Beruflich Dokumente
Kultur Dokumente
Configuration Guide
Instructions how to configure switch
Version 9.07
http://www.dasannetworks.com
This guide provides helpful information and instruction how to configure V5324 switch. All users
should carefully read this guide before handing this product and follow all instructions. For readers
comprehension, it contains detail description and practical example of product configuration. This
guide is designed for network administrators who will be installing and maintaining V5324 switch. The
system administrator should be familiar with the fundamentals of LAN and have technical networking
experience and professional knowledge about network equipment.
We, Dasan Networks, Inc., supply our product manual through the homepage
(http://www.dasannetworks.com). You can get it with hands down.
Document Organization
Document Convention
This guide uses the following conventions to convey instructions and information.
Warning
This warning symbol means danger. You are in a situation that could cause bodily injury or broke the
equipment. Before you work on any equipment, be aware of the hazards involved with electrical
circuitry and be familiar with standard practices for preventing accidents by making quick guide based
on this guide.
Note
This note symbol means reader take note. Notes contain helpful suggestions or references.
Information
This information symbol provides useful information when using commands to configure.
Document Notation
The following table shows commands used in console terminal of V5324 switch. Please be aware of each
command to use them correctly.
Description
Notation
a
[ ]
< >
{ }
Notation of Guide
The following table shows commands used in guidebook. Please be aware of each command to use
them correctly.
Description
Notation
a,A
a
[ ]
< >
{ }
Table of Contents
Chapter I Product Introduction .......................................................................... 1
1.1 Product Overview ............................................................................................. 2
1.2 Features........................................................................................................... 3
Product Introduction
Features
V5324 switch supports routing based on VLAN, IP multicasting, and provides Layer 3 switching service
such as IP packet filtering or DHCP.
Internet
V5324 Switch
V5324 Switch
V5108F Switch
V1005F Switch
V1008F Switch
2 - Product Introduction
1.2 Features
V5324 switch provides the following functions.
In V5324 switch, QoS-based forwarding sorts traffic into a number of classes and marks the packets
accordingly. Thus, different quality of service is provided to each class, which the packets belong to.
The rich QoS capabilities enable network managers to protect mission-critical applications and support
differentiated level of bandwidth for managing traffic congestion. V5324 switch supports delay priority
of the packet based on the IEEE 802.1p class of services (CoS) standard.
Multicast Communication
Since V5324 switch provides IGMP Snooping and IGMP Querier, you can use multicast communication.
Through multicast communication, packets can be transmitted to hosts who need them so that
overloading can be prevented.
NAT(Network Address Translation) uses private IP address, which is supposed to be used in internal
network. So, it can save limited IP source and strengthen security because IP address of internal
network is protected. V5324 switch supports IP NAT complying with RFC 3022.
Switch in SNMP is mounted can manage and monitor switch at remote place. V5324 switch supports
SNMP version 1,2, and four kinds of groups RMON so that administrator can check static data anytime.
IP Routing
Generally, switches are operated as Layer 2 of OSI layers. But, since V5324 switch is Layer 3 switch, it
IP routing that routers have. So you can save the cost to install router additionally.
Product Introduction - 3
Newly upgraded V5324 switch v9.07 can restore the way of IP packet forwarding in terms of network
so that entry remembered in switching chip is enlarged. Maximum thirteen ways of IP packet
forwarding based on network can be restored.
V5324 switch supports DHCP, which automatically assigns IP address to clients, accessed to network.
You can effectively utilize limited IP source and lower cost to manage network because DHCP server
manages all IP addresses from center.
VLAN(Virtual Local Area Network) is made by dividing one network into several logical networks.
Packet cannot be transmitted and received between different VLANs. Therefore it can prevent needless
packets accumulating and strengthen security of VLAN. The V5324 switch recognizes 802.1Q tagged
frame and supports maximum 256 VLANs.
ARP-alias
ARP-alias makes concentrating switch response to ARP request from equipment without registered IP
address for clients communication.
Proxy-ARP
Proxy-ARP responses to ARP request from equipment in other subnet, so it makes communication
connection between different subnet networks.
Stacking
In switch group, a switch configured as master can configure, manage, and monitor the other switches
called slave with one IP address. Since one IP address can manage several switches, IP source can be
saved.
4 - Product Introduction
Port Trunk
V5324 switch aggregates several physical interfaces into one logical port(aggregate port). Port trunk
aggregates interfaces with the standard of same speed, same duplex mode, and same VLAN ID.
According to IEEE 802.3ad, V5324 switch can configure maximum six aggregate ports, which can
include maximum eight ports to decrease traffic and improve fault recovery function.
Rate-limit
V5324 switch provides graded bandwidths to all ports. Through providing bandwidths graded by
users configuration, ISP can charge graded billing plan and manage efficient and economized lines.
Flood-Guard
Flood-guard limits amount of packets as many as user configures in a second, whereas Rate limit does
amount of packets by configuring port bandwidth.
STP(Spanning Tree Protocol) enables switches which have double-path to use the double-path without
loops. That is, it activates only one path, which is the shortest one among several paths and blocks the
others to prevent loop.
It is possible to construct stable and flexible network on metro Ethernet RING or existing P-to-P
through supporting RSTP(Rapid Spanning Tree Protocol) complying with IEEE 802.1W.
RSTP is
designed to innovately decrease STP Reconvergency time. It innovate saves time of Fail over on Layer 2
switch, which has Redundant link.
Management on Web
DWM(DASAN Web Manager) is GUI module that can be used anywhere, anytime. Through DWM,
administrator can configure, repair, and manage V5324 switch. By using this module, user can monitor
operating state of system and port connected to network and display network construction.
Product Introduction - 5
It is easy for users who administer system by using telnet or console port to configure the functions for
system operating through DSH(Dasan Shell) based on CLI. DSH is easy to configure the needed
functions after looking for available commands by help menu different with Unix.
SSH Server
Through enabled SSH(Secure Shell) server, the security of telnet and ftp server can be strengthen.
Broadcast storm control is, when too much of broadcast packets are being transmitted to network, a
situation of network timeout because the packets occupy most of transmit capacity. V5324 switch
supports broadcast packet, multicast packet, and Broadcast storm control, which disuses Flooding
packet, that exceed the limit during the time configured by user.
6 - Product Introduction
This chapter describes CLI(Command Line Interface), which is used to configure V5324 switch.
DSH(Dasan Shell) as CLI developed by Dasan Networks, Inc. and how to use it are explained.
Command Mode
Useful Tips
V5324 Switch
Configuration
Management
&
Console
Terminal
installed in PC
This chapter explains how DSH command mode is organized before installing. DSH command mode is
consisted as follow:
Top Mode
8 - Using CLI
When user logs in successfully, the command mode is on Top mode. The mode is used to change
terminal configuration, to check the system information and to update system image file.
Table 1shows main commands used on Top mode of the V5324 switch OS V9.07.
Function
Command
bping/ping/sping
clock
configure terminal
quote
reload
telnet
terminal line
traceroute
ftp/tftp
where
which-route
In order to enter into Global configuration mode, input the command, configure terminal on Top
mode. After entering into Global configuration mode, the system prompt is supposed to change to
SWITCH(config)# from SWITCH#.
Using CLI - 9
Command
config terminal
Mode
Top
Function
Enters into Global configuration mode from Top mode.
Configuration mode is to configure functions for general system management and SNMP before
configuring specific protocol or specific function.
Function
Command
access-list
arp
bgp
bridge
clear
copy
debug
disconnect
hostname
inactivity-timer
interface
ip
passwd
qos
Configures QoS.
restore factory-defaults
route-map
router
snmp
Configures Snmp.
syslog
Configures Syslog.
time-zone
Configures Time-zone.
vrrp
user
10 - Using CLI
In order to enter into DHCP configuration mode, input the command, ip dhcp subnet subnet-address
netmask netmask on Global configuration mode as follow. Then the system prompt is changed to
SWITCH(config-dhcp)# from SWITCH(config)#.
Command
Mode
Global
Function
Enters into DHCP configuration mode to configure
DHCP.
DHCP configuration mode is to configure range of IP address used in DHCP server, group in subnet,
and default gateway of subnet.
Function
Command
default-gateway
group
no group
range
In order to enter into Rmon-alarm configuration mode, input rmon-alarm <1-65534>, to enter into
Rmon-event configuration mode, input rmon-event <1-65534>, and to enter into Rmon-history mode,
input rmon-histoy <1-65534>. The system prompt is supposed to be changed to SWTICH(configrmonalarm[n])# on Rmon-alarm configuration mode, to SWTICH(config-rmonevent[n])# on Rmonevent configuration mode, and to SWTICH(config-rmonhistory[n])# on Rmon-history configuration
mode.
Using CLI - 11
Function
Command
active
owner
Shows the subject, which configures each Rmon and uses related information.
In order to enter into PIM configuration mode, use the following command. The system prompt will be
changed to SWITCH (config_pim)# from SWITCH(config)#.
Command
router pim
Mode
Global
Function
Enters into PIM configuration mode from Global configuration mode.
Function
Command
cache-check
Configures the interval that checks packet transmission result from source.
cand-bsr
cand-rp
metric
preference
static-rp
whole-packet-checksum
12 - Using CLI
In order to enter into VRRP configuration mode, use the following command. The system prompt is
supposed to be changed to SWITCH(config-vrrp)# from SWITCH (config).
Command
Mode
Function
Enters
Global
into
VRRP
configuration
mode
from
Global
configuration mode.
Function
Command
associate
authentication
preempt
Activates/Deactivates Preempt.
vr_priority
vr_timers
When you input the command, bridge on Global configuration mode as follow, the system prompt is
changed to SWITCH (bridge)# from SWITCH(config)#.
Command
bridge
Mode
Global
Function
Enters into Bridge configuration mode from Global configuration
mode.
Using CLI - 13
Bridge mode is to manage MAC address and to configure switch functions of Layer 2 such as VLAN,
mirroring, STP.
Function
Command
bandwidth-share-group
Secures minimum port bandwidth and shares the bandwidth in one group.
clear
rcommand
set
Configures VLAN, port trunking, stacking, mirroring, STP and LRE port.
In order to enter into Interface configuration mode, input the command, interface interface-name on
Global configuration mode. When you enter into Interface configuration mode, the system prompt is
changed to SWITCH(config-if)# from SWITCH(config)#.
Command
interface interface-name
Mode
Global
Function
Enters into Interface configuration mode from Global configuration
mode.
Interface configuration mode is to assign IP address in Ethernet interface and to activate or deactivate
interface.
14 - Using CLI
Function
Command
bandwidth
descripton
ip
Assigns IP address.
shutdown
Deactivates interface.
In order to enter into Router configuration mode, use the following command. The system prompt is
supposed to be changed to SWITCH(config-router)# from SWITCH(config)#.
Command
router ip-protocol
Mode
Global
Function
Enters into Router configuration mode.
According to routing protocol way, Router configuration mode is divided into BGP, RIP, and OSPF.
They are used to configure each IP routing protocol.
Function
Command
distance
neighbor
network
redistribute
Using CLI - 15
In order to enter into Route-map configuration mode, use the following command. The system prompt
is supposed to be changed to SWITCH(config-route-map)# from SWITCH (config)#.
Command
Mode
Global
Function
Enters into Route-map configuration mode from Global
configuration mode.
On Route-map configuration mode, you can configure the place where information is from and sent in
routing table.
Function
Command
match
set
Using Abbreviation
16 - Using CLI
In order to find out available commands, input question mark(?). When you input the question mark(?)
in each command mode, you can see available commands used in the mode and variables following
after the commands.
SWITCH# ?
bping
clock
configure
exit
ftp
help
list
ping
quote
reload
show
sping
Send icmp echo request packets to network host from given address
telnet
terminal
tftp
traceroute
where
which-route
write
SWITCH#
Note
Question mark(?) will not be seen in the screen and you do not need to press Enter key to display
commands list. This guide is designed for the standard OS V9.07. The displayed contents may vary
depending on OS version.
In case of V5324 switch installed DSH, you can find out commands starting with specific alphabet.
Input the first letter and question mark without space. The following is an example of finding out the
commands starting s in Top mode of V5324 switch.
Using CLI - 17
SWITCH# s ?
show
sping
Send icmp echo request packets to network host from given address
SWITCH# s
Also, it is possible to view variables you should input following after commands. After inputting the
command you need, make one space and input question mark. The following is an example of viewing
variables after the command, write. Please note that you must make one space after inputting
SWITCH# write ?
file
memory
terminal
Write to terminal
SWITCH# write
If you need to find out the list of available commands in each mode and the variables in more detail, use
the command, list. The following is an example of displaying list of available commands in Top mode
and the variables by using the command, list.
SWITCH# list
bping A.B.C.D
clock MMDDhhmmYYYY
configure terminal
exit
ftp A.B.C.D
help
list
ping A.B.C.D
ping A.B.C.D -b
ping A.B.C.D NUM
quote COMMAND
quote COMMAND .ARG
reload
show admin-access-rule
show admin-access-rule NAME
show arp
show arp IFNAME
show cable-length
show clock
show debugging rip
-- more --
Press any key to skip to the next list while you see more.
18 - Using CLI
Note
This guide is designed for the standard OS V9.07. The displayed contents may vary depending on OS
version.
In case of DSH, you do not have to enter repeated command again. When you need to call command
history, use this arrow key, (). When you press the arrow key, the latest command you used will be
seen one by one.
The following is an example of calling command history after using several commands. After using
these commands in order : show clockconfigure terminalinterface br1exit, press the arrow key()
and then you will see the commands from latest one: exitinterface br1configure terminalshow
clock.
Almost commands can be used also with abbreviated form. The following table shows some examples
of abbreviated commands.
Using CLI - 19
20 - Using CLI
Command
Abbreviation
clock
cl
exit
ex
list
li
show
sh
configure terminal
co te
This chapter explains how to configure password for system connection and IP address for network
communication. User can connect to system of V5324 switch and use network service connected to
equipments by assigning IP address to interface and activating the interface.
System Connection
SSH Server
Port-based Authentication(802.1x)
System Authentication
Assigning IP Address
System login
Changing Password
Password Recovery
Configuring Auto-logout
Telnet Access
System Reboot
After installing V5324 switch, finally make sure that each port is correctly connected to PC for network
and management. And then, turn on the power and boot the system as follow.
Step 1 When you turn on the switch, booting will be automatically started and login prompt will be
displayed.
***********************************************************
*
***********************************************************
Loading...
Load Address:
0x00800000
(omitted)
SWITCH login:
Step 2 When you enter login IP at the login prompt, password prompt will be displayed. And enter
password to move into Top mode. By default setting, login ID is configured as root and the
password is configured as vertex25.
Administrator who manages and configures the switch can change system password. For thorough
security, you would better to change the password whenever necessary. In order to change system
password, use the following command on Global configuration mode.
Command
passwd
Mode
Global
Function
Changes password.
Information
You can make password from at least five characters up to eight characters. Please avoid similar one with
login ID.
SWITCH(config)# passwd
Changing password for root
Old password:vertex25
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:networks
Re-enter new password: networks
Password changed.
SWITCH(config)#
Note
The password you enter will not be seen in the screen, so please be careful. You need to enter the password
twice not to make mistake.
In order to change the password of added user with reading right, use the following command.
Command
Mode
passwd user-name
Global
Function
Changes the password of added user with reading right.
The following is an example of changing password of added user with reading right to networks
from dasan.
When switch administrator loses the password, user can recovery the password by initializing flash
memory with the command, erase_flash and downloading system image again.
Note
If you use the command, erase_flash on Boot mode to recovery password, all configurations in the
switch will be deleted. When you need the configurations, do not use the command.
However, to use this command causes initialization of the system configuration, so you can not keep the
configuration. If you want to recovery the password and to keep the configurations, follow the below
instructions.
Step 1 When you see INIT: during system login, press the keys, Ctrl+C. Then the prompt, which
you can log in with your initial password, will be seen.
***********************************************************
*
***********************************************************
Loading...
Load Address:
0x00800000
Image Size:
0x0055e7d2
Start Address:
0x00800000
/
root=/dev/ram console=ttyS0,9600
Switch OS Version : 9.07 #4134
CPU manufacturer: Motorola [rev=0101]
Calibrating delay loop... 131.89 BogoMIPS
Memory:
57696k
available
(1104k
kernel
code,
2368k
data,
40k
init)
[c0000000,c4000000]
Total Memory Size
: 64 MB
: PASS
: PASS
: PASS
: PASS
Press Ctrl+C
(none) login:
Step 2
Log in with the initial ID, root and the password, vertex25. Then you are logged in with
the following prompt.
on `ttyS0'
*SWTICH#
Encoded password.
Delete all letters in front of :0 :0 .
+---------------------+
| leave editor
|
|
|
| a) save changes
| b) no save
Step 5 Input the command, savecfg to save the configuration of deleted password.
*SWITCH# savecfg
/etc/
/etc/Zebra.conf
/etc/bgpd.conf
/etc/dhcpd.conf
/etc/fstab
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/installconf
/etc/mtab
/etc/nsswitch.conf
/etc/ospfd.conf
/etc/passwd
/etc/passwd/etc/profile
/etc/protocols
/etc/resolv.conf
/etc/ripd.conf
.
.
(omitted)
.
.
/etc/.config/
/etc/.config/l3_default.CFG
/etc/.config/os
/etc/.config/dev/
/etc/.config/dev/boot
/etc/.config/dev/conf
/etc/l2tp/
/etc/l2tp/l2tp-secrets
/etc/l2tp/l2tpd.conf
/etc/ppp/
/etc/ppp/chap-secrets
/etc/ppp/options
/etc/ppp/pap-secrets
/etc/proftpd.conf
/etc/HOSTNAME
/etc/ioctl.save
/etc/zebra.conf
/etc/startup.model
/etc/zebra.conf.sav
/etc/resolv.conf.disable
*SWTICH#
Step 6
You can login without password when you reboot the system by using the command,
reboot. The following is an example of login without password after system rebooting.
*SWITCH# reboot
Jul 20 11:37:11 UTC 2002 Restarting system.
***********************************************************
*
***********************************************************
Loading...
Load Address:
0x00800000
Image Size:
0x0055e7d2
Start Address:
0x00800000
root=/dev/ram console=ttyS0,9600
Switch OS Version : 9.07 #4134
CPU manufacturer: Motorola [rev=0101]
Calibrating delay loop... 131.89 BogoMIPS
Memory:
57696k
available
(1104k
kernel
code,
2368k
data,
40k
init)
[c0000000,c4000000]
Total Memory Size
: 64 MB
: PASS
: PASS
: PASS
: PASS
Step 7 Configure password again on Global configuration mode. The following is an example of
configuring password as networks.
Note
Since the password you enter will not be seen in the screen, you need to enter the password twice not to
make a mistake.
For security reasons of V5324 switch, if no command is entered within the configured inactivity time,
the user is automatically logged out of the system. Administrator can configure the inactivity timer.
Command
Mode
inactivity-timer 0
inactivity-timer <60~3600>
Function
Information
By default setting, auto-logout function is configured as 600 seconds.
Command
Mode
show inactivity-timer
Function
Top/Global
The following is an example of configuring auto-logout function as 60 seconds and viewing the
configuration.
SWITCH(config)# inactivity-timer 60
SWITCH(config)# show inactivity-timer
Log-out time : 60 seconds
SWITCH(config)#
Although only administrator can manage and configure the switch, administrator can give right to use
to person who need information on the switch. User cannot configure the switch by writing right but
can check the switch state by reading right. In order to add or delete user who has reading right for the
switch, use the following command on Global configuration mode.
Command
Mode
Global
Function
Adds user who has reading right.
Deletes user who has reading right.
The following is an example of adding user A who has reading right. The password is set to vertex25.
Note
The password you enter will not be seen in the screen, so please be careful not to make mistake.
Command
Mode
show user
Global
Function
Shows added users.
Description
====================================================
A
lhs
SWITCH(config)#
User who has reading right does not have right to configure. The following is an example that user who
has reading right logs in.
SWITCH login: A
Password: vertex
SWITCH>
The following is an example of listing available commands for user who has reading right by question
mark(?).
SWITCH> ?
exit
help
list
ping
show
sping
Send icmp echo request packets to network host from given address
telnet
terminal
where
SWITCH>
Moreover, it is impossible to change all user information such as ID, password and description after
adding the user. So, if you need to change user information, you should delete user and add the user
again with new information.
Description
====================================================
SWITCH(config)#
In order to connect to system by telnet at remote place, use the following commands.
Command
Mode
telnet destination
Function
Connects with IP address or hostname of another system.
Top
telnet destination port-number
Note
When you save configuration with telnet connection, you should wait for [OK] message. Or, all new
configurations will be deleted when telnet session is disconnected. Please wait for [OK] message and
disconnect it.
Administrator of V5324 switch can confirm users connected from remote place and make some of them
disconnected, as administrator wants. In order to view tty of users connected from remote place, before
disconnecting a user, use the following command.
Command
where
Mode
Top/Global
Function
Shows users connected through telnet.
SWITCH# where
root at ttyS from console for 54 minutes 43.57 seconds
guest at ttyp0 from 203.236.124.209:1683 for 13.5 seconds
SWITCH#
As you see the above example, a user is accessed from remote place with login ID and password of
administrator. The tty given to this user is ttyp0.
In order to disconnect a user connected from remote place by using this information, use the following
command.
Command
disconnect tty
Mode
Function
Global
After downloading new system image from TFTP/FTP server, reboot the system. Input the command,
reload on Top mode to reboot in other cases when rebooting is needed during installing and managing
switch through terminal program.
Command
reload
Mode
Top
Function
Reboots system.
If you reboot system without saving new configuration, new configuration will be deleted. So, you have
to save the configuration before rebooting. Not to make that mistake, V5324 switch is supposed to print
the following message to ask if user really wants to reboot and save configuration. If you want to
continue to reboot, press y key, if you want to save new configuration, press n key.
SWITCH# reload
Warning : Changed configuration was not saved to flash memory.
Do you still want to reload the system?[y|N]
In proportion to network development, the security is getting more and more important for users.
However, typical ftp and telnet service have big weakness for security. SSH(Secure Shell) is security
shell for login. By operating SSH server, security can be strengthened because all data are encoded.
Command
ssh server enable
Mode
Global
Function
Enables SSH server.
Command
ssh server disable
Mode
Global
Function
Disables SSH server.
V5324 Switch
In order to enable 802.1x port-based authentication in port of V5324 switch, you must be able to
perform the following tasks.
User should configure which port to be used for 802.1x Port-Based Authentication. In order to do it, use
the following command.
Command
Mode
Global
Function
Configures
port
of
802.1x
port-based
authentication.
Information
It is possible to configure more than one port-number by using , or -.
In order to release configured port of 802.1x port-based authentication, use the following command.
Command
dot1x port disable port-number
Mode
Global
Function
Releases configured port of 802.1x port-based authentication.
After configuring port of 802.1x port-based authentication, user needs to assign IP address to switch to
be used for transferring identity information of client to RADIUS server. It is possible to assign more
than one IP address in V5324 switch. With more than one IP address assigned, unless user specifies
which IP address to be used for transferring identity information of client to RADIUS server,
authentication port cannot decide which IP address to take.
Note
Unless user assigns IP address to switch to be used for transferring identity information of client to
RADIUS server, 802.1x port-based authentication will not be enabled.
In order to assign IP address to switch to be used for transferring identity information of client to
RADIUS server, use the following command.
Command
Mode
Global
Function
Assigns IP address to switch to be used for transferring identity
information of client to RADIUS server.
After enabling 802.1x port-based authentication in port of V5324 switch, there must be RADIUS server
that retains data about authorized clients who have access right.
User has to configure IP address of RADIUS server to be used for users switch and key value after
configuring port of 802.1x port-based authentication.
In order to configure IP address of RADIUS server and key value, use the following command.
Command
dot1x radius host ip-address key
Mode
Global
Function
Configures IP address of RADIUS server and key
value.
Command
show dot1x
Mode
Top/Global
Function
Shows configuration of 802.1x.
[Sample Configuration1]
The following is an example of viewing configuration after configuring port 24 as authentication port
and IP address of the port and information of RADIUES server.
802.1x |12345678901234567890123456
------------+-------------------------PortEnable |.......................p..
PortAuthed |..........................
MacEnable |..........................
SWITCH(config)#
Assume that V5324 switch is connected to some device or hub, which do not support 802.1x and there
are many clients connected to the device. In this case, if any of the clients gets authentication of V5324
switch, then all clients are automatically supposed to get the authentication too.
In the below picture, V5324 switch is connected to SWITCH A, which does not support 802.1x port
authentication and Clients A, B, C, D are connected to SWITCH A. In this case, suppose that client A
gets authentication to connect to V5324 switch. Then, all the other clients connected to SWITCH A are
supposed to get the authentication too. Therefore, if the user of V5324 switch wants to authenticate only
client A, it is necessary to block connection from client B, C, D. For this situation, it is possible to
authenticate client A through MAC address authentication.
V5324 Switch
RADIUS Server
SWITCH A
Through SWITCH A,
got 802.1x authentication
Clinet A
In order to authenticate clients through MAC address, use the following command.
Note
Before you configure 802.1x port-based Authentication on MAC address, you should block all incoming
packets to authentication port by using the command, set mac-filter default-policy deny port-number.
Command
dot1x mac enable port-number
Mode
Global
Function
Authenticates clients through MAC address.
Command
dot1x mac disable port-number
Mode
Global
Function
Releases MAC address authentication.
[Sample Configuration 2]
The following is an example of configuring MAC address authentication and confirming it.
802.1x |12345678901234567890123456
------------+-------------------------PortEnable |.......................p..
PortAuthed |..........................
MacEnable |..........................
802.1x |12345678901234567890123456
------------+-------------------------PortEnable |..........................
PortAuthed |..........................
MacEnable |.......................m..
SWITCH(config)#
Information
When client is connected to device, which supports 802.1x port authentication, you do not have to use
MAC address authentication.
It is possible to view statistics of 802.1x port authentication or delete the statistics to reset. In order to
view statistics of 802.1x port authentication, use the following command.
Command
Mode
Top/Global
Function
Shows 802.1x statistics of specified port.
[Sample Configuration 3]
Radius Server
count
-----------------------------------------------------------19
19
<- EAP-Req-Id
EAP-Resp-Id ->
Access-Req(Id) ->
<- Challenge
0
0
<- EAP-Req-MD5
EAP-Resp-MD5 ->
Access-Req(MD5) ->
<- Accept
<- EAP-Success
0
0
0
SWITCH(config)#
In order to delete 802.1x statistics for resetting, use the following command.
Command
dot1x clear statistic port-number
Mode
Function
Global
[Sample Configuration 4]
Radius Server
count
-----------------------------------------------------------0
<- EAP-Req-Id
EAP-Resp-Id ->
Access-Req(Id) ->
<- Challenge
0
0
<- EAP-Req-MD5
EAP-Resp-MD5 ->
Access-Req(MD5) ->
<- Accept
0
0
0
<- EAP-Success
SWITCH(config)#
Command
Mode
no dot1x
Global
Function
Releases 802.1x port-based authentication.
[Sample Configuration 5]
SWITCH(config)# no dot1x
SWITCH(config)# show dot1x
802.1x authentication disabled
SWITCH(config)#
Note
Please note that all configurations about 802.1x are supposed to be deleted by using the above command to
release 802.1x port-based authentication.
Sends Result
RADIUS Server
V5324 Switch
Sends Result
TACACS Server
You need to configure the followings for system authentication in V5324 switch.
Note
To enable RACIUS or TACACS+, add user with reading right nameduserby using the command, user
add.
Or, all users connecting through authentication protocol are supposed to receive a right as
root. Refer to 3.1.5 Adding/Deleting User with Reading Rightfor the instruction to add user with
reading right.
You can authorize clients attempting to access to V5324 switch by using registered ID/password,
RADIUS and TACACS+. It is possible to take all of three and to select one of them. In order to configure
authorization method, use the following commands.
Command
Mode
Function
Configures authorization method for clients
enable
enable
Information
host is authentication by using ID/password registered in switch. It is configured in V5324 switch by
default.
Also, in order to release configured authorization method, use the following commands.
Command
Mode
Function
Releases
disable
authorization
method
for
clients
for
clients
Releases
disable
authorization
method
After configuring authorization in diverse ways, you can configure priority of authorization method
which method will be the first or second or the last.
Command
Mode
Function
Configures priority of authorization method for
primary
primary
Information
By default, priority of V5324 switch authentication is set to host radius tacacs in order.
User is able to check configured priority of authorization method. In order to do it, use the following
command.
Command
show login
Mode
Top/Global
Function
Shows configuration about authorization method.
[Sample Configuration 1]
: radius host
Command
set login radius add server ip-address key
[port-number]
Mode
Global
Function
Registers IP address and key value of RADIUS
server to be used in switch.
Information
port-number is to input port of RADIUS server connected to switch.
Information
You can configure maximum five RADIUS servers in V5324 switch.
Command
set login radius del server ip-address
Mode
Global
Function
Deletes registered RADIUS server
Command
set login radius retransmit count
Mode
Global
Function
Configures the number of times to retransmit
information to RADIUS server.
Information
The default is three times in V5324 switch.
Command
Mode
Global
Function
Configures the number of seconds that the switch waits for a
response from RADIUS server.
Information
The default is five seconds in V5324 switch.
[Sample Configuration 2]
The following is an example of configuring frequency of retransmit and timeout of response after
registering RADIUS server.
: radius host
After configuring TACACS+ for client authentication, you need to configure TACACS server to be used
in switch. In order to configure TACACS server, use the following command.
Command
set login tacacs add server ip-address key
Mode
Global
Function
Registers IP address and key value of TACACS
server to be used in switch.
And then, you should register interface of TACACS server connected to users switch. Use the following
command.
Command
set login tacacs interface interface-name
Mode
Global
Function
Registers interface of TACACS server connected
to users switch.
Information
port-number is to input interface of TACACS server connected to users switch. Please check interface of
TACACS server connected to users switch before inputting it.
Information
You can register maximum five TACACS servers in V5324 switch.
In order to register port of TACACS server connected to users switch, use the following command.
Command
set login tacacs socket-port port-number
Mode
Global
Function
Registers port of TACACS server connected to
users switch.
Command
set login tacacs del server ip-address
Mode
Global
Function
Deletes registered TACACS server.
When you configure TACACS+ for authentication, you need to select authorization type of TACACS+.
In order to select authorization type of TACACS+, use the following command.
Command
set login tacacs auth-type {asciipapchap}
Mode
Global
Function
Selects authorization type of TACACS+.
pap stands for Password Authentication Protocol and chap stands for Challenge Handshake
Authentication Protocol.
Information
The default is ascii type of TACACS+ in V5324 switch.
Command
set login tacacs timeout time
Mode
Global
Function
Configures the number of seconds that the switch waits for a
response from TACACS server.
Information
The default is five seconds.
In order to configure priority of clients right to use server, use following command.
Command
set login tacacs priority-level
{maxminrootuser}
Mode
Global
Function
Configures priority of clients right to use TACACS
server.
[Sample Configuration 3]
: tacacs host
When user configures RADIUS or TACACS+ for system authentication, the system records specific
services user has taken. Through this function, it is possible to apply billing policy to specific service. In
order to enable this function, use the following command.
Command
Mode
Global
Function
Applies billing policy to switch.
Information
start sets the standard on users login and stop sets the standard on users logout. both takes both
of them and none releases applied billing policy.
The switch uses only the datas MAC address to determine where traffic needs to come from and which
ports should receive the data. Switches do not need IP addresses to transmit packets. However, if you
want to access to V5324 switch from remote place with TCP/IP through SNMP or telnet, it requires IP
address.
As the default setting, V5324 switch is configured with virtual interface br1. Perform the below steps.
Step 1 Enter into Interface configuration mode which has the prompt, SWITCH(config-if)# to assign
IP address in the switch. In order to enter into Interface configuration mode, input the
command, Interface interface-name after entering into Global configuration mode which has
the prompt, SWITCH(config)# by inputting configure terminal on Top mode.
Step 2 In order to assign IP address to network interface, use the following commands.
Command
Mode
Function
ip address address/M
Interface
{host | link}
Command
Mode
no shutdown
Interface
Function
Activates network interface.
Step 4 In order to view assigned IP address, use the following command. The following is an example
of it.
Command
Mode
show ip
Interface
Function
Shows assigned IP address in interface.
SWITCH(config-if)# show ip
34: br1: <RUNNING,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:d0:cb:0a:a4:6d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/16 brd 192.166.255.255 scope global br1
SWITCH(config-if)#
IP routing provided by the V5324 switching software allows you to exchange traffic between different
networks and bridge groups.
Specially, when you want to interconnect a bridged network with a routed network or another bridged
network, the layer 3 switching feature enables the switch to act as a true router. Configuring static
routes enables your switch to route traffic over the network. Static routes are user-defined routes that
cause packets moving between a source and a destination to take a specified path. Static route entries
consists of the destination IP network address, the IP address of the next hop router, and the metric
(hop count) for the route. To configure a static route, perform the following task in global configuration
mode.
Command
Mode
Purpose
Establish a static route to the remote network.
show ip route
The software remembers static routes until you remove them using the no ip route global configuration
command. However, you can override static routes with dynamic routing information through prudent
assignment of administrative distance values. Each dynamic routing protocol has a default
administrative distance, as listed in Table 1.
If you would like a static route to be overridden by information from a dynamic routing protocol,
simply ensure that the administrative distance of the static route is higher than that of the dynamic
protocol. Static routes that point to an interface will not be advertised via RIP, and other dynamic
routing protocols, unless a redistribute static command is specified for these protocols. When an
interface goes down, all static routes through that interface are removed from the IP routing table.
Also, when the software can no longer find a valid next hop for the address specified as the forwarding
routers address in a static route, the static route is removed from the IP routing table.
Route Source
Default Distance
Connected Interface
Static route
External BGP
20
OSPF
110
RIP
120
Internal BGP
200
Unknown
255
This example shows how to configure static routes on the switch for the three nodes that are not
directly connected to.
In the following example, three bridges are directly connected, and the three nodes that are not directly
connected are reachable via static routes.
The switch might not be able to determine the routes to all other networks. To provide complete routing
capability, the common practice is configuring a default route. To choose the default route for the router,
specify a static route to the network 0.0.0.0 through a default gateway.
The following example shows how to configure the default network 0.0.0.0 through a default gateway
20.1.1.2. The default route appears in the gateway display of the show ip route command.
Information
It is possible to save up to thirteen IP packet Forwrding ways per network.
In order to save IP packet Forwarding way per network, use the following command.
Command
Mode
ip switching-mode network
Global
Function
Saves IP packet Forwarding way per network.
Information
Even if you configure more than two routes for IP packets, which have same bandwidth, only one route
receives packets. But, when the default route is disconnected, the next route receives packet.
In order to delete the configuration to save IP packets Forwarding way per network, use the following
command.
Command
no ip switching-mode network
Mode
Global
Function
Deletes the configuration to save IP packets Forwarding
way per network.
It is possible for user to configure basic environment such as auto-negotiate, transmit rate, and flowcontrol of V5324 switch port. Also, it includes instructions how to configure port mirroring and port as
basic.
Port Mirroring
Command
Mode
bridge
Function
Global
SWITCH(config)# bridge
SWITCH(bridge)#
Detail
Default Configuration
Port State
Available
Auto-negotiate
On
Flow Control
On
STP
For VLAN 1
VLAN
br1
In order to view the configuration of users switch port, use the following command.
Command
show port port-number
Mode
Top/Global/Bridge
Function
Shows port configuration.
When you use the command, show port command, if you input letter at port-number, the message,
%Wrong expression. ex) show port 1,3 , show port 1-3,10 will be displayed, and if you input wrong
number, the message, %Port number invalid will be displayed.
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------------%port number invalid
SWITCH#
Information
On DSH command mode, you can use , and - at port-number to choose several ports.
You can configure the below functions about port basic configuration.
Activating Port
Auto nego
duplex Mode
Flow Control
Description of Port
Command
Mode
Function
Activates port.
Bridge
set port disable port-number
Deactivates port.
Information
By default, all ports are logically activated.
The following is an example of deactivating port 1 Ehternet port and confirming it.
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
---------------------------------------------------------------------------1 : Ethernet
Up/Up
Auto/Full/100
Off
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
---------------------------------------------------------------------------1 : Ethernet
Down/Down
Auto/Full/100
Off
SWITCH(bridge)#
You can configure auto-negotiation for a port, automatically to match the transmission speed and the
duplex mode of the attached device.
To determine if the speed and duplex mode are set to auto-negotiate, use the following command in the
bridge configuration mode at global configuration level.
Command
set port nego port-number on
Mode
Bridge
Function
Sets the port to auto-negotiate..
Deletes auto-negotiate.
Information
By default, auto-nego is activated.
The following is an example of deleting auto-negotiate of port 1 and 2 and confirming it.
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------1:
Ethernet
Up/Down
Auto/Full/1000
On
2:
Ethernet
Up/Down
Auto/Full/1000
On
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------1:
Ethernet
Up/Down
Force/Full/1000
On
2:
Ethernet
Up/Down
Force/Full/1000
On
SWITCH(bridge)#
Note
To support Auto MDIX, you need to configure auto-nego as on.
It is possible to configure transmit rate of each port. In order to configure transmit rate of port, use the
following command.
Command
set port speed port-number
{101001000}
Mode
Bridge
Function
Configure transmit rate of port as 10, 100, or 1000Mbps.
Note
When auto-nego is activated, it is impossible to change transmit rate.
The following is an example of configuring transmit rate of port 1 as 10Mbps and confirming it.
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
---------------------------------------------------------------------------1:
Ethernet
Up/Up
Force/Full/100
Off
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
---------------------------------------------------------------------------1:
Ethernet
Up/Down
Force/Full/10
Off
SWITCH(bridge)#
Note
It is impossible to configure transmit rate of 1000Base-X Gigabit port.
Only unidirectional communication is possible on half duplex mode and bi-directional communication
is possible on full duplex mode to transmit packet for two ways. By transmitting packet for two ways,
Ethernet bandwidth is enlarged two times- 10Mbps to 20Mbps, 100Mbps to 200Mbps.
In order to configure duplex mode of 10/100BaseTx Ethernet port, use the following command.
Command
set port duplex port-number {full | half}
Mode
Bridge
Function
Configures duplex mode of port.
Note
When auto-nego is activated, it is impossible to change transmit rate.
The following is an example of configuring duplex mode of port 2 as half mode and confirming it.
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------3:
Ethernet
Up/Down
Force/Full/100
On
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------3:
Ethernet
Up/Down
Force/Half/100
On
SWITCH(bridge)#
Information
The default is Full duplex mode.
Note
100BaseFx Ethernet and 1000BaseX Gigabit Etherbet can be configured as full duplex. User of 100BaseFx
Ethernet and 1000BaseX Gigabit Ethernet cannot change the mode.
Ethernet ports on the switches use flow control to restrain the transmission of packets to the port for a
period of time. Typically, if the receive buffer becomes full, the port transmits a pause packet that tells
remote ports to delay sending more packets for a specified period of time. In addition, the Ethernet
ports can receive and act upon pause packets from other devices.
In order to configure flow control on the Ethernet port, use the following command.
Command
set port flow-control port-number {onoff}
Mode
Bridge
Function
Configures flow control.
Information
By default, Flow-control is set to YES.
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------4:
Ethernet
Up/Down
Auto/Full/1000
Off
SWITCH(bridge)#
For users reference, you can make description for each port. In order to write port description, use the
following command.
Command
Mode
Function
Bridge
Command
Mode
Function
Top/Global/Bridge/Interface
STATE
LINK
DESCRIPTION
(ADM/OPR)
------------------------------------------------------------------22 Ethernet Up/Dn
100FDX
test1
SWITCH(bridge)#
Command
clear port description port-number
Mode
Function
Bridge
In order to display traffic average of each port or interface MIB, RMON MIB data defined in SNMP MIB,
use the following commands.
Command
Mode
Function
port-number
show port statistics interface
Top/Global
port-number
show port statistics rmon
port-number
Tx
Rx
----------------------------------------------------------------------------Time
pkts/s | bytes/s |
bits/s
pkts/s | bytes/s |
bits/s
=============================================================================
port 13 --------------------------------------------------------------------5 sec:
10
1926
15,408
1 min:
2094
16,752
10 min:
2037
16,296
SWITCH#
port 13-TX-10/100
ifType
ifMtu
1500
ifPhysAddress
00:d0:cb:0d:00:12
ifAdminStatus
UP
ifOperStatus
UP
ifInOctets
341089087
ifInUcastPkts
5246410
ifInNUcastPkts
19472
ifInDiscards
ifInErrors
0
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts 0
ifOutDiscards
ifOutErrors
ifSpecific
SWITCH(config)#
13
ethernet
etherStatsDropEvents
172
etherStatsOctets
6479316
etherStatsPkts
63187
etherStatsBroadcastPkts
56513
etherStatsMulticastPkts
5479
etherStatsCRCAlignErrors
etherStatsUndersizePkts
etherStatsOversizePkts
etherStatsFragments
etherStatsJabbers
etherStatsCollisions
etherStatsPkts64Octets
44362
etherStatsPkts65to127Octets 6024
etherStatsPkts128to255Octets12315
etherStatsPkts256to511Octets468
19
etherStatsPkts512to1023Octets
0
etherStatsPkts1024to1518Octets
SWITCH(config)#
In order to clear all recorded statistics of port and initiate, use the following command. It is possible to
initiate statistics of port and select specific port.
Command
Mode
Global
Function
Initializes port statistics. It is possible to select
several ports.
MONITORING
V5324 Switch
Mirrored
Port 1
Mirrored
Port 3
Mornitor port
Mirrored
Port 2
Traffic transmitted
from Mirrored port
1,2,3
Before configuring Port-mirroring in V5324 switch, you need to assign mirrored ports/monitor port and
activate Port-mirroring.
You should assign monitor port and mirrored port, and then you can configure Port-mirroring.
In order to assign monitor port and mirrored port, use the following command.
Command
Mode
Function
Configures mirrored port.
Bridge
set mirror monitor { port-number | cpu}
The following is an example of configuring port 1 as monitor port and port 2~4 as mirrored ports.
Command
set mirror del port-number
Mode
Bridge
Function
Deletes mirrored port.
Before using port mirroring, you should enable port mirroring. In order to enable port mirroring, use
the following command.
Command
set mirror enable
Mode
Bridge
Function
Enables port mirroring.
Also, you have to disable port mirroring to release it. In order to do it, use the following command.
Command
Mode
Bridge
Function
Disables port mirroring.
Command
Mode
show mirror
Top/Global/Bridge
Function
Shows configuration of port mirroring.
The following is an example of configuring port 1 as monitor port to monitor incoming packets to port
2~4 and confirming it.
This chapter explains how to configure host name and time of system and how to manage it.
Environment Configuration
Configuration Management
System Confirmation
Host name
Time-zone
NTP
DNS Server
Host name displayed on prompt is necessary to distinguish each device connected to network. In order
to configure or change host name of switch, use the command, hostname on Global configuration
mode. The variable, name you need to enter after the command is new name you assign. Host name
distinguishes upper case and lower case. By default, host name is set to SWITCH.
Command
hostname name
Mode
Global
Function
Configures host name of switch with new name user assigns.
Information
The variable, name which follows command is the new mane of switch user assigns.
Information
The default is SWITCH.
System Environement - 69
In order to configure or change time and date in switch, use the command, clock on Top mode.
Command
Mode
clock MMDDhhmmYYYY
Top/Global
Function
Configures or change time and date in users switch.
The variable, MMDDhhmmYYYY you need to enter after the command is Month-Day-HourMinute-Year.
In order to view configured date and time, use the following command.
Command
show clock
Mode
Top/Global
Function
Shows configured date and time.
5.1.3 Time-zone
You can configure Time-zone to the V5324 switch with the following command. Time-zone is classified
GMT, UCT, UTC. If you want to know what kind of Time-zone can you configure, Use the show timezone command. Time-zone is predefined as the UTC(Universal Coordinated Time) at the factory
configuration
Command
show time-zone
70 - System Environmen
Mode
Top/Global
Function
Show the kinds of Time-zone.
Information
The command, show time-zone only displays kinds of Time-zone. In order to verify configuration
about Time-zone, use the command, show clock.
The following table shows the kinds of Time-zone, which can configure to the Switch and a main
country or area, belong to the Time-zone.
GMT Time
Time-zone
Country
GMT-12
Eniwetok
GMT-11
Time-zone
Country
Time-zone
Country
GMT-3
Rio De Janeiro
GMT+6
Rangoon
Samoa
GMT-2
Maryland
GMT+7
GMT-10
Hawaii, Honolulu
GMT-1
Azores
GMT+8
GMT-9
Alaska
GMT+0
London, Lisbon
GMT+9
GMT-8
LA, Seattle
GMT+1
Berlin, Rome
GMT+10
GMT-7
Denver
GMT+2
Cairo, Athens
GMT+11
Okhotsk
GMT-6
Chicago, Dallas
GMT+3
Moscow
GMT+12
Wellington
GMT-5
GMT+4
Teheran
GMT-4
George Town
GMT+5
New Dehli
Bangkok,
Singapore
Hong Kong,
Peking
Seoul, Tokyo
Sydney,
Melbourne
Command
time-zone time-zone
Mode
Global
Function
Configure or modify the current Time-zone on the Switch.
Information
The default is UCT(Universal Coordinated Time).
System Environement - 71
Command
Mode
show clock
Top/Global
Function
Shows users configuration about date/time and Time-zone.
The following is an example of configuring Time-zone as Seoul and viewing the configuration.
5.1.4 NTP
NTP(Network Time Protocol) can be used to configure users switches to 1/1000 second to guarantee the
exact time on networks. The Switch and NTP server constantly transmit the massage each other to
converge the correct time. It is very important to configure exact time to the Switch so that switch
operates properly. The details about NTP will be given at STD and RFC 1119.
Command
Mode
[server 3]
Function
ntp start
show running-config
Top/Global/Bridge/Interface
We can use the public NTP server and private NTP server both and enter the Domain name or IP
address of NTP server. Thetime.nuri.netis used in Korea, IP address is 203.255.112.96.
72 - System Environmen
The following is an example of configuring 203.255.112.96 as NTP server, running it and confirming it.
Command
no ntp
Mode
Global
Function
Releases NTP function.
SWITCH(config)# no ntp
SWITCH(config)# show running-config
Building configuration...
Current configuration:
hostname SWITCH
!
!
bridge
!
interface lo
no shutdown
!
(omitted)
no snmp
!
!
SWITCH(config)#
System Environement - 73
By default setting, V5324 switch is configured to display 24 lines composed by 80 characters on console
terminal screen. User can change the number of displayed lines by using the command, line. You can
display maximum 512 lines.
In order to configure the number of displayed lines on terminal screen, use the following command on
Top mode.
Command
Mode
Top
Function
Configures the number of displayed lines on terminal screen.
Information
The maximum of the number of line is 512.
The following is an example of configuring the number of displayed lines in terminal screen as 20 lines.
In V5324 switch, it is possible to use hostname or URL instead of IP address when you use telnet, ftp,
tftp and ping command Also, when you register certain domain name in V5324 switch, hosts in
registered domain can use telnet, ftp, tftp and ping commands with hostname, no IP address.
74 - System Environmen
Internet
V5324 Switch
Domain name - A
Host A
Host B
Host D
Host C
DNS Server
In the above picture, if you register domain name A in V5324 switch, you can use hostname instead of
IP address for telnet, ftp, tftp and ping commands. To do it, you need to register DSN server in V5324
switch. In order to register DNS server, use the following command.
Command
Mode
Global
Function
Registers default DNS server in switch.
After registering DNS server and making connection to the server on network, you can use hostname
instead of IP address for telnet, ftp, tftp and ping commands.
Note
The above function can be used when users switch, DNS server and certain domain are connected on
network for communication.
Command
show ip dns
Mode
Top/Global
Function
Shows configuration of DNS server.
System Environement - 75
The following is an example of registering 168.126.63.1 as DNS server and confirming it.
Information
The above example is just for your reference. In real configuration, you must input the DNS server you
are going to use.
The following is an example of taking ping test with domain name after registering DNS server.
The following is an example of inputting hostname instead of IP address for ping test to host B after
registering domain A.
76 - System Environmen
In the above example, A and B are just example. In real configuration, you should input actual domain
name and hostname instead of A and B.
In order to delete registered DNS server and domain name, use the following command.
Command
no ip dns
Mode
Global
Function
Deletes registered DNS server and domain name.
SWITCH(config)# no ip dns
SWITCH(config)#
It is possible to write message in system login page. Through the message, administrator can leave a
message to another user.
It is possible to write a message in system login page, use the following command.
Command
set banner
Mode
Global
Function
Writes a message in system login page.
When you use the above command, the following message will be displayed.
Write message you need. When you finish the message, press Ctrl+D key two times.
SWITCH(config)#
system prompt.
System Environement - 77
In order to delete login banner in system login page, use the following command.
Command
clear banner
Mode
Function
Global
Command
show banner
Mode
Function
Top/Global
Saving Configuration
Reloading
Configuration Backup
User can view switch configuration. In order to do it, use the following command.
Command
show running-config
78 - System Environmen
Mode
Top / Global / Bridge/Interface
Function
Shows switch configuration.
After you download a new system image to V5324 switch from TFTP/FTP server, if the configuration
files are changed, you must save the changed file in the flash memory. Unless you saved the changed
file, the configuration file will delete incase of rebooting. In order to save the configuration files in the
flash memory, use the following command.
Command
Mode
Function
write memory
Top/Global/Interface/Bridge
Note
When you store configurations with using this commands, please wait for [OK] message without any key
pressed.
5.2.3 Reloading
User can delete an individual configuration one by one, and also can reload the switch with the default
setting. In order to reload the switch, use the following command on Global configuration mode.
Command
restore factory-defaults
Mode
Global
Function
Reloads the switch.
Note
After reloading with the command, restore factory-defaults, restore factory-defaults, you have to reboot
the switch to initiate.
System Environement - 79
It is possible to save users configurations and to use for the data recovery or system operating. In order
to back up users configuration, use the following commands. In order to use back up file, use the
following command.
Command
copy
running-config
Mode
{name
Function
Copies the current configuration with a name configured by user or
startup-config}
startup configuration.
Global
Command
copy name startup-config
Mode
Function
Global
Note
In order to apply back up file to switch, you should reboot the system.
Command
show config-list
80 - System Environmen
Mode
Global
Function
Lists backup files.
The following is an example of copying the current configuration with a name and confirming it.
Command
erase filename
Mode
Global
Function
Deletes backup file.
System Environement - 81
Checking Installed OS
Configuring Default OS
In order to check if users switch is correctly connected to network, use the command, ping. In IP
network, the command, ping transmits echo message to ICMP(Internet Control Message Protocol).
ICMP is internet protocol that notifies fault situation and provides information on the location where IP
packet is received. When ICMP echo message is received at the location, its replying message is
returned to the place where it came from. In order to do ping test for checking network connection to
partner, use the following command on Top mode.
Command
Mode
Top
Function
Sends an ICMP echo message to a designated IP address for testing
connectivity. As many as you input at [count] ICMP messages are sent.
The following is an example of taking ping test three times to check network connection with
192.168.1.10.
Also, user of V5324 switch can view all hosts on same network with the switch. In order to view all
hosts on same network with users switch, use the following command.
82 - System Environmen
Command
Mode
bping network-address
Top
Function
Checks a certain network connection and views all hosts on
network.
Note
You have to enter network address to view all hosts on network. If you enter host address, not network for
bping test address, the result is same with regular ping test.
The following is an example of checking network connection of network address 192.168.1.0 by using
the command, bping and viewing all hosts on the network.
In case that users switch is configured with several IP addresses, sometimes you need to check network
connection of between specific IP address and partner.
In order to check network connection of between specific IP address and partner, use the following
command.
Command
sping src-ip-address
des-ip-address
Mode
Top
Function
Configures to have the partner who received message reply to configured
address. Inputs the address the partner should reply to at source ip address.
Note
In case that several IP addresses are configured in users device, use the command, sping. It is useless for
device with one IP address.
System Environement - 83
The following is an example of using the command, sping for checking network connection of
between 172.16.209.5 and 10.1.1.5 when IP address of the switch is configured as 192.168.1.10 and
172.16.209.5.
You can discover the routes that packets will actually take when traveling to their destinations. To do
this, the traceroute command sends probe datagrames and displays the round-trip time for each node.
If the timer goes off before a response comes in, an asterisk (*) is printed on the screen.
Command
Mode
traceroute destination
Top
Function
Traces packet routes through the network with input IP address or hostname.
hmt.da-san.com (203.236.124.252)
172.16.147.49 (172.16.147.49)
168.126.228.101 (168.126.228.101)
211.193.39.1 (211.193.39.1)
211.196.155.2 (211.196.155.2)
hh-k5-ge3.kornet.net (211.192.47.15)
128.134.40.182 (128.134.40.182)
8.389 ms
211.39.255.229 (211.39.255.229)
134.076 ms
211.45.90.253 (211.45.90.253)
10
0.528 ms
141.994 ms
0.450 ms
13.600 ms
6.848 ms
6.591 ms
6.691 ms
7.023 ms
7.749 ms
8.134 ms
13.171 ms
6.597 ms
6.884 ms
7.215 ms
0.719 ms
125.313 ms
6.995 ms
11.795 ms
34.922 ms
13.549 ms
12.646 ms
13.891 ms
50.576 ms
7.442 ms
7.714 ms
* * *
SWITCH#
84 - System Environmen
You can check the cable length from the switch port to a workstation.
To verify station-to-station cable length, use the following command in global configuration mode or
top mode.
Command
Mode
show cable-length
Top
Purpose
Display the cable length from each Ethernet port on the switch to workstations.
CABLE LENGTH
========================
1
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
10
20-39 (meter)
11
20-39 (meter)
12
20-39 (meter)
13
20-39 (meter)
14
20-39 (meter)
15
20-39 (meter)
16
20-39 (meter)
17
20-39 (meter)
18
20-39 (meter)
19
20-39 (meter)
20
20-39 (meter)
21
20-39 (meter)
22
20-39 (meter)
23
20-39 (meter)
24
20-39 (meter)
SWITCH(config)#
System Environement - 85
In order to check accessed user through telnet, use the following command.
Command
Mode
where
Top/Global
Function
Checks accessed user from remote place.
The following is an example of checking if there is any accessed user from remote place.
SWITCH# where
root at ttyS0 from (null) for 4 minutes 40.10 seconds
root at ttyp0 from 192.168.1.10:2181 for 14.68 seconds
SWITCH#
In order to display destination information registered in routing table, use the following command.
Command
Mode
which-route ip-address
Top
Function
Displays destination information.
src 172.16.218.2
SWITCH#
86 - System Environmen
In order to display MAC table recorded in specific port, use the following command.
Command
Mode
Function
mac addr
permission
in use
eth07(7)
00:00:00:00:00:28
OK
23.29
eth07(7)
00:00:00:00:00:25
OK
23.35
SWITCH(config)#
Information
The above message may vary according to product codes.
Information
There are more than about a thousand MAC addresses in MAC table. And it is difficult to find
information you need at one sight. So, The system shows certain amount of addresses displaying more-on standby status. Press any key to search more. After you find the information, you can go back
to the system prompt without displaying the other table by pressing q.
V5324 switch records MAC Table to prevent Broadcast packets from transmitting. And unnecessary
MAC address that does not response during specified time is deleted from the MAC table automatically.
The specified time is called Ageing time.
Command
set stp ageing name time
Mode
Bridge
Function
Specifies the Ageing time.
System Environement - 87
User can view time how long users switch has been running after booting.
In order to view running time of users switch, use the following command.
Command
Mode
show uptime
Function
Top/Global
In order to view system information such as product model, memory size, hardware specification, and
OS version, use the following command.
Command
Mode
show system
Function
Top/Global
: V5324
: 64 MB
: 8 MB(INTEL IN28F640J3)
S/W Compatibility
: 2
H/W Revision
: DS-N8-06C-A1
NOS Version
: 9.07
SWITCH#
88 - System Environmen
Information
The above example is based on V5324 OS V9.07. It may vary according to product model.
It is possible to check average of CPU utilization. In order to do it, use the following command.
Command
Mode
show cpuload
Function
Shows threshold of CPU utilization and average of
Top/Global
CPU utilization.
0.40( 0.09) %
1 min:
0.37( 0.09) %
10 min:
0.36( 0.09) %
It is possible to check CPU loading process classified by each process. Through this function, user can
see which demon possesses the most of CPU, if there is unnecessary demon, and operating process of
troubled demon. This information is useful data to solve problem.
Command
show process
Mode
Top/Global
Function
Checks CPU loading process
System Environement - 89
VSZ
TIME COMMAND
0.0
0.8
14:55
0:05 init
root
0.0
0.0
root
0.0
0.0
0 ?
SW
14:55
0:00 [kflushd]
0 ?
SW
14:55
root
0.0
0.0
0:00 [kupdate]
0 ?
SW
14:55
root
0.0
0.0
0:00 [kpiod]
0 ?
SW
14:55
0:00 [kswapd]
root
81
0.0
0.8
1104
root
84
0.0
1.1
1436
504 ?
14:55
0:00 klogd -c 1
724 ?
14:55
root
85
0.2
0:00 syslogd -m 0
root
87
0.0
1.0
1488
624 ?
root
95
0.0
1.0
1304
632 ttyS0
14:55
0:00 -ksh
root
100
0.0
3.8
15:03
0:00 /usr/sbin/vtysh
root
115 12.0
1.2
2380
17:05
0:00 ps -aux
3108
540 ?
STAT START
2.3
1124
RSS TTY
root
1476 ?
752 ttyS0
14:55
14:55
0:15 /usr/sbin/zebra
0:00 /usr/sbin/inetd
SWITCH#
CPU Loading Rate
Command
Mode
show memory
Function
Top/Global
used:
free:
shared: buffers:
Swap:
MemTotal:
62136 kB
MemFree:
24124 kB
MemShared:
41324 kB
Buffers:
8192 kB
Cached:
4932 kB
SwapTotal:
0 kB
SwapFree:
0 kB
cached:
8388608
5050368
SWITCH#
90 System Environmen
In order to view the current system image version, use the following command.
Command
Mode
show version
Top/Global
Function
Shows version of system image.
The following is an example of viewing the system image version OS 9.07of the switch.
User can verify the size of the current system image file of V5324 switch.
Command
Mode
show os-size
Top/Global
Function
Shows size of system image.
The following is an example of viewing the size of the current system image file.
System Environement - 91
It is possible to view utilization of flash memory. In order to do it, use the following command.
Command
Mode
show flash
Function
Top/Global
total
used
free
---------------------------------------------------OS
Config
7864320
5367868
2234398
524284
92160
432124
9.07 #4123
---------------------------------------------------Total
167252924
10737668
5415256
SWITCH#
92 System Environmen
This chapter provides guidelines to manage V5324 switch and network in which V5324 is. It contains
the following sections.
SNMP
RMON
Syslog
MAC Filtering
6.1 SNMP
SNMP(Simple Network Management Protocol) system is consisted of three parts: SNMP manager, a
managed device and SNMP agent. SNMP is an application-layer protocol that allows SNMP manager
and agent stations to communicate with each other. SNMP provides a message format for sending
information between SNMP manager and SNMP agent.
The agent and MIB reside on the switch. In configuring SNMP on the switch, you define the
relationship between the manager and the agent. According to community, you can give right only to
read or right both to read and to write. The SNMP agent has MIB variables to reply to request from
SNMP administrator. And SNMP administrator can obtain data from the agent and save data in the
agent. The SNMP agent gets data from MIB, which saves information on system and network.
The SNMP agent sends trap to administrator for some cases. Trap is a warning message to alert network
status to SNMP administrator. Trap informs improper user authentication, rebooting, connection
status(activate or deactivate), closing of TCP connection, disconnected to neighbor switch.
Internet
Managed Device
(Each SNMP Agent included)
Requested
information
transferred
manager
to
SNMP
Reuest information
to SNMP Agent
SNMP Manager
NMS(Network Management
System) used
Organization of SNMP
94 - Network Management
Information
By default setting, SNMP is deactivated in V5324 switch. SNMP is activated according to users
configuration such as community and contact.
Only authorized person can access to the SNMP agent installed in the switch by configuring password
called as community.
In order to configure the community, use the following command on Global configuration mode.
Command
snmp community password {ro | rw}
Mode
Global
Function
Configures community to allow authorized person to
access.
Community means password as we usually know. You can configure the community by entering
password you want at password. And it is possible to give access right only to read or both to read and
to write according to configuring password. The abbreviations following, ro stands for read-only and
rw stands for read/write. They are commands to distinguish access right.
Information
It is possible to configure SNMP community up to maximum three in V5324 switch.
The followings are two examples of giving access right both to read and write by configuring password
as administrator, and giving access right only to read by configuring password as everyone.
Network Management - 95
Command
no snmp community password {ro | rw}
Mode
Global
Function
Deletes community.
You can configure accessed person and location of the SNMP agent so that these descriptions can be
saved at SNMP configuration file.
In order to configure accessed person and location of the SNMP agent, use the following commands.
Command
Mode
Function
Enters name of accessed person.
Global
snmp location name
The following is an example of configuring accessed person and location of SNMP agent as manager
and Seoul.
96 - Network Management
SNMP trap is alert message that SNMP agent notifies SNMP manager about certain problems. If you
configure SNMP trap, switch transmits pertinent information to network management program. In this
case, trap message receivers are called trap-hosts.
Command
snmp trap-host ip-address [ip-address]
Mode
Global
Function
Configures trap-host.
The following is an example of configuring manager who has IP address 10.1.1.3 as trap-host.
Information
It is possible to configure maximum 16 SNMP trap-hosts in V5324 switch.
When you configure more than one trap-host, you can configure it by inputting IP address one by one
or inputting the IP addresses at once. The following is an example of configuring IP address 10.1.1.3,
20.1.1.5, and 30.1.1.2 as trap-host in two ways.
Network Management - 97
Command
no snmp trap-host ip-address
Mode
Global
Function
Deletes configured SNMP trap-host.
(1) cold-start is shown when SNMP is turned off and rebooted again.
(2) link-up/down is shown when network of port specified by user is disconnected, or when the
network is connected again.
(3) authentication failure is shown to inform wrong community is input when user trying to access to
SNMP inputs wrong community.
(4) cpu-threshold is shown when CPU utilization threshold configured by user referred to 6.3.2 CPU
Utilization Thresholds excesses. Also, when CPU utilization is down under the threshold, trap
message will be seen to inform it.
(5) port-threshold is a trap message to inform that configured port traffic is more than the threshold
configured in 6.3.3 Configuring Threshold of Port Traffic. Also, when port traffic goes down
less than the threshold, port-threshold will be shown.
(6) dhcp-lease is shown when there is no more IP address can be assigned in subnet of DHCP server.
Even though only one subnet does not have IP address to assign when there are several subnets,
this trap message will be seen.
(7) fan/module/power is shown when there is any problem in Fan, Module, and Power.
98 - Network Management
However, it may be inefficient work if all these trap messages are too frequently sent. Therefore, user
can select type of trap sent to trap-host. In order to configure kinds of trap messages that user wants to
receive, use the following commands.
Command
Mode
Function
Information
By default, all kinds of trap messages are configured to send.
Network Management - 99
Command
Mode
Function
Command
Mode
show running-config
Top/Global/Bridge/Interface
Function
Shows switch configuration.
Command
no snmp
Mode
Global
Function
Deletes SNMP.
When you use the above command, all configurations concerned with SNMP will be deleted. The
following is an example of deleting SNMP and confirming it.
SWITCH(config)# no snmp
SWITCH(config)# show running-config
(omitted)
no snmp
!
!
!
SWITCH(config)#
6.2 RMON
RMON(Remote Monitoring) is a function to monitor communication status of devices connected to
Ethernet at remote place. While SNMP can give information only about the device mounted SNMP
agent, RMON gives information about overall segments including devices. Thus, user can manage
network more effectively. For instance, in case of SNMP it is possible to be informed traffic about certain
ports but through RMON you can monitor traffics occurred in overall network, traffics of each host
connected to segment and current status of traffic between hosts.
Since RMON processes quite lots of data, its processor share is very high. Therefore, administrator
should take intensive care to prevent performance degradation and not to
overload network
transmission caused by RMON. There are nine defined RMON MIB groups in RFC 1757: Statistics,
History, Alarm, Host, Host Top N, Matrix, Filter, Packet Capture and Event. V5324 switch supports
three MIB groups of them, most basic ones: History, Alarm and Event.
RMON History is periodical sample inquiry of statistical data about each traffic occurred in Ethernet
port. Statistical data of all ports are pre-configured to be monitored at 30-minute interval, and 50
statistical data stored in one port. It also allows you to configure the time interval to take the sample
and the number of samples you want to save.
You need to enter into History configuration mode first to configure RMON history. In order to enter
into History configuration mode, use the following command. After entering into History configuration
mode, the system prompt is changed to SWITCH(config-rmonhistory[n]# from SWITCH(config)#. The
variable n is number to be configured to distinguish each different History.
Command
Mode
rmon-history number
Global
Function
Configures a number to distinguish RMON History. It can be
configured from 1 to 65,534.
The following is an example of entering into History configuration mode to configure History 5.
SWITCH(config)# rmon-history 5
SWITCH(config-rmonhistory[5])#
Input a question mark(?) at the system prompt on History configuration mode if you want to list
available commands. The following is an example of listing available commands on History
configuration mode.
SWITCH(config-rmonhistory[1])# ?
active
data-source
end
exit
interval
list
owner
Assign the owner who define and is using the history resources
requested-buckets
show
SWITCH(config-rmonhistory[1]#
Information
The question mark(?) you enter will not be seen. Right after entering the question mark, the commands
will be displayed.
In order to return into Global configuration mode, or to enter into Top mode, use the following
commands.
Command
Mode
exit
Function
Returns to Global configuration mode.
RMON
end
The followings are examples of returning to Global configuration mode and going back to Top mode
from History configuration mode.
SWITCH(config-rmonhistory[5])# exit
SWITCH(config)#
SWITCH(config-rmonhistory[5])# end
SWITCH#
Command
Mode
data-source data-object-id
RMON
Function
Assigns a source port of statistical port. The variable object
should be formed as ifIndex .number.
Command
Mode
owner name
RMON
Function
Configures History and identifies subject using related data.
Information
When you configure subject of RMON Histroy, it is possible to input maximum 32 letters. If you input
more than 32 letters, the error message, %Too long owner name will be displayed.
Command
requested-buckets count
Mode
RMON
Function
Configures the number of sample data.
SWITCH(config-rmonhistory[5])# requested-buckets 25
SWITCH(config-rmonhistory[5])#
Information
You can configure the number of sample data as maximum 65,535.
Command
Mode
interval time
RMON
Function
Configures the interval of sample inquiry. The default setting is 30 seconds.
SWITCH(config-rmonhistory[5])# interval 60
SWITCH(config-rmonhistory[5])#
Information
You can configure the interval of sample inquiry as maximum 3,600 seconds.
Command
active
Mode
RMON
Function
Activates RMON History.
The following is an example of activating RMON History and viewing the configuration
SWITCH(config-rmonhistory[5])# active
SWITCH(config-rmonhistory[5])# show running-config
Building configuration...
(Omitted)
rmon-history 5
owner dasan
data-source ifindex.hdlc1
interval 60
requested-buckets 25
active
(Omitted)
SWITCH(config-rmonhistory[5])#
Note
Before activating RMON History, check if users configuration is correct. After RMON History is activated,
you cannot change its configuration. If you need to change configuration, you have to delete RMON
History and configure it again.
Information
Before activating RMON History, check if users configuration is correct. After RMON History is
activated, you cannot change its configuration. If you need to change configuration, you have to delete
RMON History and configure it again.
Command
Mode
no rmon-history number
Global
Function
Deletes RMON History of specified number.
SWITCH(config)# no rmon-history 5
SWITCH(config)#
RMON Alarm invests sample data at the interval as use configured, and when the data is not in the
configured threshold.
There are two ways to compare with the threshold: Absolute comparison and Delta comparison.
Absolute Comparison : Comparing sample data with the threshold at configured interval, if the
data is more than the threshold or less than the threshold, Alarm is occurred.
Delta Comparison : Comparing difference between current data and the latest data with the
threshold, if the data more than the threshold or less than the threshold, Alarm is occurred.
You need to enter into RMON Alarm configuration mode first to configure RMON Alarm. In order to
enter into RMON Alarm configuration mode, use the following command. After entering into RMON
Alarm configuration mode, the system prompt is changed to SWITCH(config-rmonalarm[n]# from
SWITCH (config)#. The variable n is number to be configured to distinguish each RMON Alarm.
Command
Mode
rmon-alarm <1-65534>
Global
Function
Enters into RMON Alarm configuration mode.
The following is an example of entering into Alarm configuration mode to configure RMON Alarm 1.
SWITCH(config)# rmon-alarm 1
SWITCH(config-romonalarm[1]#
Input a question mark(?) at the system prompt on Alarm configuration mode if you want to list
available commands.
SWITCH(config-rmonalarm[1]# ?
active
end
exit
falling-event
owner
Assign the owner who define and is using the history resources
rising-event
sample-type
sample-variable
show
startup-type
SWITCH(config-rmonalarm[1]#
Information
The question mark(?) you enter will not be seen. Right after entering the question mark, the commands
will be displayed.
In order to return into Global configuration mode, or to enter into Top mode, use the following
commands.
Command
Mode
exit
Function
Returns to Global configuration mode.
RMON
end
The followings are examples of returning to Global configuration mode and going back to Top mode
from History configuration mode.
SWITCH(config-rmonalarm[1])# exit
SWITCH(config)#
SWITCH(config-rmonalarm[1])# end
SWITCH#
Command
Mode
owner name
RMON
Function
Configures RMON Alarm and identifies subject using many kinds of data from
Alarm
Information
When you identify subject of RMON Alarm, it is possible to input maximum 32 letters. If you input more
than 32 letters, the error message, %Too long owner name will be displayed.
In order to assign object used for sample inquiry, use the following command.
Command
Mode
sample-variable mib-object
RMON
Function
Assigns MIB object used for sample inquiry.
The following is an example of configuring MIB object apSvcConnections used for sample inquiry
In order to compare object selected as sample with the threshold, use the following command.
Command
Mode
sample-type absolute
RMON
Function
Compares object with the threshold directly.
Delta comparison compares difference between current data and the latest data with the threshold. For
instance, in order to know the point of variable notation rule 100,000 more than the former rule,
configure apCntHits as Delta comparison. In order to configure Delta comparison, use the following
command.
Command
Mode
sample-type delta
RMON
Function
Compares difference between current data and the latest data with the threshold.
Command
Mode
rising-threshold number
RMON
Function
Configures upper bound of threshold.
Information
You can configure upper bound of threshold as maximum 2,147,483,647. If you configure it as 0, then
there will not be Alarm.
After configuring upper bound of threshold, configure to occur RMON Event when object is more than
configured threshold. Use the following command.
Command
Mode
rising-event <0-65535>
RMON
Function
Configures to occur RMON Event when object is more than
configured threshold.
The following is an example of configuring to occur RMON event 1 when object is more than
configured threshold.
SWITCH(config-rmonalarm[1])# rising-event 1
SWITCH(config-rmonalarm[1])#
Information
If you configure the standard, the upper bound of threshold as 0, there will not be Event.
Command
Mode
falling-threshold number
RMON
Function
Configures lower bound of threshold.
SWITCH(config-rmonalarm[1])# falling-threshold 90
SWITCH(config-rmonalarm[1])#
Information
You can configure lower bound of threshold as maximum 2,147,483,647. If you configure it as 0, there will
not be Alarm.
After configuring lower bound of threshold, configure to occur RMON Event when object is less than
configured threshold. Use the following command.
Command
Mode
falling-event <0-65535>
RMON
Function
Configures to occur RMON Alarm when object is less than
configured threshold.
The following is an example of configuring ro occur RMON Event when object is less than configured
threshold.
SWITCH(config-rmonalarm[1])# falling-event 2
SWITCH(config-rmonalarm[1])#
Information
If you configure lower bound of threshold as 0, there will not be Event.
In order to configure the first RMON Alarm to occur when object is less than lower bound of threshold
first, use the following command.
Command
startup-type falling
Mode
RMON
Function
Configures the first RMON Alarm to occur when object is less
than lower bound of threshold first.
In order to configure the first Alarm to occur when object is firstly more than upper bound of threshold,
use the following command.
Command
Mode
startup-type rising
RMON
Function
Configures the first Alarm to occur when object is firstly more
than upper bound of threshold.
In order to configure the first Alarm to occur when object is firstly more than threshold or less than
threshold, use the following command.
Command
Mode
startup-type rising-and-falling
RMON
Function
Configures the first Alarm to occur when object is firstly
more than threshold or less than threshold.
In order to configure interval of sample inquiry for RMON Alarm, use the following command.
Command
Mode
sample-interval <0-65535>
RMON
Function
Configures interval of sample inquiry.
SWITCH(config-rmonalarm[1])# sample-interval 60
SWITCH(config-rmonalarm[1])#
Command
active
Mode
RMON
Function
Activates RMON Alarm.
The following is an example of activating RMON Alarm and viewing the configuration.
SWITCH(config-rmonalarm[1])# active
SWITCH(config-rmonalarm[1])# show running-config
Building configuration...
(Omitted)
rmon-alarm 1
owner dasan
sample-variable apSvcConnections
sample-type absolute
startup-type rising
rising-threshold 100
falling-threshold 90
rising-event 1
falling-event 2
sample-interval 60
active
(Omitted)
SWITCH(config-rmonalarm[1])#
Information
You should make sure that all configurations are correct before activating RMON Alarm. After activating
RMON Alarm, you cannot change configuration. If you need to change configuration, you have to delete
RMON Alarm and configure it again.
Command
Mode
no rmon-alarm number
Global
Function
Deletes RMON Alarm of specified number.
SWITCH(config)# no rmon-alarm 1
SWITCH(config)#
RMON Event identifies all operations such as RMON Alarm in switch. User can configure Event
message or Trap message to be sent to SNMP management server when sending RMON Alarm. You
need to enter into Event configuration mode to configure RMON Event. When you enter into Event
configuration mode by using the following command, the system prompt is changed to
SWITCH(config-rmonevet[n]# from SWITCH(config)#. The variable n is a number to distinguish each
different Event.
Command
Mode
rmon-event <1~65534>
Global
Function
Enters into RMON Event configuration mode.
The following is an example of entering into Event configuration mode to configure Rmon Event 1.
SWITCH(config)# rmon-event 1
SWITCH(config-rmonevent[1])#
In order to list available commands for RMON Event, input the question mark(?) at the system prompt
on Event configuration mode.
SWITCH(config-rmonevent[1])# ?
active
community
description
end
exit
list
owner
Assign the owner who define and is using the history resources
show
type
Define the event type determines where send the event notification
SWITCH(config-rmonevent[1])#
Information
The question mark(?) you enter will not be seen. Right after entering the question mark, the commands
will be displayed.
In order to return into Global configuration mode, or to enter into Top mode, use the following
commands.
Command
Mode
exit
Function
Returns to Global configuration mode.
RMON
end
The followings are examples of returning to Global configuration mode and going back to Top mode
from Event configuration mode.
SWITCH(config-rmonevent[1])# exit
SWITCH(config)#
SWITCH(config-rmonevent[1])# end
SWITCH#
In order to configure community for trap message transmission, use the following command.
Command
Mode
community password
RMON
Function
Configures password for trap message transmission right.
Command
Mode
description description
RMON
Function
Describes Event.
Information
The maximum description of Event is 126 characters.
Command
Mode
owner name
RMON
Function
Identifies subject of Event. You can use maximum 126 characters and
this subject should be same with the subject of Alarm.
Information
When you identify subject of RMON Event, it is possible to input maximum 32 letters. If you input more
than 32 letters, the error message, %Too long owner name will be displayed.
Command
Mode
Function
Configures Event type as log type. Event of log type is sent to the
type log
type trap
type log-and-trap
Command
Mode
active
RMON
Function
Activates Event.
The following is an example of activating RMON Event and viewing the above configuration.
SWITCH(config-rmonevent[1])# active
SWITCH(config-rmonevent[1])# show running-config
Building configuration...
(omitted)
!
rmon-event 1
owner dasan
community password
description This event ...
type log-and-trap
active
(omitted)
SWITCH(config-rmonevent[1])#
Information
You should make sure that all configurations are correct before activating RMON Event. After activating
RMON Event, you cannot change configuration. If you need to change configuration, you have to delete
RMON Event and configure it again.
Command
Mode
no rmon-event number
Global
Function
Deletes RMON Event of specified number.
SWITCH(config)# no rmon-event 1
SWITCH(config)#
6.3 Syslog
The function of syslog massage is to inform the troubles that occurred in users switch, to the network
manager.
By default, system logger is activated in V5324 switch. Therefore, although you delete this function, it
will be activated again.
Information
By default, system logger is activated in V5324 switch.
It is possible for user to configure level of Syslog message and place to transmit as user wants.
In order to configure level of Syslog message and place to transmit, use the following commands.
Command
Mode
Function
noticeinfo} console
to console.
to inside of system.
to inside of host.
Global
{volatilenon-volatile}
ip-address
There are seven levels of syslog message according to its importance; emergencyalertcriticalerror
warningnoticeinfo. Emergency is the highest level and info is the lowest level in importance.
User can configure level of syslog, but user cannot receive messages of lower levels than users
configured level. That means, in order to receive all messages, user have to configure the level as info.
When user configures syslog level as error, he can receive messages of higher level than error.
syslog output priority selector does not belong to any 7 levels and it can be entered as the form,
mail.emerg.
Also, user can configure the location where to receive syslog message. If you want to receive syslog
message through console, enter console on users PC, and if you want to receive it inside system, enter
local, and if you want to receive it in inside host, enter remote.
Command
Mode
Function
configured by user.
{volatilenon-volatile}
seven levels.
Releases Syslog.
In order to recovery syslog again after deleting it by no syslog, use the following command. Since
syslog logger is activated when booting, this command is not necessary when syslog is activated.
Command
Mode
syslog start
Global
Function
Restart the syslog logger.
In order to show the configuration of the syslog massage, use the following show commands. Take
notice that the configuration of the syslog cant be showed by using show running-config command.
Command
Mode
show syslog
show syslog local {volatilenon-volatile}
show syslog local {volatilenon-volatile}
number
Function
Show the configuration of the syslog.
Top/
Global
Information
It is impossible to view syslog configuration with the command, show running-config.
The following shows the configuration that Emergency massage is saved in the console and Info
massage and the higher massage than Info is saved in the volatile file.
local volatile
emerg
console
SWITCH(config)#
If you need to delete the log massage that is saved in the syslog file, use the following command.
Command
Mode
Global
Function
Deletes the log massage in the Syslog file.
V5324 switch has a function that sends syslog message to inform when CPU utilization excesses
configured threshold or is less than the threshold. In order to configure threshold of CPU utilization,
use the following command.
Command
Mode
Global
Function
Configures threshold of CPU utilization. The unit is % and it is
possible to configure from 20% to 100%.
Information
The default is 50%.
Command
Mode
show cpuload
Top/Global
Function
Shows configured threshold of CPU utilization and average of CPU utilization.
The following is an example of configuring threshold of CPU utilization as 70% and confirming it.
3.95( 2.67) %
1 min:
3.87( 2.67) %
10 min:
3.86( 2.67) %
After you configure as the above, the following message will be displayed when CPU utilization
excesses 70%.
Oct 18 17:37:24
zebra[80]: CPU Overload Warning : Threshold [70] < CPU Load [86]
And the following message will be displayed when the CPU utilization goes down less than 70%.
Oct 18 17:37:29
zebra[80]: CPU Overload Cleared : Threshold [70] > CPU Load [39]
V5324 switch has a function that sends syslog message to inform when port traffic excesses configured
threshold or is less than the threshold. In order to configure threshold of port traffic, use the following
command.
Command
threshold port port-number
<1-1000>
Mode
Global
Function
Configures threshold of port traffic. The unit is Mbps and it is
possible to configure from 1Mbps to 1000Mbps.
Information
The default is 1000Mbps.
In order to show configured threshold of port traffic, use the following command.
Command
Mode
Top/Global
Function
Shows configures threshold of port traffic.
The following is an example of configuring threshold of port 1 traffic as 500Mbps and confirming it.
Advantages of QoS
- Customized Service
By using QoS function, network business manager can supply more preferable service to user.
There are two general ways to operate QoS in the V5324 switch. The first way is to apply QoS policy to
the rule already configured by user. The second way is to give priority with CoS(Class of Service) value
defined in IEEE 802.1p in addition to the configured rule, and to make the policy of processing packet
in QoS map to apply it.
Deny is operated for the other packets that do not match the rule.
Scheduling
In order to handle overloading of traffics, you need to configure differently processing orders of graphic
by using scheduling algorithm. The V5324 switch supports the following algorithms.
In order to make a rule for traffics, use the following commands on Global configuration mode.
Command
Mode
Function
Applies the rule for incoming
any
communication
type
packets
any {ethtypearpip}
any ip {src-ip-addresssrc-ip-address/many}
[des-ip-addressdes-ip-address/many]
the port.
ip-addresssrc-ip-address/many} {des-ip-addressdes-ip-address/many}
{0-255any}
ip-addresssrc-ip-address/many} {des-ip-addressdes-ip-address/many}
{0-255any} {tcpudp}
ip {src-ip-addresssrc-ip-address/many} {des-ip-addressdes-ip-address/m
{src-port-numberany} {des-port-numberany}
protocol by user.
incoming
packets
to
Also, in order to remove the made rule, use the following command on Global configuration mode.
Command
no rule name
Mode
Global
Function
Removes the rule named name.
In order to add Layer 3 rules to QoS policy, use the following commands.
Command
Mode
{src-mac-addressany}
rule name complement l2 {dst-mac-addressany}
{src-mac-addressany} {<1-4094>any}
Function
Global
Adds MAC address and VLAN ID.
Priority.
Note
No plural policies can be applied to one rule. If you need to apply various policies to one rule, make
several names of the rule and apply each different policy to them.
Command
Mode
Function
use.
Denies matched packets with the rule ,or not matched ones
egress-port
mirror
The following is an example of applying the policy to a rule named A to keep from all incoming packets
to port 1.
Also, in order to remove applied policy, use the following command on Global configuration mode.
Command
Mode
Function
Global
(4) Confirming the Policy of QoS and the Rule of Packet Filtering
In order to confirm the policy of the rule configured by user, use the following command on Top mode
or Global configuration mode.
Command
Mode
Function
Top/Global
The following is an example of confirming the policy of the rule configured above by user.
In order to apply level to configured rule, use the following commands on Global configuration mode.
Command
Mode
Function
overwrite
same-as-tos overwrite
Also, in order to remove applied level to the rule configured by user, use the following command on
Global configuration mode.
Command
Mode
Function
Removes CoS value or ToS value given to matched
Global
no rule name {matchno match} tos
Information
By default, queue 0 contains CoS 0~7.
In order to divide the rule has level to queues 0~3 for making QoS map, use the following command on
Global configuration mode.
Command
Mode
Global
Function
Divides the rule to queues. CoS number is 0~7 and queue number is
0~3.
Information
It is possible to use maximum four queues.
Information
CoS number is 0~7 and queue number is 0~3.
The following is an example of dividing CoS value, 0 to the rule named A and configuring it as 3.
In order to confirm QoS map configured by user, use the following command on Top mode or Global
configuration mode.
Command
Mode
show qos
Function
Top/Global
MaxPacket
MaxLatency(us)
CoS
------------------------------------------------0
unlimited
disabled
unlimited
disabled
unlimited
disabled
unlimited
disabled
1,2,3,4,5,6,7
------------------------------------------------SWITCH(config)#
Max-packet
Waiting time
Max-packet is a value to decide the number how many packets are processed before passing to the next
queue. For example, if you configure Max-packet as 100, 100 packets are processed and passed to the
next queue. In order to configure the number how many packets can be processed at one queue, use the
following commands on Global configuration mode.
Command
Mode
Function
Waiting time means the interval after processing one packet before processing the next packet. In order
to configure waiting time, use the following command on Global configuration mode.
Command
Mode
Function
Configures Waiting time. It can be configured between 16
and 4080(microseconds).
Global
qos max- latency <0~3> disable
In order to confirm configured scheduling, use the following command on Top mode or Global mode.
Command
Mode
show qos
Function
Top/Global
The following is an example of confirming the configuration of Max-packet as 100 and waiting time as
16 for queue 0.
MaxPacket
MaxLatency(us)
CoS
------------------------------------------------0
100
16
unlimited
disabled
unlimited
disabled
unlimited
disabled
1,2,3,4,5,6,7
------------------------------------------------SWITCH(config)#
Command
rule name match counter <0-31>
Mode
Global
Function
Assigns Counter ID to QoS rule configured by user. Counter
ID can be from o to 31.
In order to view how many times QoS policy is applied, use the following command.
Command
show rule counter [counter-id]
Mode
Global
Function
Shows how many times QoS policy is applied to QoS rule. It is
possible to specify Counter ID to find information in need.
In order to disable Counter IP assigned to QoS rule, use the following command.
Command
no rule name match counter
Mode
Global
Function
Disables Counter ID assigned by user.
Command
clear counter <0-31>
Mode
Global
Function
Resets number of Counter.
In order to make a rule for blocking connection of incoming telnet, ftp, icmp, snmp to the switch, use
the following command.
Command
Mode
Function
<0-255>
for
admin-access-rule name classify {lowmediumhigh} ip
Global
blocking
connection
incoming
telnet,
of
ftp,
icmp, snmp to
the switch
The following table shows the commands used in case of applying the policy to configured rule.
Command
Mode
permit
admin-access-rule name no match
Global
permit
admin-access-rule name match deny
admin-access-rule name no match
deny
Function
In order to view the configurations about connecting to telnet, ftp, icmp, snmp, use the following
command on Top mode or Global configuration mode.
Command
Mode
Top/Global
Function
Shows the policy and rule about telnet, ftp,
icmp, and snmp.
The following table shows commands used in case of removing configured policy or applied policy to
rule.
Command
Mode
no admin-access-rule name
Function
Deletes a rule called name.
permit
no admin-access-rule name {no matchmatch}
deny
Cyber Apt.
LAN environment for Internet Service
Internet
Information
Shared
In this case, without NetBIOS filtering, customers data may be opened to each other even though the
data should be kept. In order to keep customers information and prevent sharing information in the
above case, NetBIOS filtering is necessary.
Command
set netbios-filter port-number
Mode
Global
Function
Configures NetBIOS filtering in specified port.
In order to release NetBIOS filtering according to users request, use the following command.
Command
clear netbios-filter port-number
Mode
Global
Function
Releases NetBIOS filtering from specific port.
Command
Mode
show netbios-filter
Top/Global/Bridge
Function
Shows configuration of NetBIOS filtering.
The following is an example of configuring NetBIOS filtering in port 1~5 and confirming it.
12345678901234567890123456
-------------------------ooooo.....................
-------------------------SWITCH(bridge)#
(11) Martian-filter
It is possible to block packets, which try to bring different source IP out from same network. If packet
brings different IP address, not its source IP address, then it is impossible to know it makes a trouble.
Therefore, you would better prevent this kind of packet outgoing from your network. This function is
named as Martian-filter.
In order to block packets, which try to bring differebt source IP out from same network, use the
following command.
Command
ip martian-filter interface-name
Mode
Global
Function
Blocks packets, which brings different Source IP address
from specified interface.
Command
no ip martian-filter interface-name
Mode
Global
Function
Releases blocked packet, which brings different Source IP
address from specified interface.
Command
Mode
show running-config
Top/Global/Bridge/Interface
Function
Shows switch configurations.
The basic policy of filtering based on system is set to allow all packets for each port. However the basic
policy can be changed for users requests.
After configuring basic policy of filtering for all packets, use the following command on Bridge mode to
confirm the configuration.
Command
Mode
Bridge
port-number
show mac-filter default-policy
Top/Global/Bridge
Function
Configures
basic
policy
of
MAC
Information
By default, basic filtering policy provided by system is configured to permit all packets in each port.
DENY |
12 PERMIT
2 PERMIT |
13 PERMIT
3 PERMIT |
14 PERMIT
4 PERMIT |
15 PERMIT
5 PERMIT |
16 PERMIT
6 PERMIT |
17 PERMIT
(omitted)
SWITCH(bridge)#
You can add the policy to block or to allow some packets of specific address after configuring the basic
policy of MAC Filtering. To add this policy, use the following commands on Bridge mode.
Command
set mac-filter add mac-address {denypermit} [vlan-id
any] [port-number]
Mode
Function
Allows or blocks packet which brings
Bridge
Information
Variable MAC-ADDRESS is composed of twelve digits number in Hexa decimal. It is possible to check it by
using the command show mac. 00:d0:cb:06:01:32 is an example of MAC address.
The following is an example of allowing packet which is source mac address 00:02:a5:74:9b:17 in port 1.
In order to confirm users configuration about MAC filter policy, use the following commands.
Command
Mode
Function
show mac-filter
/Bridge
The following is an example of configuring to block packet which is source mac address
00:01:a0:cd:01:02 after configuring to allow packet which is source mac address 00:02:a5:74:9b:17 and
confirming it.
MAC
========================================================
1
00:01:a0:cd:01:02
DENY
Any
1-21
00:02:a5:74:9b:17
PERMIT
Any
SWITCH(bridge)#
Also, the command, show mac-filter count shows MAC filtering policy as many as user configures. In
this case it is shown as configured order. So you can check late configured policy. The following is an
example of viewing one configuration.
MAC
========================================================
1
00:01:a0:cd:01:02
DENY
Any
1-27
SWITCH(bridge)#
Command
Mode
Bridge
Function
Deletes filtering policy for specified MAC address.
The following is an example of deleting configured filtering address and confirming it.
MAC
========================================================
SWITCH(bridge)#
Command
clear mac-filter
Mode
Function
Bridge
When you need to make many MAC filtering policies at a time, it is hard to input command one by one.
In this case, it is more convenient to save MAC filtering policies at
In order to view the list of MAC filtering policy at /etc/mfdb.conf, use the following command.
Command
Mode
Bridge
Function
Shows the list of MAC filtering policy at /etc/mfdb.conf.
All users should have IP addresses assigned by DHCP server and MAC table has the registry. If any
user makes fixed IP address, not assigned by DHCP server, V5324 switch can block the user through
MAC filtering. In order to block user of fixed IP address, perform the below steps.
Step 1 Configure the default policy of MAC filter in a port you want to block as deny.
Step 2 Configure permit only for the IP addresses assigned by DHCP server.
Command
set max-hosts port-number max-mac-number
Mode
Bridge
Function
Limits the number of user by configuring
Max host.
Information
When Max host is configured as 0, no one can connect to the port.
The following is an example of configuring to allow two MAC addresses to port 1, and five addresses to
port 2,3 ,and to ten addresses to port 4.
Command
Mode
Bridge
Function
Deletes configured max-host.
Command
Mode
show max-hosts
Top/Global/Bridge
Function
Shows configured max host.
1 :
0/2 (current/max)
port
2 :
0/5 (current/max)
port
3 :
0/5 (current/max)
port
4 :
0/10 (current/max)
port
5 :
0/Unlimited (current/max)
port
6 :
0/Unlimited (current/max)
port
7 :
0/Unlimited (current/max)
port
8 :
0/Unlimited (current/max)
port
9 :
0/Unlimited (current/max)
port 10 :
0/Unlimited (current/max)
port 11 :
0/Unlimited (current/max)
port 12 :
0/Unlimited (current/max)
port 13 :
52/Unlimited (current/max)
port 14 :
0/Unlimited (current/max)
port 15 :
0/Unlimited (current/max)
port 16 :
0/Unlimited (current/max)
port 17 :
0/Unlimited (current/max)
port 18 :
0/Unlimited (current/max)
(omitted)
SWITCH(bridge)#
In order to register Static address in MAC table, use the following command on Bridge configuration
mode.
Command
Mode
Function
Registers Static address in MAC table with
Bridge
mac-address
show mac bridge-name [port-number]
Top/Global/Bridge
The following is an example of registering MAC address 00:01:02:9a:61:17 in MAC table of br1.
The following is an example of showing MAC address of destination, the specified port number, VLAN
ID, and time registered in table.
mac addr
eth24(24)
00:01:02:9a:61:1a
permission
static
in use
0.00
eth24(24)
00:10:5a:84:46:76
OK
0.01
eth24(24)
00:e0:4c:1a:37:17
OK
0.07
eth24(24)
00:d0:cb:0a:a0:b7
OK
0.15
eth24(24)
00:c0:ca:33:5b:90
OK
0.18
eth24(24)
00:03:47:70:e3:30
OK
0.50
(omitted)
SWITCH(bridge)#
In order to delete Static address in MAC table, use the following commands on Bridge configuration
mode.
Command
Mode
Function
Deletes specified MAC address registered in specified
port.
Bridge
Switch on Ethernet needs 48-bit-MAC address to transmit packets. In this case, the process of finding
proper MAC address from IP address is called as address resolution. On the other hand, the progress of
finding proper IP address from MAC address is called as reverse address resolution. Dasan Networks
switches find MAC address from IP address through Address Resolution Protocol(ARP). ARP saves
these addresses in ARP table for quick search. Referring to IP address in ARP table, packet attached IP
address is transmitted to network. When configuring ARP table, it is possible to do it only in some
specific interfaces.
In order to match a specific IP address and MAC address, use the following command on Global
configuration mode.
Command
arp ip-address mac-address
[interface-name]
Mode
Global
Function
Saves IP address and MAC address in ARP table. Also
possible to configure a specific interface.
In order to view ARP table, use the following command on Top mode or Global configuration mode.
Command
show arp [interface-name]
Mode
Top/Global
Function
Shows registered ARP table.
In order to release ARP function about IP address and MAC address, use the following command on
Global configuration mode.
Command
no arp ip-address [interface-name]
Mode
Global
Function
Releases ARP function about IP address and
MAC address.
HWtype
HWaddress
ether
Flags Mask
00:D0:CB:06:01:32
Iface
br1
6.9 ARP-Alias
Although clients are joined in same client switch, it may be impossible to communicate between clients
for their private security. When you need to make them communicate each other, V5324 switch supports
ARP-alias, which responses ARP request from client net through Concentrating switch. In the below
picture, it is impossible to communicate between clients 10.1.1.2~10.1.1.5. In this case, you can configure
ARP-alias to response ARP request from the clients 10.1.1.2~10.1.1.5. Through Concentrating switch,
they can communicate after configuring ARP-Alias.
Internet
Concentrating Switch
Concentrating switch
responses ARP request
from 10.1.1.2~10.1.1.5
Client Switch
ARP requests of
10.1.1.2~10.1.1.5 sent to
Concentrationg Switch
10.1.1.2
10.1.1.3
10.1.1.4
10.1.1.5
Client Net
For private security
impossible to communicate
between clients
No ARP between Clients.
Example of ARP-Alias
In order to register address of client net range in ARP-Alias, use the following command.
Command
arp-alias start-ip-address end-ip-address
[mac-address]
Mode
Function
Registers IP address range and MAC address in
Global
Information
Unless you input MAC address, MAC address of users equipment will be used for ARP response.
In order to delete registered IP address range of ARP-Alias, use the following command.
Command
Mode
Global
Function
Deletes registered IP address range of ARP-Alias.
Command
clear arp-alias
Mode
Global
Function
Deletes all ARP-Alias.
Command
show arp-alias
Mode
Top/Global
Function
Shows registered ARP-Alias.
Sample Configuration 1
The following is an example of configuring ARP-Alias by registering IP address from 10.1.1.2 to 10.1.1.5.
Unless you input MAC address as the above example, MAC address of V5324 switch will be used.
6.10 Proxy-ARP
V5324 switch has Proxy-ARP, which responses ARP request instead of other equipment.
In the below picture, Host A has IP address 172.16.10.100 and the subnet mask is set to /16. So, it is
considered as connecting to network 172.16.0.0. In case Host A needs to send packet to Host D, Host A
is supposed to send ARP request considering that Host D is on the same network. Since ARP request is
transferred through broadcast, the ARP request from Host A is sent not to Host D, but to br1 interface
and nodes belonged to subnet A.
Host A
172.16.10.100/16
Host B
172.16.10.200/24
br1 172.16.10.99/24
subnet A
V5324
Switch
br2 172.16.20.99/24
subnet B
Host C
172.16.20.100/24
Host D
172.16.20.200/24
However, V5324 switch is aware that Host D belongs to other subnet and able to transmit packet to
Host D. Therefore it responses to ARP request from Host A with its own MAC address. Using this way,
all ARP requests from subnet A to subnet B are responded with MAC address of V5324 switch. Packets,
which should be transmitted to Host D from Host A are well transmitted through V5324 switch. In
order to configure Proxy-ARP, enter into Interface configuration mode of specific interface and use the
following command.
Command
ip proxy-arp
Mode
Interface
Function
Configures Proxy-ARP in specific interface.
Command
no ip proxy-arp
Mode
Interface
Function
Disables Proxy-ARP.
Sample Configuration 1
The first 4 bytes of all ICMP messages are same, but the other parts are different according to type field
value and code field value. There are fifteen values of field to distinguish each different ICMP message,
and code field value helps to distinguish each type in detail.
7
8-bit type
15 16
8-bit code
31
16-bit checksum
ICMP Message
The following table shows explanations for fifteen values of ICMP message type.
Explanation
Type
Type
Explanation
echo reply
12
parameter problem
destination unreachable
13
timestamp request
source quench
14
timestamp reply
redirect
15
information request
echo request
16
information reply
router advertisement
17
10
router solicitation
18
11
time exceeded
It is possible to control ICMP message through users configuration. You can configure not to send echo
reply message to the partner who is taking ping test to device and interval to transmit ICMP message.
It is possible to configure not to send echo reply message to the partner who is taking ping test to device.
Command
Mode
Function
Blocks echo reply message to all partners who are taking ping
test to device.
Global
Blocks echo reply message to partner who is taking broadcast
In order to release blocked echo reply message, use the following commands.
Command
Mode
Function
Releases blocked echo reply message to all partners who are
It is possible to configure interval to transmit ICMP message. After you configure the interval, ICMP
message will not be sent until configured time based on the last message is up. For example, if you
configure the interval as 1 second, ICMP will not be sent within 1 second after the last message has been
sent. In order to configure interval to transmit ICMP message, use the following commands.
Command
Mode
Function
Configure interval to transmit ICMP message about
destination unreachable.
Configure interval to transmit ICMP message about echo
reply.
Global
Information
The unit of interval is 10(1/100s).
Information
The default is destination unreachable is 100 , echo reply is 0, parameter problem is 100
, time exceeded is 1.
Information
When you configure interval as 0, ICMP message will keep being sent all the time regardless of time.
In order to configure not to send ICMP message selected by user, use the following commands.
Command
Mode
Configures
Function
not
to
send
destination
unreachable
message.
Global
[Sample Configuration 1]
The following is an example of blocking echo reply message to all partners who are taking ping test to
device.
[Sample Configuration 2]
RST Configuration
SYN Configuration
RST sends a message that TCP connection cannot be done to a person who tries to make it. However, it
is also possible to configure not to send the message. This function will help prevent that hackers can
find impossible connections. In order to configure not to send the message that informs TCP connection
cannot be done, use the following command.
Command
ip tcp ignore rst-unknown
Mode
Global
Function
Configures not to send the message that informs TCP
connection cannot be done.
Information
The default is enabled RST.
Command
Mode
Function
Global
Enables RST.
SYN sets up TCP connection. V5324 switch transmits cookies with SYN to a person who tries to make
TCP connection. And only when transmitted cookies are returned, it is possible to permit TCP
connection. This function prevents connection overcrowding because of accessed users who are not
using and helps the other users use service.
In order to permit connection only when transmitted cookies are returned after sending cookies with
SYN, use the following command.
Command
ip tcp syncookies
Mode
Global
Function
Permits only when transmitted cookies are returned after
sending cookies with SYN.
Command
no ip tcp syncookies
Mode
Global
Function
Disables configuration to Permits only when transmitted cookies
are returned after sending cookies with SYN.
[Sample Configuration 1]
The following is an example of disabling RST and permitting only when transmitted cookies are
returned after sending cookies with SYN.
This chapter describes main functions of this switch such as VLAN, Port trunking, and STP. It contains the
following sections.
VLAN
Port Trunking
LACP Configuration
Stacking
Rate Limit
Configuring Bandwidth-share-Group
NAT
Bandwidth
DHCP
7.1 VLAN
This section describes the below items.
Overview of VLAN
Features of VLAN
Configuring VLAN
Nodes in same LAN can receive information when one node sends the information by using Broadcast.
However, with using the Broadcast , node is supposed to be obliged to receive unnecessary information.
To prevent this defect, nodes on same logical LAN are supposed to receive the information by dividing
LAN into logical LAN. Like this, logically divided LAN is called as VLAN(Virtual LAN) and one
VLAN may include several ports. Packets can be transmitted between ports in same VLAN when
network is consisted of VLAN. Only through routing equipment to make connection in VLANs, packets
can be transmitted between ports in each different VLAN. VLAN decreases Ethernet traffic to improve
transmit rate and strengthens security by transmission per VLAN.
V5324 Switch
br 3
br 1
br 2
You can construct VLAN based on port, MAC address, and protocol. V5324 switch supports VLAN
based on port. V5324 switch complying with IEEE 802.1q can transmit both tagged packet and
untagged packet, which does not have VLAN ID. All switch ports have VLAN ID(PVID) configured by
system. So, unless user configures specific VLAN, known as untagged VLAN, system configures VLAN
ID(PVID). Therefore, switch ports, which consist VLAN network can transmit packet to the VLAN,
which has same number with VLAN number.
Cost-Effective Way
When you use VLAN to prevent unnecessary traffic loading because of broadcast, you can get costeffective network composition since switch is not needed.
Strengthened Security
Usually node shares broadcast information, in some case, authorization is required for the information.
VLAN supports the way for VLAN member consisted of only authorized users so that network security
can be more strengthened.
Making VLAN
Specifying PVID
Releasing VLAN
Command
Mode
Function
Configures new VLAN by assigning a VLAN name and VLAN
Bridge
The variable vlan-name is a particular set of bridged interfaces. Frames are bridged only among
interfaces in the same VLAN.
Information
Make vlan-name form brN (N=integer). You cannot create virtual LAN without brN form at vlan-name. If
you input wrong letter, not BrN, the following message will be displayed.
The variable vlan-id is VLAN tag with which the packet is transmitted. If a port is configured with
tagging, it will send tagged traffic. In order to confirm VLAN configuration in the switch use the
following command, use the following command.
Command
Mode
Function
Top/Global/Bridge
The following is an example of configuring VLAN and confirming it. By default, all ports are
configured as br1 in V5324 switch.
1)
|uuuuuuuuuuuuuuuuuuuuuuuu........
br2(
2)
|................................
br3(
3)
|................................
SWITCH(bridge)#
Command
Mode
Function
Bridge
Deletes VLAN.
1)
|uuuuuuuuuuuuuuuuuuuuuuuu........
br2(
2)
|................................
SWITCH(bridge)#
Note
When you delete VLAN, all ports in the VLAN are deactivated. The ports keep deactivated until new
VLAN is given.
Command
set vlan pvid port-number <1-4094>
Mode
Bridge
Function
Configures PVID. It can be from 1 to 4,094.
Command
Mode
Function
Information
When you assign several ports in VLAN, you have to enter each port separated by a coma without space.
And use dash mark - to arrange port range.
Note
By default setting of V5324 switch, all ports are belonged to br1.
The following is an example of configuring port 7~10 as br2, 11~18 as br3 and the other ports as br1 and
confirming it.
1)
|uuuuuu............uuuuuu........
br2(
2)
|......uuuu......................
br3(
3)
|..........uuuuuuuu..............
SWITCH(bridge)#
Step 1 Delete ports associated with a VLAN to be removed using the following command.
Command
Mode
Bridge
Function
Deletes all ports in VLAN.
Step 2 Enter into Interface configuration mode of VLAN to be deleted and deactivate the virtual
interface.
Command
Interface vlan-name
shutdown
Mode
Global
Interface
Function
Enters into Interface configuration mode of specified VLAN.
Deactivates virtual interface.
Command
clear vlan vlan-name
Mode
Bridge
Function
Deletes VLAN.
V5324 switch is not only Layer 3 switch but also dedicated switch used for Layer 2. When user use the
V5324 switch as Layer 2 switch, it is impossible to communicate between VLANs because there is no
router function. Especially, port assigned as Uplink port should receive packets from all VLANs, but in
case of using the V5324 switch as Layer 2 switch, the port cannot receive packets unless the port is
configured to be included in all VLANs. Therefore, when you configure VLAN in Layer 2 switch, you
have to configure Uplink port included in all VLANs no matter how many VLANs are made as follow
showing an example of configuring port 1 ~ 16 as independent VLANs.
1) |u........................u......
br2(
2)
|.u.......................u......
br3(
3)
|..u......................u......
br4(
4)
|...u.....................u......
br5(
5)
|....u....................u......
br6(
6)
|.....u...................u......
br7(
7)
|......u..................u......
br8(
8)
|.......u.................u......
br9(
9)
|........u................u......
br10(
10) |.........u...............u......
br11(
11) |..........u..............u......
br12(
12) |...........u.............u......
br13(
13) |............u............u......
br14(
14) |.............u...........u......
br15(
15) |..............u..........u......
br16(
16) |...............u.........u......
In order to receive
packets
from
all
VLANs, Uplink port,
port 26 should be
configured
to
be
included
in
all
VLANs.
SWITCH(bridge)#
When untagged packet is transmitted on the above configuration, untagged packet received in port 1
gets pvid 1, and Uplink port, port 26 has pvid 1 also, so it can be transmitted to port 26. The thing is
untagged packet received in Uplink port. Since it is not clear which pvid untagged packet should have,
you need the following configuration to transmit untagged packets to all ports.
It is necessary to configure another VLAN including Uplink port, port 26, and ports 1 ~ 16 on the above
configuration. The following is an example of configuring br 17, which has pvid 17 in addition, and
confirming it.
1)
|u........................u......
br2(
2)
|.u.......................u......
br3(
3)
|..u......................u......
br4(
4)
|...u.....................u......
br5(
5)
|....u....................u......
br6(
6)
|.....u...................u......
br7(
7)
|......u..................u......
br8(
8)
|.......u.................u......
br9(
9)
|........u................u......
br10(
10) |.........u...............u......
br11(
11) |..........u..............u......
br12(
12) |...........u.............u......
br13(
13) |............u............u......
br14(
14) |.............u...........u......
br15(
15) |..............u..........u......
br16(
16) |...............u.........u......
br17(
17) |uuuuuuuuuuuuuuuu.........u......
SWITCH(bridge)#
Last of all, you should configure all ports, which are configured as the above, as shared-ports. After that,
untagged packet received in Uplink port, port 26 gets pvid 17 and is transmitted to ports 1 ~ 16.
In order to configure as shared-port, use the following command on Bridge configuration mode.
Command
Mode
Bridge
port-number
Function
Configures a specified port as shared-port.
Command
show port port-number
Mode
Top/Global/Bridge
Function
Shows all information on port.
The following is an example of configuring ports 1 ~ 16 and Uplink port, port 26 as shared-port and
confirming the configuration.
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------26:
Ethernet
Up/Down
Auto/Full/1000
On
SWITCH(bridge)#
V5324 Switch
Information
The switch supports up to six aggregate ports and each aggregate port can consist of up to eight
configured Ethernet interfaces.
In order to aggregate port or delete aggregated port, use the following commands.
Command
Mode
Function
Configures physical port as logical port and assigns
{srcmacdstmac}
Bridge
aggregated port.
Deletes physical port involved in logical port.
Information
Since V5324 switch supports six logical ports, group id can be from 0 to 5.
Command
show trunk
Mode
Top/Global/Bridge
Function
Shows port trunk configuration.
0 : Inactive
Trunk Group
Trunk Group
2 : Inactive
Trunk Group
3 : Inactive
Trunk Group
4 : Inactive
Trunk Group
5 : Inactive
SWITCH(bridge)#
Note
Ports configured as Port Trunking become independent out of from VLAN. Therefore, you need to add
them to VLAN again with new assigned number.
The following example shows: configuring ports 1 ~ 6 and port 19 ~ 26 as br1, configuring port 7 ~ 18 as
br2, and then configuring ports 7 ~ 10 as Trunk, and adding virtual port 27 configured as Trunk to br2.
26 physical ports
Virtual port
configured as Trunk
1)
|uuuuuu............uuuuuuuu......
br2(
2)
|..........uuuuuuuu..............
1)
|uuuuuu............uuuuuuuu......
br2(
2)
|..........uuuuuuuu........u.....
SWITCH(bridge)#
Note
You can make maximum six aggregators through LACP and maximum eight member ports can be
aggregated.
Enabling LACP
Configuring Aggregator
Before configuring LACP in switch, you need to enable LACP first. In order to enable LACP, use the
following command.
Command
set lacp system interface interface-name
Mode
Function
Bridge
Also, in order to release LACP and delete LACP configuration, use the following command.
Command
set lacp system interface disable
Mode
Bridge
Function
Releases LACP and deletes LACP configuration.
After enabling LACP, you should configure logical aggregator to aggregate several physical ports. In
order to configure aggregator or delete it, use the following commands.
Command
Mode
Function
Configures logical aggregator.
Bridge
set lacp aggregator del group-id
Deletes aggregator.
Information
You can make maximum six logical ports, so group-id can be input from 0 to 5.
Note
You cannot configure both port trunking and LACP at the same time. Therefore only one function can be
configured at one group-id.
When you configure aggregator, you need to specify packet passing through aggregator. In order to do
it, use the following command.
Command
Mode
Function
Specifies
Bridge
method {srcmacdstmac}
packet
passing
through
logical
aggregator.
Information
Source Mac-address is abbreviated to srcmac and Destination Mac-address is abbreviated to dstmac.
After finishing aggregator configuration, you should configure physical port to be member of
aggregator. In order to configure member port of aggregator or delete it, use the following commands.
Command
Mode
Function
Configures physical port to be member port of aggregator.
Bridge
set lacp port del port-number
Information
It is possible to configure several port-numbers by using , and -.
You need to configure mode of member port after member port configuration. There are two modes of
member port that can be configured- active mode and passive mode. Active mode has higher
priority than passive mode, and active mode becomes the standard, therefore passive mode is supposed
to follow configuration of active mode.
Command
Mode
Bridge
Function
Configures mode of member port.
By the way, if member port of two equipments connected to each other is configured as active mode,
another value is required to decide priority. In this case, it is possible for user to configure priority in
switch. In order to give priority to switch in LACP, use the following command.
Command
set lacp system priority <1-65535>
Mode
Bridge
Function
Gives priority value to switch in LACP.
Information
When member ports of two equipments connected to each other are configured as active mode and
passive mode, one equipment configured as active mode is standard, and if both equipments are
configured as active mode, then one equipment with higher priority is the standard. However, if both
equipments are configured as passive mode, then member ports of the equipments will not be linked.
User can view configuration of LACP. In order to confirm LACP configuration, use the following
commands.
Command
Mode
Function
Shows information of aggregator.
Top/Global
/Bridge
[Sample Configuration 1]
The following is an example of configuring aggregators of switch A and switch Bas 0, ports 7 ~ 10 as
member port, and viewing the configuration.
PRIORITY
PARTNER
----
------------------
------------
0x8000.00D0CB0A01B3
MEMBER
00D0CB22004E
-----2(o)-3(o)
AGGR
KEY
ACTIVITY
PARTNER
----
----
---
--------
-------
ENABLE
------
02
ACTIVE
ENABLE
03
ACTIVE
ENABLE
SWITCH_A(bridge)#
PRIORITY
PARTNER
MEMBER
----
------------------
------------
------
0x8000.00D0CB22004E
00D0CB0A01B3
2(o)-3(o)
AGGR
KEY
ACTIVITY
PARTNER
ENABLE
----
----
---
--------
-------
------
02
1 PASSIVE
ENABLE
03
1 PASSIVE
ENABLE
SWITCH_B(bridge)#
Information
AGGR section shows ID of aggregator when using command, show lacp port. It is not group-id user
inputs when configuring aggregator.
Member port of LACP has key value. All member ports in one aggregator have same key values. In
order to make an aggregator consisted of specified member ports, configure different key value with
key value of another port by using the following command.
Command
Mode
Function
Bridge
Information
The default is 1.
For example, switch A and switch B are linked with switch C in the below picture. Two aggregators are
configured in switch A and ports 7 ~ 10 are configured as member port. One aggregator is configured in
switch B and ports 7 ~ 8 are configured as member port. And one aggregator is configured as switch C
and port 9 ~ 10 are configured as member port. After these configurations, ports 7~8 of switch A and B
are linked
with ports 9~10 of switch A and C, then switch A is linked with switch B and C through
aggregators.
Internet
SWICH A
SWICH B
Example of LACP
Meanwhile, switch A is linked with switch B in the below picture. Two aggregators are configured in
both switch A and B, ports 7~10 are configured as member port. With this configuration, if ports 7~10
are connected through cable, one aggregator including the ports is made. However, if key values of
ports 7~10 are differently configured, two aggregators are made.
SWICH A
Internet
Aggregators of switch A and B
are linked through port 7, 8
SWICH B
Example of LACP
[Sample Configuration 2]
The following is an example of aggregating ports 7~8 and ports 9~10 into different port as above.
Without key configuration, two aggregators are configured and ports 7~10 are configured as member
port.
<SWITCH A>
SWITCH_A(bridge)# set lacp system interface br1
SWITCH_A(bridge)# set lacp aggregator add 0
SWITCH_A(bridge)# set lacp aggregator add 1
SWITCH_A(bridge)# set lacp aggregator 0 method srcmac
SWITCH_A(bridge)# set lacp aggregator 1 method srcmac
SWITCH_A(bridge)# set lacp port add 7-10
SWITCH_A(bridge)# set lacp port mode 7-10 active
SWITCH_A(bridge)# show lacp aggregator
AGGR
PRIORITY
PARTNER
MEMBER
----
-------------------
------------
------
0x8000.00D0CB0A01B3
00D0CB0AA790
eth07(o)-eth08(o)-eth09(o)-eth10(o)
0x8000.000000000000
SWITCH_A(bridge)#
<SWITCH B>
PRIORITY
----
-------------------
------------
PARTNER
MEMBER
------
0x8000.00D0CB0A01B3
00D0CB0AA790
eth07(o)-eth08(o)-eth09(o)-eth10(o)
0x8000.000000000000
SWITCH_B(bridge)#
By viewing the above configuration, you can see four ports are aggregated in one aggregator. However,
if you configure key values differently, you can see two aggregators are made.
<SWITCH A>
PRIORITY
PARTNER
MEMBER
----
-------------------
------------
------
0x8000.00D0CB0A01B3
00D0CB0AA790
eth07(o)-eth08(o)
0x8000.000000000000
00D0CB0AA790
eth09(o)-eth10(o)
SWITCH_A(bridge)#
<SWITCH B>
SWITCH_B(bridge)# set lacp port key 9-10 2
SWITCH_B(bridge)# show lacp aggregator
AGGR
PRIORITY
----
-------------------
------------
PARTNER
MEMBER
0x8000.00D0CB0A01B3
00D0CB0AA46C eth07(o)-eth08(o)
0x8000.000000000000
00D0CB0AA46C eth09(o)-eth10(o)
------
SWITCH_B(bridge)#
One aggregator can include maximum eight ports. When there are ten ports configured, higher priories
are selected. However, user can configure the priority when user wants specific port to configure as
member port regardless of its priority. In order to configure priority of LACP member port, use the
following command.
Command
Mode
Bridge
Function
Configures priority of member port.
SWITCH A
SWITCH B
PC A
PC B
Example of Loop
STP(Spanning-Tree Protocol) is the function to prevent Loop in LAN with more than two paths and to
utilize the double-path efficiently. It is specified in IEEE 802.1d. When STP is configured, there is no
Loop since it chooses more effective path of them and closes the other path. In other words, when
SWITCH C in the below figure sends packet to SWITCH C, path 1 is chosen and path 2 is closed.
SWITCH A
SWITCH E
SWITCH B
Path 1
SWITCH C
Path 2
SWITCH D
Meanwhile, RSTP(Rapid Spanning-Tree Protocol) defined in IEEE 802.1w innovate reduces the time of
network convergence on STP. Due to same vocabularies and configuration parameter used in 802.1d, it
is easy and fast to configure new protocol. Also, 802.1w includes 802.1d inside, so it can provide
comparability with 802.1d.
Information
V5324 switch supports RSTP from OS v.9.03.
Information
For comparability with configuration of switch installed old version, the default is STP mode.
STP Operation
RSTP Operation
The 802.1d STP defines port state as Blocking, Listening, Learning, and Forwarding. When STP is
configured in LAN with double-path, switches exchange their information including Bridge ID. It is
named as BPDU(Bridge Protocol Data Unit). Switches decide port state based on exchanged BDPU and
automatically decide optimized path to communicate with Root switch as standard of Spanning-Tree.
Root Switch
The critical information to decide Root switch is Bridge ID. Bridge ID is composed of 2 bytes-Priority
and 6 Bytes-MAC address. The Root switch is decided with the lowest Bridge ID.
SWITCH A
Priority : 8
SWITCH B
Priority : 9
ROOT
SWITCH C
Priority : 10
SWITCH D
Root Switch
For example, suppose there are three linked switches as below picture. After configuring STP, switches
exchange their information. The Priority of SWITCH A is 8, the Priority of SWITCH B is 9 and the
Priority of SWITCH C is 10. In this case, SWITCH A is automatically configured as Root switch.
Designated Switch
After deciding Root switch, when SWTCH A transmits packet to SWITCH C, SWITCH A compares
exchanged BDPU to decide path. The critical information to decide path is path-cost. Path-cost depends
on transmit rate of LAN interface and path with lower path-cost is selected.
The standard to decide designated switch is total Root path-cost which is added with path-cost to Root.
Path-cost depends on transmit rate of switch LAN interface and switch with lower path-cost is selected
to be designated switch.
SWITCH A
Priority : 8
ROOT
Path-cost
100
Path-cost
50
Designated
SWITCH
SWITCH C
Priority : 10
SWITCH B
Priority : 9
Path-cost
100
Path-cost
100
SWITCH D
: Path 1
: Path2
(PATH 1=50+100=150, PATH 2=100+100=200, PATH 1 PATH 2, PATH 1 is chosen)
In case of the above picture showing SWITCH C sends packet, path-cost of PATH 1 is 150 and path- cost
of PATH 2 is total 200(100 + 100 ; path-cost of SWITCH C to B + path-cost of SWITCH B to C). Therefore
lower path-cost, PATH 1 is chosen. In this case, port connected to Root switch is named Root port. In the
above picture, port of SWITCH C connected to SWITCH A as Root switch is Root port. There can be
only one Root port in one equipment.
Information
The standard to decide designated switch is total Root path-cost which is added with path-cost to Root.
switch with lower path-cost is selected to be designated switch. When Root path-costs are same, bridge ID
is compared.
Also, selected switch for communication in a segment is named Designated switch. In the below picture,
suppose that packet is transmitted from Root switch to SWITCH D. SWITCH B and SWITCH C can be
selected. However, since Loop is created transmitting packet to SWITCH D, one of two must be selected
by comparing information of BDPU.
segment transmitted to SWITCH D is SWITCH B. Except Root port in each switch, selected port to
communicate is Designated port. The other ports, except Root port and Designated port, are named
Blocked port.
SWITCH A
ROOT
Designated
Port
Designated
SWITCH
SWITCH B
Root Port
Designated
SWITCH C
Port
PATH 1
PATH 2
SWITCH D
Port-priority
Meanwhile, when path-costs of two paths are same, port-priority is compared. As the below picture,
suppose that two switches are connected. Since the path-costs of two paths are 100, same, their portpriorities are compared and port with smaller port-priority is selected to transmit packet.
- Path-cost 100
- Port priority 7
- Port 1
PATH 1
ROOT
PATH 2
- Port 2
- Port priority 8
- Path-cost 100
All these functions are automatically performed by BDPU, which is the information of switch. It is also
possible to configure BDPU to change Root switch or path manually. Refer to 7.3.3 Configuring BPDU
(Bridge Protocol Data Unit) Transmission.
When SRP or RSTP is configured on network where Loop can be created, result of the last topology is
same. However, RSTP is more rapidly progressed than STP at the stage of reaching to the last topology.
This section describes how the RSTP more improved than STP works. It contains the below sections.
Port States
BPDU Policy
SWITCH A
ROOT
SWITCH B
SWITCH C
Designated
Alternate
Backup Port
Port
Port
PATH 1
PATH 2
SWITCH D
The difference of between Alternate port and Backup port is that Alternate port can alternate path of
packet when there is a problem between Root switch and SWITCH C but Backup port cannot provide
stable connection in that case.
By the way, when low BDPU is received from Root switch or Designated switch, it is immediately
accepted. For example, suppose that Root switch is disconnected to SIWTCH B. Then, SWITCH B is
considered to be Root because of the disconnection and forwards BDPU. However, SWITCH C
recognizes Root existing, so it transmits BDPU including information of Root to Bridge B. Thus,
SWITCH B configures a port connected to SWITCH C as new Root port.
SWITCH A
ROOT
New
ROOT PORT
SWITCH B
SWITCH C
BPDU including
Root information
Low BPDU
ROOT
New
link created
SWITCH A
Transmit
BDPU at
SWITCH B
Blocking to
prevent Loop
: BDPU flowing
SWITCH D
As the above picture, suppose that there is a new link connected between SWITCH A and Root. Root
and SIWTCH A is not directly connected, but indirectly through SSIWTCH D.
After SWITCH A is newly connected to Root, packet cannot be transmitted between the ports because
state of two switches becomes listening, and no Loop is created. In this state, if Root transmits BDPU to
SWITCH A, SWITCH A transmits new BDPU to SWITCH A and SWITCH C, SIWTCH C transmits new
BDPU to SWITCH D. SWITCH D, which received BDPU from SWITCH C makes port connected to
SWITCH C Blocking state to prevent Loop after new link. This is very an epochal way of preventing
Loop, the matter is that communication is disconnected during two times of BDPU Forward-delay till a
port connected to SIWTCH D and SWITCH C is blocked.
The below picture shows the progress of 802.1w to save the time of disconnection. There is a new link
between SWITCH A and Root. Then, right after the connection, it is possible to transmit BDPU although
packet cannot be transmitted between SIWTCH A and Root.
New link
ROOT
created
SWITCH A
SWITCH C
SWITCH D
SWITCH A negotiates with Root through BDPU. To make link between SWITCH A and Root, port
state of non-edge designated port of SWITCH is changed to Blocking. Although SWITCH A is
connected to Root, Loop will not be created because SWITCH A is blocked to SWITCH Band C. In this
state,
Forwarding state of SWITCH A, SWITCH A negotiates with SWITCH B and SWITCH A does with
SWITCH C.
ROOT
Forwarding State
Negotiate between
SWITCH A
and SWITCH B
(Traffic Blocking)
SWITCH A
Negotiate between
SWITCH B
SWITCH C
SWITCH A
and SWITCH C
(Traffic Blocking)
SWITCH D
SWITCH B has only edge-designated port. Edge designated does not cause Loop, so it is defined in
802.1w to be changed to Forwarding state. Therefore, SWITCH B does not need to block specific port to
Forwarding state of SWITCH A. However since SWITCH C has a port connected to SWITCH D, you
should make Blocking sate of the port.
ROOT
SWITCH A
Forwarding State
SWITCH B
Forwarding State
SWITCH C
Blocking
to make Forwarding
state of SWITCH A
SWITCH D
It is same with 802.1d to block the connection of SWITCH D and SWITCH C. However, 802.1w does not
need any configured time to negotiate between switches to make Forwarding state of specific port. So it
is very fast progressed.
During progress to Forwarding sate of port, Listening and Learning are not needed. These negotiations
use BDPU.
SWITCH A
(802.1w)
(802.1w)
SWITCH C
(802.1d)
STP BPDU
RSTP BPDU
Comparability with 802.1d
However, SWITCH A converts a port received BDPU into RSTP of 802.1d because it can read BDPU of
SWITCH C. Then SWITCH C can read BDPU of SWITCH A and accepts SWITCH A as Designated
switch.
SWITCH A
(802.1w)
SWITCH B
(802.1w)
SWITCH C
(802.1d)
STP BPDU
Comparability with 802.1d
Command
set stp enable bridge-name
Mode
Bridge
Function
Activates STP of VLAN.
Information
The default is deactivated.
You do not have to configure STP to prevent Loop in the switches in LAN that does not have doublepath. In order to release STP in users switch, use the following command.
Command
set stp disable bridge-name
Mode
Function
Bridge
Command
Mode
show stp
Function
Shows Bridge ID and STP activating.
Top/Global/Bridge
bridge id
8001.00d0cb0d0012
STP enabled
no
SWITCH(bridge)#
Priority
When Priority is configured upon users requests, however, Root switch can be changed as user wants.
After changing Priority, the switch with the lowest Priority is supposed to be Root switch.
In order to change Root switch after configuring Priority in switch, use the following command.
Command
Mode
Function
Bridge
bridge-name <0-15>
This is an example of checking the configuration after Priority of br1 is set to 10.
bridge id
a001.00d0cb0d0012
SWITCH(bridge)#
STP enabled
no
To do this, the standard is path-cost. Generally, path-cost depends on transmission speed of LAN
interface in switch.
For example, however, if the chosen path makes packet overloading, user would better choose another
path.
Considering this situation, user of V5324 switch can configure path-cost of Root port optionally to
decide a path at users disposal. In order to configure path-cost, use the following command.
Command
Mode
Function
Configures path-cost to choose a path at users
Bridge
The following is an example of changing path-cost to 10 from 100 and confirming it.
a001.00d0cb010203
bridge VLAN id
designated root
0001.00d0cb0a003f
root port
max age
20.00
hello time
2.00
forward delay
15.00
ageing time
300.00
100
20.00
2.00
15.00
gc interval
4.00
hello timer
0.00
tcn timer
0.00
0.00
gc timer
1.95
flags
SWITCH(bridge)# set stp path-cost br1 1 10
SWITCH(bridge)# show stp br1
br1
bridge id
a001.00d0cb010203
bridge VLAN id
designated root
0001.00d0cb0a003f
root port
max age
hello time
forward delay
ageing time
1
20.00
2.00
15.00
300.00
10
20.00
2.00
15.00
4.00
hello timer
0.00
tcn timer
0.00
0.00
gc timer
1.49
flags
SWITCH(bridge)#
In order to configure port-priority, use the following command on Bridge configuration mode.
Command
set stp port-priority
bridge-name port-number priority-value
Mode
Bridge
Function
Configures port-priority.
The switches configured STP exchanges their information named BDPU to find the most suitable path.
In this case, user can configure the following items.
Hello time
Hello time means the interval time that Root switch sends BPDU. It is possible to configure from 1
second to 10 second. Hello time is basically set to 2 second.
Max Age
Root switch send new information made from the information it gets. However, it takes a lot of time to
send BDPU when there are many linked switches. And the information may be useless when network
access status is changed during sending BDPU. Therefore each information has Max Age to fond and to
remove the useless information.
Forward Delay
Switches find the location of other switches linked to LAN and send packet through BDPU. Before
sending packet, switches consider the time of receiving BDPU and finding the location, and then send
packet at regular interval. This interval time is called Forward delay.
Command
Mode
Function
Deciding the interval time when switch sends BPDU. 2 second
Bridge
To configure the time to send packet, use the following command on Bridge mode.
Command
set stp forward-delay bridge-name <4 30>
Mode
Bridge
Function
Deciding the time when switch sends BPDU. 15
second configured in system.
This is an example of configuration to send packet one time is set to one time in 10 second
Command
set stp max-age bridge-name <6 40>
Mode
Bridge
Function
Configuring MAX Age of BPDU. 20 second
configured in system.
This is an example of configuration that BDPU from br1 is set to be valid for 15 second.
Note
It is recommended that Max Age is configured less than twice of Forward Delay and more than twice of
Hello Time.
Although there is no double path in users equipment, Loop can be caused by network environment
and cable condition connected to equipment. To prevent this, V5324 switch has Self Loop detection to
perceive that outgoing packet is got back. Through the Self Loop detection, you can prevent packet ,
which comes back because it blocks the port.
Command
set selfloop-detect enable
Mode
Bridge
Function
Enables Self Loop detection.
Command
set selfloop-detect disable
Mode
Function
Bridge
In order to check status of Self Loop detection and port where Loop is happened, use the following
command.
Command
Mode
Function
show selfloop
Bridge
Shows status of Self Loop detection and a port where Loop is happed.
The following is an example of enabling Self Loop detection and confirming it.
Port |12345678901234567890123456
-------+--------------------------Loop |..........................
SWITCH(bridge)#
7.5 Stacking
It is possible to manage several switches with one IP address by using stacking. A switch, which is
supposed to manage the other switches in stacking is named as Master switch and the other switches
managed by Master switch are named as Slave switch. Regardless of installed place or connection state,
Master switch can check and manage all Slave switches.
Step1 Assign IP address to Master switch on Interface configuration mode and activate the interface
with the command, no shutdown. ( Refer to 3.3.1 Assigning IP Address.)
Information
When there are many connected switches, the other switches are managed by the IP address of Master
switch.
Step 2 Create a name to configure VLAN in Master switch, which Slave switches belong to.
Command
Mode
Function
Bridge
Information
To manage switch group, the ports connect Master switch to Slave switch must be in same VLAN.
Step 3 Add new switch or delete a switch in switch group by using the following commands.
Command
Mode
Function
Adds Slave switch in switch group.
Bridge
set stack del mac-address
Information
You cannot add switches belonged to each different VLAN to same switch group.
Step 4 Configure Master switch by using the following command on Bridge configuration mode.
Command
Mode
Bridge
Function
Configures Master switch.
Step 5 Configure Slave switch by using the following command on Bridge configuration mode.
Command
set stack slave
Mode
Bridge
Function
Configures Slave switch connected to Master switch.
Information
You have to enable Slave switch connected to Master switch.
Command
Mode
Bridge
Function
Configures VLAN of Slave switch.
Information
To manage switch group, the ports connect Master switch to Slave switch must be in same VLAN.
Command
Mode
show stack
Function
Top/Global/Bridge
[Sample configuration 1]
The following is an example of configuring Master switch and Slave switch. SWITCH A is Master
switch and SWITCH B is Slave switch.
<SWITCH A>
<SWITCH B>
<SWITCH A>
: br1
node ID : 1
node
MAC address
status
type
name
port
00:d0:cb:0a:00:aa
active
V6124F
SWITCH_A
42
00:d0:cb:22:00:11
active
V5324
SWITCH_B
26
SWITCH_A(bridge)#
<SWITCH B>
SWITCH_B(bridge)# show stack
device
: br1
node ID : 2
SWITCH_B(bridge)#
After configuring switch group, you can configure and manage Slave switches. When you input Slave
switch number after the command, rcommand, Telnet window connected to the Slave switch will be
seen. You can configure Slave switch by using DSH command. To finish Slave switch configuration, use
the command, exit on Telnet.
Command
rcommand node-number
Mode
Bridge
Function
Connects to Slave switch.
SWITCH(bridge)# rcommand 3
Trying 127.1.0.1(23)...
Connected to 127.1.0.1.
Escape character is '^]'.
SWITCH login: root
Password: vertex25
SWITCH#
SWITCH# exit
Connection closed by foreign host.
SWITCH(bridge)#
Command
clear stack
Mode
Bridge
Function
Releases stacking function.
Command
Mode
Bridge
Function
Configures port bandwidth. If you input egress or ingress, you can
configure outgoing packet or incoming packet. The unit is Mbps.
Unless you input neither egress nor ingress, they are configured to be same. To switch, egress is
incoming packet. So, it is upload to PC user.
Command
Mode
show rate
Function
Top/Global/Bridge
Command
clear rate port-number [egressingress]
Mode
Bridge
Function
Deletes configured port bandwidth.
The following is an example of configuring port 1 bandwidth as 64Mbps, port 2 egress bandwidth as
52Mbps and confirming it.
Ingress
Egress
| Port
Ingress
Egress
--------------------------------+------------------------------1
64( 64.000)
64( 64.000)
52( 52.000)
52( 52.000)
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
(Omitted)
SWTICH(bridge)#
7.7 Flood-Guard
Flood-guard limits number of packets, how many packets can be transmitted, in configured bandwidth,
whereas Rate limit described in 7.6 Rate limitcontrols packets through configuring width of
bandwidth, which packets pass through.
<Rate Limit>
<Flood Guard>
V5324 Switch
V5324 Switch
Configure
Rate Limit in port
Configure Flood-guard
to allow packets as
many as n per a second
Control
bandwidth
1
2
.
.
3
.
.
n
n+1
n+2
Bandwidth
n packets
allowed for
a second
Packets over n
thrown away
This function prevents receiving packets more than configured amount without enlarging bandwidth.
Command
Mode
Bridge
Function
Limits packets received in specified port as many as you
configure in a second.
Command
Mode
Function
Bridge
Command
Mode
show flood-guard
Function
Bridge
Sample Configuration 1
The following is an example of limiting packets as 10,000 in port 1 and confirming it.
10000
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
10
N/A
11
N/A
12
N/A
13
N/A
14
N/A
15
N/A
16
N/A
17
N/A
18
N/A
19
N/A
20
N/A
21
N/A
22
N/A
23
N/A
24
N/A
25
N/A
26
N/A
SWITCH(bridge)#
Note
This function cannot be used with Rate limit. You have to release Rate limit first in order to make a port
configured Rate limit belong in Bandwidth-share-group.
Command
bandwidth-share-group name
{ingressegress} bandwidth
Mode
Function
Configures
Bridge
group
named
name
to
configure
After configuring a group, assign ports as members. In order to assign member to a group, use the
following command.
Command
bandwidth-share-group name
member port-number bandwidth
Mode
Bridge
Function
Assigns port to a group named name. Bandwidth is the
minimum secured bandwidth and the unit is Mbps.
The following example shows: configuring group A and the maximum bandwidth of ingress as
100Mbps and assigning ports 2 ~ 6 and the minimum secured bandwidth as 10Mbps.
In order to view users configuration about bandwidth-share-group, use the following command.
Command
Mode
show running-config
Function
Top/Global/Bridge/Interface
Shows
users
configuration
about
Bandwidth-share-group.
Command
Mode
no bandwidth-share-group name
no bandwidth-share-group name
member port-number
Function
Deletes a group named name.
Bridge
Deletes a port in a group named name.
In the Multicast Network, Multicast router sends only IGMP Query massage that quest whether receive
Multicast packet when Multicast packet is transmitted. If a switch sends the join massage to Multicast
router, Multicast router transmits the Multicast packet only to that switch.
Multicast Packet
Multicast Router
No packet transmission
Before join message.
IP Multicasting
Multicst Packet
Multicast Router
IP Multicasting
IGMP Snooping is a function that finds port, which sends Join messageto join in specific multicast
group to receive multicast packet orleave messageto get out of the multicast group because it does
not need packets. Only when the switch is connected to multicast router, IGMP Snooping can be
enabled.
You can use the V5324 Switch as IGMP Querier without multicast router, because IGMP Query Demon
has been installed in the V5324 Switch.
Command
ip igmp querier
Mode
Global
Purpose
Enables IGMP Querier.
Note
Since PIM-SM includes IGMP Querier, both IGMP Querier and PIM-SM can be enabled at the same time.
When you activate IGMP Querier with enabled PIM-SM, the following message will be seen.
In order to remove the IGMP Querier from V5324 Switch, use the following command.
Command
no ip igmp querier
Mode
Global
Purpose
Removes IGMP Querier from switch.
Command
Mode
ip igmp snooping
Global
Function
Enables IGMP Snooping.
Command
Mode
no ip igmp snooping
Global
Function
Disables IGMP Snooping.
Note
Since PIM-SM includes IGMP Snooping, both IGMP Snooping and PIM-SM can be enabled at the same
time.
When shared vlan is configured in V5324 switch, assume that IP address is configured only for br1 and
not for br2 and br3. In this state, if Join message is received to br2, IGMP Querier ignores message,
which is received to interface without IP because it communicates with IP.
1)
|uuuuuuuuuuuuuuuuuuuuuuuu........
br2(
2)
|uuuuu..................u........
br3(
3)
|.....uuuuu.............u........
SWITCH(bridge)#
24
without IP,
1~5
thrown away br2
6~10
br3
11~23
br1 : IP 10.1.1.1
Join Message
Therefore, you should make br2 and br3 to get IP address of br1 in this case.
In order to configure the other vlans to get IP address of vlan(outmost-vlan) including all vlans for
multicast communication when shared vlan is configured, use the following command.
Command
ip igmp outmost-vlan <1-4094>
Mode
Global
Function
Configures the other vlans to get IP address of
vlan(outmost-vlan) including all vlans.
Command
no ip igmp outmost-vlan
Mode
Global
Function
Deletes configured outmost-vlan.
[ Sample Configuration 1 ]
The following is an example of configuring outmost-vlan of br1 and br2 as br1 for multicast
communication.
When the Multicast packet is transmitted to the switch, the switch transmits it as IGMP table. The
packet that is registered in the IGMP group is transmitted to the interface of the same group.
But, the unregistered Multicast packet can be transmitted from the device connected with users switch,
too.
If the unregistered Multicast packet is transmitted to the switch, the switch will drops or floods it as
users decision. Therefore, you have to decide how to do the unregistered packet.
Multicast Packet
of Gourp A
Current IGMP Table
interface
group
b, e
Multicast Packet
of Group B
Current IGMP Table
interface
group
b, e
In order to filter all unregistered multicast packet in IGMP table, use the following command.
Command
Mode
ip igmp multicast-filter
Global
Function
Enables Multicast packet filter.
Command
no ip igmp multicast-filter
Mode
Function
Global
In the Multicast Network, it takes time that Multicast client send the join massage and receive Multicast
packet. But, V5324 Switch can transmit Multicast packet promptly when the client request the Multicast
packet, because it receives Multicast packets previously and keeps them.
If you want to keep the Multicast packets transmitted to do Multicasting quickly, configure your switch
to Multicast group by using the following command
Command
Mode
Global
Function
Adds to specified multicast group.
After using the above command, you need to verify that V5324 switch joins in multicast group through
multicast router. In order to do it, use the following command.
Command
Mode
Function
Top/Global
Group
----------------------------------SWITCH(config)#
Information
The above example is a case when there is no registration. It may vary according to registered information.
In order to delete switch from multicast group, use the following command.
Command
no ip igmp static bridge-name ip-address
Mode
Global
Function
Deletes switch from multicast group
It is possible to configure the time that client sends join message to join in multicast group and
registration is completed. The time is called as Join-delay. In order to configure Join-delay, use the
following command. The unit is 10ms(=1/100 seconds).
Command
Mode
Global
Function
Configures Join-delay.
Note
If you configure Join-delay as 0, this function is disabled.
7.9.7 Fast-leave
If the Multicast client sends the leave massage to leave out Multicast group, Multicast router sends
IGMP Query massage to the client again, and when the client does not respond, delete the client from
the Multicast group. Therefore, it takes time the Multicast router to delete the client. But, you can
configure the function that the client has no sooner sent the leave massage than Multicast router has
delete it from the Multicast group by using the following command. That function is called fast-leave.
Command
ip igmp fast-leave
Mode
Global
Function
Configures the fast-leave
To remove fast-leave from the V5324 Switch, use the following command.
Command
no ip igmp fast-leave
Mode
Global
Function
Deletes the fast-leave
If you want to verify the IGMP configuration, use the following command.
Command
Mode
show igmp
Top/Global
Function
Verifies the IGMP configuration.
Group
Port
Expiry
IGMP Table
----------------------------------1
239.255.255.250
25
157
SWITCH(config)#
Note
In the above example, IGMP table is not displayed always. IGMP table is displayed only when the client
that sends the join massage exists.
In this case, when most hosts are belonged to multicast group and there is enough bandwidth to
support flow of controlling message between constituent members, these overheads are acceptable, but
the other cases are inefficient. Contrary to dense mode, PIM-SM receives multicast packet only when
request comes from specific host in multicast group. Therefore PIM-SM is proper when constituent
members of group are dispersed in wide area or bandwidth used for the whole is small. Sparse mode is
the most useful on WAN and can be used on LAN. For standard of PIM-SM, you can refer to RFC 2362.
Information
For using PIM-SM, you need a router which supports PIM-SM.
RP(Rendezvous Point) works in a central role for PIM-SM. Viewing the below chart, multicast packet is
transmitted to D as RP from A as source, through B and C. And D(RP) transmits multicast packet after
receiving join message from E or F. That is, all multicast packets are transmitted with passing through
RP(Rendezvous Point). For instance, even though F needs multicast packet, the packet is passed
through A B C D C F, not
focusing on RP is RPT(Rendezvous Point Tree) or shared tree. There is only one RP in one multicast
group. RPT has (*, G) entry because receiver can send a message to RP without knowing source. G
means multicast group.
1.Multicast packet
transmitted to RP
D
Source
RP
(Rendezvous Point)
3. RP transmits multicast
packet for the request.
F
3. RP transmits multicast
packet for the request.
RPT of PIM-SM
Also, routers on packet route automatically optimize route by deleting unnecessary when traffic
exceeds certain limit. After route to source and multicast group connected to the source are constituted,
all sources have route to connect to receiver directly. In the below picture example, packets are usually
transmitted through A B C D, but packets are transmitted through faster route A
C F when traffic is increased. SPT(Shortest-Path Tree) selects the shortest route between source
and receiver regardless of RP, it is called source based tree or short path tree. SPT has (S, G) entry, S
means source address and G means multicast group.
unnecessary
2.requests multicast
packet to RP
Source
1.multicast
packet
is
transmitted to RP
C
E
RP
(Rendezvous Point)
STP of PIM-SM
In order to configure PIM-SM in V5324 switch, you should refer to the following sections.
Enabling PIM-SM
Deciding RP
Configuring Static RP
Configuring BSR
Configuring RP Information
Configuring Assert message Information
Whole-packet-checksum
Configuring Interval of Cache-check
Configuring Multicast Routing Table
Configuring PIM-SM on Ethernet Interface
Viewing PIM-SM Information
Before configuring PIM-SM in switch, you should enable PIM-SM. In order to enable PIM-SM, use the
following command. When you enable PIM-SM by using the following command, the system is
supposed to enter into PIM configuration mode. When you enter into PIM configuration mode, the
system prompt is changed to SWITCH(config_pim)# from SWITCH(config)#.
Command
router pim
Mode
Function
Global
Information
PIM-SM supports both IGMP Querier and IGMP Snooping, therefore you cannot configure them at the
same time.
Note
The commands, ip igmp static and ip igmp fast-leave can be used when IGMP and PIM-SM are
enabled at same time.
[Sample Configuration 1]
The following is an example of enabling PIM-SM and entering into PIM configuration mode from
Global configuration mode.
Use exit command to go back to Global configuration mode. And use end command to enter into
Top mode.
SWITCH(config_pim)# exit
SWITCH(config)#
SWITCH(config_pim)# end
SWITCH#
7.10.2 Deciding RP
There are two ways to decide RP as central of PIM-SM on multicast network. One is that network
administrator manually decides RP and the other way is that RP is automatically decided by
exchanging information between multicast routers installed on network.
The information transmitted between multicast routers in the automatic way is called Bootstrap
message and the router, which sends this Bootstrap message, is called BSR(Bootstrap Router). All PIM
routers existed on multicast network can be BSR.
Routers that want to be BSP are named candidate-BSR and one router, which has the highest priority,
becomes BSR among them. If there are routers, which have same priority, then one router, which has the
highest IP address, becomes BSR. Bootstrap message includes priority to decide BSR, hash-mark to be
used in Hash, and RP information.
After deciding BSR, routers, which support RP, transmit candidate-RP message to BSR. Candidate-RP
message includes priority, IP address, and multicast group. Then BSR adds candidate-RP message to
Bootstrap message and transmits it to another PIM router. Through this transmitted Bootstrap message,
RP of multicast group is decided.
Users equipment belonged in PIM-SM network can be candidate-BSR and BSR is decided among them.
Candidate-BSR transmits Bootstrap message to decide BSR. You can configure priority to decide BSR
among Bootstrap messages and Hash-mask in V5324 switch.
Command
static-rp group-address-prefix rp-ip-address
Mode
PIM
Function
Configures RP of multicast group.
Command
Mode
PIM
Function
Deletes
RP
configured
by
network
administrator.
The following is an example of configuring a router, which has an address 200.1.1.1 in multicast group,
which has network address 244.0.0.0/8 as RP.
The information transmitted between multicast routers in the automatic way is called Bootstrap
message and the router, which sends this Bootstrap message, is called BSR(Bootstrap Router). All PIM
routers existed on multicast network can be BSR. Routers, which want to be BSP, are named candidateBSR and one router, which has the highest priority, becomes BSR among them. If there are routers,
which have same priority, then one router, which has the highest IP address, becomes BSR.
It is possible to configure the following messages, which are included in candidate-BSR message.
Candidate-BSR IP Address
Candidate-BSR Priority
Candidate-BSR Hash-mask
Command
cand-bsr address ip-address
Mode
PIM
Function
Selects IP address to be used in candidate-BSR
Command
no cand-bsr address ip-address
Mode
PIM
Function
Deletes assigned IP address in candidate-BSR.
Command
cand-bsr priority <0-255>
Mode
PIM
Function
Configures priority of Bootstrap message.
Information
The default is 0.
Information
The highest priority of candidate-BSR becomes BSR.
Command
no cand-bsr priority
Mode
PIM
Function
Deletes priority of Bootstrap message.
Command
cand-bsr hash-mask <0-32>
Mode
PIM
Function
Configures Hash-mask in Bootstrap message.
Command
Mode
PIM
Function
Deletes Hash-mask in Bootstrap message.
Information
The default is 30.
[Sample Configuration 2]
After deciding BSR on multicast network, candidate-RP routers send RP message to BSR. Candidate-RP
message includes priority, IP address, and multicast group. Then, BSR adds received candidate-RP
information to Bootstrap message and transmit to another PIM router. Through this Bootstrap message,
RP of multicast group is decided. All routers belonged in multicast network can become candidate-RP
and routers which generally consist candidate-BSR are supposed to consist candidate-RP.
Candidate-RP IP Address
Candidate-RP Priority
Command
cand-rp address ip-address
Mode
PIM
Function
Configures IP address to be used in candidate-RP.
Command
no cand-rp address ip-address
Mode
PIM
Function
Deletes configured IP address.
Command
Mode
Function
Registers address of multicast group in candidate-RP
PIM
message.
Command
Mode
PIM
Function
Deletes registered multicast group.
Command
cand-rp priority <0-255>
Mode
PIM
Function
Configures priority of candidate-RP.
Information
Candidate-RP with higher priority is decided as RP.
Information
The default is 0.
Command
no cand-rp priority
Mode
PIM
Function
Deletes configured priority of candidate-RP.
In order to configure interval to transmit candidate-RP message, use the following command.
Command
Mode
Function
PIM
Information
The default is 60 seconds.
In order to delete interval to transmit candidate-RP message, use the following command.
Command
Mode
no cand-rp interval
PIM
Function
Deletes interval to transmit candidate-RP message.
[Sample Configuration 3]
The following is an example of configuring things about candidate-RP message and confirming it.
Therefore it can happen that routers, which are members of another network or not members of
multicast group, apply for RP and transmit candidate-RP message.
In order to prevent this case, user can block candidate-RP message of another router by making only
candidate-RP in multicast group communicate.
In order to block candidate-RP message from routers which are not members, perform the below tasks.
Command
cand-rp access deny network-address
Mode
PIM
Function
Blocks all packets transmitted on specified network.
Step 2 Allow only packets transmitted by routers that will exchange candidate-RP message.
Command
cand-rp access permit ip-address/M
Mode
PIM
Function
Allows only packets transmitted by routers that will
exchange candidate-RP.
Command
Mode
Function
Releases blocked packet.
PIM
no cand-rp access permit ip-address/M
[Sample Configuration 4]
The following is an example of allowing only packets transmitted by routers that will exchange
candidate-RP message and confirming it.
When there are several PIM-SM routers on same LAN, they may exchange packets are not needed. In
order to prevent this problem, you need to assign one PIM-SM router to transmit multicast packet. In
this case, assigned router is named Assert.
In the below example, there are router B, C which can transmit multicast packet in case of receiving Join
message from receiver. D and E, which send Join message, cannot decide which router to receive.
And C may transmit same packet to B belonged in multicast group. In this case, if Assert is decided,
multicast group is well organized because D and E transmit Join message only to Assert.
RP
A
B
C
Unnecessary same
packet sent
Join Message
Join Message
When Assert is decided, Metric and Preference in Assert message are compared. Lower Metric has
priority and higher Preference has priority.
Configuring Metric
Configuring Preference
Command
metric <1-2,147,483,647>
Mode
PIM
Function
Configures Metric of Assert message.
Information
Lower Metric has priority.
In order to delete configured Metric of Assert message, use the following command.
Command
Mode
no metric
PIM
Function
Deletes configured Metric of Assert message.
Command
Mode
preference <1-2,147,483,647>
PIM
Function
Configures Preference of Assert message.
Information
Higher Preference has priority.
In order to delete configured Preference of Assert message, use the following command.
Command
Mode
no preference
PIM
Function
Deletes configured Preference of Assert message.
[Sample Configuration 5]
SWITCH(config_pim)# metric 1
SWITCH(config_pim)# preference 1
SWITCH(config_pim)# show running-config
Building configuration...
(Omitted)
router pim
preference 1
metric 1
!
(Omitted)
SWITCH(config_pim)#
7.10.7 Whole-packet-checksum
Although source of multicast is not connected to multicast group, multicast communication is possible.
In the below picture, First-Hop router directly connected to source can receive packet from source
without (S,G) entry about source. The First-Hop router encapsulates the packet in Register message and
unicasts to RP of multicast group. RP decapsulates capsule of Register message and transmits it to
members of multicast group.
Source
Multicast Packet
First-Hop Router
RP
Network that multicast source are not directly connected to multicast group
When the Register message is transmitted, range of Checksum in header conforms to header part as
RFC standard, but whole packet is included in range of Checksum in case of Cisco router. For
comparability with Cisco router, you should configure range of Checksum of Register message as
whole packet.
In order to configure range of Checksum of Register message as whole packet for comparability with
Cisco router, use the following command.
Command
whole-packet-checksum
Mode
PIM
Function
Configures range of Checksum of Register message as whole
packet for comparability with Cisco router.
In order to follow RFC standard by deleting comparability with Cisco router, use the following
command.
Command
no whole-packet-checksum
Mode
PIM
Function
Deletes comparability with Cisco router and follows RFC
standard.
Information
The default has no comparability with Cisco router.
RP receives packet from multicast source and transmits it to receiver. However, it there is no packet
received from source for certain period, it is not necessary to keep multicast item. Therefore, RP checks
whether packet is received from source at regular interval and this function is named Cache-check.
Command
cache-check interval <1-128>
Mode
PIM
Function
Configures interval of Cache-check.
Command
no cache-check interval
Mode
PIM
Function
Deletes configured interval of Cache-check.
Information
The default is 20 seconds.
There is RPF(Reverse Path Forwarding) on route of transmitting multicast packet. RPF is, a former
router that transmits multicast packet. In the below picture, ROUTER B is RPT of ROUTER E and
ROUTER C is RPF of ROUTER E.
Source
B(RP)
SPT
RPT
D
RPF
However, user can configure ROUTER D as RPF by configuring multicast routing table manually.
It is possible for users to configure router as RPF by configuring multicast routing table manually. In
order to configure multicast routing table manually to configure RPF, use the following command.
Command
ip mroute multicast-group-address
ip-address
Mode
Global
Function
Configures RPF about packet of specified multicast
group.
In order to delete configured multicast routing table, use the following command.
Command
Mode
Global
Function
Deletes configured multicast routing table.
It is possible to configure more than one tagged vlan in switch. Thus, when there are several tagged are
configured in one port of V5324 switch, the system can take which tagged vlan will be sent with
multicast packet, which is routed in the port. Therefore, user should configure which tagged vlan will
be sent with multicast packet of specified port.
In the below picture, four tagged vlans are configured in V5324 switch and two tagged vlans are
configured in port connected to SWITCH 3. In this case, the system can take which tagged vlan will be
sent with multicast packet, which is routed in the port when the packet received to V5324 switch is
about to send to SWITCH 3.
Multicast Packet
tagged vlan
of vid 1
V5324 Switch
tagged vlan
of vid 2
tagged vlan
of vid 4
tagged vlan
of vid 3
packet sent
with vid 2
packet sent
with vid 3
Configuration to select
one of vid3 and vid4
SWITCH 1
SWITCH 2
SWITCH 3
Therefore, user should configure which tagged vlan will be sent with packet to send to port connected
to SWITCH 3.
In order to configure tagged vlan to be transmitted with packet in case of multicast packet routing, use
the following command.
Command
Mode
Function
Configures tagged vlan to be transmitted in case of
Global
Information
Without users configuration of multicast routing vid, the smallest numerical value of vid is automatically
selected.
In order to delete configuration of multicast routing vid, use the following command.
Command
no ip mr-vid port-number
Mode
Global
Function
Deletes configuration of multicast routing vid.
In order to view users configuration about multicast routing vid, use the following command.
Command
show ip mr-vid
Mode
Function
Global
[ Sample Configuration 1 ]
The following is an example of configuring tag 2 to be transmitted with packet from port 1 when there
are more than one tagged vlan configured in port 1.
SWITCH(config)# ip mr-vid 1 2
SWITCH(config)# show ip mr-vid
--------------------------Port mr-vid | Port mr-vid
-------------+------------1
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
10
N/A
11
N/A
12
N/A
13
N/A
14
N/A
15
N/A
16
N/A
17
N/A
18
N/A
19
N/A
20
N/A
21
N/A
22
N/A
23
N/A
24
N/A
25
N/A
26
N/A
27
N/A
28
N/A
29
N/A
30
N/A
31
N/A
32
N/A
SWITCH(config)#
It is possible to configure PIM-SM on Ethernet interface. You need to be able to do the following to do it.
In order to enter into Interface configuration mode, use the following command.
Command
Mode
interface interface-name
Global
Function
Enters into Interface configuration mode of specified
interface.
In order to activate PIM-SM after entering into the Interface configuration mode, use the following
command.
Command
ip pim sparse-mode
Mode
Interface
Function
Activates PIM-SM on specified interface.
Command
no ip pim sparse-mode
Mode
Interface
Function
Releases PIM-SM from specified interface.
In order to block transmitting packet to specified multicast group, use the following command.
Command
ip pim access-list group-address-prefix
Mode
Interface
Function
Blocks transmitting packet to specified
multicast group.
Command
Mode
Interface
Function
Releases blocked multicast group.
To prevent this problem, you can prohibit transmitting Bootstrap message between multicast groups,
which are operated as different service.
Source B
Source A
Multicast Packet
Multicast Packet
A
B
Bootstrap Message
blocked
Mutlcast Domain A
In order to prohibit transmitting Bootstrap message between multicast groups, which are operated as
different service, use the following command.
Command
ip pim border
Mode
Interface
Function
Blocks Bootstrap message transmitted.
Command
Mode
no ip pim border
Interface
Function
Releases blocked Bootstrap message.
Information
Unless you configure Assert message information on Ethernet interface, value configured at 6.6.6
Configuring Assert Message Information is used on all interfaces.
In order to configure Assert message interface on Ethernet interface, use the following commands.
Command
Mode
Function
Configures metric of Assert message of specific interface.
Interface
Information
Lower Metric has priority and higher Preference has priority.
In order to delete configured Assert message information on Ethernet interface, use the following
commands.
Command
Mode
no ip pim metric
no ip pim preference
no ip pim threshold
Function
Deletes configured metric of Assert message of specific interface.
Interface
[Sample Configuration 6]
RP Table
Command
Mode
Function
Shows multicast routing table in detail.
Top/Global
(2) RP Table
In order to view RP table recorded in switch, use the following command.
Command
show pim rp
Mode
Top/Global
Function
Shows RP table recorded in switch.
Command
Mode
Top/Global
Function
Shows PIM-SM information configured on Ethernet interface.
Internet
Virtual Router
Associate IP : 10.0.0.5/24
Backup Router 1
Backup Router 2
Master Router
IP : 10.0.0.1/24
IP : 10.0.0.2/24
IP : 10.0.0.3/24
VRRP Operation
In case routers have same priorities, then a router, which has lower IP address, gets the precedence. The
below picture shows an example of configuring three routers which have IP addresses, 10.0.0.1/24,
10.0.0.2/24 and 10.0.0.3/24 for each one as Virtual router by Associated IP,10.0.0.5/24. If theses three
routers have same Priority, a router, which has the smallest IP, address, 10.0.0.1/24 is decided to be
Master Router. Also, switches and PCs connected to the Virtual Router are to have IP address of Virtual
Router, 10.0.0.5/24 as default gateway.
In order to configure V5324 switch as device in Virtual Router, use the following command on Global
configuration mode. Then you can configure VRRP by entering into VRRP configuration mode.
Command
vrrp interface-name group-id
Mode
Global
Function
Configures Virtual Router(VRRP Group).
Information
group-id can be configured between 1 and 255.
The following is an example of entering into VRRP configuration mode by using the above command.
When you enter into VRRP configuration mode, the system prompt will be changed for
SWITCH(config-vrrp)# from SWITCH(config)#.
Command
Mode
show vrrp
Function
Shows current configuration of VRRP.
Top/Global
show vrrp interface interface-name
VRRP.
Top/Global/Bridge
show running-config
/Interface/VRRP
In order to assign Associate IP address to routers in Virtual Router or delete configured Associate IP
address, use the following command.
Command
Mode
Function
Assigns Associated IP address to Virtual Router.
associate ip-address
VRRP
no associate ip-address
The following is an example of assigning IP address, 10.0.0.5 to Virtual Router of V5324 switch.
First of all, it compares Priority. A device, which has higher Priority, is to be higher precedence. And
when devices have same Priority, then it compares IP address. A device, which has lower IP address, is
to be higher precedence.
In case of trouble with Master Router, when there are more than two routers, one of them is selected
according to their precedence.
In order to configure Priority of Virtual Router or delete the configuration, use the following commands.
Command
Mode
Function
Configures Priority of Virtual Router.
vr_priority priority
VRRP
no vr_priority
Note
By default, Priority of V5324 switch is configured as 100.
Note
Priority of Virtual Backup Router can be configured from 1 to 254.
The following is an example of configuring Master Router and Backup Router by comparing their
Priorities: Virtual Routers, Layer 3 SWITCH 1 101 and Layer 3 SWITCH 2 102. Then, regardless of IP
addresses, one that has higher Priority, Layer 3 SWITCH 2 becomes Master Router.
backup
00:00:5E:00:01:01
advertisement interval
1 sec
preemption
enabled
priority
101
3.624 sec
---------------------------------------------state
virtual mac address
advertisement interval
master
00:00:5E:00:01:01
1 sec
preemption
enabled
priority
102
3.620 sec
By default, Priority of V5324 switch is configured as 100. So, unless you configure specific Priority,
this switch becomes Master Router because a device, which has lower IP address, has higher
precedence. Also, when there are more than two Backup Routers, IP addresses are compared to decide
order. The following is an example of configuring Master Router and Backup Router by comparing IP
addresses: Virtual Routers, Layer 3 SWITCH 1 10.0.0.1 and Layer 3 SWITCH 2 10.0.0.2.
master
00:00:5E:00:01:01
advertisement interval
1 sec
preemption
enabled
priority
100
3.624 sec
SWITCH2(config-vrrp)# exit
SWITCH2(config)# show vrrp
br1 - virtual router 1
---------------------------------------------state
virtual mac address
advertisement interval
backup
00:00:5E:00:01:01
1 sec
preemption
enabled
priority
100
3.620 sec
After user configures Virtual Router, if anyone knows Group ID And Associated IP address, it is
possible to configure another devices as Virtual Router. To prevent it, user needs to configure a
password, named authentication password that can be used only in Virtual Router user configured.
In order to configure an authentication password for security of Virtual Router, use the following
command on VRRP configuration mode.
Command
Mode
Function
Configures an authentication password.
no authentication
Note
Authentication password can be configured with maximum 7 digits.
The following is an example of configuring Authentication password in Virtual Router as network and
confirming it.
Preempt is a function that an added device with the highest Priority user gave is automatically
configured as Master Router without rebooting or specific configuration when you add an other device
after Virtual Router is configured. In order to configure Preempt, use the following command on VRRP
configuration mode.
Command
preempt {enable | disable}
Mode
VRRP
Function
Enables or disables Preempt.
Note
By default, Preempt is configured as enable in V5324 switch.
master
00:00:5E:00:01:01
1 sec
preemption
disabled
priority
100
3.624 sec
Also, in order to make Preempt enable as default setting, use the following command on VRRP
configuration mode.
Command
no preempt
Mode
VRRP
Function
Deletes the former configuration of Preempt to enable it.
Master Router in Virtual Router transmits its data to the other routers in VRRP group at regular interval.
The interval is named as Advertisement Time. User can configure Advertisement Time in V5324 switch.
In order to configure Advertisement Time, use the following command on VRRP configuration mode.
Command
vr_timers advertisement time
Mode
VRRP
Function
Configures Advertisement Time.
Note
By default, Advertisement Time is configured as 1 second in V5324 switch.
Note
For V5324 switch, Advertisement Time can be configured for 1 second to 10 seconds.
The following is an example of configuring Advertisement Time as 10 seconds and confirming it.
master
00:00:5E:00:01:01
advertisement interval
10 sec
preemption
disabled
priority
100
30.624 sec
In order to delete configured Advertisement Time for default setting, use the following command.
Command
Mode
no vr_timers advertisement
VRRP
Function
Deletes configured Advertisement time to return default
setting.
In order to view statistics that packets have bees sent and received, use the following command.
Command
Mode
Global
Function
Shows statistics of packets in Virtual Router Group.
0
0
SWITCH(config)#
7.12 NAT
NAT(Network Address Translation) uses private IP address, which is supposed to be used in internal
network. So, it can save limited IP source and strengthen security because IP address of internal
network is protected. V5324 switch supports Static NAT, IP masquerade(PAT) and Dynamic NAT.
Static NAT is to map a private IP address to a public IP address on one-to-one basis when
communicating with external network.
Private
Network
Private IP Address
Public IP Address
Packet
Packet
V5324 Switch
External
Network
As you see the above picture, a switch with enabled Static NAT transfers packet with private IP address
to packet with public IP address when sending packet of internal network. A is transferred to P and B is
transferred to Q.
As this way, one-to-one way to transfer private IP address to public IP address is named as Static NAT.
Static In order to configure Static NAT, use the following command.
Command
ip nat statistic public-address private-address
Mode
Global
Function
Configures Static NAT.
Command
no ip nat statistic public-address private-address
Mode
Global
Function
Disables Static NAT.
IP masquerade also known as PAT(Port Address Translation) makes several private IP addresses
connected to network bring one public IP address when it goes to exterior network. That is, data sent by
each different private IP address looks like sending by one public IP address.
Private IP Address
Public IP Address
A
Private
Network
Packet
B
C
Packet
External
Network
V5324 Switch
Operation of IP masquerade(PAT)
Command
ip nat pat private-network-address
Mode
Global
Function
Converts the private IP address into public IP address
when it goes to exterior network.
When you use the above command to configure IP masquerade, proper public IP address is chosen to
be sent to exterior network through certain rule.
However, it is also possible to configure the public IP address to skip the process.
In order to configure specific IP address to be sent to exterior network, use the following command.
Command
ip nat masq-address ip-address
Mode
Global
Function
Configures specific IP address to be sent to exterior
network.
Command
Mode
Function
Disables IP masquerade.
Global
no ip nat masq-address
Command
show running-config
Mode
Top/Global/Bridge/Interface
Function
Shows switch configuration.
[Sample Configuration 1]
The following is an example of enabling IP masquerade to convert private IP address 172.16.0.0/16 into
public IP address 100.1.1.2 for going out to external network when IP address of br1 is public IP
100.1.1.2 and IP address of br2 is private IP 172.16.1.1.
[Sample Configuration 2]
The following is an example of configuration that V5324 switch with IP address 172.16.221.60 provides
NAT to hosts belonged in network address 10.10.10.0. In this case, note that you have to give scope
option when configuring private IP address.
Unless you configure scope option, specified IP address becomes scope global. Then hosts who receives
NAT service are supposed to be sent with first configured IP address. For the other cases, it is
recommended that you configure scope option when configuring IP address to make sure configuration
information.
In Dynamic NAT, a switch specifies valid public IP Pool. When private IP address goes out, it uses
public IP address in specified public IP Pool as source address.
M is number of how many public IP addresses are and N is number of how many private IP addresses
are. Since M, Public IP addresses confront with N, private IP addresses, Dynamic NAT is also called as
N:M basis. Meanwhile, although public IP Pool is run out, still it is possible to assign through PAT.
Private IP Address
Public IP Pool
P
A
Private
Network
Packet
V5324 Switch
R
.
.
.
M
Packet
External
Network
Command
ip nat pool lowest-public-address
highest-public-address
Mode
Global
Function
Configures Dynamic NAT.
Information
lowest-public-address is IP address, which IP Pool is started, and highest-public-address is IP address,
which IP address is ended.
Command
no ip nat pool
Mode
Global
Function
Disables Dynamic NAT.
When host in private network tries to connect to domain name in the same network, V5324 switch has
DNS(Domain Name Server), which substitutes private IP address for public IP address. In order to
configure DNS, use the following command.
Command
Mode
ip nat dns
Global
Function
Configures DNS, which substitutes private IP address for public IP
address of domain name.
Command
Mode
no ip nat dns
Global
Function
Disables DNS.
In order to use other application program with configured IP address of NAT, use the following
commands.
Command
Mode
Function
Helps
quakeraudiovdolive}
address
be
applied
to
[preference-level]
IP
masqueraded
7.12.6 IP Filtering
When IP NAT is enabled, packets are sent up to CPU to run IP NAT. And user may need some of the
packets. To filter packets processed in CPU, you need to use IP filtering.
Command
Mode
Function
Configures basic policy for incoming packets.
addressany}
ip filter add {permitdeny} {src-addressany} {des-
Configured IP filtering policy gets sequential Rule-number, and you can configure another policy
through the Rule-number.
In order to view IP filtering policies configured sequentially, use the following command.
Command
show ip filter
Mode
Top/Global
Function
Shows configured IP filtering sequentially.
[Sample Configuration 1]
The following is an example of configuring IP filtering policy to block packet from 172.16.89.200/16 to
172.16.30.15/16 and to allow icmp.
prot opt
ACCEPT
icmp ------
DENY
all
------
source
destination
ports
172.16.0.0/16
172.16.0.0/16
any ->
172.16.0.0/16
172.16.0.0/16
n/a
any
In order to change order to IP packet filtering policy, use the following commands and insert in existing
policies.
Command
Mode
Function
Global
Information
When you use the command, ip filter insert, specified policy gets specified Rule-number and the
existing policies gets the next number.
7.13 Bandwidth
Routing protocol uses bandwidth information to measure routing distance value. In order to configure
bandwidth of interface, use the following command.
Command
bandwidth kilobits
Mode
Interface
Function
Configures bandwidth of interface.
Note
The bandwidth can be from 1 to 10,000,000Kbits. This bandwidth is for routing information implement and
it does not concern physical bandwidth.
Command
no bandwidth [kilobits]
Mode
Interface
Function
Deletes configured bandwidth of interface.
7.14 DHCP
DHCP(Dynamic Host Control Protocol) makes DHCP server assign IP address to DHCP clients
automatically and manage the IP address.
In the environment that all PCs may be not connected to network at the same time, all of they do not
need to have IP addresses. When some of they need IP address, it can be automatically assigned. In this
case, DHCP server is the one that assigns IP address automatically and DHCP clients are those, which
PCs are.
Saving COST
With limited IP source, many users can connect to internet. So, it can save IP source and the cost.
DHCP Server
IP Request
(Broadcast)
DHCP Pack
(Unicast)
PC
PC
PC
Subnet
PC=DHCP Client
DHCP Service Construction
V5324 switch can be the DHCP server or the DHCP Relay agent according to users configuration. The
DHCP Relay agents function is to connect the DHCP server to the DHCP client.
If you want to use V5324 switch as the DHCP server, first of all, specify it as the DHCP server. After
specifying V5324 switch as the DHCP server, you have to configure the following to support the DHCP
service to the DHCP clients.
Command
ip dhcp server
Mode
Global
Function
Configures switch as DHCP server.
Command
no ip dhcp
Mode
Global
Function
Disables DHCP server function.
Note
If there is something wrong with DHCP configuration, the message Cant start DHCP server. will be seen
by activating DHCP server and DHCP function is not enabled.
Meanwhile, V5324 switch supports special function that prohibits assigning plural IP address to one
MAC address. Usually, V5324 switch assigns IP address to equipment, which already has assigned IP
address because it may need more than one IP address.
However, although personal computer does not need plural IP addresses, it gets them. This function
prevents that case. In other words, it is possible for V5324 switch both to assign plural IP address to
equipments and also prohibit assigning plural IP address to one MAC address.
In order to prohibit assigning plural IP address to one MAC address, use the following command.
Command
Mode
Global
Function
Prohibits assigning plural IP address to one equipment.
Information
When you do not need the function to prohibit assigning IP address to one MAC address, activate DHCP
server with the command, ip dhcp server.
Command
Mode
no ip dhcp
Global
Function
Disables CHCP server.
Command
ip dhcp subnet subnet-address netmask netmask
Mode
Global
Function
Configures DHCP subnet.
You can configure IP address, default gateway, and DHCP group to be used in subnet configured by
user. Input exit to go back to Global configuration mode, and input end to go to Top mode directly.
Command
Mode
Global
Function
Deletes DHCP subnet.
Command
range start-address end-address
Mode
Function
dhcp
It is possible to configure inconsecutive subnets in same IP address range. For example, you can
configure subnet from 192.168.1.10 to 192.168.1.20 and from 192.168.1.30 to 192.168.1.40 in IP address
range 192.168.1.0/24.
Command
default-gateway gateway-address
Mode
dhcp
Function
Configures default gateway of subnet.
Command
group name
Mode
Function
dhcp
Command
Mode
no group name
dhcp
Function
Deletes configured group.
Command
Mode
Function
Configures default IP address lease time in seconds.
Global
ip dhcp lease max seconds
Information
The default is one hour(3600 seconds), and the maximum is two hours.
Command
ip dhcp dns {ip-address 1} [ip-address 2]
Mode
Global
Function
Registers DNS server.
[Sample Configuration 1]
The following is an example of configuring DHCP server ; network range 192.168.1.0/24 as subnet and
192.168.1.10 ~ 192.168.1.20 and 192.168.1.30 ~ 192. 168.1.40 as IP address range. The default gateway of
subnet is configured as 192.168.1.254 and DHCP server is activated.
[Sample Configuration 2]
When user inputs wrong network subnet of IP address commands to be assigned by DHCP server with
to activate DHCP, you will see the error message. The following is an example of the error message
when configuring IP address range and DHCP server after wrong netmask configuration of 192.168.1.0
as 255.0.0.0, not 255.255.255.0.
Information
The error message in the below example means that DHCP server is not activated.
Wrong netmask
In order to view information of assigned IP address, use the following commands. For more detail
information, enter detail after the command.
Command
Mode
Function
Shows total amount of IP addresses that can be assigned and
[Sample Configuration 3]
The following is an example of viewing total amount of IP addresses that can be assigned and number
of clients who receive IP address after [Sample Configuration 1].
The above example means that twenty-two IP addresses can be assigned and there is no client who
receives IP address by the time.
[Sample Configuration 4]
The following is an example of viewing detail information of client when there is clients who receive IP
address.
Command
ip dhcp server syslog
Mode
Global
Function
Configures syslog of trouble in DHCP server.
Command
show syslog local volatile
Mode
Top/Global
Function
Shows Syslog message.
[Sample Configuration 5]
Mar 12 13:12:00
zebra[85]: CPU overload warning : threshold [50] < CPU load [55]
Mar 12 13:12:05
zebra[85]: CPU overload cleared : threshold [50] > CPU load [5]
Mar 12 13:12:10
Mar 12 13:23:33
on `ttyS0'
Mar 12 13:23:33
dhcpd: Sending on
Mar 12 13:23:35
Socket/fallback/fallback-net
Mar 12 13:27:59
Mar 12 13:30:11
Mar 12 13:30:11
Mar 12 13:54:38
SWITCH(config)#
In order to view rate of IP usage by each group, use the following command.
Command
show ip dhcp group
Mode
Top/Global
Function
Shows rate of IP usage by each group.
You can configure the system to forward IP address that is requested from DHCP clients in V5324
switch. It called the DHCP Relay agent. The DHCP Relay agent is of avail to manage a wide DHCP
subnet.
DHCP Server
Relay agent 2
Relay agent 1
PC=DHCP Client
PC
PC
PC
PC
PC
PC
Subnet 2
Subnet 1
A example of the Relay agent
Use the following command in global configuration mode, to enable the DHCP relay feature on your
system.
Command
ip dhcp relay server-address
[server-address] [server-address]
Mode
Function
Global
Command
no ip dhcp
Mode
Global
Function
Deletes the DHCP Relay agent.
Data of IP address assigned by DHCP server is recorded in Lease Database. It is possible to initialize
this database and to start new recording. If there is an IP address assigned, it is renewed after checking
if user wants to use it.
Command
clear ip dhcp binding
Mode
Function
Global
You can make backup-file of DHCPlease database through tftp according to your configuration.
In order to make backup-file of DHCPlease database through tftp, use the following commands.
Note
Since tftp server does not authorize users with ID and password when they access to, the security is very
vulnerable. To help the vulnerable security, you can make backup-file only when there is same file name
with a file you need to copy in tftp server.
Command
Mode
write-delay time
ip dhcp database tftp-address file-name
Function
Global
Note
You should form tftp:A.B.C.D to input tftp-address.
Information
The unit of time is second when you configure backup interval of DHCPlease database with using the
command, write-delay.
Information
max-time is time limit to access to tftp server.
Command
Mode
show running-config
Top/Global/Bridge/Interface
Function
Shows DHCP configuration.
DHCP configuration
Information
The above example is just for your reference. It may vary according to DHCP configuration.
Broadcast Storm is overloading situation of broadcast packets since they need major part of transmit
capacity. Broadcast storm may be often occurred because of difference of versions.
For example, when there are mixed 4.3 BSD and 4.2 BSD, or mixed Appletalk Phase I and Phase II in
TCP/IP, Storm may be occurred.
Also, when information of routing protocol regularly transmitted from router is wrong recognized by
system, which does not support the protocol, Broadcast Storm may be occurred.
Broadcast Storm Control is operated by ; system counts how many Broadcast packets are there for a
second and if there are packets over configured limit, they are discarded.
Command
Mode
Bridge
Function
Configures Storm Control.
Information
max-count can be from 120 and it becomes to the closest multiple. For example, if you input 500, it
becomes 480.
Command
clear storm-control
Mode
Bridge
Function
Disables Strom Control.
Newly-updated V5324 switch provides not only broadcast storm but also control of multicast and
DLF(Destination Lookup Fail) storm. In order to use control of muticast and DLF storm, use the
following commands. Then all configurations of Broadcast storm control will be equally applied to all
VLANs.
Command
Mode
Function
Enables DLF storm control.
Bridge
set storm-control include multicast
Information
The defulat is enabled DLF storm control and disabled multicast storm control.
In order to disable multicast storm control and DLF storm control, use the following commands.
Command
Mode
Function
Disables DLF storm control.
Bridge
clear storm-control include multicast
Command
show storm-control
Mode
Bridge
Function
Shows Storm Control configuration.
Command
Mode
no ip forward direct-broadcast
Global
Function
Enables blocking Direct broadcast packet.
Information
The default is enabled.
In order to disable blocking Direct broadcast packet, use the following command.
Command
ip forward direct-broadcast
Mode
Global
Function
Disables blocking Direct broadcast packet.
In order to view configuration about blocking Direct broadcast packet, use the following command.
Command
Mode
show running-config
Top/Global/Bridge/Interface
Function
Shows switch configuration.
The following is an example of blocking Direct broadcast packet and confirming it.
This chapter describes on layer 3 switching and how to configure the switch for supported IP routing
protocols. It is intended to provide enough information for a network administrator to get the protocols
up and running. This chapter includes the following sections.
V5324 switch supports BGP version 4 defined in RFC 1771. BGP version 4 provides Aggregate route by
using CIDR(classless interdomain routing) to reduce size of routing table. CIDR provides IP prefix,
which is network address instead of IP address on BGP network. OSPF and RIP can also transmit CIDR
path.
Switch, which takes BGP protocol, is intended to exchange AS(autonomous system) and path reaching
to AS between BGP equipments. By doing it, user can prevent routing Loop and take the most effective
AS information.
User can configure MED(Multi Exit Discriminator) by using route map. When new routing information
is transmitted to neighbor BGP, MED is passed without any change. Thus, BGP routers located in same
AS can select path with same standard.
BGP configuration is roughly divided into basic configuration and advanced configuration. Basic
configuration includes the following.
Activating BGP
AS Route Filtering
Step 1 Enter into BGP router configuration mode by using the following command. Then BGP will be
activated.
Command
router bgp <1-65535>
Mode
Function
BGP Global
AS number is an identification of autonomous system used for detecting the BGP connection. AS
number is a digit between 1 and 655367. AS number 65512 through 65535 are defined as private AS
number. Private number cannot be advertised on the global Internet.
Step 2 Configure BGP network and register it in BGP routing table by using the following commands.
Command
Mode
Function
Command
neighbor ip-address remote-as number
Mode
Router
Function
Configures BGP Neighbor router.
In order to receive routing information of new policy, you need to configure inbound reset, and in
order to provide the information, you need to configure outbound reset. When BGP router provides
routing information of new policy, neighbor routers are supposed to receive the information.
If both BGP router and neighbor router support route refresh capability, it is possible to renew routing
information by using inbound reset. This way has the following advantages.
In order to check if neighbor router supports route refresh capability, use the following command.
Command
neighbor {ip-addressneighbor-tag}
capability route-refresh
Mode
Function
Informs whether neighbor router supports route refresh capability.
Router
If all BGP routers support route refresh capability, user can receive route information by using soft reset.
In order to configure routing information to follow new policy, use the following command.
Command
Mode
Function
Receives routing information of new policy. You can configure
Top
No previous configuration is required for outbound reset. Routing information is resent by using
command, soft.
Command
Mode
Function
Operates route refresh capability in where routing information is
Top
When administrator recoveries default routing policy from configured one, route refresh capability is
used. You do not have to delete configured policy one by one in case of this function.
Meanwhile, if a router does not support route refresh capability, you should delete old routing
information by using neighbor soft-reconfiguration. However, you would better take another way as
possible because it may cause network problem.
If you do not want to reconfigure BGP information but create new information, you have to save all
incoming information to BGP network in BGP router without processing routing information in order.
Please note that this way may cause overloading of memory.
Therefore you would better avoid it. On the other hand, memory is not required to provide changed
information. After BGP router transmits new information, neighbor router receives the information.
In order to change BGP configuration through saved routing policy, follow the below steps.
Step 1
After reconfiguring BGP router, configure to save received information from neighbor router.
And then, all incoming information to BGP router will be saved.
Command
neighbor ip-address soft-reconfiguration inbound
Mode
Router
Function
After reconfiguring BGP router, saves all
information from neighbor router.
Command
Mode
Function
Registers new information in table by using saved
Top
In order to check it routing information is correctly changed through routing table and BGP neighbor
router, use the following command.
Command
Mode
Top/Global
Function
Shows information to transmit to neighbor
router or to receive from neighbor router.
Command
neighbor ip-address weight
<0-65534>
Mode
Router
Function
Assigns weight to information from neighbor router.
In order to disregard length required to reach to AS in case of deciding route, use the following
command.
Command
Mode
Router
Function
Disregards length required to reach to AS in case of deciding
route
Command
neighbor
ip-address
Mode
distribute-list
Router
Function
Filters incoming or outgoing information through specific
network by using Access list.
Information
Distribute list can be used on only BGP internal network.
Command
ip
as-path
access-list
Mode
access-list-number
Global
Function
Defines specific AS in access list.
Step 3 Apply defined access list to filter routing information, which AS transmits or receives.
Command
neighbor ip-address filter-list
access-list-number {in | out}
Mode
Router
Function
Applies defined access list to filter routing
information, which AS transmits or receives.
saves time to search and apply data in case of massive filter lists.
easy to use
Before applying prefix list, user should configure prefix list. User can assign number to each policy
registered in prefix list.
Filtering through prefix list processes routing information in specific order by applying policy defined
in filter list. It is similar to access list but there are more detail rules as follow;
Rejects specified network information unless policy applied to network is defined in prefix list.
Distinguishes each policy with the assigned number and applies policy which has the lowest number
when there are more than one policy applied to one network.
Routers search policy in prefix list from the top in order. When they find required policy, they stop
searching. For faster operation, user can make quick search list on the top of the list by using seq
provided from ip prefix-list. In order to view assigned number to policy, use the command, show ip
prefix-list. Policies configured by user are automatically assigned number. If you do not configure it,
you should assign number to each policy by using the command, ip prefix-list SEQ-VALUE.
Command
Mode
Function
prefix list.
Global
list.
Information
To create prefix list, you should select permit or deny.
You can add policy to prefix list one by one. Use the following command.
Command
Mode
[le value] }
Global
Function
Configures policy of prefix list and
assigns number to the policy.
You can input ge and le optionally, and they are used when you configure more than one network. If
you do use neither ge nor le, network range is more clearly configured. When only ge attribute us
configured, network range is configured from ge-value, and when only le attribute is configured,
network range is configured from netmask to le-value.
In order to view information about prefix table, use the following command.
Command
Mode
Function
Top/
Global
network.
By default system records number how many times prefix list is inquired. In order to delete the number,
use the following command.
Command
clear ip prefix-list name [prefix]
Mode
Top
Function
Deletes the number how many times prefix list is
inquired.
Receives information from neighbor through route map and local BGP router distributes
information
In order to block routing information transmitting to next destination by configuring another address
instead of destination address, use the following command.
Command
Mode
Router
Function
Blocks routing information transmitting to next
destination.
This command informs routers address instead of neighbor router address and makes BGP routers
transmit information with the address. It is more effective than assigning specific address which to
receive routing information.
To make the next destination of BGP be neighbor router, use the command, set ip next-hop. In order to
configure neighbor router as the next destination of BGP, use the following command.
Command
Mode
Function
Specifies users BGP router connected neighbor router as the
Route-map
In order to make a connection to neighbor router with specified BGP version, use the following
command.
Command
neighbor ip-address version
{4 | 4-}
Mode
Router
Function
Configures BGP version to be used when communicating with
neighbor router..
After finishing basic configuration, it is possible to do advanced configuration. It contains the following
sections.
Route Dampening
Define route map and then it is possible to receive or distribute only matched routes to route map.
Routing information is processed in order; AS route first, then community, and network number last.
To prescribe process term, AS route uses as-path access-list, community uses community-list and
network uses ip access-list. In order to define route map, use the following command.
Command
neighbor ip-address route-map
route-map-name {in | out}
Mode
Function
Router
In order to configure aggregate address to routing table, use the following commands.
Command
Mode
aggregate-address prefix
Function
Creates aggregate address in BGP routing table.
Router
aggregate-address prefix
summary-only
Community is destination group that shares some common attributes. One destination can be belonged
to more than one community. As administrator can configure to which community destination is
belonged. By default, all destinations are configured to be in internet community.
no-advertise: (Either exterior or interior) Do not distribute this route to neighbor router.
local-as: Distribute this information to neighbor routers of low level AS located on BGP united
network. Do not distribute it to exterior router.
Command
Mode
Global
Function
Creates community list.
community is notated with a form, AA:NN as defined in RFC. AA is AS number and NN is number
of 2 bytes. In order to transmit community name to IP address of neighbor router, use the following
command.
Command
neighbor ip-address send-community
[extended]
Mode
Router
Function
Transmits community name to IP address of neighbor router,
which has specified IP address or specified neighbor-tag.
Command
bgp router-id address
Mode
Router
Function
Assigns ID number for BGP router.
In order to distribute route made in another place to BGP, use the following command.
Command
Mode
Router
Function
Distributes routing information to BGP table.
To the outside, the confederation looks like a single AS. All systems in each AS are connected to each
other, but all they are not directly connected to another AS in same confederation. In this case,
communicating with neighbor router in another AS is considered as communicating with interior BGP
router.
Especially, next destination, MED, and priority value in network are applied as they are. In order to
configure BGP confederation, you should configure ID number for confederation. To the outside, a
series of AS group looks like a single AS which has each different confederation number.
Command
bgp confederation identifier as
Mode
Router
Function
Configures BGP confederation.
Command
bgp confederation peers as [as...]
Mode
Router
Function
Configures neighbor AS in confederation.
By using route reflector, all BGP speaker routers do not need to be fully connected to each other because
it is possible to distribute transmitted route to neighbor route. Interior neighbor router distributes route
to next destination.
In order to configure route reflector and client router, which receives the route, use the following
command.
Command
Mode
Router
Function
Configures local router as BGP route router and
neighbor router as client router.
In order to configure BGP route through neighbor, use the following commands.
Command
Mode
Function
Enables the exchange of information with BGP neighbor
router.
NUMBER passive
neighbor ip-address description text
neighbor ip-address
default-originate
router.
interface
Command
Mode
Function
Allows BGP communication although neighbor router is not
neighbor ip-address
maximum-prefix maximum
neighbor router.
router.
Router
neighbor ip-address
transparent-nexthop
neighbor ip-address
override-capability
neighbor ip-address port
neighbor ip-address
interface interface-name
neighbor ip-address route-server-client
Command
Mode
Function
Router
In order to activate BGP neighbor router again, use the following command.
Command
Mode
Function
Router
Command
network ip-address backdoor
Mode
Router
Function
Configures network available to be connected through backdoor route.
Command
network ip-address /m nlri
[ multicast | unicast multicast ]
Mode
Router
Function
Decide type of route to send to neighbor router.
Command
Mode
Router
Function
Configures BGP distance value.
Since it may be risky to change BGP distance, it is not recommended. The exterior distance should be
lower than any other routing protocol, and the interior distance and local distances should be higher
than any other dynamic routing protocol.
In order to configure BGP timer for all neighbor routers, use the following command.
Command
Mode
Router
Function
Configures time to check BGP router in regular interval for
saving time to transmit routing information.
In order to adjust BGP timer for specified neighbor router, use the following command.
Command
Mode
neighbor ip-address
timers keepalive holdtimer
Router
neighbor ip-address
timers connect time
Function
peer.
Configures connection timer with neighbor router.
To delete time value configured in BGP neighbor router, use no neighbor timers command.
Command
bgp network import-check
Mode
Function
Checks imported information from remote network on BGP
Router
network.
Command
bgp enforce-first-as number
Mode
Function
Assigns number of the first AS to neighbor router. Checks
Router
Command
bgp default local-preference value
Mode
Router
Function
Changes default priority of local network.
Command
bgp bestpath compare-routerid
Mode
Router
Function
Compares router ID numbers for AS to select proper route
among imported router from neighbor router.
Command
Mode
Function
Configures the router to consider a missing MED as
Router
Command
bgp always-compare-med
Mode
Router
Function
Compares MED from other ASs.
Command
bgp bestpath med confed
Mode
Router
Function
Compares MED to decide the best route among routes from
each different confederations.
Command
bgp deterministic-med
Mode
Router
Function
Compares MED to decide the best route among routes from
ASs in confederation.
Command
Mode
Function
Router
the router does not have the best path, based on historical information.
Penalty Each time a route flaps, the router configured for route dampening in another AS assigns
the route a penalty of 1000. Penalties are cumulative. The penalty for the route is stored in the BGP
routing table until the penalty exceeds the suppress limit. At that point, the route state changes from
history to damp.
Damp state In this state, the route has flapped so often that the router will not advertise this route
to BGP neighbors.
Suppress limit A route is suppressed when its penalty exceeds this limit. The default value is 2000.
Half-life Once the route has been assigned a penalty, the penalty is decreased by half after the half-
life time, which is 15 minutes by default. The process of reducing the penalty happens at 5 seconds
interval.
Reuse limit As the penalty for a flapping route decreases and falls below this reuse limit, the route
is unsuppressed. That is, the route is added back to the BGP table and once again used for forwarding.
The default reuse limit is 750. The process of unsuppressing routes occurs at 10-second increments.
Every 10 seconds, the router finds out which routes are now unsuppressed and advertises them to the
world.
Maximum suppress limit This value is the maximum amount of time a route can be suppressed.
Command
bgp dampening
Mode
Function
Router
In order to change the default values of various dampening factors, use the following command.
Command
bgp dampening half-life time
[reuse-limit-value]
Mode
Router
Function
Configures various factors for route dampening. Half-life time can be
from 1 second to 45 seconds. And, reuser limit can be from 1 to 2,000.
You can delete all contents of specific cache, table, and database when some factors are invalid or
unreliable. In order to delete cache, table or database, use the following commands.
Command
clear ip bgp { * ip-address as-number}
[in | outsoft [inout]]
Mode
Top
Function
Reconfigures information about BGP neighbor
router, AS group, all(*) BGP connections.
You can display specific statistics such as contents of BGP routing table, cache, and database.
Information provided can be used to determine resource utilization and solve network problems. You
can also display information about node reachability and discover the routing path your devices
packets are taking through the network.
Dasan Networks, Inc
Command
Mode
network.
[number|local-AS|no-advertise
| no-export]
show
ip
bgp
Function
community-list
community-list-name [exact-match]
show ip bgp community-info
access-list-name
regular-expression
Global
route.
[ip-address]
individual neighbors.
Shows information about the TCP and BGP connections to
In order to configure routing protocol in router, you need to enter into Router configuration mode by
taking the following steps.
Command
Mode
router ospf
Global
Function
Enters into Router configuration mode.
Step 2 Configure network ID of OSPF. Network ID decides IPv4 address of this network.
Command
Mode
router-id router-id
Router
Function
Configures network ID of OSPF.
Step 3 Configures an interface on which OSPF runs and specifies the area ID or IP address for that
interface.
Command
network ip-address /m area
{<0-4294967295> | Ip-address}
Mode
Router
Function
Configures OSPF area ID. OSPF Area-ID can be configured
from 0 to 4294967295 or one of Ipv4 addresses.
After enabling OSPF, you can select the following items to configure.
Configuring Comparability
Configuring Areas
As there are various OSPF versions, there are various OSPF configurations according to equipments. In
order to configure OSPF protocol of equipment, configure equipment type named ABR by using the
following command. Please note that V5324 switch is complied with RFC 2328.
Command
abr-type {cisco | ibm | shortcut | standard}
Mode
Router
Function
Configures ABR type.
Compatibility configuration enables the switch to be compatible with a variety of RFCs that deal with
OSPF. Perform the following task to support many different features within the OSPF protocol.
Command
Mode
compatible rfc1583
Router
Function
Supports function defined in RFC 1583.
You can alter certain interface-specific OSPF parameters as needed. You are not required to alter any of
these parameters, but some interface parameters must be consistent across all routers in an attached
network. Those parameters are controlled by ip ospf hello-interval, ip ospf dead-interval, and ip
ospf authentication-key commands. Therefore, be sure that if you configure any of these parameters,
the configurations for all routers on your network have compatible values. Use the following
commands to configure users environment.
Command
Mode
Function
Configures cost to transmit packets on OSPF interface. It is recorded as
ip ospf retransmit-interval
second
ip ospf transmit-delay
second
ip ospf hello-interval
second
ip ospf dead-count
count
ip ospf authentication-key
key
ip ospf message-digest-key
Broadcast Network
Point-to-point Network
It is possible to configure OSPF network as broadcast type or non-broadcast type. For example, if users
network does not support multicasting, it is possible to configure broadcast network as non-broadcast
type. Conversely, it is also possible to configure NBMP network such as frame relay as broadcast type.
To operate network as NBMA type, all routers should be connected through virtual circuit. However, it
is possible to connect to some part of OSPF network with using virtual circuit through point-tomultipoint function so that network management cost can be saved. Two routers that are not directly
connected should transmit and receive routing information through intermediate router. So, you do not
have to configure neighbor router anymore. The followings are features of OSPF point-to-multipointing
type.
IP source is economized because you do not have to assign Neighbor router and there is no
additional process to configure designated router.
Management cost is saved because it does not need to be linked with all router on network like a
spiders thread.
It can provide more stable network service since it can communicate even when virtual circuit is
disconnected.
Command
ip ospf network {broadcast | non-broadcast |
(point-to-multipoint | point-to-point)}
Mode
Interface
Function
Configures
OSPF
network
type
in
OSPF
interface.
As there might be many routers attached to an OSPF network, a designated router is selected for the
network. It is necessary to select designated router to transmit routing information if broadcast
capability is not configured. In order to configure router communicated by non-broadcast type, use the
following command.
Command
Mode
Router
poll-interval <1-65535>]
Function
Configures
router
communicated
by
non-
broadcast type.
You can configure several area parameters including authentication, defining stub areas, and assigning
specific costs to the default route. Authentication allows password-based protection against
unauthorized access to an area.
Stub areas are areas into which information on external routes is not
sent. Instead, there is a default external route generated by the area border router, into the stub area for
destinations outside the autonomous system. To further reduce the number of link state advertisements
sent into a stub area, no-summary configuration on the ABR is allowed to prevent it from sending
summary link advertisement into the stub area. Use the following commands as you need. The
parameter, area-id can be formed as IP address or from 0 to 4,294,967,295.
Command
Mode
Function
Enables authentication for an OSPF area.
message-digest
area area-id
stub [no-summary]
area area-id
default-cost cost
area area-id
export-list access-list
area area-id
import-list access-list
area area-id
shortcut {default |
disable |enable}
Through route summarization, you can configure ABR to transmit single summarized route to other
areas. In OSPF, ABR transmits network information of an area to other areas. When the networks
addresses are in consecutive range, you can configure a representative address including each network
as network route. In order to configure networks address, use the following commands.
Function
Mode
Function
Configures network range that can be advertised as
{ip-addressip-address/m} not-advertised
Router
4,294,967,295.
substitute ip-address}
route information.
In OSPF, all areas must be connected to a backbone area. If there is a break in backbone continuity, or
the backbone is purposefully portioned, you can establish a virtual link.
The virtual link must be configured in both routers. The configuration information in each router
consists of the other virtual endpoint, and the nonbackbone area that the two routers have in common
(called the transit area). Note that virtual link cannot be configured through stub areas.
In order to create a virtual link, perform the following task in router configuration mode. The parameter,
area-id can be formed as IP address or from 0 to 4,294,967,295.
Command
Mode
Function
Creates
virtual
link.
hello-interval
can
be
transmit-delay
dead-interval is
OSPF calculates metric based on interface bandwidth. For example, default metric of T1 link is 64, but
default metric of 64K line is 1562. If there are plural lines in the bandwidth, you can view costs to use
line by assigning metric to each line. In order to classify costs to use line, use the following command.
Command
auto-cost reference-bandwidth
reference-bandwidth
Mode
Router
Function
Classifies bandwidth provided by each line. It can be
configured from 1Mbit/s to 4,294,967Mbir/s.
After notice of OSPF network organization changed, you can configure interval to calculate route,
which starts calculating the shortest path first. In order to configure the interval, use the following
command.
Command
timers spf spf-delay spf-hold
Mode
Router
Function
Configures interval to calculate route. Delay Time and
Hold Time can be configured from 0 to 4294967295.
The originating router keeps track of LSAs and performs refreshing LSAs when a refresh timer is
reached. You can configure the refresh time when OSPF LSAs gets refreshed and sent out. In order to
do this, use the following command.
Command
refresh timer <10-1800>
Mode
Router
Function
Configures interval to renew routing information.
Redistributing routes into OSPF from other routing protocols, static, kernel or from connected devices
will cause these routes to become OSPF external routes.
In order to redistribute routes into OSPF, use the following tasks associated with route redistribution.
Command
Mode
Function
Transmits external route to OSPF network.
default-metric number
You can configure Autonomous System Boundary router to transmit default route to OSPF network.
Autonomous System Boundary router transmits route created externally to OSPF network. However, it
does not create system default route. In order to have autonomous System Boundary router create
system default route, use the following command.
Command
default-information originate
[metric value] [metric-type (1|2)]
Mode
Router
Function
Makes Autonomous System Boundary router create
system default route in OSPF.
OSPF uses three different administrative distances: intra-area, inter-area, and external. Routes learned
through other domain are external, routes to another area in OSPF domain are inter-area, and routes
inside an area are intra-area. The default distance for each type of route is 110. In order to change any of
the OSPF distance values, use the following commands.
Command
distance ospf {external distance 1 | inter-area distance 2 |
intra-area distance 2}
Mode
Function
Router
Interface configured as passive in OSPF network is operated like stub network. Therefore, it is
impossible to transmit and receive OSPF routing information in passive interface. In order to block
routing information in interface, use the following command.
Command
Mode
passive-interface interface-name
Router
Function
Configures not to transmit routing information in specified interface.
To block OSPF routing information to other routers, you should configure to block renewed routing
information. Please note that this function can be configured only for external routes. In order to block
renewed routing information, use the following command.
Command
distribute-list
name
Mode
out
{bgp
Router
Function
Distributes or blocks renewed routing information according
to policy configured in Access list.
You can view all kinds of statistics and database recorded in IP routing table.
These information can be used to enhance system utility and solve problem in case of trouble. You can
check network connection and routes that data went through when transmitting data also. In order to
view routing statistics, use the following commands.
Command
Mode
Function
show ip ospf
Top/
show ip ospf route
Global
[neighbor id | interface-name]
router.
When network trouble is occurred, you can find what the cause is by using debugging command. In
order to view OSPF information, use the following commands.
Command
Mode
Function
Shows information of each packet. The information includes
neighbor
router,
transmitted
information,
deciding
status | timers]
shortest route.
status | timers]
RIP uses broadcast UDP(User Datagram Protocol) data packets to exchange routing information. The
DASAN OS software sends routing information updates every 30 seconds. This process is termed
advertised. If a router does not receive an update from another router for 180 seconds or more, it marks
the routes served by the nonupdating router as being unusable. If there is still no update after 120
seconds, the router removes all routing table entries for the nonupdating router.
The metric that RIP uses to rate the value of different routes is hop count. The hop count is the number of
routers that can be traversed in a route. A directly connected network has a metric of zero; an
unreachable network has a metric of 16. This small range of metrics makes RIP an unsuitable routing
protocol for large networks.
A router that is running RIP can receive a default network via an update from another router that is
running RIP, or the router can source (generate) the default network itself with RIP. In both cases, the
default network is advertised through RIP to other RIP neighbors.
RIP sends updates to the interfaces in the specified networks. If an interfaces network is not specified, it
will not be advertised in any RIP update. The system supports RIP version 1and 2.
Step 1 Enter into Router configuration mode by using the following command.
Command
router rip
Mode
Global
Function
Enters into Router configuration mode and operates RIP
routing protocol.
Command
Mode
Router
Function
Configures network to operate as RIP.
The command network ip-address enables RIP interfaces between certain numbers of a special
network address. For example, if the network for 10.0.0.0/24 is RIP enabled, this would result in all the
addresses from 10.0.0.0 to 10.0.0.255 being enabled for RIP. RIP packet is transmitted to port specified
with the command, network interface-name.
Configuring Time
Since RIP is broadcast protocol, routers should be connected to transmit routing information of RIP to
non-broadcast network. In order to configure neighbor router to transmit RIP information, use the
following command.
Command
Mode
neighbor ip-address
Router
Function
Configure neighbor router to transmit routing information.
You can block routing information to specific interface by using passive-interface command.
Dasan Networks routers basically support RIP version 1 and 2. However, you can configure to receive
only version 1 type packet or only version 2 type packet. In order to configure RIP version, use the
following command.
Command
version {1 | 2}
Mode
Function
Router
Configures version to transmit one of RIP 1 type packet and RIP 2 type packet.
The preceding task controls default RIP version settings. You can override the routers RIP version by
configuring a particular interface to behave differently. To control which RIP version an interface sends,
perform one of the following tasks after entering into RIP interface configuration mode.
Command
Mode
Function
Transmits only RIP version 1 type packet in the interface.
Interface
Similarly, to control how packets received from an interface are processed, perform one of the following
tasks.
Command
Mode
Function
Receives only RIP version 1 type packet in the interface.
Interface
This feature is provided only by Dasan Networks, Inc. route command creates static route available
only for RIP.
If you are not familiar with RIP protocol, you would better use redistribute static command.
Command
Mode
route ip-address/m
Router
Function
Creates static route available only for RIP.
V5324 switch can redistribute routing information from a source route entry into the RIP tables. For
example, you can instruct the router to re-advertise connected, kernel, or static routes as well as routing
protocol-derived routes. This capability applies to all the IP-based routing protocols.
In order to redistribute routing information from a source route entry into the RIP table, use the
following command.
Command
redistribute {connected | kernel | static | ospf |
bgp} [metric value | route-map tag]
Mode
Router
Function
Registers transmitted routing information in
another routers RIP table.
You may also conditionally control the redistribution of routes between the two domains using route
map command. In order to define a route map for redistribution, use the following command.
Command
route-map tag {deny | permit} sequence-number
Mode
Function
Global
One or more match and set commands typically follow a route-map command. If there are no match
commands, then everything matches. If there are no set commands, nothing is done. Therefore, you
need at least one match or set command.
To define conditions for redistributing routes from a source route entry into the RIP tables, perform at
least one of the following tasks in route-map configuration node.
Command
Mode
ip
address
Function
Transmits information to only specified interface.
{access-list-name|
prefix-list ip-address-name}
match ip next-hop {access-list-name | Route
prefix-list ip-address-name}
prefix-list.
-map
The metrics of one routing protocol do not necessarily translate into the metrics of another. For example,
the RIP metric is a hop count and the OSPF metric is a combination of five quantities. In such situations,
an artificial metric is assigned to the redistributed route. Because of this unavoidable tampering with
dynamic information, carelessly exchanging routing information between different routing protocols
can create routing loops, which can seriously degrade network operation.
In order to set metrics for redistributed routes, use the following command.
Command
default-metric value
Mode
Router
Function
Configures same metric for all route transmitted by routing protocol.
Information
The metric of all protocol can be configured from 0 to 4294967295. It can be configured from 1 to 16 for RIP.
Distance value represents confidence of routing information created by router. In large scaled network,
some routing protocols or routing information may be more confident than other protocols or routers.
Therefore, although a router has many routing protocols, the most confident route can receive routing
information. When user configures distance value, router can find where routing information is created.
Router always selects route created by routing protocol of the smallest distance value . Each network
has its own features. So, there is no general rule for distance configuration. You should consider overall
network to configure distance value.
Command
Mode
Router
Function
Configures distance value.
You can force an autonomous system boundary router to generate a default route into an RIP routing
domain. Whenever you specifically configure redistribution of routes into an RIP routing domain, the
router automatically becomes an autonomous system boundary router. However, an autonomous
system boundary router does not, by default, generate a default route into the RIP routing domain.
In order to force the autonomous system boundary router to generate a default route, use the following
command.
Command
Mode
default-information originate
Router
Function
Forces the autonomous system boundary router to generate a default
route into the RIP routing domain.
You can filter routing protocol information by performing the following tasks.
Suppress sending of routing updates on a particular router interface. This is done to prevent other
systems on an interface from learning about routes dynamically.
Apply an offset to routing metrics. This is done to provide a local mechanism for increasing the value
of routing metrics.
Command
Mode
passive-interface
Router
interface-name
Function
Blocks routing information from interface of router.
In order to increase the value of routing metrics, use the following command.
Command
offset-list access-list-name {in | out}
metric [interface]
Mode
Router
Function
Applies an offset to routing metrics.
Routing protocols use several timers that determine such variables as the frequency of routing updates,
the length of time before a route becomes invalid, and other parameters. You can adjust these timers to
tune routing protocol performance to better suit your internet needs. The default settings for the timers
are as follows.
The update timer is 30 seconds. Every update timer seconds, the RIP process is awakened to send an
unsolicited response message containing the complete routing table to all neighboring RIP routers.
The timeout timer is 180 seconds. Upon expiration of the timeout, the route is no longer valid;
however, it is retained in the routing table for a short time so that neighbors can be notified that the
route has been dropped.
The garbage collect timer is 120 seconds. Upon expiration of the garbage-collection timer, the route is
finally removed from the routing table.
Command
timers basic update timeout garbage
Mode
Router
Function
Adjusts routing protocol timers.
Normally, routers that are connected to broadcast-type IP networks and that use distance-vector routing
protocols employ the split horizon mechanism to reduce the possibility of routing loops. Split horizon
blocks information about routes from being advertised by a router out any interface from which that
information originated. This behavior usually optimizes communications among multiple routers,
particularly when links are broken. However, with nonbroadcast networks, such as Frame Relay,
situations can arise for which this behavior is less than ideal. For these situations, you might want to
disable split horizon.
If an interface is configured with secondary IP addresses and split horizon is enabled, updates might
not be sourced by every secondary address. One routing update is sourced per network number unless
split horizon is disabled.
In order to activate or deactivate or disable split horizon, perform the following tasks in interface
configuration mode.
Command
ip split-horizon
Mode
Function
Interface
no ip split-horizon
RIP Version 1 does not support authentication. If you are sending and receiving RIP Version 2 packets,
you can enable RIP authentication on an interface.
The key chain determines the set of keys that can be used on the interface. If a key chain is not
configured, plain text authentication can be performed using string command.
We support two modes of authentication on an interface for which RIP authentication is enabled: plain
text authentication and MD5 authentication. The default authentication in every RIP Version 2 packet is
plain text authentication.
Note
Do not use plain text authentication in RIP packets for security purposes, because the unencrypted
authentication key is sent in every RIP Version 2 packet. Use plain text authentication when security is not
an issue, for example, to ensure that misconfigured hosts do not participate in routing.
Command
Mode
Function
Activates RIP authentication.
Configures
Interface
the
interface
to
use
MD5
digest
You can display specific router statistics such as the contents of IP routing tables, and databases.
Information provided can be used to determine resource utilization and solve network problems. You
can also discover the routing path your routers packets are taking through the network.
Command
Mode
show ip rip
Function
Shows RIP information being used in router.
Top/Global
show ip protocols
To quickly diagnose problems, the command, debugging is meaningful and useful to customers. Use
the following commands to display information on RIP routing transactions.
Command
Mode
Function
All users can choose image file among various versions of system images through Dasan Networks, Inc
homepage.
This chapter explains how to install system image on users device after downloading new system
image on users PC being configured TFTP/FTP server.
To successfully upgrade the system software, you should observe the following general steps. The
sections that follow describe these steps in detail.
Step 2 Copy a new image from the FTP server into the TFTP server directory.
Step 3 Assign an IP address for the boot mode on the switch to make connections to the TFTP server.
Step 4 Check the network connectivity from the TFTP server to the switch using the ping command.
Step 5 Copy the new image from the TFTP server into the Flash memory on the switch.
Dasan Networks, Inc provides system image to users through web. It is possible for users to download
system image to TFTP server through web.
In order to download system image through web, you need to perform the following steps.
Step 2
At the main page, see Support section and click Image Upgrade to enter into it.
Step 3
Find product model you need to download and click it. When you see the message to ask if
you want to save the file, then press Save. In this case, you need to specify place where the
file will be save as TFTP server of users PC.
After downloading the system image file on TFPT server of users PC, establish a network connection
from your PC (which is now configured as a TFTP server) to your switch. The following steps guide
you to connect to TFTP server.
Step 1 Connect user PC to switch console port by using RJ-45-to-DB-9 cable. In this case, both TFTP
server and console terminal program should be configured on users PC.
Step 2 Configure the console terminal as 9600 baud rates, 8 date bits, one stop bit , flow-control none
and no parity.
Step 3 Connect LAN card of users PC to switch by using UTP cable. In case of configuring system
image, use Ethernet port next to console port.
User can download system image file on Boot mode and Top mode. The following two ways are
guidelines how to downloads system image file to switch from TFTP server.
***********************************************************
*
*
*
*
***********************************************************
Boot>
Step 2 Assign IP address in Boot mode in order to connect to TFTP server. The command to assign IP
address in Boot
Boot> ip 192.16.218.10
Boot>
Note
Please make sure that users device is on the same LAN with PC for TFTP server or device before
connecting to TFTP server.
Step 3
Reboot the system by using the command, reboot after assigning IP address. And go back to
Step 1 in order to enter into Boot mode.
Boot> save
Boot> reboot
***********************************************************
*
*
*
***********************************************************
Boot>
Step 4 Press the s key on the keyboard during the reboot time to be in boot mode.
Confirm the
assigned IP address is correct. In order to view the IP address, input the command, show.
Boot> show
IP
= 192.168.1.10
EtherAddr 0 = 00:d0:cb:0a:30:23
Boot>
Step 5 Downloads system image file on Boot mode. In order to do it, use the following command.
Command
load prog ip-address file-name
Mode
Boot
Function
Downloads system image from TFTP server.
The following is an example of downloading file named V5124.9.07.x from TFTP server, 192.168.1.218.
The above message will be seen. Input y if you need to upgrade system image by deleting the old
version.
Erasing
: 0x00020000 - 0x0001FFFF
Erasing
: 0x00040000 - 0x0003FFFF
(omitted)
Programming : 0x00000000 - 0x0001FFFF
Programming : 0x00020000 - 0x0003FFFF
(omitted)
Verifying
: 0x00000000 - 0x0001FFFF
Verifying
: 0x00020000 - 0x0003FFFF
(omitted)
Copy the image to the 0x00800000 address...
Boot>
and the login prompt of system will be seen. At this time, you can make sure that the system
image file is successfully installed as you want by displaying message. The following is an
example of downloading OS V9.07.
Boot> reboot
Loading...
Load Address:
0x00800000
Image Size:
0x0051e82c
Start Address:
0x00800000
root=/dev/ram console=ttyS0,9600
Switch OS Version : 9.07 #4134
CPU manufacturer: Motorola [rev=0101]
(omitted)
SWITCH login:
Note
The above message is seen in case of downloading OS 9.07. It may vary according to product model,
system image file name and IP address.
Step 1 After connecting PC of console terminal to switch, turn on the switch to boot. When you do not
enter into Boot mode and boot the switch, the login prompt will be displayed as follow.
***********************************************************
*
***********************************************************
Loading...
Load Address:
0x00800000
Image Size:
0x0051e82c
Start Address:
0x00800000
root=/dev/ram console=ttyS0,9600
Switch OS Version : 9.07 #4134
CPU manufacturer: Motorola [rev=0101]
Calibrating delay loop... 131.89 BogoMIPS
Memory:
57440k
available
(1124k
kernel
code,
2372k
data,
40k
init)
[c0000000,c4000000]
Total Memory Size
: 64 MB
: PASS
: PASS
: PASS
: PASS
Step 2 Enter root at the login prompt, when the system displays the login prompt. Enter vertex25
for the admin password at the password prompt. The password is predefined at the factory
configuration. When you input the correct password, you are entered in Top mode with
SWITCH# prompt as shown in the following example.
Note
The password you enter will not be seen in the screen. Please be careful not to make mistake.
Step 3 To enter to the Interface Configuration mode with SWITCH(config-if)# prompt where you can
configure IP address, you enter configure terminal command on the top mode and enter
interface interface-name command in Global Configuration mode with SWITCH(config)#.
Note
Before connecting to TFTP server, you have to make sure that users equipment is on same LAN with TFTP
server PC or equipment.
Step 4 Assign IP address to V5324 Switch by entering ip address ip-address command in Interface
configuration mode.
Step 5 If you want to make sure that you correctly configure ip address to V5324 Switch, enter show
ip command in Interface Configuration mode.
SWITCH(config-if)# show ip
Address: 192.168.1.10 Netmask: 255.255.255.0 Broadcast: 192.168.1.255
SWITCH(config-if)#
Step 6 In order to make sure that users switch is connected to TFTP server PC on same LAN, you
need to take ping test on PC.
C:\>ping 192.168.1.218
Pinging 192.168.1.218 with 32 bytes of data:
Reply from 192.168.1.218: bytes=32 time<10ms TTL=255
Reply from 192.168.1.218: bytes=32 time<10ms TTL=255
Reply from 192.168.1.218: bytes=32 time<10ms TTL=255
Ping statistics for 192.168.1.218:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =
0ms, Average =
0ms
C:\>
Step 7 Enter name of the TFTP server with tftp command at the system prompt to connect to users
tftp server. You can also enter the IP address of the TFTP server.
Step 8 Type the bin command to transfer the file in binary form.
tftp> bin
tftp>
Note
If you download the system image file in ascii mode, it may cause an error during booting or block
booting. So, when you download a system image file, you need to make sure that the file form is set to
binary mode.
Step 9 Download system image file with using the command, get file-name /dev/boot. The following
is an example of downloading file named V5124.9.07.x .
Note
/dev/boot indicates the location of the flash memory to save system image file. You must assign a location
when you save it in device.
Step 10 Input the command, quit at tftp> prompt to exit from TFTP server.
tftp> quit
SWITCH#
Step 1 Install the FTP server program on users PC and copy the new system image file to the users
PC from FTP server. ( Refer to : 3.1.2 Downloading System Image into TFTP Server)
Step 2 Turn on the switch to boot and log in to the system. ( Refer to : Step 1, 2 in (3) Downloading
System Image on Top Mode)
Step 4 Enter into Interface configuration mode to assign IP address to switch. You can enter into
Interface configuration mode by inputting Interface ifname on Global configuration mode after
entering into Global configuration mode with SWITCH(config)# by inputting configure
terminal on Top mode.
Step 6 In order to confirm assigned IP address, type show ip. It displays IP address as below.
SWITCH(config-if)# show ip
Address: 192.168.1.10
Netmask: 255.255.255.0
Broadcast: 192.168.1.255
SWITCH(config-if)#
Step 7 In order to make sure that users switch is connected to TFTP server PC on same LAN, you
need to take ping test on PC.
C:\>ping 192.168.1.218
Pinging 192.168.1.218 with 32 bytes of data:
Reply from 192.168.1.218: bytes=32 time<10ms TTL=255
Reply from 192.168.1.218: bytes=32 time<10ms TTL=255
Reply from 192.168.1.218: bytes=32 time<10ms TTL=255
Ping statistics for 192.168.1.218:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =
0ms, Average =
0ms
C:\>
Step 8 Enter name of the FTP server or IP address with ftp command at the system prompt to connect
to users ftp server.
Step 9 Type anonymous at Name, then the password prompt will be displayed.
Step 10 Input users e-mail address at password prompt. When you log in successfully, ftp> prompt
will be displayed.
Note
The password you enter will not be seen in the screen. Please be careful not to make mistake.
Step 11
In order to view the directory in FTP server, input the command, ls or dir. Then the directory
or file name in FTP server will be shown as follow.
ftp> dir
200 PORT command successful.
150 File status OK ; about to open data connection
0
Nov 27 10:39 .
Nov 27 10:39 ..
3836
57344
32891
251
5367868
3278012
51867
Note
The command dir shows list of files in users FTP server. So the above contents may be different with the
content in users console terminal.
ftp> bin
200 Type set to I.
ftp>
Step 13 Input the command, hash to view the progress while downloading.
ftp> hash
Hash mark printing on (1024 bytes/hash mark).
ftp>
Note
/dev/boot indicates the location of the flash memory where system image file is saved. You must assign a
location when you save it in device.
Step 15 Input the command, quit at ftp> prompt to exit from FTP server.
ftp> quit
SWITCH#