V5324 9 (1) .07 CG en

V5324 Switch
Configuration Guide
Instructions how to configure switch
Version 9.07
http://www.dasannetworks.com
About this guide
This guide provides helpful information and instruction how to configure V5324 switch. All users
should carefully read this guide before handing this product and follow all instructions. For readers
comprehension, it contains detail description and practical example of product configuration. This
guide is designed for network administrators who will be installing and maintaining V5324 switch. The
system administrator should be familiar with the fundamentals of LAN and have technical networking
experience and professional knowledge about network equipment.
We, Dasan Networks, Inc., supply our product manual through the homepage
(http://www.dasannetworks.com). You can get it with hands down.
All contents in this guide is protected under the copyright Laws.
Copyright 2003 DASAN Networks, Inc.

Technical information in this document is subject to change without notice.
Dasan Networks, Inc. in 2003
Document Organization
This guide is organized with the following chapters.
Chapter I Product Instruction : Introduces functions of V5324 switch.

Chapter II Using CLI : Explains DSH command mode developed by Dasan Networks, Inc. and how
to use it.
Chapter III Connecting to System and Assigning IP Address : Provides information of system
connection and explains how to assign IP address to be used for network communication.
Chapter IV Basic Port Configuration : Provides instruction how to configure default parameters of
Ethernet port and port mirroring.
Chapter V System Environment : Explains how to configure basic system environment, manage
configuration, and check the system.
Chapter VI Network Management : Provides instructions how to configure SNMP, Syslog, and
packet filtering.
Chapter VII System Main Function : Describes functions such as VLAN, STP(Spanning Tree
Protocol), and IP multicasting.
Chapter VIII IP Routing Protocol : Explains how to configure routing protocol of BGP, OSPF, and
RIP.
Appendix A Downloading System Image : Describes how to install new system image.
Document Convention
This guide uses the following conventions to convey instructions and information.
Warning
This warning symbol means danger. You are in a situation that could cause bodily injury or broke the
equipment. Before you work on any equipment, be aware of the hazards involved with electrical
circuitry and be familiar with standard practices for preventing accidents by making quick guide based
on this guide.
Note
This note symbol means reader take note. Notes contain helpful suggestions or references.
Information
This information symbol provides useful information when using commands to configure.
Document Notation
Notation of Console Terminal
The following table shows commands used in console terminal of V5324 switch. Please be aware of each
command to use them correctly.
Description
Notation
a
Commands you should use as is.
Variables for which you supply values.
[ ]
Commands or variables that appear within square brackets [ ] are optional.
< >
Range of number that you can use.
{ }
A choice of required keywords appears in braces {
}. You must select one.
Vertical bars separate optional variables |.
Notation of Guide
The following table shows commands used in guidebook. Please be aware of each command to use
them correctly.
Table 2 Command Notation of Guide Book
Description
Notation
a,A
a
Commands you should use as is.

Variables for which you supply values.
[ ]
Commands or variables that appear within square brackets [ ] are optional.
< >
Range of number that you can use.
{ }
A choice of required keywords appears in braces {
Vertical bars separate optional variables |.
}. You must select one.
Table of Contents
Chapter I Product Introduction .......................................................................... 1
1.1 Product Overview ............................................................................................. 2
1.2 Features........................................................................................................... 3
Chapter II Using CLI .......................................................................................... 7

2.1 Command Mode............................................................................................... 8
2.1.1 Top Mode................................................................................................ 9
2.1.2 Global Configuration Mode...................................................................... 9
2.1.3 DHCP Configuration Mode..................................................................... 11
2.1.4 Rmon Configuration Mode..................................................................... 11
2.1.5 PIM Configuration Mode ........................................................................ 12
2.1.6 VRRP Configuration Mode...................................................................... 13
2.1.7 Bridge Configuration Mode.................................................................... 13
2.1.8 Interface Configuration Mode ................................................................ 14
2.1.9 Router Configuration Mode ................................................................... 15
2.1.10 Route-Map Configuration Mode .......................................................... 16
2.2 Useful Tips..................................................................................................... 16
2.2.1 Listing Available Command ................................................................... 17
2.2.2 Calling Command History...................................................................... 19
2.2.3 Using Abbreviation................................................................................ 19
Chapter III System Connection and IP Address................................................. 18

3.1 System Connection ........................................................................................ 17
3.1.1 System Login......................................................................................... 17
3.1.2 Changing Password ............................................................................... 18
3.1.3 Password Recovery ................................................................................ 19
3.1.4 Configuring Auto-logout Function ........................................................ 25
3.1.5 Adding or Deleting Users with Reading Right......................................... 26
3.1.6 Telnet Access ........................................................................................ 28
3.1.7 Disconnecting Telnet Access ................................................................. 28
3.1.8 System Rebooting ................................................................................. 29
3.2 Configuring SSH Server .................................................................................. 30

3.3 Port-Based Authentication (802.1x) ............................................................... 31
3.3.1 Configuring Authentication Port ............................................................ 32
3.3.2 Assigning IP Address of Authentication Port .......................................... 32
3.3.3 Configuring RADIUS Server .................................................................... 33
3.3.4 Confirming Configuration of 802.1x Port-Based Authentication ............ 33
3.3.5 Client Authentication through MAC Address.......................................... 34
3.3.6 Viewing/Deleting Statistics of 802.1x Port Authentication ..................... 37
3.3.7 Releasing 802.1x Port-Based Authentication ......................................... 38
3.4 System Authentication ................................................................................... 39
3.4.1 Configuring Authorization Method ........................................................ 40
3.4.2 Configuring Priority of Authorization Method ........................................ 41
3.4.3 Checking Configured Priority of Authorization Method .......................... 41
3.4.4 Configuring RADIUS .............................................................................. 42
(1) Configuring RADIUS Server ............................................................................. 42
(2) Configuring Frequency of Retransmit ............................................................. 43
(3) Configuring Timeout of Response .................................................................. 43
3.4.5 Configuring TACACS+........................................................................... 45

(1) Configuring TACACS Server ............................................................................ 45
(2) Selecting Authorization Type .......................................................................... 46
(3) Configuring Timeout of Response .................................................................. 47
(4) Configuring Client Priority .............................................................................. 47
3.4.6 Recording Users Configuration ............................................................. 49

3.5 Assigning IP Address ..................................................................................... 49
3.5.1 Assigning IP Address on Network Interface............................................ 49
3.5.2 Configuring Static Routes and Default Gateway ..................................... 51
3.6 IP Packet Forwarding Mode based on Network................................................ 53
Chapter IV Port Basic Configuration................................................................. 55

4.1 Port Basic Configuration................................................................................. 56
4.1.1 Activating Port ...................................................................................... 57
4.1.2 Configuring Auto-nego ......................................................................... 58
4.1.3 Port Transmit Rate ................................................................................ 59
4.1.4 duplex Mode ......................................................................................... 60
4.1.5 Configuring Flow Control ...................................................................... 61
4.1.6 Description of port ................................................................................ 62
4.1.7 Viewing Port Statistics ........................................................................... 63

4.1.8 Initializing Port Statistics ....................................................................... 65
4.2 Port Mirroring ................................................................................................ 65
4.2.1 Assigning Monitor Port and Mirrored Port.............................................. 66
4.2.2 Enabling Port Mirroring ......................................................................... 66
4.2.3 Confirming Configuration of Port Mirroring ........................................... 67
Chapter V System Environment ....................................................................... 68

5.1 Environment Configuration ............................................................................ 69
5.1.1 Host name ............................................................................................ 69
5.1.2 Date and Time....................................................................................... 70
5.1.3 Time-zone ............................................................................................ 70
5.1.4 NTP ....................................................................................................... 72
5.1.5 Output Condition of Terminal Screen .................................................... 74
5.1.6 DNS Server ............................................................................................ 74
5.1.7 Login Banner ......................................................................................... 77
5.2 Configuration Management............................................................................ 78
5.2.1 Checking Switch Configuration.............................................................. 78
5.2.2 Saving Configuration ............................................................................. 79
5.2.3 Reloading.............................................................................................. 79
5.2.4 Configuration Backup............................................................................ 80
5.3 System Check ................................................................................................ 81
5.3.1 Checking Network Connection .............................................................. 82
5.3.2 Tracing Packet Route............................................................................. 84
5.3.3 Check the Cable Length......................................................................... 85
5.3.4 Checking Accessed User through Telnet ................................................ 86
5.3.5 Displaying Destination Information ....................................................... 86
5.3.6 Confirming MAC table ........................................................................... 87
5.3.7 Configuring Ageing time ....................................................................... 87
5.3.8 Viewing Running Time of Switch............................................................ 88
5.3.9 Confirming System Information ............................................................. 88
5.3.10 Checking Average of CPU Utilization ................................................... 89
5.3.11 Checking CPU Process ......................................................................... 89
5.3.12 Viewing Utilization of Memory ............................................................. 90
5.3.13 Viewing Version of System Image ........................................................ 91
5.3.14 Viewing Size of System Image File ....................................................... 91
5.3.15 Checking Installed OS.......................................................................... 92
Chapter VI Network Management .................................................................... 93

6.1 SNMP ............................................................................................................. 94
6.1.1 Configuring Access Right to SNMP Agent............................................... 95
6.1.2 Configuring Accessed Person and Location of SNMP Agent .................... 96
6.1.3 Configuring SNMP Trap ......................................................................... 97
(1) Configuring SNMP trap-host........................................................................... 97
(2) Configuring Type of SNMP Trap...................................................................... 98
6.1.4 Confirming SNMP Configuration .......................................................... 100

6.1.5 Deleting SNMP..................................................................................... 101
6.2 RMON .......................................................................................................... 101
6.2.1 Configuring RMON History .................................................................. 102
(1) Assigning Source Port of Statistical Data....................................................... 103
(2) Identifying Subject of RMON History ............................................................. 104
(3) Configuring Number of Sample Data ............................................................ 104
(4) Configuring Interval of Sample Inquiry.......................................................... 105
(5) Activating RMON History .............................................................................. 105
(6) Deleting and Changing Configuration of RMON History ................................ 106
6.2.2 Configuring RMON Alarm .................................................................... 107

(1) Identifying Subject of RMON Alarm............................................................... 109
(2) Configuring Object of Sample Inquiry ........................................................... 109
(3) Configuring Absolute Comparison and Delta Comparison............................. 110
(4) Configuring Upper Bound of Threshold ........................................................ 110
(5) Configuring Lower Bound of Threshold......................................................... 111
(6) Configuring Standard of the First Alarm ....................................................... 112
(7) Configuring Interval of Sample Inquiry.......................................................... 113
(8) Activating RMON Alarm ................................................................................ 113
(9) Deleting RMON Alarm and Changing Configuration ...................................... 114
6.2.3 Configuring RMON Event ..................................................................... 115

(1) Configuring Event Community ...................................................................... 116
(2) Event Description ......................................................................................... 116
(3) Identifying Subject of Event .......................................................................... 117
(4) Configuring Event Type ................................................................................ 117
(5) Activating Event ........................................................................................... 118
(6) Deleting RMON Event and Changing Configuration ....................................... 119
6.3 Syslog .......................................................................................................... 119

6.3.1 Configuring Level of Syslog Message ................................................... 119
6.3.2 Configuring Threshold of CPU Utilization ............................................ 122
6.3.3 Configuring Threshold of Port Traffic .................................................. 123
6.4 QoS and Packet Filtering .............................................................................. 124
6.4.1 How to Operate QoS ............................................................................ 125
6.4.2 Configuring QoS and Packet Filtering .................................................. 126
(1) Making QoS Policy ........................................................................................ 126
(2) Configuring Additional Rules to QoS Policy ................................................... 128
(3) Applying QoS Policy to Rule of Packet Filtering ............................................. 128
(4) Confirming the Policy of QoS and the Rule of Packet Filtering ....................... 130
(5) Configuring CoS and ToS.............................................................................. 130
(6) Configuring QoS map ................................................................................... 131
(7) Configuring Scheduling Value....................................................................... 132
(8) Packet Counter............................................................................................. 133
(9) Admin access rule ........................................................................................ 134
(10) NetBIOS Filtering ........................................................................................ 137
(11) Martian-filter ............................................................................................. 138
6.5 MAC Filtering ............................................................................................... 139

6.5.1 Configuring Default Policy of MAC Filtering ......................................... 139
6.5.2 Adding Policy of MAC Filter ................................................................. 140
6.5.3 Deleting MAC Filtering Policy............................................................... 142
6.5.4 Listing of MAC Filtering Policy ............................................................. 142
6.5.5 Blocking Users of Fixed IP Address ...................................................... 143
6.6 Configuring Max Host .................................................................................. 143
6.7 Managing MAC Table ................................................................................... 144
6.8 Configuring ARP Table ................................................................................. 146
6.9 ARP-Alias..................................................................................................... 147
6.10 Proxy-ARP ................................................................................................. 149
6.11 ICMP Message Control................................................................................ 150
6.11.1 Blocking Echo Reply Message ............................................................ 151
6.11.2 Configuring Interval to Transmit ICMP Message................................. 152
6.12 IP TCP flag control ..................................................................................... 154
6.12.1 RST Configuration ............................................................................. 154
6.12.2 SYN Configuration............................................................................. 155
Chapter VII System Main Function ................................................................. 157
7.1 VLAN ........................................................................................................... 158

7.1.1 Overview of VLAN................................................................................ 158
7.1.2 Features of VLAN................................................................................. 159
7.1.3 Configuring VLAN ............................................................................... 159
(1) Making VLAN ............................................................................................... 159
(2) Specifying PVID ............................................................................................ 161
(3) Assigning Port in VLAN................................................................................. 162
(4) Releasing VLAN ............................................................................................ 163
(5) Configuring Shared-port ( applied to Layer 2 Switch) ................................ 163
7.2 Port Trunking............................................................................................... 166

7.3 LACP Configuration...................................................................................... 168
7.3.1 Enabling LACP ..................................................................................... 169
7.3.2 Configuring Aggregator ...................................................................... 169
7.3.3 Configuring Member Port .................................................................... 170
7.3.4 Confirming LACP Configuration........................................................... 171
7.3.5 Configuring Key of Member Port ......................................................... 173
7.3.6 Configuring Port Priority...................................................................... 176
7.4 STP and RSTP ............................................................................................... 176
7.4.1 STP Operation ..................................................................................... 178
7.4.2 RSTP Operation ................................................................................... 181
(1) Port States.................................................................................................... 181
(2) BPDU Policy .................................................................................................. 182
(3) Rapid Network Convergence......................................................................... 183
(4) Comparability with 802.1d ........................................................................... 186
7.4.3 STP and RSTP Configuration ................................................................ 187

(1) Activating STP .............................................................................................. 187
(2) Deciding Root Switch.................................................................................... 187
(3) Configuring Path-cost .................................................................................. 188
(4) Configuring Port-priority.............................................................................. 190
7.4.4 Configuring BPDU(Bridge Protocol Data Unit) Transmission ................. 190

(1) Configuring Hello time ................................................................................. 191
(2) Time to prepare sending packet ................................................................... 191
(3) Configuring MAX Age ................................................................................... 192
7.4.5 Self Loop Detection ............................................................................. 192

7.5 Stacking....................................................................................................... 193
7.6 Rate Limit .................................................................................................... 197
7.7 Flood-Guard ................................................................................................ 198

7.8 Configuring Bandwidth-share-Group ........................................................... 200
7.9 IP IGMP(Internet Group Management Protocol) ............................................. 201
7.9.1 IGMP Querier ....................................................................................... 203
7.9.2 IGMP Snooping .................................................................................... 204
7.9.3 Outmost vlan ...................................................................................... 204
7.9.4 Multicast Packet Filtering..................................................................... 206
7.9.5 Registering in Multicast Group ............................................................ 208
7.9.6 Time to Register in Multicast Group .................................................... 209
7.9.7 Fast-leave ........................................................................................... 209
7.9.8 Confirming IGMP Configuration ........................................................... 210
7.10 PIM-SM (Protocol Independent MulticastSparse Mode) .............................. 210
7.10.1 Enabling PIM-SM ............................................................................... 213
7.10.2 Deciding RP....................................................................................... 214
7.10.3 Configuring Static RP......................................................................... 214
7.10.4 Configuring BSR ................................................................................ 215
(1) Candidate-BSR IP Address ............................................................................ 215
(2) Candidate-BSR Priority ................................................................................. 216
(3) Candidate-BSR Hash-mask........................................................................... 216
7.10.5 Configuring RP Information ............................................................... 218

(1) Candidate-RP IP Address .............................................................................. 218
(2) Registering Multicast Group of Candidate-RP ............................................... 219
(3) Candidate-RP Priority ................................................................................... 219
(4) Interval of Candidate-RP Information Transmit ............................................. 220
(5) Blocking Candidate-RP Message of Another Member .................................... 221
7.10.6 Configuring Assert Message Information ........................................... 222

(1) Configuring Metric ....................................................................................... 223
(2) Configuring Preference................................................................................. 224
7.10.7 Whole-packet-checksum................................................................... 225

7.10.8 Configuring Interval of Cache-check ................................................. 226
7.10.9 Configuring Multicast Routing Table.................................................. 227
7.10.10 Multicast Routing vid....................................................................... 228
7.10.11 Configuring PIM-SM on Ethernet Interface ....................................... 230
(1) Activating PIM-SM on Ethernet Interface ....................................................... 231
(2) Blocking Multicast packet ............................................................................. 231
(3) Prohibiting Bootstrap Message ..................................................................... 232
(4) Configuring Assert Message Information ...................................................... 233
7.10.12 Viewing PIM-SM Information ........................................................... 234

(1) Multicast Routing Table................................................................................ 235
(2) RP Table....................................................................................................... 235
(3) PIM-SM on Ethernet Interface ....................................................................... 235
7.11 VRRP (Virtual Router Redundancy Protocol) ................................................ 235

7.11.1 Configuring VRRP .............................................................................. 236
(1) Assigning Associated IP Address .................................................................. 237
(2) Configuring Master Router and Backup Router.............................................. 238
7.11.2 Configuring Authentication Password ................................................ 240

7.11.3 Configuring Preempt ......................................................................... 241
7.11.4 Configuring Advertisement Time ....................................................... 242
7.11.5 Viewing VRRP Statistics ..................................................................... 243
7.12 NAT ........................................................................................................... 244
7.12.1 Configuring Static NAT ...................................................................... 244
7.12.2 Configuring IP masquerade(PAT) ....................................................... 245
7.12.3 Configuring Dynamic NAT ................................................................. 248
7.12.4 Substituting DNS ............................................................................... 249
7.12.5 Additional Functions ......................................................................... 250
7.12.6 IP Filtering......................................................................................... 251
7.13 Bandwidth.................................................................................................. 252
7.14 DHCP ......................................................................................................... 253
7.14.1 Configuring DHCP Server................................................................... 254
(1) Activating DHCP Server................................................................................. 255
(2) Configuring DHCP Subnet............................................................................. 256
(3) Configuring IP Address Range ...................................................................... 257
(4) Configuring Subnet Default Gateway ............................................................ 257
(5) Configuring Group ....................................................................................... 257
(6) Configuring the Available Time to Use IP address ......................................... 258
(7) Registering DNS Server................................................................................. 258
(8) Viewing Information of Assigned IP Address ................................................. 260
(9) Confirming DHCP syslog .............................................................................. 261
(10) Viewing Rate of IP Usage by DHCP Group.................................................... 262
7.14.2 Configuring DHCP Relay Agent .......................................................... 262

7.14.3 Initializing DHCP Lease Database ...................................................... 263
7.14.4 DHCPlease Database Back-up............................................................ 264
7.14.5 Confirming DHCP Configuration ........................................................ 265

7.15 Broadcast Storm Control ............................................................................ 265
7.16 Blocking Direct Broadcast........................................................................... 267
Chapter VIII IP Routing Protocol..................................................................... 269

8.1 BGP Routing Protocol ................................................................................... 270
8.1.1 Basic Configuration ............................................................................. 270
(1) BGP Routing ................................................................................................. 271
(2) Configuring BGP Neighbor Router................................................................. 271
(3) Changing Routing Policy............................................................................... 272
(4) Configuring BGP Weights.............................................................................. 274
(5) Aborting AS Route........................................................................................ 274
(6) BGP Route Filtering....................................................................................... 275
(7) AS Route Filtering......................................................................................... 275
(8) BGP Filtering through Prefix Lists.................................................................. 276
(9) Blocking information Transmission to Next Destination ................................ 278
(10) Configuring BGP Version ............................................................................ 279
8.1.2 Advanced Configuration ...................................................................... 280

(1) Changing Route through Route Map ............................................................. 280
(2) Configuring Aggregate Address.................................................................... 281
(3) Configuring BGP Community Filtering........................................................... 281
(4) Assigning ID Number for Router ................................................................... 282
(5) Distributing Route to BGP ............................................................................. 282
(6) Configuring Confederation of Routing Domain ............................................. 283
(7) Configuring Route Reflector ......................................................................... 283
(8) Configurations through Neighbor ................................................................. 284
(9) Deactivating Neighbor Router....................................................................... 286
(10) Configuring Backdoor Route....................................................................... 286
(11) Deciding NLRI Type .................................................................................... 286
(12) Configuring Distance Value ........................................................................ 286
(13) Configuring BGP Timer ............................................................................... 287
(14) Checking Import Network........................................................................... 288
(15) Configuring the First AS ............................................................................. 288
(16) Changing Priority of Local Network............................................................. 288
(17) Deciding Route based on Router ID ............................................................ 288
(18) Considering Route without MED as the Worst Route.................................... 289
(19) Deciding AS Route based on MED from ASs ................................................ 289

(20) Deciding Confederation Route based on MED ............................................. 289
(21) Deciding Route in Confederation based on MED ......................................... 289
(22) Restoring Reflected Route .......................................................................... 290
(23) Route Dampening....................................................................................... 290
(24) Checking and Managing BGP ...................................................................... 291
8.2 OSPF Protocol............................................................................................... 293

8.2.1 Enabling OSPF ..................................................................................... 293
8.2.2 Configuring ABR Type ......................................................................... 294
8.2.3 Configuring Compatibility ................................................................... 294
8.2.4 Configuring OSPF Interface.................................................................. 295
8.2.5 Configuring Network OSPF Type .......................................................... 296
8.2.6 Configuring Non-broadcast Network................................................... 296
8.2.7 Configuring Area................................................................................. 297
8.2.8 Configuring Representative Route between OSPF Areas ....................... 298
8.2.9 Configuring Virtual Link ...................................................................... 298
8.2.10 Configuring Default Metric ................................................................ 299
8.2.11 Configuring Interval to Calculate Route ............................................. 299
8.2.12 Configuring Route Transmit Interval.................................................. 299
8.2.13 Route Transmit to OSPF Network ....................................................... 300
8.2.14 Configuring Default Route................................................................. 300
8.2.15 Configuring OSPF Distance ................................................................ 300
8.2.16 Blocking Information Transmit .......................................................... 301
8.2.17 Blocking Renewed Information .......................................................... 301
8.2.18 OSPF Monitoring and Management .................................................... 301
8.3 RIP Protocol ................................................................................................. 303
8.3.1 Enabling RIP ........................................................................................ 303
8.3.2 Configuring RIP Neighbor Router......................................................... 304
8.3.3 Configuring RIP Version ...................................................................... 305
8.3.4 Creating Static Route available only for RIP.......................................... 305
8.3.5 Transmitting Routing Information ....................................................... 306
8.3.6 Configuring Metrics for Redistributed Routes ...................................... 307
8.3.7 Configuring Administrative Distance ................................................... 308
8.3.8 Creating Default Route ........................................................................ 308
8.3.9 Routing Information Filtering .............................................................. 309
(1) Blocking Outgoing Routing Information to Interface ..................................... 309
(2) Configuring Offset List ................................................................................. 309
8.3.10 Configuring Time .............................................................................. 310

8.3.11 Activating and Deactivating Split-horizon.......................................... 310
8.3.12 Managing Authentication Key ............................................................ 311
8.3.13 Monitoring and Managing RIP............................................................ 312
Appendix A. Downloading System Image File ................................................ 313

1. Downloading System Image from TFTP Server ................................................ 314
1.1 Copying New Image at TFTP Server......................................................... 314
1.2 Connecting to TFTP Server ..................................................................... 316
1.3 Installing System Image File in Switch..................................................... 316
(1) Downloading a System Image on Boot Mode ................................................. 316
(2) Downloading System Image on Top Mode..................................................... 319
2. Downloading System Image File from FTP Server............................................ 322
Chapter I Product Introduction
This chapter introduces features of V5324 switch.
It contains the following sections.
Product Introduction
Features
V5324 Switch Configuration Guide
1.1 Product Overview

V5324 switch is typical Layer 3 switch intended to construct large-scale network, which provides
aggregated function of upgraded LAN network consisted of typical Ethernet switch. Layer 3 switch can
connect to PC, web server, LAN equipment, backbone equipment, or another switch through various
interfaces.
V5324 switch supports routing based on VLAN, IP multicasting, and provides Layer 3 switching service
such as IP packet filtering or DHCP.
The following picture is an example of network construction using V5324 switch.
Internet
V5324 Switch
V5324 Switch
V5108F Switch
V1005F Switch
V1008F Switch
Network Construction with V5324 Switch
2 - Product Introduction
Dasan Networks, Inc
1.2 Features
V5324 switch provides the following functions.
QoS (Quality of Service)
In V5324 switch, QoS-based forwarding sorts traffic into a number of classes and marks the packets
accordingly. Thus, different quality of service is provided to each class, which the packets belong to.
The rich QoS capabilities enable network managers to protect mission-critical applications and support
differentiated level of bandwidth for managing traffic congestion. V5324 switch supports delay priority
of the packet based on the IEEE 802.1p class of services (CoS) standard.
Multicast Communication
Since V5324 switch provides IGMP Snooping and IGMP Querier, you can use multicast communication.
Through multicast communication, packets can be transmitted to hosts who need them so that
overloading can be prevented.
NAT(Network Address Translation)
NAT(Network Address Translation) uses private IP address, which is supposed to be used in internal
network. So, it can save limited IP source and strengthen security because IP address of internal
network is protected. V5324 switch supports IP NAT complying with RFC 3022.
SNMP (Simple Network Management Protocol)/RMON (Remote Monitoring)
Switch in SNMP is mounted can manage and monitor switch at remote place. V5324 switch supports
SNMP version 1,2, and four kinds of groups RMON so that administrator can check static data anytime.
IP Routing
Generally, switches are operated as Layer 2 of OSI layers. But, since V5324 switch is Layer 3 switch, it
IP routing that routers have. So you can save the cost to install router additionally.
Dasan Networks, Inc
Product Introduction - 3
IP Packet Forwarding based on Network
Newly upgraded V5324 switch v9.07 can restore the way of IP packet forwarding in terms of network
so that entry remembered in switching chip is enlarged. Maximum thirteen ways of IP packet
forwarding based on network can be restored.
DHCP Server and Relay
V5324 switch supports DHCP, which automatically assigns IP address to clients, accessed to network.
You can effectively utilize limited IP source and lower cost to manage network because DHCP server
manages all IP addresses from center.
VLAN(Virtual Local Area Network)
VLAN(Virtual Local Area Network) is made by dividing one network into several logical networks.
Packet cannot be transmitted and received between different VLANs. Therefore it can prevent needless
packets accumulating and strengthen security of VLAN. The V5324 switch recognizes 802.1Q tagged
frame and supports maximum 256 VLANs.
ARP-alias
ARP-alias makes concentrating switch response to ARP request from equipment without registered IP
address for clients communication.
Proxy-ARP
Proxy-ARP responses to ARP request from equipment in other subnet, so it makes communication
connection between different subnet networks.
Stacking
In switch group, a switch configured as master can configure, manage, and monitor the other switches
called slave with one IP address. Since one IP address can manage several switches, IP source can be
saved.
Dasan Networks, Inc
Port Trunk
V5324 switch aggregates several physical interfaces into one logical port(aggregate port). Port trunk
aggregates interfaces with the standard of same speed, same duplex mode, and same VLAN ID.
According to IEEE 802.3ad, V5324 switch can configure maximum six aggregate ports, which can
include maximum eight ports to decrease traffic and improve fault recovery function.
Rate-limit
V5324 switch provides graded bandwidths to all ports. Through providing bandwidths graded by
users configuration, ISP can charge graded billing plan and manage efficient and economized lines.
Flood-Guard
Flood-guard limits amount of packets as many as user configures in a second, whereas Rate limit does
amount of packets by configuring port bandwidth.
STP (Spanning Tree Protocol)
STP(Spanning Tree Protocol) enables switches which have double-path to use the double-path without
loops. That is, it activates only one path, which is the shortest one among several paths and blocks the
others to prevent loop.
RSTP(Rapid Spanning Tree Protocol) (802.1w)
It is possible to construct stable and flexible network on metro Ethernet RING or existing P-to-P
through supporting RSTP(Rapid Spanning Tree Protocol) complying with IEEE 802.1W.
RSTP is
designed to innovately decrease STP Reconvergency time. It innovate saves time of Fail over on Layer 2
switch, which has Redundant link.
Management on Web
DWM(DASAN Web Manager) is GUI module that can be used anywhere, anytime. Through DWM,
administrator can configure, repair, and manage V5324 switch. By using this module, user can monitor
operating state of system and port connected to network and display network construction.
Dasan Networks, Inc
Product Introduction - 5
DSH based on CLI
It is easy for users who administer system by using telnet or console port to configure the functions for
system operating through DSH(Dasan Shell) based on CLI. DSH is easy to configure the needed
functions after looking for available commands by help menu different with Unix.
SSH Server
Through enabled SSH(Secure Shell) server, the security of telnet and ftp server can be strengthen.
Broadcast Storm Control
Broadcast storm control is, when too much of broadcast packets are being transmitted to network, a
situation of network timeout because the packets occupy most of transmit capacity. V5324 switch
supports broadcast packet, multicast packet, and Broadcast storm control, which disuses Flooding
packet, that exceed the limit during the time configured by user.
Dasan Networks, Inc
Chapter II Using CLI
This chapter describes CLI(Command Line Interface), which is used to configure V5324 switch.
DSH(Dasan Shell) as CLI developed by Dasan Networks, Inc. and how to use it are explained.
Command Mode
Useful Tips
2.1 Command Mode

You can be configured and managed V5324 switch by console terminal that is installed on Users PC.
When you configure and manage V5324 switch by console terminal, you use the CLI-based interface the
DSH(Dasan Shell) command that is developed by Dasan Networks, Inc. Connect RJ-45-to-DB-9 console
cable to V5324 switch.
V5324 Switch
Connect RJ-45-to-DB-9 console

cable to V5324 switch
Configuration
Management
&
Console
Terminal
installed in PC
This chapter explains how DSH command mode is organized before installing. DSH command mode is
consisted as follow:
Top Mode
Global Configuration Mode
DHCP Configuration Mode
Rmon Configuration Mode
PIM Configuration Mode
VRRP Configuration Mode
Bridge Configuration Mode
8 - Using CLI
Dasan Networks, Inc
Interface Configuration Mode
Router Configuration Mode
Route-Map Configuration Mode
2.1.1 Top Mode
When user logs in successfully, the command mode is on Top mode. The mode is used to change
terminal configuration, to check the system information and to update system image file.
Table 1shows main commands used on Top mode of the V5324 switch OS V9.07.
Table 1 Main Commands of Top Mode
Function
Command
bping/ping/sping
Checks network connecting status
clock
Inputs time and date in system
configure terminal
Enters into Global mode.
quote
Uses Linux commands.
reload
Reboots the system.
telnet
Connects to another device through telnet.
terminal line
Configures the number of lines to be displayed in screen.
traceroute
Downloads new operating system to upgrade system image file.
ftp/tftp
Checks network connecting status
where
Finds users accessed to system through telnet.
which-route
Shows basic route of packet destination.
2.1.2 Global Configuration Mode
In order to enter into Global configuration mode, input the command, configure terminal on Top
mode. After entering into Global configuration mode, the system prompt is supposed to change to
SWITCH(config)# from SWITCH#.
Dasan Networks, Inc
Using CLI - 9
Command
config terminal
Mode
Top
Function
Enters into Global configuration mode from Top mode.
Configuration mode is to configure functions for general system management and SNMP before
configuring specific protocol or specific function.
And user can enter into Bridge/Interface
configuration mode from Global configuration mode.
Table 2shows main commands of Global configuration mode.
Table 2 Main Commands of Global Configuration Mode
Function
Command
access-list
Configures policy to limit routing information on the standard of AS.
arp
Registers IP address and MAC address in ARP table.
bgp
Enters into Bridge configuration mode.
bridge
Releases the configured function.
clear
Make a backup file of configuration or open back up file.
copy
Registers IP address and MAC address in ARP table.
debug
Finds source of system problem.
disconnect
Disconnect user accessed through telnet.
hostname
Changes hostname of system prompt.
inactivity-timer
Configures auto-logout function.
interface
Enters into Interface configuration mode.
ip
Configures various functions of interface such as DHCP server.
passwd
Changes the password.
qos
Configures QoS.
restore factory-defaults
Initiates the configuration of switch.
route-map
Enters into Route-map configuration mode.
router
Enters into Router configuration mode.
snmp
Configures Snmp.
syslog
Configures Syslog.
time-zone
Configures Time-zone.
vrrp
Enters into VRRP configuration mode.
user
Adds/deletes user with reading right.
10 - Using CLI
Dasan Networks, Inc
2.1.3 DHCP Configuration Mode
In order to enter into DHCP configuration mode, input the command, ip dhcp subnet subnet-address
netmask netmask on Global configuration mode as follow. Then the system prompt is changed to
SWITCH(config-dhcp)# from SWITCH(config)#.
Command
Mode
ip dhcp subnet subnet-address netmask

netmask
Global
Function
Enters into DHCP configuration mode to configure
DHCP.
DHCP configuration mode is to configure range of IP address used in DHCP server, group in subnet,
and default gateway of subnet.
Table 3 shows main commands of DHCP configuration mode.
Table 3 Main Commands of DHCP Configuration Mode
Function
Command
default-gateway
Configures default-gateway of subnet.
group
Configures group in subnet.
no group
Deletes groups configured in subnet.
range
Configures range of IP address used in DHCP server.
2.1.4 Rmon Configuration Mode
In order to enter into Rmon-alarm configuration mode, input rmon-alarm <1-65534>, to enter into
Rmon-event configuration mode, input rmon-event <1-65534>, and to enter into Rmon-history mode,
input rmon-histoy <1-65534>. The system prompt is supposed to be changed to SWTICH(configrmonalarm[n])# on Rmon-alarm configuration mode, to SWTICH(config-rmonevent[n])# on Rmonevent configuration mode, and to SWTICH(config-rmonhistory[n])# on Rmon-history configuration
mode.
Dasan Networks, Inc
Using CLI - 11
Table 4 shows common commands of RMON configuration mode.
Table 4 Common Commands of RMON Configuration Mode
Function
Command
active
Activates each Rmon.
owner
Shows the subject, which configures each Rmon and uses related information.
2.1.5 PIM Configuration Mode
In order to enter into PIM configuration mode, use the following command. The system prompt will be
changed to SWITCH (config_pim)# from SWITCH(config)#.
Command
router pim
Mode
Global
Function
Enters into PIM configuration mode from Global configuration mode.
On PIM configuration, you can configure PIM-SM to activate it.
Table 5 shows main commands of PIM configuration mode.
Table 5 Main Commands of PIM Configuration Mode
Function
Command
cache-check
Configures the interval that checks packet transmission result from source.
cand-bsr
Configures information for candidate-BSR.
cand-rp
Configures information for candidate-RP.
metric
Configures metric to decide Assert.
preference
Configures preference to decide Assert.
static-rp
Configures RP by user manually.
whole-packet-checksum
Gives comparability with Cisco router when transmitting Register message.
12 - Using CLI
Dasan Networks, Inc
2.1.6 VRRP Configuration Mode
In order to enter into VRRP configuration mode, use the following command. The system prompt is
supposed to be changed to SWITCH(config-vrrp)# from SWITCH (config).
Command
Mode
vrrp interface-name group-id
Function
Enters
Global
into
VRRP
configuration
mode
from
Global
configuration mode.
On VRRP configuration mode, you can configure VRRP to activate it.
Table 6 shows main commands of VRRP configuration mode.
Table 6 Main Commands of VRRP Configuration Mode
Function
Command
associate
Configures Associated IP address same with Virtual Router.
authentication
Configures password of Virtual Router group.
preempt
Activates/Deactivates Preempt.
vr_priority
Assigns priority to Virtual Router.

Configures Advertisement time, which means the interval that Master router
vr_timers
distributes its information to another Virtual Router.
2.1.7 Bridge Configuration Mode
When you input the command, bridge on Global configuration mode as follow, the system prompt is
changed to SWITCH (bridge)# from SWITCH(config)#.
Command
bridge
Dasan Networks, Inc
Mode
Global
Function
Enters into Bridge configuration mode from Global configuration
mode.
Using CLI - 13
Bridge mode is to manage MAC address and to configure switch functions of Layer 2 such as VLAN,
mirroring, STP.
Table 3 shows main commands of Bridge configuration mode.
Table 3 Main Commands of Bridge Configuration Mode
Function
Command
bandwidth-share-group
Secures minimum port bandwidth and shares the bandwidth in one group.
clear
Releases the configured functions.
rcommand
Uses commands at remote place after configuring stacking.
set
Configures VLAN, port trunking, stacking, mirroring, STP and LRE port.
2.1.8 Interface Configuration Mode
In order to enter into Interface configuration mode, input the command, interface interface-name on
Global configuration mode. When you enter into Interface configuration mode, the system prompt is
changed to SWITCH(config-if)# from SWITCH(config)#.
Command
interface interface-name
Mode
Global
Function
Enters into Interface configuration mode from Global configuration
mode.
Interface configuration mode is to assign IP address in Ethernet interface and to activate or deactivate
interface.
Table 4 shows main commands of Interface configuration mode.
14 - Using CLI
Dasan Networks, Inc
Table 4 Main Commands of Interface Configuration Mode
Function
Command
bandwidth
Configures bandwidth used to make routing information.
descripton
Makes description of interface.
ip
Assigns IP address.
shutdown
Deactivates interface.
2.1.9 Router Configuration Mode
In order to enter into Router configuration mode, use the following command. The system prompt is
supposed to be changed to SWITCH(config-router)# from SWITCH(config)#.
Command
router ip-protocol
Mode
Global
Function
According to routing protocol way, Router configuration mode is divided into BGP, RIP, and OSPF.
They are used to configure each IP routing protocol.
Table 9 shows common commands of Router configuration mode.
Table 9 Common Commands of Router Configuration Mode
Function
Command
distance
Configures distance value to find better route.
neighbor
Configures Neighbor router.
network
Configures network to operate each routing protocol.
redistribute
Registers transmitted routing information to another routers table.
Dasan Networks, Inc
Using CLI - 15
2.1.10 Route-Map Configuration Mode
In order to enter into Route-map configuration mode, use the following command. The system prompt
is supposed to be changed to SWITCH(config-route-map)# from SWITCH (config)#.
Command
Mode
route-map name {permitdeny}

<1-65535>
Global
Function
Enters into Route-map configuration mode from Global
configuration mode.
On Route-map configuration mode, you can configure the place where information is from and sent in
routing table.
Table 10 shows main commands of Route-map configuration mode.
Table 10 Main Commands of Route-Map Configuration Mode
Function
Command
match
Transmits routing information to specified place.
set
Configures router address and distance.
2.2 Useful Tips

This section provides useful functions for users convenience while using DSH commands. They are as
follow.
Listing Available Commands
Calling Command History
Using Abbreviation
16 - Using CLI
Dasan Networks, Inc
2.2.1 Listing Available Command
In order to find out available commands, input question mark(?). When you input the question mark(?)
in each command mode, you can see available commands used in the mode and variables following
after the commands.
The following is the available commands on Top mode of V5324 switch.
SWITCH# ?
bping
Send icmp echo request packets to all connected network hosts
clock
Manually set the system clock
configure
Configuration from dsh interface
exit
Exit current mode and down to previous mode
ftp
Open a ftp connection
help
Description of the interactive help system
list
Print command list
ping
Send echo messages
quote
Execute external command
reload
Reload the system
show
Show running system information
sping
Send icmp echo request packets to network host from given address
telnet
Open a telnet connection
terminal
Set terminal line parameters
tftp
Open a tftp connection
traceroute
Trace route to destination
where
List active user connections
which-route
Do route table lookup and display results
write
Write running configuration to memory, network, or terminal
SWITCH#
Note
Question mark(?) will not be seen in the screen and you do not need to press Enter key to display
commands list. This guide is designed for the standard OS V9.07. The displayed contents may vary
depending on OS version.
In case of V5324 switch installed DSH, you can find out commands starting with specific alphabet.
Input the first letter and question mark without space. The following is an example of finding out the
commands starting s in Top mode of V5324 switch.
Dasan Networks, Inc
Using CLI - 17
SWITCH# s ?
show
sping
SWITCH# s
Also, it is possible to view variables you should input following after commands. After inputting the
command you need, make one space and input question mark. The following is an example of viewing
variables after the command, write. Please note that you must make one space after inputting
SWITCH# write ?
file
Write configuration to the file (same as write memory)
memory
Write configuration to the file (same as write file)
terminal
Write to terminal
SWITCH# write
If you need to find out the list of available commands in each mode and the variables in more detail, use
the command, list. The following is an example of displaying list of available commands in Top mode
and the variables by using the command, list.
SWITCH# list
bping A.B.C.D
clock MMDDhhmmYYYY
configure terminal
exit
ftp A.B.C.D
help
list
ping A.B.C.D
ping A.B.C.D -b
ping A.B.C.D NUM
quote COMMAND
quote COMMAND .ARG
reload
show admin-access-rule
show admin-access-rule NAME
show arp
show arp IFNAME
show cable-length
show clock
show debugging rip
-- more --
Press any key to skip to the next list while you see more.
18 - Using CLI
Dasan Networks, Inc
Note
This guide is designed for the standard OS V9.07. The displayed contents may vary depending on OS
version.
2.2.2 Calling Command History
In case of DSH, you do not have to enter repeated command again. When you need to call command
history, use this arrow key, (). When you press the arrow key, the latest command you used will be
seen one by one.
The following is an example of calling command history after using several commands. After using
these commands in order : show clockconfigure terminalinterface br1exit, press the arrow key()
and then you will see the commands from latest one: exitinterface br1configure terminalshow
clock.
SWITCH# show clock

Tue Nov 30 03:27:07 1999
SWITCH# configure terminal
SWITCH(config)# interface br1
SWITCH(config-if)# exit
SWITCH(config)# exit
SWITCH# (press the arrow key,)
SWITCH# exit(arrow key,)
SWITCH# interface br1(arrow key,)
SWITCH# configure terminal(arrow key,)
Each time you press the arrow key,

only the command is changed on the
same line.
SWITCH# show clock(arrow key,)
2.2.3 Using Abbreviation
Almost commands can be used also with abbreviated form. The following table shows some examples
of abbreviated commands.
Dasan Networks, Inc
Using CLI - 19
20 - Using CLI
Command
Abbreviation
clock
cl
exit
ex
list
li
show
sh
configure terminal
co te
Dasan Networks, Inc
Chapter III System Connection and IP Address
This chapter explains how to configure password for system connection and IP address for network
communication. User can connect to system of V5324 switch and use network service connected to
equipments by assigning IP address to interface and activating the interface.
System Connection
SSH Server
Port-based Authentication(802.1x)
System Authentication
Assigning IP Address
IP Packet Forwarding Mode based on Network
3.1 System Connection

After installing switch, V5324 switch is supposed to examine that each port is rightly connected to
network and management PC. And then, user connects to system to configure and manage V5324
switch. This section provides instructions how to change password for system connection, connect to
system through telnet as the following order.
System login
Changing Password
Password Recovery
Configuring Auto-logout
Adding or Deleting User with Reading Right
Telnet Access
Disconnecting Telnet Access
System Reboot
System Rebooting of Switch Supporting Dual OS ( Only specific model supported)
3.1.1 System Login
After installing V5324 switch, finally make sure that each port is correctly connected to PC for network
and management. And then, turn on the power and boot the system as follow.
Step 1 When you turn on the switch, booting will be automatically started and login prompt will be
displayed.
***********************************************************
*
Boot Loader Version 3.05
DASAN Networks Inc.
***********************************************************
Loading...
Load Address:
0x00800000
(omitted)
SWITCH login:
Dasan Networks, Inc
System Connection and IP Address - 17
Step 2 When you enter login IP at the login prompt, password prompt will be displayed. And enter
password to move into Top mode. By default setting, login ID is configured as root and the
password is configured as vertex25.
SWITCH login: root

Password:vertex25
SWITCH#
3.1.2 Changing Password
Administrator who manages and configures the switch can change system password. For thorough
security, you would better to change the password whenever necessary. In order to change system
password, use the following command on Global configuration mode.
Command
passwd
Mode
Global
Function
Changes password.
Information
You can make password from at least five characters up to eight characters. Please avoid similar one with
login ID.
The following is an example of changing password to networks from vertex25.
SWITCH(config)# passwd
Changing password for root
Old password:vertex25
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
Enter new password:networks
Re-enter new password: networks
Password changed.
SWITCH(config)#
Note
The password you enter will not be seen in the screen, so please be careful. You need to enter the password
twice not to make mistake.
18 - System Connection and IP Address
Dasan Networks, Inc
In order to change the password of added user with reading right, use the following command.
Command
Mode
passwd user-name
Global
Function
Changes the password of added user with reading right.
The following is an example of changing password of added user with reading right to networks
from dasan.
SWITCH(config)# passwd dasan

Changing password for dasan
Enter new password:networks
Re-enter new password:networks
Password changed.
SWITCH(config)#
3.1.3 Password Recovery
When switch administrator loses the password, user can recovery the password by initializing flash
memory with the command, erase_flash and downloading system image again.
Note
If you use the command, erase_flash on Boot mode to recovery password, all configurations in the
switch will be deleted. When you need the configurations, do not use the command.
However, to use this command causes initialization of the system configuration, so you can not keep the
configuration. If you want to recovery the password and to keep the configurations, follow the below
instructions.
Dasan Networks, Inc
Step 1 When you see INIT: during system login, press the keys, Ctrl+C. Then the prompt, which
you can log in with your initial password, will be seen.
***********************************************************
*
DASAN Networks Inc.
***********************************************************
Loading...
Load Address:
0x00800000
Image Size:
0x0055e7d2
Start Address:
0x00800000
/
root=/dev/ram console=ttyS0,9600
Switch OS Version : 9.07 #4134
CPU manufacturer: Motorola [rev=0101]
Calibrating delay loop... 131.89 BogoMIPS
Memory:
57696k
available
(1104k
kernel
code,
2368k
data,
40k
init)
[c0000000,c4000000]
Total Memory Size
: 64 MB
PCI MemoryMapped Region Check
: PASS
External Memory Dataline Check
: PASS
External Memory Addressline Check

Chip BIST Check
: PASS
: PASS
INIT: version 2.77 booting
Press Ctrl+C
(none) login:
Step 2
Log in with the initial ID, root and the password, vertex25. Then you are logged in with
the following prompt.
(none) login: root

Password: vertex25
login[23]: root login
on `ttyS0'
*SWTICH#
Dasan Networks, Inc
Step 3 Input tar xPvf /dev/conf.
*SWITCH# tar xPvf /dev/conf

/etc/
/etc/Zebra.conf
/etc/bgpd.conf
/etc/dhcpd.conf
/etc/fstab
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/installconf
/etc/mtab
/etc/nsswitch.conf
/etc/ospfd.conf
/etc/passwd
/etc/passwd/etc/profile
/etc/protocols
/etc/resolv.conf
/etc/ripd.conf
/etc/rmon.conf
.
.
.
(omitted)
.
.
/etc/l2tp/
/etc/l2tp/l2tp-secrets
/etc/l2tp/l2tpd.conf
/etc/ppp/
/etc/ppp/chap-secrets
/etc/ppp/options
/etc/ppp/pap-secrets
/etc/proftpd.conf
/etc/HOSTNAME
/etc/ioctl.save
/etc/zebra.conf
/etc/startup.model
/etc/zebra.conf.sav
*SWTICH#
Dasan Networks, Inc
Step 4 After inputting edit passwd, delete configured password.
*SWTICH# edit passwd

root:dSVEZTB.qZG6U:0:0:root:/etc/:/bin/ksh
root:*:0:0:root:/etc/:/bin/ksh
Encoded password.
Delete all letters in front of :0 :0 .
file "passwd", 2 lines

root::0:0:root:/etc/:/bin/ksh
After saving your configuration, press ESC key

to exit as the below.
save/exit:ESC, editor command:^c, main menu:^\

root::0:0:root:/etc/:/bin/ksh
Select a) and exit from edit mode as the below.
+---------------------+
| leave editor
|
|
|
| a) save changes
| b) no save
| press Esc to cancel |

+---------------------+
save/exit:ESC, editor command:^c, main menu:^\

*SWTICH#
Dasan Networks, Inc
Step 5 Input the command, savecfg to save the configuration of deleted password.
*SWITCH# savecfg
/etc/
/etc/Zebra.conf
/etc/bgpd.conf
/etc/dhcpd.conf
/etc/fstab
/etc/group
/etc/hosts
/etc/inetd.conf
/etc/installconf
/etc/mtab
/etc/nsswitch.conf
/etc/ospfd.conf
/etc/passwd
/etc/passwd/etc/profile
/etc/protocols
/etc/resolv.conf
/etc/ripd.conf
.
.
(omitted)
.
.
/etc/.config/
/etc/.config/l3_default.CFG
/etc/.config/os
/etc/.config/dev/
/etc/.config/dev/boot
/etc/.config/dev/conf
/etc/l2tp/
/etc/l2tp/l2tp-secrets
/etc/l2tp/l2tpd.conf
/etc/ppp/
/etc/ppp/chap-secrets
/etc/ppp/options
/etc/ppp/pap-secrets
/etc/proftpd.conf
/etc/HOSTNAME
/etc/ioctl.save
/etc/zebra.conf
/etc/startup.model
/etc/zebra.conf.sav
/etc/resolv.conf.disable
*SWTICH#
Dasan Networks, Inc
Step 6
You can login without password when you reboot the system by using the command,
reboot. The following is an example of login without password after system rebooting.
*SWITCH# reboot
Jul 20 11:37:11 UTC 2002 Restarting system.
***********************************************************
*
DASAN Networks Inc.
***********************************************************
Loading...
Load Address:
0x00800000
Image Size:
0x0055e7d2
Start Address:
0x00800000
Memory:
57696k
available
(1104k
kernel
code,
2368k
data,
40k
init)
[c0000000,c4000000]
Total Memory Size
: 64 MB
: PASS
: PASS

Chip BIST Check
: PASS
: PASS

Extracting configuration
Tue Oct 22 14:55:55 UTC 2002
SWITCH startup completed.
INIT: Entering runlevel: 3
SWITCH login: root
SWITCH#
Step 7 Configure password again on Global configuration mode. The following is an example of
configuring password as networks.
Dasan Networks, Inc
SWITCH# config terminal

SWITCH(config)# passwd
Changing password for admin
Enter new password: networks
Re-enter new password: networks
Password changed.
SWITCH(config)#
Note
Since the password you enter will not be seen in the screen, you need to enter the password twice not to
make a mistake.
Step 8 Save the new passward.
SWITCH(config)# write memory

Building configuration...
[OK]
SWITCH(config)#
3.1.4 Configuring Auto-logout Function
For security reasons of V5324 switch, if no command is entered within the configured inactivity time,
the user is automatically logged out of the system. Administrator can configure the inactivity timer.
In order to configure the inactivity timer, use the following command.
Command
Mode
inactivity-timer 0
Releases auto-logout function.

Global
inactivity-timer <60~3600>
Function
If no command is entered within the configured inactivity time,

the user is automatically logged out of the system.
Information
By default setting, auto-logout function is configured as 600 seconds.
Dasan Networks, Inc
In order to view configuration of auto-logout function, use the following command.
Command
Mode
show inactivity-timer
Function
Top/Global
Shows configured inactivity timer.
The following is an example of configuring auto-logout function as 60 seconds and viewing the
configuration.
SWITCH(config)# inactivity-timer 60
SWITCH(config)# show inactivity-timer
Log-out time : 60 seconds
SWITCH(config)#
3.1.5 Adding or Deleting Users with Reading Right
Although only administrator can manage and configure the switch, administrator can give right to use
to person who need information on the switch. User cannot configure the switch by writing right but
can check the switch state by reading right. In order to add or delete user who has reading right for the
switch, use the following command on Global configuration mode.
Command
Mode
user add name description
Global
user del name
Function
Adds user who has reading right.
Deletes user who has reading right.
The following is an example of adding user A who has reading right. The password is set to vertex25.
SWITCH(config)# user add A lhs

Changing password for A
Enter new password:vertex
Re-enter new password:vertex
Password changed.
SWITCH(config)#
Note
The password you enter will not be seen in the screen, so please be careful not to make mistake.
Dasan Networks, Inc
In order to view added users, use the following command.
Command
Mode
show user
Global
Function
Shows added users.
The following is an example of viewing added users.
SWITCH(config)# show user

====================================================
User name
Description
====================================================
A
lhs
SWITCH(config)#
User who has reading right does not have right to configure. The following is an example that user who
has reading right logs in.
SWITCH login: A
Password: vertex
SWITCH>
The following is an example of listing available commands for user who has reading right by question
mark(?).
SWITCH> ?
exit
help
Description of the interactive help system
list
Print command list
ping
Send echo messages
show
sping
telnet
Open a telnet connection
terminal
where
Set terminal line parameters

List active user connections
SWITCH>
Moreover, it is impossible to change all user information such as ID, password and description after
adding the user. So, if you need to change user information, you should delete user and add the user
again with new information.
Dasan Networks, Inc
The following is an example of deleting added user and confirming it.
SWITCH(config)# user del A

SWITCH(config)# show user
====================================================
User name
Description
====================================================
SWITCH(config)#
3.1.6 Telnet Access
In order to connect to system by telnet at remote place, use the following commands.
Command
Mode
telnet destination
Function
Connects with IP address or hostname of another system.
Top
telnet destination port-number
Connects with specified port of another port.
Note
When you save configuration with telnet connection, you should wait for [OK] message. Or, all new
configurations will be deleted when telnet session is disconnected. Please wait for [OK] message and
disconnect it.
SWITCH# write memory

[OK]
SWITCH#
3.1.7 Disconnecting Telnet Access
Administrator of V5324 switch can confirm users connected from remote place and make some of them
disconnected, as administrator wants. In order to view tty of users connected from remote place, before
disconnecting a user, use the following command.
Command
where
Mode
Top/Global
Function
Shows users connected through telnet.
Dasan Networks, Inc
SWITCH# where
root at ttyS from console for 54 minutes 43.57 seconds
guest at ttyp0 from 203.236.124.209:1683 for 13.5 seconds
SWITCH#
As you see the above example, a user is accessed from remote place with login ID and password of
administrator. The tty given to this user is ttyp0.
In order to disconnect a user connected from remote place by using this information, use the following
command.
Command
disconnect tty
Mode
Function
Global
Disconnects a user connected from remote place.
The following is an example of disconnecting a user named guest.
SWITCH(config)# disconnect ttyp0

SWITCH(config)#
3.1.8 System Rebooting
After downloading new system image from TFTP/FTP server, reboot the system. Input the command,
reload on Top mode to reboot in other cases when rebooting is needed during installing and managing
switch through terminal program.
Command
reload
Mode
Top
Function
Reboots system.
If you reboot system without saving new configuration, new configuration will be deleted. So, you have
to save the configuration before rebooting. Not to make that mistake, V5324 switch is supposed to print
the following message to ask if user really wants to reboot and save configuration. If you want to
continue to reboot, press y key, if you want to save new configuration, press n key.
SWITCH# reload
Warning : Changed configuration was not saved to flash memory.
Do you still want to reload the system?[y|N]
Dasan Networks, Inc
3.2 Configuring SSH Server
In proportion to network development, the security is getting more and more important for users.
However, typical ftp and telnet service have big weakness for security. SSH(Secure Shell) is security
shell for login. By operating SSH server, security can be strengthened because all data are encoded.
In order to enable SSH server, use the following command.
Command
ssh server enable
Mode
Global
Function
Enables SSH server.
In order to disable SSH server, use the following command.
Command
ssh server disable
Mode
Global
Function
Disables SSH server.
The following is an example of enabling SSH server and confirming it.
SWITCH(config)# ssh server enable

Generating SSH public/private RSA1 key ...
SSH Server start!
SWITCH(config)# show running-config
Current configuration:
hostname SWITCH
!
ssh server enable
!
(omitted)
SWITCH(config)#
Dasan Networks, Inc
3.3 Port-Based Authentication (802.1x)

V5324 switch restricts clients attempting to access to port by 802.1x port-based authentication to
enhance security and portability of network management. When a client attempts to connect to port of
802.1x port-based authentication enabled, the switch transfers required information to RADIUS server
for authentication. RADIUS server retains database about authorized clients who can access to the port.
The switch acts an intermediary between the client and the authentication server, requesting identity
information from the client, verifying that information with the authentication server, and relaying a
response to the client. Therefore, only authorized client who has access right can connect to the port.
The below picture briefly shows the process of port-based authentication.
Transfers identity information and verify
the information with RADIUS server

RADIUS Server
V5324 Switch
Transmits the result of

authentication process
Connects to port of 802.1x portbased authentication enabled
Process of 802.1x Port-Based Authentication
In order to enable 802.1x port-based authentication in port of V5324 switch, you must be able to
perform the following tasks.
Configuring Authentication Port
Assigning IP Address of Authentication Port
Configuring RADIUS Server
Confirming Configuration of 802.1x Port-Based Authentication
Client Authentication through MAC address
Viewing/Deleting Statistics of 802.1x Port Authentication
Releasing 802.1x Port-Based Authentication
Dasan Networks, Inc
3.3.1 Configuring Authentication Port
User should configure which port to be used for 802.1x Port-Based Authentication. In order to do it, use
the following command.
Command
Mode
dot1x port enable port-number
Global
Function
Configures
port
of
802.1x
port-based
authentication.
Information
It is possible to configure more than one port-number by using , or -.
In order to release configured port of 802.1x port-based authentication, use the following command.
Command
dot1x port disable port-number
Mode
Global
Function
Releases configured port of 802.1x port-based authentication.
3.3.2 Assigning IP Address of Authentication Port
After configuring port of 802.1x port-based authentication, user needs to assign IP address to switch to
be used for transferring identity information of client to RADIUS server. It is possible to assign more
than one IP address in V5324 switch. With more than one IP address assigned, unless user specifies
which IP address to be used for transferring identity information of client to RADIUS server,
authentication port cannot decide which IP address to take.
Note
Unless user assigns IP address to switch to be used for transferring identity information of client to
RADIUS server, 802.1x port-based authentication will not be enabled.
Dasan Networks, Inc
In order to assign IP address to switch to be used for transferring identity information of client to
RADIUS server, use the following command.
Command
Mode
dot1x address ip-address
Global
Function
Assigns IP address to switch to be used for transferring identity
information of client to RADIUS server.
3.3.3 Configuring RADIUS Server
After enabling 802.1x port-based authentication in port of V5324 switch, there must be RADIUS server
that retains data about authorized clients who have access right.
User has to configure IP address of RADIUS server to be used for users switch and key value after
configuring port of 802.1x port-based authentication.
In order to configure IP address of RADIUS server and key value, use the following command.
Command
dot1x radius host ip-address key
Mode
Global
Function
Configures IP address of RADIUS server and key
value.
3.3.4 Confirming Configuration of 802.1x Port-Based Authentication
In order to confirm configuration of 802.1x, use the following command.
Command
show dot1x
Dasan Networks, Inc
Mode
Top/Global
Function
Shows configuration of 802.1x.
[Sample Configuration1]
The following is an example of viewing configuration after configuring port 24 as authentication port
and IP address of the port and information of RADIUES server.
SWITCH(config)# dot1x port enable 24

SWITCH(config)# dot1x address 172.16.209.1
SWITCH(config)# dot1x radius host 100.1.1.1 1
SWITCH(config)# show dot1x
802.1x authentication enabled
Radius server : 100.1.1.1 (Auth key : 1)
--------------------------------------|
802.1x |12345678901234567890123456
------------+-------------------------PortEnable |.......................p..
PortAuthed |..........................
MacEnable |..........................
SWITCH(config)#
3.3.5 Client Authentication through MAC Address
Assume that V5324 switch is connected to some device or hub, which do not support 802.1x and there
are many clients connected to the device. In this case, if any of the clients gets authentication of V5324
switch, then all clients are automatically supposed to get the authentication too.
In the below picture, V5324 switch is connected to SWITCH A, which does not support 802.1x port
authentication and Clients A, B, C, D are connected to SWITCH A. In this case, suppose that client A
gets authentication to connect to V5324 switch. Then, all the other clients connected to SWITCH A are
supposed to get the authentication too. Therefore, if the user of V5324 switch wants to authenticate only
client A, it is necessary to block connection from client B, C, D. For this situation, it is possible to
authenticate client A through MAC address authentication.
Dasan Networks, Inc
V5324 Switch
RADIUS Server
SWITCH A
Through SWITCH A,
got 802.1x authentication
Clinet A
Switch, which does not

support 802.1x
All clinets can connect to
V5324 switch.
Clinet B Clinet C Clinet D
Connecting to Switch, 802.1x not supported
In order to authenticate clients through MAC address, use the following command.
Note
Before you configure 802.1x port-based Authentication on MAC address, you should block all incoming
packets to authentication port by using the command, set mac-filter default-policy deny port-number.
Command
dot1x mac enable port-number
Mode
Global
Function
Authenticates clients through MAC address.
In order to release MAC address authentication, use the following command.
Command
dot1x mac disable port-number
Dasan Networks, Inc
Mode
Global
Function
Releases MAC address authentication.
[Sample Configuration 2]
The following is an example of configuring MAC address authentication and confirming it.

--------------------------------------|
802.1x |12345678901234567890123456
------------+-------------------------PortEnable |.......................p..
PortAuthed |..........................
MacEnable |..........................
SWITCH(config)# set mac-filter default-policy deny 24

SWITCH(config)# dot1x mac enable 24
--------------------------------------|
802.1x |12345678901234567890123456
------------+-------------------------PortEnable |..........................
PortAuthed |..........................
MacEnable |.......................m..
SWITCH(config)#
Information
When client is connected to device, which supports 802.1x port authentication, you do not have to use
MAC address authentication.
Dasan Networks, Inc
3.3.6 Viewing/Deleting Statistics of 802.1x Port Authentication
It is possible to view statistics of 802.1x port authentication or delete the statistics to reset. In order to
view statistics of 802.1x port authentication, use the following command.
Command
Mode
show dot1x port-number
Top/Global
Function
Shows 802.1x statistics of specified port.
The following is an example of viewing 802.1x statistics of specified port.
SWITCH(config)# show dot1x 24

Dot1x Packet Statistics
-----------------------------------------------------------supplicant
NAS (port =24)
Radius Server
count
-----------------------------------------------------------19
EAPOL START ->
19
<- EAP-Req-Id
EAP-Resp-Id ->
Access-Req(Id) ->
<- Challenge
0
0
<- EAP-Req-MD5
EAP-Resp-MD5 ->
Access-Req(MD5) ->
<- Accept
<- EAP-Success
0
0
0
SWITCH(config)#
In order to delete 802.1x statistics for resetting, use the following command.
Command
dot1x clear statistic port-number
Mode
Function
Global
Deletes all 802.1x statistics in specified port to reset.
Dasan Networks, Inc
The following is an example of delete the statistics of [Sample Configuration 3] to reset.
SWITCH(config)# dot1x clear statistic 24

SWITCH(config)# show dot1x 24
Dot1x Packet Statistics
-----------------------------------------------------------supplicant
NAS (port =24)
Radius Server
count
-----------------------------------------------------------0
EAPOL START ->
<- EAP-Req-Id
EAP-Resp-Id ->
Access-Req(Id) ->
<- Challenge
0
0
<- EAP-Req-MD5
EAP-Resp-MD5 ->
Access-Req(MD5) ->
<- Accept
0
0
0
<- EAP-Success
SWITCH(config)#
3.3.7 Releasing 802.1x Port-Based Authentication
In order to release 802.1x port-based authentication, use the following command.
Command
Mode
no dot1x
Global
Function
Releases 802.1x port-based authentication.
The following is an example of confirming configuration after releasing 802.1x port-based

authentication shown as [Sample Configuration 1].
SWITCH(config)# no dot1x
802.1x authentication disabled
SWITCH(config)#
Dasan Networks, Inc
Note
Please note that all configurations about 802.1x are supposed to be deleted by using the above command to
release 802.1x port-based authentication.
3.4 System Authentication

V5324 switch is enhanced security of client authentication and user is able to configure authorization
method in diverse ways. Usually, ID/password registered in switch is used but if you use
RADIUS(Remote Authentication Dial-In User Service), which is client authentication protocol, and
TACACS+(Terminal Access Controller Access Control System+), only clients recorded in each server can
connect to the system. With TACACS+ configured, sends client information for authorization.
With configured RADIUS, sends

client information for
authorization.
Takes authorization process
according to configuration
Sends Result
RADIUS Server
V5324 Switch
Connects to switch through

Console or telnet.
Sends Result
TACACS Server
With TACACS+ configured,

sends client information for
authorization.
Process of System Authentication
You need to configure the followings for system authentication in V5324 switch.
Configuring Authorization Method

Configuring Priority of Authorization Method
Confirming Configuration of Authorization Method
Configuring RADIUS
Configuring TACACS+
Recording Users Configuration
Dasan Networks, Inc
Note
To enable RACIUS or TACACS+, add user with reading right nameduserby using the command, user
add.
Or, all users connecting through authentication protocol are supposed to receive a right as
root. Refer to 3.1.5 Adding/Deleting User with Reading Rightfor the instruction to add user with
reading right.
3.4.1 Configuring Authorization Method
You can authorize clients attempting to access to V5324 switch by using registered ID/password,
RADIUS and TACACS+. It is possible to take all of three and to select one of them. In order to configure
authorization method, use the following commands.
Command
Mode
set login local {radiustacacshostall}
Function
Configures authorization method for clients
enable
connecting through console.

Global
set login remote {radiustacacshostall}
Configures authorization method for clients
enable
connecting through telnet.
Information
host is authentication by using ID/password registered in switch. It is configured in V5324 switch by
default.
Also, in order to release configured authorization method, use the following commands.
Command
Mode
set login local {radiustacacshostall}
Function
Releases
disable
authorization
method
for
clients
for
clients
connecting through console.

Global
set login remote {radiustacacshostall}
Releases
disable
connecting through telnet.
authorization
method
Dasan Networks, Inc
3.4.2 Configuring Priority of Authorization Method
After configuring authorization in diverse ways, you can configure priority of authorization method
which method will be the first or second or the last.
In order to configure priority of authorization method, use the following commands.
Command
Mode
set login local {radiustacacshost}
Function
Configures priority of authorization method for
primary
clients connecting through console.

Global
set login remote {radiustacacshost}
Configures priority of authorization method for
primary
clients connecting through telnet.
Information
By default, priority of V5324 switch authentication is set to host radius tacacs in order.
3.4.3 Checking Configured Priority of Authorization Method
User is able to check configured priority of authorization method. In order to do it, use the following
command.
Command
show login
Mode
Top/Global
Function
Shows configuration about authorization method.
The following is an example of configuring authorization method in V5324 switch. It is configured to

add RADIUS to default method in case of clients connecting through console and telnet. And, the
priority is given to RADIUS in case of clients connecting through console and to default method in case
of clients connecting through telnet. Then, confirm the configuration.
Dasan Networks, Inc
SWITCH(config)# user add user test1

Changing password for user
Password changed.
SWITCH(config)# set login local radius enable
SWITCH(config)# set login remote radius enable
SWITCH(config)# set login local radius primary
SWITCH(config)# set login remote host primary
SWITCH(config)# show login
[AUTHEN]
Local login
: radius host
Remote login : host radius
Displayed according to priority
Accounting mode : none

-----------------------------------[RADIUS]
<Radius Servers & Key>
Radius Retries : 0
Radius Timeout : 0
-----------------------------------[TACACS]
<Tacacs Servers & Key>
Tacacs Timeout : 0
Tacacs Socket Port : 0
Tacacs Interface :
Tacacs PPP Id : 0
Tacacs Authen Type : ASCII
Tacacs Priority Level : min
SWITCH(config)#
3.4.4 Configuring RADIUS

(1) Configuring RADIUS Server
After configuring RADIUS for client authentication, you need to configure RADIUS server to be used in
switch.
Dasan Networks, Inc
In order to configure RADIUS server, use the following command.
Command
set login radius add server ip-address key
[port-number]
Mode
Global
Function
Registers IP address and key value of RADIUS
server to be used in switch.
Information
port-number is to input port of RADIUS server connected to switch.
Information
You can configure maximum five RADIUS servers in V5324 switch.
In order to delete registered RADIUS server, use the following command.
Command
set login radius del server ip-address
Mode
Global
Function
Deletes registered RADIUS server
(2) Configuring Frequency of Retransmit

When V5324 switch cannot get any response from RADIUS server, it is supposed to retransmit request.
By default, frequency of retransmit is three times, but user can configure the number of the times. In
order to configure frequency of retransmit, use the following command.
Command
set login radius retransmit count
Mode
Global
Function
Configures the number of times to retransmit
information to RADIUS server.
Information
The default is three times in V5324 switch.
(3) Configuring Timeout of Response

In V5324 switch, the number of seconds that the switch waits for a response from RADIUS server is
configured. User can configure it for convenience.
Dasan Networks, Inc
In order to configure timeout of response, use the following command.
Command
Mode
set login radius timeout time
Global
Function
Configures the number of seconds that the switch waits for a
response from RADIUS server.
Information
The default is five seconds in V5324 switch.
The following is an example of configuring frequency of retransmit and timeout of response after
registering RADIUS server.
SWITCH(config)# set login radius add server 100.1.1.1 1

SWITCH(config)# set login radius retransmit 5
SWITCH(config)# set login radius timeout 10
SWITCH(config)# show login
[AUTHEN]
Local login
: radius host
Remote login : host radius

Accounting mode : none
-----------------------------------[RADIUS]
100.1.1.1 1
Radius Retries : 5
Radius Timeout : 10
-----------------------------------[TACACS]
Tacacs Timeout : 0
Tacacs Interface :
Tacacs PPP Id : 0
Tacacs Authen Type : ASCII
Tacacs Priority Level : min
SWITCH(config)#
Dasan Networks, Inc
3.4.5 Configuring TACACS+
(1) Configuring TACACS Server
After configuring TACACS+ for client authentication, you need to configure TACACS server to be used
in switch. In order to configure TACACS server, use the following command.
Command
set login tacacs add server ip-address key
Mode
Global
Function
Registers IP address and key value of TACACS
server to be used in switch.
And then, you should register interface of TACACS server connected to users switch. Use the following
command.
Command
set login tacacs interface interface-name
Mode
Global
Function
Registers interface of TACACS server connected
to users switch.
Information
port-number is to input interface of TACACS server connected to users switch. Please check interface of
TACACS server connected to users switch before inputting it.
Information
You can register maximum five TACACS servers in V5324 switch.
Dasan Networks, Inc
In order to register port of TACACS server connected to users switch, use the following command.
Command
set login tacacs socket-port port-number
Mode
Global
Function
Registers port of TACACS server connected to
users switch.
In order to delete registered TACACS server, use the following command.
Command
set login tacacs del server ip-address
Mode
Global
Function
Deletes registered TACACS server.
(2) Selecting Authorization Type
When you configure TACACS+ for authentication, you need to select authorization type of TACACS+.
In order to select authorization type of TACACS+, use the following command.
Command
set login tacacs auth-type {asciipapchap}
Mode
Global
Function
Selects authorization type of TACACS+.
pap stands for Password Authentication Protocol and chap stands for Challenge Handshake
Authentication Protocol.
Information
The default is ascii type of TACACS+ in V5324 switch.
Dasan Networks, Inc
(3) Configuring Timeout of Response

In V5324 switch, the number of seconds that the switch waits for a response from TACACS server is
configured. User can configure it for convenience.
In order to configure timeout of response, use the following command.
Command
set login tacacs timeout time
Mode
Global
Function
Configures the number of seconds that the switch waits for a
response from TACACS server.
Information
The default is five seconds.
(4) Configuring Client Priority

It is possible to configure priority of clients right to use server according to configuration of TACACS
server authorization method. This priority is not used in V5324 switch but in TACACS server user
connects.
In order to configure priority of clients right to use server, use following command.
Command
set login tacacs priority-level
{maxminrootuser}
Mode
Global
Function
Configures priority of clients right to use TACACS
server.
Comparatively speaking, the priority is max = root user min in order.
Dasan Networks, Inc
The following is an example of configuring authorization method as TACACS+.
SWITCH(config)# user add user test1

Changing password for user
Password changed.
SWITCH_A(config)# set login local tacacs enable
SWITCH_A(config)# set login remote tacacs enable
SWITCH_A(config)# set login local tacacs primary
SWITCH_A(config)# set login remote tacacs primary
SWITCH_A(config)# set login tacacs add server 200.1.1.1 1
SWITCH_A(config)# set login tacacs interface br1
SWITCH_A(config)# set login tacacs socket-port 1
SWITCH_A(config)# set login tacacs auth-type pap
SWITCH_A(config)# set login tacacs timeout 10
SWITCH_A(config)# set login tacacs priority-level root
SWITCH_A(config)# show login
[AUTHEN]
Local login
: tacacs host
Remote login : tacacs host
Displayed according to priority.
Accounting mode : start

-----------------------------------[RADIUS]
Radius Retries : 0
Radius Timeout : 0
-----------------------------------[TACACS]
200.1.1.1 1
Tacacs Timeout : 10
Tacacs Interface : br1
Tacacs PPP Id : 0
Tacacs Authen Type : PAP
Tacacs Priority Level : MAX(ROOT)
SWITCH_A(config)#
Dasan Networks, Inc
3.4.6 Recording Users Configuration
When user configures RADIUS or TACACS+ for system authentication, the system records specific
services user has taken. Through this function, it is possible to apply billing policy to specific service. In
order to enable this function, use the following command.
Command
Mode
set login accounting-mode {nonestartstrpboth}
Global
Function
Applies billing policy to switch.
Information
start sets the standard on users login and stop sets the standard on users logout. both takes both
of them and none releases applied billing policy.
3.5 Assigning IP Address
3.5.1 Assigning IP Address on Network Interface
The switch uses only the datas MAC address to determine where traffic needs to come from and which
ports should receive the data. Switches do not need IP addresses to transmit packets. However, if you
want to access to V5324 switch from remote place with TCP/IP through SNMP or telnet, it requires IP
address.
As the default setting, V5324 switch is configured with virtual interface br1. Perform the below steps.
Step 1 Enter into Interface configuration mode which has the prompt, SWITCH(config-if)# to assign
IP address in the switch. In order to enter into Interface configuration mode, input the
command, Interface interface-name after entering into Global configuration mode which has
the prompt, SWITCH(config)# by inputting configure terminal on Top mode.
Dasan Networks, Inc

SWITCH(config-if)#
Step 2 In order to assign IP address to network interface, use the following commands.
Command
Mode
Function
ip address address/M
Assigns IP address in to interface. It configures global IP address.
ip address address/M scope
Interface
Assigns link/host IP address. Link is valid in specific internal
{host | link}
network and host is valid in specific equipment.
The following is an example of assigning IP address 192.168.1.10 to br1.
SWITCH(config-if)# ip address 192.168.1.10/16

SWITCH(config-if)#
Step 3 Activate network interface by using the following command.
Command
Mode
no shutdown
Interface
Function
Activates network interface.
Step 4 In order to view assigned IP address, use the following command. The following is an example
of it.
Command
Mode
show ip
Interface
Function
Shows assigned IP address in interface.
The following is an example of viewing the above configuration.
SWITCH(config-if)# show ip
34: br1: <RUNNING,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:d0:cb:0a:a4:6d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/16 brd 192.166.255.255 scope global br1
SWITCH(config-if)#
Dasan Networks, Inc
3.5.2 Configuring Static Routes and Default Gateway
IP routing provided by the V5324 switching software allows you to exchange traffic between different
networks and bridge groups.
Specially, when you want to interconnect a bridged network with a routed network or another bridged
network, the layer 3 switching feature enables the switch to act as a true router. Configuring static
routes enables your switch to route traffic over the network. Static routes are user-defined routes that
cause packets moving between a source and a destination to take a specified path. Static route entries
consists of the destination IP network address, the IP address of the next hop router, and the metric
(hop count) for the route. To configure a static route, perform the following task in global configuration
mode.
Command
Mode
ip route destination[/prefix-length] {gateway-address |

gateway-interface}
Purpose
Establish a static route to the remote network.
[metric | src address]

Global
show ip route
Verify that the static route appears correctly in

the IP routing table.
The software remembers static routes until you remove them using the no ip route global configuration
command. However, you can override static routes with dynamic routing information through prudent
assignment of administrative distance values. Each dynamic routing protocol has a default
administrative distance, as listed in Table 1.
If you would like a static route to be overridden by information from a dynamic routing protocol,
simply ensure that the administrative distance of the static route is higher than that of the dynamic
protocol. Static routes that point to an interface will not be advertised via RIP, and other dynamic
routing protocols, unless a redistribute static command is specified for these protocols. When an
interface goes down, all static routes through that interface are removed from the IP routing table.
Also, when the software can no longer find a valid next hop for the address specified as the forwarding
routers address in a static route, the static route is removed from the IP routing table.
Dasan Networks, Inc
Table 1: Dynamic Routing Protocol Default Administrative Distances
Route Source
Default Distance
Connected Interface
Static route
External BGP
20
OSPF
110
RIP
120
Internal BGP
200
Unknown
255
This example shows how to configure static routes on the switch for the three nodes that are not
directly connected to.
SWITCH(config)# ip route 100.1.1.0/24 10.1.1.2

In the following example, three bridges are directly connected, and the three nodes that are not directly
connected are reachable via static routes.
SWITCH(config)# show ip route

Codes: K - kernel route, C - connected, S - static, R- RIP, O - OSPF,
B - BGP, > - selected route, *- FIB route
C>* 10.1.1.0/24 is directly connected, br1
S>* 100.1.1.0/24 [1/0] via 10.1.1.2, br1
S>* 200.1.1.0/24 [1/0] via 20.1.1.2, br2
S>* 172.16.1.0/24 [1/0] via 30.1.1.2, br3
C>* 127.0.0.0/8 is directly connected, lo
-- End -SWITCH(config)#
The switch might not be able to determine the routes to all other networks. To provide complete routing
capability, the common practice is configuring a default route. To choose the default route for the router,
specify a static route to the network 0.0.0.0 through a default gateway.
Dasan Networks, Inc
The following example shows how to configure the default network 0.0.0.0 through a default gateway
20.1.1.2. The default route appears in the gateway display of the show ip route command.

SWITCH(config)# show ip route
Codes: K - kernel route, C - connected, S - static, R- RIP, O - OSPF,
B - BGP, > - selected route, *- FIB route
S>* 0.0.0.0/0 [1/0] via 20.1.1.2, br2
S>* 100.1.1.0/24 [1/0] via 10.1.1.2, br1
S>* 101.1.1.0/24 [1/0] via 10.1.1.2, br1
S>* 102.1.1.0/24 [1/0] via 10.1.1.2, br1
C>* 127.0.0.0/8 is directly connected, lo
-- End -SWITCH(config)#
3.6 IP Packet Forwarding Mode based on Network

In old version of V5324 switch, it was possible to save IP packet Forwarding way up to 2K per host.
However, in the V5324 switch saving IP packet Forwarding way per network has enlarged v9.07 the
entry to save in switching chip.
Information
It is possible to save up to thirteen IP packet Forwrding ways per network.
In order to save IP packet Forwarding way per network, use the following command.
Command
Mode
ip switching-mode network
Global
Function
Saves IP packet Forwarding way per network.
Information
Even if you configure more than two routes for IP packets, which have same bandwidth, only one route
receives packets. But, when the default route is disconnected, the next route receives packet.
Dasan Networks, Inc
In order to delete the configuration to save IP packets Forwarding way per network, use the following
command.
Command
no ip switching-mode network
Mode
Global
Function
Deletes the configuration to save IP packets Forwarding
way per network.
Dasan Networks, Inc
Chapter IV Port Basic Configuration
It is possible for user to configure basic environment such as auto-negotiate, transmit rate, and flowcontrol of V5324 switch port. Also, it includes instructions how to configure port mirroring and port as
basic.
Port Basic Configuration
Port Mirroring
4.1 Port Basic Configuration

It is possible to configure default environment of port such as port state, speed. To configure port, you
need to enter into Bridge configuration mode by using bridge command on Global configuration mode.
When you are entered into Bridge configuration mode, system prompt will be changed to
SWITCH(bridge)# from SWITCH(config)#.
Command
Mode
bridge
Function
Global
Enters into Bridge configuration mode.
The following is an example of entering into Bridge configuration mode.
SWITCH(config)# bridge
SWITCH(bridge)#
V5324 Port Default Configuration
Detail
Default Configuration
Port State
Available
Auto-negotiate
On
Flow Control
On
STP
For VLAN 1
VLAN
br1
In order to view the configuration of users switch port, use the following command.
Command
show port port-number
Mode
Top/Global/Bridge
Function
Shows port configuration.
When you use the command, show port command, if you input letter at port-number, the message,
%Wrong expression. ex) show port 1,3 , show port 1-3,10 will be displayed, and if you input wrong
number, the message, %Port number invalid will be displayed.
56 - Port Basic Configuration
Dasan Networks, Inc
SWITCH(bridge)# show port port

%Wrong expression. ex) 'show port 1,3' , 'show port 1-3,10'
SWITCH(bridge)# show port 100
-------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
-------------------------------------------------------------------------%port number invalid
SWITCH#
Information
On DSH command mode, you can use , and - at port-number to choose several ports.
You can configure the below functions about port basic configuration.
Activating Port
Auto nego
Port Transmit Rate
duplex Mode
Flow Control
Description of Port
Viewing Port Statistics
Initializing Port Statistics
4.1.1 Activating Port
In order to activate port or deactivate port, use the following commands.
Command
Mode
set port enable port-number
Function
Activates port.
Bridge
set port disable port-number
Deactivates port.
Information
By default, all ports are logically activated.
Dasan Networks, Inc
Port Basic Configuration - 57
The following is an example of deactivating port 1 Ehternet port and confirming it.

---------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
---------------------------------------------------------------------------1 : Ethernet
Up/Up
Auto/Full/100
Off
SWITCH(bridge)# set port disable 1

---------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
---------------------------------------------------------------------------1 : Ethernet
Down/Down
Auto/Full/100
Off
SWITCH(bridge)#
4.1.2 Configuring Auto-nego
You can configure auto-negotiation for a port, automatically to match the transmission speed and the
duplex mode of the attached device.
To determine if the speed and duplex mode are set to auto-negotiate, use the following command in the
bridge configuration mode at global configuration level.
Command
set port nego port-number on
Mode
Bridge
set port nego port-number off
Function
Sets the port to auto-negotiate..
Deletes auto-negotiate.
Information
By default, auto-nego is activated.
Dasan Networks, Inc
The following is an example of deleting auto-negotiate of port 1 and 2 and confirming it.
SWITCH(bridge)# show port 1-2

--------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------1:
Ethernet
Up/Down
Auto/Full/1000
On
2:
Ethernet
Up/Down
Auto/Full/1000
On
SWITCH(bridge)# set port nego 1-2 off

SWITCH(bridge)# show port 1-2
--------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------1:
Ethernet
Up/Down
Force/Full/1000
On
2:
Ethernet
Up/Down
Force/Full/1000
On
SWITCH(bridge)#
Note
To support Auto MDIX, you need to configure auto-nego as on.
4.1.3 Port Transmit Rate
It is possible to configure transmit rate of each port. In order to configure transmit rate of port, use the
following command.
Command
set port speed port-number
{101001000}
Mode
Bridge
Function
Configure transmit rate of port as 10, 100, or 1000Mbps.
Note
When auto-nego is activated, it is impossible to change transmit rate.
Dasan Networks, Inc
The following is an example of configuring transmit rate of port 1 as 10Mbps and confirming it.

---------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
---------------------------------------------------------------------------1:
Ethernet
Up/Up
Force/Full/100
Off
SWITCH(bridge)# set port speed 1 10

---------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
---------------------------------------------------------------------------1:
Ethernet
Up/Down
Force/Full/10
Off
SWITCH(bridge)#
Note
It is impossible to configure transmit rate of 1000Base-X Gigabit port.
4.1.4 duplex Mode
Only unidirectional communication is possible on half duplex mode and bi-directional communication
is possible on full duplex mode to transmit packet for two ways. By transmitting packet for two ways,
Ethernet bandwidth is enlarged two times- 10Mbps to 20Mbps, 100Mbps to 200Mbps.
In order to configure duplex mode of 10/100BaseTx Ethernet port, use the following command.
Command
set port duplex port-number {full | half}
Mode
Bridge
Function
Configures duplex mode of port.
Note
When auto-nego is activated, it is impossible to change transmit rate.
Dasan Networks, Inc
The following is an example of configuring duplex mode of port 2 as half mode and confirming it.

--------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------3:
Ethernet
Up/Down
Force/Full/100
On
SWITCH(bridge)# set port duplex 3 half

--------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------3:
Ethernet
Up/Down
Force/Half/100
On
SWITCH(bridge)#
Information
The default is Full duplex mode.
Note
100BaseFx Ethernet and 1000BaseX Gigabit Etherbet can be configured as full duplex. User of 100BaseFx
Ethernet and 1000BaseX Gigabit Ethernet cannot change the mode.
4.1.5 Configuring Flow Control
Ethernet ports on the switches use flow control to restrain the transmission of packets to the port for a
period of time. Typically, if the receive buffer becomes full, the port transmits a pause packet that tells
remote ports to delay sending more packets for a specified period of time. In addition, the Ethernet
ports can receive and act upon pause packets from other devices.
In order to configure flow control on the Ethernet port, use the following command.
Command
set port flow-control port-number {onoff}
Dasan Networks, Inc
Mode
Bridge
Function
Configures flow control.
Information
By default, Flow-control is set to YES.
The following is an example of configuring flow control to port 4.
SWITCH(bridge)# set port flow-control 4 off

--------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------4:
Ethernet
Up/Down
Auto/Full/1000
Off
SWITCH(bridge)#
4.1.6 Description of port
For users reference, you can make description for each port. In order to write port description, use the
following command.
Command
Mode
set port description port-number description
Function
Bridge
Makes description of each port.
In order to view description of port, use the following command.
Command
Mode
show port description
Function
Top/Global/Bridge/Interface
Shows description of port.
The following is an example of making description of port 22 and viewing it.
SWITCH(bridge)# set port description 22 test1

SWITCH(bridge)# show port description 22
------------------------------------------------------------------NO TYPE
STATE
LINK
DESCRIPTION
(ADM/OPR)
------------------------------------------------------------------22 Ethernet Up/Dn
100FDX
test1
SWITCH(bridge)#
Dasan Networks, Inc
In order to delete port description, use the following command.
Command
clear port description port-number
Mode
Function
Bridge
Deletes description of specified port.
4.1.7 Viewing Port Statistics
In order to display traffic average of each port or interface MIB, RMON MIB data defined in SNMP MIB,
use the following commands.
Command
Mode
Function
show port statistics avg-pkt
Shows traffic average of specified port.
port-number
show port statistics interface
Top/Global
Shows MIB data of specified port.
port-number
show port statistics rmon
Shows RMON MIB data of specified port.
port-number
The following is an example of viewing traffic average of port 13.
SWITCH# show port statistics avg-pkt 13

=============================================================================
Port
Tx
Rx
----------------------------------------------------------------------------Time
pkts/s | bytes/s |
bits/s
pkts/s | bytes/s |
bits/s
=============================================================================
port 13 --------------------------------------------------------------------5 sec:
10
1926
15,408
1 min:
2094
16,752
10 min:
2037
16,296
SWITCH#
Dasan Networks, Inc
The following is an example of viewing interface MIB data of port 13.
SWITCH(config)# show port statistics interface 13

ifDescr
port 13-TX-10/100
ifType
ifMtu
1500
ifPhysAddress
00:d0:cb:0d:00:12
ifAdminStatus
UP
ifOperStatus
UP
ifInOctets
341089087
ifInUcastPkts
5246410
ifInNUcastPkts
19472
ifInDiscards
ifInErrors
0
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutNUcastPkts 0
ifOutDiscards
ifOutErrors
ifSpecific
SWITCH(config)#
The following is an example of viewing RMON MIB data of port 13.
SWITCH(config)# show port statistics rmon 13

Port
13
ethernet
etherStatsDropEvents
172
etherStatsOctets
6479316
etherStatsPkts
63187
etherStatsBroadcastPkts
56513
etherStatsMulticastPkts
5479
etherStatsCRCAlignErrors
etherStatsUndersizePkts
etherStatsOversizePkts
etherStatsFragments
etherStatsJabbers
etherStatsCollisions
etherStatsPkts64Octets
44362
etherStatsPkts65to127Octets 6024
etherStatsPkts128to255Octets12315
etherStatsPkts256to511Octets468
19
etherStatsPkts512to1023Octets
0
etherStatsPkts1024to1518Octets
SWITCH(config)#
Dasan Networks, Inc
4.1.8 Initializing Port Statistics
In order to clear all recorded statistics of port and initiate, use the following command. It is possible to
initiate statistics of port and select specific port.
Command
Mode
clear port statistics { port-number all}
Global
Function
Initializes port statistics. It is possible to select
several ports.
4.2 Port Mirroring

Port-mirroring means that user can monitor several ports from one port. In this function, one port to
monitor is called monitor port and a port to be monitored is called mirrored port. Traffics
transmitted from mirrored port are copied and sent to monitor port so that user can monitor it.
MONITORING
V5324 Switch
Mirrored
Port 1
Mirrored
Port 3
Mornitor port
Mirrored
Port 2
Traffic transmitted
from Mirrored port
1,2,3
Example of Port Mirroring
Before configuring Port-mirroring in V5324 switch, you need to assign mirrored ports/monitor port and
activate Port-mirroring.
Dasan Networks, Inc
4.2.1 Assigning Monitor Port and Mirrored Port
You should assign monitor port and mirrored port, and then you can configure Port-mirroring.
In order to assign monitor port and mirrored port, use the following command.
Command
Mode
set mirror add port-number
Function
Configures mirrored port.
Bridge
set mirror monitor { port-number | cpu}
Confgiures minitor port or CPU.
The following is an example of configuring port 1 as monitor port and port 2~4 as mirrored ports.
SWITCH(bridge)# set mirror monitor 1

SWITCH(bridge)# set mirror add 2-4
SWITCH(bridge)#
In order to delete mirroring group, use the following command.
Command
set mirror del port-number
Mode
Bridge
Function
Deletes mirrored port.
4.2.2 Enabling Port Mirroring
Before using port mirroring, you should enable port mirroring. In order to enable port mirroring, use
Command
set mirror enable
Mode
Bridge
Function
Enables port mirroring.
The following is an example of enabling port mirroring.
SWITCH(bridge)# set mirror enable

SWITCH(bridge)#
Dasan Networks, Inc
Also, you have to disable port mirroring to release it. In order to do it, use the following command.
Command
Mode
set mirror disable
Bridge
Function
Disables port mirroring.
4.2.3 Confirming Configuration of Port Mirroring
In order to verify the port mirroring, use the following command.
Command
Mode
show mirror
Top/Global/Bridge
Function
Shows configuration of port mirroring.
The following is an example of configuring port 1 as monitor port to monitor incoming packets to port
2~4 and confirming it.
SWITCH(bridge)# set mirror monitor 1

SWITCH(bridge)# set mirror add 2-4
SWITCH(bridge)# set mirror enable
SWITCH(bridge)# show mirror
Mirroring enabled
Monitor port = 1
Ingress-mirrored ports
-- 02 03 04 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -Egress-mirrored ports
-- 02 03 04 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -SWITCH(bridge)#
Dasan Networks, Inc
Chapter V System Environment
This chapter explains how to configure host name and time of system and how to manage it.
Environment Configuration
Configuration Management
System Confirmation
5.1 Environment Configuration

User must configure the following items.
Host name
Date and Time
Time-zone
NTP
Output Condition of Terminal Screen
DNS Server
5.1.1 Host name
Host name displayed on prompt is necessary to distinguish each device connected to network. In order
to configure or change host name of switch, use the command, hostname on Global configuration
mode. The variable, name you need to enter after the command is new name you assign. Host name
distinguishes upper case and lower case. By default, host name is set to SWITCH.
Command
hostname name
Mode
Global
Function
Configures host name of switch with new name user assigns.
Information
The variable, name which follows command is the new mane of switch user assigns.
Information
The default is SWITCH.
The following is an example of changing hostname to DASAN.
SWITCH(config)# hostname DASAN

DASAN(config)#
Dasan Networks, Inc
System Environement - 69
5.1.2 Date and Time
In order to configure or change time and date in switch, use the command, clock on Top mode.
Command
Mode
clock MMDDhhmmYYYY
Top/Global
Function
Configures or change time and date in users switch.
The variable, MMDDhhmmYYYY you need to enter after the command is Month-Day-HourMinute-Year.
The following is an example of configuring as Dec., 13th , PM 04:14 in 2002.
SWITCH# clock 121316142002

Fri Dec 13 16:14:00 UTC 2002
SWITCH#
In order to view configured date and time, use the following command.
Command
show clock
Mode
Top/Global
Function
Shows configured date and time.
5.1.3 Time-zone
You can configure Time-zone to the V5324 switch with the following command. Time-zone is classified
GMT, UCT, UTC. If you want to know what kind of Time-zone can you configure, Use the show timezone command. Time-zone is predefined as the UTC(Universal Coordinated Time) at the factory
configuration
Command
show time-zone
70 - System Environmen
Mode
Top/Global
Function
Show the kinds of Time-zone.
Dasan Networks, Inc
Information
The command, show time-zone only displays kinds of Time-zone. In order to verify configuration
about Time-zone, use the command, show clock.
The following table shows the kinds of Time-zone, which can configure to the Switch and a main
country or area, belong to the Time-zone.
GMT Time
Time-zone
Country
GMT-12
Eniwetok
GMT-11
Time-zone
Country
Time-zone
Country
GMT-3
Rio De Janeiro
GMT+6
Rangoon
Samoa
GMT-2
Maryland
GMT+7
GMT-10
Hawaii, Honolulu
GMT-1
Azores
GMT+8
GMT-9
Alaska
GMT+0
London, Lisbon
GMT+9
GMT-8
LA, Seattle
GMT+1
Berlin, Rome
GMT+10
GMT-7
Denver
GMT+2
Cairo, Athens
GMT+11
Okhotsk
GMT-6
Chicago, Dallas
GMT+3
Moscow
GMT+12
Wellington
GMT-5
New York, Miami
GMT+4
Teheran
GMT-4
George Town
GMT+5
New Dehli
Bangkok,
Singapore
Hong Kong,
Peking
Seoul, Tokyo
Sydney,
Melbourne
In order to configure time-zone, use the following command.
Command
time-zone time-zone
Mode
Global
Function
Configure or modify the current Time-zone on the Switch.
Information
The default is UCT(Universal Coordinated Time).
Dasan Networks, Inc
In order to verify configuration about Time-zone, use the following command.
Command
Mode
show clock
Top/Global
Function
Shows users configuration about date/time and Time-zone.
The following is an example of configuring Time-zone as Seoul and viewing the configuration.
SWITCH(config)# time-zone GMT+9

SWITCH(config)# clock 121316142002
Fri, 13 Dec 2002 16:14:10 GMT+0900
SWITCH(config)# show clock
Fri, 13 Dec 2002 16:14:10 GMT+0900
SWITCH(config)#
5.1.4 NTP
NTP(Network Time Protocol) can be used to configure users switches to 1/1000 second to guarantee the
exact time on networks. The Switch and NTP server constantly transmit the massage each other to
converge the correct time. It is very important to configure exact time to the Switch so that switch
operates properly. The details about NTP will be given at STD and RFC 1119.
To configure the switch in NTP, use the following commands.
Command
Mode
ntp server 1 [server 2]
Specifies the IP address of the NTP server. It is

Global
[server 3]
Function
ntp start
possible up to three number of server.

Runs NTP.
show running-config
Show switch configuration.
We can use the public NTP server and private NTP server both and enter the Domain name or IP
address of NTP server. Thetime.nuri.netis used in Korea, IP address is 203.255.112.96.
Dasan Networks, Inc
The following is an example of configuring 203.255.112.96 as NTP server, running it and confirming it.
SWITCH(config)# ntp 203.255.112.96

SWITCH(config)# ntp start
(omitted)
no snmp
!
ntp 203.255.112.96
ntp start
!
!
SWITCH(config)#
In order to release NTP function, use the following command.
Command
no ntp
Mode
Global
Function
Releases NTP function.
The following is an example of releasing NTP and confirming it.
SWITCH(config)# no ntp
Current configuration:
hostname SWITCH
!
!
bridge
!
interface lo
no shutdown
!
(omitted)
no snmp
!
!
Message concerned about NTP deleted.
SWITCH(config)#
Dasan Networks, Inc
5.1.5 Output Condition of Terminal Screen
By default setting, V5324 switch is configured to display 24 lines composed by 80 characters on console
terminal screen. User can change the number of displayed lines by using the command, line. You can
display maximum 512 lines.
In order to configure the number of displayed lines on terminal screen, use the following command on
Top mode.
Command
Mode
terminal line <1~512>
Top
Function
Configures the number of displayed lines on terminal screen.
Information
The maximum of the number of line is 512.
The following is an example of configuring the number of displayed lines in terminal screen as 20 lines.
SWITCH# terminal line 20

SWITCH#
5.1.6 DNS Server
In V5324 switch, it is possible to use hostname or URL instead of IP address when you use telnet, ftp,
tftp and ping command Also, when you register certain domain name in V5324 switch, hosts in
registered domain can use telnet, ftp, tftp and ping commands with hostname, no IP address.
Dasan Networks, Inc
Domain name server
Internet
V5324 Switch
Domain name - A
Host A
Host B
Host D
Host C
DNS Server
In the above picture, if you register domain name A in V5324 switch, you can use hostname instead of
IP address for telnet, ftp, tftp and ping commands. To do it, you need to register DSN server in V5324
switch. In order to register DNS server, use the following command.
Command
Mode
ip dns server-ip-address default-domain-name
Global
Function
Registers default DNS server in switch.
After registering DNS server and making connection to the server on network, you can use hostname
instead of IP address for telnet, ftp, tftp and ping commands.
Note
The above function can be used when users switch, DNS server and certain domain are connected on
network for communication.
In order to view registered DNS server, use the following command.
Command
show ip dns
Dasan Networks, Inc
Mode
Top/Global
Function
Shows configuration of DNS server.
The following is an example of registering 168.126.63.1 as DNS server and confirming it.
SWITCH(config)# ip dns 168.126.63.1 A

SWITCH# show ip dns
#search kornet.ne.kr
#nameserver 192.1.1.1
SWITCH#
Information
The above example is just for your reference. In real configuration, you must input the DNS server you
are going to use.
The following is an example of taking ping test with domain name after registering DNS server.
SWITCH# ping da-san.com

PING da-san.com (203.236.124.3) from 203.236.124.248 : 56(84) bytes of data.
64 bytes from 203.236.124.3: icmp_seq=0 ttl=254 time=0.4 ms
--- da-san.com ping statistics --4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.3/0.4 ms
SWITCH#
The following is an example of inputting hostname instead of IP address for ping test to host B after
registering domain A.
SWITCH(config)# ip dns 168.126.63.1 A

SWITCH# ping B
PING B.A (192.168.218.10) from 192.168.218.248 : 56(84) bytes of
data.
--- B.A ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
SWITCH#
Dasan Networks, Inc
In the above example, A and B are just example. In real configuration, you should input actual domain
name and hostname instead of A and B.
In order to delete registered DNS server and domain name, use the following command.
Command
no ip dns
Mode
Global
Function
Deletes registered DNS server and domain name.
The following is an example of deleting registered DNS server.
SWITCH(config)# no ip dns
SWITCH(config)#
5.1.7 Login Banner
It is possible to write message in system login page. Through the message, administrator can leave a
message to another user.
It is possible to write a message in system login page, use the following command.
Command
set banner
Mode
Global
Function
Writes a message in system login page.
When you use the above command, the following message will be displayed.
SWITCH(config)# set banner

Save & Exit : CTRL-D
When you press Ctrl + D key, you can exit to

system prompt.
Write message you need. When you finish the message, press Ctrl+D key two times.
SWITCH(config)# set banner

Save & Exit : CTRL-D
When you press Ctrl+D key two times
do not change the configuration
after writing a message, you can exit to
SWITCH(config)#
Dasan Networks, Inc
system prompt.
Then, the banner will be created when you log in.
SWITCH login: root

Password:
do not change the configuration
SWITCH#
In order to delete login banner in system login page, use the following command.
Command
clear banner
Mode
Function
Global
Deletes login banner user creates.
In order to view login banner, use the following command.
Command
show banner
Mode
Function
Top/Global
Displays login banner user creates.
5.2 Configuration Management

User can check if users configurations are correct and save them in system. This section contains the
following functions.
Checking Switch Configuration
Saving Configuration
Reloading
Configuration Backup
5.2.1 Checking Switch Configuration
User can view switch configuration. In order to do it, use the following command.
Command
show running-config
Mode
Top / Global / Bridge/Interface
Function
Shows switch configuration.
Dasan Networks, Inc
5.2.2 Saving Configuration
After you download a new system image to V5324 switch from TFTP/FTP server, if the configuration
files are changed, you must save the changed file in the flash memory. Unless you saved the changed
file, the configuration file will delete incase of rebooting. In order to save the configuration files in the
flash memory, use the following command.
Command
Mode
Function
write memory
Top/Global/Interface/Bridge
Saves changed configuration in the flash memory.
The following is an example of saving configuration.
SWITCH# write memory

SWITCH#
Note
When you store configurations with using this commands, please wait for [OK] message without any key
pressed.
5.2.3 Reloading
User can delete an individual configuration one by one, and also can reload the switch with the default
setting. In order to reload the switch, use the following command on Global configuration mode.
Command
restore factory-defaults
Mode
Global
Function
Reloads the switch.
Note
After reloading with the command, restore factory-defaults, restore factory-defaults, you have to reboot
the switch to initiate.
Dasan Networks, Inc
The following is an example of reloading switch.
SWITCH(config)# restore factory-defaults

Erasing configurations...
[OK]
SWITCH(config)#
5.2.4 Configuration Backup
It is possible to save users configurations and to use for the data recovery or system operating. In order
to back up users configuration, use the following commands. In order to use back up file, use the
following command.
Variable name is a kind of file name that can be configured by user.
Command
copy
running-config
Mode
{name
Function
Copies the current configuration with a name configured by user or
startup-config}
startup configuration.
Global
copy startup-config name
Copies startup configuration with a name configured by user.
copy name-1 name-2
Copies backup file with another name.
In order to use backup file, use the following command.
Command
copy name startup-config
Mode
Function
Global
Opens backup file named name to use as startup configuration.
Note
In order to apply back up file to switch, you should reboot the system.
In order to list backup files, use the following command.
Command
show config-list
Mode
Global
Function
Lists backup files.
Dasan Networks, Inc
The following is an example of copying the current configuration with a name and confirming it.
SWITCH(config)# copy running-config V5324

[OK]
SWITCH(config)# show config-list
=========================
CONFIG-LIST
=========================
l3_default
V5324
SWITCH(config)#
In order to delete backup file, use the following command.
Command
erase filename
Mode
Global
Function
Deletes backup file.
5.3 System Check

When there is any problem in switch, user must find what the problem is and its solution. Also neither
he nor she should always check switch to prevent trouble. Therefore user should not only be aware of
switch status but also check if configurations are correctly changed. This section includes the following
functions with DSH command.
Checking Network Connection
Tracing Packet Route
Checking the Cable Length
Checking Accessed User through Telnet
Displaying Destination Information
Confirming MAC table
Configuring Ageing Time
Viewing Running Time of Switch
Confirming System Information
Checking Average of CPU Utilization
Checking CPU Process
Viewing Utilization of Memory
Dasan Networks, Inc
Viewing Version of System Image
Viewing Size of System Image File
Checking Installed OS
Configuring Default OS
Checking Switch Status
5.3.1 Checking Network Connection
In order to check if users switch is correctly connected to network, use the command, ping. In IP
network, the command, ping transmits echo message to ICMP(Internet Control Message Protocol).
ICMP is internet protocol that notifies fault situation and provides information on the location where IP
packet is received. When ICMP echo message is received at the location, its replying message is
returned to the place where it came from. In order to do ping test for checking network connection to
partner, use the following command on Top mode.
Command
Mode
ping destination [count]
Top
Function
Sends an ICMP echo message to a designated IP address for testing
connectivity. As many as you input at [count] ICMP messages are sent.
The following is an example of taking ping test three times to check network connection with
192.168.1.10.
SWITCH# ping 192.168.1.218 3

PING 192.168.1.218 (192.168.1.218) from 192.168.1.10 : 56(84) bytes of data.
--- 192.168.1.218 ping statistics --3 packets transmitted, 3 packets received, 0% packet loss
SWITCH#
Also, user of V5324 switch can view all hosts on same network with the switch. In order to view all
hosts on same network with users switch, use the following command.
Dasan Networks, Inc
Command
Mode
bping network-address
Top
Function
Checks a certain network connection and views all hosts on
network.
Note
You have to enter network address to view all hosts on network. If you enter host address, not network for
bping test address, the result is same with regular ping test.
The following is an example of checking network connection of network address 192.168.1.0 by using
the command, bping and viewing all hosts on the network.
SWITCH# bping 192.168.1.0

64 bytes from 192.168.1.202: icmp_seq=0 ttl=255 time=2183.6 ms (DUP!)
--- 172.16.0.0 ping statistics --5 packets transmitted, 5 packets received, +120 duplicates, 0% packet loss
SWITCH#
In case that users switch is configured with several IP addresses, sometimes you need to check network
connection of between specific IP address and partner.
In order to check network connection of between specific IP address and partner, use the following
command.
Command
sping src-ip-address
des-ip-address
Mode
Top
Function
Configures to have the partner who received message reply to configured
address. Inputs the address the partner should reply to at source ip address.
Note
In case that several IP addresses are configured in users device, use the command, sping. It is useless for
device with one IP address.
Dasan Networks, Inc
The following is an example of using the command, sping for checking network connection of
between 172.16.209.5 and 10.1.1.5 when IP address of the switch is configured as 192.168.1.10 and
172.16.209.5.
SWITCH# sping 172.16.209.5 10.1.1.5

PING 10.1.1.5 (10.1.1.5) from 172.16.209.5 : 56(84) bytes of data.
--- 10.1.1.5 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss
SWITCH#
5.3.2 Tracing Packet Route
You can discover the routes that packets will actually take when traveling to their destinations. To do
this, the traceroute command sends probe datagrames and displays the round-trip time for each node.
If the timer goes off before a response comes in, an asterisk (*) is printed on the screen.
Command
Mode
traceroute destination
Top
Function
Traces packet routes through the network with input IP address or hostname.
The following is an example of tracing packet route sent to 192.168.1.10.
SWITCH# traceroute 192.168.1.10

traceroute to 192.168.1.10 (192.168.1.10), 30 hops max, 38 byte packets
1
hmt.da-san.com (203.236.124.252)
172.16.147.49 (172.16.147.49)
168.126.228.101 (168.126.228.101)
211.193.39.1 (211.193.39.1)
211.196.155.2 (211.196.155.2)
hh-k5-ge3.kornet.net (211.192.47.15)
128.134.40.182 (128.134.40.182)
8.389 ms
211.39.255.229 (211.39.255.229)
134.076 ms
211.45.90.253 (211.45.90.253)
10
0.528 ms
141.994 ms
0.450 ms
13.600 ms
6.848 ms
6.591 ms
6.691 ms
7.023 ms
7.749 ms
8.134 ms
13.171 ms
6.597 ms
6.884 ms
7.215 ms
0.719 ms
125.313 ms
6.995 ms
11.795 ms
34.922 ms
13.549 ms
12.646 ms
13.891 ms
50.576 ms
7.442 ms
7.714 ms
* * *
SWITCH#
Dasan Networks, Inc
5.3.3 Check the Cable Length
You can check the cable length from the switch port to a workstation.
To verify station-to-station cable length, use the following command in global configuration mode or
top mode.
Command
Mode
show cable-length
Top
Purpose
Display the cable length from each Ethernet port on the switch to workstations.
This is the output display from the show cable-length command.
SWITCH(config)# show cable-length

PORT |
CABLE LENGTH
========================
1
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
20-39 (meter)
10
20-39 (meter)
11
20-39 (meter)
12
20-39 (meter)
13
20-39 (meter)
14
20-39 (meter)
15
20-39 (meter)
16
20-39 (meter)
17
20-39 (meter)
18
20-39 (meter)
19
20-39 (meter)
20
20-39 (meter)
21
20-39 (meter)
22
20-39 (meter)
23
20-39 (meter)
24
20-39 (meter)
SWITCH(config)#
Dasan Networks, Inc
5.3.4 Checking Accessed User through Telnet
In order to check accessed user through telnet, use the following command.
Command
Mode
where
Top/Global
Function
Checks accessed user from remote place.
The following is an example of checking if there is any accessed user from remote place.
SWITCH# where
root at ttyS0 from (null) for 4 minutes 40.10 seconds
root at ttyp0 from 192.168.1.10:2181 for 14.68 seconds
SWITCH#
5.3.5 Displaying Destination Information
In order to display destination information registered in routing table, use the following command.
Command
Mode
which-route ip-address
Top
Function
Displays destination information.
The following is an example of displaying destination information, 202.236.124.10 0.
SWITCH# which-route 202.236.124.100

202.236.124.100 via 172.16.1.254 dev br1
cache
src 172.16.218.2
mtu 1500 rtt 375ms
SWITCH#
Dasan Networks, Inc
5.3.6 Confirming MAC table
In order to display MAC table recorded in specific port, use the following command.
Command
Mode
show mac bridge-name [port-number]
Function
Top / Global / Bridge
Shows MAC table.
The following is an example of displaying MAC table recorded in br1.
SWITCH(config)# show mac br1

port (id)
mac addr
permission
in use
eth07(7)
00:00:00:00:00:28
OK
23.29
eth07(7)
00:00:00:00:00:25
OK
23.35
SWITCH(config)#
Information
The above message may vary according to product codes.
Information
There are more than about a thousand MAC addresses in MAC table. And it is difficult to find
information you need at one sight. So, The system shows certain amount of addresses displaying more-on standby status. Press any key to search more. After you find the information, you can go back
to the system prompt without displaying the other table by pressing q.
5.3.7 Configuring Ageing time
V5324 switch records MAC Table to prevent Broadcast packets from transmitting. And unnecessary
MAC address that does not response during specified time is deleted from the MAC table automatically.
The specified time is called Ageing time.
To specify the Ageing time, use the following command.
Command
set stp ageing name time
Dasan Networks, Inc
Mode
Bridge
Function
Specifies the Ageing time.
5.3.8 Viewing Running Time of Switch
User can view time how long users switch has been running after booting.
In order to view running time of users switch, use the following command.
Command
Mode
show uptime
Function
Top/Global
Shows running time of users switch after power on.
The following is an example of viewing running time of switch.
SWITCH# show uptime

0 days 4 hours 52 minutes 52.91 seconds
SWITCH#
5.3.9 Confirming System Information
In order to view system information such as product model, memory size, hardware specification, and
OS version, use the following command.
Command
Mode
show system
Function
Top/Global
Shows system information.
The following is an example of confirming system information of V5324 switch.
SWITCH# show system

SysInfo(System Information)
Model Name
: V5324
Main Memory Size
: 64 MB
Flash Memory Size
: 8 MB(INTEL IN28F640J3)
S/W Compatibility
: 2
H/W Revision
: DS-N8-06C-A1
NOS Version
: 9.07
SWITCH#
Dasan Networks, Inc
Information
The above example is based on V5324 OS V9.07. It may vary according to product model.
5.3.10 Checking Average of CPU Utilization
It is possible to check average of CPU utilization. In order to do it, use the following command.
Command
Mode
show cpuload
Function
Shows threshold of CPU utilization and average of
Top/Global
CPU utilization.
The following is an example of checking average of CPU utilization.
SWITCH# show cpuload

---------------Average CPU load
---------------5 sec:
0.40( 0.09) %
1 min:
0.37( 0.09) %
10 min:
0.36( 0.09) %
CPU Load Threshold : 50

SWITCH#
5.3.11 Checking CPU Process
It is possible to check CPU loading process classified by each process. Through this function, user can
see which demon possesses the most of CPU, if there is unnecessary demon, and operating process of
troubled demon. This information is useful data to solve problem.
In order to check CPU process, use the following command.
Command
show process
Dasan Networks, Inc
Mode
Top/Global
Function
Checks CPU loading process
The following is an example of checking CPU process of switch.
SWITCH# show process

USER
PID %CPU %MEM
VSZ
TIME COMMAND
0.0
0.8
14:55
0:05 init
root
0.0
0.0
root
0.0
0.0
0 ?
SW
14:55
0:00 [kflushd]
0 ?
SW
14:55
root
0.0
0.0
0:00 [kupdate]
0 ?
SW
14:55
root
0.0
0.0
0:00 [kpiod]
0 ?
SW
14:55
0:00 [kswapd]
root
81
0.0
0.8
1104
root
84
0.0
1.1
1436
504 ?
14:55
0:00 klogd -c 1
724 ?
14:55
root
85
0.2
0:00 syslogd -m 0
root
87
0.0
1.0
1488
624 ?
root
95
0.0
1.0
1304
632 ttyS0
14:55
0:00 -ksh
root
100
0.0
3.8
3948 2416 ttyS0
15:03
0:00 /usr/sbin/vtysh
root
115 12.0
1.2
2380
17:05
0:00 ps -aux
3108
540 ?
STAT START
2.3
1124
RSS TTY
root
1476 ?
752 ttyS0
14:55
14:55
0:15 /usr/sbin/zebra
0:00 /usr/sbin/inetd
SWITCH#
CPU Loading Rate
5.3.12 Viewing Utilization of Memory
In order to view utilization of memory, use the following command.
Command
Mode
show memory
Function
Top/Global
Shows utilization of switch memory.
The following is an example of viewing utilization of switch memory.
SWITCH# show memory

total:
Mem:
used:
free:
shared: buffers:
63627264 38924288 24702976 42315776
Swap:
MemTotal:
62136 kB
MemFree:
24124 kB
MemShared:
41324 kB
Buffers:
8192 kB
Cached:
4932 kB
SwapTotal:
0 kB
SwapFree:
0 kB
cached:
8388608
5050368
SWITCH#
90 System Environmen
Dasan Networks, Inc
5.3.13 Viewing Version of System Image
User can view current system image version of V5324 switch.
In order to view the current system image version, use the following command.
Command
Mode
show version
Top/Global
Function
Shows version of system image.
The following is an example of viewing the system image version OS 9.07of the switch.
SWITCH# show version

Switch OS version : 9.07
SWITCH#
5.3.14 Viewing Size of System Image File
User can verify the size of the current system image file of V5324 switch.
In order to do this, use the following command.
Command
Mode
show os-size
Top/Global
Function
Shows size of system image.
The following is an example of viewing the size of the current system image file.
SWITCH# show os-size

OS image size : 3439412 bytes
SWITCH#
Dasan Networks, Inc
5.3.15 Checking Installed OS
It is possible to view utilization of flash memory. In order to do it, use the following command.
Command
Mode
show flash
Function
Top/Global
Shows utilization of flash memory.
The following is an example of viewing utilization of flash memory.
SWITCH# show flash

Flash Information(Bytes)
Area
total
used
free
---------------------------------------------------OS
Config
7864320
5367868
2234398
524284
92160
432124
9.07 #4123
---------------------------------------------------Total
167252924
10737668
5415256
SWITCH#
92 System Environmen
Dasan Networks, Inc
Chapter VI Network Management
This chapter provides guidelines to manage V5324 switch and network in which V5324 is. It contains
the following sections.
SNMP
RMON
Syslog
QoS and Packet Filtering
MAC Filtering
Configuring Max Host
Managing MAC Table
Configuring Ageing Time
Configuring ARP Table
6.1 SNMP
SNMP(Simple Network Management Protocol) system is consisted of three parts: SNMP manager, a
managed device and SNMP agent. SNMP is an application-layer protocol that allows SNMP manager
and agent stations to communicate with each other. SNMP provides a message format for sending
information between SNMP manager and SNMP agent.
The agent and MIB reside on the switch. In configuring SNMP on the switch, you define the
relationship between the manager and the agent. According to community, you can give right only to
read or right both to read and to write. The SNMP agent has MIB variables to reply to request from
SNMP administrator. And SNMP administrator can obtain data from the agent and save data in the
agent. The SNMP agent gets data from MIB, which saves information on system and network.
The SNMP agent sends trap to administrator for some cases. Trap is a warning message to alert network
status to SNMP administrator. Trap informs improper user authentication, rebooting, connection
status(activate or deactivate), closing of TCP connection, disconnected to neighbor switch.
Internet
Managed Device
(Each SNMP Agent included)
Requested
information
transferred
manager
to
SNMP
Reuest information
to SNMP Agent
SNMP Manager
NMS(Network Management
System) used
Organization of SNMP
94 - Network Management
Dasan Networks, Inc
Information
By default setting, SNMP is deactivated in V5324 switch. SNMP is activated according to users
configuration such as community and contact.
6.1.1 Configuring Access Right to SNMP Agent
Only authorized person can access to the SNMP agent installed in the switch by configuring password
called as community.
In order to configure the community, use the following command on Global configuration mode.
Command
snmp community password {ro | rw}
Mode
Global
Function
Configures community to allow authorized person to
access.
Community means password as we usually know. You can configure the community by entering
password you want at password. And it is possible to give access right only to read or both to read and
to write according to configuring password. The abbreviations following, ro stands for read-only and
rw stands for read/write. They are commands to distinguish access right.
Information
It is possible to configure SNMP community up to maximum three in V5324 switch.
The followings are two examples of giving access right both to read and write by configuring password
as administrator, and giving access right only to read by configuring password as everyone.
SWITCH(config)# snmp community administrator rw

SWITCH(config)# snmp community everyone ro
SWITCH(config)#
Dasan Networks, Inc
Network Management - 95
The following is an example of inputting more than three communities.
SWTICH(config)# snmp community dasan rw

%read-write community string list is full
SWTICH(config)#
In order to delete configured community, use the following command.
Command
no snmp community password {ro | rw}
Mode
Global
Function
Deletes community.
6.1.2 Configuring Accessed Person and Location of SNMP Agent
You can configure accessed person and location of the SNMP agent so that these descriptions can be
saved at SNMP configuration file.
In order to configure accessed person and location of the SNMP agent, use the following commands.
Command
Mode
snmp contact name
Function
Enters name of accessed person.
Global
snmp location name
Enters location of SNMP agent.
The following is an example of configuring accessed person and location of SNMP agent as manager
and Seoul.
SWITCH(config)# snmp contact manager

SWITCH(config)# snmp location seoul
SWITCH(config)#
Dasan Networks, Inc
6.1.3 Configuring SNMP Trap
SNMP trap is alert message that SNMP agent notifies SNMP manager about certain problems. If you
configure SNMP trap, switch transmits pertinent information to network management program. In this
case, trap message receivers are called trap-hosts.
(1) Configuring SNMP trap-host

In order to configure trap-host who receives trap message, use the following command. In this case, you
should input IP address of trap-host who is supposed to receive trap. For example, if SNMP manager is
trap-host, you should input IP address of SNMP manager.
Command
snmp trap-host ip-address [ip-address]
Mode
Global
Function
Configures trap-host.
The following is an example of configuring manager who has IP address 10.1.1.3 as trap-host.
SWITCH(config)# snmp trap-host 10.1.1.3

SWITCH(config)#
Information
It is possible to configure maximum 16 SNMP trap-hosts in V5324 switch.
When you configure more than one trap-host, you can configure it by inputting IP address one by one
or inputting the IP addresses at once. The following is an example of configuring IP address 10.1.1.3,
20.1.1.5, and 30.1.1.2 as trap-host in two ways.

SWITCH(config)#
SWITCH(config)# snmp trap-host 10.1.1.3 20.1.1.5 30.1.1.2
SWITCH(config)#
Dasan Networks, Inc
The following is an example of confirming the above trap-host configuration.
SWITCH# show running-config

(omitted)
snmp trap-host 10.1.1.3 20.1.1.5 30.1.1.2
!
SWITCH#
In order to delete configured SNMP trap, use the following command.
Command
no snmp trap-host ip-address
Mode
Global
Function
Deletes configured SNMP trap-host.
(2) Configuring Type of SNMP Trap

There are nine kinds of SNMP trap messages provided by SNMP cold-start, link-up/down,
authentication failure, cpu-threshold, port-threshold, dhcp-lease, fan, module, and power.
Each trap message is shown in the following cases.
(1) cold-start is shown when SNMP is turned off and rebooted again.
(2) link-up/down is shown when network of port specified by user is disconnected, or when the
network is connected again.
(3) authentication failure is shown to inform wrong community is input when user trying to access to
SNMP inputs wrong community.
(4) cpu-threshold is shown when CPU utilization threshold configured by user referred to 6.3.2 CPU
Utilization Thresholds excesses. Also, when CPU utilization is down under the threshold, trap
message will be seen to inform it.
(5) port-threshold is a trap message to inform that configured port traffic is more than the threshold
configured in 6.3.3 Configuring Threshold of Port Traffic. Also, when port traffic goes down
less than the threshold, port-threshold will be shown.
(6) dhcp-lease is shown when there is no more IP address can be assigned in subnet of DHCP server.
Even though only one subnet does not have IP address to assign when there are several subnets,
this trap message will be seen.
(7) fan/module/power is shown when there is any problem in Fan, Module, and Power.
Dasan Networks, Inc
However, it may be inefficient work if all these trap messages are too frequently sent. Therefore, user
can select type of trap sent to trap-host. In order to configure kinds of trap messages that user wants to
receive, use the following commands.
Command
Mode
Function
snmp trap auth-fail
Configures authentication failure trap message to be sent.
snmp trap cold-start
Configures cold-start trap message to be sent.

Configures link-down message to be sent when network of
snmp trap link-down port-number
port specified by user is disconnected.

Configures link-down message to be sent when network of
snmp trap link-up port-number
port specified by user is connected.

Configures cpu-threshold trap message to be sent when
CPU utilization threshold configured by user referred to
snmp trap cpu-threshold
6.3.2 CPU Utilization Thresholds excesses, and when CPU

Global
utilization is down under the threshold, trap message will

be seen to inform it.
Configures dhcp-lease trap message to be sent is when there
snmp trap dhcp-lease
is no more IP address can be assigned in subnet of DHCP

server.
snmp trap fan
Sends trap message when there is any problem in fan.
snmp trap module
Sends trap message when there is any problem in module.
snmp trap power
Sends trap message when there is any problem in power.
snmp trap port-threshold
Sends trap message when port traffic in excesses of

threshold and it goes down than the threshold.
Information
By default, all kinds of trap messages are configured to send.
Dasan Networks, Inc
In order to block each message to trap-host, use the following commands.
Command
Mode
Function
no snmp trap auth-fail
Blocks authentication failure trap message.
no snmp trap cold-start
Blocks cold-start trap message.
no snmp trap link-down port-number
Blocks link-down trap message.
no snmp trap link-up port-number
Blocks link-up trap message.
no snmp trap cpu-threshold
Blocks cpu-threshold trap message.

Global
no snmp trap dhcp-lease
Blocks dhcp-lease trap message.
no snmp trap fan
Blocks fan trap message.
no snmp trap module
Blocks module trap message.
no snmp trap power
Blocks power trap message.
no snmp trap port-threshold
Blocks port threshold trap message.
6.1.4 Confirming SNMP Configuration
In order to confirm SNMP configuration, use the following command.
Command
Mode
show running-config
Function
The following is an example of viewing switch configuration.

(omitted)
snmp contact manager
snmp location seoul
snmp community everyone ro
snmp community administrator rw
no snmp trap auth-fail
snmp trap-host 10.1.1.3 20.1.1.5 30.1.1.2
SWITCH(config)#
Dasan Networks, Inc
6.1.5 Deleting SNMP
In order to delete SNMP, use the following command.
Command
no snmp
Mode
Global
Function
Deletes SNMP.
When you use the above command, all configurations concerned with SNMP will be deleted. The
following is an example of deleting SNMP and confirming it.
SWITCH(config)# no snmp
(omitted)
no snmp
!
!
!
SWITCH(config)#
6.2 RMON
RMON(Remote Monitoring) is a function to monitor communication status of devices connected to
Ethernet at remote place. While SNMP can give information only about the device mounted SNMP
agent, RMON gives information about overall segments including devices. Thus, user can manage
network more effectively. For instance, in case of SNMP it is possible to be informed traffic about certain
ports but through RMON you can monitor traffics occurred in overall network, traffics of each host
connected to segment and current status of traffic between hosts.
Since RMON processes quite lots of data, its processor share is very high. Therefore, administrator
should take intensive care to prevent performance degradation and not to
overload network
transmission caused by RMON. There are nine defined RMON MIB groups in RFC 1757: Statistics,
History, Alarm, Host, Host Top N, Matrix, Filter, Packet Capture and Event. V5324 switch supports
three MIB groups of them, most basic ones: History, Alarm and Event.
Dasan Networks, Inc
6.2.1 Configuring RMON History
RMON History is periodical sample inquiry of statistical data about each traffic occurred in Ethernet
port. Statistical data of all ports are pre-configured to be monitored at 30-minute interval, and 50
statistical data stored in one port. It also allows you to configure the time interval to take the sample
and the number of samples you want to save.
The following is an example of viewing the default configuration of History.

(omitted)
!
rmon-history 1
owner monitor
data-source ifIndex.n1/port1
interval 30
requested-buckets 50
!
(omitted)
SWITCH(config)#
You need to enter into History configuration mode first to configure RMON history. In order to enter
into History configuration mode, use the following command. After entering into History configuration
mode, the system prompt is changed to SWITCH(config-rmonhistory[n]# from SWITCH(config)#. The
variable n is number to be configured to distinguish each different History.
Command
Mode
rmon-history number
Global
Function
Configures a number to distinguish RMON History. It can be
configured from 1 to 65,534.
The following is an example of entering into History configuration mode to configure History 5.
SWITCH(config)# rmon-history 5
SWITCH(config-rmonhistory[5])#
Input a question mark(?) at the system prompt on History configuration mode if you want to list
available commands. The following is an example of listing available commands on History
configuration mode.
Dasan Networks, Inc
SWITCH(config-rmonhistory[1])# ?
active
Activate the history
data-source
Define the data source object for the ethernet port
end
End current mode and down to top mode
exit
interval
Define the time interval for the history
list
Print command list
owner
Assign the owner who define and is using the history resources
requested-buckets
Define the bucket count for the interval
show
SWITCH(config-rmonhistory[1]#
Information
The question mark(?) you enter will not be seen. Right after entering the question mark, the commands
will be displayed.
In order to return into Global configuration mode, or to enter into Top mode, use the following
commands.
Command
Mode
exit
Function
Returns to Global configuration mode.
RMON
end
Goes back right to Top mode.
The followings are examples of returning to Global configuration mode and going back to Top mode
from History configuration mode.
SWITCH(config-rmonhistory[5])# exit
SWITCH(config)#
SWITCH(config-rmonhistory[5])# end
SWITCH#
(1) Assigning Source Port of Statistical Data

When you configure RMON History, you have to assign source port of statistical data. In order to invest
statistical data from a certain port as sample inquiry, assign the port by using the following command.
Dasan Networks, Inc
Command
Mode
data-source data-object-id
RMON
Function
Assigns a source port of statistical port. The variable object
should be formed as ifIndex .number.
The following is an example of assigning port 1 as source port.
SWITCH(config-rmonhistory[5])# data-source ifindex.br1

(2) Identifying Subject of RMON History

User can configure RMON History and identify subject using many kinds of data from History. In order
to identify subject using History, use the following command.
Command
Mode
owner name
RMON
Function
Configures History and identifies subject using related data.
The following is an example of configuring subject of History as Dasan.
SWITCH(config-rmonhistory[5])# owner dasan

Information
When you configure subject of RMON Histroy, it is possible to input maximum 32 letters. If you input
more than 32 letters, the error message, %Too long owner name will be displayed.
(3) Configuring Number of Sample Data

User can configure the number of sample data in RMON History. In order to do that, use the following
command.
Command
requested-buckets count
Mode
RMON
Function
Configures the number of sample data.
Dasan Networks, Inc
The following is an example of configuring the number of sample data as 25 in History.
SWITCH(config-rmonhistory[5])# requested-buckets 25
Information
You can configure the number of sample data as maximum 65,535.
(4) Configuring Interval of Sample Inquiry

User can configure the interval of sample inquiry in terms of second. In order to do it, use the following
command.
Command
Mode
interval time
RMON
Function
Configures the interval of sample inquiry. The default setting is 30 seconds.
The following is an example of configuring the interval of sample inquiry as 60 seconds.
SWITCH(config-rmonhistory[5])# interval 60
Information
You can configure the interval of sample inquiry as maximum 3,600 seconds.
(5) Activating RMON History

After finishing all configurations, you need to activate RMON History. In order to activate RMON
History, use the following command.
Command
active
Dasan Networks, Inc
Mode
RMON
Function
Activates RMON History.
The following is an example of activating RMON History and viewing the configuration
SWITCH(config-rmonhistory[5])# active
SWITCH(config-rmonhistory[5])# show running-config
(Omitted)
rmon-history 5
owner dasan
data-source ifindex.hdlc1
interval 60
requested-buckets 25
active
(Omitted)
Note
Before activating RMON History, check if users configuration is correct. After RMON History is activated,
you cannot change its configuration. If you need to change configuration, you have to delete RMON
History and configure it again.
Information
Before activating RMON History, check if users configuration is correct. After RMON History is
activated, you cannot change its configuration. If you need to change configuration, you have to delete
RMON History and configure it again.
(6) Deleting and Changing Configuration of RMON History

When you need to change configuration of RMON History, you should delete RMON History of the
number and change the configuration again. In order to delete RMON History, use the following
command.
Command
Mode
no rmon-history number
Global
Function
Deletes RMON History of specified number.
The following is an example of deleting RMON History 5.
SWITCH(config)# no rmon-history 5
SWITCH(config)#
Dasan Networks, Inc
6.2.2 Configuring RMON Alarm
RMON Alarm invests sample data at the interval as use configured, and when the data is not in the
configured threshold.
There are two ways to compare with the threshold: Absolute comparison and Delta comparison.
Absolute Comparison : Comparing sample data with the threshold at configured interval, if the
data is more than the threshold or less than the threshold, Alarm is occurred.
Delta Comparison : Comparing difference between current data and the latest data with the
threshold, if the data more than the threshold or less than the threshold, Alarm is occurred.
You need to enter into RMON Alarm configuration mode first to configure RMON Alarm. In order to
enter into RMON Alarm configuration mode, use the following command. After entering into RMON
Alarm configuration mode, the system prompt is changed to SWITCH(config-rmonalarm[n]# from
SWITCH (config)#. The variable n is number to be configured to distinguish each RMON Alarm.
Command
Mode
rmon-alarm <1-65534>
Global
Function
Enters into RMON Alarm configuration mode.
The following is an example of entering into Alarm configuration mode to configure RMON Alarm 1.
SWITCH(config)# rmon-alarm 1
SWITCH(config-romonalarm[1]#
Input a question mark(?) at the system prompt on Alarm configuration mode if you want to list
available commands.
Dasan Networks, Inc
The following is an example of listing available commands on Alarm configuration mode.
SWITCH(config-rmonalarm[1]# ?
active
Activate the event
end
exit
falling-event
Associate the falling threshold with an existing RMON event
falling-thresholdDefine the falling threshold

list
Print command list
owner
rising-event
Associate the rising threshold with an existing RMON event
rising-threshold Define the rising threshold

sample-interval
Specify the sampling interval for RMON alarm
sample-type
Define the sampling type
sample-variable
Define the MIB Object for sample variable
show
startup-type
Define startup alarm type
SWITCH(config-rmonalarm[1]#
Information
will be displayed.
commands.
Command
Mode
exit
Function
RMON
end
from History configuration mode.
SWITCH(config-rmonalarm[1])# exit
SWITCH(config)#
SWITCH(config-rmonalarm[1])# end
SWITCH#
Dasan Networks, Inc
(1) Identifying Subject of RMON Alarm

User needs to configure RMON Alarm and identify subject using many kinds of data from Alarm. In
order to identify subject using Alarm, use the following command.
Command
Mode
owner name
RMON
Function
Configures RMON Alarm and identifies subject using many kinds of data from
Alarm
The following is an example of configuring subject of Alarm as Dasan.
SWITCH(config-rmonalarm[1])# owner dasan

SWITCH(config-rmonalarm[1])#
Information
When you identify subject of RMON Alarm, it is possible to input maximum 32 letters. If you input more
than 32 letters, the error message, %Too long owner name will be displayed.
(2) Configuring Object of Sample Inquiry

User needs object value used for sample inquiry to provide RMON Alarm. The following is rule of
object for sample inquiry.
svcExt.mib prescribes object used as sample.
CntExt.mib prescribes notation of object value.
In order to assign object used for sample inquiry, use the following command.
Command
Mode
sample-variable mib-object
RMON
Function
Assigns MIB object used for sample inquiry.
The following is an example of configuring MIB object apSvcConnections used for sample inquiry
SWITCH(config-rmonalarm[1])# sample-variable apSvcConnections

Dasan Networks, Inc
(3) Configuring Absolute Comparison and Delta Comparison.

It is possible to select the way how to compare MIB object used for sample inquiry in case of
configuring RMON Alarm. Absolute comparison directly compares object selected as sample with the
threshold. For instance, when you want to know the point of 30,000 times of sample inquiry, if you
configure apSvcConnections as 30,000, it is for Absolute comparison.
In order to compare object selected as sample with the threshold, use the following command.
Command
Mode
sample-type absolute
RMON
Function
Compares object with the threshold directly.
Delta comparison compares difference between current data and the latest data with the threshold. For
instance, in order to know the point of variable notation rule 100,000 more than the former rule,
configure apCntHits as Delta comparison. In order to configure Delta comparison, use the following
command.
Command
Mode
sample-type delta
RMON
Function
Compares difference between current data and the latest data with the threshold.
(4) Configuring Upper Bound of Threshold

If you need to occur Alarm when object used for sample inquiry is more than upper bound of threshold,
you have to configure the upper bound of threshold. In order to configure upper bound of threshold,
use the following command.
Command
Mode
rising-threshold number
RMON
Function
Configures upper bound of threshold.
The following is an example of configuring upper bound of threshold as 100.
SWITCH(config-rmonalarm[1])# rising-threshold 100

Dasan Networks, Inc
Information
You can configure upper bound of threshold as maximum 2,147,483,647. If you configure it as 0, then
there will not be Alarm.
After configuring upper bound of threshold, configure to occur RMON Event when object is more than
configured threshold. Use the following command.
Command
Mode
rising-event <0-65535>
RMON
Function
Configures to occur RMON Event when object is more than
The following is an example of configuring to occur RMON event 1 when object is more than
SWITCH(config-rmonalarm[1])# rising-event 1
Information
If you configure the standard, the upper bound of threshold as 0, there will not be Event.
(5) Configuring Lower Bound of Threshold

If you need to occur Alarm when object used for sample inquiry is less than lower bound of threshold,
you should configure lower bound of threshold. In order to configure lower bound of threshold, use the
following command.
Command
Mode
falling-threshold number
RMON
Function
Configures lower bound of threshold.
The following is an example of configuring lower bound of threshold as 90.
SWITCH(config-rmonalarm[1])# falling-threshold 90
Dasan Networks, Inc
Information
You can configure lower bound of threshold as maximum 2,147,483,647. If you configure it as 0, there will
not be Alarm.
After configuring lower bound of threshold, configure to occur RMON Event when object is less than
configured threshold. Use the following command.
Command
Mode
falling-event <0-65535>
RMON
Function
Configures to occur RMON Alarm when object is less than
The following is an example of configuring ro occur RMON Event when object is less than configured
threshold.
SWITCH(config-rmonalarm[1])# falling-event 2
Information
If you configure lower bound of threshold as 0, there will not be Event.
(6) Configuring Standard of the First Alarm

It is possible for users to configure standard when Alarm is first occurred. User can select the first point
when object is more than threshold, or the first point when object is less than threshold, or the first
point when object is more than threshold or less than threshold.
In order to configure the first RMON Alarm to occur when object is less than lower bound of threshold
first, use the following command.
Command
startup-type falling
Mode
RMON
Function
Configures the first RMON Alarm to occur when object is less
than lower bound of threshold first.
In order to configure the first Alarm to occur when object is firstly more than upper bound of threshold,
Dasan Networks, Inc
Command
Mode
startup-type rising
RMON
Function
Configures the first Alarm to occur when object is firstly more
than upper bound of threshold.
In order to configure the first Alarm to occur when object is firstly more than threshold or less than
threshold, use the following command.
Command
Mode
startup-type rising-and-falling
RMON
Function
Configures the first Alarm to occur when object is firstly
more than threshold or less than threshold.
(7) Configuring Interval of Sample Inquiry

The interval of sample inquiry means time interval to compare selected sample data with upper bound
of threshold or lower bound of threshold in terns of seconds.
In order to configure interval of sample inquiry for RMON Alarm, use the following command.
Command
Mode
sample-interval <0-65535>
RMON
Function
Configures interval of sample inquiry.
The following is an example of configuring interval of sample inquiry as 60 seconds.
SWITCH(config-rmonalarm[1])# sample-interval 60
(8) Activating RMON Alarm

After finishing all configurations, you need to activate RMON Alarm.
In order to activate RMON Alarm, use the following command.
Command
active
Dasan Networks, Inc
Mode
RMON
Function
Activates RMON Alarm.
The following is an example of activating RMON Alarm and viewing the configuration.
SWITCH(config-rmonalarm[1])# active
SWITCH(config-rmonalarm[1])# show running-config
(Omitted)
rmon-alarm 1
owner dasan
sample-variable apSvcConnections
sample-type absolute
startup-type rising
rising-threshold 100
falling-threshold 90
rising-event 1
falling-event 2
sample-interval 60
active
(Omitted)
Information
You should make sure that all configurations are correct before activating RMON Alarm. After activating
RMON Alarm, you cannot change configuration. If you need to change configuration, you have to delete
RMON Alarm and configure it again.
(9) Deleting RMON Alarm and Changing Configuration

When you need to change configuration of RMON Alarm, you should delete RMON Alarm of the
number and configure it again. In order to delete RMON Alarm, use the following command.
Command
Mode
no rmon-alarm number
Global
Function
Deletes RMON Alarm of specified number.
The following is an example of deleting RMON Alarm 1.
SWITCH(config)# no rmon-alarm 1
SWITCH(config)#
Dasan Networks, Inc
6.2.3 Configuring RMON Event
RMON Event identifies all operations such as RMON Alarm in switch. User can configure Event
message or Trap message to be sent to SNMP management server when sending RMON Alarm. You
need to enter into Event configuration mode to configure RMON Event. When you enter into Event
configuration mode by using the following command, the system prompt is changed to
SWITCH(config-rmonevet[n]# from SWITCH(config)#. The variable n is a number to distinguish each
different Event.
Command
Mode
rmon-event <1~65534>
Global
Function
Enters into RMON Event configuration mode.
The following is an example of entering into Event configuration mode to configure Rmon Event 1.
SWITCH(config)# rmon-event 1
SWITCH(config-rmonevent[1])#
In order to list available commands for RMON Event, input the question mark(?) at the system prompt
on Event configuration mode.
The following is an example of listing available commands on Event configuration mode.
SWITCH(config-rmonevent[1])# ?
active
Activate the event
community
Define a community to an unactivated event
description
Define description of RMON event
end
exit
list
Print command list
owner
show
type
Define the event type determines where send the event notification
Information
will be displayed.
Dasan Networks, Inc
commands.
Command
Mode
exit
Function
RMON
end
from Event configuration mode.
SWITCH(config-rmonevent[1])# exit
SWITCH(config)#
SWITCH(config-rmonevent[1])# end
SWITCH#
(1) Configuring Event Community

When RMON Event is happened, you need to input community to transmit SNMP trap message to host.
Community means a password to give message transmission right.
In order to configure community for trap message transmission, use the following command.
Command
Mode
community password
RMON
Function
Configures password for trap message transmission right.
The following is an example of configuring community of RMON Event as password.
SWITCH(config-rmonevent[1])# community password

(2) Event Description

It is possible to describe Event briefly when Event is happened. However, the description will not be
automatically made. Thus administrator should make the description.
Dasan Networks, Inc
In order to make a description about Event, use the following command.
Command
Mode
description description
RMON
Function
Describes Event.
The following is an example of describing Event.
SWITCH(config-rmonevent[1])# description This event ..

Information
The maximum description of Event is 126 characters.
(3) Identifying Subject of Event

User should configure Event and identify subject using various data from Event. In order to identify
subject of Event, use the following command.
Command
Mode
owner name
RMON
Function
Identifies subject of Event. You can use maximum 126 characters and
this subject should be same with the subject of Alarm.
The following is an example of identifying subject of Event as dasan.
SWITCH(config-rmonevent[1])# owner dasan

Information
When you identify subject of RMON Event, it is possible to input maximum 32 letters. If you input more
than 32 letters, the error message, %Too long owner name will be displayed.
(4) Configuring Event Type

When RMON Event is happened, you need to configure Event type to arrange where to send Event.
Dasan Networks, Inc
In order to configure Event type, use the following commands.
Command
Mode
Function
Configures Event type as log type. Event of log type is sent to the
type log
place where the log file is made.

RMON
Configures Event type as trap type. Event of trap type is sent to
type trap
SNMP administrator and PC.
type log-and-trap
Configures Event type as both log type and trap type.
(5) Activating Event

After finishing all configurations, you should activate RMON Event. In order to activate RMON Event,
Command
Mode
active
RMON
Function
Activates Event.
The following is an example of activating RMON Event and viewing the above configuration.
SWITCH(config-rmonevent[1])# active
SWITCH(config-rmonevent[1])# show running-config
(omitted)
!
rmon-event 1
owner dasan
community password
description This event ...
type log-and-trap
active
(omitted)
Information
You should make sure that all configurations are correct before activating RMON Event. After activating
RMON Event, you cannot change configuration. If you need to change configuration, you have to delete
RMON Event and configure it again.
Dasan Networks, Inc
(6) Deleting RMON Event and Changing Configuration

Before changing the configuration of RMON Event, you should delete RMON Event of the number and
configure it again. In order to delete RMON Event, use the following command.
Command
Mode
no rmon-event number
Global
Function
Deletes RMON Event of specified number.
The following is an example of deleting RMON Event 1.
SWITCH(config)# no rmon-event 1
SWITCH(config)#
6.3 Syslog
The function of syslog massage is to inform the troubles that occurred in users switch, to the network
manager.
By default, system logger is activated in V5324 switch. Therefore, although you delete this function, it
will be activated again.
Information
By default, system logger is activated in V5324 switch.
This section contains the following functions.
Configuring Level of Syslog Message
Configuring Threshold of CPU Utilization
Configuring Threshold of Port Traffic
6.3.1 Configuring Level of Syslog Message
It is possible for user to configure level of Syslog message and place to transmit as user wants.
Dasan Networks, Inc
In order to configure level of Syslog message and place to transmit, use the following commands.
Command
Mode
Function
syslog output {emergalertcriterrwarning
Transmits syslog message of configured level
noticeinfo} console
to console.
noticeinfo} local {volatilenon-volatile}
to inside of system.
noticeinfo} remote ip-address
to inside of host.
Global
syslog output priority selector console
Configures syslog message not included in

seven levels to be sent to console.
syslog output priority selector local
{volatilenon-volatile}
seven levels to be sent to inside of system.
syslog output priority selector remote
ip-address
seven levels to be sent to inside of host.
There are seven levels of syslog message according to its importance; emergencyalertcriticalerror
warningnoticeinfo. Emergency is the highest level and info is the lowest level in importance.
User can configure level of syslog, but user cannot receive messages of lower levels than users
configured level. That means, in order to receive all messages, user have to configure the level as info.
When user configures syslog level as error, he can receive messages of higher level than error.
syslog output priority selector does not belong to any 7 levels and it can be entered as the form,
mail.emerg.
Also, user can configure the location where to receive syslog message. If you want to receive syslog
message through console, enter console on users PC, and if you want to receive it inside system, enter
local, and if you want to receive it in inside host, enter remote.
Dasan Networks, Inc
In order to release configuration of Syslog message, use the following commands.
Command
Mode
Function
no syslog output {emergalertcriterrwarning

noticeinfo} console
Releases syslog level and place to transmit
noticeinfo} local {volatilenon-volatile}
configured by user.

noticeinfo} remote ip-address
Global
no syslog output priority selector console
no syslog output priority selector local
Releases syslog configuration not included in
{volatilenon-volatile}
seven levels.
no syslog output priority selector remote

ip-address
no syslog
Releases Syslog.
In order to recovery syslog again after deleting it by no syslog, use the following command. Since
syslog logger is activated when booting, this command is not necessary when syslog is activated.
Command
Mode
syslog start
Global
Function
Restart the syslog logger.
In order to show the configuration of the syslog massage, use the following show commands. Take
notice that the configuration of the syslog cant be showed by using show running-config command.
Command
Mode
show syslog
show syslog local {volatilenon-volatile}
show syslog local {volatilenon-volatile}
number
Dasan Networks, Inc
Function
Show the configuration of the syslog.
Top/
Global
Show the syslog massage.

Show the newest massage as number of entering.
For example, you enter 2, show two number of
newest massages.
Information
It is impossible to view syslog configuration with the command, show running-config.
The following shows the configuration that Emergency massage is saved in the console and Info
massage and the higher massage than Info is saved in the volatile file.
SWITCH(config)# show syslog

System logger on running!
info
local volatile
emerg
console
SWITCH(config)#
If you need to delete the log massage that is saved in the syslog file, use the following command.
Command
Mode
clear syslog local {volatilenon-volatile}
Global
Function
Deletes the log massage in the Syslog file.
6.3.2 Configuring Threshold of CPU Utilization
V5324 switch has a function that sends syslog message to inform when CPU utilization excesses
configured threshold or is less than the threshold. In order to configure threshold of CPU utilization,
Command
Mode
threshold cpu <20-100>
Global
Function
Configures threshold of CPU utilization. The unit is % and it is
possible to configure from 20% to 100%.
Information
The default is 50%.
In order to view configured threshold of CPU, use the following command.
Command
Mode
show cpuload
Top/Global
Function
Shows configured threshold of CPU utilization and average of CPU utilization.
Dasan Networks, Inc
The following is an example of configuring threshold of CPU utilization as 70% and confirming it.
SWITCH(config)# threshold cpu 70

SWITCH(config)# show cpuload
---------------Average CPU load
---------------5 sec:
3.95( 2.67) %
1 min:
3.87( 2.67) %
10 min:
3.86( 2.67) %
CPU Load Threshold : 70

SWITCH(config)#
After you configure as the above, the following message will be displayed when CPU utilization
excesses 70%.
Oct 18 17:37:24
zebra[80]: CPU Overload Warning : Threshold [70] < CPU Load [86]
And the following message will be displayed when the CPU utilization goes down less than 70%.
Oct 18 17:37:29
zebra[80]: CPU Overload Cleared : Threshold [70] > CPU Load [39]
In the above message, the number in [ ] means loading rate.
6.3.3 Configuring Threshold of Port Traffic
V5324 switch has a function that sends syslog message to inform when port traffic excesses configured
threshold or is less than the threshold. In order to configure threshold of port traffic, use the following
command.
Command
threshold port port-number
<1-1000>
Dasan Networks, Inc
Mode
Global
Function
Configures threshold of port traffic. The unit is Mbps and it is
possible to configure from 1Mbps to 1000Mbps.
Information
The default is 1000Mbps.
In order to show configured threshold of port traffic, use the following command.
Command
Mode
show port threshold
Top/Global
Function
Shows configures threshold of port traffic.
The following is an example of configuring threshold of port 1 traffic as 500Mbps and confirming it.
SWITCH(config)# threshold port 1 500

SWITCH(config)# show port threshold
Port 1 : 500 Mbps
Port 2 : 1000 Mbps
Port 3 : 1000 Mbps
Port 4 : 1000 Mbps
Port 5 : 1000 Mbps
Port 6 : 1000 Mbps
Port 7 : 1000 Mbps
Port 8 : 1000 Mbps
(omitted)
SWITCH(config)#
6.4 QoS and Packet Filtering

QoS(Quality of Service) is one of useful functions to provide more convenient service about network
traffic for users. It is very serviceable to prevent overloading and delaying or failing of sending traffic
by giving priority to traffic. By the way, you need to be careful for other traffics not to be failed by the
traffic configured as priority by user. QoS can give a priority to a specific traffic by basically offering the
priority to the traffic or limiting the others. When processing data, data are usually supposed to be
processed in time-order like first in, first out. This way, not processing specific data first, might lose all
data in case of overloading traffics. However, in case of overloading traffics QoS can apply processing
order to traffic by reorganizing priorities according to its importance. By favor of QoS, user can predict
network performance in advance and manage bandwidth more effectively.
Advantages of QoS
Dasan Networks, Inc
- Controlling Network Resource

Possible to control bandwidth, devices, IP address and so on. Network administrator can limit the
bandwidth for transmitting FTP and process important data firstly as priority.
- Efficient Use of Resource

After grasping for which data users network is used, it is possible to receive the most important one
first.
- Customized Service
By using QoS function, network business manager can supply more preferable service to user.
- Priority Process of Important Data

The QoS provided by Dasan Networks, Inc. secures bandwidth and minimizes delaying time in order to
process the most important data or voice data firstly. The other data are processed from more important
data and then in time-order.
- Processing Various Types of Data

By using Dasan Networks products supporting QoS, it is possible to process various types of data on
network.
6.4.1 How to Operate QoS
There are two general ways to operate QoS in the V5324 switch. The first way is to apply QoS policy to
the rule already configured by user. The second way is to give priority with CoS(Class of Service) value
defined in IEEE 802.1p in addition to the configured rule, and to make the policy of processing packet
in QoS map to apply it.
Making QoS Policy

In order to classify traffics by users standard, make a policy for the standard and apply it. The
standards to be used for classifying traffics are IP address, TCP/UCP, port number, protocol and so on.
Applying the Policy

After making the policy to classify packets, you need to configure IP Precedence or DiffServ or Cos to
give priority to classified packet into class. And choosing QoS policy is optional as follow:
Dasan Networks, Inc
Permit is operated for the packets that match the rule.
Deny is operated for the other packets that do not match the rule.
Mirror transmits classified traffics to monitor port.
Redirect re-transmits the other packets to specific port.
Scheduling
In order to handle overloading of traffics, you need to configure differently processing orders of graphic
by using scheduling algorithm. The V5324 switch supports the following algorithms.
- Algorithm based on Priority

This algorithm is used to process firstly more importance data than the others. Since all data are
processed by their priorities, data with high priorities can be processed fast but data without low
priorities might be delayed and piled up.
- Algorithm based on Ratio

This algorithm, which processes data based on a certain ratio, is another way of transmitting packet in
Dasan Layer 3 switch. In this way, fixed size of bandwidth is not served to queue. Instead of it, user can
configure a certain ratio of packet processing according to users condition.
6.4.2 Configuring QoS and Packet Filtering
The followings are steps how to configure QoS in V5324 switch.
Making QoS Policy
Configuring Additional Rules to QoS Policy
Applying QoS Policy to Rule of Packet Filtering
Confirming the Policy of QoS and the Rule of Packet Filtering
Configuring CoS and ToS
Configuring QoS map
Configuring Scheduling Value
Admin access rule
(1) Making QoS Policy

Before configuring QoS policy, you need to configure a rule to apply the policy.
Dasan Networks, Inc
In order to make a rule for traffics, use the following commands on Global configuration mode.
Command
Mode
Function
Applies the rule for incoming
rule name classify {lowmediumhigh} {ingress-portany}
packets to the port.
Makes the rule for incoming
any
packets to the port.

Applies the rule for defined
rule name classify {lowmediumhigh} {ingress-port l any}
communication
type
packets
any {ethtypearpip}
among incoming packets to the

port.
Applies the rule for the packets
having assigned IP address by
any ip {src-ip-addresssrc-ip-address/many}
user among incoming packets to
[des-ip-addressdes-ip-address/many]
the port.
rule name classify {lowmediumhigh} {ingress-portany} any ip {src-
ip-addresssrc-ip-address/many} {des-ip-addressdes-ip-address/many}
{0-255any}
rule name classify {lowmediumhigh} {ingress-portany} any ip {src-
ip-addresssrc-ip-address/many} {des-ip-addressdes-ip-address/many}
{0-255any} {tcpudp}
rule name classify {lowmediumhigh} {ingress-portany} any

ip {src-ip-addresssrc-ip-address/many} {des-ip-addressdes-ip-address/m
any} {0-255any} {tcpudp}
{src-port-numberany}
Configures ToS(Type of Service)

to the packet.
Applies the rule for configures

protocol among the packets.
Applies the rule for incoming

packets among the packets of
configured protocol by user.
communicating with the port
any} {0-255any} {tcpudp}
among the packets of configured
{src-port-numberany} {des-port-numberany}
protocol by user.

any} {0-255any} ip-proto <0-255>
Dasan Networks, Inc

among
incoming
packets
to
specified port by the standard of

protocol field in IP protocol stick.
Also, in order to remove the made rule, use the following command on Global configuration mode.
Command
no rule name
Mode
Global
Function
Removes the rule named name.
(2) Configuring Additional Rules to QoS Policy

It is possible to add some additional rules of Layer 2 to QoS policy. And, when you configure the
previous configuration without detail terms, it could be only Layer 2 QoS policy.
In order to add Layer 3 rules to QoS policy, use the following commands.
Command
Mode
rule name complement l2 {dst-mac-addressany}
Adds DST MAC address.
Adds DST and SRC MAC address.
{src-mac-addressany}
{src-mac-addressany} {<1-4094>any}
Function
Global
Adds MAC address and VLAN ID.
Adds MAC address, VLAN ID, and 802.1p
{src-mac-addressany} {<1-4094>any} <0-7>
Priority.
(3) Applying QoS Policy to Rule of Packet Filtering

User can apply the policy to the rule about classified packets as level. In order to apply the policy to the
rule, use the following command on Global configuration mode.
Note
No plural policies can be applied to one rule. If you need to apply various policies to one rule, make
several names of the rule and apply each different policy to them.
Dasan Networks, Inc
Command
Mode
Function
rule name match permit
Allows packets that match the rule.
rule name {matchno match} copy-to-cpu
Sends packets matched with the rule to CPU.

Configures bandwidth for matched packet with the rule to
rule name match bandwidth bandwidth
use.
Denies matched packets with the rule ,or not matched ones
rule name {matchno match} deny

Global
with the rule.
rule name {matchno match} redirect
Retransmits matched packets with the rule ,or not matched
egress-port
ones with the rule to another port.
rule name {matchno match}
Monitors matched packets with the rule ,or not matched
mirror
ones with the rule.
rule name {matchno match} diffserv

diffserv
Configure DSCP in ToS of the rule.
The following is an example of applying the policy to a rule named A to keep from all incoming packets
to port 1.
SWITCH(config)# rule A classify low 1

SWITCH(config)# rule A match deny
SWITCH(config)#
Also, in order to remove applied policy, use the following command on Global configuration mode.
Command
Mode
Function
no rule name match permit

no rule name {matchno match} copy-to-cpu
no rule name match bandwidth
no rule name {matchno match} deny
Global
Removes applied policy to the rule.
no rule name {matchno match} redirect

no rule name {matchno match} mirror
no rule name {matchno match} diffserv
Dasan Networks, Inc
(4) Confirming the Policy of QoS and the Rule of Packet Filtering
In order to confirm the policy of the rule configured by user, use the following command on Top mode
or Global configuration mode.
Command
Mode
Function
Top/Global
show rule [name]
Confirms the policy of the rule configured by user.
The following is an example of confirming the policy of the rule configured above by user.
SWITCH(config)# show rule

A(low)
iport: 1
match deny
SWITCH(config)#
(5) Configuring CoS and ToS

In order to configure QoS map by using the rule configured by user, firstly you should apply level to
each rule to apply map. CoS value is classified into 8 levels. And overwrite variable is used to decide if
packets are processed with CoS level just in users device or also sent out to external network. That
means, if a command contains overwrite, CoS level is applied to packets for external communication
and if a command does not contain overwrite, it is applied to packets just in users device.
In order to apply level to configured rule, use the following commands on Global configuration mode.
Command
Mode
Function
rule name {matchno match} cos <0~7>
Gives CoS value to matched packets with the rule or to
overwrite
not matched packets with the rule.
rule name {matchno match} cos
Gives CoS value to IP ToS precedence of matched packets
same-as-tos overwrite
with the rule or not matched packets.

Global
rule name {matchno match} tos <0~7>
rule name match tos same-as-cos
Gives ToS value to matched packets with the rule or not

matched packet with the rule.
Configures ToS value of matched or not matched packets
with rule as IP precedence.
Dasan Networks, Inc
Also, in order to remove applied level to the rule configured by user, use the following command on
Global configuration mode.
Command
Mode
no rule name {matchno match} cos
Function
Removes CoS value or ToS value given to matched
Global
no rule name {matchno match} tos
packets or not matched packets with the rule.
(6) Configuring QoS map

After giving CoS level to each rule, by using it, you can make QoS map. In case of the V5324 switch, you
can use total 4 queues.
Information
By default, queue 0 contains CoS 0~7.
In order to divide the rule has level to queues 0~3 for making QoS map, use the following command on
Command
Mode
qos map <0~7> <0~3>
Global
Function
Divides the rule to queues. CoS number is 0~7 and queue number is
0~3.
Information
It is possible to use maximum four queues.
Information
CoS number is 0~7 and queue number is 0~3.
The following is an example of dividing CoS value, 0 to the rule named A and configuring it as 3.
SWITCH(config)# rule A match cos 0 overwrite

SWITCH(config)# qos map 0 3
SWITCH(config)#
Dasan Networks, Inc
In order to confirm QoS map configured by user, use the following command on Top mode or Global
configuration mode.
Command
Mode
show qos
Function
Top/Global
Confirms QoS map configured by user.
The following is an example of confirming of the above configuration.
SWITCH(config)# show qos

------------------------------------------------Queue
MaxPacket
MaxLatency(us)
CoS
------------------------------------------------0
unlimited
disabled
unlimited
disabled
unlimited
disabled
unlimited
disabled
1,2,3,4,5,6,7
------------------------------------------------SWITCH(config)#
(7) Configuring Scheduling Value

In order to solve traffic overloading, certain rate of packet processing is divided to each queue. The
factors to decide rate of packet processing are as follow.
Max-packet
Waiting time
Max-packet is a value to decide the number how many packets are processed before passing to the next
queue. For example, if you configure Max-packet as 100, 100 packets are processed and passed to the
next queue. In order to configure the number how many packets can be processed at one queue, use the
following commands on Global configuration mode.
Command
Mode
Configures the number how many packets can be
qos max-packet <0~3><1~255>

Global
qos max-packet <0~3> unlimited
Function
processed to the queue.

Removes the configured Max-packet.
Dasan Networks, Inc
Waiting time means the interval after processing one packet before processing the next packet. In order
to configure waiting time, use the following command on Global configuration mode.
Command
Mode
Function
Configures Waiting time. It can be configured between 16
qos max-latency <0~3> <16~4080>
and 4080(microseconds).
Global
qos maxlatency <0~3> disable
Remove the configured waiting time.
In order to confirm configured scheduling, use the following command on Top mode or Global mode.
Command
Mode
show qos
Function
Top/Global
Confirms QoS map configured by user.
The following is an example of confirming the configuration of Max-packet as 100 and waiting time as
16 for queue 0.
SWITCH(config)# qos max-latency 0 16

SWITCH(config)# qos max-packet 0 100
SWITCH(config)# show qos
------------------------------------------------Queue
MaxPacket
MaxLatency(us)
CoS
------------------------------------------------0
100
16
unlimited
disabled
unlimited
disabled
unlimited
disabled
1,2,3,4,5,6,7
------------------------------------------------SWITCH(config)#
(8) Packet Counter

When packets defined in QoS rule are come, QoS policy is applied. However, suppose that packet
defined to throw out is come. In that case, it will be thrown out without any notice or record. For
administrators, it would better to know the packet is transmitting although it is unnecessary and
harmful. It is possible to know how many times packet defined in specified rule are come. If you want
to know how many times packet defined in specified rule are come, assign Counter ID to the rule. You
can assign plural ID to one rule. Then, every time the QoS is applied, the number is recorded if Counter
ID is assigned.
Dasan Networks, Inc
In order to assign Counter ID to QoS rule, use the following command.
Command
rule name match counter <0-31>
Mode
Global
Function
Assigns Counter ID to QoS rule configured by user. Counter
ID can be from o to 31.
In order to view how many times QoS policy is applied, use the following command.
Command
show rule counter [counter-id]
Mode
Global
Function
Shows how many times QoS policy is applied to QoS rule. It is
possible to specify Counter ID to find information in need.
In order to disable Counter IP assigned to QoS rule, use the following command.
Command
no rule name match counter
Mode
Global
Function
Disables Counter ID assigned by user.
Meanwhile, in order to reset number of Counter, use the following command.
Command
clear counter <0-31>
Mode
Global
Function
Resets number of Counter.
(9) Admin access rule

Since you should apply too many rules when you configure to block incoming telnet, ftp, icmp and
snmp to switch by using the way explained in(1) Making QoS Policyand(2) Applying QoS
Policy, it is too complicated and spends lots of rules. To make it convenient, V5324 switch supports
filtering function before forwarding packet to device connected to switch.
In order to make a rule for blocking connection of incoming telnet, ftp, icmp, snmp to the switch, use
Dasan Networks, Inc
Command
Mode
Function
admin-access-rule name classify {lowmediumhigh} ip

[src-address src -address/many] [des-address des -address/many]
[src -address src -address/many] [des -address des -address/many]
Makes a rule
<0-255>
for
Global

icmp [<0-255>any]
blocking
connection
incoming
telnet,
of
ftp,
icmp, snmp to
the switch
tcp [src-portany] [des-portany]

udp [src-portany] [des-portany]
The following table shows the commands used in case of applying the policy to configured rule.
Command
Mode
admin-access-rule name match
Allows packets that match with the rule.
permit
admin-access-rule name no match
Global
permit
admin-access-rule name match deny
admin-access-rule name no match
deny
Function
Allows packets that do not match with the rule.

Denies packets that match with the rule.
Denies packets that do not match with the rule.
The following is an example of blocking all incoming telnets to users switch.
SWITCH(config)# admin-access-rule A classify high ip any any tcp any 23

SWITCH(config)# admin-access-rule A match deny
SWITCH(config)#
Dasan Networks, Inc
After configuring as the above, you cannot connect to telnet.
In order to view the configurations about connecting to telnet, ftp, icmp, snmp, use the following
command on Top mode or Global configuration mode.
Command
Mode
show admin-access-rule [name]
Top/Global
Function
Shows the policy and rule about telnet, ftp,
icmp, and snmp.
The following is an example of viewing the above configuration.
SWITCH(config)# show admin-access-rule

A(high)
ptype: IP
protocol: TCP
dstport 23
match deny
SWITCH(config)#
The following table shows commands used in case of removing configured policy or applied policy to
rule.
Command
Mode
no admin-access-rule name
Function
Deletes a rule called name.
no admin-access-rule name {no matchmatch}

Global
permit
no admin-access-rule name {no matchmatch}
deny
Removes a policy that allowed a rule called name.
Denies packets that match with the rule.
The following is an example of deleting only policy remaining configured rule.
SWITCH(config)# no admin-access-rule A match deny

SWITCH(config)# show admin-access-rule
A(high)
ptype: IP
protocol: TCP
dstport 23
SWITCH(config)#
Dasan Networks, Inc
(10) NetBIOS Filtering

NetBIOS is used at LAN(Local Area Network) environment where should share information with each
other to communicate between computers. However, in case ISP(Internet Service Provider) provides
internet communication through LAN service to specific area such as apartments, customers
information should be kept.
Cyber Apt.
LAN environment for Internet Service
Internet
Information
Shared
Needs to prevent sharing

information between units.
Necessity of NetBIOS Filtering
In this case, without NetBIOS filtering, customers data may be opened to each other even though the
data should be kept. In order to keep customers information and prevent sharing information in the
above case, NetBIOS filtering is necessary.
Command
set netbios-filter port-number
Mode
Global
Function
Configures NetBIOS filtering in specified port.
In order to release NetBIOS filtering according to users request, use the following command.
Command
clear netbios-filter port-number
Dasan Networks, Inc
Mode
Global
Function
Releases NetBIOS filtering from specific port.
In order to view configuration of NetBIOS filtering, use the following command.
Command
Mode
show netbios-filter
Top/Global/Bridge
Function
Shows configuration of NetBIOS filtering.
The following is an example of configuring NetBIOS filtering in port 1~5 and confirming it.
SWITCH(bridge)# set netbios-filter 1-5

SWITCH(bridge)# show netbios-filter
o:enable .:disable
-------------------------1
12345678901234567890123456
-------------------------ooooo.....................
-------------------------SWITCH(bridge)#
(11) Martian-filter
It is possible to block packets, which try to bring different source IP out from same network. If packet
brings different IP address, not its source IP address, then it is impossible to know it makes a trouble.
Therefore, you would better prevent this kind of packet outgoing from your network. This function is
named as Martian-filter.
In order to block packets, which try to bring differebt source IP out from same network, use the
following command.
Command
ip martian-filter interface-name
Mode
Global
Function
Blocks packets, which brings different Source IP address
from specified interface.
In order to release the above configuration, use the following command.
Command
no ip martian-filter interface-name
Mode
Global
Function
Releases blocked packet, which brings different Source IP
address from specified interface.
Dasan Networks, Inc
In order to view configuration of Martian-filter, use the following command.
Command
Mode
show running-config
Function
Shows switch configurations.
The following is an example of configuring Martian-filter in br 1 and confirming it.
SWITCH(config)# ip martian-filter br1

(omitted)
set vlan pvid 2-26 1
set vlan pvid 1 30
!
set vlan create br1 1
!
set vlan add br1 1-24 untagged
!
set mac-filter default-policy deny 24
!
!
ip martian-filter br1
(omitted)
SWITCH(config)#
6.5 MAC Filtering

It is possible to forward frame to MAC address of destination. Without specific performance
degradation, maximum 4,096 MAC addresses can be registered.
6.5.1 Configuring Default Policy of MAC Filtering
The basic policy of filtering based on system is set to allow all packets for each port. However the basic
policy can be changed for users requests.
After configuring basic policy of filtering for all packets, use the following command on Bridge mode to
confirm the configuration.
Dasan Networks, Inc
Command
Mode
set mac-filter default-policy {denypermit}
Bridge
port-number
show mac-filter default-policy
Top/Global/Bridge
Function
Configures
basic
policy
of
MAC
Filtering in specified port.

Shows the basic policy.
Information
By default, basic filtering policy provided by system is configured to permit all packets in each port.
This is an example of the configuration to block all packets for port 1.
SWITCH(bridge)# set mac-filter default-policy deny 1

SWITCH(bridge)# show mac-filter default-policy
------------------------PORT POLICY | PORT POLICY
------------+-----------1
DENY |
12 PERMIT
2 PERMIT |
13 PERMIT
3 PERMIT |
14 PERMIT
4 PERMIT |
15 PERMIT
5 PERMIT |
16 PERMIT
6 PERMIT |
17 PERMIT
(omitted)
SWITCH(bridge)#
6.5.2 Adding Policy of MAC Filter
You can add the policy to block or to allow some packets of specific address after configuring the basic
policy of MAC Filtering. To add this policy, use the following commands on Bridge mode.
Command
set mac-filter add mac-address {denypermit} [vlan-id
any] [port-number]
Mode
Function
Allows or blocks packet which brings
Bridge
configured mac address to specified

port.
Information
Variable MAC-ADDRESS is composed of twelve digits number in Hexa decimal. It is possible to check it by
using the command show mac. 00:d0:cb:06:01:32 is an example of MAC address.
Dasan Networks, Inc
The following is an example of allowing packet which is source mac address 00:02:a5:74:9b:17 in port 1.
SWITCH(bridge)# set mac-filter add 00:02:a5:74:9b:17 permit 1

SWITCH(bridge)#
In order to confirm users configuration about MAC filter policy, use the following commands.
Command
Mode
Function
show mac-filter
Shows MAC filter policy.

Top/Global
show mac-filter count
/Bridge
Shows MAC filter policy as many as user configures.

Shows filter policy concerned with specified MAC
show mac-filter count mac-address
address as many as user configures.
The latest policy is recorded as number 1.
The following is an example of configuring to block packet which is source mac address
00:01:a0:cd:01:02 after configuring to allow packet which is source mac address 00:02:a5:74:9b:17 and
confirming it.
SWITCH(bridge)# set mac-filter add 00:01:a0:cd:01:02 deny

SWITCH(bridge)# show mac-filter
========================================================
ID |
MAC
| ACTION | VID | PORT
========================================================
1
00:01:a0:cd:01:02
DENY
Any
1-21
00:02:a5:74:9b:17
PERMIT
Any
SWITCH(bridge)#
Also, the command, show mac-filter count shows MAC filtering policy as many as user configures. In
this case it is shown as configured order. So you can check late configured policy. The following is an
example of viewing one configuration.
SWITCH(bridge)# show mac-filter 1

========================================================
ID |
MAC
========================================================
1
00:01:a0:cd:01:02
DENY
Any
1-27
SWITCH(bridge)#
Dasan Networks, Inc
6.5.3 Deleting MAC Filtering Policy
In order to delete MAC filtering policy, use the following command.
Command
Mode
set mac-filter del source-mac-address
Bridge
Function
Deletes filtering policy for specified MAC address.
The following is an example of deleting configured filtering address and confirming it.
SWITCH(bridge)# set mac-filter del 00:02:a5:74:9b:17

SWITCH(bridge)# set mac-filter del 00:01:a0:cd:01:02
SWITCH(bridge)# show mac-filter
========================================================
ID |
MAC
========================================================
SWITCH(bridge)#
In order to delete MAC filtering function, use the following command.
Command
clear mac-filter
Mode
Function
Bridge
Deletes all MAC filtering functions..
6.5.4 Listing of MAC Filtering Policy
When you need to make many MAC filtering policies at a time, it is hard to input command one by one.
In this case, it is more convenient to save MAC filtering policies at
/etc/mfdb.conf and display the
list of MAC filtering policy.
In order to view the list of MAC filtering policy at /etc/mfdb.conf, use the following command.
Command
Mode
set mac-filter list
Bridge
Function
Shows the list of MAC filtering policy at /etc/mfdb.conf.
Dasan Networks, Inc
6.5.5 Blocking Users of Fixed IP Address
All users should have IP addresses assigned by DHCP server and MAC table has the registry. If any
user makes fixed IP address, not assigned by DHCP server, V5324 switch can block the user through
MAC filtering. In order to block user of fixed IP address, perform the below steps.
Step 1 Configure the default policy of MAC filter in a port you want to block as deny.
Step 2 Configure permit only for the IP addresses assigned by DHCP server.
6.6 Configuring Max Host

User can limit the number of users by configuring maximum number of users also named as Max host
for each port. In this case, you need to consider not only the number of PCs in network but also devices
such as switches in network. For V5324 switch, you have to lock the port like MAC filtering before
configuring Max Host. In case of ISPs, it is possible to arrange billing plan for each user by using this
configuration. In order to configure Max host, use the following command.
Command
set max-hosts port-number max-mac-number
Mode
Bridge
Function
Limits the number of user by configuring
Max host.
Information
When Max host is configured as 0, no one can connect to the port.
The following is an example of configuring to allow two MAC addresses to port 1, and five addresses to
port 2,3 ,and to ten addresses to port 4.
SWITCH(bridge)# set max-hosts 1 2

SWTICH(bridge)# set max-hosts 2 5
SWTICH(bridge)#
Dasan Networks, Inc
In order to delete max host, use the following command.
Command
Mode
clear max-hosts port-number
Bridge
Function
Deletes configured max-host.
In order to confirm configured max host, use the following command.
Command
Mode
show max-hosts
Top/Global/Bridge
Function
Shows configured max host.
The following is an example of viewing configured max hosts.
SWITCH(bridge)# show max-hosts

port
1 :
0/2 (current/max)
port
2 :
0/5 (current/max)
port
3 :
0/5 (current/max)
port
4 :
0/10 (current/max)
port
5 :
0/Unlimited (current/max)
port
6 :
port
7 :
port
8 :
port
9 :
port 10 :
port 11 :
port 12 :
port 13 :
port 14 :
port 15 :
port 16 :
port 17 :
port 18 :
(omitted)
SWITCH(bridge)#
6.7 Managing MAC Table

There are two types of addresses registered in MAC table: Dynamic address and Static address.
Dynamic address is deleted when it is not used after the switch registers it in MAC table. Static address
is the configured address by user that is remained even after rebooting.
Dasan Networks, Inc
In order to register Static address in MAC table, use the following command on Bridge configuration
mode.
Command
Mode
set mac bridge-name port-number
Function
Registers Static address in MAC table with
Bridge
mac-address
show mac bridge-name [port-number]
MAC address, bridge name and port number.
Top/Global/Bridge
Shows MAC address user configured.
The following is an example of registering MAC address 00:01:02:9a:61:17 in MAC table of br1.
SWITCH(bridge)# set mac 1 00:01:02:9a:61:17

SWITCH(bridge)#
The following is an example of showing MAC address of destination, the specified port number, VLAN
ID, and time registered in table.
SWITCH(bridge)# show mac br1

port (id)
mac addr
eth24(24)
00:01:02:9a:61:1a
permission
static
in use
0.00
eth24(24)
00:10:5a:84:46:76
OK
0.01
eth24(24)
00:e0:4c:1a:37:17
OK
0.07
eth24(24)
00:d0:cb:0a:a0:b7
OK
0.15
eth24(24)
00:c0:ca:33:5b:90
OK
0.18
eth24(24)
00:03:47:70:e3:30
OK
0.50
(omitted)
SWITCH(bridge)#
In order to delete Static address in MAC table, use the following commands on Bridge configuration
mode.
Command
Mode
Function
Deletes specified MAC address registered in specified
clear mac bridge-name port-number mac-address
port.
Bridge
clear mac bridge-name port-number all
Dasan Networks, Inc
Deletes all static MAC addresses registered in

specified port.
6.8 Configuring ARP Table

Devices connected to IP network have two address, LAN address and network address. LAN address is
sometimes called as data link because it is used in Layer 2 level, but more commonly the address is
known as MAC address.
Switch on Ethernet needs 48-bit-MAC address to transmit packets. In this case, the process of finding
proper MAC address from IP address is called as address resolution. On the other hand, the progress of
finding proper IP address from MAC address is called as reverse address resolution. Dasan Networks
switches find MAC address from IP address through Address Resolution Protocol(ARP). ARP saves
these addresses in ARP table for quick search. Referring to IP address in ARP table, packet attached IP
address is transmitted to network. When configuring ARP table, it is possible to do it only in some
specific interfaces.
In order to match a specific IP address and MAC address, use the following command on Global
configuration mode.
Command
arp ip-address mac-address
[interface-name]
Mode
Global
Function
Saves IP address and MAC address in ARP table. Also
possible to configure a specific interface.
In order to view ARP table, use the following command on Top mode or Global configuration mode.
Command
show arp [interface-name]
Mode
Top/Global
Function
Shows registered ARP table.
In order to release ARP function about IP address and MAC address, use the following command on
Command
no arp ip-address [interface-name]
Mode
Global
Function
Releases ARP function about IP address and
MAC address.
Dasan Networks, Inc
The following is an example of saving IP address 10.1.1.1 in MAC address 00:d0:cb:00:00:01.
SWITCH(config)# arp 10.1.1.1 00:d0:cb:00:00:01

SWITCH(config)#
The following is an example of viewing ARP table.
SWITCH(config)# show arp

Address
172.16.1.254
HWtype
HWaddress
ether
Flags Mask
00:D0:CB:06:01:32
Iface
br1
6.9 ARP-Alias
Although clients are joined in same client switch, it may be impossible to communicate between clients
for their private security. When you need to make them communicate each other, V5324 switch supports
ARP-alias, which responses ARP request from client net through Concentrating switch. In the below
picture, it is impossible to communicate between clients 10.1.1.2~10.1.1.5. In this case, you can configure
ARP-alias to response ARP request from the clients 10.1.1.2~10.1.1.5. Through Concentrating switch,
they can communicate after configuring ARP-Alias.
Internet
Concentrating Switch
Concentrating switch
responses ARP request
from 10.1.1.2~10.1.1.5
Register 10.1.1.2 ~10.1.1.5

in ARP-Alias
Client Switch
ARP requests of
10.1.1.2~10.1.1.5 sent to
Concentrationg Switch
10.1.1.2
10.1.1.3
10.1.1.4
10.1.1.5
Client Net
For private security
impossible to communicate
between clients
No ARP between Clients.
Example of ARP-Alias
Dasan Networks, Inc
In order to register address of client net range in ARP-Alias, use the following command.
Command
arp-alias start-ip-address end-ip-address
[mac-address]
Mode
Function
Registers IP address range and MAC address in
Global
ARP-Alias to make users equipment response

ARP request.
Information
Unless you input MAC address, MAC address of users equipment will be used for ARP response.
In order to delete registered IP address range of ARP-Alias, use the following command.
Command
Mode
no arp-alias start-ip-address end-ip-address
Global
Function
Deletes registered IP address range of ARP-Alias.
In order to delete all ARP-alias, use the following command.
Command
clear arp-alias
Mode
Global
Function
Deletes all ARP-Alias.
In order to view ARP-Alias, use the following command.
Command
show arp-alias
Mode
Top/Global
Function
Shows registered ARP-Alias.
Sample Configuration 1
The following is an example of configuring ARP-Alias by registering IP address from 10.1.1.2 to 10.1.1.5.
SWITCH(config)# arp-alias 10.1.1.2 10.1.1.5

SWITCH(config)#
Unless you input MAC address as the above example, MAC address of V5324 switch will be used.
Dasan Networks, Inc
6.10 Proxy-ARP
V5324 switch has Proxy-ARP, which responses ARP request instead of other equipment.
In the below picture, Host A has IP address 172.16.10.100 and the subnet mask is set to /16. So, it is
considered as connecting to network 172.16.0.0. In case Host A needs to send packet to Host D, Host A
is supposed to send ARP request considering that Host D is on the same network. Since ARP request is
transferred through broadcast, the ARP request from Host A is sent not to Host D, but to br1 interface
and nodes belonged to subnet A.
Host A
172.16.10.100/16
Host B
172.16.10.200/24
br1 172.16.10.99/24
subnet A
V5324
Switch
br2 172.16.20.99/24
subnet B
Host C
172.16.20.100/24
Host D
172.16.20.200/24
However, V5324 switch is aware that Host D belongs to other subnet and able to transmit packet to
Host D. Therefore it responses to ARP request from Host A with its own MAC address. Using this way,
all ARP requests from subnet A to subnet B are responded with MAC address of V5324 switch. Packets,
which should be transmitted to Host D from Host A are well transmitted through V5324 switch. In
order to configure Proxy-ARP, enter into Interface configuration mode of specific interface and use the
following command.
Command
ip proxy-arp
Dasan Networks, Inc
Mode
Interface
Function
Configures Proxy-ARP in specific interface.
In order to disable Proxy-ARP, use the following command.
Command
no ip proxy-arp
Mode
Interface
Function
Disables Proxy-ARP.
The following is an example of configuring Proxy-ARP in br1.

SWITCH(config-if)# ip proxy-arp
SWITCH(config-if)# show running-config
(omitted)
interface br1
no shutdown
ip proxy-arp
ip address 172.16.209.50/16
!
ip route 0.0.0.0/0 172.16.1.254
!
no snmp
!
SWITCH(config-if)#
6.11 ICMP Message Control

ICMP stands for Internet Control Message Protocol. When it is impossible to transmit data or configure
route for data, ICMP sends error message about it to host.
The first 4 bytes of all ICMP messages are same, but the other parts are different according to type field
value and code field value. There are fifteen values of field to distinguish each different ICMP message,
and code field value helps to distinguish each type in detail.
Dasan Networks, Inc
The following shows simple ICMP message construction.
7
8-bit type
15 16
8-bit code
31
16-bit checksum
(contents depend on type and code)
ICMP Message
The following table shows explanations for fifteen values of ICMP message type.
Explanation
Type
Type
Explanation
echo reply
12
parameter problem
destination unreachable
13
timestamp request
source quench
14
timestamp reply
redirect
15
information request
echo request
16
information reply
router advertisement
17
address mask request
10
router solicitation
18
address mask reply
11
time exceeded
It is possible to control ICMP message through users configuration. You can configure not to send echo
reply message to the partner who is taking ping test to device and interval to transmit ICMP message.
You can configure the following to control ICMP message.
Blocking Echo Reply Message
Configuring Interval to Transmit ICMP Message
6.11.1 Blocking Echo Reply Message
It is possible to configure not to send echo reply message to the partner who is taking ping test to device.
Dasan Networks, Inc
In order to block echo reply message, use the following commands.
Command
Mode
Function
Blocks echo reply message to all partners who are taking ping
ip icmp echo ignore all
test to device.
Global
Blocks echo reply message to partner who is taking broadcast
ip icmp echo ignore broadcast
ping test to device.
In order to release blocked echo reply message, use the following commands.
Command
Mode
Function
Releases blocked echo reply message to all partners who are
no ip icmp echo ignore all
taking ping test to device.

Global
no ip icmp echo ignore broadcast
Releases blocked echo reply message to partner who is taking

broadcast ping test to device.
6.11.2 Configuring Interval to Transmit ICMP Message
It is possible to configure interval to transmit ICMP message. After you configure the interval, ICMP
message will not be sent until configured time based on the last message is up. For example, if you
configure the interval as 1 second, ICMP will not be sent within 1 second after the last message has been
sent. In order to configure interval to transmit ICMP message, use the following commands.
Command
Mode
Function
Configure interval to transmit ICMP message about
ip icmp interval des-unreach interval
destination unreachable.
Configure interval to transmit ICMP message about echo
ip icmp interval echo-reply interval
reply.
Global
ip icmp interval param-prob interval
ip icmp interval time-exceed interval
Configure interval to transmit ICMP message about

parameter problem.
Configure interval to transmit ICMP message about time
exceeded.
Dasan Networks, Inc
Information
The unit of interval is 10(1/100s).
Information
The default is destination unreachable is 100 , echo reply is 0, parameter problem is 100
, time exceeded is 1.
Information
When you configure interval as 0, ICMP message will keep being sent all the time regardless of time.
In order to configure not to send ICMP message selected by user, use the following commands.
Command
Mode
Configures
ip icmp interval des-unreach disable

ip icmp interval echo-reply disable
Function
not
to
send
destination
unreachable
message.
Global
Configures not to send echo reply message.
ip icmp interval param-prob disable
Configures not to send parameter problem message.
ip icmp interval time-exceed disable
Configures not to send time exceeded message.
The following is an example of blocking echo reply message to all partners who are taking ping test to
device.
SWITCH(config)# ip icmp ignore echo all

(omitted)
ip icmp ignore echo all
!
ip route 0.0.0.0/0 172.16.254.1
!
!
no snmp
!
SWITCH(config)#
Dasan Networks, Inc
The following is an example of configuring interval to transmit destination unreachable message as

10 seconds.
SWITCH(config)# ip icmp interval dest-unreach 1000

(omitted)
ip icmp interval dest-unreach 1000
!
ip route 0.0.0.0/0 172.16.254.1
!
no snmp
!
SWITCH(config)#
6.12 IP TCP flag control

TCP(Transmission Control Protocol) header includes six kinds of flags that are URG, ACK, PSH, RST,
SYN, and FIN. In V5324 switch, you can configure RST and SYN as the below.
RST Configuration
SYN Configuration
6.12.1 RST Configuration
RST sends a message that TCP connection cannot be done to a person who tries to make it. However, it
is also possible to configure not to send the message. This function will help prevent that hackers can
find impossible connections. In order to configure not to send the message that informs TCP connection
cannot be done, use the following command.
Command
ip tcp ignore rst-unknown
Mode
Global
Function
Configures not to send the message that informs TCP
connection cannot be done.
Dasan Networks, Inc
Information
The default is enabled RST.
In order to enable RST, use the following command.
Command
Mode
no ip tcp ignore rst-unknown
Function
Global
Enables RST.
6.12.2 SYN Configuration
SYN sets up TCP connection. V5324 switch transmits cookies with SYN to a person who tries to make
TCP connection. And only when transmitted cookies are returned, it is possible to permit TCP
connection. This function prevents connection overcrowding because of accessed users who are not
using and helps the other users use service.
In order to permit connection only when transmitted cookies are returned after sending cookies with
SYN, use the following command.
Command
ip tcp syncookies
Mode
Global
Function
Permits only when transmitted cookies are returned after
sending cookies with SYN.
In order to disable the above configuration, use the following command.
Command
no ip tcp syncookies
Mode
Global
Function
Disables configuration to Permits only when transmitted cookies
are returned after sending cookies with SYN.
The following is an example of disabling RST and permitting only when transmitted cookies are
returned after sending cookies with SYN.
Dasan Networks, Inc
SWITCH(config)# ip tcp ignore rst-unknown

SWITCH(config)# ip tcp syncookies
(omitted)
ip tcp ignore rst-unknown
ip tcp syncookies
!
ip route 0.0.0.0/0 172.16.254.1
!
dot1x address 172.16.209.5
dot1x port enable 1
!
no snmp
!
SWITCH(config)#
Dasan Networks, Inc
Chapter VII System Main Function
This chapter describes main functions of this switch such as VLAN, Port trunking, and STP. It contains the
following sections.
VLAN
Port Trunking
LACP Configuration
STP and RSTP
Stacking
Rate Limit
Configuring Bandwidth-share-Group
IP IGMP(Internet Group Management Protocol)
PIM-SM (Protocol Independent Multicast Sparse Mode)
VRRP (Virtual Router Redundancy Protocol)
NAT
Bandwidth
DHCP
Broadcast Storm Control
7.1 VLAN
This section describes the below items.
Overview of VLAN
Features of VLAN
Configuring VLAN
7.1.1 Overview of VLAN
Nodes in same LAN can receive information when one node sends the information by using Broadcast.
However, with using the Broadcast , node is supposed to be obliged to receive unnecessary information.
To prevent this defect, nodes on same logical LAN are supposed to receive the information by dividing
LAN into logical LAN. Like this, logically divided LAN is called as VLAN(Virtual LAN) and one
VLAN may include several ports. Packets can be transmitted between ports in same VLAN when
network is consisted of VLAN. Only through routing equipment to make connection in VLANs, packets
can be transmitted between ports in each different VLAN. VLAN decreases Ethernet traffic to improve
transmit rate and strengthens security by transmission per VLAN.
V5324 Switch
br 3
br 1
br 2
VLAN based on port
158 - System Main Function
Dasan Networks, Inc
You can construct VLAN based on port, MAC address, and protocol. V5324 switch supports VLAN
based on port. V5324 switch complying with IEEE 802.1q can transmit both tagged packet and
untagged packet, which does not have VLAN ID. All switch ports have VLAN ID(PVID) configured by
system. So, unless user configures specific VLAN, known as untagged VLAN, system configures VLAN
ID(PVID). Therefore, switch ports, which consist VLAN network can transmit packet to the VLAN,
which has same number with VLAN number.
7.1.2 Features of VLAN
Enlarged Network Bandwidth

Users belonged in each different VLAN can use more enlarged bandwidth than no VLAN composition
because they do not receive unnecessary BroadCast information.
Cost-Effective Way
When you use VLAN to prevent unnecessary traffic loading because of broadcast, you can get costeffective network composition since switch is not needed.
Strengthened Security
Usually node shares broadcast information, in some case, authorization is required for the information.
VLAN supports the way for VLAN member consisted of only authorized users so that network security
can be more strengthened.
7.1.3 Configuring VLAN
The below functions are explained.
Making VLAN
Specifying PVID
Assigning Port in VLAN
Releasing VLAN
Configuring VLAN for Uplink Port
(1) Making VLAN
Dasan Networks, Inc
System Main Function - 159
In order to configure VLAN on users network, use the following command.
Command
Mode
set vlan create vlan-name

<1-4094>
Function
Configures new VLAN by assigning a VLAN name and VLAN
Bridge
ID. VLAN ID can be assigned from 1 to 4,094.
The variable vlan-name is a particular set of bridged interfaces. Frames are bridged only among
interfaces in the same VLAN.
Information
Make vlan-name form brN (N=integer). You cannot create virtual LAN without brN form at vlan-name. If
you input wrong letter, not BrN, the following message will be displayed.
SWITCH(bridge)# set vlan create A 1

%bridge name must be started 'br'
SWITCH(bridge)#
The variable vlan-id is VLAN tag with which the packet is transmitted. If a port is configured with
tagging, it will send tagged traffic. In order to confirm VLAN configuration in the switch use the
following command, use the following command.
Command
Mode
show vlan [vlan-name]
Function
Top/Global/Bridge
Shows VLAN configuration.
The following is an example of configuring VLAN and confirming it. By default, all ports are
configured as br1 in V5324 switch.
SWITCH(bridge)# set vlan create br2 2

SWITCH(bridge)# show vlan
u: untagged port, t: tagged port
---------------------------------------------|
Name( VID) |12345678901234567890123456789012

-------------+-------------------------------br1(
1)
|uuuuuuuuuuuuuuuuuuuuuuuu........
br2(
2)
|................................
br3(
3)
|................................
SWITCH(bridge)#
Dasan Networks, Inc
In order to delete VLAN, use the following command.
Command
Mode
clear vlan vlan-name
Function
Bridge
Deletes VLAN.
The following is an example of deleting br3 and confirming it.
SWITCH(bridge)# clear vlan br3

---------------------------------------------|
Name( VID) |12345678901234567890123456789012

-------------+-------------------------------br1(
1)
br2(
2)
|................................
SWITCH(bridge)#
Note
When you delete VLAN, all ports in the VLAN are deactivated. The ports keep deactivated until new
VLAN is given.
(2) Specifying PVID

By default, PVID 1 is specified to all ports. And user also can configure PVID. In order to configure
PVID in a port, use the following command.
Command
set vlan pvid port-number <1-4094>
Mode
Bridge
Function
Configures PVID. It can be from 1 to 4,094.
The following is an example of specifying PVID as 2 in port 2 and viewing.
SWITCH(bridge)# set vlan pvid 2 2

SWITCH(bridge)# show running-config
(omitted)
set vlan pvid 1,3-26 1
set vlan pvid 2 2
(omitted)
SWITCH(bridge)#
Dasan Networks, Inc
(3) Assigning Port in VLAN

After creating VLAN such as br2, br3, you need to assign port to VLAN. By default setting of V5324
switch, all ports are aggregated into br1. So, to assign port to another VLAN, you should delete port in
br1 first. In order to do it, use the following commands.
Command
Mode
Function
set vlan add vlan-name port-number {tagged | untagged}
Assigns port to VLAN.

Bridge
set vlan del vlan-name port-number
Deletes port in VLAN.
Information
When you assign several ports in VLAN, you have to enter each port separated by a coma without space.
And use dash mark - to arrange port range.
Note
By default setting of V5324 switch, all ports are belonged to br1.
To avoid overlapping with br1 when
assigning port to VLAN, you should delete the port in br1.
The following is an example of configuring port 7~10 as br2, 11~18 as br3 and the other ports as br1 and
confirming it.
SWITCH(bridge)# set vlan del br1 7-18

SWITCH(bridge)# set vlan add br2 7-10 untagged
---------------------------------------------|
Name( VID) |12345678901234567890123456789012

-------------+-------------------------------br1(
1)
|uuuuuu............uuuuuu........
br2(
2)
|......uuuu......................
br3(
3)
|..........uuuuuuuu..............
SWITCH(bridge)#
Dasan Networks, Inc
(4) Releasing VLAN

The following steps are provided to release VLAN.
Step 1 Delete ports associated with a VLAN to be removed using the following command.
Command
Mode
set vlan del vlan-name port-number
Bridge
Function
Deletes all ports in VLAN.
Step 2 Enter into Interface configuration mode of VLAN to be deleted and deactivate the virtual
interface.
Command
Interface vlan-name
shutdown
Mode
Global
Interface
Function
Enters into Interface configuration mode of specified VLAN.
Deactivates virtual interface.
Step 3 Deletes VLAN.
Command
clear vlan vlan-name
Mode
Bridge
Function
Deletes VLAN.
(5) Configuring Shared-port ( applied to Layer 2 Switch)

Note
This configuration can be applied to only in case of using V5324 switch as dedicated switch for Layer 2.
V5324 switch is not only Layer 3 switch but also dedicated switch used for Layer 2. When user use the
V5324 switch as Layer 2 switch, it is impossible to communicate between VLANs because there is no
router function. Especially, port assigned as Uplink port should receive packets from all VLANs, but in
case of using the V5324 switch as Layer 2 switch, the port cannot receive packets unless the port is
configured to be included in all VLANs. Therefore, when you configure VLAN in Layer 2 switch, you
have to configure Uplink port included in all VLANs no matter how many VLANs are made as follow
showing an example of configuring port 1 ~ 16 as independent VLANs.
Dasan Networks, Inc

.
.
SWITCH(bridge)# set vlan add br2 2,26 untagged
.
.
---------------------------------------------|
Name( VID) |12345678901234567890123456789012

-------------+-------------------------------br1(
1) |u........................u......
br2(
2)
|.u.......................u......
br3(
3)
|..u......................u......
br4(
4)
|...u.....................u......
br5(
5)
|....u....................u......
br6(
6)
|.....u...................u......
br7(
7)
|......u..................u......
br8(
8)
|.......u.................u......
br9(
9)
|........u................u......
br10(
10) |.........u...............u......
br11(
11) |..........u..............u......
br12(
12) |...........u.............u......
br13(
13) |............u............u......
br14(
14) |.............u...........u......
br15(
15) |..............u..........u......
br16(
16) |...............u.........u......
In order to receive
packets
from
all
VLANs, Uplink port,
port 26 should be
configured
to
be
included
in
all
VLANs.
SWITCH(bridge)#
When untagged packet is transmitted on the above configuration, untagged packet received in port 1
gets pvid 1, and Uplink port, port 26 has pvid 1 also, so it can be transmitted to port 26. The thing is
untagged packet received in Uplink port. Since it is not clear which pvid untagged packet should have,
you need the following configuration to transmit untagged packets to all ports.
It is necessary to configure another VLAN including Uplink port, port 26, and ports 1 ~ 16 on the above
configuration. The following is an example of configuring br 17, which has pvid 17 in addition, and
confirming it.
Dasan Networks, Inc

SWITCH(bridge)# set vlan add br17 1-16,26 untagged
---------------------------------------------|
Name( VID) |12345678901234567890123456789012

-------------+-------------------------------br1(
1)
|u........................u......
br2(
2)
|.u.......................u......
br3(
3)
|..u......................u......
br4(
4)
|...u.....................u......
br5(
5)
|....u....................u......
br6(
6)
|.....u...................u......
br7(
7)
|......u..................u......
br8(
8)
|.......u.................u......
br9(
9)
|........u................u......
br10(
10) |.........u...............u......
br11(
11) |..........u..............u......
br12(
12) |...........u.............u......
br13(
13) |............u............u......
br14(
14) |.............u...........u......
br15(
15) |..............u..........u......
br16(
16) |...............u.........u......
br17(
17) |uuuuuuuuuuuuuuuu.........u......
SWITCH(bridge)#
Last of all, you should configure all ports, which are configured as the above, as shared-ports. After that,
untagged packet received in Uplink port, port 26 gets pvid 17 and is transmitted to ports 1 ~ 16.
In order to configure as shared-port, use the following command on Bridge configuration mode.
Command
Mode
set shared-port {enabledisable}
Bridge
port-number
Function
Configures a specified port as shared-port.
In order to confirm the above configuration, use the following command.
Command
show port port-number
Dasan Networks, Inc
Mode
Top/Global/Bridge
Function
Shows all information on port.
The following is an example of configuring ports 1 ~ 16 and Uplink port, port 26 as shared-port and
confirming the configuration.
SWITCH(bridge)# set shared-port enable 1

.
.
--------------------------------------------------------------------------NO
TYPE
PVID
STATUS
SHARED
MODE
FLOWCTRL INSTALLED
(ADMIN/OPER)
--------------------------------------------------------------------------26:
Ethernet
Up/Down
Auto/Full/1000
On
SWITCH(bridge)#
7.2 Port Trunking

Port trunking enables you to dynamically group similarly configured interfaces into a single logical link
(aggregate port) to increase bandwidth, while reducing the traffic congestion. When grouping the
interfaces with the same speed, and duplex, traffic is distributed over an aggregate port.
V5324 Switch
Use six numbers of

port as a port
An example of Port Trunking
Information
The switch supports up to six aggregate ports and each aggregate port can consist of up to eight
configured Ethernet interfaces.
Dasan Networks, Inc
In order to aggregate port or delete aggregated port, use the following commands.
Command
Mode
Function
Configures physical port as logical port and assigns
set trunk add group-id port-number
srcmac or dstmac to specifies packet passing through
{srcmacdstmac}
Bridge
set trunk del group-id port-number
aggregated port.
Deletes physical port involved in logical port.
Information
Since V5324 switch supports six logical ports, group id can be from 0 to 5.
In order to confirm port trunk configuration, use the following command.
Command
show trunk
Mode
Top/Global/Bridge
Function
Shows port trunk configuration.
The following is an example of configuring port 13 ~ 16 as trunk and confirming it.
SWITCH(bridge)# set trunk add 1 13-16 srcmac

SWITCH(bridge)# show trunk
Trunk Group
0 : Inactive
Trunk Group
1 : SRC_MAC : 13(x) 14(x) 15(x) 16(x)
Trunk Group
2 : Inactive
Trunk Group
3 : Inactive
Trunk Group
4 : Inactive
Trunk Group
5 : Inactive
SWITCH(bridge)#
Note
Ports configured as Port Trunking become independent out of from VLAN. Therefore, you need to add
them to VLAN again with new assigned number.
The following example shows: configuring ports 1 ~ 6 and port 19 ~ 26 as br1, configuring port 7 ~ 18 as
br2, and then configuring ports 7 ~ 10 as Trunk, and adding virtual port 27 configured as Trunk to br2.
Dasan Networks, Inc

SWITCH(bridge)# set trunk add 0 7-10 srcmac
26 physical ports

---------------------------------------------|
Virtual port
configured as Trunk
Name( VID) |12345678901234567890123456789012

-------------+-------------------------------br1(
1)
|uuuuuu............uuuuuuuu......
br2(
2)
|..........uuuuuuuu..............
SWITCH(bridge)# set vlan add br2 27 untagged

Independent from VLAN

when configuring as
Trunk

---------------------------------------------|
Name( VID) |12345678901234567890123456789012

-------------+-------------------------------br1(
1)
|uuuuuu............uuuuuuuu......
br2(
2)
|..........uuuuuuuu........u.....
SWITCH(bridge)#
Port 27 unifying ports 7 ~ 10

included in VLAN br2.
7.3 LACP Configuration

LACP(Link Aggregation Control Protocol) complying with IEEE 802.3ad bundles several physical ports
together to from one logical port so that user can get enlarged bandwidth as described at 7.4 Port
Trunking. However the difference with port trunking is that LACP automatically makes aggregated
bandwidth by configuring aggregator to aggregate ports and physical member port to be aggregated
into logical port. Besides. If aggregated port is made by port trunking, user should add it to VLAN by
using command, but aggregated port by LACP is automatically added to VLAN. Perform the following
tasks to configure LACP in V5324 switch.
Step 1 Enable LACP in users switch.

Step 2 Configure aggregator.
Step 3 Specify member port of aggregator and configures mode of member port.
Note
You can make maximum six aggregators through LACP and maximum eight member ports can be
aggregated.
Dasan Networks, Inc
The following details will be explained for users to configure LACP.
Enabling LACP
Configuring Aggregator
Configuring Member Port
Confirming LACP Configuration
Configuring Key of Member Port
Configuring Port Priority
7.3.1 Enabling LACP
Before configuring LACP in switch, you need to enable LACP first. In order to enable LACP, use the
following command.
Command
set lacp system interface interface-name
Mode
Function
Bridge
Enables LACP in users switch.
Also, in order to release LACP and delete LACP configuration, use the following command.
Command
set lacp system interface disable
Mode
Bridge
Function
Releases LACP and deletes LACP configuration.
7.3.2 Configuring Aggregator
After enabling LACP, you should configure logical aggregator to aggregate several physical ports. In
order to configure aggregator or delete it, use the following commands.
Command
Mode
set lacp aggregator add group-id
Function
Configures logical aggregator.
Bridge
set lacp aggregator del group-id
Dasan Networks, Inc
Deletes aggregator.
Information
You can make maximum six logical ports, so group-id can be input from 0 to 5.
Note
You cannot configure both port trunking and LACP at the same time. Therefore only one function can be
configured at one group-id.
When you configure aggregator, you need to specify packet passing through aggregator. In order to do
it, use the following command.
Command
Mode
set lacp aggregator add group-id
Function
Specifies
Bridge
method {srcmacdstmac}
packet
passing
through
logical
aggregator.
Information
Source Mac-address is abbreviated to srcmac and Destination Mac-address is abbreviated to dstmac.
7.3.3 Configuring Member Port
After finishing aggregator configuration, you should configure physical port to be member of
aggregator. In order to configure member port of aggregator or delete it, use the following commands.
Command
Mode
set lacp port add port-number
Function
Configures physical port to be member port of aggregator.
Bridge
set lacp port del port-number
Deletes physical port to be member port of aggregator.
Information
It is possible to configure several port-numbers by using , and -.
You need to configure mode of member port after member port configuration. There are two modes of
member port that can be configured- active mode and passive mode. Active mode has higher
priority than passive mode, and active mode becomes the standard, therefore passive mode is supposed
to follow configuration of active mode.
Dasan Networks, Inc
Command
Mode
set lacp port mode port-number {activepassive}
Bridge
Function
Configures mode of member port.
By the way, if member port of two equipments connected to each other is configured as active mode,
another value is required to decide priority. In this case, it is possible for user to configure priority in
switch. In order to give priority to switch in LACP, use the following command.
Command
set lacp system priority <1-65535>
Mode
Bridge
Function
Gives priority value to switch in LACP.
Information
When member ports of two equipments connected to each other are configured as active mode and
passive mode, one equipment configured as active mode is standard, and if both equipments are
configured as active mode, then one equipment with higher priority is the standard. However, if both
equipments are configured as passive mode, then member ports of the equipments will not be linked.
7.3.4 Confirming LACP Configuration
User can view configuration of LACP. In order to confirm LACP configuration, use the following
commands.
Command
Mode
show lacp aggregator

show lacp aggregator group-id
show lacp port
Function
Shows information of aggregator.
Top/Global
/Bridge
show lacp port port-number
Shows information of specified aggregator.

Shows information of member port.
Shows information of specified member port.
The following is an example of configuring aggregators of switch A and switch Bas 0, ports 7 ~ 10 as
member port, and viewing the configuration.
Dasan Networks, Inc

<Configuration in SWITCH A>
SWITCH_A(bridge)# set lacp system interface br1

SWITCH_A(bridge)# set lacp aggregator add 0
SWITCH_A(bridge)# set lacp port add 2-3
SWITCH_A(bridge)# set lacp port mode 2-3 active
SWITCH_A(bridge)# show lacp aggregator
AGGR
PRIORITY
PARTNER
----
------------------
------------
0x8000.00D0CB0A01B3
MEMBER
00D0CB22004E
-----2(o)-3(o)
Shown when member ports

are linked.
SWITCH_A(bridge)# show lacp port
PORT
AGGR
KEY
ACTIVITY
PARTNER
----
----
---
--------
-------
ENABLE
------
02
ACTIVE
ENABLE
03
ACTIVE
ENABLE
SWITCH_A(bridge)#
<Configuration in SWITCH B>
SWITCH_B(bridge)# set lacp system interface br1

SWITCH_B(bridge)# set lacp aggregator add 0
SWITCH_B(bridge)# set lacp port add 2-3
SWITCH_B(bridge)# set lacp port mode 2-3 passive
SWITCH_B(bridge)# show lacp aggregator
AGGR
PRIORITY
PARTNER
MEMBER
----
------------------
------------
------
0x8000.00D0CB22004E
00D0CB0A01B3
2(o)-3(o)
Shown when member ports

are linked.
SWITCH_B(bridge)# show lacp port

PORT
AGGR
KEY
ACTIVITY
PARTNER
ENABLE
----
----
---
--------
-------
------
02
1 PASSIVE
ENABLE
03
1 PASSIVE
ENABLE
SWITCH_B(bridge)#
Information
AGGR section shows ID of aggregator when using command, show lacp port. It is not group-id user
inputs when configuring aggregator.
Dasan Networks, Inc
7.3.5 Configuring Key of Member Port
Member port of LACP has key value. All member ports in one aggregator have same key values. In
order to make an aggregator consisted of specified member ports, configure different key value with
key value of another port by using the following command.
Command
Mode
set lacp port key port-number <1-15>
Function
Bridge
Configures key value of member port.
Information
The default is 1.
For example, switch A and switch B are linked with switch C in the below picture. Two aggregators are
configured in switch A and ports 7 ~ 10 are configured as member port. One aggregator is configured in
switch B and ports 7 ~ 8 are configured as member port. And one aggregator is configured as switch C
and port 9 ~ 10 are configured as member port. After these configurations, ports 7~8 of switch A and B
are linked
with ports 9~10 of switch A and C, then switch A is linked with switch B and C through
aggregators.
Aggregators of switch A and C

are linked through port 9, 10
SWICH C
Internet
SWICH A
Aggregators of switch A and C

SWICH B
Example of LACP
Dasan Networks, Inc
Meanwhile, switch A is linked with switch B in the below picture. Two aggregators are configured in
both switch A and B, ports 7~10 are configured as member port. With this configuration, if ports 7~10
are connected through cable, one aggregator including the ports is made. However, if key values of
ports 7~10 are differently configured, two aggregators are made.
SWICH A
Internet
Aggregators of switch A and B
Aggregators of switch A and

B are linked through port 9,10
SWICH B
Example of LACP
The following is an example of aggregating ports 7~8 and ports 9~10 into different port as above.
Without key configuration, two aggregators are configured and ports 7~10 are configured as member
port.
<SWITCH A>
SWITCH_A(bridge)# set lacp system interface br1
SWITCH_A(bridge)# set lacp aggregator 0 method srcmac
SWITCH_A(bridge)# set lacp aggregator 1 method srcmac
SWITCH_A(bridge)# set lacp port add 7-10
SWITCH_A(bridge)# set lacp port mode 7-10 active
AGGR
PRIORITY
PARTNER
MEMBER
----
-------------------
------------
------
0x8000.00D0CB0A01B3
00D0CB0AA790
eth07(o)-eth08(o)-eth09(o)-eth10(o)
0x8000.000000000000
SWITCH_A(bridge)#
Dasan Networks, Inc
<SWITCH B>
SWITCH_B(bridge)# set lacp system interface br1

SWITCH_B(bridge)# set lacp aggregator 0 method srcmac
SWITCH_B(bridge)# set lacp aggregator 1 method srcmac
SWITCH_B(bridge)# set lacp port add 7-10
SWITCH_B(bridge)# set lacp port mode 7-10 active
AGGR
PRIORITY
----
-------------------
------------
PARTNER
MEMBER
------
0x8000.00D0CB0A01B3
00D0CB0AA790
eth07(o)-eth08(o)-eth09(o)-eth10(o)
0x8000.000000000000
SWITCH_B(bridge)#
By viewing the above configuration, you can see four ports are aggregated in one aggregator. However,
if you configure key values differently, you can see two aggregators are made.
<SWITCH A>
SWITCH_A(bridge)# set lacp port key 9-10 2

AGGR
PRIORITY
PARTNER
MEMBER
----
-------------------
------------
------
0x8000.00D0CB0A01B3
00D0CB0AA790
eth07(o)-eth08(o)
0x8000.000000000000
00D0CB0AA790
eth09(o)-eth10(o)
SWITCH_A(bridge)#
<SWITCH B>
SWITCH_B(bridge)# set lacp port key 9-10 2
AGGR
PRIORITY
----
-------------------
------------
PARTNER
MEMBER
0x8000.00D0CB0A01B3
00D0CB0AA46C eth07(o)-eth08(o)
0x8000.000000000000
00D0CB0AA46C eth09(o)-eth10(o)
------
SWITCH_B(bridge)#
Dasan Networks, Inc
7.3.6 Configuring Port Priority
One aggregator can include maximum eight ports. When there are ten ports configured, higher priories
are selected. However, user can configure the priority when user wants specific port to configure as
member port regardless of its priority. In order to configure priority of LACP member port, use the
following command.
Command
Mode
set lacp port priority port-number <1-15>
Bridge
Function
Configures priority of member port.
7.4 STP and RSTP

LAN, which is composed of double-path like token ring, has the advantage that it is possible to access
in case of disconnection with one path. However there is another problem named Loop when you
always use the double-path. Loop is; when there are more than two paths between switches as below
figure(SWITCH A,B), PC A sends packet through broadcast or multicast and then the packet keeps
rotating. It causes superfluous data-transmission and network fault.
SWITCH A
SWITCH B
PC A
PC B
Example of Loop
STP(Spanning-Tree Protocol) is the function to prevent Loop in LAN with more than two paths and to
utilize the double-path efficiently. It is specified in IEEE 802.1d. When STP is configured, there is no
Loop since it chooses more effective path of them and closes the other path. In other words, when
SWITCH C in the below figure sends packet to SWITCH C, path 1 is chosen and path 2 is closed.
Dasan Networks, Inc
SWITCH A
SWITCH E
SWITCH B
Path 1
SWITCH C
Path 2
SWITCH D
Example of the running STP
Meanwhile, RSTP(Rapid Spanning-Tree Protocol) defined in IEEE 802.1w innovate reduces the time of
network convergence on STP. Due to same vocabularies and configuration parameter used in 802.1d, it
is easy and fast to configure new protocol. Also, 802.1w includes 802.1d inside, so it can provide
comparability with 802.1d.
Information
V5324 switch supports RSTP from OS v.9.03.
Information
For comparability with configuration of switch installed old version, the default is STP mode.
For more detail description of STP, refer to the following.
STP Operation
RSTP Operation
STP and RSTP Configuration
BPDU(Bridge Protocol Data Unit) Configuration
Dasan Networks, Inc
7.4.1 STP Operation
The 802.1d STP defines port state as Blocking, Listening, Learning, and Forwarding. When STP is
configured in LAN with double-path, switches exchange their information including Bridge ID. It is
named as BPDU(Bridge Protocol Data Unit). Switches decide port state based on exchanged BDPU and
automatically decide optimized path to communicate with Root switch as standard of Spanning-Tree.
Root Switch
The critical information to decide Root switch is Bridge ID. Bridge ID is composed of 2 bytes-Priority
and 6 Bytes-MAC address. The Root switch is decided with the lowest Bridge ID.
SWITCH A
Priority : 8
SWITCH B
Priority : 9
ROOT
SWITCH C
Priority : 10
SWITCH D
Root Switch
For example, suppose there are three linked switches as below picture. After configuring STP, switches
exchange their information. The Priority of SWITCH A is 8, the Priority of SWITCH B is 9 and the
Priority of SWITCH C is 10. In this case, SWITCH A is automatically configured as Root switch.
Dasan Networks, Inc
Designated Switch
After deciding Root switch, when SWTCH A transmits packet to SWITCH C, SWITCH A compares
exchanged BDPU to decide path. The critical information to decide path is path-cost. Path-cost depends
on transmit rate of LAN interface and path with lower path-cost is selected.
The standard to decide designated switch is total Root path-cost which is added with path-cost to Root.
Path-cost depends on transmit rate of switch LAN interface and switch with lower path-cost is selected
to be designated switch.
SWITCH A
Priority : 8
ROOT
Path-cost
100
Path-cost
50
Designated
SWITCH
SWITCH C
Priority : 10
SWITCH B
Priority : 9
Path-cost
100
Path-cost
100
SWITCH D
: Path 1
: Path2
(PATH 1=50+100=150, PATH 2=100+100=200, PATH 1 PATH 2, PATH 1 is chosen)
Deciding Designated Switch
In case of the above picture showing SWITCH C sends packet, path-cost of PATH 1 is 150 and path- cost
of PATH 2 is total 200(100 + 100 ; path-cost of SWITCH C to B + path-cost of SWITCH B to C). Therefore
lower path-cost, PATH 1 is chosen. In this case, port connected to Root switch is named Root port. In the
above picture, port of SWITCH C connected to SWITCH A as Root switch is Root port. There can be
only one Root port in one equipment.
Dasan Networks, Inc
Information
The standard to decide designated switch is total Root path-cost which is added with path-cost to Root.
switch with lower path-cost is selected to be designated switch. When Root path-costs are same, bridge ID
is compared.
Designated Port and Root Port
Also, selected switch for communication in a segment is named Designated switch. In the below picture,
suppose that packet is transmitted from Root switch to SWITCH D. SWITCH B and SWITCH C can be
selected. However, since Loop is created transmitting packet to SWITCH D, one of two must be selected
by comparing information of BDPU.
As a result, if PATH 1 is selected, Designated switch against
segment transmitted to SWITCH D is SWITCH B. Except Root port in each switch, selected port to
communicate is Designated port. The other ports, except Root port and Designated port, are named
Blocked port.
SWITCH A
ROOT
Designated
Port
Designated
SWITCH
SWITCH B
Root Port
Designated
SWITCH C
Port
PATH 1
PATH 2
SWITCH D
Designated Switch and Designated Port
Port-priority
Meanwhile, when path-costs of two paths are same, port-priority is compared. As the below picture,
suppose that two switches are connected. Since the path-costs of two paths are 100, same, their portpriorities are compared and port with smaller port-priority is selected to transmit packet.
Dasan Networks, Inc
- Path-cost 100
- Port priority 7
- Port 1
PATH 1
ROOT
PATH 2
- Port 2
- Port priority 8
- Path-cost 100
( path-cost of PATH 1 = path-cost of PATH 2 = 100 unable to compare

PATH 1 port priority = 7, PATH 2 port priority = 8, PATH 1 PATH 2, PATH 1 is chosen )
Example of Using Port priority
All these functions are automatically performed by BDPU, which is the information of switch. It is also
possible to configure BDPU to change Root switch or path manually. Refer to 7.3.3 Configuring BPDU
(Bridge Protocol Data Unit) Transmission.
7.4.2 RSTP Operation
When SRP or RSTP is configured on network where Loop can be created, result of the last topology is
same. However, RSTP is more rapidly progressed than STP at the stage of reaching to the last topology.
This section describes how the RSTP more improved than STP works. It contains the below sections.
Port States
BPDU Policy
Rapid Network Convergence
Comparability with 802.1d
(1) Port States

RSTP defines port states as Discarding, Learning, and Forwarding. Blocking of 802.1d and Listening is
combined into Discarding. Same as STP, Root port and Designated port are decided by port state. But
existing Blocked port is divided into Alternate port and Backup port. Alternate port means a port
blocked by receiving BDPU of priority of high numerical value from another equipment, and Backup
port means a port blocked by receiving BDPU of priority of high numerical value from another port of
same equipment.
Dasan Networks, Inc
The below picture shows Alternate port and Backup port.
SWITCH A
ROOT
SWITCH B
SWITCH C
Designated
Alternate
Backup Port
Port
Port
PATH 1
PATH 2
SWITCH D
Alternate Port and Backup Port
The difference of between Alternate port and Backup port is that Alternate port can alternate path of
packet when there is a problem between Root switch and SWITCH C but Backup port cannot provide
stable connection in that case.
(2) BPDU Policy

802.1d forwards BDPU following Hello-time installed in Root switch and the other switch except Root
switch its own BDPU only when receiving BDPU from Root switch. However, in 802.1w not only Root
switch but also all the other switches forward BDPU following Hello-time. BDPU is more frequently
changed than the interval Root switch exchanges, but with 802.1w it becomes faster to be master of the
situation of changing network.
By the way, when low BDPU is received from Root switch or Designated switch, it is immediately
accepted. For example, suppose that Root switch is disconnected to SIWTCH B. Then, SWITCH B is
considered to be Root because of the disconnection and forwards BDPU. However, SWITCH C
recognizes Root existing, so it transmits BDPU including information of Root to Bridge B. Thus,
SWITCH B configures a port connected to SWITCH C as new Root port.
Dasan Networks, Inc
SWITCH A
ROOT
New
ROOT PORT
SWITCH B
SWITCH C
BPDU including
Root information
Low BPDU
In case of Receiving Low BPDU
(3) Rapid Network Convergence
ROOT
New
link created
SWITCH A
Transmit
BDPU at
SWITCH B
SWITCH C Listen state
Blocking to
prevent Loop
: BDPU flowing
SWITCH D
Convergence of 802.1d Network
As the above picture, suppose that there is a new link connected between SWITCH A and Root. Root
and SIWTCH A is not directly connected, but indirectly through SSIWTCH D.
Dasan Networks, Inc
After SWITCH A is newly connected to Root, packet cannot be transmitted between the ports because
state of two switches becomes listening, and no Loop is created. In this state, if Root transmits BDPU to
SWITCH A, SWITCH A transmits new BDPU to SWITCH A and SWITCH C, SIWTCH C transmits new
BDPU to SWITCH D. SWITCH D, which received BDPU from SWITCH C makes port connected to
SWITCH C Blocking state to prevent Loop after new link. This is very an epochal way of preventing
Loop, the matter is that communication is disconnected during two times of BDPU Forward-delay till a
port connected to SIWTCH D and SWITCH C is blocked.
The below picture shows the progress of 802.1w to save the time of disconnection. There is a new link
between SWITCH A and Root. Then, right after the connection, it is possible to transmit BDPU although
packet cannot be transmitted between SIWTCH A and Root.
New link
ROOT
created
SWITCH A
Negotiate between SWITCH A

and Root (Traffic Blocking)
SWITCH B
SWITCH C
SWITCH D
Network convergence of 802.1w
SWITCH A negotiates with Root through BDPU. To make link between SWITCH A and Root, port
state of non-edge designated port of SWITCH is changed to Blocking. Although SWITCH A is
connected to Root, Loop will not be created because SWITCH A is blocked to SWITCH Band C. In this
state,
BDPU form Root is transmitted to SWITCH B and C through SWITCH A. To configure
Forwarding state of SWITCH A, SWITCH A negotiates with SWITCH B and SWITCH A does with
SWITCH C.
Dasan Networks, Inc
ROOT
Forwarding State
Negotiate between
SWITCH A
and SWITCH B
(Traffic Blocking)
SWITCH A
Negotiate between
SWITCH B
SWITCH C
SWITCH A
and SWITCH C
(Traffic Blocking)
SWITCH D
SWITCH B has only edge-designated port. Edge designated does not cause Loop, so it is defined in
802.1w to be changed to Forwarding state. Therefore, SWITCH B does not need to block specific port to
Forwarding state of SWITCH A. However since SWITCH C has a port connected to SWITCH D, you
should make Blocking sate of the port.
ROOT
SWITCH A
Forwarding State
SWITCH B
Forwarding State
SWITCH C
Blocking
to make Forwarding
state of SWITCH A
SWITCH D
Dasan Networks, Inc
It is same with 802.1d to block the connection of SWITCH D and SWITCH C. However, 802.1w does not
need any configured time to negotiate between switches to make Forwarding state of specific port. So it
is very fast progressed.
During progress to Forwarding sate of port, Listening and Learning are not needed. These negotiations
use BDPU.
(4) Comparability with 802.1d

RSTP internally includes STP, so it has comparability with 802.1d. Therefore, RSTP can recognize BDPU
of STP. But, STP cannot recognize BDPU of RSTP. For example, assume that SWITCH A and SWITCH B
are operated as RSTP and SWITCH A is connected to SWITCH C as Designated switch. Since SWITCH
C, which is 802.1d ignores RSTP BDPU, it is interpreted that SIWTCH C is not connected to any switch
or segment.
SWITCH B
SWITCH A
(802.1w)
(802.1w)
SWITCH C
(802.1d)
STP BPDU
RSTP BPDU
However, SWITCH A converts a port received BDPU into RSTP of 802.1d because it can read BDPU of
SWITCH C. Then SWITCH C can read BDPU of SWITCH A and accepts SWITCH A as Designated
switch.
SWITCH A
(802.1w)
SWITCH B
(802.1w)
SWITCH C
(802.1d)
STP BPDU
Dasan Networks, Inc
7.4.3 STP and RSTP Configuration

(1) Activating STP
To use STP in switch, activate STP first. In order to activate STP, use the following command.
Command
set stp enable bridge-name
Mode
Bridge
Function
Activates STP of VLAN.
The following is an example of activating STP in br1.
SWITCH(bridge)# set stp enable br1

SWITCH(bridge)#
Information
The default is deactivated.
You do not have to configure STP to prevent Loop in the switches in LAN that does not have doublepath. In order to release STP in users switch, use the following command.
Command
set stp disable bridge-name
Mode
Function
Bridge
Deactivates STP in VLAN.
The following is an example of deactivating STP in VLAN br1.
SWITCH(bridge)# set stp disable br1

SWITCH(bridge)#
(2) Deciding Root Switch

Root switch should be decided first before running STP. Each switch has own Bridge ID. Root switch is
selected by comparing Bridge Ids of the switches on same LAN. In order to view Bridge ID of users
switch, use the following commands.
Dasan Networks, Inc
Command
Mode
show stp
Function
Shows Bridge ID and STP activating.
Top/Global/Bridge
show stp bridge-name

show stp bridge-name port-number
Shows BDPU in more detail.

Shows BDPU of port.
The following is an example of viewing Bridge ID.
SWITCH(bridge)# show stp

bridge name
br1
bridge id
8001.00d0cb0d0012
STP enabled
no
SWITCH(bridge)#
Priority
When Priority is configured upon users requests, however, Root switch can be changed as user wants.
After changing Priority, the switch with the lowest Priority is supposed to be Root switch.
In order to change Root switch after configuring Priority in switch, use the following command.
Command
Mode
set stp priority
Function
Bridge
bridge-name <0-15>
Configures Priority in switch. The one with the lowest Priority is

chosen as Root switch and it is possible to configure from 0 to 15.
This is an example of checking the configuration after Priority of br1 is set to 10.
SWITCH(bridge)# set stp priority br1 10

SWITCH(bridge)# show stp
bridge name
br1
bridge id
a001.00d0cb0d0012
SWITCH(bridge)#
STP enabled
no
Priority (10 in decimal system is a in Hexa decimal system.)
(3) Configuring Path-cost

After deciding Root switch, you need to decide which path to transmit packet.
To do this, the standard is path-cost. Generally, path-cost depends on transmission speed of LAN
interface in switch.
Dasan Networks, Inc
For example, however, if the chosen path makes packet overloading, user would better choose another
path.
Considering this situation, user of V5324 switch can configure path-cost of Root port optionally to
decide a path at users disposal. In order to configure path-cost, use the following command.
Command
Mode
Function
Configures path-cost to choose a path at users
set stp path-cost
Bridge
bridge-name port-number {costdefault}
disposal. If you input default, the default

Path-cost is recovered from the current mode.
The following is an example of changing path-cost to 10 from 100 and confirming it.
SWITCH(bridge)# show stp br1

br1
bridge id
a001.00d0cb010203
bridge VLAN id
designated root
0001.00d0cb0a003f
root port
max age
20.00
hello time
2.00
forward delay
15.00
ageing time
300.00
root path cost

bridge max age
bridge hello time
100
20.00
2.00
bridge forward delay
15.00
gc interval
4.00
hello timer
0.00
tcn timer
0.00
topology change timer
0.00
gc timer
1.95
flags
SWITCH(bridge)# set stp path-cost br1 1 10
SWITCH(bridge)# show stp br1
br1
bridge id
a001.00d0cb010203
bridge VLAN id
designated root
0001.00d0cb0a003f
root port
max age
hello time
forward delay
ageing time
1
20.00
2.00
15.00
300.00
root path cost
10
bridge max age
20.00
bridge hello time

bridge forward delay
gc interval
2.00
15.00
4.00
hello timer
0.00
tcn timer
0.00
topology change timer
0.00
gc timer
1.49
flags
SWITCH(bridge)#
Dasan Networks, Inc
(4) Configuring Port-priority

If two path-costs and the other conditions are almost same, the final decision is up to port-priority. In
this case, it is also possible to configure port-priority and choose a path as user wants.
In order to configure port-priority, use the following command on Bridge configuration mode.
Command
set stp port-priority
bridge-name port-number priority-value
Mode
Bridge
Function
Configures port-priority.
7.4.4 Configuring BPDU(Bridge Protocol Data Unit) Transmission
The switches configured STP exchanges their information named BDPU to find the most suitable path.
In this case, user can configure the following items.
Hello time
Hello time means the interval time that Root switch sends BPDU. It is possible to configure from 1
second to 10 second. Hello time is basically set to 2 second.
Max Age
Root switch send new information made from the information it gets. However, it takes a lot of time to
send BDPU when there are many linked switches. And the information may be useless when network
access status is changed during sending BDPU. Therefore each information has Max Age to fond and to
remove the useless information.
Forward Delay
Switches find the location of other switches linked to LAN and send packet through BDPU. Before
sending packet, switches consider the time of receiving BDPU and finding the location, and then send
packet at regular interval. This interval time is called Forward delay.
Dasan Networks, Inc
(1) Configuring Hello time

Hello time decides the interval time when switch sends BPDU.
To configure Hello time, use the following command on Bridge mode.
Command
Mode
set stp hello-time bridge-name

<1 10>
Function
Deciding the interval time when switch sends BPDU. 2 second
Bridge
configured in system. Deciding the interval time when switch

sends BPDU. 2 second configured in system..
This is an example of configuration that Hello time of br1 is set to 5 second.
SWITCH(bridge)# set stp hello-time br1 5

SWITCH(bridge)#
(2) Time to prepare sending packet

In order to send packet, it takes time to find the location of each switch after receiving configuration
message. In case of LAN, to prevent Loop phenomenon, you need to give some time to grasp the
message.
To configure the time to send packet, use the following command on Bridge mode.
Command
set stp forward-delay bridge-name <4 30>
Mode
Bridge
Function
Deciding the time when switch sends BPDU. 15
second configured in system.
This is an example of configuration to send packet one time is set to one time in 10 second
SWITCH(bridge)# set stp forward-delay br1 10

SWITCH(bridge)#
Dasan Networks, Inc
(3) Configuring MAX Age

MAX Age shows how long BPDU is valid. Switches configure MAX Age to remove useless message.
Command
set stp max-age bridge-name <6 40>
Mode
Bridge
Function
Configuring MAX Age of BPDU. 20 second
configured in system.
This is an example of configuration that BDPU from br1 is set to be valid for 15 second.
SWITCH(bridge)# set stp max-age br1 15

SWITCH(bridge)#
Note
It is recommended that Max Age is configured less than twice of Forward Delay and more than twice of
Hello Time.
7.4.5 Self Loop Detection
Although there is no double path in users equipment, Loop can be caused by network environment
and cable condition connected to equipment. To prevent this, V5324 switch has Self Loop detection to
perceive that outgoing packet is got back. Through the Self Loop detection, you can prevent packet ,
which comes back because it blocks the port.
In order to enable Self Loop detection, use the following command.
Command
set selfloop-detect enable
Mode
Bridge
Function
Enables Self Loop detection.
In order to disable Self Loop detection, use the following command.
Command
set selfloop-detect disable
Mode
Function
Bridge
Disable Self Loop detection.
Dasan Networks, Inc
In order to check status of Self Loop detection and port where Loop is happened, use the following
command.
Command
Mode
Function
show selfloop
Bridge
Shows status of Self Loop detection and a port where Loop is happed.
The following is an example of enabling Self Loop detection and confirming it.
SWITCH(bridge)# set self-loop-detect enable

SWITCH(bridge)# show self-loop-detect
self-loop detection enabled
----------------------------------|
Port |12345678901234567890123456
-------+--------------------------Loop |..........................
SWITCH(bridge)#
7.5 Stacking
It is possible to manage several switches with one IP address by using stacking. A switch, which is
supposed to manage the other switches in stacking is named as Master switch and the other switches
managed by Master switch are named as Slave switch. Regardless of installed place or connection state,
Master switch can check and manage all Slave switches.
The below steps are provided to configure stacking.
Step1 Assign IP address to Master switch on Interface configuration mode and activate the interface
with the command, no shutdown. ( Refer to 3.3.1 Assigning IP Address.)
Information
When there are many connected switches, the other switches are managed by the IP address of Master
switch.
Dasan Networks, Inc
Step 2 Create a name to configure VLAN in Master switch, which Slave switches belong to.
Command
Mode
Function
set stack device name
Bridge
Configures VLAN in Master switch, which Slave switches belong to.
Information
To manage switch group, the ports connect Master switch to Slave switch must be in same VLAN.
Step 3 Add new switch or delete a switch in switch group by using the following commands.
Command
Mode
set stack add mac-address description
Function
Adds Slave switch in switch group.
Bridge
set stack del mac-address
Deletes Slave switch in switch group.
Information
You cannot add switches belonged to each different VLAN to same switch group.
Step 4 Configure Master switch by using the following command on Bridge configuration mode.
Command
Mode
set stack master
Bridge
Function
Configures Master switch.
Step 5 Configure Slave switch by using the following command on Bridge configuration mode.
Command
set stack slave
Mode
Bridge
Function
Configures Slave switch connected to Master switch.
Information
You have to enable Slave switch connected to Master switch.
Dasan Networks, Inc
Step 6 Create a name to enable VLAN by using the following command.
Command
Mode
set stack device name
Bridge
Function
Configures VLAN of Slave switch.
Information
To manage switch group, the ports connect Master switch to Slave switch must be in same VLAN.
Step 7 Confirm stacking configuration by using the following command.
Command
Mode
show stack
Function
Top/Global/Bridge
Shows information of Slave switch.
[Sample configuration 1]
The following is an example of configuring Master switch and Slave switch. SWITCH A is Master
switch and SWITCH B is Slave switch.
<SWITCH A>
SWITCH_A(bridge)# set stack device br1

SWITCH_A(bridge)# set stack add 00:d0:cb:22:00:11
SWITCH_A(bridge)# set stack master
<SWITCH B>
SWITCH_B(config)# set stack slave

SWITCH_B(bridge)# set stack device br1
<SWITCH A>
SWITCH_A(bridge)# show stack

device
: br1
node ID : 1
node
MAC address
status
type
name
port
00:d0:cb:0a:00:aa
active
V6124F
SWITCH_A
42
00:d0:cb:22:00:11
active
V5324
SWITCH_B
26
SWITCH_A(bridge)#
Dasan Networks, Inc
<SWITCH B>
SWITCH_B(bridge)# show stack
device
: br1
node ID : 2
SWITCH_B(bridge)#
After configuring switch group, you can configure and manage Slave switches. When you input Slave
switch number after the command, rcommand, Telnet window connected to the Slave switch will be
seen. You can configure Slave switch by using DSH command. To finish Slave switch configuration, use
the command, exit on Telnet.
In order to configure Slave switch, use the following command.
Command
rcommand node-number
Mode
Bridge
Function
Connects to Slave switch.
The following is an example of connecting to Slave switch 2 at Master switch.
SWITCH(bridge)# rcommand 3
Trying 127.1.0.1(23)...
Connected to 127.1.0.1.
Escape character is '^]'.
SWITCH login: root
Password: vertex25
SWITCH#
SWITCH# exit
Connection closed by foreign host.
SWITCH(bridge)#
In order to release staking, use the following command.
Command
clear stack
Mode
Bridge
Function
Releases stacking function.
Dasan Networks, Inc
7.6 Rate Limit

User can customize port bandwidth according to users environment. Through this configuration, you
can prevent a certain port to monopolize whole bandwidth so that all ports can use bandwidth equally.
egress and ingress can be configured both to be same and to be different.
In order to configure port bandwidth, use the following command.
Command
Mode
set rate port-number rate

[egressingress]
Bridge
Function
Configures port bandwidth. If you input egress or ingress, you can
configure outgoing packet or incoming packet. The unit is Mbps.
Unless you input neither egress nor ingress, they are configured to be same. To switch, egress is
incoming packet. So, it is upload to PC user.
In order to view configured port bandwidth, use the following command.
Command
Mode
show rate
Function
Top/Global/Bridge
Releases configured port bandwidth.
In order to delete configured port bandwidth, use the following command.
Command
clear rate port-number [egressingress]
Mode
Bridge
Function
Deletes configured port bandwidth.
The following is an example of configuring port 1 bandwidth as 64Mbps, port 2 egress bandwidth as
52Mbps and confirming it.
Dasan Networks, Inc
SWTICH(bridge)# set rate 1 64

SWTICH(bridge)# set rate 2 52
SWTICH(bridge)# show rate
---------------------------------------------------------------Port
Ingress
Egress
| Port
Ingress
Egress
--------------------------------+------------------------------1
64( 64.000)
64( 64.000)
52( 52.000)
52( 52.000)
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
(Omitted)
SWTICH(bridge)#
7.7 Flood-Guard
Flood-guard limits number of packets, how many packets can be transmitted, in configured bandwidth,
whereas Rate limit described in 7.6 Rate limitcontrols packets through configuring width of
bandwidth, which packets pass through.
<Rate Limit>
<Flood Guard>
V5324 Switch
V5324 Switch
Configure
Rate Limit in port
Configure Flood-guard
to allow packets as
many as n per a second
Control
bandwidth
1
2
.
.
3
.
.
n
n+1
n+2
Bandwidth
n packets
allowed for
a second
Packets over n
thrown away
Rate Limit and Flood Guard
This function prevents receiving packets more than configured amount without enlarging bandwidth.
Dasan Networks, Inc
In order to configure Flood-guard, use the following command.
Command
Mode
set flood-guard port-number count
Bridge
Function
Limits packets received in specified port as many as you
configure in a second.
In order to disable Flood-guard, use the following command.
Command
Mode
clear flood-guard port-number
Function
Bridge
Disables configured Flood-guard.
In order to view configuration of Flood-guard, use the following command.
Command
Mode
show flood-guard
Function
Bridge
Shows configuration of Flood-guard.
The following is an example of limiting packets as 10,000 in port 1 and confirming it.
SWITCH(bridge)# set flood-guard 1 10000

SWITCH(bridge)# show flood-guard
--------------------------------Port Rate(fps) | Port Rate(fps)
----------------+---------------1
10000
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
10
N/A
11
N/A
12
N/A
13
N/A
14
N/A
15
N/A
16
N/A
17
N/A
18
N/A
19
N/A
20
N/A
21
N/A
22
N/A
23
N/A
24
N/A
25
N/A
26
N/A
SWITCH(bridge)#
Dasan Networks, Inc
7.8 Configuring Bandwidth-share-Group

V5324 switch can prevent minimum secured bandwidth of ports belonged in one group exceeding the
maximum bandwidth of the group. The maximum bandwidth configured by user should not be less
than minimum secured bandwidth of ports in a group and bandwidth of ports depending on traffic
amount. A port receiving too many traffics among ports configured in one group can use the bandwidth
of another port receiving no traffic. If a packet is transmitted to an empty port, the minimum secured
bandwidth is returned. In this way, user can secure minimum bandwidth for all ports and extend
bandwidth of a port receiving too many traffics.
Note
This function cannot be used with Rate limit. You have to release Rate limit first in order to make a port
configured Rate limit belong in Bandwidth-share-group.
In order to configure, configure a group first by using the following command.
Command
bandwidth-share-group name
{ingressegress} bandwidth
Mode
Function
Configures
Bridge
group
named
name
to
configure
Bandwidth-share-group. Bandwidth is the maximum

bandwidth of the group and the unit is Mbps.
After configuring a group, assign ports as members. In order to assign member to a group, use the
following command.
Command
bandwidth-share-group name
member port-number bandwidth
Mode
Bridge
Function
Assigns port to a group named name. Bandwidth is the
minimum secured bandwidth and the unit is Mbps.
The following example shows: configuring group A and the maximum bandwidth of ingress as
100Mbps and assigning ports 2 ~ 6 and the minimum secured bandwidth as 10Mbps.
SWITCH(bridge)# bandwidth-share-group A ingress 100

SWITCH(bridge)# bandwidth-share-group A member 2-6 10
SWITCH(bridge)#
Dasan Networks, Inc
In order to view users configuration about bandwidth-share-group, use the following command.
Command
Mode
show running-config
Function
Shows
users
configuration
about
Bandwidth-share-group.
The following is an example of viewing users configuration.
SWITCH(bridge)# show running-config

(Omitted)
bandwidth-share-group A ingress 100
bandwidth-share-group A member 2-6 10
!
(Omitted)
In order to delete bandwidth-share-group or port in group, use the following command.
Command
Mode
no bandwidth-share-group name
no bandwidth-share-group name
member port-number
Function
Deletes a group named name.
Bridge
Deletes a port in a group named name.
7.9 IP IGMP(Internet Group Management Protocol)

The Multicast packet is transmitted to a part of group request the Multicast packet. IGMP(Internet
Group Management Protocol) is the internet protocol that helps to inform Multicast groups to Multicast
router.
In the Multicast Network, Multicast router sends only IGMP Query massage that quest whether receive
Multicast packet when Multicast packet is transmitted. If a switch sends the join massage to Multicast
router, Multicast router transmits the Multicast packet only to that switch.
Dasan Networks, Inc
Multicast Packet
Multicast Router
No packet transmission
Before join message.
Sends IGMP Query Message
IP Multicasting
Multicst Packet
Multicast Router
2. Transmitting the Multicast

packet to the port that send
join massage
1. Requesting the Multicast packet
: Multicast Join request
: Multicast Packet
IP Multicasting
IGMP Snooping is a function that finds port, which sends Join messageto join in specific multicast
group to receive multicast packet orleave messageto get out of the multicast group because it does
not need packets. Only when the switch is connected to multicast router, IGMP Snooping can be
enabled.
Dasan Networks, Inc
7.9.1 IGMP Querier
You can use the V5324 Switch as IGMP Querier without multicast router, because IGMP Query Demon
has been installed in the V5324 Switch.
In order to configure IGMP Querier, use the following command.
Command
ip igmp querier
Mode
Global
Purpose
Enables IGMP Querier.
The following shows how to configure V5324 Switch to IGMP Querier.
SWITCH(config)# ip igmp querier

SWITCH(config)#
Note
Since PIM-SM includes IGMP Querier, both IGMP Querier and PIM-SM can be enabled at the same time.
When you activate IGMP Querier with enabled PIM-SM, the following message will be seen.
SWTICH(config)# ip igmp querier

%Disable pimd first!
SWTICH(config)#
In order to remove the IGMP Querier from V5324 Switch, use the following command.
Command
no ip igmp querier
Dasan Networks, Inc
Mode
Global
Purpose
Removes IGMP Querier from switch.
7.9.2 IGMP Snooping
In order to enable IGMP Snooping, use the following command.
Command
Mode
ip igmp snooping
Global
Function
Enables IGMP Snooping.
In order to disable IGMP Snooping, use the following command.
Command
Mode
no ip igmp snooping
Global
Function
Disables IGMP Snooping.
The following is an example of enabling IGMP Snooping.
SWITCH(config)# ip igmp snooping

SWITCH(config)#
Note
Since PIM-SM includes IGMP Snooping, both IGMP Snooping and PIM-SM can be enabled at the same
time.
7.9.3 Outmost vlan
When shared vlan is configured in V5324 switch, assume that IP address is configured only for br1 and
not for br2 and br3. In this state, if Join message is received to br2, IGMP Querier ignores message,
which is received to interface without IP because it communicates with IP.
Dasan Networks, Inc

---------------------------------------------|
Name( VID) |12345678901234567890123456789012

-------------+-------------------------------br1(
1)
br2(
2)
|uuuuu..................u........
br3(
3)
|.....uuuuu.............u........
SWITCH(bridge)#
24
without IP,
1~5
thrown away br2
6~10
br3
11~23
br1 : IP 10.1.1.1
Join Message
shared vlan IP Querier
Therefore, you should make br2 and br3 to get IP address of br1 in this case.
In order to configure the other vlans to get IP address of vlan(outmost-vlan) including all vlans for
multicast communication when shared vlan is configured, use the following command.
Command
ip igmp outmost-vlan <1-4094>
Mode
Global
Function
Configures the other vlans to get IP address of
vlan(outmost-vlan) including all vlans.
And, in order to delete outmost-vlan, use the following command.
Command
no ip igmp outmost-vlan
Dasan Networks, Inc
Mode
Global
Function
Deletes configured outmost-vlan.
[ Sample Configuration 1 ]
The following is an example of configuring outmost-vlan of br1 and br2 as br1 for multicast
communication.
SWITCH(config)# ip igmp outmost-vlan 1

SWITCH(config)#
7.9.4 Multicast Packet Filtering
When the Multicast packet is transmitted to the switch, the switch transmits it as IGMP table. The
packet that is registered in the IGMP group is transmitted to the interface of the same group.
But, the unregistered Multicast packet can be transmitted from the device connected with users switch,
too.
If the unregistered Multicast packet is transmitted to the switch, the switch will drops or floods it as
users decision. Therefore, you have to decide how to do the unregistered packet.
Multicast Packet
of Gourp A
Current IGMP Table
interface
group
b, e
Transmit to the b and c

registered in the IGMP
table
Example The Multicast packet registered in the IGMP group
Dasan Networks, Inc
Multicast Packet
of Group B
Current IGMP Table
interface
group
b, e
Drop or flood as users

decision because of
unregistered packet.
Example The unregistered Multicast packet
In order to filter all unregistered multicast packet in IGMP table, use the following command.
Command
Mode
ip igmp multicast-filter
Global
Function
Enables Multicast packet filter.
The following is an example of enabling Multicast packet filtering.
SWITCH(config)# ip igmp multicast-filter

SWITCH(config)#
In order to disable Multicast packet filtering, use the following command.
Command
no ip igmp multicast-filter
Mode
Function
Global
Disables Multicast packet filtering.
The following is an example of disabling Multicast packet filtering.
SWITCH(config)# no ip igmp multicast-filter

SWITCH(config)#
Dasan Networks, Inc
7.9.5 Registering in Multicast Group
In the Multicast Network, it takes time that Multicast client send the join massage and receive Multicast
packet. But, V5324 Switch can transmit Multicast packet promptly when the client request the Multicast
packet, because it receives Multicast packets previously and keeps them.
If you want to keep the Multicast packets transmitted to do Multicasting quickly, configure your switch
to Multicast group by using the following command
Command
Mode
ip igmp static bridge-name ip-address
Global
Function
Adds to specified multicast group.
After using the above command, you need to verify that V5324 switch joins in multicast group through
multicast router. In order to do it, use the following command.
Command
Mode
show igmp statics
Function
Top/Global
Shows multicast group registration.
The following is an example of viewing multicast group registration.
SWITCH(config)# show igmp static

----------------------------------IGMP static list
----------------------------------Interface
Group
----------------------------------SWITCH(config)#
Information
The above example is a case when there is no registration. It may vary according to registered information.
In order to delete switch from multicast group, use the following command.
Command
no ip igmp static bridge-name ip-address
Mode
Global
Function
Deletes switch from multicast group
Dasan Networks, Inc
7.9.6 Time to Register in Multicast Group
It is possible to configure the time that client sends join message to join in multicast group and
registration is completed. The time is called as Join-delay. In order to configure Join-delay, use the
following command. The unit is 10ms(=1/100 seconds).
Command
Mode
ip igmp join-delay time
Global
Function
Configures Join-delay.
The following is an example of configuring Join-delay as 10 seconds.
SWITCH(config)# ip igmp join-delay 1000

SWITCH(config)#
Note
If you configure Join-delay as 0, this function is disabled.
7.9.7 Fast-leave
If the Multicast client sends the leave massage to leave out Multicast group, Multicast router sends
IGMP Query massage to the client again, and when the client does not respond, delete the client from
the Multicast group. Therefore, it takes time the Multicast router to delete the client. But, you can
configure the function that the client has no sooner sent the leave massage than Multicast router has
delete it from the Multicast group by using the following command. That function is called fast-leave.
Command
ip igmp fast-leave
Mode
Global
Function
Configures the fast-leave
To remove fast-leave from the V5324 Switch, use the following command.
Command
no ip igmp fast-leave
Dasan Networks, Inc
Mode
Global
Function
Deletes the fast-leave
The following is an example of configuring Fast-leave.
SWITCH(config)# ip igmp fast-leave

SWITCH(config)#
7.9.8 Confirming IGMP Configuration
If you want to verify the IGMP configuration, use the following command.
Command
Mode
show igmp
Top/Global
Function
Verifies the IGMP configuration.
SWITCH(config)# show igmp

IGMP enabled
join_delay : 1000
fast_leave enabled
multicast filter enabled
----------------------------------VID
Group
Port
Expiry
IGMP Table
----------------------------------1
239.255.255.250
25
157
SWITCH(config)#
Note
In the above example, IGMP table is not displayed always. IGMP table is displayed only when the client
that sends the join massage exists.
7.10 PIM-SM (Protocol Independent MulticastSparse Mode)

IGMP is the protocol to help multicast communication between switch and host, and PIM is the
protocol for multicast communication between router and router. There are two kinds of PIM, PIMDM(Protocol Independent Multicast Dense Mode) and PIM-SM(Protocol Independent Multicast
Sparse Mode), V5324 switch supports PIM-SM. Protocol of dense mode can send information about
data packet and member to interface, which is not connected to multicast source or receiver, and
multicast router saves connection state to all the nodes.
Dasan Networks, Inc
In this case, when most hosts are belonged to multicast group and there is enough bandwidth to
support flow of controlling message between constituent members, these overheads are acceptable, but
the other cases are inefficient. Contrary to dense mode, PIM-SM receives multicast packet only when
request comes from specific host in multicast group. Therefore PIM-SM is proper when constituent
members of group are dispersed in wide area or bandwidth used for the whole is small. Sparse mode is
the most useful on WAN and can be used on LAN. For standard of PIM-SM, you can refer to RFC 2362.
Information
For using PIM-SM, you need a router which supports PIM-SM.
RPT and SPT
RP(Rendezvous Point) works in a central role for PIM-SM. Viewing the below chart, multicast packet is
transmitted to D as RP from A as source, through B and C. And D(RP) transmits multicast packet after
receiving join message from E or F. That is, all multicast packets are transmitted with passing through
RP(Rendezvous Point). For instance, even though F needs multicast packet, the packet is passed
through A B C D C F, not
A B C F. Like this, route made with
focusing on RP is RPT(Rendezvous Point Tree) or shared tree. There is only one RP in one multicast
group. RPT has (*, G) entry because receiver can send a message to RP without knowing source. G
means multicast group.
1.Multicast packet
transmitted to RP
2. Asks RP for multicast

packet
D
Source
RP
(Rendezvous Point)
2. Asks RP for multicast

packet
3. RP transmits multicast
packet for the request.
F
3. RP transmits multicast
packet for the request.
RPT of PIM-SM
Dasan Networks, Inc
Also, routers on packet route automatically optimize route by deleting unnecessary when traffic
exceeds certain limit. After route to source and multicast group connected to the source are constituted,
all sources have route to connect to receiver directly. In the below picture example, packets are usually
transmitted through A B C D, but packets are transmitted through faster route A
C F when traffic is increased. SPT(Shortest-Path Tree) selects the shortest route between source
and receiver regardless of RP, it is called source based tree or short path tree. SPT has (S, G) entry, S
means source address and G means multicast group.
4.optimizes route by deleting
unnecessary
when traffic exceeds certain limit
2.requests multicast
packet to RP
Source
1.multicast
packet
is
transmitted to RP
C
E
RP
(Rendezvous Point)
3. RP transmits multicast packet

for the request.
STP of PIM-SM
In order to configure PIM-SM in V5324 switch, you should refer to the following sections.
Enabling PIM-SM
Deciding RP
Configuring Static RP
Configuring BSR
Configuring RP Information
Configuring Assert message Information
Whole-packet-checksum
Configuring Interval of Cache-check
Configuring Multicast Routing Table
Configuring PIM-SM on Ethernet Interface
Viewing PIM-SM Information
Dasan Networks, Inc
7.10.1 Enabling PIM-SM
Before configuring PIM-SM in switch, you should enable PIM-SM. In order to enable PIM-SM, use the
following command. When you enable PIM-SM by using the following command, the system is
supposed to enter into PIM configuration mode. When you enter into PIM configuration mode, the
system prompt is changed to SWITCH(config_pim)# from SWITCH(config)#.
Command
router pim
Mode
Function
Global
Enables PIM-SM and enters into PIM configuration mode.
Information
PIM-SM supports both IGMP Querier and IGMP Snooping, therefore you cannot configure them at the
same time.
Note
The commands, ip igmp static and ip igmp fast-leave can be used when IGMP and PIM-SM are
enabled at same time.
The following is an example of enabling PIM-SM and entering into PIM configuration mode from
SWITCH(config)# router pim

SWITCH(config_pim)#
Use exit command to go back to Global configuration mode. And use end command to enter into
Top mode.
SWITCH(config_pim)# exit
SWITCH(config)#
SWITCH(config_pim)# end
SWITCH#
Dasan Networks, Inc
7.10.2 Deciding RP
There are two ways to decide RP as central of PIM-SM on multicast network. One is that network
administrator manually decides RP and the other way is that RP is automatically decided by
exchanging information between multicast routers installed on network.
The information transmitted between multicast routers in the automatic way is called Bootstrap
message and the router, which sends this Bootstrap message, is called BSR(Bootstrap Router). All PIM
routers existed on multicast network can be BSR.
Routers that want to be BSP are named candidate-BSR and one router, which has the highest priority,
becomes BSR among them. If there are routers, which have same priority, then one router, which has the
highest IP address, becomes BSR. Bootstrap message includes priority to decide BSR, hash-mark to be
used in Hash, and RP information.
After deciding BSR, routers, which support RP, transmit candidate-RP message to BSR. Candidate-RP
message includes priority, IP address, and multicast group. Then BSR adds candidate-RP message to
Bootstrap message and transmits it to another PIM router. Through this transmitted Bootstrap message,
RP of multicast group is decided.
Users equipment belonged in PIM-SM network can be candidate-BSR and BSR is decided among them.
Candidate-BSR transmits Bootstrap message to decide BSR. You can configure priority to decide BSR
among Bootstrap messages and Hash-mask in V5324 switch.
7.10.3 Configuring Static RP
In order to configure RP manually by administrator, use the following command.
Command
static-rp group-address-prefix rp-ip-address
Mode
PIM
Function
Configures RP of multicast group.
Dasan Networks, Inc
In order to delete RP configured by network administrator, use the following command.
Command
Mode
no static-rp group-address-prefix rp-ip-address
PIM
Function
Deletes
RP
configured
by
network
administrator.
The following is an example of configuring a router, which has an address 200.1.1.1 in multicast group,
which has network address 244.0.0.0/8 as RP.
SWITCH(config_pim)# static-rp 244.0.0.0/8 200.1.1.1

SWITCH(config_pim)#
7.10.4 Configuring BSR
The information transmitted between multicast routers in the automatic way is called Bootstrap
message and the router, which sends this Bootstrap message, is called BSR(Bootstrap Router). All PIM
routers existed on multicast network can be BSR. Routers, which want to be BSP, are named candidateBSR and one router, which has the highest priority, becomes BSR among them. If there are routers,
which have same priority, then one router, which has the highest IP address, becomes BSR.
It is possible to configure the following messages, which are included in candidate-BSR message.
Candidate-BSR IP Address
Candidate-BSR Priority
Candidate-BSR Hash-mask
(1) Candidate-BSR IP Address

Since it is possible to assign several IP addresses in V5324 switch, the switch may have several IP
addresses assigned. User can select one IP address among several IP addresses to be used in switch as
candidate-BSR. In order to select IP address to be used in candidate-BSR, use the following command.
Command
cand-bsr address ip-address
Dasan Networks, Inc
Mode
PIM
Function
Selects IP address to be used in candidate-BSR
In order to delete assigned IP address in candidate-BSR, use the following command.
Command
no cand-bsr address ip-address
Mode
PIM
Function
Deletes assigned IP address in candidate-BSR.
(2) Candidate-BSR Priority

When you decide BSR among candidate-BSRs, priority in Bootstrap message is compared to decide it.
The highest priority of candidate-BSR becomes BSR. In order to configure priority of Bootstrap message,
Command
cand-bsr priority <0-255>
Mode
PIM
Function
Configures priority of Bootstrap message.
Information
The default is 0.
Information
The highest priority of candidate-BSR becomes BSR.
In order to delete priority of Bootstrap message, use the following command.
Command
no cand-bsr priority
Mode
PIM
Function
Deletes priority of Bootstrap message.
(3) Candidate-BSR Hash-mask

When there are same priorities to compare candidate-BSR, IP address is compared through Hash. User
can configure Hash-mask to apply Hash. In order to configure Hash-mask included in Bootstrap
message when V5324 switch is candidate-BSR, use the following command.
Command
cand-bsr hash-mask <0-32>
Mode
PIM
Function
Configures Hash-mask in Bootstrap message.
Dasan Networks, Inc
In order to delete Hash-mask in Bootstrap message, use the following command.
Command
Mode
no cand-bsr hash-mask <0-32>
PIM
Function
Deletes Hash-mask in Bootstrap message.
Information
The default is 30.
The following is an example of configuring IP address, priority, Hash-mask of candidate-BSR and

confirming it.
SWITCH(config_pim)# cand-bsr address 10.1.1.1

SWITCH(config_pim)# cand-bsr hash-mask 30
SWITCH(config_pim)# cand-bsr priority 5
SWITCH(config_pim)# show running-config
(omitted)
router pim
cand-bsr address 10.1.1.1
cand-bsr priority 5
cand-bsr hash-mask 30
!
ip route 0.0.0.0/0 172.16.1.254
!
!
!
!
!
no snmp
!
!
!
SWITCH(config_pim)#
Dasan Networks, Inc
7.10.5 Configuring RP Information
After deciding BSR on multicast network, candidate-RP routers send RP message to BSR. Candidate-RP
message includes priority, IP address, and multicast group. Then, BSR adds received candidate-RP
information to Bootstrap message and transmit to another PIM router. Through this Bootstrap message,
RP of multicast group is decided. All routers belonged in multicast network can become candidate-RP
and routers which generally consist candidate-BSR are supposed to consist candidate-RP.
It is possible to configure the following information, which is included in candidate-RP message.
Candidate-RP IP Address
Multicast Group of Candidate-RP
Candidate-RP Priority
Interval of Candidate-RP Information Transmit
Blocking Candidate-RP of Another Member
(1) Candidate-RP IP Address

It is possible to configure several IP addresses in V5324 router. Therefore, you need to configure IP
address to be used in V5324 switch as candidate-RP. In order to configure IP address to be used in
candidate-RP, use the following command.
Command
cand-rp address ip-address
Mode
PIM
Function
Configures IP address to be used in candidate-RP.
In order to delete configured IP address, use the following command.
Command
no cand-rp address ip-address
Mode
PIM
Function
Deletes configured IP address.
Dasan Networks, Inc
(2) Registering Multicast Group of Candidate-RP

You should register address of multicast group as well as IP address in candidate-RP message for
service. In order to register address of multicast group in candidate-RP message, use the following
command.
Command
Mode
cand-rp group group-address-prefix
Function
Registers address of multicast group in candidate-RP
PIM
message.
In order to delete registered multicast group, use the following command.
Command
Mode
no cand-rp group group-address-prefix
PIM
Function
Deletes registered multicast group.
(3) Candidate-RP Priority

When BSR decides RP, priority of candidate-RP is compared. In order to configure this priority, use the
following command.
Command
cand-rp priority <0-255>
Mode
PIM
Function
Configures priority of candidate-RP.
Information
Candidate-RP with higher priority is decided as RP.
Information
The default is 0.
In order to delete configured priority of candidate-RP, use the following command.
Command
no cand-rp priority
Dasan Networks, Inc
Mode
PIM
Function
Deletes configured priority of candidate-RP.
(4) Interval of Candidate-RP Information Transmit

Candidate-RP transmits candidate-RP message to BSR at regular interval. User can configure the
interval to transmit candidate-RP message when V5324 switch is candidate-RP.
In order to configure interval to transmit candidate-RP message, use the following command.
Command
Mode
cand-rp interval <1-65535>
Function
PIM
Configures interval to transmit candidate-RP message.
Information
The default is 60 seconds.
In order to delete interval to transmit candidate-RP message, use the following command.
Command
Mode
no cand-rp interval
PIM
Function
Deletes interval to transmit candidate-RP message.
The following is an example of configuring things about candidate-RP message and confirming it.
SWITCH(config_pim)# cand-rp address 20.1.1.1

SWITCH(config_pim)# cand-rp group 244.0.0.0/8
SWITCH(config_pim)# cand-rp interval 10
SWITCH(config_pim)# cand-rp priority 3
(omitted)
router pim
cand-bsr address 100.1.1.1
cand-bsr priority 5
cand-bsr hash-mask 32
cand-rp address 20.1.1.1
cand-rp priority 3
cand-rp interval 10
cand-rp group 244.0.0.0/8
(omitted)
SWITCH(config_pim)#
Dasan Networks, Inc
(5) Blocking Candidate-RP Message of Another Member

One network may include different multicast groups and routers that are not members of multicast
group.
Therefore it can happen that routers, which are members of another network or not members of
multicast group, apply for RP and transmit candidate-RP message.
In order to prevent this case, user can block candidate-RP message of another router by making only
candidate-RP in multicast group communicate.
In order to block candidate-RP message from routers which are not members, perform the below tasks.
Step 1 Block all packets transmitted on network.
Command
cand-rp access deny network-address
Mode
PIM
Function
Blocks all packets transmitted on specified network.
Step 2 Allow only packets transmitted by routers that will exchange candidate-RP message.
Command
cand-rp access permit ip-address/M
Mode
PIM
Function
Allows only packets transmitted by routers that will
exchange candidate-RP.
In order to release the above configuration, use the following commands.
Command
Mode
no cand-rp access deny network-address
Function
Releases blocked packet.
PIM
no cand-rp access permit ip-address/M
Dasan Networks, Inc
Releases allowed packet.
The following is an example of allowing only packets transmitted by routers that will exchange
candidate-RP message and confirming it.
SWITCH(config_pim)# cand-rp access deny 172.16.209.0/24

SWITCH(config_pim)# cand-rp access permit 172.16.209.5/32
SWITCH(config_pim)# cand-rp access permit 172.16.209.10/32
(omitted)
cand-rp access deny 172.16.209.0/24
cand-rp access permit 172.16.209.5/32
cand-rp access permit 172.16.209.10/32
!
ip route 0.0.0.0/0 172.16.1.254
!
!
!
!
!
!
!
no snmp
!
!
!
SWITCH(config_pim)#
7.10.6 Configuring Assert Message Information
When there are several PIM-SM routers on same LAN, they may exchange packets are not needed. In
order to prevent this problem, you need to assign one PIM-SM router to transmit multicast packet. In
this case, assigned router is named Assert.
In the below example, there are router B, C which can transmit multicast packet in case of receiving Join
message from receiver. D and E, which send Join message, cannot decide which router to receive.
And C may transmit same packet to B belonged in multicast group. In this case, if Assert is decided,
multicast group is well organized because D and E transmit Join message only to Assert.
Dasan Networks, Inc
Multicast packet from

Source
RP
A
B
C
Unnecessary same
packet sent
Join Message
Join Message
Network which needs Assert
When Assert is decided, Metric and Preference in Assert message are compared. Lower Metric has
priority and higher Preference has priority.
Configuring Metric
Configuring Preference
(1) Configuring Metric

In order to configure Metric of Assert message, use the following command.
Command
metric <1-2,147,483,647>
Dasan Networks, Inc
Mode
PIM
Function
Configures Metric of Assert message.
Information
Lower Metric has priority.
In order to delete configured Metric of Assert message, use the following command.
Command
Mode
no metric
PIM
Function
Deletes configured Metric of Assert message.
(2) Configuring Preference

In order to configure Preference of Assert message, use the following command.
Command
Mode
preference <1-2,147,483,647>
PIM
Function
Configures Preference of Assert message.
Information
Higher Preference has priority.
In order to delete configured Preference of Assert message, use the following command.
Command
Mode
no preference
PIM
Function
Deletes configured Preference of Assert message.
SWITCH(config_pim)# metric 1
SWITCH(config_pim)# preference 1
(Omitted)
router pim
preference 1
metric 1
!
(Omitted)
SWITCH(config_pim)#
Dasan Networks, Inc
7.10.7 Whole-packet-checksum
Although source of multicast is not connected to multicast group, multicast communication is possible.
In the below picture, First-Hop router directly connected to source can receive packet from source
without (S,G) entry about source. The First-Hop router encapsulates the packet in Register message and
unicasts to RP of multicast group. RP decapsulates capsule of Register message and transmits it to
members of multicast group.
Source
Multicast Packet
First-Hop Router
RP
encapsulates the packet

in Register message and
decapsulates capsule of
unicasts
Register message and
transmits it
Network that multicast source are not directly connected to multicast group
When the Register message is transmitted, range of Checksum in header conforms to header part as
RFC standard, but whole packet is included in range of Checksum in case of Cisco router. For
comparability with Cisco router, you should configure range of Checksum of Register message as
whole packet.
In order to configure range of Checksum of Register message as whole packet for comparability with
Cisco router, use the following command.
Dasan Networks, Inc
Command
whole-packet-checksum
Mode
PIM
Function
Configures range of Checksum of Register message as whole
packet for comparability with Cisco router.
In order to follow RFC standard by deleting comparability with Cisco router, use the following
command.
Command
no whole-packet-checksum
Mode
PIM
Function
Deletes comparability with Cisco router and follows RFC
standard.
Information
The default has no comparability with Cisco router.
7.10.8 Configuring Interval of Cache-check
RP receives packet from multicast source and transmits it to receiver. However, it there is no packet
received from source for certain period, it is not necessary to keep multicast item. Therefore, RP checks
whether packet is received from source at regular interval and this function is named Cache-check.
In order to configure the interval of Cache-check, use the following command.
Command
cache-check interval <1-128>
Mode
PIM
Function
Configures interval of Cache-check.
In order to delete configured interval of Cache-check, use the following command.
Command
no cache-check interval
Mode
PIM
Function
Deletes configured interval of Cache-check.
Information
The default is 20 seconds.
Dasan Networks, Inc
7.10.9 Configuring Multicast Routing Table
There is RPF(Reverse Path Forwarding) on route of transmitting multicast packet. RPF is, a former
router that transmits multicast packet. In the below picture, ROUTER B is RPT of ROUTER E and
ROUTER C is RPF of ROUTER E.
Source
B(RP)
SPT
RPT
D
RPF
However, user can configure ROUTER D as RPF by configuring multicast routing table manually.
It is possible for users to configure router as RPF by configuring multicast routing table manually. In
order to configure multicast routing table manually to configure RPF, use the following command.
Command
ip mroute multicast-group-address
ip-address
Dasan Networks, Inc
Mode
Global
Function
Configures RPF about packet of specified multicast
group.
In order to delete configured multicast routing table, use the following command.
Command
Mode
no ip mroute multicast-group-address ip-address
Global
Function
Deletes configured multicast routing table.
7.10.10 Multicast Routing vid
It is possible to configure more than one tagged vlan in switch. Thus, when there are several tagged are
configured in one port of V5324 switch, the system can take which tagged vlan will be sent with
multicast packet, which is routed in the port. Therefore, user should configure which tagged vlan will
be sent with multicast packet of specified port.
In the below picture, four tagged vlans are configured in V5324 switch and two tagged vlans are
configured in port connected to SWITCH 3. In this case, the system can take which tagged vlan will be
sent with multicast packet, which is routed in the port when the packet received to V5324 switch is
about to send to SWITCH 3.
Multicast Packet
tagged vlan
of vid 1
V5324 Switch
tagged vlan
of vid 2
tagged vlan
of vid 4
tagged vlan
of vid 3
packet sent
with vid 2
packet sent
with vid 3
Configuration to select
one of vid3 and vid4
SWITCH 1
SWITCH 2
SWITCH 3
In case of Several tagged vlans configured
Dasan Networks, Inc
Therefore, user should configure which tagged vlan will be sent with packet to send to port connected
to SWITCH 3.
In order to configure tagged vlan to be transmitted with packet in case of multicast packet routing, use
Command
Mode
Function
Configures tagged vlan to be transmitted in case of
ip mr-vid port-number <1-4049>
Global
multicast routing to port which several tagged vlans are

configured.
Information
Without users configuration of multicast routing vid, the smallest numerical value of vid is automatically
selected.
In order to delete configuration of multicast routing vid, use the following command.
Command
no ip mr-vid port-number
Mode
Global
Function
Deletes configuration of multicast routing vid.
In order to view users configuration about multicast routing vid, use the following command.
Command
show ip mr-vid
Dasan Networks, Inc
Mode
Function
Global
Shows users configuration of multicast routing vid.
[ Sample Configuration 1 ]
The following is an example of configuring tag 2 to be transmitted with packet from port 1 when there
are more than one tagged vlan configured in port 1.
SWITCH(config)# ip mr-vid 1 2
SWITCH(config)# show ip mr-vid
--------------------------Port mr-vid | Port mr-vid
-------------+------------1
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
10
N/A
11
N/A
12
N/A
13
N/A
14
N/A
15
N/A
16
N/A
17
N/A
18
N/A
19
N/A
20
N/A
21
N/A
22
N/A
23
N/A
24
N/A
25
N/A
26
N/A
27
N/A
28
N/A
29
N/A
30
N/A
31
N/A
32
N/A
SWITCH(config)#
7.10.11 Configuring PIM-SM on Ethernet Interface
It is possible to configure PIM-SM on Ethernet interface. You need to be able to do the following to do it.
Activating PIM-SM on Ethernet Interface
Blocking Multicast Packet
Prohibiting Bootstrap Message
Configuring Assert Message Information
Dasan Networks, Inc
(1) Activating PIM-SM on Ethernet Interface

You need to enter into Interface configuration mode of specified interface for activating PIM-SM on
Ethernet Interface.
In order to enter into Interface configuration mode, use the following command.
Command
Mode
Global
Function
Enters into Interface configuration mode of specified
interface.
In order to activate PIM-SM after entering into the Interface configuration mode, use the following
command.
Command
ip pim sparse-mode
Mode
Interface
Function
Activates PIM-SM on specified interface.
In order to release PIM-SM, use the following command.
Command
no ip pim sparse-mode
Mode
Interface
Function
Releases PIM-SM from specified interface.
(2) Blocking Multicast packet

It may happen that some of receivers in multicast group cannot receive packet because of not satisfying
terms to receive multicast packet. It is possible to configure not to receive multicast packets that cannot
be sent to receiver.
In order to block transmitting packet to specified multicast group, use the following command.
Command
ip pim access-list group-address-prefix
Dasan Networks, Inc
Mode
Interface
Function
Blocks transmitting packet to specified
multicast group.
In order to release blocked multicast group, use the following command.
Command
Mode
no ip pim access-list group-address-prefix
Interface
Function
Releases blocked multicast group.
(3) Prohibiting Bootstrap Message

When all equipments configured PIM are considered as one big PIM domain, it may cause that
unnecessary Bootstrap messages can be transmitted between group members which are operated as
different service, and then it results to confuse to decide RP.
To prevent this problem, you can prohibit transmitting Bootstrap message between multicast groups,
which are operated as different service.
Source B
Source A
Multicast Packet
Multicast Packet
A
B
Bootstrap Message
blocked
Mutlcast Domain A
Network in case of Prohibiting transmitting Bootstrap Message
In order to prohibit transmitting Bootstrap message between multicast groups, which are operated as
different service, use the following command.
Command
ip pim border
Mode
Interface
Function
Blocks Bootstrap message transmitted.
Dasan Networks, Inc
In order to release blocked Bootstrap message, use the following command.
Command
Mode
no ip pim border
Interface
Function
Releases blocked Bootstrap message.
(4) Configuring Assert Message Information

As explained at 7.9.6 Configuring Assert Message Information, when there is a network
environment that needs Assert, Assert message is compared to decide Assert. It is possible to configure
Assert message information owned only by Ethernet interface in which PIM-SM is configured.
Information
Unless you configure Assert message information on Ethernet interface, value configured at 6.6.6
Configuring Assert Message Information is used on all interfaces.
In order to configure Assert message interface on Ethernet interface, use the following commands.
Command
Mode
ip pim metric <1-127>
Function
Configures metric of Assert message of specific interface.
Interface
ip pim preference <1-127>

ip pim threshold <1-255>
Configures preference of Assert message of specific interface.

Configures threshold of Assert message of specific interface.
Information
Lower Metric has priority and higher Preference has priority.
In order to delete configured Assert message information on Ethernet interface, use the following
commands.
Command
Mode
no ip pim metric
no ip pim preference
no ip pim threshold
Dasan Networks, Inc
Function
Deletes configured metric of Assert message of specific interface.
Interface
Deletes configured preference of Assert message of specific interface.

Deletes configured threshold of Assert message of specific interface.
The following is an example of configuring PIM-SM on br1 and confirming it.

SWITCH(config-if)# ip pim sparse-mode
SWITCH(config-if)# ip pim border
SWITCH(config-if)# ip pim metric 5
SWITCH(config-if)# ip pim preference 10
SWITCH(config-if)# ip pim threshold 100
(omitted)
interface br1
no shutdown
ip address 172.16.209.1/16
ip pim sparse-mode
ip pim treshold 100
ip pim preference 10
ip pim metric 5
ip pim border
!
router pim
preference 1
metric 1
!
ip route 0.0.0.0/0 172.16.1.254
(omitted)
!
!
no snmp
!
!
!
SWITCH(config-if)#
7.10.12 Viewing PIM-SM Information
It is possible to view PIM-SM information of users switch as follow.
Multicast Routing Table
RP Table
PIM-SM on Ethernet Interface
Dasan Networks, Inc
(1) Multicast Routing Table

In order to view multicast routing table, use the following commands.
Command
Mode
show pim mrt detail
Function
Shows multicast routing table in detail.
show pim mrt group group-address
Top/Global
show pim mrt summary
Shows routing table of specific multicast group.

Shows summary of multicast routing table.
(2) RP Table
In order to view RP table recorded in switch, use the following command.
Command
show pim rp
Mode
Top/Global
Function
Shows RP table recorded in switch.
(3) PIM-SM on Ethernet Interface

In order to view PIM-SM configured on Ethernet interface, use the following command.
Command
Mode
show pim interface
Top/Global
Function
Shows PIM-SM information configured on Ethernet interface.
7.11 VRRP (Virtual Router Redundancy Protocol)

VRRP(Virtual Router Redundancy Protocol) is configuring Virtual router(VRRP Group) consisted of
VRRP routers to prevent network failure caused by one dedicated router. You can configure maximum
255 VRRP routers in VRRP group of V5324 switch. First of all, decide which router plays a roll as
Master Virtual Router. The other routers will be Backup Virtual Routers. After you give priority to these
backup routers, the router serves for Master Virtual Router when there are some problems in Master
Virtual router. When you configure VRRP, configure all routers in VRRP with unified Group Id and
assign unified Associated IP to them. After that, decide Master Virtual Router and Backup Virtual
Router. A router which has the highest priority is supposed to be Master and Backup Virtual Routers
also get orders depending on priority.
Dasan Networks, Inc
Internet
Virtual Router
Associate IP : 10.0.0.5/24
Backup Router 1
Backup Router 2
Master Router
IP : 10.0.0.1/24
IP : 10.0.0.2/24
IP : 10.0.0.3/24
Default Gateway : 10.0.0.5/24
VRRP Operation
In case routers have same priorities, then a router, which has lower IP address, gets the precedence. The
below picture shows an example of configuring three routers which have IP addresses, 10.0.0.1/24,
10.0.0.2/24 and 10.0.0.3/24 for each one as Virtual router by Associated IP,10.0.0.5/24. If theses three
routers have same Priority, a router, which has the smallest IP, address, 10.0.0.1/24 is decided to be
Master Router. Also, switches and PCs connected to the Virtual Router are to have IP address of Virtual
Router, 10.0.0.5/24 as default gateway.
7.11.1 Configuring VRRP
In order to configure V5324 switch as device in Virtual Router, use the following command on Global
configuration mode. Then you can configure VRRP by entering into VRRP configuration mode.
Command
vrrp interface-name group-id
Mode
Global
Function
Configures Virtual Router(VRRP Group).
Dasan Networks, Inc
Information
group-id can be configured between 1 and 255.
The following is an example of entering into VRRP configuration mode by using the above command.
When you enter into VRRP configuration mode, the system prompt will be changed for
SWITCH(config-vrrp)# from SWITCH(config)#.
SWITCH(config)# vrrp br1 1

SWITCH(config-vrrp)#
In order to view the configuration of VRRP, use the following command.
Command
Mode
show vrrp
Function
Shows current configuration of VRRP.
Top/Global
show vrrp interface interface-name
VRRP.
Top/Global/Bridge
show running-config
Shows current configuration of specified interface
Shows switchs configuration.
/Interface/VRRP
(1) Assigning Associated IP Address

After configuring Virtual Router, you need to assign Associated IP address in Virtual Router. Assign
unified IP address to routers in one Group.
In order to assign Associate IP address to routers in Virtual Router or delete configured Associate IP
address, use the following command.
Command
Mode
Function
Assigns Associated IP address to Virtual Router.
associate ip-address
VRRP
no associate ip-address
Deleted assigned Associated IP address to Virtual Router.
The following is an example of assigning IP address, 10.0.0.5 to Virtual Router of V5324 switch.
SWITCH(config-vrrp)# associate 10.0.0.5

Dasan Networks, Inc
(2) Configuring Master Router and Backup Router

Dasan Networks, Inc. products configure Master Router and Backup Router by comparing Priority and
IP address of devices in Virtual Router.
First of all, it compares Priority. A device, which has higher Priority, is to be higher precedence. And
when devices have same Priority, then it compares IP address. A device, which has lower IP address, is
to be higher precedence.
In case of trouble with Master Router, when there are more than two routers, one of them is selected
according to their precedence.
In order to configure Priority of Virtual Router or delete the configuration, use the following commands.
Command
Mode
Function
Configures Priority of Virtual Router.
vr_priority priority
VRRP
no vr_priority
Deletes configured Priority of Virtual Router.
Note
By default, Priority of V5324 switch is configured as 100.
Note
Priority of Virtual Backup Router can be configured from 1 to 254.
The following is an example of configuring Master Router and Backup Router by comparing their
Priorities: Virtual Routers, Layer 3 SWITCH 1 101 and Layer 3 SWITCH 2 102. Then, regardless of IP
addresses, one that has higher Priority, Layer 3 SWITCH 2 becomes Master Router.
Dasan Networks, Inc
<Layer 3 SWITCH1 : IP Address - 10.0.0.1/24>
SWTICH1(config)# vrrp br1 1

SWITCH1(config-vrrp)# associate 10.0.0.5
SWITCH1(config-vrrp)# vr_priority 101
SWITCH1(config-vrrp)# exit
SWITCH1(config)# show vrrp
br1 - virtual router 1
---------------------------------------------state
backup
virtual mac address
00:00:5E:00:01:01
advertisement interval
1 sec
preemption
enabled
priority
101
master down interval
3.624 sec
[1] associate address : 10.0.0.5
<Layer 3 SWITCH 2 : IP Address - 10.0.0.2/24>

Layer 3 SWITCH 2 with higher
Priority is configured as Master
Router.

SWITCH1(config-vrrp)# vr_priority 102
---------------------------------------------state
virtual mac address
master
00:00:5E:00:01:01
1 sec
preemption
enabled
priority
102
3.620 sec
By default, Priority of V5324 switch is configured as 100. So, unless you configure specific Priority,
this switch becomes Master Router because a device, which has lower IP address, has higher
precedence. Also, when there are more than two Backup Routers, IP addresses are compared to decide
order. The following is an example of configuring Master Router and Backup Router by comparing IP
addresses: Virtual Routers, Layer 3 SWITCH 1 10.0.0.1 and Layer 3 SWITCH 2 10.0.0.2.
Dasan Networks, Inc
<Layer 3 SWITCH1 : IP address - 10.0.0.1/24>

---------------------------------------------state
master
virtual mac address
00:00:5E:00:01:01
1 sec
preemption
enabled
priority
100
3.624 sec
<Layer 3 SWITCH 2 : IP Address - 10.0.0.2/24>

In case of same Priorities,

Layer 3 SWITCH 1 with
lower
IP
address
is
configured as Master Router.
---------------------------------------------state
virtual mac address
backup
00:00:5E:00:01:01
1 sec
preemption
enabled
priority
100
3.620 sec
7.11.2 Configuring Authentication Password
After user configures Virtual Router, if anyone knows Group ID And Associated IP address, it is
possible to configure another devices as Virtual Router. To prevent it, user needs to configure a
password, named authentication password that can be used only in Virtual Router user configured.
In order to configure an authentication password for security of Virtual Router, use the following
command on VRRP configuration mode.
Dasan Networks, Inc
Command
Mode
Function
Configures an authentication password.
authentication clear_text password

VRRP
Deletes a configured authentication password.
no authentication
Note
Authentication password can be configured with maximum 7 digits.
The following is an example of configuring Authentication password in Virtual Router as network and
confirming it.
SWITCH(config-vrrp)# authentication clear_text network

SWITCH(config-vrrp)# show running-config
(Omitted)
vrrp br1 1
authentication clear_text network
associate 10.0.0.5
!
!
!
!
no snmp
!
!
!
!
!
7.11.3 Configuring Preempt
Preempt is a function that an added device with the highest Priority user gave is automatically
configured as Master Router without rebooting or specific configuration when you add an other device
after Virtual Router is configured. In order to configure Preempt, use the following command on VRRP
configuration mode.
Command
preempt {enable | disable}
Dasan Networks, Inc
Mode
VRRP
Function
Enables or disables Preempt.
Note
By default, Preempt is configured as enable in V5324 switch.
The following is an example of disabling Preempt.
SWITCH(config-vrrp)# preempt disable

SWITCH(config-vrrp)# exit
SWITCH(config)# show vrrp
---------------------------------------------state
master
virtual mac address

00:00:5E:00:01:01
1 sec
preemption
disabled
priority
100
3.624 sec

SWITCH(config)#
Also, in order to make Preempt enable as default setting, use the following command on VRRP
configuration mode.
Command
no preempt
Mode
VRRP
Function
Deletes the former configuration of Preempt to enable it.
7.11.4 Configuring Advertisement Time
Master Router in Virtual Router transmits its data to the other routers in VRRP group at regular interval.
The interval is named as Advertisement Time. User can configure Advertisement Time in V5324 switch.
In order to configure Advertisement Time, use the following command on VRRP configuration mode.
Command
vr_timers advertisement time
Mode
VRRP
Function
Configures Advertisement Time.
Dasan Networks, Inc
Note
By default, Advertisement Time is configured as 1 second in V5324 switch.
Note
For V5324 switch, Advertisement Time can be configured for 1 second to 10 seconds.
The following is an example of configuring Advertisement Time as 10 seconds and confirming it.
SWITCH(config-vrrp)# vr_timers advertisement 10

SWITCH(config-vrrp)# exit
SWITCH(config)# show vrrp
---------------------------------------------state
master
virtual mac address
00:00:5E:00:01:01
10 sec
preemption
disabled
priority
100
30.624 sec

SWITCH(config)#
In order to delete configured Advertisement Time for default setting, use the following command.
Command
Mode
no vr_timers advertisement
VRRP
Function
Deletes configured Advertisement time to return default
setting.
7.11.5 Viewing VRRP Statistics
In order to view statistics that packets have bees sent and received, use the following command.
Command
Mode
show vrrp stat
Global
Dasan Networks, Inc
Function
Shows statistics of packets in Virtual Router Group.
The following is an example of viewing statistics of packets in Virtual Router Group.
SWITCH(config)# show vrrp stat

VRRP statistics :
VRRP packets rcvd with invalid TTL
VRRP packets rcvd with invalid version
0
0
VRRP packets rcvd with invalid VRID
VRRP packets rcvd with invalid size
VRRP packets rcvd with invalid checksum
VRRP packets rcvd with invalid auth-type
VRRP packets rcvd with interval mismatch
SWITCH(config)#
7.12 NAT
NAT(Network Address Translation) uses private IP address, which is supposed to be used in internal
network. So, it can save limited IP source and strengthen security because IP address of internal
network is protected. V5324 switch supports Static NAT, IP masquerade(PAT) and Dynamic NAT.
This section describes how configure NAT. It contains these sections.
Configuring Static NAT

Configuring IP masquerade(PAT)
Configuring Dynamic NAT
Substituting DNS
Additional Function
IP Filtering
7.12.1 Configuring Static NAT
Static NAT is to map a private IP address to a public IP address on one-to-one basis when
communicating with external network.
Dasan Networks, Inc
Private
Network
Private IP Address
Public IP Address
Packet
Packet
V5324 Switch
External
Network
Operation of Static NAT
As you see the above picture, a switch with enabled Static NAT transfers packet with private IP address
to packet with public IP address when sending packet of internal network. A is transferred to P and B is
transferred to Q.
As this way, one-to-one way to transfer private IP address to public IP address is named as Static NAT.
Static In order to configure Static NAT, use the following command.
Command
ip nat statistic public-address private-address
Mode
Global
Function
Configures Static NAT.
In order to disable Static NAT, use the following command.
Command
no ip nat statistic public-address private-address
Mode
Global
Function
Disables Static NAT.
7.12.2 Configuring IP masquerade(PAT)
IP masquerade also known as PAT(Port Address Translation) makes several private IP addresses
connected to network bring one public IP address when it goes to exterior network. That is, data sent by
each different private IP address looks like sending by one public IP address.
Dasan Networks, Inc
Private IP Address
Public IP Address
A
Private
Network
Packet
B
C
Packet
External
Network
V5324 Switch
Operation of IP masquerade(PAT)
In order to configure IP masquerade in switch, use the following command.
Command
ip nat pat private-network-address
Mode
Global
Function
Converts the private IP address into public IP address
when it goes to exterior network.
When you use the above command to configure IP masquerade, proper public IP address is chosen to
be sent to exterior network through certain rule.
However, it is also possible to configure the public IP address to skip the process.
In order to configure specific IP address to be sent to exterior network, use the following command.
Command
ip nat masq-address ip-address
Mode
Global
Function
Configures specific IP address to be sent to exterior
network.
Dasan Networks, Inc
In order to disable IP masquerade, use the following commands.
Command
Mode
no ip nat pat private-network-address
Function
Disables IP masquerade.
Global
no ip nat masq-address
Releases specified public IP address used to send out to

external network.
In order to view configuration of IP masquerade, use the following command.
Command
show running-config
Mode
Function
The following is an example of enabling IP masquerade to convert private IP address 172.16.0.0/16 into
public IP address 100.1.1.2 for going out to external network when IP address of br1 is public IP
100.1.1.2 and IP address of br2 is private IP 172.16.1.1.

SWITCH(config)# rule private_ip classify low any any ip 172.16.0.0/16
SWITCH(config)# rule private_ip match copy-to-cpu
SWITCH(config)# rule private_ip match deny
SWITCH(config)# rule arp classify medium any any arp
SWITCH(config)# rule arp match permit
SWITCH(config)# ip nat pat 172.16.0.0/16
SWITCH(config)# ip nat masq-address 100.1.1.2
SWITCH(config)#
The following is an example of configuration that V5324 switch with IP address 172.16.221.60 provides
NAT to hosts belonged in network address 10.10.10.0. In this case, note that you have to give scope
option when configuring private IP address.
Dasan Networks, Inc
Unless you configure scope option, specified IP address becomes scope global. Then hosts who receives
NAT service are supposed to be sent with first configured IP address. For the other cases, it is
recommended that you configure scope option when configuring IP address to make sure configuration
information.

SWITCH(config-if)# ip address 10.10.10.254/24 scope link
SWITCH(config-if)# exit
SWITCH(config)# rule private_ip classify low any any ip 172.16.0.0/16
SWITCH(config)# rule private_ip match copy-to-cpu
SWITCH(config)# rule private_ip match deny
SWITCH(config)# rule arp classify medium any any arp
SWITCH(config)# rule arp match permit
SWITCH(config)# ip nat pat 10.10.10.0/24
(omitted)
rule private_ip classify low any any ip 172.16.0.0/16
rule private_ip match deny
rule private_ip match copy-to-cpu
rule arp classify medium any any arp
rule arp match permit
!
interface lo
no shutdown
!
interface br1
no shutdown
ip address 172.16.209.3/16
ip address 10.10.10.254/24 scope link
!
ip route 0.0.0.0/0 172.16.1.254
!
!
!
ip nat pat 10.10.10.0/24
(omitted)
SWITCH(config)#
7.12.3 Configuring Dynamic NAT
In Dynamic NAT, a switch specifies valid public IP Pool. When private IP address goes out, it uses
public IP address in specified public IP Pool as source address.
Dasan Networks, Inc
M is number of how many public IP addresses are and N is number of how many private IP addresses
are. Since M, Public IP addresses confront with N, private IP addresses, Dynamic NAT is also called as
N:M basis. Meanwhile, although public IP Pool is run out, still it is possible to assign through PAT.
Private IP Address
Public IP Pool
P
A
Private
Network
Packet
V5324 Switch
R
.
.
.
M
Packet
External
Network
Operation of Dynamic NAT
In order to configure Dynamic NAT, use the following command.
Command
ip nat pool lowest-public-address
highest-public-address
Mode
Global
Function
Configures Dynamic NAT.
Information
lowest-public-address is IP address, which IP Pool is started, and highest-public-address is IP address,
which IP address is ended.
In order to disable Dynamic NAT, use the following command.
Command
no ip nat pool
Mode
Global
Function
Disables Dynamic NAT.
7.12.4 Substituting DNS
Dasan Networks, Inc
When host in private network tries to connect to domain name in the same network, V5324 switch has
DNS(Domain Name Server), which substitutes private IP address for public IP address. In order to
configure DNS, use the following command.
Command
Mode
ip nat dns
Global
Function
Configures DNS, which substitutes private IP address for public IP
address of domain name.
In order to disable DNS, use the following command.
Command
Mode
no ip nat dns
Global
Function
Disables DNS.
7.12.5 Additional Functions
In order to use other application program with configured IP address of NAT, use the following
commands.
Command
Mode
Function
ip nat helper {cuseemedialpadftpirc
Helps
quakeraudiovdolive}
applications such as Dialpad and FTP server program.
address
be
applied
to
number configured at HIGH, goes out with assigned
number {udptcp} port-number
port number by designed protocol mode.
ip nat portfw {udptcp} local-address
[preference-level]
IP
From the ports number configured at LOW to the port
ip nat autofw {udptcp} low-number high-
port-number remote-address port-number
masqueraded
Converts the port of IP address and another application

Global
not configured in router into IP address and port to be

communicated.
no ip nat helper {cuseemedialpadftpirc

quakeraudiovdolive}
no ip nat autofw {udptcp} low-number
Deletes NAT configuration.
high-number {udptcp} port-number

no ip nat portfw {udptcp} local-address
port-number remote-address port-number
Dasan Networks, Inc
7.12.6 IP Filtering
When IP NAT is enabled, packets are sent up to CPU to run IP NAT. And user may need some of the
packets. To filter packets processed in CPU, you need to use IP filtering.
In order to enable IP filtering, use the following command.
Command
Mode
ip filter add {permitdeny} {src-addressany} {des-
Function
Configures basic policy for incoming packets.
addressany}
Configures new policy for incoming packets. You
addressany} {icmpudptcp} {src-portany} {des-
also can configure specific port of the address.
portany} [interface interface-name]

Configures basic policy for incoming packets.
addressany} interface interface-name
You also can configure specific interface.
no ip filter add {permitdeny} {src-addressany} Global

{des-addressany} [interface interface-name]
no ip filter add {permitdeny} {src-addressany}
Deletes policy for packets.
{des-addressany} {icmpudptcp} {src-portany}

{des-portany} [interface interface-name]
ip filter add {permitdeny} src-address des-address
forward
Makes basic rule to forwarded packets.
Configured IP filtering policy gets sequential Rule-number, and you can configure another policy
through the Rule-number.
In order to view IP filtering policies configured sequentially, use the following command.
Command
show ip filter
Dasan Networks, Inc
Mode
Top/Global
Function
Shows configured IP filtering sequentially.
The following is an example of configuring IP filtering policy to block packet from 172.16.89.200/16 to
172.16.30.15/16 and to allow icmp.
SWITCH(config)# ip filter add permit 172.16.89.200/16 172.16.30.15/16 icmp any any

SWITCH(config)# ip filter add deny 172.16.89.200/16 172.16.30.15/16
SWITCH(config)# show ip filter
Chain input (policy ACCEPT):
target
prot opt
ACCEPT
icmp ------
DENY
all
------
source
destination
ports
172.16.0.0/16
172.16.0.0/16
any ->
172.16.0.0/16
172.16.0.0/16
n/a
any
Chain forward (policy ACCEPT):

Chain output (policy ACCEPT):
SWITCH(config)#
In order to change order to IP packet filtering policy, use the following commands and insert in existing
policies.
Command
Mode
Function
ip filter insert rule-number {permitdeny} {src-addressany}

{des-addressany}
{des-addressany} {icmpudptcp} {src-portany}
Global
Inserts specified policy to specified

Rule-number.
{des-portany} [interface interface-name]

{des-addressany} interface interface-name
Information
When you use the command, ip filter insert, specified policy gets specified Rule-number and the
existing policies gets the next number.
7.13 Bandwidth
Routing protocol uses bandwidth information to measure routing distance value. In order to configure
bandwidth of interface, use the following command.
Dasan Networks, Inc
Command
bandwidth kilobits
Mode
Interface
Function
Configures bandwidth of interface.
Note
The bandwidth can be from 1 to 10,000,000Kbits. This bandwidth is for routing information implement and
it does not concern physical bandwidth.
The following is an example of configuring bandwidth as 1000Kbits and confirming it.
SWITCH(config-if)# bandwidth 1000

(omitted)
interface br1
no shutdown
bandwidth 1000
(omitted)
In order to delete configured bandwidth, use the following command.
Command
no bandwidth [kilobits]
Mode
Interface
Function
Deletes configured bandwidth of interface.
7.14 DHCP
DHCP(Dynamic Host Control Protocol) makes DHCP server assign IP address to DHCP clients
automatically and manage the IP address.
In the environment that all PCs may be not connected to network at the same time, all of they do not
need to have IP addresses. When some of they need IP address, it can be automatically assigned. In this
case, DHCP server is the one that assigns IP address automatically and DHCP clients are those, which
PCs are.
DHCP provides the following benefits.
Saving COST
With limited IP source, many users can connect to internet. So, it can save IP source and the cost.
Dasan Networks, Inc
Effective Network Management

Anyone can configure DHCP server and DHCP clients belonged to network managed by DHCP
server access to network without professional knowledge such as configuring TCP/IP on network
environment..
DHCP Server
IP Request
(Broadcast)
DHCP Pack
(Unicast)
PC
PC
PC
Subnet
PC=DHCP Client
DHCP Service Construction
V5324 switch can be the DHCP server or the DHCP Relay agent according to users configuration. The
DHCP Relay agents function is to connect the DHCP server to the DHCP client.
You need to know the following functions.
Configuring DHCP Server

Configuring DHCP Relay Agent
Initializing DHCP lease Database
Configuring DHCP Server Configuration
7.14.1 Configuring DHCP Server
If you want to use V5324 switch as the DHCP server, first of all, specify it as the DHCP server. After
specifying V5324 switch as the DHCP server, you have to configure the following to support the DHCP
service to the DHCP clients.
Dasan Networks, Inc
Activating DHCP Server

Configuring DHCP Subnet
Configuring IP Address Range
Configuring Subnet Default Gateway
Configuring Group
Configuring the Available Time to Use IP address
Registering DNS Server
Viewing Information of Assigned IP Address
DHCP syslog
Viewing Rate of IP Usage by DHCP Group
(1) Activating DHCP Server

In order to configure switch as DHCP server, use the following command.
Command
ip dhcp server
Mode
Global
Function
Configures switch as DHCP server.
In order to disable DHCP server function, use the following command.
Command
no ip dhcp
Mode
Global
Function
Disables DHCP server function.
Note
If there is something wrong with DHCP configuration, the message Cant start DHCP server. will be seen
by activating DHCP server and DHCP function is not enabled.
Meanwhile, V5324 switch supports special function that prohibits assigning plural IP address to one
MAC address. Usually, V5324 switch assigns IP address to equipment, which already has assigned IP
address because it may need more than one IP address.
However, although personal computer does not need plural IP addresses, it gets them. This function
prevents that case. In other words, it is possible for V5324 switch both to assign plural IP address to
equipments and also prohibit assigning plural IP address to one MAC address.
Dasan Networks, Inc
In order to prohibit assigning plural IP address to one MAC address, use the following command.
Command
Mode
ip dhcp server with-haddr
Global
Function
Prohibits assigning plural IP address to one equipment.
Information
When you do not need the function to prohibit assigning IP address to one MAC address, activate DHCP
server with the command, ip dhcp server.
In order to disable this function, use the following command.
Command
Mode
no ip dhcp
Global
Function
Disables CHCP server.
(2) Configuring DHCP Subnet

Before configuring DHCP, you need to configure DHCP subnet first. When you configure DHCP subnet,
you are entered into DHCP configuration mode where you can configure about subnet. And the system
prompt will be changed to SWITCH(config-dhcp)# from SWITCH(config)#.
In order to configure DHCP subnet, use the following command.
Command
ip dhcp subnet subnet-address netmask netmask
Mode
Global
Function
Configures DHCP subnet.
The following is an example of network range 192.168.1.0/24 as DHCP subnet.
SWITCH(config)# ip dhcp subnet 192.168.1.0 netmask 255.255.255.0

SWITCH(config-dhcp)#
You can configure IP address, default gateway, and DHCP group to be used in subnet configured by
user. Input exit to go back to Global configuration mode, and input end to go to Top mode directly.
Dasan Networks, Inc
In order to delete subnet configured by user, use the following command.
Command
Mode
no ip dhcp subnet subnet-address netmask netmask
Global
Function
Deletes DHCP subnet.
(3) Configuring IP Address Range

After configuring DHCP subnet, you need to configure IP address range used in the subnet. In order to
configure IP address range, use the following command.
Command
range start-address end-address
Mode
Function
dhcp
Configures IP address range.
It is possible to configure inconsecutive subnets in same IP address range. For example, you can
configure subnet from 192.168.1.10 to 192.168.1.20 and from 192.168.1.30 to 192.168.1.40 in IP address
range 192.168.1.0/24.
(4) Configuring Subnet Default Gateway

You have to configure default gateway all IP addresses can be allowed so that DHCP server can
communicate with unspecified IP address.
In order to configure default gateway of subnet, use the following command.
Command
default-gateway gateway-address
Mode
dhcp
Function
Configures default gateway of subnet.
(5) Configuring Group

In the DHCP subnet, you can assign the group that is able to use IP address in common. If you assign
each other subnet, A and B, to same group, when there is not available IP address in the subnet A, you
can use IP address of the subnet B.
Dasan Networks, Inc
To configure the group, use the following commands.
Command
group name
Mode
Function
dhcp
Configures group in subnet.
Two subnets configured same group, it is possible to use IP address in common.
In order to delete configured group, use the following command.
Command
Mode
no group name
dhcp
Function
Deletes configured group.
(6) Configuring the Available Time to Use IP address

DHCP server administrator can configure the available time to use IP address assigned to DHCP client.
This time is named IP address lease time. The default is one-hour and the system asks if DHCP client
wants to extend it by the end of the time. In order to configure IP address lease time, use the following
command.
Command
Mode
ip dhcp lease default seconds
Function
Configures default IP address lease time in seconds.
Global
ip dhcp lease max seconds
Configures maximum IP address lease time in seconds.
Information
The default is one hour(3600 seconds), and the maximum is two hours.
(7) Registering DNS Server

DHCP server basically informs IP address, default gateway, IP address lease time ,and available DNS
server when DHCP client is accessed. Therefore, you should register DNS server that can be used in
DHCP server. You can register up to two servers.
Dasan Networks, Inc
In order to register DNS server, use the following command.
Command
ip dhcp dns {ip-address 1} [ip-address 2]
Mode
Global
Function
Registers DNS server.
The following is an example of configuring DHCP server ; network range 192.168.1.0/24 as subnet and
192.168.1.10 ~ 192.168.1.20 and 192.168.1.30 ~ 192. 168.1.40 as IP address range. The default gateway of
subnet is configured as 192.168.1.254 and DHCP server is activated.

SWITCH(config-dhcp)# range 192.168.1.10 192.168.1.20
SWITCH(config-dhcp)# exit
SWITCH(config)# ip dhcp server
(omitted)
ip dhcp lease max 7200
!
ip dhcp lease default 3600
!
ip dhcp subnet 192.168.1.0 netmask 255.255.255.0
range 192.168.1.10 192.168.1.20
range 192.168.1.30 192.168.1.40
!
ip dhcp server
!
(omitted)
!
SWITCH(config)#
When user inputs wrong network subnet of IP address commands to be assigned by DHCP server with
to activate DHCP, you will see the error message. The following is an example of the error message
when configuring IP address range and DHCP server after wrong netmask configuration of 192.168.1.0
as 255.0.0.0, not 255.255.255.0.
Dasan Networks, Inc
Information
The error message in the below example means that DHCP server is not activated.

SWITCH(config-dhcp)# exit
Wrong netmask
SWITCH(config)# ip dhcp server

Address range 192.168.1.10 to 192.168.1.20 not on net 192.168.1.0/255.0.0.0!
Can't start DHCP server.
SWITCH(config)#
(8) Viewing Information of Assigned IP Address

.User can view DHCP information such as total amount of IP addresses that can be assigned, number of
the current clients who have got IP address, and the clients information.
In order to view information of assigned IP address, use the following commands. For more detail
information, enter detail after the command.
Command
Mode
Function
Shows total amount of IP addresses that can be assigned and
show ip dhcp user

Top/Global
show ip dhcp user detail
number of clients who receive IP address.

Shows detail information of clients who receive IP address.
The following is an example of viewing total amount of IP addresses that can be assigned and number
of clients who receive IP address after [Sample Configuration 1].
SWITCH(config)# show ip dhcp user

Max lease: 0 (2003/03/12 13:19:05)
Total ip: 22
Total users: 0 (0%)
SWITCH(config)#
Dasan Networks, Inc
The above example means that twenty-two IP addresses can be assigned and there is no client who
receives IP address by the time.
The following is an example of viewing detail information of client when there is clients who receive IP
address.
SWITCH(config)# show ip dhcp user detail

lease 192.168.1.11 {
starts Wed Mar 12 05:27:39 2003
ends Wed Mar 12 06:27:39 2003
hardware ethernet 00:50:da:ea:a0:04;
uid 01:00:50:da:ea:a0:04;
client-hostname "note";
}
(9) Confirming DHCP syslog

Through Syslog, user can be aware of trouble occurred in DHCP server.
Perform the below steps to view trouble in DHCP server.
Step 1 Use the following command to configure Syslog of DHCP server.
Command
ip dhcp server syslog
Mode
Global
Function
Configures syslog of trouble in DHCP server.
Step 2 Use the following command to confirm syslog.
Command
show syslog local volatile
Dasan Networks, Inc
Mode
Top/Global
Function
Shows Syslog message.
The following is an example of confirming DHCP Syslog.
SWITCH(config)# ip dhcp server syslog

SWITCH(config)# show syslog local volatile
Mar 12 13:11:55
init: Entering runlevel: 3
Mar 12 13:12:00
zebra[85]: CPU overload warning : threshold [50] < CPU load [55]
Mar 12 13:12:05
zebra[85]: CPU overload cleared : threshold [50] > CPU load [5]
Mar 12 13:12:10
login[95]: root login
Mar 12 13:23:33
dhcpd: Sending on Linux Raw/br1/172.16.0.0
on `ttyS0'
Mar 12 13:23:33
dhcpd: Sending on
Mar 12 13:23:35
dhcpd: DHCPINFORM from 172.16.15.5
Socket/fallback/fallback-net
Mar 12 13:27:59
dhcpd: DHCPINFORM from 172.16.48.100
Mar 12 13:30:11
dhcpd: DHCPDISCOVER from 00:50:da:ea:a0:04 via br1
Mar 12 13:30:11
dhcpd: no free leases on subnet 172.16.0.0
Mar 12 13:54:38
dhcpd: Sending on Linux Raw/br1/172.16.0.0
SWITCH(config)#
(10) Viewing Rate of IP Usage by DHCP Group

You can check rate of IP usage by each DHCP group.
In order to view rate of IP usage by each group, use the following command.
Command
show ip dhcp group
Mode
Top/Global
Function
Shows rate of IP usage by each group.
7.14.2 Configuring DHCP Relay Agent
You can configure the system to forward IP address that is requested from DHCP clients in V5324
switch. It called the DHCP Relay agent. The DHCP Relay agent is of avail to manage a wide DHCP
subnet.
Dasan Networks, Inc
DHCP Server
Relay agent 2
Relay agent 1
PC=DHCP Client
PC
PC
PC
PC
PC
PC
Subnet 2
Subnet 1
A example of the Relay agent
Use the following command in global configuration mode, to enable the DHCP relay feature on your
system.
Command
ip dhcp relay server-address
[server-address] [server-address]
Mode
Function
Global
Forwards IP address requests to the DHCP server.
To delete the DHCP Relay agent, use the following command.
Command
no ip dhcp
Mode
Global
Function
Deletes the DHCP Relay agent.
7.14.3 Initializing DHCP Lease Database
Data of IP address assigned by DHCP server is recorded in Lease Database. It is possible to initialize
this database and to start new recording. If there is an IP address assigned, it is renewed after checking
if user wants to use it.
Dasan Networks, Inc
In order to initialize DHCP Lease Database, use the following command.
Command
clear ip dhcp binding
Mode
Function
Global
Initializes DHCP Lease Database.
7.14.4 DHCPlease Database Back-up
You can make backup-file of DHCPlease database through tftp according to your configuration.
In order to make backup-file of DHCPlease database through tftp, use the following commands.
Note
Since tftp server does not authorize users with ID and password when they access to, the security is very
vulnerable. To help the vulnerable security, you can make backup-file only when there is same file name
with a file you need to copy in tftp server.
Command
Mode
ip dhcp database tftp-address file-name
Makes backup file of DHCPlease database.
write-delay time
Function
Global
Makes backup file of DHCPlease database and configures
write-delay time max-time
time limit to access to tftp server.
Makes backup file of DHCPlease database and configure
write-delay time log
Syslog message to be sent in case of access failure.
Note
You should form tftp:A.B.C.D to input tftp-address.
Information
The unit of time is second when you configure backup interval of DHCPlease database with using the
command, write-delay.
Information
max-time is time limit to access to tftp server.
Dasan Networks, Inc
7.14.5 Confirming DHCP Configuration
In order to confirm DHCP configuration, use the following command.
Command
Mode
show running-config
Function
Shows DHCP configuration.
The following is an example of viewing DHCP configuration.

(omitted)
!
ip dhcp lease max 7200
!
ip dhcp lease default 3600
!
DHCP configuration
ip dhcp subnet 10.1.1.1 netmask 255.0.0.0

range 10.1.1.1 10.1.1.10
default-gateway 10.1.1.254
!
!
(omitted)
SWITCH(config)#
Information
The above example is just for your reference. It may vary according to DHCP configuration.
7.15 Broadcast Storm Control

V5324 switch supports Broadcast Storm Control for Broadcast packet.
Broadcast Storm is overloading situation of broadcast packets since they need major part of transmit
capacity. Broadcast storm may be often occurred because of difference of versions.
For example, when there are mixed 4.3 BSD and 4.2 BSD, or mixed Appletalk Phase I and Phase II in
TCP/IP, Storm may be occurred.
Dasan Networks, Inc
Also, when information of routing protocol regularly transmitted from router is wrong recognized by
system, which does not support the protocol, Broadcast Storm may be occurred.
Broadcast Storm Control is operated by ; system counts how many Broadcast packets are there for a
second and if there are packets over configured limit, they are discarded.
In order to configure Storm Control, use the following command.
Command
Mode
set storm-control count
Bridge
Function
Configures Storm Control.
Information
max-count can be from 120 and it becomes to the closest multiple. For example, if you input 500, it
becomes 480.
In order to disable Storm Control, use the following command.
Command
clear storm-control
Mode
Bridge
Function
Disables Strom Control.
Newly-updated V5324 switch provides not only broadcast storm but also control of multicast and
DLF(Destination Lookup Fail) storm. In order to use control of muticast and DLF storm, use the
following commands. Then all configurations of Broadcast storm control will be equally applied to all
VLANs.
Command
Mode
set storm-control include dlf
Function
Enables DLF storm control.
Bridge
set storm-control include multicast
Enables multicast storm control.
Information
The defulat is enabled DLF storm control and disabled multicast storm control.
Dasan Networks, Inc
In order to disable multicast storm control and DLF storm control, use the following commands.
Command
Mode
clear storm-control include dlf
Function
Disables DLF storm control.
Bridge
clear storm-control include multicast
Disables multicast storm-control.
In order to confirm Storm Control configuration, use the following command.
Command
show storm-control
Mode
Bridge
Function
Shows Storm Control configuration.
7.16 Blocking Direct Broadcast

RFC 2644 recommends that system blocks broadcast packet of same network bandwidth with
interfaceof equipment, namely Direct broadcast packet. Hereby, Dasans products are supposed to block
Direct broadcast packet by default setting. However, you can enable or disable it in V5324 switch.
In order to block Direct broadcast packet, use the following command.
Command
Mode
no ip forward direct-broadcast
Global
Function
Enables blocking Direct broadcast packet.
Information
The default is enabled.
In order to disable blocking Direct broadcast packet, use the following command.
Command
ip forward direct-broadcast
Dasan Networks, Inc
Mode
Global
Function
Disables blocking Direct broadcast packet.
In order to view configuration about blocking Direct broadcast packet, use the following command.
Command
Mode
show running-config
Function
The following is an example of blocking Direct broadcast packet and confirming it.
SWITCH(config)# ip forward direct-broadcast

(omitted)
!
ip forward direct-broadcast
!
no snmp
!
SWITCH(config)#
Dasan Networks, Inc
Chapter VIII IP Routing Protocol
This chapter describes on layer 3 switching and how to configure the switch for supported IP routing
protocols. It is intended to provide enough information for a network administrator to get the protocols
up and running. This chapter includes the following sections.
BGP Routing Protocol
OSPF Routing Protocol
RIP Routing Protocol
8.1 BGP Routing Protocol

BGP(Border Gateway Protocol) is, as defined in RFC 1163, 1267, EGP(Exterior Gateway Protocol) to
connect to exterior Network. BGP manages routing information in network so that AS(Autonomous
System) can transmit and receive routing information. BGP consists of network number, which packet is
passed through and autonomous system number.
V5324 switch supports BGP version 4 defined in RFC 1771. BGP version 4 provides Aggregate route by
using CIDR(classless interdomain routing) to reduce size of routing table. CIDR provides IP prefix,
which is network address instead of IP address on BGP network. OSPF and RIP can also transmit CIDR
path.
Switch, which takes BGP protocol, is intended to exchange AS(autonomous system) and path reaching
to AS between BGP equipments. By doing it, user can prevent routing Loop and take the most effective
AS information.
User can configure MED(Multi Exit Discriminator) by using route map. When new routing information
is transmitted to neighbor BGP, MED is passed without any change. Thus, BGP routers located in same
AS can select path with same standard.
8.1.1 Basic Configuration
BGP configuration is roughly divided into basic configuration and advanced configuration. Basic
configuration includes the following.
Activating BGP
Configuring BGP Neighbor Router
Changing Routing Policy
Configuring BGP Weights
BGP Route Filtering
AS Route Filtering
BGP Route Filtering through Prefix Lists
Blocking information Transmission to Next Destination
270 - IP Routing Protocol
Dasan Networks, Inc
Configuring BGP Version
(1) BGP Routing

In order to activate BGP, perform the following steps.
Step 1 Enter into BGP router configuration mode by using the following command. Then BGP will be
activated.
Command
router bgp <1-65535>
Mode
Function
BGP Global
Assigns AS number to configure BGP routing.
AS number is an identification of autonomous system used for detecting the BGP connection. AS
number is a digit between 1 and 655367. AS number 65512 through 65535 are defined as private AS
number. Private number cannot be advertised on the global Internet.
Step 2 Configure BGP network and register it in BGP routing table by using the following commands.
Command
Mode
Configures backdoor route to reach to border router,
network prefix backdoor

Router
network prefix
Function
nlri [multicast | unicast]
which receives BGP information.

Decides where to send routing information.
(2) Configuring BGP Neighbor Router

EGP should know neighbor router. Therefore BGP, as one of EGP, has to configure neighbor router. BGP
neighbor router includes internal neighbor router, which is located in same AS and external neighbor
router, which is located in different AS. Usually, internal neighbor router in same AS is not directly
connected, but external neighbor router is directly connected to share partners sub network. In order to
configure BGP neighbor router, use the following command.
Command
neighbor ip-address remote-as number
Dasan Networks, Inc
Mode
Router
Function
Configures BGP Neighbor router.
System Main FUnction - 271
(3) Changing Routing Policy

Routing policy is to decide which information to receive and which information to provide through
route-map, distribute-list and prefix-list when exchanging routing information with neighbor router.
When you change routing policy, you should modify routing information to follow new policy by
deleting routing information of old policy or resetting default route.
In order to receive routing information of new policy, you need to configure inbound reset, and in
order to provide the information, you need to configure outbound reset. When BGP router provides
routing information of new policy, neighbor routers are supposed to receive the information.
If both BGP router and neighbor router support route refresh capability, it is possible to renew routing
information by using inbound reset. This way has the following advantages.
No optional configuration of administrator
No additional memory for changing routing information
In order to check if neighbor router supports route refresh capability, use the following command.
Command
neighbor {ip-addressneighbor-tag}
capability route-refresh
Mode
Function
Informs whether neighbor router supports route refresh capability.
Router
If neighbor router supports the function, Received route refresh

capability from peer. will be displayed.
If all BGP routers support route refresh capability, user can receive route information by using soft reset.
In order to configure routing information to follow new policy, use the following command.
Command
Mode
Function
Receives routing information of new policy. You can configure
clear ip bgp [* | AS | address ]

soft in
Top
network address to receive the information or AS. When you select

asterisk(*), the routing information will be received from all
addresses.
272 IP Routing Protocol
Dasan Networks, Inc
No previous configuration is required for outbound reset. Routing information is resent by using
command, soft.
In order to provide routing information again, use the following command.
Command
Mode
Function
Operates route refresh capability in where routing information is
clear ip bgp [* | AS | address]

soft out
Top
provided. You can configure network address or AS to send the

information. When you select asterisk(*), the routing information
will be sent to all addresses.
When administrator recoveries default routing policy from configured one, route refresh capability is
used. You do not have to delete configured policy one by one in case of this function.
Meanwhile, if a router does not support route refresh capability, you should delete old routing
information by using neighbor soft-reconfiguration. However, you would better take another way as
possible because it may cause network problem.
If you do not want to reconfigure BGP information but create new information, you have to save all
incoming information to BGP network in BGP router without processing routing information in order.
Please note that this way may cause overloading of memory.
Therefore you would better avoid it. On the other hand, memory is not required to provide changed
information. After BGP router transmits new information, neighbor router receives the information.
In order to change BGP configuration through saved routing policy, follow the below steps.
Step 1
After reconfiguring BGP router, configure to save received information from neighbor router.
And then, all incoming information to BGP router will be saved.
Command
neighbor ip-address soft-reconfiguration inbound
Dasan Networks, Inc
Mode
Router
Function
After reconfiguring BGP router, saves all
information from neighbor router.
IP Routing Protocol - 273
Step 2 Register new information in table by using saved information.
Command
Mode
Function
Registers new information in table by using saved
clear ip bgp [* | as-address] soft in
Top
information. You can configure network address, AS, or

all(*) for where to receive the information.
In order to check it routing information is correctly changed through routing table and BGP neighbor
router, use the following command.
Command
Mode
show ip bgp neighbors ip-address

[advertised-routes | received-routes | routes]
Top/Global
Function
Shows information to transmit to neighbor
router or to receive from neighbor router.
(4) Configuring BGP Weights

Weight is number assigned to route to decide route. It is available from 0 to 65534 only in BGP. If you
want to give priority to information from specific router, you can assign higher weight to the
information to do it.
In order to configure BGP weight, use the following command.
Command
neighbor ip-address weight
<0-65534>
Mode
Router
Function
Assigns weight to information from neighbor router.
(5) Aborting AS Route

By default setting, V5324 switch uses AS to decide route. However, you can change it to decide route as
IETF.
In order to disregard length required to reach to AS in case of deciding route, use the following
command.
Dasan Networks, Inc
Command
Mode
bgp bestpath as-path ignore
Router
Function
Disregards length required to reach to AS in case of deciding
route
(6) BGP Route Filtering

If you want to block specific routing information in system, you can optionally receive information,
which is transmitted to and received from neighbor router. In this case, user should configure access list
and prefix list. Then routing information will be filtered with configured standard.
In order to filter BGP routing information, use the following command.
Command
neighbor
ip-address
Mode
distribute-list
access-list-name {in | out}
Router
Function
Filters incoming or outgoing information through specific
network by using Access list.
Information
Distribute list can be used on only BGP internal network.
(7) AS Route Filtering

As filtering information with network address on BGP network, it is possible to filter information going
through AS. Policies applied to decide route are registered in access list. In order to filter routing
information with AS standard, configure filtering policy in access list and apply the policy to neighbor
router.
The following steps are instruction to filter routes in AS.
Step 1 Define specific AS in access list.
Dasan Networks, Inc
Command
ip
as-path
access-list
Mode
access-list-number
{permit | deny} expression
Global
Function
Defines specific AS in access list.
Step 2 Enter into Router configuration mode.
Step 3 Apply defined access list to filter routing information, which AS transmits or receives.
Command
neighbor ip-address filter-list
access-list-number {in | out}
Mode
Router
Function
Applies defined access list to filter routing
information, which AS transmits or receives.
(8) BGP Filtering through Prefix Lists

When you restrict BGP route, prefix list is preferred than access list because of the following reasons;
saves time to search and apply data in case of massive filter lists.
unlimited registration in filter lists.
easy to use
Before applying prefix list, user should configure prefix list. User can assign number to each policy
registered in prefix list.
Traffic Filtering Operation through Prefix Lists
Filtering through prefix list processes routing information in specific order by applying policy defined
in filter list. It is similar to access list but there are more detail rules as follow;
Allows all network information if there is no defined policy in prefix list.
Rejects specified network information unless policy applied to network is defined in prefix list.
Distinguishes each policy with the assigned number and applies policy which has the lowest number
when there are more than one policy applied to one network.
Dasan Networks, Inc
Routers search policy in prefix list from the top in order. When they find required policy, they stop
searching. For faster operation, user can make quick search list on the top of the list by using seq
provided from ip prefix-list. In order to view assigned number to policy, use the command, show ip
prefix-list. Policies configured by user are automatically assigned number. If you do not configure it,
you should assign number to each policy by using the command, ip prefix-list SEQ-VALUE.
Making Prefix List
In order to create prefix list, use the following commands.
Command
Mode
Function
ip prefix-list name {deny|permit} [description description]
Configures list name when creating
[seq value] prefix [ge value] [le value]
prefix list.
ip prefix-list name {deny|permit} [description description]
Global
[seq value] any
Creates prefix list to be applied to all

networks.
Makes additional description to prefix
ip prefix-list name description description
list.
Information
To create prefix list, you should select permit or deny.
Creating Prefix List Policy
You can add policy to prefix list one by one. Use the following command.
Command
Mode
ip prefix-list name seq value

{deny|permit} any | prefix [ge value]
[le value] }
Global
Function
Configures policy of prefix list and
assigns number to the policy.
You can input ge and le optionally, and they are used when you configure more than one network. If
you do use neither ge nor le, network range is more clearly configured. When only ge attribute us
configured, network range is configured from ge-value, and when only le attribute is configured,
network range is configured from netmask to le-value.
Dasan Networks, Inc
Viewing Prefix List Policy
In order to view information about prefix table, use the following command.
Command
Mode
Function
show ip prefix-list [detail | summary]
Shows prefix lists in detail or briefly.
show ip prefix-list [detail|summary] name
Shows prefix list of specified name.
show ip prefix-list name [seq number]
Shows policy of specified number.
show ip prefix-list name [prefix]
Top/
Global
show ip prefix-list name [prefix] longer
Shows policy applied to specified network.

Shows all policies of prefix list applied to
specified network.
Shows policy first applied to specified
show ip prefix-list name [prefix] first-match
network.
Deleting Number of Inquiring Prefix List
By default system records number how many times prefix list is inquired. In order to delete the number,
Command
clear ip prefix-list name [prefix]
Mode
Top
Function
Deletes the number how many times prefix list is
inquired.
(9) Blocking information Transmission to Next Destination

It is possible to block new routing information transmitting to next destination. This function is useful
when system is not connected to same IP network like Frame Relay. There are two ways to bock new
routing information transmitting to next destination as follow;
Configures another address instead of neighbor router address
Receives information from neighbor through route map and local BGP router distributes
information
Dasan Networks, Inc
Blocking Routing Information through Another Address
In order to block routing information transmitting to next destination by configuring another address
instead of destination address, use the following command.
Command
Mode
neighbor ip-address next-hop-self
Router
Function
Blocks routing information transmitting to next
destination.
This command informs routers address instead of neighbor router address and makes BGP routers
transmit information with the address. It is more effective than assigning specific address which to
receive routing information.
Blocking Routing Information through Routing Map
To make the next destination of BGP be neighbor router, use the command, set ip next-hop. In order to
configure neighbor router as the next destination of BGP, use the following command.
Command
Mode
Function
Specifies users BGP router connected neighbor router as the
set ip next-hop ip-address
Route-map
next destination of BGP and configure neighbor router address

as the next destination.
(10) Configuring BGP Version

By default, system supports BGP version 4. It is also possible to change the version as user needs.
In order to make a connection to neighbor router with specified BGP version, use the following
command.
Command
neighbor ip-address version
{4 | 4-}
Dasan Networks, Inc
Mode
Router
Function
Configures BGP version to be used when communicating with
neighbor router..
8.1.2 Advanced Configuration
After finishing basic configuration, it is possible to do advanced configuration. It contains the following
sections.
Changing Route through Route Map
Configuring Aggregate Address
Configuring BGP Community Filtering
Assigning ID Number for Router
Distributing Route to BGP
Configuring Confederation of Routing Domain
Configuring Route Reflector
Configuration through Neighbor Commands
Deactivating Neighbor Router
Configuring Backdoor Route
Deciding NLRI Type
Configuring Distance Value
Configuring BGP Timer
Checking Import Network
Configuring the First AS
Changing Priority of Local Network
Deciding Route based on Router ID
Considering Route without MED as the Worst Route
Deciding AS Route based on MED from ASs
Deciding Confederation Route based on MED
Deciding Route in Confederation based on MED
Restoring Reflected Route
Route Dampening
Checking and Managing BGP
(1) Changing Route through Route Map

You can process routes in specific order or change various attributes through route map. It is possible
for route map to apply both received information and distributed information.
Dasan Networks, Inc
Define route map and then it is possible to receive or distribute only matched routes to route map.
Routing information is processed in order; AS route first, then community, and network number last.
To prescribe process term, AS route uses as-path access-list, community uses community-list and
network uses ip access-list. In order to define route map, use the following command.
Command
neighbor ip-address route-map
route-map-name {in | out}
Mode
Function
Router
Applies route map to route which to receive or distribute.
(2) Configuring Aggregate Address

CIDR(Classless interdomain routing) has user create aggregate route or supernet to minimize size of
routing table. User can transmit aggregate route to BGP router or configure aggregate route by using
aggregate function. When there are more than one route in BGP table, aggregate address is added to
BGP table.
In order to configure aggregate address to routing table, use the following commands.
Command
Mode
aggregate-address prefix
Function
Creates aggregate address in BGP routing table.
Router
aggregate-address prefix
summary-only
Distributes only aggregated address.
(3) Configuring BGP Community Filtering

BGP supports transmit policy distributing routing information. Distributing routing information is
operated based on not only community list but also IP address and AS route. Community list makes
community according to each destination and routing policy is applied based on community standard.
It helps configure BGP speaker that distributes routing information.
Community is destination group that shares some common attributes. One destination can be belonged
to more than one community. As administrator can configure to which community destination is
belonged. By default, all destinations are configured to be in internet community.
Dasan Networks, Inc
The other defined and well-known communities are as the below.
no-export: Do not distribute this route to exterior BGP neighbor router
no-advertise: (Either exterior or interior) Do not distribute this route to neighbor router.
local-as: Distribute this information to neighbor routers of low level AS located on BGP united
network. Do not distribute it to exterior router.
In order to create community list, use the following command.
Command
Mode
ip community-list name {permit | deny} {community |
Global
local-AS | no-advertise | no-expert}
Function
Creates community list.
community is notated with a form, AA:NN as defined in RFC. AA is AS number and NN is number
of 2 bytes. In order to transmit community name to IP address of neighbor router, use the following
command.
Command
neighbor ip-address send-community
[extended]
Mode
Router
Function
Transmits community name to IP address of neighbor router,
which has specified IP address or specified neighbor-tag.
(4) Assigning ID Number for Router

User can assign router ID number for BGP router, which transmits BGP route. If you want delete this
function and change to default ID number, use no.
Command
bgp router-id address
Mode
Router
Function
Assigns ID number for BGP router.
(5) Distributing Route to BGP

It is possible to register route made in another place in BGP routing table. For instance, it is possible to
transmit connected route, kernel route, static route and route made by routing protocol to BGP. This
function is applied to all IP routing protocol.
Dasan Networks, Inc
In order to distribute route made in another place to BGP, use the following command.
Command
Mode
redistribute {connected | kernel | static | ospf | rip}

[route-map TAG]
Router
Function
Distributes routing information to BGP table.
(6) Configuring Confederation of Routing Domain

One way to reduce complicate multi-connection of BGP network is to divide one AS into several small
ASs and to group them into one confederation.
To the outside, the confederation looks like a single AS. All systems in each AS are connected to each
other, but all they are not directly connected to another AS in same confederation. In this case,
communicating with neighbor router in another AS is considered as communicating with interior BGP
router.
Especially, next destination, MED, and priority value in network are applied as they are. In order to
configure BGP confederation, you should configure ID number for confederation. To the outside, a
series of AS group looks like a single AS which has each different confederation number.
In order to configure BGP confederation, use the following command.
Command
bgp confederation identifier as
Mode
Router
Function
Configures BGP confederation.
In order to configure neighbor AS in confederation, use the following command.
Command
bgp confederation peers as [as...]
Mode
Router
Function
Configures neighbor AS in confederation.
(7) Configuring Route Reflector

BGP requires that all of speaker routers in network be connected to each other. However, it is
impossible when there are many speaker routers.
Dasan Networks, Inc
Instead of configuring a confederation, another way to reduce complicate multi-connection of BGP

network is to configure a route reflector.
By using route reflector, all BGP speaker routers do not need to be fully connected to each other because
it is possible to distribute transmitted route to neighbor route. Interior neighbor router distributes route
to next destination.
In order to configure route reflector and client router, which receives the route, use the following
command.
Command
Mode
neighbor ip-address route-reflector-client
Router
Function
Configures local router as BGP route router and
neighbor router as client router.
(8) Configurations through Neighbor

To provide BGP routing information to lots of neighbors, you can configure BGP to receive information
from neighbors by using access list.
In order to configure BGP route through neighbor, use the following commands.
Command
Mode
Function
Enables the exchange of information with BGP neighbor
neighbor ip-address activate
router.
neighbor ip-address remote-as
Blocks routing information from specified neighbor router.
NUMBER passive
neighbor ip-address description text
Describes relation of neighbor router.

Router
neighbor ip-address
Forwards default route 0.0.0.0 from BGP router to neighbor
default-originate
router.
neighbor ip-address send-community
Sends community attribute to specified neighbor router .
neighbor ip-address update-source
Forwards internal BGP information to interface, which is
interface
able to do TCP communication.
Dasan Networks, Inc
Command
Mode
Function
Allows BGP communication although neighbor router is not
neighbor ip-address ebgp-multihop
connected to BGP network.
neighbor ip-address
Configures how many BGP networks can be connect to
maximum-prefix maximum
neighbor router.
neighbor ip-address weight weight
Configures each weight of all routes.
neighbor ip-address distribute-list
Assorts information exchanged to neighbor router according
to policy defined in access list.
neighbor ip-address filter-list
Configures BGP filter.

neighbor ip-address next-hop-self
Blocks BGP information to the next destination.

Configures BGP version to communicate with neighbor
neighbor ip-address version VALUE
router.
neighbor ip-address route-map
Applies route map to transmitted information.
name {in | out}

neighbor ip-address
soft-reconfiguration inbound
neighbor ip-address
dont-capability-negotiate
neighbor ip-address
strict-capability-match
neighbor ip-address transparent-as
Router
Saves received information.
Configures peer not to reflect changed route.

Forces to configure route refresh capability, if neighbor
router does not have it. When user configures override
capability, it is impossible to use strict capability match.
Does not configure AS number of neighbor router although
the neighbor router is external BGP network.
neighbor ip-address
Configures not to display the next hop although peer is
transparent-nexthop
external BGP network.
neighbor ip-address
override-capability
neighbor ip-address port
neighbor ip-address
neighbor ip-address route-server-client
Dasan Networks, Inc
Makes peer to override another route on received route.

Assigns TCP port number to BGP network.
Configures interface of neighbor router.
Configures neighbor router as route server.
(9) Deactivating Neighbor Router

In order to deactivate BGP neighbor router, use the following command.
Command
Mode
neighbor ip-address shutdown
Function
Router
Deactivates BGP neighbor router.
In order to activate BGP neighbor router again, use the following command.
Command
Mode
no neighbor ip-address shutdown
Function
Router
Activates BGP neighbor router.
(10) Configuring Backdoor Route

You can configure which networks are reachable by using a backdoor route that the border router should
use. In order to configure border router, use the following command.
Command
network ip-address backdoor
Mode
Router
Function
Configures network available to be connected through backdoor route.
(11) Deciding NLRI Type

In order to decide type of route for sending to neighbor router, use the following command.
Command
network ip-address /m nlri
[ multicast | unicast multicast ]
Mode
Router
Function
Decide type of route to send to neighbor router.
(12) Configuring Distance Value

Administrative distance is a measure of priority of each routing protocol. BGP uses three kinds of
administrative distance; external, internal and local. Routes through exterior BGP are given exterior
distance, routes through interior BGP are given interior distance and routes through local BGP are given
local distance.
Dasan Networks, Inc
In order to configure BGP distance, use the following commands.
Command
Mode
distance bgp external internal local
Router
Function
Configures BGP distance value.
Since it may be risky to change BGP distance, it is not recommended. The exterior distance should be
lower than any other routing protocol, and the interior distance and local distances should be higher
than any other dynamic routing protocol.
(13) Configuring BGP Timer

You need to configure BGP timer so that BGP can transmit keepalive message at regular interval and
control it when there is no response from its destination. Keepalive timer configured by BGP system is
60 seconds and holdtimer is 180 seconds. It is possible to configure monitor timer in all neighbor router.
In order to configure BGP timer for all neighbor routers, use the following command.
Command
Mode
bgp scan-time seconds
Router
Function
Configures time to check BGP router in regular interval for
saving time to transmit routing information.
In order to adjust BGP timer for specified neighbor router, use the following command.
Command
Mode
Configures keepalive timer and holdtimer for specific
neighbor ip-address
timers keepalive holdtimer
Router
neighbor ip-address
timers connect time
Function
peer.
Configures connection timer with neighbor router.
To delete time value configured in BGP neighbor router, use no neighbor timers command.
Dasan Networks, Inc
(14) Checking Import Network

In order to check imported information from remote network, use the following command.
Command
bgp network import-check
Mode
Function
Checks imported information from remote network on BGP
Router
network.
(15) Configuring the First AS

In order to configure neighbor router as the first AS, use the following command.
Command
bgp enforce-first-as number
Mode
Function
Assigns number of the first AS to neighbor router. Checks
Router
imported information from remote network on BGP network.
(16) Changing Priority of Local Network

It is possible to make high preference low preference by changing priority of local network. The default
setting of priority is 100. In order to change priority of local network, use the following command.
Command
bgp default local-preference value
Mode
Router
Function
Changes default priority of local network.
(17) Deciding Route based on Router ID

In order to select route of the lowest number as the optimized route among similar routes from exterior
BGP router, use the following command. If you recovery default setting, use no.
Command
bgp bestpath compare-routerid
Mode
Router
Function
Compares router ID numbers for AS to select proper route
among imported router from neighbor router.
Dasan Networks, Inc
(18) Considering Route without MED as the Worst Route

In order to configure route without MED attribute as the worst route, use the following command.
Command
Mode
Function
Configures the router to consider a missing MED as
bgp bestpath med missing-as-worst
Router
having a value of infinity, choosing a path among

confederation paths.
(19) Deciding AS Route based on MED from ASs

MED is one of the parameters that is considered when deciding the best route among many alternative
routes. Route with a lower MED is preferred over route with a higher MED. By default, MED is
compared just in same AS to decide the best route. To do it, use the following command.
Command
bgp always-compare-med
Mode
Router
Function
Compares MED from other ASs.
(20) Deciding Confederation Route based on MED

To configure router to consider MED value when deciding route, use the following command.
Command
bgp bestpath med confed
Mode
Router
Function
Compares MED to decide the best route among routes from
each different confederations.
(21) Deciding Route in Confederation based on MED

In order to configure router to use MED to decide the best route among routes distributed by a single
sub-AS in a confederation, use the following command.
Command
bgp deterministic-med
Dasan Networks, Inc
Mode
Router
Function
Compares MED to decide the best route among routes from
ASs in confederation.
(22) Restoring Reflected Route

In order save route reflection from BGP route reflector to clients, use the following command.
Command
Mode
Function
bgp client-to-client reflection
Router
Saves route reflection from BGP route reflector to clients.
(23) Route Dampening

Route dampening is designed not to distribute routes, which repeat being available and unavailable. A
route is considered to be flapping when it is repeatedly available, then unavailable, then available, then
unavailable, and so on.
1) Syntax Description of Route Dampening
The following descriptions are syntax descriptions of route dampening.
Flap Route repeats being available and unavailable.

History state Whenever a route flaps, it assigns a penalty and configure as history state, meaning
the router does not have the best path, based on historical information.
Penalty Each time a route flaps, the router configured for route dampening in another AS assigns
the route a penalty of 1000. Penalties are cumulative. The penalty for the route is stored in the BGP
routing table until the penalty exceeds the suppress limit. At that point, the route state changes from
history to damp.
Damp state In this state, the route has flapped so often that the router will not advertise this route
to BGP neighbors.
Suppress limit A route is suppressed when its penalty exceeds this limit. The default value is 2000.
Half-life Once the route has been assigned a penalty, the penalty is decreased by half after the half-
life time, which is 15 minutes by default. The process of reducing the penalty happens at 5 seconds
interval.
Reuse limit As the penalty for a flapping route decreases and falls below this reuse limit, the route
is unsuppressed. That is, the route is added back to the BGP table and once again used for forwarding.
The default reuse limit is 750. The process of unsuppressing routes occurs at 10-second increments.
Every 10 seconds, the router finds out which routes are now unsuppressed and advertises them to the
world.
Dasan Networks, Inc
Maximum suppress limit This value is the maximum amount of time a route can be suppressed.
The default value is 4 times the half-life.
2) Configuring Route Dampening
In order to configure BGP route dampening, use the following command.
Command
bgp dampening
Mode
Function
Router
Activates BGP route dampening.
In order to change the default values of various dampening factors, use the following command.
Command
bgp dampening half-life time
[reuse-limit-value]
Mode
Router
Function
Configures various factors for route dampening. Half-life time can be
from 1 second to 45 seconds. And, reuser limit can be from 1 to 2,000.
(24) Checking and Managing BGP

User can delete all factors of cache, table and database. Also it is possible to display specific statistics.
1) Deleting Cache, Table and Database
You can delete all contents of specific cache, table, and database when some factors are invalid or
unreliable. In order to delete cache, table or database, use the following commands.
Command
clear ip bgp { * ip-address as-number}
[in | outsoft [inout]]
Mode
Top
Function
Reconfigures information about BGP neighbor
router, AS group, all(*) BGP connections.
2) Displaying System and Network Statistics
You can display specific statistics such as contents of BGP routing table, cache, and database.
Information provided can be used to determine resource utilization and solve network problems. You
can also display information about node reachability and discover the routing path your devices
packets are taking through the network.
Dasan Networks, Inc
In order to display various routing statistics, use the following commands.
Command
Mode
show ip bgp prefix-list name
Shows peers to which the prefix has been advertised.

Displays all BGP routes including subnetwork and upper
show ip bgp cidr-only
network.
show ip bgp community
Displays route belonged in specific community. Community
[number|local-AS|no-advertise
Number is formed as AA:NN.
| no-export]
show
ip
bgp
Function
community-list
Shows all routes that are permitted by the community list.
community-list-name [exact-match]
show ip bgp community-info
Displays all information of BGP community.
show ip bgp filter-list
Shows routes that are matched by the specified autonomous
access-list-name
system route in access list.
show ip bgp regexp
Shows routes that match the specified regular expression
regular-expression
entered on the command line.

Top
show ip bgp attribute-info
Global
Shows all information of BGP attributes.
show ip bgp network
Shows BGP routing table.
show ip bgp [network]
Shows BGP routing table. longer-prefix presents more detail
[network -mask [longer-prefix]]
route.
show ip bgp neighbors
Shows detail information on TCP and BGP connections to
[ip-address]
individual neighbors.
Shows information about the TCP and BGP connections to
show ip bgp neighbors

ip-address [advertised-routes |
received-routes | routes]
neighbors. The advertised-routes option displays all the routes

the router has advertised to the neighbor. The received-routes
option displays all received routes (both accepted and rejected)
from the specified neighbor. The routes option displays all
routes that are received and accepted.
show ip bgp paths
Shows all BGP routes in database.
show ip bgp summary
Shows all BGP connections.
Dasan Networks, Inc
8.2 OSPF Protocol

OSPF(Open shortest path first) is ) is an interior gateway protocol developed by the OSPF working
group of IETF(Internet Engineering Task Force). OSPF designed for IP network supports IP subnetting
and marks on information from exterior network. Moreover, it supports packet authorization and
transmits/receives routing information through IP multicast. It is most convenient to operate OSPF on
layered network. The first thing you should do on OSPF network is to configure border router and AS
boundary router. And then, you need to configure basic setting to operate OSPF router and interface in
area. When you customize OSPF router for users environment, you have to confirm that all
configurations are same in each router.
8.2.1 Enabling OSPF
In order to configure routing protocol in router, you need to enter into Router configuration mode by
taking the following steps.
Step 1 Enter into Router configuration mode.
Command
Mode
router ospf
Global
Function
Step 2 Configure network ID of OSPF. Network ID decides IPv4 address of this network.
Command
Mode
router-id router-id
Router
Function
Configures network ID of OSPF.
Step 3 Configures an interface on which OSPF runs and specifies the area ID or IP address for that
interface.
Command
network ip-address /m area
{<0-4294967295> | Ip-address}
Dasan Networks, Inc
Mode
Router
Function
Configures OSPF area ID. OSPF Area-ID can be configured
from 0 to 4294967295 or one of Ipv4 addresses.
After enabling OSPF, you can select the following items to configure.
Configuring ABR Type
Configuring Comparability
Configuring OSPF Interface
Configuring OSPF Network Type
Configuring Non-broadcast Network
Configuring Areas
Configuring Representative Route between OSPF Areas
Configuring Virtual Link
Configuring Default Metric
Configuring Interval to Calculate Route
Configuring Interval to Transmit Route
Route Transmit to OSPF Network
Configuring Default Route
Configuring OSPF Distance Value
Blocking Information Transmit
Blocking Renewed Information
OSPF Monitoring and Management
8.2.2 Configuring ABR Type
As there are various OSPF versions, there are various OSPF configurations according to equipments. In
order to configure OSPF protocol of equipment, configure equipment type named ABR by using the
following command. Please note that V5324 switch is complied with RFC 2328.
Command
abr-type {cisco | ibm | shortcut | standard}
Mode
Router
Function
Configures ABR type.
8.2.3 Configuring Compatibility
Compatibility configuration enables the switch to be compatible with a variety of RFCs that deal with
OSPF. Perform the following task to support many different features within the OSPF protocol.
Dasan Networks, Inc
Command
Mode
compatible rfc1583
Router
Function
Supports function defined in RFC 1583.
8.2.4 Configuring OSPF Interface
You can alter certain interface-specific OSPF parameters as needed. You are not required to alter any of
these parameters, but some interface parameters must be consistent across all routers in an attached
network. Those parameters are controlled by ip ospf hello-interval, ip ospf dead-interval, and ip
ospf authentication-key commands. Therefore, be sure that if you configure any of these parameters,
the configurations for all routers on your network have compatible values. Use the following
commands to configure users environment.
Command
Mode
Function
Configures cost to transmit packets on OSPF interface. It is recorded as
ip ospf cost cost
metric value3 of LSA and used to calculate SPF.
ip ospf retransmit-interval
Configures time to transmit route information to router connected to
second
ODPF interface. The default is 5 seconds.

Configures time to provide route information from OSPF interface.
ip ospf transmit-delay
Max-age of LSA meaning available time increases in proportion to the
second
time to transmit information. The default is 1 second.

Configures priority of OSPF router. When high priority is configured,
ip ospf priority number
the router becomes destination router of network. The default is 1.

Interface
ip ospf hello-interval
second
ip ospf dead-count
count
Configures interval to transmit hello packet from OSPF interface. All

routers on same network should have same interval value. The default
is 10 seconds.
Configures number of how many time hello packets are not received to
be considered as freezing of OSPF router in neighbor routers. All
routers on same network should have same value. The default is 4.
ip ospf authentication-key
Configures password for OSPF routers authentication on same
key
networks. It can be configured up to 8 alphabet letters.
ip ospf message-digest-key
Configures password to be encrypted to MD5 by OSPF routers. It can be
keyed md5 key
configured up to sixteen characters.
Dasan Networks, Inc
8.2.5 Configuring Network OSPF Type
OSPF network is divided into three types as follow.
Broadcast Network
NBMA(Nonbroadcast multi-access) Network
Point-to-point Network
It is possible to configure OSPF network as broadcast type or non-broadcast type. For example, if users
network does not support multicasting, it is possible to configure broadcast network as non-broadcast
type. Conversely, it is also possible to configure NBMP network such as frame relay as broadcast type.
To operate network as NBMA type, all routers should be connected through virtual circuit. However, it
is possible to connect to some part of OSPF network with using virtual circuit through point-tomultipoint function so that network management cost can be saved. Two routers that are not directly
connected should transmit and receive routing information through intermediate router. So, you do not
have to configure neighbor router anymore. The followings are features of OSPF point-to-multipointing
type.
IP source is economized because you do not have to assign Neighbor router and there is no
additional process to configure designated router.
Management cost is saved because it does not need to be linked with all router on network like a
spiders thread.
It can provide more stable network service since it can communicate even when virtual circuit is
disconnected.
In order to configure OSPF network type, use the following command.
Command
ip ospf network {broadcast | non-broadcast |
(point-to-multipoint | point-to-point)}
Mode
Interface
Function
Configures
OSPF
network
type
in
OSPF
interface.
8.2.6 Configuring Non-broadcast Network
Dasan Networks, Inc
As there might be many routers attached to an OSPF network, a designated router is selected for the
network. It is necessary to select designated router to transmit routing information if broadcast
capability is not configured. In order to configure router communicated by non-broadcast type, use the
following command.
Command
Mode
neighbor ip-address [priority <0-255>
Router
poll-interval <1-65535>]
Function
Configures
router
communicated
by
non-
broadcast type.
8.2.7 Configuring Area
You can configure several area parameters including authentication, defining stub areas, and assigning
specific costs to the default route. Authentication allows password-based protection against
unauthorized access to an area.
Stub areas are areas into which information on external routes is not
sent. Instead, there is a default external route generated by the area border router, into the stub area for
destinations outside the autonomous system. To further reduce the number of link state advertisements
sent into a stub area, no-summary configuration on the ABR is allowed to prevent it from sending
summary link advertisement into the stub area. Use the following commands as you need. The
parameter, area-id can be formed as IP address or from 0 to 4,294,967,295.
Command
Mode
area area-id authentication
Function
Enables authentication for an OSPF area.
area area-id authentication
Enables MD5 authentication for an OSPF area.
message-digest
area area-id
stub [no-summary]
area area-id
default-cost cost
area area-id
export-list access-list
Configures which policy will be transmitted to another area.
area area-id
import-list access-list
Configures a policy used in the other area to be received.
area area-id
shortcut {default |
disable |enable}
Dasan Networks, Inc
Defines an area to be a stub area.

Router
Assigns a specific cost to the default summary route used for

the stub area.
Configures the shortest route to go through specified area.
8.2.8 Configuring Representative Route between OSPF Areas
Through route summarization, you can configure ABR to transmit single summarized route to other
areas. In OSPF, ABR transmits network information of an area to other areas. When the networks
addresses are in consecutive range, you can configure a representative address including each network
as network route. In order to configure networks address, use the following commands.
Function
Mode
Function
Configures network range that can be advertised as
area area-id range
a representative route. ared-id can be from o to
{ip-addressip-address/m} not-advertised
Router
4,294,967,295.
area ared-id range ip-address {suppress |
Configures network range that does not transmit
substitute ip-address}
route information.
8.2.9 Configuring Virtual Link
In OSPF, all areas must be connected to a backbone area. If there is a break in backbone continuity, or
the backbone is purposefully portioned, you can establish a virtual link.
The virtual link must be configured in both routers. The configuration information in each router
consists of the other virtual endpoint, and the nonbackbone area that the two routers have in common
(called the transit area). Note that virtual link cannot be configured through stub areas.
In order to create a virtual link, perform the following task in router configuration mode. The parameter,
area-id can be formed as IP address or from 0 to 4,294,967,295.
Command
Mode
Function
Creates
virtual
link.
hello-interval
can
be
area area-id virtual-link router-id-address hello-
configured from 1 to 65535 seconds, retransmit-
interval time retransmit-interval time transmit- Router
interval is from 3 to 65535 seconds,
transmit-delay
delay time dead-interval time
is from 1 to 65535 seconds, and
dead-interval is
from 1 to 255 seconds.
Dasan Networks, Inc
8.2.10 Configuring Default Metric
OSPF calculates metric based on interface bandwidth. For example, default metric of T1 link is 64, but
default metric of 64K line is 1562. If there are plural lines in the bandwidth, you can view costs to use
line by assigning metric to each line. In order to classify costs to use line, use the following command.
Command
auto-cost reference-bandwidth
reference-bandwidth
Mode
Router
Function
Classifies bandwidth provided by each line. It can be
configured from 1Mbit/s to 4,294,967Mbir/s.
8.2.11 Configuring Interval to Calculate Route
After notice of OSPF network organization changed, you can configure interval to calculate route,
which starts calculating the shortest path first. In order to configure the interval, use the following
command.
Command
timers spf spf-delay spf-hold
Mode
Router
Function
Configures interval to calculate route. Delay Time and
Hold Time can be configured from 0 to 4294967295.
8.2.12 Configuring Route Transmit Interval
The originating router keeps track of LSAs and performs refreshing LSAs when a refresh timer is
reached. You can configure the refresh time when OSPF LSAs gets refreshed and sent out. In order to
do this, use the following command.
Command
refresh timer <10-1800>
Dasan Networks, Inc
Mode
Router
Function
Configures interval to renew routing information.
8.2.13 Route Transmit to OSPF Network
Redistributing routes into OSPF from other routing protocols, static, kernel or from connected devices
will cause these routes to become OSPF external routes.
In order to redistribute routes into OSPF, use the following tasks associated with route redistribution.
Command
Mode
redistribute {kernel | connected | static | rip | bgp}
Function
Transmits external route to OSPF network.
[metric value] [metric-type (1|2)][route-map tag]

Router
Configures same route from 0 to 16777214
default-metric number
for all external route transmitted to OSPF.
8.2.14 Configuring Default Route
You can configure Autonomous System Boundary router to transmit default route to OSPF network.
Autonomous System Boundary router transmits route created externally to OSPF network. However, it
does not create system default route. In order to have autonomous System Boundary router create
system default route, use the following command.
Command
default-information originate
[metric value] [metric-type (1|2)]
Mode
Router
Function
Makes Autonomous System Boundary router create
system default route in OSPF.
8.2.15 Configuring OSPF Distance
An administrative distance is a rating of the trustworthiness of a routing information source, such as an

individual router or a group of routers. Numerically, an administrative distance is an integer between 0
and 255. In general, the higher the value is, the lower the trust rating is. An administrative distance of
255 means the routing information source cannot be trusted at all and should be ignored.
Dasan Networks, Inc
OSPF uses three different administrative distances: intra-area, inter-area, and external. Routes learned
through other domain are external, routes to another area in OSPF domain are inter-area, and routes
inside an area are intra-area. The default distance for each type of route is 110. In order to change any of
the OSPF distance values, use the following commands.
Command
distance ospf {external distance 1 | inter-area distance 2 |
intra-area distance 2}
Mode
Function
Router
Changes OSPF distance value.
8.2.16 Blocking Information Transmit
Interface configured as passive in OSPF network is operated like stub network. Therefore, it is
impossible to transmit and receive OSPF routing information in passive interface. In order to block
routing information in interface, use the following command.
Command
Mode
passive-interface interface-name
Router
Function
Configures not to transmit routing information in specified interface.
8.2.17 Blocking Renewed Information
To block OSPF routing information to other routers, you should configure to block renewed routing
information. Please note that this function can be configured only for external routes. In order to block
renewed routing information, use the following command.
Command
distribute-list
name
Mode
out
{bgp
connected | kernel | rip | static}
Router
Function
Distributes or blocks renewed routing information according
to policy configured in Access list.
8.2.18 OSPF Monitoring and Management
You can view all kinds of statistics and database recorded in IP routing table.
Dasan Networks, Inc
These information can be used to enhance system utility and solve problem in case of trouble. You can
check network connection and routes that data went through when transmitting data also. In order to
view routing statistics, use the following commands.
Command
Mode
Function
show ip ospf
Shows overall information about OSPF routing operation.
show ip ospf database option
Shows information about OSPF database.

Shows OSPF routing information to ABR(Area Border Router)
show ip ospf border-routers
and ASBR(Autonomous System Boundary Router).
Top/
show ip ospf route
Global
show ip ospf interface

interface-name
Shows routing information recorded in OSPF routing table.

Shows OSPF interface information.
show ip ospf neighbor
Shows information of neighbor router communicated with OSPF
[neighbor id | interface-name]
router.
When network trouble is occurred, you can find what the cause is by using debugging command. In
order to view OSPF information, use the following commands.
Command
Mode
debug ospf packet {hello | dd | ls-ack |
Function
Shows information of each packet. The information includes
ls-request | ls-update | all}
OSPF packet and the data.
[send | recv [detail]]
Shows information about OSPF operation such as OSPF

debug ospf event
neighbor
router,
transmitted
information,
deciding
destination router, calculating the shortest route, and so on.

debug ospf ism
[events |
status | timers]
Shows information transmitted in OSPF internal area and

Global
the shortest route.
debug ospf lsa
Shows information transmitted by OSPF and calculating the
[flooding | generate | refresh]
shortest route.
debug ospf nsm

[events |
status | timers]
Shows information about OSPF neighbor router.
debug ospf nssa
Shows OSPF NSSA information.
show debugging ospf
Shows debugging message about OSPF.
Dasan Networks, Inc
8.3 RIP Protocol

RIP(Routing Information Protocol) is a relatively old, but still commonly used, IGP(Interior Gateway
Protocol) created for use in small, homogeneous networks. It is a classical distance-vector routing
protocol with using hop count. RIP is documented in RFC 1058.
RIP uses broadcast UDP(User Datagram Protocol) data packets to exchange routing information. The
DASAN OS software sends routing information updates every 30 seconds. This process is termed
advertised. If a router does not receive an update from another router for 180 seconds or more, it marks
the routes served by the nonupdating router as being unusable. If there is still no update after 120
seconds, the router removes all routing table entries for the nonupdating router.
The metric that RIP uses to rate the value of different routes is hop count. The hop count is the number of
routers that can be traversed in a route. A directly connected network has a metric of zero; an
unreachable network has a metric of 16. This small range of metrics makes RIP an unsuitable routing
protocol for large networks.
A router that is running RIP can receive a default network via an update from another router that is
running RIP, or the router can source (generate) the default network itself with RIP. In both cases, the
default network is advertised through RIP to other RIP neighbors.
RIP sends updates to the interfaces in the specified networks. If an interfaces network is not specified, it
will not be advertised in any RIP update. The system supports RIP version 1and 2.
8.3.1 Enabling RIP
To use RIP protocol, you should enable RIP.
Step 1 Enter into Router configuration mode by using the following command.
Command
router rip
Dasan Networks, Inc
Mode
Global
Function
Enters into Router configuration mode and operates RIP
routing protocol.
Step 2 Configure network to operate as RIP.
Command
Mode
network {ip-address | interface-name}
Router
Function
Configures network to operate as RIP.
The command network ip-address enables RIP interfaces between certain numbers of a special
network address. For example, if the network for 10.0.0.0/24 is RIP enabled, this would result in all the
addresses from 10.0.0.0 to 10.0.0.255 being enabled for RIP. RIP packet is transmitted to port specified
with the command, network interface-name.
Configuring RIP Neighbor Router
Configuring RIP Version
Creating Static Route available only for RIP
Transmitting Routing Information
Configuring Metrics for Redistributed Routers
Configuring Administrative Distance
Configuring Default Route
Routing Information Filtering
Configuring Time
Activating and Deactivating Split-horizon
Managing Authentication Key
Monitoring and Managing RIP
8.3.2 Configuring RIP Neighbor Router
Since RIP is broadcast protocol, routers should be connected to transmit routing information of RIP to
non-broadcast network. In order to configure neighbor router to transmit RIP information, use the
following command.
Command
Mode
neighbor ip-address
Router
Function
Configure neighbor router to transmit routing information.
You can block routing information to specific interface by using passive-interface command.
Dasan Networks, Inc
8.3.3 Configuring RIP Version
Dasan Networks routers basically support RIP version 1 and 2. However, you can configure to receive
only version 1 type packet or only version 2 type packet. In order to configure RIP version, use the
following command.
Command
version {1 | 2}
Mode
Function
Router
Configures version to transmit one of RIP 1 type packet and RIP 2 type packet.
The preceding task controls default RIP version settings. You can override the routers RIP version by
configuring a particular interface to behave differently. To control which RIP version an interface sends,
perform one of the following tasks after entering into RIP interface configuration mode.
Command
Mode
ip rip send version 1

ip rip send version 2
Function
Transmits only RIP version 1 type packet in the interface.
Interface
ip rip send version 1 2
Transmits RIP version 2 type packet on the interface.

Transmits RIP version 1 and 2 type packets.
Similarly, to control how packets received from an interface are processed, perform one of the following
tasks.
Command
Mode
ip rip receive version 1

ip rip receive version 2
ip rip receive version 1 2
Function
Receives only RIP version 1 type packet in the interface.
Interface
Receives only RIP version 2 type packet on the interface.

Receives RIP version 1 and 2 type packets.
8.3.4 Creating Static Route available only for RIP
This feature is provided only by Dasan Networks, Inc. route command creates static route available
only for RIP.
Dasan Networks, Inc
If you are not familiar with RIP protocol, you would better use redistribute static command.
Command
Mode
route ip-address/m
Router
Function
Creates static route available only for RIP.
8.3.5 Transmitting Routing Information
V5324 switch can redistribute routing information from a source route entry into the RIP tables. For
example, you can instruct the router to re-advertise connected, kernel, or static routes as well as routing
protocol-derived routes. This capability applies to all the IP-based routing protocols.
In order to redistribute routing information from a source route entry into the RIP table, use the
following command.
Command
redistribute {connected | kernel | static | ospf |
bgp} [metric value | route-map tag]
Mode
Router
Function
Registers transmitted routing information in
another routers RIP table.
You may also conditionally control the redistribution of routes between the two domains using route
map command. In order to define a route map for redistribution, use the following command.
Command
route-map tag {deny | permit} sequence-number
Mode
Function
Global
Creates route map.
One or more match and set commands typically follow a route-map command. If there are no match
commands, then everything matches. If there are no set commands, nothing is done. Therefore, you
need at least one match or set command.
Dasan Networks, Inc
To define conditions for redistributing routes from a source route entry into the RIP tables, perform at
least one of the following tasks in route-map configuration node.
Command
Mode
match interface interface-name

match
ip
address
Function
Transmits information to only specified interface.
{access-list-name|
Transmits information matched with access-list or prefix-list.
prefix-list ip-address-name}
match ip next-hop {access-list-name | Route
Transmits information to only neighbor router in access-list or
prefix-list ip-address-name}
prefix-list.
-map
match metric metric-value
Transmits information matched with specified metric.
set ip next-hop ip-address
Configures Neighbor router address.
set metric value
Configures metric value.
8.3.6 Configuring Metrics for Redistributed Routes
The metrics of one routing protocol do not necessarily translate into the metrics of another. For example,
the RIP metric is a hop count and the OSPF metric is a combination of five quantities. In such situations,
an artificial metric is assigned to the redistributed route. Because of this unavoidable tampering with
dynamic information, carelessly exchanging routing information between different routing protocols
can create routing loops, which can seriously degrade network operation.
In order to set metrics for redistributed routes, use the following command.
Command
default-metric value
Mode
Router
Function
Configures same metric for all route transmitted by routing protocol.
Information
The metric of all protocol can be configured from 0 to 4294967295. It can be configured from 1 to 16 for RIP.
Dasan Networks, Inc
8.3.7 Configuring Administrative Distance
Distance value represents confidence of routing information created by router. In large scaled network,
some routing protocols or routing information may be more confident than other protocols or routers.
Therefore, although a router has many routing protocols, the most confident route can receive routing
information. When user configures distance value, router can find where routing information is created.
Router always selects route created by routing protocol of the smallest distance value . Each network
has its own features. So, there is no general rule for distance configuration. You should consider overall
network to configure distance value.
In order to configure distance value, use the following command.
Command
Mode
distance value [ip-address/M [access-list-name]]
Router
Function
Configures distance value.
8.3.8 Creating Default Route
You can force an autonomous system boundary router to generate a default route into an RIP routing
domain. Whenever you specifically configure redistribution of routes into an RIP routing domain, the
router automatically becomes an autonomous system boundary router. However, an autonomous
system boundary router does not, by default, generate a default route into the RIP routing domain.
In order to force the autonomous system boundary router to generate a default route, use the following
command.
Command
Mode
default-information originate
Router
Function
Forces the autonomous system boundary router to generate a default
route into the RIP routing domain.
Dasan Networks, Inc
8.3.9 Routing Information Filtering
You can filter routing protocol information by performing the following tasks.
Suppress sending of routing updates on a particular router interface. This is done to prevent other
systems on an interface from learning about routes dynamically.
Apply an offset to routing metrics. This is done to provide a local mechanism for increasing the value
of routing metrics.
(1) Blocking Outgoing Routing Information to Interface

To prevent other routers on a local network from learning about routes dynamically, you can keep
routing update messages from being sent through a router interface. This feature applies to all IP-based
routing protocols except BGP.
Command
Mode
passive-interface
Router
interface-name
Function
Blocks routing information from interface of router.
(2) Configuring Offset List

An offset list is the mechanism for increasing incoming and outgoing metrics to routes learned via RIP.
You can limit the offset list with an access list.
In order to increase the value of routing metrics, use the following command.
Command
offset-list access-list-name {in | out}
metric [interface]
Dasan Networks, Inc
Mode
Router
Function
Applies an offset to routing metrics.
8.3.10 Configuring Time
Routing protocols use several timers that determine such variables as the frequency of routing updates,
the length of time before a route becomes invalid, and other parameters. You can adjust these timers to
tune routing protocol performance to better suit your internet needs. The default settings for the timers
are as follows.
The update timer is 30 seconds. Every update timer seconds, the RIP process is awakened to send an
unsolicited response message containing the complete routing table to all neighboring RIP routers.
The timeout timer is 180 seconds. Upon expiration of the timeout, the route is no longer valid;
however, it is retained in the routing table for a short time so that neighbors can be notified that the
route has been dropped.
The garbage collect timer is 120 seconds. Upon expiration of the garbage-collection timer, the route is
finally removed from the routing table.
In order to adjust the timers, use the following command.
Command
timers basic update timeout garbage
Mode
Router
Function
Adjusts routing protocol timers.
8.3.11 Activating and Deactivating Split-horizon
Normally, routers that are connected to broadcast-type IP networks and that use distance-vector routing
protocols employ the split horizon mechanism to reduce the possibility of routing loops. Split horizon
blocks information about routes from being advertised by a router out any interface from which that
information originated. This behavior usually optimizes communications among multiple routers,
particularly when links are broken. However, with nonbroadcast networks, such as Frame Relay,
situations can arise for which this behavior is less than ideal. For these situations, you might want to
disable split horizon.
If an interface is configured with secondary IP addresses and split horizon is enabled, updates might
not be sourced by every secondary address. One routing update is sourced per network number unless
split horizon is disabled.
Dasan Networks, Inc
In order to activate or deactivate or disable split horizon, perform the following tasks in interface
configuration mode.
Command
ip split-horizon
Mode
Function
Interface
no ip split-horizon
Activates Split horizon.

Deactivates Split horizon.
8.3.12 Managing Authentication Key
RIP Version 1 does not support authentication. If you are sending and receiving RIP Version 2 packets,
you can enable RIP authentication on an interface.
The key chain determines the set of keys that can be used on the interface. If a key chain is not
configured, plain text authentication can be performed using string command.
We support two modes of authentication on an interface for which RIP authentication is enabled: plain
text authentication and MD5 authentication. The default authentication in every RIP Version 2 packet is
plain text authentication.
Note
Do not use plain text authentication in RIP packets for security purposes, because the unencrypted
authentication key is sent in every RIP Version 2 packet. Use plain text authentication when security is not
an issue, for example, to ensure that misconfigured hosts do not participate in routing.
In order to configure RIP authentication, use the following commands.
Command
Mode
ip rip authentication key-chain name
Function
Activates RIP authentication.
Configures
ip rip authentication mode {text | md5}
Interface
the
interface
to
use
MD5
digest
authentication or let it default to simple password

authentication.
ip rip authentication string string
Dasan Networks, Inc
Configures the interface with plain text authentication.

The string must be shorter than 16 characters.
8.3.13 Monitoring and Managing RIP
You can display specific router statistics such as the contents of IP routing tables, and databases.
Information provided can be used to determine resource utilization and solve network problems. You
can also discover the routing path your routers packets are taking through the network.
In order to display various router statistics, use the following commands.
Command
Mode
show ip rip
Function
Shows RIP information being used in router.
show ip route rip
Top/Global
show ip protocols
Shows routing table information concerned with RIP.

Shows current status of using RIP protocol and the information.
To quickly diagnose problems, the command, debugging is meaningful and useful to customers. Use
the following commands to display information on RIP routing transactions.
Command
Mode
Shows RIP event such as packet transmit and sending and
debug rip events
debug rip packet [recv | send]

debug rip packet [recv | send] detail
show debugging rip
Function
changed RIP information.

Global
Shows more detail information about RIP packet. The

information includes address of packet transmission and
port number.
Shows all information configured for RIP debugging.
Dasan Networks, Inc
Appendix A. Downloading System Image File
All users can choose image file among various versions of system images through Dasan Networks, Inc
homepage.
This chapter explains how to install system image on users device after downloading new system
image on users PC being configured TFTP/FTP server.
This section contains the below functions.
Downloading System Image from TFTP Server
Downloading System Image File from FTP Server
1. Downloading System Image from TFTP Server

Trivial File Transfer Protocol (TFTP) allows you to download system image files over the network from
a TFTP server.
To successfully upgrade the system software, you should observe the following general steps. The
sections that follow describe these steps in detail.
Step 1 Install a TFTP server program on your PC.
Step 2 Copy a new image from the FTP server into the TFTP server directory.
Step 3 Assign an IP address for the boot mode on the switch to make connections to the TFTP server.
Step 4 Check the network connectivity from the TFTP server to the switch using the ping command.
Step 5 Copy the new image from the TFTP server into the Flash memory on the switch.
1.1 Copying New Image at TFTP Server
Dasan Networks, Inc provides system image to users through web. It is possible for users to download
system image to TFTP server through web.
In order to download system image through web, you need to perform the following steps.
Step 1 Connect to Dasan Networks, Inc homepage. The address is http://www.dasannetworks.com.
Step 2
At the main page, see Support section and click Image Upgrade to enter into it.
314 Downloading System Image File
Dasan Networks, Inc
Step 3
Find product model you need to download and click it. When you see the message to ask if
you want to save the file, then press Save. In this case, you need to specify place where the
file will be save as TFTP server of users PC.
Dasan Networks, Inc
Downloading System Image File - 315
1.2 Connecting to TFTP Server
After downloading the system image file on TFPT server of users PC, establish a network connection
from your PC (which is now configured as a TFTP server) to your switch. The following steps guide
you to connect to TFTP server.
Step 1 Connect user PC to switch console port by using RJ-45-to-DB-9 cable. In this case, both TFTP
server and console terminal program should be configured on users PC.
Step 2 Configure the console terminal as 9600 baud rates, 8 date bits, one stop bit , flow-control none
and no parity.
Step 3 Connect LAN card of users PC to switch by using UTP cable. In case of configuring system
image, use Ethernet port next to console port.
1.3 Installing System Image File in Switch
User can download system image file on Boot mode and Top mode. The following two ways are
guidelines how to downloads system image file to switch from TFTP server.
(1) Downloading a System Image on Boot Mode

Step 1 Turn the power switch on and press the during the booting procedure. The system displays the
Boot> prompt, as follows. After connecting users PC installed console terminal program to
switch, turn the power on to start booting. When If you want to go to boot mode, press <s>
key.. is displayed, press s key to enter into Boot mode as follow.
***********************************************************
*
DASAN Co., Ltd.
*
*
*
***********************************************************
Boot>
Dasan Networks, Inc
Step 2 Assign IP address in Boot mode in order to connect to TFTP server. The command to assign IP
address in Boot
mode is ip address The following is an example of assigning IP address as
192.16.218.10. This IP address is only valuable in Boot mode.
Boot> ip 192.16.218.10
Boot>
Note
Please make sure that users device is on the same LAN with PC for TFTP server or device before
connecting to TFTP server.
Step 3
Reboot the system by using the command, reboot after assigning IP address. And go back to
Step 1 in order to enter into Boot mode.
Boot> save
Boot> reboot
***********************************************************
*
DASAN Co., Ltd.
*
*
***********************************************************
Boot>
Step 4 Press the s key on the keyboard during the reboot time to be in boot mode.
Confirm the
assigned IP address is correct. In order to view the IP address, input the command, show.
Boot> show
IP
= 192.168.1.10
EtherAddr 0 = 00:d0:cb:0a:30:23
Boot>
Step 5 Downloads system image file on Boot mode. In order to do it, use the following command.
Command
load prog ip-address file-name
Dasan Networks, Inc
Mode
Boot
Function
Downloads system image from TFTP server.
The following is an example of downloading file named V5124.9.07.x from TFTP server, 192.168.1.218.
Boot> load prog 192.168.1.218 V5124.9.07.x

Loading V5124.9.07.x from 192.168.1.218...
Download completed: 5791488 (0x564e88) Bytes.
Update flash: Are you sure (Y/n)? y
The above message will be seen. Input y if you need to upgrade system image by deleting the old
version.
Erasing
: 0x00020000 - 0x0001FFFF
Erasing
: 0x00040000 - 0x0003FFFF
(omitted)
Programming : 0x00000000 - 0x0001FFFF
Programming : 0x00020000 - 0x0003FFFF
(omitted)
Verifying
: 0x00000000 - 0x0001FFFF
Verifying
: 0x00020000 - 0x0003FFFF
(omitted)
Copy the image to the 0x00800000 address...
Boot>
Step 6 Input the command, exit to exit Boot
mode. Then the system is supposed to be rebooted
and the login prompt of system will be seen. At this time, you can make sure that the system
image file is successfully installed as you want by displaying message. The following is an
example of downloading OS V9.07.
Boot> reboot
Loading...
Load Address:
0x00800000
Image Size:
0x0051e82c
Start Address:
0x00800000
(omitted)
SWITCH login:
Dasan Networks, Inc
Note
The above message is seen in case of downloading OS 9.07. It may vary according to product model,
system image file name and IP address.
(2) Downloading System Image on Top Mode
Step 1 After connecting PC of console terminal to switch, turn on the switch to boot. When you do not
enter into Boot mode and boot the switch, the login prompt will be displayed as follow.
***********************************************************
*
DASAN Networks Inc.
***********************************************************
Loading...
Load Address:
0x00800000
Image Size:
0x0051e82c
Start Address:
0x00800000
Memory:
57440k
available
(1124k
kernel
code,
2372k
data,
40k
init)
[c0000000,c4000000]
Total Memory Size
: 64 MB
: PASS
: PASS

Chip BIST Check
: PASS
: PASS

Extracting configuration
Wed Dec 18 13:31:27 UTC 2002
SWITCH startup completed.
INIT: Entering runlevel: 3
SWITCH login:
Dasan Networks, Inc
Step 2 Enter root at the login prompt, when the system displays the login prompt. Enter vertex25
for the admin password at the password prompt. The password is predefined at the factory
configuration. When you input the correct password, you are entered in Top mode with
SWITCH# prompt as shown in the following example.
SWITCH login: root

Password:vertex25
SWITCH#
Note
The password you enter will not be seen in the screen. Please be careful not to make mistake.
Step 3 To enter to the Interface Configuration mode with SWITCH(config-if)# prompt where you can
configure IP address, you enter configure terminal command on the top mode and enter
interface interface-name command in Global Configuration mode with SWITCH(config)#.

SWITCH(config-if)#
Note
Before connecting to TFTP server, you have to make sure that users equipment is on same LAN with TFTP
server PC or equipment.
Step 4 Assign IP address to V5324 Switch by entering ip address ip-address command in Interface
configuration mode.

SWITCH(config-if)#
Step 5 If you want to make sure that you correctly configure ip address to V5324 Switch, enter show
ip command in Interface Configuration mode.
Address: 192.168.1.10 Netmask: 255.255.255.0 Broadcast: 192.168.1.255
SWITCH(config-if)#
Dasan Networks, Inc
Step 6 In order to make sure that users switch is connected to TFTP server PC on same LAN, you
need to take ping test on PC.
C:\>ping 192.168.1.218
Pinging 192.168.1.218 with 32 bytes of data:
Reply from 192.168.1.218: bytes=32 time<10ms TTL=255
Ping statistics for 192.168.1.218:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =
0ms, Average =
0ms
C:\>
Step 7 Enter name of the TFTP server with tftp command at the system prompt to connect to users
tftp server. You can also enter the IP address of the TFTP server.
SWITCH# tftp 192.162.1.218

tftp>
Step 8 Type the bin command to transfer the file in binary form.
tftp> bin
tftp>
Note
If you download the system image file in ascii mode, it may cause an error during booting or block
booting. So, when you download a system image file, you need to make sure that the file form is set to
binary mode.
Step 9 Download system image file with using the command, get file-name /dev/boot. The following
is an example of downloading file named V5124.9.07.x .
tftp> get V5124.9.07.x /dev/boot
Dasan Networks, Inc
Note
/dev/boot indicates the location of the flash memory to save system image file. You must assign a location
when you save it in device.
Step 10 Input the command, quit at tftp> prompt to exit from TFTP server.
tftp> quit
SWITCH#
2. Downloading System Image File from FTP Server

FTP (File Transfer Protocol) is a client / server TCP protocol that allows a user to transfer files to and
from a remote network site. An FTP site is a computer that is running FTP server software. An FTP
client is the user application that provides access to FTP servers. Before you begin downloading a
system file using FTP, be sure that the switch is connected to the network cable to access the FTP site. To
copy a system image file using FTP from a UNIX server to your switch, follow the below instructions.
Step 1 Install the FTP server program on users PC and copy the new system image file to the users
PC from FTP server. ( Refer to : 3.1.2 Downloading System Image into TFTP Server)
Step 2 Turn on the switch to boot and log in to the system. ( Refer to : Step 1, 2 in (3) Downloading
System Image on Top Mode)
Step 3 Connect LAN card of users PC to switch with UTP cable.
Step 4 Enter into Interface configuration mode to assign IP address to switch. You can enter into
Interface configuration mode by inputting Interface ifname on Global configuration mode after
entering into Global configuration mode with SWITCH(config)# by inputting configure
terminal on Top mode.

SWITCH(config-if)#
Dasan Networks, Inc
Step 5 Input ip address ip-address/subnet-mask to assign IP address to switch.

SWITCH(config-if)#
Step 6 In order to confirm assigned IP address, type show ip. It displays IP address as below.
Address: 192.168.1.10
Netmask: 255.255.255.0
Broadcast: 192.168.1.255
SWITCH(config-if)#
Step 7 In order to make sure that users switch is connected to TFTP server PC on same LAN, you
need to take ping test on PC.
C:\>ping 192.168.1.218
Pinging 192.168.1.218 with 32 bytes of data:
Ping statistics for 192.168.1.218:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =
0ms, Average =
0ms
C:\>
Step 8 Enter name of the FTP server or IP address with ftp command at the system prompt to connect
to users ftp server.
SWITCH# ftp 192.168.1.218

Connected to 192.168.1.218.
220 pchyun Microsoft FTP Service (Version 5.0).
Name (192.168.1.218:root):
Step 9 Type anonymous at Name, then the password prompt will be displayed.
Name (192.168.1.218:root): anonymous

331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
Dasan Networks, Inc
Step 10 Input users e-mail address at password prompt. When you log in successfully, ftp> prompt
will be displayed.
Password: E-mail address

230 Anonymous user logged in.
Remote system type is Windows_NT.
ftp>
Note
The password you enter will not be seen in the screen. Please be careful not to make mistake.
Step 11
In order to view the directory in FTP server, input the command, ls or dir. Then the directory
or file name in FTP server will be shown as follow.
ftp> dir
200 PORT command successful.
150 File status OK ; about to open data connection
0
Nov 27 10:39 .
drwxrwxrwx 1 owner group
Nov 27 10:39 ..
-rwxrwxrwx 1 owner group
3836
57344
Nov 27 10:38 tftpd32.exe
32891
Nov 27 10:38 TFTPD32.HLP
251
Nov 27 10:38 file_id.diz
5367868
Nov 27 10:43 V5124.9.07.x
3278012
Dec 10 17:02 V1008.2.97k2.x
51867
drwxrwxrwx 1 owner group
Nov 27 10:38 VENDINFO.DIZ
Dec 11 16:55 tftpd32.zip
226 Closing data connection

ftp>
Note
The command dir shows list of files in users FTP server. So the above contents may be different with the
content in users console terminal.
Step 12 Type bin command to transfer the file in binary form.
ftp> bin
200 Type set to I.
ftp>
Dasan Networks, Inc
Step 13 Input the command, hash to view the progress while downloading.
ftp> hash
Hash mark printing on (1024 bytes/hash mark).
ftp>
Step 14 Download system image file user needs
with using the command get file-name /dev/boot.
The following is an example of downloading OS 9.07.

ftp> get V5124.9.07.x /dev/boot
local: /dev/boot remote: V5124.9.07.x
200 PORT command successful.
150 File status OK ; about to open data connection
#########################################################################
#########################################################################
#########################################################################
###############################
226 Closing data connection; File transfer successful.
5791488 bytes received in 22 secs (3204 bytes/sec)
ftp>
Note
/dev/boot indicates the location of the flash memory where system image file is saved. You must assign a
location when you save it in device.
Step 15 Input the command, quit at ftp> prompt to exit from FTP server.
ftp> quit
SWITCH#
Dasan Networks, Inc
DASAN Networks, Inc.

6th floor KOSMO TOWER 1002
Kangnam-Gu Daechi-Dong
SEOUL KOREA
TEL) 02-3484-6500
FAX) 3484-6501
http://www.dasannetworks.com
( A/S Center : tqc@da-san.com)

V5324 9 (1) .07 CG en

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

V5324 9 (1) .07 CG en

Hochgeladen von

Copyright:

Verfügbare Formate

V5324 Switch

About this guide

All contents in this guide is protected under the copyright Laws.

Copyright 2003 DASAN Networks, Inc.

Dasan Networks, Inc. in 2003

This guide is organized with the following chapters.

Chapter I Product Instruction : Introduces functions of V5324 switch.

Notation of Console Terminal

Commands you should use as is.

Variables for which you supply values.

Commands or variables that appear within square brackets [ ] are optional.

Range of number that you can use.

A choice of required keywords appears in braces {

}. You must select one.

Vertical bars separate optional variables |.

Table 2 Command Notation of Guide Book

Commands you should use as is.

Commands or variables that appear within square brackets [ ] are optional.

Range of number that you can use.

A choice of required keywords appears in braces {

Vertical bars separate optional variables |.

}. You must select one.

Chapter II Using CLI .......................................................................................... 7

Chapter III System Connection and IP Address................................................. 18

3.2 Configuring SSH Server .................................................................................. 30

3.4.5 Configuring TACACS+........................................................................... 45

3.4.6 Recording Users Configuration ............................................................. 49

Chapter IV Port Basic Configuration................................................................. 55

4.1.7 Viewing Port Statistics ........................................................................... 63

Chapter V System Environment ....................................................................... 68

5.3.15 Checking Installed OS.......................................................................... 92

Chapter VI Network Management .................................................................... 93

6.1.4 Confirming SNMP Configuration .......................................................... 100

6.2.2 Configuring RMON Alarm .................................................................... 107

6.2.3 Configuring RMON Event ..................................................................... 115

6.3 Syslog .......................................................................................................... 119

6.5 MAC Filtering ............................................................................................... 139

Chapter VII System Main Function ................................................................. 157

7.1 VLAN ........................................................................................................... 158

7.2 Port Trunking............................................................................................... 166

7.4.3 STP and RSTP Configuration ................................................................ 187

7.4.4 Configuring BPDU(Bridge Protocol Data Unit) Transmission ................. 190

7.4.5 Self Loop Detection ............................................................................. 192

7.7 Flood-Guard ................................................................................................ 198

7.10.5 Configuring RP Information ............................................................... 218

7.10.6 Configuring Assert Message Information ........................................... 222

7.10.7 Whole-packet-checksum................................................................... 225

(4) Configuring Assert Message Information ...................................................... 233

7.10.12 Viewing PIM-SM Information ........................................................... 234

7.11 VRRP (Virtual Router Redundancy Protocol) ................................................ 235

7.11.2 Configuring Authentication Password ................................................ 240

7.14.2 Configuring DHCP Relay Agent .......................................................... 262

7.14.5 Confirming DHCP Configuration ........................................................ 265

Chapter VIII IP Routing Protocol..................................................................... 269

8.1.2 Advanced Configuration ...................................................................... 280

(19) Deciding AS Route based on MED from ASs ................................................ 289

8.2 OSPF Protocol............................................................................................... 293

(2) Configuring Offset List ................................................................................. 309

8.3.10 Configuring Time .............................................................................. 310

Appendix A. Downloading System Image File ................................................ 313

2. Downloading System Image File from FTP Server............................................ 322

Chapter I Product Introduction

This chapter introduces features of V5324 switch.