Show OAM statistics.

Show configurations of OAM event alarm.

6

7

Raisecom#show oam event

[ port-list port-list

]

[ critical ]

Raisecom#show oam peer event

[ port-list port-list

]

[ critical ]

Show information about local critical faults detected on an interface.

Show information about critical faults sent by the peer.

9.1.8 Maintenance

Maintain the ISCOM2110G-PWR as below.

Command

Raisecom(config-port)#clear oam statistics

Raisecom(config-port)#clear oam event

Description

Clear EFM OAM interface link statistics.

Clear EFM OAM interface link event information.

9.1.9 Example for configuring EFM

Networking requirements

As shown in Figure 9-2, to improve the management and maintenance capability of the

Ethernet link between Switch A and Switch B, deploy EFM on Switch A. Switch A works in active mode and is deployed with OAM event alarm function.

Figure 9-2 Configuring EFM

Configuration steps

Step 1 Configure Switch A.

Raisecom Technology Co., Ltd. 268

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#oam active

SwitchA(config)#interface port 1

SwitchA(config-port)#oam enable

SwitchA(config-port)#oam event trap enable

SwitchA(config-port)#oam peer event trap enable

Step 2 Configure Switch B.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#interface port 1

SwitchB(config-port)#oam enable

Checking results

Use the show oam command to show EFM configurations on Switch A.

SwitchA#show oam port-list 1

Port: 1

Mode:Active

Administrate state: Enable

Operation state: Operational

Max OAMPDU size: 1518

Send period: 1000 ms

Link timeout : 5 s

Config revision: 1

Supported functions: Loopback, Event, Variable

Use the show oam trap command to show configurations of OAM event alarm.

SwitchA#show oam trap port-list 1

Port: 1

Event trap: Enable

Peer event trap: Enable

Discovery trap total: 0

Discovery trap timestamp: 0 days, 0 hours, 0 minutes

Lost trap total: 0

Lost trap timestamp: 0 days, 0 hours, 0 minutes

9 OAM

9.2 CFM

269 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

9.2.1 Introduction

9 OAM

Connectivity Fault Management (CFM) is end to end service level Ethernet OAM technology, implementing end-to-end connectivity fault detection, fault notification, judgement and location functions. This function is used to actively diagnose fault for Ethernet Virtual

Connection (EVC) and provide cost-effective network maintenance solution through fault management function and improve network maintenance.

The Device provides CFM function that compatible ITU-Y.1731 and IEEE802.1ag recommendations.

CFM Component

CFM is made from below components:

MD

Maintenance Domain (MD, also called MEG, Maintenance Entity Group) is a network that runs CFM function. It defines network range for OAM management. MD has level property with 8 different levels (level 0 to level 7), the greater the number is, the higher the level is, and the larger the range is. Protocol packets of a lower level MD will be discarded when entering a higher level MD; while the higher level MD packets can transmit through the lower level MD. In one VLAN range, different MDs can be adjacent, embedded, crossed over.

As shown in Figure 9-3, MD2 is contained in MD1. MD1 packets need to transmit through

MD2. Configure MD1 level as 6, and MD2 level as 3. Then MD1 packets can traverse through MD2 and implement connectivity fault management of whole MD1, but MD2 packets will not diffuse into MD1. MD2 is server layer and MD1 is client layer.

Figure 9-3 Different MD Levels

Service instance

Service Instance also called Maintenance Association (MA) is part of MD. One MD can be divided into one or multiple service instances. One service instance corresponds to one service, mapping to one VLAN group, VLAN of different service instances cannot crossover.

Though service instance can mapping to multiple VLAN, one instance can use one VLAN for transmitting or receiving OAM packets. The VLAN is master VLAN of the instance.

MEP

As shown in Figure 9-4, Maintenance associations End Point (MEP) is edge node of service

instance. MEP can transmit and deal with CFM packets, instance that MEP located and MD decide MEP transmit and receive packets VLAN and level.

Raisecom Technology Co., Ltd. 270

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 9 OAM

MEP on any device set running CFM on the network is called local MEP; MEP on other devices in this instance is called Remote Maintenance association End Point (RMEP).

One instance can configure multiple MEP, packets sent by MEP in one instance take identical

S-VLAN TAG and with identical priority and C-VLAN TAG. MEP can receive OAM packets sent by other MEP in the instance and stop packets with the same level or lower than itself.

Figure 9-4 Network Sketch Map of MEP and MIP

MIP

As shown in Figure 9-4, Maintenance association Intermediate Point (MIP) is inner node of

service instance, automatically created by the ISCOM2110G-PWR. MIP cannot send CFM packets actively but can process and answer LinkTrace Message (LTM) and LoopBack

Message (LBM) packets.

MP

MEP and MIP are Maintenance Points (MPs).

9.2.2 Preparing for configurations

Scenario

To develop Ethernet technology application in telecommunication network, Ethernet needs to realize service level identical to telecommunication transmission network. CFM provides full

OAM tool to solve this problem through telecommunication Ethernet.

CFM provides the below OAM functions:

Fault detection function (CC, Continuity Check)

This function is realized by MEP sends Continuity Check Packet (CCM) periodically, other MEP in one service instance receives packet to confirm status of RMEP. If the

ISCOM2110G-PWR faulty or link configuration is incorrect, MEP cannot receive and process CCM from RMEP. If MEP has not received remote CCM packet in 3.5 CCM intervals, the link is considered to be fault, system will send fault trap according to alarm priority configuration.

Fault acknowledgement function (LB, LoopBack)

This function confirms connectivity between two MP by sending LBM from source MEP and answering LoopBack Reply (LBR) by destination MP. Source MEP sends LBM to

MP for fault acknowledgement, the MP receives LBR and sends a LBR to source MEP,

Raisecom Technology Co., Ltd. 271

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 9 OAM if source MEP received LBR the path is connective, if source MEP does not receive LBR the path is not connective.

Fault location function (LT, LinkTrace)

Source MEP sends LTM (LinkTrace Packet) to destination MP, each MP device on LTM transmitting path answers LTR (LinkTrace Reply) to source MEP, the function records efficient LTR and LTM fault location point.

Anyway, CFM implements end-to-end service OAM technology, reducing carriers' operation cost and improving competitiveness.

Prerequisite

Connect the interface and configure physical parameters for it to make it physically Up.

Create VLANs.

Add interfaces into VLANs.

9.2.3 Default configurations of CFM

Default configurations of CFM are as below.

Global CFM status

Function

CFM status on interface

MEP status based on service instance

Aging time of RMEP

Storage time of errored CCM packet

MEP sending CCM packet status

MEP sending CCM packet mode

CCM packet sending interval

Dynamic import function of service instance

RMEP learning cc check function of RMEP

Priority of CFM OAM packet

Layer-2 ping status

Switch status of fault location data base

Storage time of fault location data base

Alarm suppression status

Default value

Disable

Enable

Up direction

100min

100min

Not send

Passive mode

1s

Not take effect

Disable

6

The number of sending LBM packets is 5; the length of packet TLV is 64.

Disable

100min

Enable

Raisecom Technology Co., Ltd. 272

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

9.2.4 Enabling CFM

Enable CFM for the ISCOM2110G-PWR as below.

9 OAM

CFM fault detection, location function cannot take effect unless enables CFM function on the ISCOM2110G-PWR.

Step Command Description

1

Raisecom#config

Enter global configuration mode.

2

3

Raisecom(config)#ethern et cfm enable

Raisecom(config)#interf ace port port-id

Enable global CFM function.

Enter physical layer interface configuration mode.

4

Raisecom(configport)#ethernet cfm enable

Enable CFM on interface.

Use the ethernet cfm disable command to disable this function. After it is disabled, the interface cannot receive or send CFM packets.

9.2.5 Configuring basic functions of CFM

Configure basic functions of CFM for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#confi g

Raisecom(confi g)#ethernet cfm domain

[ md-name domain-name

] level level

Description

Enter global configuration mode.

Create maintain domain. Use the parameter md-name to assign name for MD in 802.1ag style. MA and CCM packets under MD are both in 802.1ag style; do not assign name, the MD is in Y.1731 style, MA and CCM packets under this MD are both in Y.1731 style. If user assigns name for MD, the name must be unique in global, or else

MD configuration will be failure.

3

Raisecom(confi g)#service cisid

level level

Level of different MD must be different; otherwise

MD configuration will fail.

Create service instance and enter instance configuration mode (MD name and service instance name). Character string is unique in global range. If service instance existed, this command will direct lead to service instance configuration mode.

Raisecom Technology Co., Ltd. 273

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

Command

Raisecom(confi gservice)#servi ce vlan-list vlan-list

9 OAM

Description

Configure service application VLAN map.

VLAN list permits at most 32 VLAN. The smallest VLAN will be taken as primary VLAN of service instance. All

MEP in service instance transmit and receive packets through primary VLAN.

5

Raisecom(confi gservice)#servi ce mep [ up | down ] mpid mep-id

port port

id

Since using primary VLAN to transmit and receive packets, all of other VLAN in the list are mapped to primary VLAN. This logical VLAN mapping is globally; VLAN mapping of different level can be identical but cannot crossover. For example: instance 1 mapping to VLAN 10-20, instance 2 mapping to VLANs 15-30, the configuration is illegal because VLANs 15-20 are crossed.

Configure MEP over service instance.

Service instance must map to VLAN when configuring this kind MEP. By default, MEP is Up direction, namely interface uplink direction detects fault.

9.2.6 Configuring fault detection

Configure fault detection for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#ethe rnet cfm remote mep age-time minute

Raisecom(config)#ethe rnet cfm errors archive-hold-time minute

(Optional) configure RMEP aging time.

(Optional) configure hold time for errored CCM packets. The ISCOM2110G-PWR saves all fault information of reported by MEP.

By default, hold time for errored CCM packets is

100 minutes. It check data in database once system configures new hold time, clear data immediately if there is data over time.

Raisecom(config)#ethe rnet cfm mode { slave

| master }

Raisecom(config)#serv ice cisid level level

Configure the mode for all service instances to send CCM packets.

Enter service instance configuration mode.

Raisecom Technology Co., Ltd. 274

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

6

7

8

9

10

Command

Raisecom(configservice)#service cc interval { 1 | 10 |

100ms | 60 | 600 }

9 OAM

Description

(Optional) configure service instance CCM packets sending time interval. By default, CCM packets sending time interval is 10 seconds.

Cannot modify CCM packets sending interval when CCM packets sending function enable.

Raisecom(configservice)#service cc enable mep { mep-list

| all }

Raisecom(configservice)#service remote-mep mep-list

Raisecom(configservice)#service remote-mep learning active

Enable MEP sending CCM packets. By default,

MEP does not send CCM packet.

(Optional) configure static RMEP. Used cooperated with cc check function.

(Optional) configure RMEP learning dynamic import function. Service instance transfer dynamic RMEP to static RMEP by automation every time receiving of CCM packets. By default, this function does not take effective.

Raisecom(configservice)#service remote-mep cc-check enable

(Optional) configure RMEP cc check function.

After this function is enabled, system checks dynamic learned RMEP ID consistent with static

RMEP ID when receiving CCM packets, if not consistent, the CCM packets are considered as incorrect.

11

Raisecom(configservice)#service cvlan vlan-id

(Optional) configure client VLAN of CFM OAM packets, just need configure in QinQ networking environment. By default, CFM OAM packets do not take C-TAG. After configuring client VLAN for service instance, all MEP under the instance send CCM, LTM, LBM, DMM with double

TAG. Hereinto, C-TAG uses this command to configure client VLAN.

12

Raisecom(configservice)#service priority priority

(Optional) configure CFM OAM packets priority.

After configuring packets priority, all CCM,

LBM, LTM, DMM sent by MEP use assigned priority.

Raisecom Technology Co., Ltd. 275

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step Command

Raisecom(configservice)#snmp-server trap cfm { all | ccmerr | macremerr | none | remerr | xcon } mep { all | mep-list

}

9 OAM

Description

(Optional) configure CFM permits sending fault trap type.

CC function of CFM can detect fault in 5 levels, the order from high to low: level 5–cross connection, level 4-CCM error, level 3-loss of

RMEP, level 2-interface status fault, level 1-RDI.

By default, it is macremerr, namely permit fault trap on level 2-5.

 When CFM detected fault, identical level or lower level fault will not generate trap again before removing fault;

 Wait for 10s until the fault status is cleared after removing CFM fault.

9.2.7 Configuring fault acknowledgement

Configure fault acknowledgement for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#se rvice cisid level level

Raisecom(configservice)#ping

{ mac-address | mep rmep-id }

[ count count ]

[ size size ]

[ source mep-id ]

Enter service instance configuration mode.

Execute Layer 2 ping function for acknowledging fault.

By default, sending LBM packets number is 5, packets TLV size is 64, search an available source

MEP by automation.

CFM needs to find destination MEP MAC address to execute ping operation if perform Layer 2 ping operation by assigning destination MEPID. After source MEP discovers RMEP and becomes stable, it saves data information of RMEP in RMEP database, and then RMEP MAC address can be found from

RMEP database according to MEPID.

Enable global CFM before using this command; otherwise the command will fail to be executed.

If there is no MEP configured in service instance, ping unsuccessfully because of fail to find source MEP.

Raisecom Technology Co., Ltd. 276

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

9 OAM

If assigned source MEP is invalid, ping unsuccessfully. For example, assigned source MEP does not exist or CFM of the source MEP interface is disabled.

If assigning destination MEP ID to perform ping operation, ping unsuccessfully when fail to find destination MEP MAC address according to MEPID.

Operation unsuccessful if other users are using the assigned source MEP to perform ping operation.

9.2.8 Configuring fault location

Configure fault location for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

6

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)# ethernet cfm traceroute cache enable

(Optional) enable fault location database. In enable status, system trace route information through database storing protocol, the show ethernet cfm traceroute

cache command can show at any time. In disable status, result of traceroute will be cleared after executing traceroute.

By default, this function is disabled.

Use the ethernet cfm traceroute cache disable command to disable it.

Raisecom(config)# ethernet cfm traceroute cache hold-time minute

(Optional) configure data hold time for fault location database. You can set data hold time when fault location database is enabled. Hold time is 100 minutes by default.

Raisecom(config)# ethernet cfm traceroute cache size size

Raisecom(config)# service cisid level level

Raisecom(configservice)#tracerou te {

mac-address

| mep mep-id

}

[ ttl ttl

]

[ source mep-id

]

(Optional) configure saved data amount. You can set the saved data amount when the function is enabled. It is 100 by default; does not save data if the function is disabled.

Enter service instance configuration mode.

Execute Layer 2 Traceroute for fault locating. By default, packets TLV size is 64, search an available source MEP by automation.

CFM should find MAC address of destination MEP by mep-id to complete traceroute operation if Layer 2 traceroute operation is operated by specified destination mep-id. Users can find the following content by data base of RMEP: data information of RMEP is saved in

RMEP database in MEP after source MEP found RMEP and it is stable, you can find MAC address of RMEP according to mep-id in RMEP database.

Enable global CFM before using this command; otherwise the command will fail to be executed.

277 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

9 OAM

If there is no MEP configured in service instance, Traceroute unsuccessfully because of fail to find source MEP.

If assigned source MEP is invalid, Traceroute unsuccessfully. For example, assigned source MEP does not exist or CFM of the source MEP interface is disabled.

If assigning destination MEPID to perform Traceroute operation, Traceroute unsuccessfully when fail to find destination MEP MAC address according to

MEPID.

If CC function is not effective, configure static RMEP and assign MAC address to ensure Layer 2 traceroute operating successfully.

Operation unsuccessful if other users are using the assigned source MEP to perform Traceroute operation.

9.2.9 Checking configurations

Use the following commands to check configuration results.

1

No.

2

3

Command

Raisecom#show ethernet cfm

Raisecom#show ethernet cfm domain [ level level

]

Raisecom#show ethernet cfm errors [ level level

]

4

5

7

8

9

Raisecom#show ethernet cfm local-mp [ interface port port

id

| level level

]

Raisecom#show ethernet cfm remote-mep [ static ]

Raisecom#show ethernet cfm remote-mep [ level level

[ service name [ mpid local mep-id ] ] ]

Raisecom#show ethernet cfm traceroute-cache

Raisecom#show ethernet cfm traceroute-cache

9.2.10 Maintenance

Maintain the ISCOM2110G-PWR as below.

Description

Show CFM global configuration.

Show MD and service instance configuration.

Show errored CCM database information.

Show Ethernet locked signals.

Show local MEP configuration.

Show static RMEP information.

Show RMEP discovery information.

Show database trace route information.

Command

Raisecom(config)#clear ethernet cfm errors [ level level ]

Raisecom(config)#clear ethernet cfm remote-mep [ level level

]

Raisecom(config)#clear ethernet cfm traceroute-cache

Description

Clear CCM errored database information.

Clear RMEP.

Clear traceroute cache database.

278 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

9.2.11 Example for configuring CFM

9 OAM

Networking requirements

As shown in Figure 9-5, the PC communicates with the server through the network consisting

of by Switch A, Switch B and Switch C. You can deploy CFM feature on Switch Device to realize active fault detection, acknowledgement and location, then make Ethernet link between PC and Server achieving telecommunication service level. Switch A and Switch C are MEP, Switch B is MIP, detecting Ethernet fault from Switch A Port 1 to Switch C Port 2, maintenance domain level is 3.

Figure 9-5 CFM networking

Configuration steps

Step 1 Add ports into the VLAN.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#create vlan 100 active

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport access vlan 100

SwitchA(config-port)#exit

SwitchA(config)#interface port 2

SwitchA(config-port)#switchport mode trunk

SwitchA(config-port)#exit

Configure Switch B.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#interface port 1

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#exit

SwitchB(config)#interface port 2

Raisecom Technology Co., Ltd. 279

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

SwitchB(config-port)#switchport mode trunk

SwitchB(config-port)#exit

Configure Switch C.

Step 2 Configure CFM fault detection.

Configure Switch A.

Raisecom#hostname SwitchC

SwitchC#config

SwitchC(config)#create vlan 100 active

SwitchC(config)#interface port 2

SwitchC(config-port)#switch access vlan 100

SwitchC(config-port)#exit

SwitchC(config)#interface port 1

SwitchC(config-port)#switchport mode trunk

SwitchC(config-port)#exit

SwitchA(config)#ethernet cfm domain level 3

SwitchA(config)#service ma1 level 3

SwitchA(config-service)#service vlan-list 100

SwitchA(config-service)#service mep up mpid 301 port 1

SwitchA(config-service)#service remote-mep 302

SwitchA(config-service)#service cc enable mep all

SwitchA(config-service)#exit

SwitchA(config)#ethernet cfm enable

Configure Switch B.

SwitchB(config)#ethernet cfm domain level 3

SwitchB(config)#service ma1 level 3

SwitchB(config-service)#service vlan-list 100

SwitchB(config-service)#exit

SwitchB(config)#ethernet cfm enable

Configure Switch C.

SwitchC(config)#ethernet cfm domain level 3

SwitchC(config)#service ma1 level 3

SwitchC(config-service)#service vlan-list 100

SwitchC(config-service)#service mep up mpid 302 port 2

SwitchC(config-service)#service remote mep 301

SwitchC(config-service)#service cc enable mep all

SwitchC(config-service)#exit

Raisecom Technology Co., Ltd.

9 OAM

280

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

SwitchC(config)#ethernet cfm enable

Step 3 Execute CFM fault acknowledgement.

Take Switch A for example.

9 OAM

Switch(config)#service ma1 level 3

Switch(config-service)#ping mep 302 source 301

Sending 5 ethernet cfm loopback packets to 000e.5e03.688d, timeout is 2.5 seconds:

!!!!!

Success rate is 100 percent (5/5).

Ping statistics from 000e.5e03.688d:

Received loopback replys:< 5/0/0 > (Total/Out of order/Error)

Ping successfully.

Step 4 Execute CFM fault location.

Take Switch A for example.

SwitchA(config-service)#traceroute mep 302 source 301

TTL: <64>

Tracing the route to 000E.5E00.0002 on level 3, service ma1.

Traceroute send through port1.

-------------------------------------------------------------------------

Hops HostMac Ingress/EgressPort IsForwarded RelayAction NextHop

-------------------------------------------------------------------------

1 000E.5E00.0003 2/1 Yes rlyFdb 000E.5E00.0003

2 000E.5E00.0003 1/2 Yes rlyFdb 000E.5E00.0001

3 000E.5E00.0001 1/- No rlyHit 000E.5E00.0002

Checking results

Show CFM configuration on Switch by the command of show ethernet cfm.

Take Switch A for example.

SwitchA#show ethernet cfm

Global cfm Status: enable

Port CFM Enabled Portlist: 1-10

Archive hold time of error CCMs: 100(Min)

Remote mep aging time: 100(Min)

Device mode: Slave

Raisecom Technology Co., Ltd. 281

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

9.3 SLA

9 OAM

9.3.1 Introduction

SLA is a telecommunication service evaluation standard negotiated by the service provider and users. It is an agreement in service quality, priority and responsibility, etc.

In technology, SLA is real-time network performance detection and statistic technique for responding time, network jitter, delay, packet loss rate, etc. SLA can choose different operations to monitor measurement values for different applications.

The

Operation

It is a static concept. It is SLA network performance testing task from end to end, including delay/jitter test (y1731-jitter/y1731-pkt-loss) on the Layer 2 network and delay/jitter test

(ICMP-echo/ICMP-jitter) on the Layer 3 network.

Test

It is a dynamic concept. It is used to describe an execution of one operation.

Detection

It is a dynamic concept. It is used to describe a procedure of transmitting-receiving packet in operation test. According to definition of operation, one operation test can contain multiple detections (a test only contains only one detection for Echo operation).

Schedule

It is a dynamic concept. It describes a schedule of one operation. One schedule contains multiple periodical test execution.

9.3.2 Preparing for configurations

Scenario

The carrier and users sign SLA protocol to guarantee users can enjoy certain quality network service. To perform SLA protocol effectively, carrier needs to deploy SLA feature test performance on the ISCOM2110G-PWR and the test result is evidence to ensure user's performance.

SLA feature chooses two testing node, configure SLA operation on one node and schedule executing it to implement network performance test between the two nodes.

SLA takes statistics of round-trip packet loss rate, round-trip or unidirectional (SD/DS) delay, jitter, jitter variance, jitter distribution, etc, and informs the upper monitoring software (such as NMS) of these data, analyse network performance, and provide data required by the user.

Prerequisite

Deploy CFM between the tested devices.

Configure IP (scheduling of icmp-echo and icmp-jitter).

Raisecom Technology Co., Ltd. 282

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

9.3.3 Default configurations of SLA

Default configurations of SLA area as below.

Function

SLA scheduling status

SLA Layer 2 operation CoS

SLA jitter operation detection interval

Number of SLA jitter operation detection packets

Life period of SLA scheduling operation

Test period of SLA scheduling operation

Disable

Level 0

1s

10 forever

300s

Default value

9 OAM

9.3.4 Creating SLA operations

Create SLA operations for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#sla oper-num icmp-echo dest-ipaddr ip-address

[ dscp dscp-value ]

Configure basic information about SLA icmp-echo operation.

Raisecom(config)#sla oper-num icmp-jitter dest-ipaddr ip address

[ dscp dscp-value ] [ interval period ] [ packets packets-num ]

Configure basic information about SLA icmp-jitter operation.

After basic information of an operation (distinguished by operation number) is configured, the operation cannot be modified or reconfigured. If you need to modify the operation, delete the operation and then reconfigure it.

SLA supports at most 100 operations being scheduled at one time, but wait a schedule to finish (reach schedule life time or stop schedule) before schedule again or modify schedule information.

9.3.5 Configuring SLA scheduling

Configure SLA scheduling for the ISCOM2110G-PWR as below.

1

Step Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 283

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step Command

2

9 OAM

Description

Raisecom(config)#sla schedule oper-num

[ life { forever | life-time

} ]

[ period period

]

[ begin ]

Configure SLA operation scheduling information, and enable SLA operation scheduling.

By default, SLA operation scheduling is disabled.

If you use the begin parameter, the configuration will be loaded upon device startup, without actual scheduling operations. If you does not use the begin parameter, scheduling operations will be performed.

9.3.6 Checking configurations

Use the following commands to check configuration results.

No.

1

2

3

Command

Raisecom#show sla

{ all | oper-num

} configuration

Raisecom#show sla

{ all | oper-num

} result

Raisecom#show sla

{ all | oper-num } statistic

Description

Show SLA configurations.

Show test information of last SLA operation.

Show statistics of operation scheduling. The same operation (distinguished by operation number) can be taken statistics of for 5 groups. If more groups have to be taken statistics of, the oldest (according to start time of scheduling) group will be aged.

9.3.7 Example for configuring SLA

Networking requirements

As shown in Figure 9-6, the PC communicates with the server through the network consisting

of by Switch A, Switch B and Switch C. You can deploy CFM feature on switches to make the

Ethernet link between the server and the PC to reach the telecom-grade level. SLA is deployed on Switch A to effectively carry out SLA agreement signed with the users. SLA is periodically scheduled to test the network performance between Switch A and Switch C.

Conduct Layer 2 delay test on Switch A towards Switch C. Configure the operation on Switch

A, with operation number of 2, life period of scheduling of 20s, and test period of 10s.

Raisecom Technology Co., Ltd. 284

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 9 OAM

Figure 9-6 SLA networking

Configuration steps

Step 1 Configure CFM on Switches.

For details, see section 9.2.11 Example for configuring CFM.

Step 2 Enable operation scheduling on Switch A.

SwitchA#config

SwitchA(config)sla 2 icmp-echo dest-ipaddr

SwitchA(config)#sla schedule 2 life 20 period 10

Checking configurations

Use the show sla configuration command on Switch A to show SLA configurations.

Raisecom#show sla 2 configuration

------------------------------------------------------------------------

Operation <2>:

Type: icmp echo

DSCP: 0

StartTime: 0 days, 1 : 7 : 6

------------------------------------------------------------------------

Destination Ip Address: 192.168.27.33

Timeout(sec): 5

Schedule Life(sec): 20

Schedule Period(sec): 10

Schedule Status: Active

Raisecom Technology Co., Ltd. 285

10 System management

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10

System management

This chapter describes basic principle and configuration of system management and maintenance, and provides related configuration examples, and including the following sections:

SNMP

KeepAlive

RMON

Cluster management

LLDP

Extended OAM

Optical module DDM

System log

CPU monitoring

Ping

Traceroute

10.1 SNMP

10.1.1 Introduction

Simple Network Management Protocol (SNMP) is designed by the Internet Engineering Task

Force (IETF) to resolve problems in managing network devices connected to the Internet.

Through SNMP, a network management system can manage all network devices that support

SNMP, including monitoring network status, modifying configurations of a network device, and receiving network alarms. SNMP is the most widely used network management protocol in TCP/IP networks.

Principle of SNMP

SNMP is separated into two parts: Agent and NMS. The Agent and NMS communicate by

SNMP packets being sent through UDP.

Figure 10-1 shows the principle of SNMP.

Raisecom Technology Co., Ltd. 286

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

Figure 10-1 Principle of SNMP

Raisecom NView NNM system can provide friendly Human Machine Interface (HMI) to facilitate network management. The following functions can be realized through it:

Send request packets to the managed device.

Receive reply packets and Trap packets from the managed device, and show result.

The Agent is a program installed in the managed device, realizing the following functions:

Receive/reply request packets from NView NNM system

Read/write packets and generate response packets according to the packets type, then return the result to NView NNM system

Define trigger condition according to protocol modules, enter/exit from system or reboot device when conditions are satisfied; reply module sends Trap packets to NView NNM system through agent to report current status of device.

An Agent can be configured with several versions, and different versions communicate with different NMSs. But SNMP version of the NMS must be consistent with that of the connected agent so that they can intercommunicate properly.

Protocol versions

Till now, SNMP has three versions: v1, v2c, and v3, described as below.

SNMP v1 uses community name authentication mechanism. The community name, a string defined by an agent, acts like a secret. The network management system can visit the agent only by specifying its community name correctly. If the community name carried in a SNMP packet is not accepted by the ISCOM2110G-PWR, the packet will be discarded.

Compatible with SNMP v1, SNMP v2c also uses community name authentication mechanism. SNMP V2c supports more operation types, data types, and errored codes, and thus better identifying errors.

SNMP v3 uses User-based Security Model (USM) authentication and View-based Access

Control Model (VACM) mechanism. You can configure whether USM authentication is enabled and whether encryption is enabled to provide higher security. USM authentication mechanism allows authenticated senders and prevents unauthenticated senders. Encryption is to encrypt packets transmitted between the network management system and agents, thus preventing interception.

The ISCOM2110G-PWR supports v1, v2c, and v3 of SNMP.

Raisecom Technology Co., Ltd. 287

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

MIB

10 System management

Management Information Base (MIB) is the collection of all objects managed by NMS. It defines attributes for the managed objects:

Name

Access right

Data type

The device-related statistic contents can be reached by accessing data items. Each proxy has its own MIB. MIB can be taken as an interface between NMS and Agent, through which NMS can read/write every managed object in Agent to manage and monitor the ISCOM2110G-

PWR (B).

MIB stores information in a tree structure, and its root is on the top, without name. Nodes of the tree are the managed objects, which take a uniquely path starting from root (OID) for identification. SNMP protocol packets can access network devices by checking the nodes in

MIB tree directory.

The ISCOM2110G-PWR (B) supports standard MIB and Raisecom-customized MIB.

10.1.2 Preparing for configurations

Scenario

When you need to log in to the ISCOM2110G-PWR through NMS, please configure SNMP basic functions for ISCOM2110G-PWR in advance.

Prerequisite

Configure the IP address of the SNMP interface.

Configure the routing protocol and ensure that the route between the ISCOM2110G-

PWR and NMS is reachable.

10.1.3 Default configurations of SNMP

Default configurations of SNMP are as below.

Function

SNMP view

SNMP community

SNMP access group

SNMP user

Default value

system and internet views (default) public and private communities (default)

Index CommunityName ViewName Permission

1 public internet ro

2 private internet rw initialnone and initial access groups (default) none, md5nopriv, and shanopriv users (default)

Raisecom Technology Co., Ltd. 288

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

Mapping between SNMP user and access group

Logo and the contact method of administrator

Device physical location

Trap

SNMP target host address

SNMP engine ID

10 System management

Default value

Index GroupName UserName SecModel

-----------------------------------------------------------

0 initialnone none usm

1 initial md5nopriv usm

2 initial shanopriv usm [email protected] world china raisecom

Enable

N/A

800022B603000E5E13D266

10.1.4 Configuring basic functions of SNMP v1/v2c

To protect itself and prevent its MIB from unauthorized access, SNMP Agent proposes the concept of community. The management station in the same community must use the community name in all Agent operating. Otherwise, their requests will not be accepted.

The community name uses different SNMP string to identify different groups. Different communities can have read-only or read-write access authority. Groups with read-only authority can only query the device information, while groups with read-write authority can configure the ISCOM2110G-PWR and query the device information.

SNMP v1/v2c uses the community name authentication scheme, and the SNMP packets which are inconsistent to the community name will be discarded.

Configure basic functions of SNMP v1/v2c for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#snmpserver view view

name oid-tree

[ mask

]

{ excluded | included }

(Optional) create SNMP view and configure MIB variable range.

The default view is internet view. The MIB variable range contains all MIB variables below

"1.3.6" node of MIB tree.

Raisecom(config)#snmpserver community com

name

[ view viewname

] { ro | rw }

Create community name and configure the corresponding view and authority. Use default view internet if view view-name option is empty.

289 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

5

Command

Raisecom(config)#snmpserver access groupname

[ read viewname

] [ write view

name

] [ notify viewname

] { v1sm | v2csm }

Raisecom(config)#snmpserver group group name user user name

{ v1sm | v2csm | usm }

10 System management

(Optional) create and configure SNMP v1/v2c access group.

Description

(Optional) configure the mapping between users and access groups.

SNMP v1/v2c can specify the group for the community, and configure the security model of the group. When the security model is v1sm or v2csm, the security level will automatically change to noauthnopriv.

10.1.5 Configuring basic functions of SNMP v3

SNMPV3 uses USM mechanism. USM comes up with the concept of access group. One or more users correspond to one access group. Each access group sets the related read, write, and notification views. Users in an access group have access authorities of this view. The access group of users, who send Get and Set requests, must have authorities corresponding to the requests. Otherwise, the requests will not be accepted.

As shown in Figure 10-2, to access the switch through SNMP v3, you should perform the

following configurations:

Configure users.

Configure the access group of users.

Configure the view authority of the access group.

Create views.

Raisecom Technology Co., Ltd. 290

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

Figure 10-2 SNMP v3 authentication mechanism

Configure basic functions of SNMP v3 for the ISCOM2110G-PWR as below.

Step

1

2

3

4

5

6

Command

Raisecom#config

Description

Raisecom(config)#snmp-server view view name oid-tree [ mask ] { excluded

| included }

(Optional) create SNMP view and configure MIB variable range.

Raisecom(config)#snmp-server user user name [ remote engine-id ]

[ authentication { md5 | sha } authpassword ]

Raisecom(config)#snmp-server user user name [ remote engine-id ]

[ authkey { md5 | sha } keyword ]

Enter global configuration mode.

Create users and configure authentication modes.

(Optional) modify the authentication key and the encryption key.

Raisecom(config)#snmp-server access group-name [ read view-name ] [ write view-name ] [ notify view-name ]

[ context context-name { exact | prefix } ] usm { authnopriv | noauthnopriv }

Raisecom(config)#snmp-server group group

name

user user-name

{ usm | v1sm

| v2csm }

Create and configure the

SNMP v3 access group.

Configure the mapping between users and the access group.

Raisecom Technology Co., Ltd. 291

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.1.6 Configuring other information of SNMP

10 System management

Other information of SNMP is as below:

Logo and contact method of the administrator, which is used to identify and contact the administrator

Physical location of the device: describes where the device is located

SNMP v1, v2c, and v3 support configuring this information.

Configure other information of SNMP for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Raisecom(config)#snmpserver contact contact

Description

Enter global configuration mode.

(Optional) configure the logo and contact method of the administrator.

3

Raisecom(config)#snmpserver location location

For example, set the E-mail to the logo and contact method of the administrator.

(Optional) specify the physical location of the ISCOM2110G-PWR.

10.1.7 Configuring Trap

Trap configurations on SNMP v1, v2c, and v3 are identical except for Trap target host configurations. Configure Trap as required.

Trap is unrequested information sent by the ISCOM2110G-PWR to the NMS automatically, which is used to report some critical events.

Before configuring Trap, you need to perform the following configurations:

Configure basic functions of SNMP. SNMP v1 and v2c need to configure the community name; SNMP v3 needs to configure the user name and SNMP view.

Configure the routing protocol and ensure that the route between the ISCOM2110G-

PWR and NMS is reachable.

Configure Trap of SNMP for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface ip if-number

Raisecom(config-ip)#ip address ip-address

[ ipmask

] vlan-list

Enter Layer 3 interface configuration mode.

Configure the IP address of the Layer 3 interface.

292 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

Command

Raisecom(config-ip)#exit

5

6

Raisecom(config)#snmpserver host ip-address version 3 { authnopriv | noauthnopriv } user name

[ udpport port-id ]

Raisecom(config)#snmpserver host ip-address version { 1 | 2c } com name [ udpport udpport ]

Raisecom(config)#snmpserver enable traps

10 System management

Description

Exit from global configuration and enter privileged EXEC mode.

(Optional) configure SNMP v3-based Trap target host.

(Optional) configure SNMP v1-/SNMP v2cbased Trap target host.

Enable Trap.

10.1.8 Checking configurations

Use the following commands to check configuration results.

1

No.

2

3

4

5

6

7

8

9

Command

Raisecom#show snmp access

Raisecom#show snmp community

Raisecom#show snmp config

Description

Show SNMP access group configurations.

Show SNMP community configurations.

Show SNMP basic configurations, including local

SNMP engine ID, ID and contact of the network management personnel, device location, and Trap switch status.

Raisecom#show snmp group

Show the mapping between SNMP users and the access group.

Raisecom#show snmp host

Raisecom#show snmp statistics

Raisecom#show snmp user

Raisecom#show snmp view

Raisecom#show snmp trap remote

Show Trap target host information.

Show SNMP statistics.

Show SNMP user information.

Show SNMP view information.

Show remote Trap configurations of SNMP.

293 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

10.1.9 Example for configuring SNMP v1/v2c and Trap

Networking requirements

As shown in Figure 10-3, the route between the NView NNM system and Agent is reachable.

The Nview NNM system can view MIBs in the view of the remote switch through SNMP v1/v2c. And the switch can automatically send Trap to Nview NNM in emergency.

By default, there is VLAN 1 in the ISCOM2110G-PWR and all physical interfaces belong to

VLAN 1.

Figure 10-3 Configuring SNMP v1/v2c and Trap

Configuration steps

Step 1 Configure the IP address of the switch.

Raisecom#config

Raisecom(config)#interface ip 0

Raisecom(config-ip)#ip address 20.0.0.10 255.255.255.0 1

Raisecom(config-ip)#exit

Step 2 Configure the SNMP v1/v2c view.

Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 included

Step 3 Configure the SNMP v1/v2c community.

Raisecom(config)#snmp-server community raisecom view mib2 ro

Step 4 Configure Trap.

Raisecom(config)#snmp-server enable traps

Raisecom(config)#snmp-server host 20.0.0.221 version 2c raisecom

Raisecom Technology Co., Ltd. 294

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Checking results

10 System management

Use the show interface ip command to show configurations of IP addresses.

Raisecom#show interface ip

Index Ip Address NetMask Vid Status Mtu

------------------------------------------------------------------------

0 20.0.0.10 255.255.255.0 1 active 1500

Use the show snmp view command to show view configurations.

Raisecom#show snmp view

Index: 0

View Name: mib2

OID Tree: 1.2.6.1.2.1

Mask: --

Type: included

Index: 1

View Name: system

OID Tree: 1.3.6.1.2.1.1

Mask: --

Type: included

Index: 2

View Name: internet

OID Tree: 1.3.6

Mask: --

Type: included

Use the show snmp community command to show community configurations.

Raisecom#show snmp community

Index Community Name View Name Permission

------------------------------------------------------------

1 public internet ro

2 private internet rw

3 raisecom mib2 ro

Use the show snmp host command to show configurations of the Trap target host.

Raisecom#show snmp host

Index: 0

IP address: 20.0.0.221

Port: 162

User Name: raisecom

SNMP Version: v2c

Security Level: noauthnopriv

295 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

TagList: bridge config interface rmon snmp ospf

10 System management

10.1.10 Example for configuring SNMP v3 and Trap

Networking requirements

As shown in Figure 10-4, the route between the NView NNM system and Agent is reachable.

The Nview NNM system monitors the Agent through SNMP v3. The Agent can automatically send Trap to Nview NNM in emergency.

By default, there is VLAN 1 in the ISCOM2110G-PWR and all physical interfaces belong to

VLAN 1.

Raisecom Technology Co., Ltd.

Figure 10-4 Configuring SNMP v3 and Trap

Configuration steps

Step 1 Configure the IP address of the switch.

Step 2 Configure SNMP v3 access.

Configure access view mib2, including all MIB variables under 1.3.6.x.1.

Raisecom#config

Raisecom(config)#interface ip 0

Raisecom(config-ip)#ip address 20.0.0.10 255.255.255.0 1

Raisecom(config-ip)#exit

Raisecom(config)#snmp-server view mib2 1.3.6.1.2.1 1.1.1.1.0.1 included

Create user gusterusr1. Adopt md5 authentication algorithm. Set the password to raisecom.

Raisecom(config)#snmp-server user guestuser1 authentication md5 raisecom

Create a guestgroup access group. Set the security mode to usm. Set the security level to authnopriv. Set the name of the read-only view to mib2.

Raisecom(config)#snmp-server access guestgroup read mib2 usm authnopriv

296

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Map user gudestuser1 to the access group guestgroup.

10 System management

Raisecom(config)#snmp-server group guestgroup user guestuser1 usm

Step 3 Configure Trap.

Raisecom(config)#snmp-server enable traps

Raisecom(config)#snmp-server host 20.0.0.221

version 3 authnopriv guestuser1

Checking results

Use the show snmp access command to show configurations of the SNMP access group.

Index: 0

Group: initial

Security Model: usm

Security Level: authnopriv

Context Prefix: --

Context Match: exact

Read View: internet

Write View: internet

Notify View: internet

Index: 1

Group: guestgroup

Security Model: usm

Security Level: authnopriv

Context Prefix: --

Context Match: exact

Read View: mib2

Write View: --

Notify View: internet

Index: 2

Group: initialnone

Security Model: usm

Security Level: noauthnopriv

Context Prefix: --

Context Match: exact

Read View: system

Write View: --

Notify View: internet

Use the show snmp group command to show the mapping between users and the access group.

Raisecom Technology Co., Ltd. 297

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

Raisecom#show snmp group

Index GroupName UserName SecModel

-----------------------------------------------------------

0 initialnone none usm

1 initial md5nopriv usm

2 initial shanopriv usm

3 guestgroup guestuser1 usm

Use the show snmp host command to show configurations of the Trap target host.

Raisecom#show snmp host

Index: 0

IP address: 20.0.0.221

Port: 162

User Name: guestuser1

SNMP Version: v3

Security Level: authnopriv

TagList: bridge config interface rmon snmp ospf

10.2 KeepAlive

10.2.1 Introduction

KeepAlive packet is a kind of KeepAlive mechanism running in High-Level Data Link

Control (HDLC) link layer protocol. The ISCOM2110G-PWR will send a KeepAlive packet to confirm whether the peer is online every several seconds to realize neighbour detection mechanism.

Trap is the unrequested information sent by the ISCOM2110G-PWR actively to NMS, used to report some urgent and important events.

The ISCOM2110G-PWR sends KeepAlive Trap packet actively to the NView NNM system.

The KeepAlive Trap packet includes the basic information of ISCOM2110G-PWR, such as the name, OID, MAC address, and IP address. The Nview NNM system synchronizes device information based on IP address to discover NEs in a short time. This helps improve working efficiency and reduce working load of the administrator.

10.2.2 Preparing for configurations

Scenario

The ISCOM2110G-PWR sends KeepAlive Trap packet actively to the NView NNM system.

Therefore, the Nview NNM system can discover NEs in a short time. This helps improve working efficiency and reduce working load of the administrator. You can enable or disable

KeepAlive Trap and configure the period for sending KeepAlive Trap. When KeepAlive Trap is enabled, if configured with snmp enable traps and Layer 3 IP address, the ISCOM2110G-

PWR will send a KeepAlive Trap to all target hosts with Bridge Trap every KeepAlive Trap interval.

298 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Prerequisite

Configure the IP address of the SNMP interface.

10 System management

Configure basic functions of SNMP. SNMP v1 and v2c need to configure the community name; SNMP v3 needs to configure the user name and SNMP view.

Configure the routing protocol and ensure that the route between the ISCOM2110G-

PWR and NMS is reachable.

10.2.3 Default configurations of KeepAlive

Default configurations of KeepAlive are as below.

Default value Function

KeepAlive Trap

KeepAlive Trap period

Disable

300s

10.2.4 Configuring KeepAlive

Configure KeepAlive for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Raisecom(config)#snmpserver keepalive-trap enable

Raisecom(config)#snmpserver keepalive-trap interval period

Description

Enter global configuration mode.

Enable KeepAlive Trap.

(Optional) configure the period for sending KeepAlive Trap.

To avoid multiple devices sending KeepAlive Trap at the same time according to the same period and causing heavy network management load, the real transmission period of KeepAlive Trap is timed as period+5s random transmission.

10.2.5 Checking configurations

Use the following commands to check configuration results.

1

No. Command

Raisecom#show keepalive

Description

Show KeepAlive configurations.

Raisecom Technology Co., Ltd. 299

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.2.6 Example for configuring KeepAlive

Networking requirements

As shown in Figure 10-5, configure KeepAlive as below:

IP address of the switch: 192.169.1.2

IP address of the SNMP v2c Trap target host: 192.168.1.1

Name of the read-write community: public

SNMP version: SNMP v2c

Period for sending KeepAlive Trap: 120s

KeepAlive Trap: enabled

10 System management

Figure 10-5 Configuring KeepAlive

Configuration steps

Step 1 Configure the management IP address of the switch.

Raisecom#config

Raisecom(config)#interface ip 0

Raisecom(config-ip)#ip address 192.168.1.2 255.255.255.0 1

Raisecom(config-ip)#exit

Step 2 Configure the IP address of the SNMP Trap target host.

Raisecom(config)#snmp-server host 192.168.1.1 version 2c public

Step 3 Enable KeepAlive Trap.

Raisecom(config)#snmp-server keepalive-trap enable

Raisecom(config)#snmp-server keepalive-trap interval 120

Checking results

Use the show keepalive command to show KeepAlive configurations.

Raisecom Technology Co., Ltd. 300

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#show keepalive

Keepalive Admin State:Enable

Keepalive trap interval:120s

Keepalive trap count:1

10 System management

10.3 RMON

10.3.1 Introduction

Remote Network Monitoring (RMON) is a standard stipulated by IETF (Internet Engineering

Task Force) for network data monitoring through different network Agent and NMS.

RMON is achieved based on SNMP architecture, including the network management center and the Agent running on network devices. On the foundation of SNMP, increase the subnet flow, statistics, and analysis to achieve the monitoring to one network segment and the whole network, while SNMP only can monitor the partial information of a single device and it is difficult for it to monitor one network segment.

RMON Agent is commonly referred to as the probe program; RMON Probe can take the communication subnet statistics and performance analysis. Whenever it finds network failure,

RMON Probe can report network management center, and describes the capture information under unusual circumstances so that the network management center does not need to poll the device constantly. Compared with SNMP, RMON can monitor remote devices more actively and more effectively, network administrators can track the network, network segment or device malfunction more quickly. This approach reduces the data flows between network management center and Agent, makes it possible to manage large networks simply and powerfully, and makes up the limitations of SNMP in growing distributed Internet.

RMON Probe data collection methods:

Distributed RMON: network management center obtains network management information and controls network resources directly from RMON Probe through dedicated RMON Probe collection data.

Embedded RMON: embed RMON Agent directly to network devices (such as switches) to make them with RMON Probe function. Network management center will collect network management information through the basic operation of SNMP and the exchange data information of RMON Agent.

The ISCOM2110G-PWR adopts embedded RMON, as shown in Figure 10-6. The

ISCOM2110G-PWR implements RMON Agent. Through this function, the management station can obtain the overall flow, error statistics, and performance statistics of this network segment connected to the managed network device interface to a monitor the network segment.

Figure 10-6 RMON

Raisecom Technology Co., Ltd. 301

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

RMON MIBs are grouped into 9 groups according to functions. Currently, there are 4 groups achieved: statistics group, history group, alarm group, and event group.

Statistics group: collect statistics on each interface, including number of received packets and packet size distribution statistics.

History group: similar with the statistics group, but it only collect statistics in an assigned detection period.

Alarm group: monitor an assigned MIB object, set the upper and lower thresholds in an assigned time interval, and trigger an event if the monitored object exceeds the threshold.

Event group: cooperating with the alarm group, when alarm triggers an event, it records the event, such as sending Trap or writing it into the log, etc.

10.3.2 Preparing for configurations

Scenario

RMON helps monitor and account network traffic.

Compared with SNMP, RMON is a more efficient monitoring method. After you specify the alarm threshold, the ISCOM2110G-PWR actively sends alarms when the threshold is exceeded without obtaining variable information. This helps reduce traffic of Central Office

(CO) and managed devices and facilitates network management.

Prerequisite

The route between the ISCOM2110G-PWR and the NView NNM system is reachable.

10.3.3 Default configurations of RMON

Default configurations of RMON are as below.

Function

Statistics group

History group

Alarm group

Event group

Default value

Enabled on all interfaces (including Layer 3 interfaces and physical interfaces)

Disable

N/A

N/A

10.3.4 Configuring RMON statistics

RMON statistics is used to take statistics on an interface, including the number of received packets, undersized/oversized packets, collision, CRC and errors, discarded packets, fragments, unicast packets, broadcast packets, and multicast packets, as well as received packet size.

Configure RMON statistics for the ISCOM2110G-PWR as below.

Raisecom Technology Co., Ltd. 302

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

1

Step Command

Raisecom#config

2

Raisecom(config)#rmon statistics { ip if-number

| port-list port-list }

[ owner owner-name ]

10 System management

Description

Enter global configuration mode.

Enable RMON statistics on an interface and configure related parameters.

By default, RMON statistics of all interfaces is enabled.

When using the no rmon statistics{ port-list port-list | ip if-number } command to disable RMON statistics on an interface, you cannot continue to obtain the interface statistics, but the interface can still count data.

10.3.5 Configuring RMON historical statistics

Configure RMON historical statistics for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#rmon history { ip ifnumber

| port-list port

list

}

[ shortinterval short-period

]

[ longinterval long-period

] [ buckets buckets-number

] [ owner owner-name

]

Enable RMON historical statistics on an interface and configure related parameters.

When you use the no rmon history{ ip if-number | port-list port-list } command to disable RMON historical statistics on an interface, the interface will not count data and clear all historical data collected previously.

10.3.6 Configuring RMON alarm group

You can monitor a MIB variable (mibvar) by setting a RMON alarm group instance (alarm-

id). An alarm event is generated when the value of the monitored data exceeds the defined threshold. And then record the log or send Trap to the NView NNM system according to the definition of alarm events.

The monitored MIB variable must be real, and the data value type is correct.

If the setting variable does not exist or value type variable is incorrect, the system returns an error.

For the successfully-set alarm, if the variable cannot be collected later, close the alarm.

Reset it if you need to monitor the variable again.

By default, the triggered event ID is 0, which indicates that no event is triggered. If the number is not set to 0 and there is no event configured in the event group, the event will not

303 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management be successfully triggered when the monitored variable is abnormal. The event cannot be successfully trigged unless the event is established.

The alarm will be triggered as long as the upper or lower threshold of the event in the event table is matched. The alarm is not generated even when alarm conditions are matched if the event related to the upper/lower threshold (rising-event-id or falling-event-id) is not configured in the event table.

Configure RMON alarm group for the ISCOM2110G-PWR as below.

1

Step

2

Command Description

Raisecom#config

Enter global configuration mode.

Raisecom(config)#rmon alarm alarm-id mibvar

[ interval period ] { absolute | delta } rising-threshold rising-value [ risingevent-id ] falling-threshold falling-value

[ falling-event-id ] [ owner owner-name ]

Add alarm instances to the RMON alarm group and configure related parameters.

10.3.7 Configuring RMON event group

Configure the RMON event group for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Raisecom(config)#rmon event eventid

[ log ] [ trap ] [ description string

] [ owner owner-name

]

Description

Enter global configuration mode.

Add events to the RMON event group and configure processing modes of events.

10.3.8 Checking configurations

Use the following commands to check configuration results.

1

No.

2

3

4

5

Command

Raisecom#show rmon

Description

Show RMON configurations.

Raisecom#show rmon alarms

Show information about the RMON alarm group.

Raisecom#show rmon events

Show information about the RMON event group.

Raisecom#show rmon statistics [ port port-id

| ip if-number ]

Raisecom#show rmon history

{ port

port-id

| ip ifnumber

}

Show information about the RMON statistics group.

Show information about the RMON history group.

304 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.3.9 Maintenance

Maintain the ISCOM2110G-PWR as below.

10 System management

Command Description

Raisecom(config)#clear rmon Clear all RMON configurations.

10.3.10 Example for configuring RMON alarm group

Networking requirements

As shown in Figure 10-7, the ISCOM2110G-PWR is the Agent, connected to terminal

through Console interface, connected to remote NNM system through Internet. Enable

RMON statistics and perform performance statistics on Port 3. When the number of packets received by Port 2 exceeds the threshold in a period, the ISCOM2110G-PWR records logs and sends Trap alarm to the NView NNM system.

Figure 10-7 Configuring RMON alarm group

Configuration steps

Step 1 Create event 1. Event 1 is used to record and send the log information which contains the string High-ifOutErrors. The owner of the log information is set to system.

Step 2 Create alarm 10. Alarm 10 is used to monitor the MIB variable (1.3.6.1.2.1.2.2.1.20.1) every

20 seconds. If the value of the variable is added by 15 or greater, a Trap is triggered. The owner of the Trap is also set to system.

Raisecom#config

Raisecom(config)#rmon event 1 log description High-ifOutErrors owner system

Raisecom(config)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 interval 20 delta rising-threshold 15 1 falling-threshold 0 owner system

Raisecom Technology Co., Ltd. 305

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Checking results

10 System management

Use the show rmon alarms command to show information about the alarm group.

Raisecom#show rmon alarms

Alarm 10 is active, owned by system

Monitors 1.3.6.1.2.1.2.2.1.20.1 every 20 seconds

Taking delta samples, last value was 0

Rising threshold is 15, assigned to event 1

Falling threshold is 0, assigned to event 0

On startup enable rising and falling alarm

Use the show rmon events command to show information about the event group on the

ISCOM2110G-PWR.

Raisecom#show rmon events

Event 1 is active, owned by system

Description is: High-ifOuterErrors.

Event generated at 0:0:0

Send TRAP when event is fired.

When an alarm event is triggered, you can show related records at the alarm management dialog box of the NView NNM system.

10.4 Cluster management

10.4.1 Introduction

Cluster management protocol is used to manage a set of switch devices to provide users a new management method.

You can set up a cluster through a master switch to achieve centralized management and configuration to multiple devices added to the cluster. The main switch is called commander device, and the other managed switches are member devices. The commander device has a public IP address, while the member device is not configured with the IP address; the management and maintenance of member devices are often achieved through command redirection.

The cluster management can reduce workload of engineering and maintenance, and also save public IP address resources. The administrator only needs to configure the public IP address on a device to achieve management and maintenance of all cluster devices without logging into each device for configuration.

When using cluster management, different manufacturers have different implementations on the cluster program, generally using proprietary protocols, cluster, which shows that the cluster management technology has its limitations.

Raisecom Technology Co., Ltd. 306

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Cluster roles

10 System management

According to the different position and function of switches, the cluster has different roles.

You can configure to specify the role of switch. The cluster role can be commander device, member device, and candidate device.

Commander: also known as the management device, used to assign public IP addresses to provide management interfaces for all switches in the cluster. The commander device manages member devices by command redirection: the NMS system sends commands to the commander device for processing through the public network. The commander device will forward commands to member devices if it finds the commands should be executed on member devices. The command device can discover neighbor information, collect the entire network topology, manage cluster, maintain cluster state, and support a variety of agent functions.

Member: members in cluster, generally not configured with a public IP address. You manage member devices by command redirection through the command device. The member device can discover neighbor information, accept command device management, equipment, execute the commands from the command device, and report fault/log. The member device can be managed through the NMS or Telnet mode directly on the commander device after activation.

Candidate: it has not joined any clusters but still has cluster ability to become a cluster member switch. The difference from member device is the topology information of candidate device has already collected by command device but not yet joined the cluster.

When a candidate device is added to the cluster, it becomes a member device. When a member device is removed from the cluster, the device will recover to the candidate device again.

Figure 10-8 Cluster management

As shown in Figure 10-8, the switch configured with the IP address is the commander device,

while the switch managed by the command device redirection is a member device. The

Raisecom Technology Co., Ltd. 307

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management command device and member devices can form a cluster. The device not joining the cluster but with cluster ability is the candidate device.

Principle of cluster

Cluster management mainly contains three protocols:

Raisecom Neighbor Discover Protocol (RNDP) is responsible for the neighbor discovery and information gathering of devices.

Raisecom Topology Discover Protocol (RTDP) is responsible for the entire network topology information collection and processing.

Raisecom Cluster Management Protocol (RCMP) mainly configures to add, activate, and delete cluster members.

RTDP and RCMP protocols make communication in the cluster VLAN. So, if there are devices not supporting RAISECOM cluster management between the two devices for cluster management, you need to configure the cluster VLAN to ensure normal communication of

RCMP and RTDP protocols.

Each cluster must be specified with a command device. After the commander device is specified, it can discover and determine candidate devices through neighbour discovery and topology gathering protocol. You can add candidate device to the cluster by configuring them.

The candidate device will become a member device after be added to the cluster. If you wish to manage the ISCOM2110G-PWR through cluster management, you must activate it, or configure auto-activation on it.

10.4.2 Preparation for configuration

Scenario

There are a large number of switches needed to be managed in Layer 2 network, but the number of usable IP addresses is limited. Cluster management can use one IP address to manage multiple devices in one cluster.

Prerequisite

Ensure that the link between command device and member device is reachable.

10.4.3 Default configurations of cluster management

Default configurations of cluster management are as below.

Function

Device cluster role

Global RNDP of cluster members

Interface RNDP of cluster members

RTDP collection status of cluster members

Maximum RTDP collection range of cluster members

Cluster management VLAN

Default value

Candidate

Enable

Enable

Disable

16 hops

VLAN 4093

Raisecom Technology Co., Ltd. 308

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Function

Cluster management of the commander device

Maximum number of members managed by the commander device in the cluster

Auto-activation status of candidate device

MAC address of the commander device for auto-activation of candidate devices

10 System management

Default value

Disable

128

Disable

0000.0000.0000

10.4.4 (Optional) configuring RNDP

Configure RNDP for the ISCOM2110G-PWR as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#rndp enable

Raisecom(config)#interface port port-id

Enable global RNDP.

Enter physical layer interface configuration mode.

Raisecom(config-port)#rndp enable

Enable interface RNDP.

10.4.5 Configuring RTDP

Configuring basic functions of RTDP

Configure basic functions of RTDP for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#rtdp enable

Raisecom(config)#rtdp max-hop max-hop

Enable global RTDP function.

(Optional) configuration the maximum collection range for RTDP.

(Optional) configuring cluster VLAN

When configuring cluster VLAN, if the ISCOM2110G-PWR is a command device or member device, due to the cluster device has already confirmed cluster VLAN, then

Raisecom Technology Co., Ltd. 309

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management cluster VLAN configuration will lead to conflict and failure, exit cluster and configure successfully.

Configure cluster VLAN for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#clu ster vlan vlan-id port-list port-list

Description

Enter global configuration mode.

Configure cluster VLAN and interface list. The

VLAN used by cluster protocol packet communication has limited the range of cluster management.

10.4.6 Configuring cluster management on commander devices

Enabling cluster management

This configuration only applies to the command device.

If the ISCOM2110G-PWR is a cluster member device, delete it from member devices if you wish to use it as the commander device. At this time, the ISCOM2110G-PWR has become the commander device, but the ISCOM2110G-PWR still cannot manage other devices because there is already a commander device on the network.

Configure cluster management on commander devices for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)# cluster

Configure the ISCOM2110G-PWR as the commander device and enable cluster management.

Raisecom(configcluster)#maxmember max-number

(Optional) configure the maximum number of members managed by the commander device in the cluster.

Adding and activating candidate devices automatically

On the commander device, to facilitate adding and activating cluster members, you can use the same user name and password to add and activate all the candidate devices, or you can perform adding and activation operations on all candidate devices configured by this command. In addition, you can add or activate candidate devices one by one by following CLI.

Add and activate candidate devices automatically for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#cluster

Description

Enter global configuration mode.

Enter cluster configuration mode.

Raisecom Technology Co., Ltd. 310

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

Command

Raisecom(config-cluster)#member auto-build [ active user-name password

[ all ] ]

10 System management

Description

Add and activate candidate devices automatically.

Adding and activating candidate devices manually

To add and activate candidate devices on commander device, you need to add a cluster management device to cluster and activate it. After adding member device to the cluster, commander device cannot manage member device through cluster management without activation.

Add and activate candidate devices manually for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Raisecom(configcluster)#member macaddress

[ active username password

]

Enter global configuration mode.

Raisecom(config)#cluster

Enable cluster management function and enter cluster configuration mode.

Configure to add candidate device to cluster and activate it.

Use the no member { all | mac-address } command to delete all or specified cluster members. Use the member { all | mac-

address } suspend to suspend all or specified cluster members.

Accessing member devices remotely

Configure accessing member devices remotely for the ISCOM2110G-PWR as below.

Step

1

2

3

Command

Raisecom#config

Description

Raisecom(configcluster)#rcommand

{ hostname

[ macaddress

] | macaddress

}

Enter global configuration mode.

Raisecom(config)#cluster

Enter cluster configuration mode.

Log in to the cluster member device. You can conduct remote management to the activated member devices on the commander device.

10.4.7 (Optional) configuring auto-activation for candidate devices

You must set MAC address of the commander device after setting auto-activation on candidate device. And then the candidate device can be activated automatically by its

Raisecom Technology Co., Ltd. 311

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management commander device if the commander device is configured to add and activate all candidate members to cluster automatically when connecting the ISCOM2110G-PWR to network.

Configure auto-activation for candidate device for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

3

Raisecom(config)#clusterautoactive

Raisecom(config)#clusterautoactive commander-mac macaddress

Description

Enter global configuration mode.

Enable auto-activation.

Specify the MAC address of the commander device.

10.4.8 Checking configurations

Use the following commands to check configuration results.

No.

1

2

Command

Raisecom#show rndp

Raisecom#show rndp neighbor

Description

Show RNDP configurations.

Show information about the RNDP neighbor.

Show configurations on candidate and member devices.

3

6

7

4

5

Raisecom#show cluster

{ candidate | member [

macaddress

] }

Raisecom#show rtdp

Raisecom#show cluster

Raisecom#show cluster vlan

Show RTDP configurations.

Show cluster information.

Show configurations of cluster VLAN.

Show information about RTDP discovery device list.

Raisecom#show rtdp devicelist [

mac-address

| hostname

] [ detailed ]

10.4.9 Example for providing remote access through cluster management

Networking requirements

A lot of devices in Layer 2 network need to be managed, but current public IP address resources are limited. To manage multiple devices through a device, you can configure cluster management.

Cluster management uses one IP address to manage multiple devices in a cluster. Cluster management can be used to manage all member devices in cluster through commander device and log in to member devices remotely for configuration and maintenance.

Raisecom Technology Co., Ltd. 312

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

As shown in Figure 10-9, Switch A can log in to Switch B and Switch C for remote

management and maintenance. The following table list configurations on Switch A, Switch B, and Switch C.

Switch A

Device

Switch B

Switch C

MAC address

000E.5E03.5318

000E.5EBD.5951

000E.5E03.023C

Role

Command device

Member device

Member device

Figure 10-9 Providing remote access through cluster management

Configuration steps

Step 1 Enable global RNDP and enable RNDP on interfaces. Enable RTDP on Switch A.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#rndp enable

SwitchA(config)#rtdp enable

SwitchA(config)#interface port 1

SwitchA(config-port)#rndp enable

SwitchA(config-port)#exit

SwitchA(config)#interface port 2

SwitchA(config-port)#rndp enable

SwitchA(config-port)#exit

Raisecom Technology Co., Ltd. 313

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configure Switch B.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#rndp enable

SwitchB(config)#interface port 3

SwitchB(config-port)#rndp enable

SwitchB(config-port)#exit

Configure Switch C.

10 System management

Raisecom#hostname SwitchC

SwitchC#config

SwitchC(config)#rndp enable

SwitchC(config)#interface port 4

SwitchC(config-port)#rndp enable

SwitchC(config-port)#exit

Step 2 Enable cluster management on Switch A and automatically activate all candidate devices.

Step 3 Log in to Switch B through Switch A.

SwitchA(config)#cluster

SwitchA(config-cluster)#member auto-build active raisecom raisecom all

SwitchA(config-cluster)#exit

SwitchA#config

SwitchA(config)#cluster

SwitchA(config-cluster)#rcommand SwitchB

Login:raisecom

Password:

SwitchB>

Step 4 Log in to Switch C through Switch A. Steps are identical to the ones used for logging in to

Switch B.

Checking results

Use the show cluster command to show cluster information on Switch A.

SwitchA#show cluster

Identity:Commander

Current member number:2

Raisecom Technology Co., Ltd. 314

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Max member number:128

10 System management

Use the show cluster command to show information about the cluster member.

SwitchA#show cluster member

MAC Address ActiveOperationState ActiveManageState Hostname

-------------------------------------------------------------------

000E.5EBD.5951 Up Active SwitchB

000E.5E03.023C Up Active SwitchC

Use the show cluster to show cluster information on Switch B.

SwitchB#show cluster

Identity:Member

Autoactive:OFF

Autoactive commander mac:0000.0000.0000

Commander mac:000e.5e03.5318

Use the show cluster command to show cluster information on Switch C. Configurations are identical to the ones on Switch B.

10.5 LLDP

10.5.1 Introduction

With the enlargement of network scale and increase of network devices, the network topology becomes more and more complex and network management becomes very important. A lot of network management software adopts auto-detection function to trace changes of network topology, but most of the software can only analyze the Layer 3 network and cannot make sure the interfaces connect to other devices.

Link Layer Discovery Protocol (LLDP) is based on IEEE 802.1ab standard. Network management system can fast grip the Layer 2 network topology and changes.

LLDP organizes the local device information in different Type Length Value (TLV) and encapsulates in Link Layer Discovery Protocol Data Unit (LLDPDU) to transmit to straightconnected neighbour. It also saves the information from neighbour as standard Management

Information Base (MIB) for network management system querying and judging link communication.

Basic concepts

LLDP packet is to encapsulate LLDPDU Ethernet packet in data unit and transmitted by multicast.

Raisecom Technology Co., Ltd. 315

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

LLDPDU is data unit of LLDP. The device encapsulates local information in TLV before forming LLDPDU, then several TLV fit together in one LLDPDU and encapsulated in

Ethernet data for transmission.

As shown in Figure 10-11, LLDPDU is made by several TLV, including 4 mandatory TLV and

several optional TLV.

Figure 10-10 LLDPDU structure

TLV: unit combining LLDPDU, which refers to the unit describing the object type, length and information.

As shown in Figure 10-11, each TLV denotes piece of information at local, such as device ID,

interface ID, etc. related Chassis ID TLV, Port ID TLV fixed TLV.

Figure 10-11 Basic TLV structure

Table 10-1 lists TLV type. At present only types 0–8 are used.

6

7

8

4

5

2

3

Table 10-1 TLV types

0

TLV type Description

End Of LLDPDU

1 Chassis ID

Port ID

Time To Live

Port Description

System Name

System Description

System Capabilities

Management Address

Optional/Required

Required

Required

Required

Required

Optional

Optional

Optional

Optional

Optional

Principle of LLDP

LLDP is a kind of point-to-point one-way issuance protocol, which sends link status of the local device to peer end by sending LLDPDU (or sending LLDPDU when link status changes) periodically from the local device to the peer end.

Raisecom Technology Co., Ltd. 316

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

The procedure of packet exchange is as below:

10 System management

When the local device transmits packet, it obtains system information required by TLV from NView NNM (Network Node Management), obtains configurations from LLDP

MIB, generates TLV, makes LLDPDU, encapsulates information to LLDP packets, and send LLDP packets to the peer end.

The peer end receives LLDPDU and analyzes TLV information. If there is any change, the information will be updated in neighbor MIB table of LLDP and the NView NNM system will be notified.

The aging time of Time To Live (TTL) in local device information in the neighbour node can be adjusted by modifying the parameter values of aging coefficient, sends LLDP packets to neighbour node, after receiving LLDP packets, neighbour node will adjust the aging time of its neighbour nodes (sending side) information. Aging time formula, TTL = Min {65535,

(interval × hold-multiplier)}:

Interval: indicate the period for sending LLDP packets from the neighbor node.

Hold-multiplier: the aging coefficient of device information in neighbor node.

10.5.2 Preparing for configurations

Scenario

When you obtain connection information between devices through NView NNM system for topology discovery, the ISCOM2110G-PWR needs to enable LLDP, notify their information to the neighbours mutually, and store neighbour information to facilitate the NView NNM system queries.

Prerequisite

N/A

10.5.3 Default configurations of LLDP

Default configurations of LLDP are as below.

Function

Global LLDP status

Interface LLDP status

Delay timer

Period timer

Aging coefficient

Restart timer

LLDP alarm status

Alarm notification timer

Disable

Enable

2s

30s

4

2s

Enable

5s

Default value

Raisecom Technology Co., Ltd. 317

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.5.4 Enabling global LLDP

10 System management

After global LLDP is disabled, you cannot re-enable it immediately. Global LLDP cannot be enabled unless the restart timer times out.

When you obtain connection information between devices through the NView NNM system for topology discovery, the ISCOM2110G-PWR needs to enable LLDP, sends their information to the neighbours mutually, and stores neighbour information to facilitate query by the NView NNM system.

Enable global LLDP for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#lldp enable

Description

Enter global configuration mode.

Enable global LLDP.

After global LLDP is enabled, use the lldp

disable command to disable this function.

10.5.5 Enabling interface LLDP

Enable interface LLDP for the ISCOM2110G-PWR as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interfac e port

port-id

3

Raisecom(configport)#lldp enable

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enable LLDP on an interface.

Use the lldp disable command to disable this function.

10.5.6 Configuring basic functions of LLDP

When configuring the delay timer and period timer, the value of the delay timer should be smaller than or equal to a quarter of the period timer value.

Configure basic functions of LLDP for the ISCOM2110G-PWR as below.

1

Step Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 318

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step Command

2

3

4

5

10 System management

Description

Raisecom(config)#lldp message-transmission interval period

Raisecom(config)#lldp message-transmission delay period

Raisecom(config)#lldp message-transmission hold-multiplier holdmultiplier

Raisecom(config)#lldp restart-delay period

(Optional) configure the period timer of the

LLDP packet.

(Optional) configure the delay timer of the LLDP packet.

(Optional) configure the aging coefficient of the

LLDP packet.

(Optional) restart the timer. When configuring the delay timer and period timer, the value of the delay timer should be smaller than or equal to a quarter of the period timer value.

10.5.7 Configuring LLDP alarm

When the network changes, you need to enable LLDP alarm notification function to send topology update alarm to the NView NNM system immediately.

Configure LLDP alarm for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#snmp

-server lldp-trap enable

Raisecom(config)#lldp trap-interval period

Enable LLDP alarm.

(Optional) configure the period timer of LLDP alarm Trap.

After being enabled with LLDP alarm, the ISCOM2110G-PWR sends Traps upon detecting aged neighbours, newly-added neighbours, and changed neighbour information.

10.5.8 Checking configurations

Use the following commands to check configuration results.

1

No.

2

Command

Raisecom#show lldp local config

Raisecom#show lldp local system-data [ port-list portid ]

Description

Show LLDP local configurations.

Show information about the LLDP local system.

Raisecom Technology Co., Ltd. 319

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

No.

3

4

Command

Raisecom#show lldp remote

[ port-list port-id

]

[ detail ]

Raisecom#show lldp statistic

[ port-list port-id ]

10.5.9 Maintenance

Maintain the ISCOM2110G-PWR as below.

10 System management

Description

Show information about the LLDP neighbor.

Show statistics of LLDP packets.

No.

1

2

Command

Raisecom(config)#clear lldp statistic

[ port-list port-id

]

Raisecom(config)#clear lldp remotetable [ port-list port-id ]

Description

Clear LLDP statistics.

Clear information about the

LLDP neighbor.

10.5.10 Example for configuring basic functions of LLDP

Networking requirements

As shown in Figure 10-12, Switches are connected to the NView NNM system. Enable LLDP

on links between Switch A and Switch B. And then you can query the Layer 2 link changes through the NView NNM system. If the neighbour is aged, the neighbour is added, or the neighbour information changes, Switch A and Switch B sends LLDP alarm to the NView

NNM system.

Figure 10-12 Configuring basic functions of LLDP

Raisecom Technology Co., Ltd. 320

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Configuration steps

Step 1 Enable LLDP globally and enable LLDP alarm.

Configure Switch A.

Raisecom#hostname SwitchA

SwitchA#config

SwitchA(config)#lldp enable

SwitchA(config)#snmp-server lldp-trap enable

Configure Switch B.

Step 2 Configure management IP addresses.

Configure Switch A.

Raisecom#hostname SwitchB

SwitchB#config

SwitchB(config)#lldp enable

SwitchB(config)#snmp-server lldp-trap enable

SwitchA(config)#create vlan 1024 active

SwitchA(config)#interface port 1

SwitchA(config-port)#switchport access vlan 1024

SwitchA(config-port)#exit

SwitchA(config)#interface ip 1

SwitchA(config-ip)#ip address 10.10.10.1 1024

SwitchA(config-ip)#exit

Configure Switch B.

SwitchB(config)#create vlan 1024 active

SwitchB(config)#interface port-list 1

SwitchB(config-port)#switchport access vlan 1024

SwitchB(config)#interface ip 1

SwitchB(config-ip)#ip address 10.10.10.2 1024

SwitchB(config-ip)#exit

Step 3 Configure LLDP properties.

Configure Switch A.

SwitchA(config)#lldp message-transmission interval 60

10 System management

321 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

SwitchA(config)#lldp message-transmission delay 9

SwitchA(config)#lldp trap-interval 10

Configure Switch B.

SwitchB(config)#lldp message-transmission interval 60

SwitchB(config)#lldp message-transmission delay 9

SwitchB(config)#lldp trap-interval 10

10 System management

Checking results

Use the show lldp local config command to show local LLDP configurations.

SwitchA#show lldp local config

System configuration:

-------------------------------------------------------------------------

LLDP enable status: enable (default is disabled)

LldpTxDelay: 9 (default is 2s)

SwitchB#show lldp local config

System configuration:

-------------------------------------------------------------------------

LLDP enable status: enable (default is disabled)

LldpTxDelay: 9 (default is 2s)

Use the show lldp remote command to show information about the LLDP neighbour.

SwitchA#show lldp remote

Port ChassisId PortId SysName MgtAddress ExpiredTime

------------------------------------------------------------------------- port1 000E.5E02.B010 port 1 SwitchB 10.10.10.2 106

……

SwitchB#show lldp remote

Port ChassisId PortId SysName MgtAddress ExpiredTime

-------------------------------------------------------------------------

322 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management port1 000E.5E12.F120 port 1 SwitchA 10.10.10.1 106

10.6 Extended OAM

10.6.1 Introduction

Extended OAM is based on IEEE 802.3ah OAM links. Based on standard OAM extendibility, it enhances OAM functions, including remote configurations and monitoring.

As shown in Figure 10-13, establish an extended OAM link between the remote switch A and

Central Office (CO) Switch B directly connected to the NView NNM system, to enable

Switch B to manage Switch A.

Figure 10-13 Extended OAM networking

Extended OAM functions including remote configurations and monitoring, with details as below:

Obtain attributes of the remote device: the CO device can obtain attributes, configurations, and statistics of the remote device through extended OAM.

Configure basic functions for the remote device: through extended OAM, the CO device can configure some functions for the remote device, including host name, interface enabling/disabling status, rate, duplex mode, bandwidth, and failover status.

Configure network management parameters for the remote device: the CO device can configure network management parameters for remote SNMP-supportive devices, such as IP address, gateway, management IP address, and read/write community, and then implement overall network management through SNMP.

Support remote Trap: when an interface on a remote device is Up or Down, it sends an extended OAM notification to the CO device which will then send Trap message of the remote device to the NMS.

Reboot the remote device: the CO device can send a command to reboot the remote device.

Support other remote management functions: as the remote functions increase, the CO device can manage more remote functions through extended OAM protocols, such as

SFP and QinQ.

Raisecom Technology Co., Ltd. 323

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

When the ISCOM2110G-PWR works as the CO device, different remote devices may support different extended OAM functions. Whether an extended OAM function is supported depends on the remote device. For details, see the corresponding manuals.

For example, the remote device is the RC551E, which supports to be configured with the following extended OAM functions:

Configure the IP address (including the default gateway and IP address of the out-ofband interface).

Configure the name of the remote host.

Configure network management of the remote device.

Manage configuration files of the remote device.

Reboot the remote device.

Clear statistics of extended OAM links.

Show extended OAM capabilities of the remote device.

Show basic information about the remote device.

Show interface information about the remote device.

Show Trap status of the remote device.

Show extended OAM link status.

10.6.2 Preparation for configuration

Scenario

Extended OAM is used to establish connection between Central Office (CO) device and remote device to achieve remote management.

Prerequisite

Establish OAM link between devices to establish extended OAM link.

The following configurations take ISCOM2110G-PWR as the CO device. For different remote devices, the extended OAM networking situation and configuration commands may be different; configure the ISCOM2110G-PWR according to the specific remote networking situation.

10.6.3 Default configurations of extended OAM

Default configurations of extended OAM are as below.

Function

OAM status

OAM working mode

Remote Trap status

Disable passive

Enable

Default value

Raisecom Technology Co., Ltd. 324

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.6.4 Establishing OAM link

10 System management

You need to establish OAM link between devices to establish extended OAM link and both sides of devices are OAM active mode and passive mode respectively.

Establish OAM link on the CO device and remote device as below.

1

2

Step Command

Raisecom#config

Raisecom(config)#oam

{ active | passive }

Description

Enter global configuration mode.

Configure OAM working mode.

Establish both sides of OAM link; configure the CO device to active mode and remote device to passive mode.

Enter physical layer interface configuration mode.

3

4

Raisecom(config)#interf ace interface-type interface-number

Raisecom(configport)#oam enable

Enable interface OAM.

10.6.5 Configure extended OAM protocols

Configure extended OAM protocols for the ISCOM2110G-PWR as below.

1

2

Step

3

Command

Raisecom#config

Raisecom(config)#extendedoam config-request enable

Raisecom(config)#extendedoam notification enable

Description

Enter global configuration mode.

Enable power-on configuration request.

Enable sending extended OAM notification packets.

10.6.6 Entering remote configuration mode

The interface can enter remote configuration mode only when OAM link is established between CO device and remote device.

Enter remote configuration mode for the CO device as below.

1

2

Step Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface interface-type interface-number

Enter physical layer interface configuration mode.

Raisecom Technology Co., Ltd. 325

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

4

Command

Raisecom(config-port)#remotedevice

Raisecom(configremote)#interface client client-id

Raisecom(config-remoteport)#

10 System management

Description

Enter remote configuration mode.

(Optional) enter remote interface configuration mode.

10.6.7 (Optional) showing remote extended OAM capacity

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

On the CO device, you can use the command of show oam capability to show remote device extended OAM capacity, and then take configuration according to the specific device.

Showe remote extended OAM capacity on the CO device as below.

1

2

3

4

Step Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface interface-type interfacenumber

Raisecom(configport)#remote-device

Raisecom(configremote)#show oam capability

Enter physical layer interface configuration mode.

Enter remote configuration mode.

Show remote device extended OAM management capacity.

10.6.8 Configuring remote host name

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Configure the remote host name on the CO device as below.

1

Step

2

3

Command

Raisecom#config

Raisecom(config)#interface interface-type interfacenumber

Raisecom(configport)#remote-device

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

Raisecom Technology Co., Ltd. 326

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

4

Step Command

Raisecom(configremote)#hostname hostname

10.6.9 Configuring MTU for remote device

10 System management

Description

Configure remote host name.

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Configure MTU for the remote device as below.

1

Step

2

3

4

Command

Raisecom#config

Raisecom(config)#interface interface-type interfacenumber

Raisecom(configport)#remote-device

Raisecom(configremote)#system mtu size

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

Configure MTU for the remote device.

10.6.10 Configuring IP address of remote device

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Configure the IP address of the remote device as below.

1

2

3

Step Command

Raisecom#config

Raisecom(config)#interf ace interface-type interface-number

Raisecom(configport)#remote-device

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

Raisecom Technology Co., Ltd. 327

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

4

Command

Raisecom(configremote)#ip address ipaddress

[ ip-mask

] vlan-list

5

Raisecom(configremote)#ip defaultgateway ip-address

10 System management

Description

Configure remote device IP address.

Set the IP address of IP interface 0 on the remote device to take effect.

IP address configuration needs to specify management VLAN, if this VLAN does not exist, create VLAN and take all interfaces as member interface by default; if associated

VLAN exists, do not modify the member interface configuration.

(Optional) configure remote device default gateway. The default gateway and configured IP address of IP interface 0 need to be in the same network segment.

10.6.11 Configuring interface parameters on remote device

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Configure different remote interface parameters in different mode:

In remote interface configuration mode, configure remote interface Up/Down, speed and working mode, etc.

In remote configuration mode, configure remote interface auto-negotiation, interface bandwidth, and failover, etc.

Configuring interface parameters in remote interface configuration mode

In remote interface configuration mode, configure remote interface Up/Down, rate and working mode, etc.

Configure interface parameters in remote interface configuration mode as below.

Step

1

2

3

4

5

Command

Raisecom#config

Raisecom(config)#interf ace interface-type interface-number

Raisecom(configport)#remote-device

Raisecom(configremote)#interface client client-id

Raisecom(configremoteport)#shutdown

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

Enter remote interface configuration mode.

(Optional) shut down the remote interface.

Raisecom Technology Co., Ltd. 328

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

6

7

Command

Raisecom(configremoteport)#speed

{ auto | 10| 100 }

Raisecom(configremoteport)#duplex

{ full | half }

10 System management

Description

(Optional) configure the interface rate on the remote device.

(Optional) configure remote device Client interface duplex mode.

8

Raisecom(configremoteport)#flowcontrol

{ on | off }

The OAM link maybe disconnect after configuring remote interface duplex mode.

(Optional) enable/disable flow control on the user interface of the remote device.

Configuring interface parameters in remote configuration mode

In remote configuration mode, configure remote interface auto-negotiation, interface bandwidth, and failover, etc.

Configure interface parameters in remote configuration mode as below.

Step

1

2

3

4

5

6

7

Command

Raisecom#config

Raisecom(configremote)#rate-limit interface-type interface-number ingress rate

Raisecom(configremote)#fault-pass enable

Description

Enter global configuration mode.

Raisecom(config)#interf ace interface-type interface-number

Raisecom(configport)#remote-device

Raisecom(configremote)#description

{ line

line-id

| client client-id

}

string

Raisecom(configremote)#line-speed auto

Enter physical layer interface configuration mode.

Enter remote configuration mode.

(Optional) configure description of the interface on the remote device.

(Optional) configure rate auto-negotiation on the Line interface of the remote device.

You can configure the optical interface with auto-negotiation when the interface connecting remote device and CO device is the 1000

Mbit/s optical interface.

(Optional) configure ingress bandwidth of the remote interface.

(Optional) enable remote failover.

The fault optical interface on the remote device changes to electrical port after being enabled with remote failover.

Raisecom Technology Co., Ltd. 329

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

8

9

Command

Raisecom(configremote)#inside-loopback

[ crc-recalculate ]

Raisecom(configremote)#test cablediagnostics

10 System management

Description

(Optional) enable inner loopback on the optical interface on the remote device.

Conduct virtual line detection on the remote device.

For the above interface configuration in remote configuration mode:

If the command line provides specified interface parameters, the corresponding

 configuration will take effect on specified interface;

If the command line does not provide specified interface parameters, the corresponding configuration will take effect on all interfaces of the corresponding type on the remote device.

10.6.12 Uploading and downloading files on remote device

Downloading files from server to remote device

The system bootstrap file, system startup file, configuration files, and FPGA file can be forwarded from the CO device to the remote device, which can be initiated by the CO device or the remote device. If the CO device initiates this, it can upgrade multiple remote devices.

On the CO device, download files from the FTP/TFTP server to the remote device as below.

Step

1

2

3

4

Command

Raisecom#config

Raisecom(config)#interface interface-type interfacenumber

Raisecom(config-port)#remotedevice

Raisecom(configremote)#download { bootstrap

| startup-config | systemboot | fpga } { ftp ipaddress user-name password file-name

| tftp

ip-address file-name

}

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

On the CO device, download files from the FTP/TFTP server to the remote device.

On the remote device, download files from the FTP/TFTP server to the remote device as below.

Step

1

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom Technology Co., Ltd. 330

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

2

3

Command

Raisecom(config)#interface interface-type interfacenumber

Raisecom(configport)#download { bootstrap | startup-config | system-boot

| fpga } { ftp ip-address user-name password file-name

| tftp ip-address file-name }

10 System management

Description

Enter physical layer interface configuration mode.

On the remote device, download files from the FTP/TFTP server to the remote device.

Uploading files from emote device the server

The system bootstrap file, system startup file, configuration files, and FPGA file can be forwarded from the remote device to the server, which can be initiated by the CO device or the remote device. If the CO device initiates this, it cannot upgrade multiple remote devices.

On the CO device, upload files from the remote device to the server as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface interface-type interfacenumber

Raisecom(config-port)#remotedevice

Raisecom(configremote)#upload { startupconfig | system-boot } { ftp ip-address user-name password file-name | tftp ip-address file-name }

Enter physical layer interface configuration mode.

Enter remote configuration mode.

On the CO device, upload files from the remote device to the server.

On the remote device, upload files from the remote device to the server as below.

Step

1

2

3

Command

Raisecom#config

Raisecom(config)#interface interface-type interfacenumber

Raisecom(config-port)#upload

{ startup-config | systemboot } { ftp ip-address username password file-name | tftp ip-address file-name }

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

On the remote device, upload files from the remote device to the server.

Raisecom Technology Co., Ltd. 331

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Downloading remote device files from server to CO device

10 System management

The system bootstrap file, system startup file, configuration files, and FPGA file of the remote device can be downloaded through FTP or TFTP from the server to the CO device, and saved with a specified name in the flash of the remote device. This is prepared for further upgrading of the remote device.

Download remote device files from the server to the CO device as below.

Step

1

Command

Raisecom#download { remote-bootstrap | remote-system-boot | remote-startup-config | remote-fpga } { ftp ip-address user-name password file-name local-file-name | tftp ip-address file-name local-file-name }

Description

Download remote device files from the server to the CO device.

Uploading remote device files from CO device to server

Upload remote device files from the CO device to the server as below.

Step

1

Command

Raisecom#upload { remote-bootstrap | remotesystem-boot | remote-startup-config | remote-fpga } { ftp

ip-address user-name password file-name local-file-name

| tftp ip-address file-name local-file-name

}

Description

Upload remote device files from the

CO device to the server.

Downloading files from CO device to remote device

The remote device files saved in the flash of the CO device can be downloaded to the remote device through extended OAM protocols, which can be initiated by the CO device or the remote device. If the CO device initiates this, it can upgrade multiple remote devices.

On the CO device, download files from the CO device to the remote device as below.

Step

1

2

3

4

5

Command

Raisecom#config

Raisecom(config)#interface interface-type interfacenumber

Raisecom(config-port)#remotedevice

Raisecom(configremote)#download { bootstrap

| system-boot | fpga } filename

Raisecom(configremote)#download startupconfig [ file-name ]

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

Download the system bootstrap file, system startup file, and FPGA file from the CO device to the remote device.

Download configuration files from the

CO device to the remote device.

Raisecom Technology Co., Ltd. 332

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

On the remote device, download files from the CO device to the remote device as below.

Step

1

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface interface-type interfacenumber

Raisecom(configport)#download { bootstrap | system-boot | fpga } filename

Raisecom(configport)#download startup-config

[ file-name

]

Enter physical layer interface configuration mode.

Download the system bootstrap file, system startup file, and FPGA file from the CO device to the remote device.

Download configuration files from the

CO device to the remote device.

10.6.13 Configuring remote network management

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Configuring remote network management

Configure remote network management for the CO device as below.

Step

1

Command

Raisecom#config

2

Raisecom(config)#interface port

port-id

3

4

Raisecom(config-port)#remotedevice

Raisecom(config-remote)#snmpserver community communityname { ro | rw }

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

Configure remote read/write community and read/write authority.

Configuring remote Trap

The remote device generates Trap information, which will be sent to CO device through OAM notification packet and then CO device will send the Trap to network management system.

To configure network management system to accept remote Trap, you need to enable remote

Trap function on CO device and maybe enable to send extended OAM notification function on remote device.

Configure remote Trap for the CO device as below.

Raisecom Technology Co., Ltd. 333

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

1

Command

Raisecom#config

2

Raisecom(config)#snmp trap remote enable

10 System management

Description

Enter global configuration mode.

Enable remote device to send Trap function.

To configure remote Trap, some remote devices need to perform the command of

extended-oam notification enable to enable to send extended OAM notification function in remote configuration mode.

10.6.14 Configuring remote VLAN

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Different remote devices may have different configuration commands.

You can configure remote VLAN and process packets received by the remote device according to VLAN property configuration, such as set remote VLAN status, VLAN tag property and create remote VLAN group, etc.

Remote VLAN status:

dot1q: remote VLAN mode is Dot1q; the packets entering device interface will be forwarded in accordance with dot1q mode.

forbid: forbid remote VLAN function; the packets entering device interface will be forwarded in accordance with transparent transmission mode.

port: remote VLAN is Port mode.

Enable remote VLAN CoS function, deal with the packets entering device interface according to VLAN priority, high priority first and low priority second.

Configure remote VLAN for the CO device as below.

1

Step

2

3

4

5

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port port-id

Enter physical layer interface configuration mode.

Raisecom(configport)#remote-device

Raisecom(config-remote)#vlan

{ dot1q | forbid | port }

Enter remote configuration mode.

(Optional) configure remote VLAN status.

Raisecom(config-remote)#vlan cos enable

(Optional) enable remote VLAN CoS.

Raisecom Technology Co., Ltd. 334

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

6

7

Command

Raisecom(config-remote)#vlan

{ cable-port | cpu-port | fiber-port } { tag | untag } priority priority

pvid pvid

Raisecom(config-remote)#vlan group group-id vid vid member-list member-list

10 System management

Description

(Optional) configure remote VLAN tag property.

(Optional) create remote VLAN group.

10.6.15 Configuring remote QinQ

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Configure remote QinQ for the CO device as below.

Step

1

2

3

4

5

6

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface port

port-id

Enter physical layer interface configuration mode.

Raisecom(configport)#remote-device

Raisecom(configremote)#switch-mode transparent

Raisecom(configremote)#switch-mode dot1qvlan native-vlan vlan-id

[ line ]

Raisecom(configremote)#switch-mode double-tagged-vlan [ tpid tpid ] native-vlan vlan-id

[ line ]

Enter remote configuration mode.

(Optional) configure the remote device to work in full transparent transmission mode.

(Optional) enable the remote device to work single Tag forwarding mode.

(Optional) configure the remote device to work in double Tag forwarding mode.

To configure remote device to work in full transparent transmission mode, do not deal with data packets.

To configure remote device to work in single Tag mode, after the ISCOM2110G-

PWR is configured to single Tag mode, the data packets without Tag from user interface will be marked with Tag with local VLAN ID; do nothing if there is Tag.

To configure remote device to work in double Tag mode, after the ISCOM2110G-

PWR is configured to double Tag mode, the data packets without Tag from user interface will be marked with outer Tag with specified TPID and local VLAN ID.

Raisecom Technology Co., Ltd. 335

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.6.16 Managing remote configuration files

10 System management

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Manage remote configuration files on the CO device as below.

1

Step

2

3

4

5

6

Command

Raisecom#config

Raisecom(config)#interf ace port

port-id

Raisecom(configport)#remote-device

Raisecom(configremote)#write

Raisecom(configremote)#write local

Raisecom(configremote)#erase

(Optional) save remote device configuration files in remote device flash.

(Optional) save remote device configuration files in CO device flash.

(Optional) delete remote device configuration files.

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

10.6.17 Rebooting remote device

During resetting or rebooting remote device, OAM link maybe disconnect and the

CO device will not connect with remote device.

Whether the remote device supports this function varies with the specific remote device. For details, see the corresponding manuals.

Configuring rebooting the remote device on the CO device as below.

Step

1

2

3

4

Command

Raisecom#config

Raisecom(config)#interfa ce port port-id

Raisecom(configport)#remote-device

Raisecom(configremote)#reboot

Description

Enter global configuration mode.

Enter physical layer interface configuration mode.

Enter remote configuration mode.

Reboot remote device.

Raisecom Technology Co., Ltd. 336

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.6.18 Checking configurations

10 System management

Whether the remote device supports the following items varies with the specific remote device. For details, see the corresponding manuals.

Use the following commands to check configuration results.

1

2

3

4

5

6

7

8

9

No.

10

11

Command

Raisecom(config-remote)#show remote-device information

Description

Show basic information about the remote device.

Raisecom#show extended-oam status

[ port-list port-list

]

Raisecom(config-remote)#show interface port [ detail | statistics ]

Raisecom(config-remote)#show cable-diagnostics

Show extended OAM link status.

Show information about the remote device interfaces.

Show information about line diagnosis.

Raisecom(config-remote)#show inside-loopback

Show loopback status on the optical interface on the remote device and loopback parameters.

Raisecom(config-remote)#show oam capability

Show OAM capabilities supported by the remote device.

Raisecom(config-remote)#show remote-device information

Show basic information about the remote device.

Raisecom(config-remote)#show vlan basic-information

Show basic information about

VLANs on the remote device.

Raisecom(config-remote)#show vlan group-information { all | groupid }

Raisecom#show extended-oam statistics [ port-list portlist ]

Raisecom#show snmp trap remote

Show information about VLAN groups on the remote device.

Show statistics of extended OAM frames.

Show Trap enabling status on the remote device.

10.6.19 Maintenance

Maintain the ISCOM2110G-PWR as below.

Command

Raisecom(config)#clear extended-oam statistics [ port-list port-list ]

Description

Clear statistics of extended OAM packets.

337 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

10.6.20 Example for configuring extended OAM to manage remote device

Networking requirements

As shown in Figure 10-14, the RC551E is connected to the Switch. Configured with extended

OAM, the Switch can remotely manage the RC551E. Configure the host name and IP address of the RC551E on the Switch.

Figure 10-14 Configuring extended OAM to manage the remote device

Configuration steps

Step 1 Establish an OAM link between the RC551E and the switch.

Set the RC551E to work in OAM passive mode, and enable OAM.

Raisecom#hostname RC55x

RC55x#config

RC55x(config)#oam passive

RC55x(config)#interface line 1

RC55x(config-port)#oam enable

Set the switch to work in OAM active mode, and enable OAM.

Raisecom#hostname Switch

Switch#config

Switch(config)#oam active

Switch(config)#interface port 1

Switch(config-port)#oam enable

Step 2 Configure the host name and IP address of the RC551E on the switch.

Switch(config-port)#remote-device

Switch(config-remote)#hostname RC551E

Switch(config-remote)#ip address 192.168.18.100 255.255.255.0 200

Raisecom Technology Co., Ltd. 338

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Checking results

10 System management

Use the following command to show configurations of the remote device on the switch.

Raisecom(config-remote)#show remote-device information

Local port:port1

Product Name: RC551E-4GEF

Hostname: RC551E

Operation Software Version: ROS_4.14.1670.RC551E-

4GEF.39.20110914

Hardware Version: Hardware RC551E-4GEF

Main chip id: N/A

Total ports: 6

FPGA chip id: N/A

FPGA soft version: N/A

IP Address/mask: 192.168.18.100/255.255.255.0

IP Interface Vlan: 0

Vlan member Port:

Untag port:

IP Default-gateway: 0.0.0.0

OutBand-port IP/Mask: N/A/N/A

Community Name/Access: N/A/N/A

OAM Notification:

Device current temperature(Celsius): 0(Celsius)

Device voltage: low

Ref. Volt(mv) Current Volt(mv)

3300 0l

2500 0l

1800 0l

1200 0l

10.7 Optical module DDM

10.7.1 Introduction

Digital Diagnostic Monitoring (DDM) on the ISCOM2110G-PWR supports diagnosing the

Small Form-factor Pluggable (SFP) module.

SFP DDM provides a method for monitoring performance. By analyzing monitored data provides by the SFP module, the administrator can predict the lifetime for the SFP module, isolate system faults, as well as verify the compatibility of the SFP module.

The SFP module offers 5 performance parameters:

Module temperature

Internal Power Feeding Voltage (PFV)

Launched bias current

Launched optical power

Received optical power

339 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 10 System management

When SFP performance parameters exceed thresholds or when SFP state changes, related

Trap is generated.

10.7.2 Preparing for configurations

Scenario

SFP DDM provides a method for monitoring performance parameters of the SFP module. By analyzing monitored data, you can predict the lifetime of the SFP module, isolate system faults, as well as verify the compatibility of the SFP module.

Prerequisite

N/A

10.7.3 Default configurations of optical module DDM

Default configurations of optical module DDM are as below.

Function

Optical module DDM

Optical module DDM sending Trap status

Disable

Enable

Default value

10.7.4 Enabling optical module DDM

Enable optical module DDM for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#transceiver digitaldiagnotic enable

Enable optical module DDM.

10.7.5 Enabling optical module DDM to send Trap

Enable optical module DDM to send Trap for the ISCOM2110G-PWR as below.

Step

1

2

Command

Raisecom#config

Description

Enter global configuration mode.

Enable optical module DDM to send Trap.

Raisecom(config)#snmp trap transceiver enable

10.7.6 Checking configurations

Use the following commands to check configuration results.

Raisecom Technology Co., Ltd. 340

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

No. Command

1

2

3

10 System management

Description

Raisecom#show interface port

[

port-id

] transceiver

[ detail ]

Raisecom#show interface port

[ port-id ] transceiver

[ detail ] thresholdviolations

Raisecom#show interface port

[ port-id ] transceiver information

Show configurations of optical module

DDM.

Show performance parameters and thresholds of optical module DDM.

Show information about the optical module DDM.

10.8 System log

10.8.1 Introduction

The system log refers that the ISCOM2110G-PWR records the system information and debugging information in a log and sends the log to the specified destination. When the

ISCOM2110G-PWR fails to work, you can check and locate the fault easily.

The system information and some scheduling output will be sent to the system log to deal with. According to the configuration, the system will send the log to various destinations. The destinations that receive the system log are divided into:

Console: send the log message to the local console through Console interface.

Host: send the log message to the host.

Monitor: send the log message to the monitor, such as Telnet terminal.

File: send the log message to the Flash of the device.

The system log is usually in the following format: timestamp module-level- Message content

The following is an example of system log content.

FEB-22-2005 14:27:33 CONFIG-7-CONFIG:USER "raisecom" Run "logging on"

FEB-22-2005 06:46:20 CONFIG-6-LINK_D:port 2 Link Down

FEB-22-2005 06:45:56 CONFIG-6-LINK_U:port 2 Link UP

The format for outputting to the logging server is as below: timestamp module-level- Message content

341 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

The following is an example of log content for the logging server.

10 System management

7-CONFIG:USER " raisecom " Run " logging on "

7-CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 "

According to the severity level, the log is identified by 8 severity levels, as listed in Table 10-

2.

Table 10-2 Log levels

Severity

Emergency

Alert

Critical

Error

Warning

Notice

Informational

Debug

4

5

2

3

6

7

Level

0

1

Description

The system cannot be used.

Need to deal immediately.

Serious status

Errored status

Warning status

Normal but important status

Informational event

Debugging information

The severity of output information can be manually set. When you send information according to the configured severity, you can just send the information whose severity is less than or equal to that of the configured information. For example, when the information is configured with the level 3 (or the severity is errors), the information whose level ranges from 0 to 3,that is, the severity ranges from emergencies to errors, can be sent.

10.8.2 Preparing for configurations

Scenario

The ISCOM2110G-PWR generates critical information, debugging information, or error information of the system to system logs and outputs the system logs to log files or transmit them to the host, Console interface, or monitor for viewing and locating faults.

Prerequisite

N/A

Raisecom Technology Co., Ltd. 342

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.8.3 Default configurations of system log

Default configurations of system log are as below.

Function

System log

Output log information to Console

Output log information to host

Output log information to file

Output log information to monitor

Log Debug level

Transmitting rate of system log

10 System management

Default value

Enable

Enable, the default level is information (6).

N/A, the default level is information (6).

Disable, the fixed level is warning (4).

Disable, the default level is information (6).

Low

No limit

10.8.4 Configuring basic information of system log

Configure basic information of system log for the ISCOM2110G-PWR as below.

1

Step

2

3

4

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#logging on

Raisecom(config)#logging time-stamp { date-time | null | relative-start }

Raisecom(config)#logging rate log-num

(Optional) Enable system log.

(Optional) configure timestamp for system log.

(Optional) configure transmitting rate of system log.

10.8.5 Configuring system log output

Configure system log output for the ISCOM2110G-PWR as below.

1

Step

2

Command

Raisecom#config

Raisecom(config)#logging console

{

log-level

| alerts | critical | debugging | emergencies | errors | informational | notifications | warnings }

Description

Enter global configuration mode.

(Optional) output system logs to the Console.

343 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Step

3

4

5

Command

Raisecom(config)#logging host ipaddress

{ local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 } {

log-level

| alerts | critical | debugging | emergencies | errors | informational | notifications | warnings }

Raisecom(config)#logging monitor

{ log-level | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings }

Raisecom(config)#logging file

10 System management

Description

(Optional) output system logs to the log server.

Up to 10 log servers are supported.

(Optional) output system logs to the monitor.

(Optional) output system logs to the Flash of the

ISCOM2110G-PWR.

Only warning-level logs are available.

10.8.6 Checking configurations

Use the following commands to check configuration results.

1

2

No. Command

Raisecom#show logging

Description

Show configurations of system log.

Raisecom#show logging file

Show contents of system log.

10.8.7 Example for outputting system logs to log server

Networking requirements

As shown in Figure 10-15, configure system log to output system logs of the switch to the log

server, facilitating view them at any time.

Figure 10-15 Outputting system logs to log servers

Configuration steps

Step 1 Configure the IP address of the switch.

Raisecom Technology Co., Ltd. 344

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Raisecom#config

Raisecom(config)#interface ip 0

Raisecom(config-ip)#ip address 20.0.0.6 255.0.0.0 1

Raisecom(config-ip)#exit

Step 2 Output system logs to the log server.

10 System management

Raisecom(config)#logging on

Raisecom(config)#logging time-stamp date-time

Raisecom(config)#logging rate 2

Raisecom(config)#logging host 20.0.0.168 local3 warnings

Checking results

Use the show logging command to show configurations of system log.

Raisecom#show logging

Syslog logging:Enable, 0 messages dropped, messages rate-limited 2 per second

Console logging:Enable, level=informational, 19 Messages logged

Monitor logging:Disable, level=informational, 0 Messages logged

Time-stamp logging messages: date-time

Log host information:

Target Address Level Facility Sent Drop

----------------------------------------------------------------------

20.0.0.168 warnings local3 0 0

10.9 CPU monitoring

10.9.1 Introduction

The ISCOM2110G-PWR supports CPU monitoring. It can monitor state, CPU utilization, and stack usage in real time. It helps to locate faults.

CPU monitoring can provide the following functions:

View CPU utilization

It can be used to view CPU unitization in each period (5s, 1 minute, 10 minutes, and 2 hours).

Total CPU unitization in each period can be shown dynamically or statically.

It can be used to view the operating status of all tasks and the detailed running status of assigned tasks.

It can be used to view history CPU utilization in each period.

345 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

It can be used to view death task information.

CPU unitization threshold alarm

10 System management

If system CPU utilization changes below lower threshold or above upper threshold in a specified sampling period, an alarm will be generated and a Trap message will be sent. The

Trap message provides serial number and CPU utilization of 5 tasks whose CPU unitization is the highest in the latest period (5s, 1 minute, 10 minutes).

10.9.2 Preparing for configurations

Scenario

CPU monitoring can monitor state, CPU utilization, and stack usage in real time, provide

CPU utilization threshold alarm, detect and eliminate hidden dangers, or help the administrator with fault location.

Prerequisite

When the CPU monitoring alarm needs to be output in Trap mode, configure Trap output target host address, which is IP address of NView NNM system.

10.9.3 Default configurations of CPU monitoring

Default configurations of CPU monitoring are as below.

Function

CPU utilization rate alarm Trap output

Upper threshold of CPU utilization alarm

Lower threshold of CPU utilization alarm

Sampling period of CPU utilization

Default value

Disable

100%

1%

60s

10.9.4 Showing CPU monitoring information

Show CPU monitoring information for the ISCOM2110G-PWR as below.

1

Step

2

3

Command Description

Raisecom#show cpu-utilization [ dynamic

| history { 10min | 1min | 2hour |

5sec } ]

Raisecom#show process [ dead | sorted

{ normal-priority | process-name } | taskname

]

Raisecom#show process cpu [ sorted

[ 10min | 1min | 5sec | invoked ] ]

Show CPU utilization.

Show states of all tasks.

Show CPU utilization of all tasks.

Raisecom Technology Co., Ltd. 346

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.9.5 Configuring CPU monitoring alarm

10 System management

Configure CPU monitoring alarm for the ISCOM2110G-PWR as below.

1

Step

2

3

Command

Raisecom#config

Raisecom(config)#sn mp-server traps enable cputhreshold

Raisecom(config)#cp u rising-threshold rising-thresholdvalue

[ fallingthreshold fallingthreshold-value

]

[ interval interval-value

]

Description

Enter global configuration mode.

Enable CPU threshold alarm Trap.

(Optional) configure CPU alarm upper threshold, lower threshold, and sampling interval.

The upper threshold must be greater than the lower threshold.

After CPU threshold alarm Trap is enabled, the system will automatically send Trap if the CPU utilization changes below lower threshold or above upper threshold in a specified sampling period.

10.9.6 Checking configurations

Use the following commands to check configuration results.

1

No. Command

Raisecom#show cpuutilization

Description

Show CPU utilization and related configurations.

10.10 Ping

Configure Ping for the ISCOM2110G-PWR as below.

1

Step Command Description

Raisecom#ping ip-address

[ count count ] [ size size ] [ waittime period ]

(Optional) test the connectivity of the IPv4 network by the ping command.

The ISCOM2110G-PWR cannot carry out other operations in the process of executing the ping command. You can perform other operations only after Ping is finished or is interrupted by pressing Ctrl+C.

Raisecom Technology Co., Ltd. 347

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

10.11 Traceroute

10 System management

Before using Traceroute, you should configure the IP address and default gateway of the

ISCOM2110G-PWR.

Configure Traceroute for the ISCOM2110G-PWR as below.

1

Step

2

3

4

5

Command

Raisecom#config

Description

Enter global configuration mode.

Raisecom(config)#interface ip if-number

Enter Layer 3 interface configuration mode.

Raisecom(config-ip)#ip address ip-address [ ipmask ] vlan-id

Raisecom(config-ip)#exit

Raisecom(config)#ip defaultgateway ip-address

Raisecom(config)#exit

Raisecom#traceroute ipaddress

[ firstttl firstttl

] [ maxttl max-ttl

]

[ port port-id

] [ waittime second

] [ count times

]

Configure the IP address of the interface.

Configure the default gateway.

Test the connectivity of the IPv4 network, and show nodes passed by the packet.

Raisecom Technology Co., Ltd. 348

11 Appendix

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

11

Appendix

This chapter describes terms and abbreviations involved in this document, including the following sections:

Terms

Acronyms and abbreviations

11.1 Terms

A

Access

Control List

(ACL)

Automatic

Laser

Shutdown

(ALS)

A series of orderable rules composed by permit | deny sentences. The device decides the packets to be received/discarded based on these rules.

A technology that is used for automatically turning the output power of laser and optical amplifier off to avoid personal injury.

Autonegotiation

Automatic

Protection

Switching

(APS)

C

CFM

The auto negotiation procedure is: the port at one site adapts its bit rate and duplex mode to the highest level that the opposite site device both support according to the bit rate and duplex mode adopted by the remote site device, that is, the connected devices on both site adopt the fastest transmission mode they both support after the auto negotiation process.

APS is used to monitor transport lines in real time and automatically analyze alarms to discover faults. When a critical fault occurs, APS can make the working channel switched to the protection channel quickly to recover communication in a very short period.

Connectivity Fault Management (CFM) is end to end service-level

Ethernet OAM technology. This function is used to actively diagnose fault for Ethernet Virtual Connection (EVC) and provide cost-effective network maintenance solution through fault management function and improve network maintenance.

Raisecom Technology Co., Ltd. 349

Raisecom

ISCOM2110G-PWR (B) Configuration Guide 11 Appendix

Challenge-

Handshake

Authentication

Protocol

(CHAP)

A protocol of PPP. It is a 3-times handshake authentication protocol which is used to transmit the user name only on the network.

D

Dynamic ARP

Inspection

(DAI)

A security feature that can be used to verify the ARP datagram on the network. With DIA, the administrator can intercept, record, and discard

ARP packets with invalid MAC address/IP address to prevent common

ARP attacks.

Dynamic Host

Configuration

Protocol

(DHCP)

A technology used for assigning IP address dynamically. It can automatically assign IP addresses for all clients in the network ro reduce workload of the administrator. In addition, it can realize centralized management of IP addresses.

E

Ear hanging

A component installed on both sides of the chassis, used for install the chassis to the rack.

Ethernet in the

First Mile

(EFM)

Complied with IEEE 802.3ah protocol, Ethernet in the First Mile (EFM) is a link-level Ethernet OAM technology. It provides the link connectivity detection function, link fault monitor function, and remote fault notification function, etc for a link between two directly connected devices. EFM is mainly used for Ethernet link on edges of the network accessed by users.

F

Ethernet

Linear

Protection

Switching

(ELPS)

Ethernet Ring

Protection

Switching

(ERPS)

Failover

An APS protocol based on ITU-T G.8031 Recommendation to protect an Ethernet link. It is an end-to-end protection technology, including two line protection modes: linear 1:1 protection switching and linear 1+1 protection switching.

An APS protocol based on ITU-T G.8032 Recommendation to provide backup link protection and recovery switching for Ethernet traffic in a ring topology and at the same time ensuring that there are no loops formed at the Ethernet layer.

Provide a port association solution, extending link backup range.

Transport fault of upper layer device quickly to downstream device by monitoring upstream link and synchronize downstream link, then trigger switching between master and standby device and avoid traffic loss.

Full duplex

G

Communication links can transmit and receive data at the same time from both directions.

350 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

GFP encapsulation

11 Appendix

Generic Framing Procedure (GFP) is a generic mapping technology. It can group variable-length or fixed-length data for unified adaption, making data service transmitted in multiple high-speed logistic transmission channels.

H

Half-duplex

Refers to two-way electronic communication that takes place unidirectionally at a time. Communication between people is half-duplex when one person listens while the other speaks.

I

Institute of

Electrical and

Electronics

Engineers

(IEEE)

Internet

Assigned

Numbers

Authority

(IANA)

Internet

Engineering

Task Force

(IETF)

L

An international Institute of electrical and Electronics Engineers. It is one of the largest technical organizations. It has more than 360,000 members in 175 countries (up to 2005).

It is used to assign and maintain the unique code and value in Internet technology standard (protocol), such as the IP address or multicast address.

It is established in 1985. It is the most authoritative technology and standard organization, which develops and formulate specifications related to the Internet.

Label

Link aggregation

A group of signals that are used to identify the cable, chassis, or warning.

A computer networking term which describes using multiple network cables/ports in parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for higher availability.

Link

Aggregation

Control

Protocol

(LACP)

A protocol used for realizing link dynamic aggregation. LACP communicates with the peer by exchanging LACPDU.

M

Multi-mode

Fiber

Multi-mode can be transmitted in one fiber.

351 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

N

11 Appendix

Network Time

Protocol

(NTP)

A time synchronization protocol defined by RFC1305. It is used to synchronize time between distributed timer server and clients. NTP is used to perform clock synchronization on all devices in the network that support clock. Therefore, devices can provide different applications based on some time. In addition, NTP can ensure very high accuracy

(about 10ms).

O

Open Shortest

Path First

(OSPF)

An internal gateway dynamic routing protocol, which is used to decide the route in an Autonomous System (AS).

Optical

Distribution

Frame (ODF)

A distribution connection device between the fiber and a communication device. It is an important part of the optical transmission system. It is mainly used for fiber splicing, optical connector installation, fiber adjustment, additional pigtail storage, and fiber protection.

P

Password

Authentication

Protocol

(PAP)

A password authentication protocol of Point to Point Protocol. It is a twice handshake protocol used for transmitting the user name and password in a plain text.

Point-to-point

Protocol over

Ethernet

(PPPoE)

With PPPoE, the remote device can control and account each access user.

Private VLAN

(PVLAN)

PVLAN adopts Layer 2 isolation technology. Only the upper VLAN is visible globally. The lower VLANs are isolated from each other. If you partition each interface of the switch or IP DSLAM device into a lower

VLAN, all interfaces are isolated from each other.

Protection ground wire

Cable to connect device to ground, usually it is co-axial cable in yellow and green

Q

QinQ

QinQ is (also called Stacked VLAN or Double VLAN) extended from

802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a simple Layer 2 VPN tunnel technology, encapsulating outer VLAN Tag for client private packets at carrier access end, the packets take double

VLAN Tag passing through trunk network (public network). In public network, packets only transmit according to outer VLAN Tag, the private VLAN Tag are transmitted as data in packets.

352 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

Quality of

Service (QoS)

11 Appendix

A commonly-used performance indicator of a telecommunication system or channel. Depending on the specific system and service, it may relate to jitter, delay, packet loss ratio, bit error ratio, and signal-to-noise ratio.

It functions to measure the quality of the transmission system and the effectiveness of the services, as well as the capability of a service provider to meet the demands of users.

R

Rapid

Spanning Tree

Protocol

(RSTP)

RSTP is an extension of Spanning Tree Protocol, which realizes quick convergency of network topology.

Remote

Authentication

Dial In User

Service

(RADIUS)

A protocol used to authenticate and account users on the network.

S

Simple

Network

Management

Protocol

(SNMP)

A network management protocol defined by Internet Engineering Task

Force (IETF) used to manage devices in the Internet. SNMP can make the network management system to remotely manage all network devices that support SNMP, including monitoring network status, modifying network device configurations, and receiving network event alarms. At present, SNMP is the most widely-used network management protocol in the TCP/IP network.

Simple

Network Time

Protocol

(SNTP)

SNTP is mainly used for synchronizing time of devices on the network.

Single-mode fiber

Only a single mode can be transmitted in one fiber.

Spanning Tree

Protocol

(STP)

STP can be used to eliminate network loops and back up link data. It blocks loops in logic to prevent broadcast storms. When the unblocked link fails, the blocked link is re-activated to act as the protection link.

V

Virtual Local

Area Network

(VLAN)

VLAN is a protocol proposed to solve broadcast and security issues for

Ethernet. It divides devices in a LAN into different segment logically rather than physically, thus implementing virtual work groups which are based on Layer 2 isolation and do not affect each other.

353 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

VLAN

Mapping

11 Appendix

VLAN Mapping is used to replace the private VLAN Tag of Ethernet packets with Carrier's VLAN Tag, making packets transmitted according to Carrier's VLAN forwarding rules. During packets are sent to the peer private network from the Carrier network, the VLAN Tag is restored to the original private VLAN Tag, according to the same VLAN forwarding rules. Therefore packets are correctly sent to the destination.

ASCII

ASE

ATM

AWG

B

BC

BDR

BITS

A

AAA

ABR

AC

ACL

ANSI

APS

ARP

AS

BOOTP

BPDU

BTS

C

CAR

CAS

11.2 Acronyms and abbreviations

Authentication, Authorization and Accounting

Area Border Router

Alternating Current

Access Control List

American National Standards Institute

Automatic Protection Switching

Address Resolution Protocol

Autonomous System

American Standard Code for Information Interchange

Autonomous System External

Asynchronous Transfer Mode

American Wire Gauge

Boundary Clock

Backup Designated Router

Building Integrated Timing Supply System

Bootstrap Protocol

Bridge Protocol Data Unit

Base Transceiver Station

Committed Access Rate

Channel Associated Signaling

Raisecom Technology Co., Ltd. 354

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

CBS Committed Burst Size

CE

CHAP

Customer Edge

Challenge Handshake Authentication Protocol

CIDR

CIR

CIST

CLI

CoS

CPU

CRC

CSMA/CD

CST

Classless Inter-Domain Routing

Committed Information Rate

Common Internal Spanning Tree

Command Line Interface

Class of Service

Central Processing Unit

Cyclic Redundancy Check

Carrier Sense Multiple Access/Collision Detection

Common Spanning Tree

DS

DSL

E

EAP

EAPoL

EFM

EMC

EMI

D

DAI

DBA

DC

DHCP

DiffServ

DNS

DRR

EMS

ERPS

ESD

Dynamic ARP Inspection

Dynamic Bandwidth Allocation

Direct Current

Dynamic Host Configuration Protocol

Differentiated Service

Domain Name System

Deficit Round Robin

Differentiated Services

Digital Subscriber Line

Extensible Authentication Protocol

EAP over LAN

Ethernet in the First Mile

Electro Magnetic Compatibility

Electro Magnetic Interference

Electro Magnetic Susceptibility

Ethernet Ring Protection Switching

Electro Static Discharge

11 Appendix

Raisecom Technology Co., Ltd. 355

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

EVC Ethernet Virtual Connection

F

FCS

FE

FIFO

FTP

G

GARP

GE

GMRP

GPS

GVRP

H

HDLC

HTTP

I

IANA

Frame Check Sequence

Fast Ethernet

First Input First Output

File Transfer Protocol

Generic Attribute Registration Protocol

Gigabit Ethernet

GARP Multicast Registration Protocol

Global Positioning System

Generic VLAN Registration Protocol

High-level Data Link Control

Hyper Text Transfer Protocol

Internet Assigned Numbers Authority

ICMP

IE

IEC

IEEE

IETF

IGMP

IP

IS-IS

ISP

ITU-T

11 Appendix

Internet Control Message Protocol

Internet Explorer

International Electro technical Commission

Institute of Electrical and Electronics Engineers

Internet Engineering Task Force

Internet Group Management Protocol

Internet Protocol

Intermediate System to Intermediate System Routing Protocol

Internet Service Provider

International Telecommunications Union - Telecommunication

Standardization Sector

356 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

L

LACP Link Aggregation Control Protocol

LACPDU Link Aggregation Control Protocol Data Unit

LAN

LCAS

LLDP

LLDPDU

M

MAC

MDI

MDI-X

MIB

Local Area Network

Link Capacity Adjustment Scheme

Link Layer Discovery Protocol

Link Layer Discovery Protocol Data Unit

Medium Access Control

Medium Dependent Interface

Medium Dependent Interface cross-over

Management Information Base

MSTI

MSTP

MTBF

MTU

MVR

N

NMS

NNM

NTP

NView NNM

O

OAM

OC

ODF

OID

Option 82

OSPF

Multiple Spanning Tree Instance

Multiple Spanning Tree Protocol

Mean Time Between Failure

Maximum Transmission Unit

Multicast VLAN Registration

Network Management System

Network Node Management

Network Time Protocol

NView Network Node Management

Operation,Administration and Management

Ordinary Clock

Optical Distribution Frame

Object Identifiers

DHCP Relay Agent Information Option

Open Shortest Path First

Raisecom Technology Co., Ltd.

11 Appendix

357

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

P

P2MP Point to Multipoint

P2P Point-to-Point

PADI

PADO

PADS

PAP

PDU

PE

PIM-DM

PIM-SM

Ping

PPP

PPPoE Active Discovery Initiation

PPPoE Active Discovery Offer

PPPoE Active Discovery Session-confirmation

Password Authentication Protocol

Protocol Data Unit

Provider Edge

Protocol Independent Multicast-Dense Mode

Protocol Independent Multicast-Sparse Mode

Packet Internet Grope

Point to Point Protocol

PPPoE

PTP

Q

QoS

R

RADIUS

RCMP

RED

RH

RIP

RMON

RNDP

ROS

RPL

RRPS

RSTP

RSVP

RTDP

PPP over Ethernet

Precision Time Protocol

Quality of Service

Remote Authentication Dial In User Service

Raisecom Cluster Management Protocol

Random Early Detection

Relative Humidity

Routing Information Protocol

Remote Network Monitoring

Raisecom Neighbor Discover Protocol

Raisecom Operating System

Ring Protection Link

Raisecom Ring Protection Switching

Rapid Spanning Tree Protocol

Resource Reservation Protocol

Raisecom Topology Discover Protocol

Raisecom Technology Co., Ltd.

11 Appendix

358

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

S

SCADA Supervisory Control And Data Acquisition

SF Signal Fail

SFP

SFTP

SLA

SNMP

SNTP

SP

SPF

SSHv2

STP

Small Form-factor Pluggable

Secure File Transfer Protocol

Service Level Agreement

Simple Network Management Protocol

Simple Network Time Protocol

Strict-Priority

Shortest Path First

Secure Shell v2

Spanning Tree Protocol

TTL

U

UDP

UNI

USM

T

TACACS+

TC

TCP

TFTP

TLV

ToS

TPID

V

VLAN

VRRP

W

Terminal Access Controller Access Control System

Transparent Clock

Transmission Control Protocol

Trivial File Transfer Protocol

Type Length Value

Type of Service

Tag Protocol Identifier

Time To Live

User Datagram Protocol

User Network Interface

User-Based Security Model

Virtual Local Area Network

Virtual Router Redundancy Protocol

11 Appendix

359 Raisecom Technology Co., Ltd.

Raisecom

ISCOM2110G-PWR (B) Configuration Guide

WAN Wide Area Network

WRR Weight Round Robin

11 Appendix

Raisecom Technology Co., Ltd. 360

Address

:

Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian

District, Beijing, P.R.China Postal code: 100094 Tel: +86-10-82883305

Fax: 8610-82883056 http://www.raisecom.com Email: [email protected]

advertisement

Key Features

  • Gigabit Ethernet connectivity
  • PoE support
  • VLAN support
  • QoS support
  • Security features

Frequently Answers and Questions

How do I access the ISCOM2110G PWR (B) through the console interface?
Connect a terminal emulator to the console port of the switch and configure the serial port settings (baud rate, data bits, parity, stop bits, and flow control).
How do I configure VLANs on the ISCOM2110G PWR (B)?
You can configure VLANs by creating VLANs, assigning interfaces to VLANs, and configuring trunk ports. You can also configure VLAN mapping, interface protection, port mirroring, and Layer 2 protocol transparent transmission.
How do I configure QoS on the ISCOM2110G PWR (B)?
You can configure QoS to prioritize traffic based on specific criteria, such as port, protocol, or application. This allows you to ensure that critical traffic, such as voice or video, experiences low latency and high throughput.
How do I upgrade the system software of the ISCOM2110G PWR (B)?
You can upgrade the system software by downloading the latest software image to a TFTP server. Then, you can use the CLI to upgrade the software on the switch.

Related manuals

Download PDF

advertisement

Table of contents